// https://syzkaller.appspot.com/bug?id=48657bf50b05ace29c310fc9c45915d7e4a7b4b0 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ ({ \ int ok = 1; \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } else \ ok = 0; \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ ok; \ }) static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define sys_memfd_create 319 static unsigned long fs_image_segment_check(unsigned long size, unsigned long nsegs, struct fs_image_segment* segs) { if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (size_t i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; return size; } static int setup_loop_device(long unsigned size, long unsigned nsegs, struct fs_image_segment* segs, const char* loopname, int* memfd_p, int* loopfd_p) { int err = 0, loopfd = -1; size = fs_image_segment_check(size, nsegs, segs); int memfd = syscall(sys_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (size_t i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } *memfd_p = memfd; *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg) { struct fs_image_segment* segs = (struct fs_image_segment*)segments; int res = -1, err = 0, loopfd = -1, memfd = -1, need_loop_device = !!segs; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(size, nsegs, segs, loopname, &memfd, &loopfd) == -1) return -1; source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; } error_clear_loop: if (need_loop_device) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); close(memfd); } errno = err; return res; } static void setup_sysctl() { static struct { const char* name; const char* data; } files[] = { {"/sys/kernel/debug/x86/nmi_longest_ns", "10000000000"}, {"/proc/sys/kernel/hung_task_check_interval_secs", "20"}, {"/proc/sys/net/core/bpf_jit_enable", "1"}, {"/proc/sys/net/core/bpf_jit_kallsyms", "1"}, {"/proc/sys/net/core/bpf_jit_harden", "0"}, {"/proc/sys/kernel/kptr_restrict", "0"}, {"/proc/sys/kernel/softlockup_all_cpu_backtrace", "1"}, {"/proc/sys/fs/mount-max", "100"}, {"/proc/sys/vm/oom_dump_tasks", "0"}, {"/proc/sys/debug/exception-trace", "0"}, {"/proc/sys/kernel/printk", "7 4 1 3"}, {"/proc/sys/net/ipv4/ping_group_range", "0 65535"}, {"/proc/sys/kernel/keys/gc_delay", "1"}, {"/proc/sys/vm/nr_overcommit_hugepages", "4"}, {"/proc/sys/vm/oom_kill_allocating_task", "1"}, }; for (size_t i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].name, files[i].data)) printf("write to %s failed: %s\n", files[i].name, strerror(errno)); } } uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); setup_sysctl(); install_segv_handler(); use_temporary_dir(); intptr_t res = 0; NONFAILING(*(uint32_t*)0x20000380 = -1); NONFAILING(memcpy( (void*)0x20000388, "\xb1\x35\x47\x0b\x7a\xd3\x95\xaa\xde\xdb\x17\x43\xa2\x12\x92\xcf\xe9\xd6" "\x56\x31\xe4\xc2\xbe\xbe\xd4\xd4\xb5\x52\x28\x57\x17\xe7\x11\xcb\x87\x3f" "\x6d\x6c\x41\x69\x63\x8d\x51\xe6\x3c\xfd\x5f\xb9\xf9\x5f\x0c\xdb\xd3\xfc" "\x3c\xca\xcf\xbc\x47\x1e\x19\xaa\x03\xb8\xb3\xeb\x51\x73\x2e\x95\x9a\x35" "\x3b\x49\x8e\x96\x2f\xa4\xa2\xb4\x19\xa5\xd9\x9f\xad\x90\x86\xd5\xd7\xf7" "\xe2\xd0\x95\x1d\x39\x59\x41\xed\x61\x13\x25\x2f\xd4\x15\xcd\x2f\x41\xb2" "\xa1\x36\xab\x2e\xcb\xce\x91\x2e\x67\x61\x6d\x9b\xc0\x02\x1b\x9f\x8a\x80" "\x30\xe9\x04\x2e\xa3\xa5\x9e\x1e\xc8\xa8\xe7\x87\x87\x79\x19\x28\x9d\x8a" "\x48\xe3\xd2\x41\x20\x8b\xaf\x43\x07\xe8\x2e\x2f\xd8\x23\x70\x69\xc4\x84" "\x48\xcd\x06\x2e\x20\x09\x00\xe7\xf7\x18\xa3\x23\xe8\x64\x50\xd7\x97\x20" "\x11\x64\xc3\x30\xcd\x07\x35\xa7\x08\x59\x77\x4f\x8f\x9c\x15\xdd\x34\xee" "\x85\xb7\x2d\xd5\xd3\x6d\xe5\xca\x92\x0a\x67\xa1\x53\x5b\x22\xd5\xe9\x6c" "\x50\x77\x1d\x68\x10\xa4\x74\xf9\xd5\xea\x5e\x1d\x15\xd6\xec\x84\x6a\x39" "\xe3\xd8\x39\x2b\x06\x9c\x7e\x0a\xf7\x44\x0d\xcf\xa8\x99\x17\xd9\x9d\x35" "\x66\xc5\x82\xc6\xae\x2e\xa3\x50\x25\xbe\x64\xed\xd5\x8a\xa3\xe1\x38\xf4" "\x2e\xa7\x2d\x0d\xee\xb0\xb0\xa9\xb2\xf0\xd1\x06\x88\x31\x2c\x71\x5c\x44" "\x5a\x66\xb8\xd6\xbf\x45\x2a\x46\x78\x1e\xfc\x41\x05\xcb\xc2\x9e\x47\xfc" "\x9c\x04\xde\x91\x77\xac\xe1\x23\x1e\xdd\x30\x30\x64\x8b\x1f\x07\xe4\x6b" "\xc7\xce\xb9\x0a\xae\x12\xc6\xfb\x88\x6a\x75\x73\xff\x31\x4a\xbd\xa8\xf4" "\x80\x0c\xaf\x53\xd3\x23\x9b\x32\x9c\x23\x74\xb9\x17\x39\xe2\x33\x5c\xed" "\x90\xb2\x09\xdf\x0b\x69\x9e\xb0\xbc\x85\xd7\x50\x6d\x27\x06\x03\xe7\xe2" "\x21\xf6\x02\xbf\xd9\x08\xd4\xc8\x10\x82\x2f\x93\xc6\xd1\xbe\xc8\x57\x1f" "\x7f\xc5\xfa\x0f\xbe\x1e\xd6\xd7\x8b\x8c\xb4\x1b\x7e\x58\xf2\x5f\x01\x00" "\xdd\x19\xe4\x6e\x0c\x26\xed\x39\x2d\x47\xaa\x21\xe5\xa1\x97\x47\xcd\x9f" "\x05\xdc\xbd\xec\x17\x30\x0c\xe8\x09\xf7\x93\x72\x0e\x95\x15\xe4\x94\x93" "\xfa\xf6\x81\x9f\x67\x7a\xc1\x7b\x26\x67\x5b\xed\x3b\x2d\xee\xe5\x8f\xd3" "\x71\xbf\xda\x08\x81\x78\xeb\x14\xc8\x49\x7b\xc2\xe7\x37\x5c\xe9\x60\xcf" "\xb1\x74\x3d\x06\xee\x94\xaf\x0e\x90\x33\xb1\x49\x20\xea\x8a\x22\x61\x2b" "\xbb\x25\xa2\xf0\x2d\x9f\xd0\xb1\x26\x89\xf7\x4e\x39\x9d\x82\x16\x13\x62" "\x70\xf3\x75\x0a\xf8\xbe\x43\x2a\xb0\x8f\x9d\xbe\x16\x6d\x2d\xa3\x04\x18" "\x96\x86\x55\x6d\x9f\x28\x8d\xc7\xc6\x7e\xaa\x80\x40\xf0\xc4\x6f\xa6\x55" "\x74\xbb\x66\x7c\x6a\x96\xc1\x24\xed\x26\x35\x56\xa2\x81\xf6\x79\xd5\xfb" "\x32\x48\xa3\x09\x67\x70\x1e\x68\xe2\xa1\x2e\xcc\xe8\xb9\xc6\x1d\xa0\xe2" "\x3e\xd7\x3c\x08\xf1\xfd\x0d\x00\xca\x43\x35\xef\xaf\x27\xa9\x46\x3c\xc4" "\x90\x3d\x9e\x5e\xe8\xc7\x97\x76\x36\x2e\x02\x86\xfa\xcb\xeb\xfb\xfc\xa0" "\xf2\x31\xc2\x46\x05\x32\x37\x23\x51\xb0\x7b\x44\xc5\x45\xbc\xae\x91\x69" "\x90\x39\xc9\x5e\xf3\x62\x78\xd2\x67\xe1\xa4\xe4\x7f\x6b\x5e\x96\x8d\x05" "\xe6\x70\xca\x83\x7d\xae\xfa\x10\x92\x04\x6d\x25\xc2\xf0\x64\x0c\xef\x21" "\x03\xa3\xb4\xf7\xbe\xbe\x0e\xb9\xb6\x73\x0f\x04\x3e\x8d\xf2\x7a\xbf\xd1" "\xa0\x0f\x8c\x67\xf0\xe3\x1b\xec\x45\xda\x18\x4a\xaa\x35\xa9\xb9\xc4\xe0" "\xb3\x26\xc1\x62\x57\xef\x3a\x28\x7d\xdc\x1b\xb1\xe7\x8c\xd6\x40\x5b\x91" "\x8b\x2e\xf1\x3a\x68\xc1\x8f\x08\xf1\x04\x3d\x66\xd4\xc4\xa6\xba\x78\x7d" "\x75\x10\x12\xb8\x5c\x6c\x36\xc6\xb8\x20\x78\x55\xb8\xfa\x16\x26\x18\xaa" "\x2c\x62\x13\xb2\x3e\x46\x13\x16\x03\x21\x88\xbe\xaa\x08\xb2\xfc\xce\x4f" "\x1d\x49\x09\x79\x4c\xed\x5a\x88\x5a\x58\x07\xe4\x7d\x22\x75\x43\x43\x01" "\x11\xea\xe2\x28\x91\xbc\x0f\xf3\x83\xaf\x9c\xb0\xeb\xfa\xf8\x5e\x58\xd4" "\x14\x1a\x4f\x49\xa5\xc4\x99\x7f\x6c\xad\xa8\x57\x5f\x18\x2e\xdb\xad\xfc" "\x16\x53\x06\x29\x8c\xb1\xd9\x0f\x0a\x36\x41\x80\xd7\x94\x91\x6a\x80\x75" "\x4c\x43\x32\x63\x95\xa0\xf5\xc6\x87\xb1\xe2\x03\x38\x64\x96\xdc\x34\x97" "\xf7\xec\x6d\x43\x2e\x70\x64\x71\xf8\xc3\xe8\x92\x73\x5c\xec\xb2\xa1\xaa" "\x41\x26\xe6\x6a\x4f\xbe\x88\x0a\xfd\xfa\xc1\x98\xad\x18\x48\xa4\xd6\x33" "\x5a\x72\x8d\xaf\x16\xf9\x8e\x58\xed\x97\xda\x4c\x4c\x6b\xb2\x38\x75\x0d" "\xa9\x54\x00\x6e\xdb\x3f\xf7\x7d\xe0\x45\xcd\x3a\xf9\xed\x32\x71\x44\x37" "\x30\x8a\x54\xa0\xc6\x29\xb0\xd5\xf8\xf0\xed\x13\x61\x9f\xb6\x48\x6c\xfd" "\xe4\x5e\x82\x5d\x95\x64\xb7\x5d\x0b\x21\xf0\x2d\xbd\x3a\x41\xad\xf4\x82" "\xc1\x99\xa9\xc3\xa8\xf1\xf5\x1e\xc0\xf8\xf0\xd4\xfc\x9b\x76\xe2\x9b\x94" "\x5f\x32\x69\x16\xba\xa6\x55\xe6\x1a\x81\x68\xf2\x04\x1a\x7f\xb8\x32\xb2" "\xe0\x65\xb6\xa2\x58\xbd\xda\x41\x0d\xce\x0d\x85\xbf\x7e\x31\x75\xe6\x2e" "\x57\x25\x93\x36\x5a\xa6\x25\x4c\xdc\x29\xfa\x98\xb4\x83\xb5\x2b\xa8\x1a" "\x76\x8f\xcb\x44\xb1\x65\x66\x88\x1a\x49\x6d\xea\x2b\x78\xa4\x58\x2b\xf6" "\xbc\x2e\x16\xd9\x33\x5d\xeb\x78\xf4\x6b\xdc\xe4\x7e\x4e\x24\x29\x00\xe6" "\xf2\x08\xe3\xa4\x4e\x00\x92\xc6\xaf\x23\xa2\xce\xd8\x63\x7d\x01\x08\x5b" "\x7a\x7d\xae\x3d\xdd\xfd\x77\xc6\x4e\x5b\x26\x1e\x99\xb2\x74\x4c\x9f\x8a" "\x28\xc3\x9f\xfc\xd3\xd0\x21\xab\x0e\x23\x6a\x8c\xc9\x78\x8a\x8e\xd1\x36" "\x05\xc1\x5e\xbd\x6b\x18\xc3\x6f\x60\x29\xe0\x9f\x19\x5c\x4e\xd9\xd8\x56" "\x48\x62\xce\x2f\x4c\x1c\xc0\xf1\x40\x7f\x84\xd3\xf5\xf3\xe1\x50\x21\xaf" "\x15\xf5\x9b\x3d\x13\xbb\x7c\xfe\xb3\x55\x75\x8d\x79\x18\x23\x88\x74\xa4" "\x35\x83\x0e\x73\x98\x36\x5e\x8a\x66\xa0\xc4\x1c\x09\x5d\x78\x97\x4b\x1a" "\x39\xdb\xad\x66\xb9\x56\x27\xc0\xf4\x9c\xd1\xf4\x91\xe0\x45\x23\xe6\xbb" "\x7b\xa4\x20\x35\x0e\xfd\xa1\x5a\xaa\x74\x0b\x9c\x8b\x80\x66\x86\x98\x35" "\x0f\x6d\x54\x29\x7a\x4d\xa7\x27\x5c\x54\xb4\x4d\xfe\xd7\x45\xc6\x1e\xf4" "\x91\x96\xa4\xf1\x37\xd7\x3b\x7c\x97\xb9\xf2\x09\xa3\x6b\x95\xb9\x11\x3d" "\x77\x41\x6b\x97\xd9\xc5\xa6\x97\x4a\xcd\xbc\xcd\xa0\xad\x94\x4c\xe5\x21" "\x58\x02\x1a\x9c\x00\xab\x80\x04\xdc\xce\x05\xa0\x0a\xad\xbe\x76\xe5\x0d" "\x1a\xe3\x42\xf3\x6c\xe6\xf5\x98\xf1\x3c\xc8\x76\xdb\xf8\x18\x1d\xb2\x0c" "\x1a\xbb\xff\xae\x33\x53\x3f\x07\x22\x91\x33\x6c\xe8\x51\xf5\x91\x07\x81" "\x95\x37\xad\xaa\x28\x5b\xf9\x06\xfb\xa9\xed\xc7\xce\xce\x31\xeb\x16\xbb" "\x48\x1c\x72\x7e\x9e\x36\xfc\x87\x06\x2a\xc2\x1d\xab\x44\x67\xa2\x2b\xc1" "\x39\xfa\x12\x83\x1c\xa6\xe1\x51\xf3\x97\xef\x51\x25\x7b\x76\xab\xa1\x1b" "\x4b\xe1\x29\x89\x70\xfb\x6d\x56\x12\xbc\xcd\xb9\xfe\xf5\xba\x68\xa5\xf4" "\x9e\x72\xd6\xb5\x10\x76\x87\xab\x34\xef\xcd\xed\x7c\x9a\x26\xfb\x1c\x6e" "\x01\xfb\xbf\x1f\x2b\xdd\xbe\xea\x50\x0e\x69\x33\xcb\xc1\xd1\xac\x7b\xb9" "\x29\x6a\x6a\xbd\x34\xf0\x76\xd0\x9a\xf5\x67\x9a\x37\xbb\x09\x77\xa0\xa7" "\x08\xb0\x8b\x31\x9e\x95\xf9\x2c\xb3\x13\x72\x96\x46\x12\x1b\x77\x4b\x95" "\xe2\x6f\xc6\x79\x9e\xe2\xce\xbb\x15\xe9\xff\x80\xa8\x66\x0e\x19\x30\x7d" "\x80\x27\x8d\xfc\x04\x2e\x75\xc7\xb9\x5a\x60\xd2\x62\x5d\xa2\xfe\x46\x20" "\x05\x15\x71\x71\xdc\x71\x2c\x30\xc5\x6e\xee\xdb\xf1\x22\x94\xf7\x0c\x5c" "\xe2\xc2\x13\x6f\x32\x59\xaa\x3b\x65\x5d\xdf\xb7\xcb\xa0\x2b\x22\x0b\x29" "\xb0\x9c\x7f\x63\x24\x0a\xc9\xbd\xe5\xc2\xb1\xd1\x51\xc7\x39\xb3\x71\x67" "\x67\xdb\x2b\xda\xdb\x33\xc8\x68\x82\x6c\x7b\x8d\xd1\x27\xa8\x45\x0f\xd2" "\xc3\x08\xf3\x34\x3d\x67\xa0\x38\x6d\xbe\xc0\x54\x44\x13\xd2\x9f\xf3\x4d" "\x4f\xe2\xc3\xa3\x05\xba\x30\xe7\xd9\x2b\x7c\xe1\xd7\x44\xed\x61\x04\x8b" "\x92\x3b\x07\x24\x45\x6c\x17\x52\xb9\xb1\xb2\xae\x44\x39\xac\x76\x88\x19" "\x08\x92\x4a\x53\x43\x80\x6d\x48\x1f\x86\xa9\x1e\x8e\xac\x80\x3b\x55\xa9" "\x09\x8d\x93\x3f\x4c\x06\x6d\xef\x49\x92\x7f\x13\xa3\xc0\xc1\xe1\x99\x08" "\x69\x38\xba\x4d\x96\x78\x84\xe9\xda\x05\xad\x3d\x4a\x47\x6a\x2a\xd8\x03" "\xf9\x94\x34\x50\x56\xe6\x3d\xc4\x90\x33\x37\xf0\x99\x91\xf7\x6a\xbe\xa4" "\x7c\x9d\x65\x37\x8e\xd5\x49\xfe\x68\x01\x5f\x6c\x2b\x6c\x5c\x95\x79\x74" "\x8f\x64\x16\x68\xda\x6c\xd1\xb7\xf2\x47\x06\x8c\x6a\xbb\xf9\x15\x42\x68" "\x93\x0b\x87\x22\xee\x4a\x4c\x94\xd5\xaf\x0c\x36\x99\x14\x76\x44\xa4\x22" "\xd5\xad\x7c\x34\x7c\x03\x89\x7e\x46\x99\x50\x2d\xff\x96\x56\x70\xd1\x3a" "\x34\xa4\xaa\x6c\xb5\x35\x8e\xe6\xcf\xa4\xc8\x11\x88\x27\xb6\x9f\x89\x4d" "\x4d\x33\x1c\xd7\x5e\xe5\x64\xc3\x39\xf0\x5f\x4b\x18\x5b\x5c\xec\xd6\x3a" "\x1f\xac\x84\x5a\x10\x8a\xff\xb0\x8b\x30\x44\x7d\xf7\xc0\x3e\xa5\xf1\xb4" "\x01\x19\x8f\xc4\x2f\xe0\x28\xda\x0a\x0d\x2e\xa0\x60\x0d\x24\x75\x19\xe0" "\x1d\x4a\x4f\x5a\xc1\xe6\x3e\xe0\xd3\x36\xf1\x7f\xfc\x37\x95\xaf\xaa\xac" "\x64\x9a\xe4\x9a\xaf\x7f\x70\xa5\x68\xc5\x34\xbf\x4d\xd5\xe4\xf2\xe1\xed" "\x0d\x85\x8f\x6f\x0a\x0d\xc4\x4f\x1a\xd6\xc8\x9e\xbe\xcc\x91\x86\x2d\x19" "\x5d\x7e\xb2\xf9\xcf\x12\xc9\x1f\x79\x86\x65\xd2\x93\xc4\xda\x8d\x5a\xb3" "\x8e\x95\xb1\x2b\x1e\xc6\xac\x35\x57\x62\x81\x51\x14\x15\x4a\x50\x6b\xea" "\x3d\x93\x0f\x64\xe2\xa7\x15\x64\x47\xb5\xd5\xf0\xc0\xf6\x59\xbd\xc6\x09" "\x60\xd4\x8b\xff\xbe\xf6\x6d\x01\x2a\xa5\x67\xbc\xf5\x71\xea\xac\x15\x13" "\x11\xa0\xf5\x6f\x34\x54\x89\xb3\x51\xc0\xa9\x0a\x1c\xaa\x4d\x55\xf5\xcd" "\x91\xe7\xcb\xa2\x20\xe3\x21\xd8\x62\x8b\x20\x98\x3b\xa4\xfe\x41\x70\x09" "\x8c\xc9\x14\xc8\xfb\x54\x10\x6a\xe5\x73\x90\xf2\x1d\x0e\x32\x59\x33\xa1" "\x21\x62\x0d\x25\xbc\xe5\x68\x47\xc5\x5b\x2b\xc2\x53\x79\x98\x6a\x54\x8b" "\x60\x48\x0b\xcf\x9a\x12\x07\xed\xf1\x97\x5d\x6f\x4c\xd0\xc1\x14\x59\x55" "\x35\x82\x7a\x00\x47\x8f\x6d\xa5\xf8\x80\x3b\x84\x85\x41\xbb\xdf\xd4\xfa" "\xce\xa5\xf5\x34\x96\x83\xdb\xb8\xf1\x0e\xc9\xbc\xad\xc5\xa5\x85\xbd\x43" "\xd4\x67\x7b\xba\x74\xf0\x97\x92\x3e\xcb\xd9\x51\x2e\x34\xb6\xd2\x7f\x00" "\xe7\x45\x10\xe2\xb8\x3d\x36\xb2\x09\xd3\xd7\xdf\x92\xd4\x41\x10\xa7\xc7" "\x09\x55\xe7\xca\xf7\xc3\x52\x7b\x20\x9c\xc7\x73\xef\xe4\x5b\xcc\x39\x08" "\xfc\xab\xab\xf2\x48\x41\x40\x5b\xd5\xfe\x03\x8c\x3e\x30\x7a\xe9\xa7\x6d" "\xb9\xf5\x81\xdf\xeb\x2d\x87\xa0\x3a\x72\x65\x88\x58\x29\xda\x86\xf9\x17" "\xf5\xfa\xeb\xfc\x53\x71\x80\x63\xda\x7e\xd4\x4b\xaf\xd0\x33\xd7\xb8\x4f" "\x0a\x9b\xd1\x16\xbe\x8b\x46\xb9\xec\x03\xc6\x4c\x40\x68\x2c\xc8\x1a\x9f" "\x29\xdd\x5c\x1a\x85\x3d\xae\x03\x30\x1a\x78\xb3\xbe\x6f\x4e\x3f\xc4\x2e" "\x2c\x82\x5b\x31\x27\x9f\x8e\xc2\x00\x09\xee\xa6\x69\xb3\x97\xaf\xea\x9a" "\x5c\x63\xbc\xda\x79\x4b\xb5\xc3\xa3\xe3\xb9\xfb\x94\x89\xd0\xf5\xf2\x94" "\xb9\xf4\xf3\x66\xce\xc1\x05\x45\x9c\x7b\x95\xbd\x76\x89\x87\x52\x5f\x88" "\x3f\x70\x66\xb2\x96\x45\x16\x55\x77\x5f\xb2\x84\xff\xa7\x5f\xb8\xb1\x26" "\x3f\x9d\x89\xc9\x49\x6a\x3b\xc6\x7f\x63\x83\x6a\x0c\xed\xd4\x62\x39\x9b" "\x81\x2a\x0c\x27\xca\x80\x8c\xb1\x4a\x66\xba\x3a\xe8\xcf\x90\x0c\x64\xa9" "\x29\x20\x8e\xa4\x55\x02\x6b\x30\x97\x51\xfc\x95\x31\x9e\x6a\x2a\xf9\x21" "\x89\x46\xc2\x1b\x00\xcb\xe8\x73\x86\xed\x02\x0f\x05\x0d\xf6\xd8\xa1\x6c" "\x08\x0d\xe6\xb6\xea\xd9\xf3\x41\x64\xec\x52\x92\x20\x25\x13\xaf\xab\xa0" "\xf6\x0c\x8b\x42\x46\x46\x16\x10\x1f\xae\x67\xf7\xd6\xe6\x20\x74\x3f\x6c" "\x56\x39\xb8\x88\xdb\xef\x70\x40\x01\x7f\x01\xc6\xb2\x04\xa5\xcd\xf4\xaa" "\xca\xd0\x47\xc4\x03\xb0\x80\x4c\x3b\xab\x15\x53\x52\x82\xd3\xa8\x84\x9c" "\x6c\x37\xf7\xc8\x31\xdd\x7b\x50\xa9\x16\x13\x84\x2a\x39\xe5\x94\x6a\xe2" "\x57\x28\xf5\x73\x61\x06\xd5\x0c\x61\x2b\xab\xcd\xf1\xd3\xd2\xcf\xd7\x36" "\xd6\xdf\xef\x44\xb4\x25\xb9\x44\x0a\x3f\x89\x5d\x33\xd5\x32\x70\x69\x1d" "\x52\x8e\x4e\xa6\x08\xc1\x03\xba\x63\x68\x50\x5b\xbd\x7d\x3b\x1a\xde\xb6" "\x76\x96\xcf\xb3\xc6\x3d\x2c\x8d\x60\x00\x14\x0e\xcd\xf7\x8f\xa3\xee\xb2" "\x9d\x08\xf9\x01\xaa\xc9\x56\x8f\xb7\x5f\x02\x62\x84\xf6\x92\x02\x89\x46" "\x48\xcd\x8a\x6a\x15\xce\x6e\x8b\xb6\x01\x01\x8c\x73\xc3\x25\xf5\x17\x93" "\x0d\x3a\xd9\x90\x5d\x33\xd4\x65\x15\x89\x1b\x75\x30\x14\x51\xd7\x90\xf5" "\x46\x5b\x74\xe3\xb6\x2d\xbf\x05\x25\x8b\xf3\xbb\x70\x46\x03\xfc\x97\x8b" "\x60\x75\x14\x0e\x93\x1e\x97\x73\x11\x9d\x89\xcb\xf3\x1e\xf8\x3f\xc4\x26" "\x0f\x62\x69\x4f\xa1\xed\xdd\x53\x44\x80\xdd\xda\x78\x63\x58\x11\xdd\x90" "\xeb\xa8\x5a\xf9\xa4\x44\x26\x36\xa9\xb5\x56\xbd\x41\x87\x15\x9b\x25\x5a" "\x3e\x19\x45\xee\x8c\xc6\xc6\xcb\x88\xd1\xef\xf3\xa8\x36\x9c\xcc\x1b\xb6" "\xf7\x1b\x24\x48\x47\x82\x45\x89\xb5\x15\xc5\xbe\xc2\xd6\x2d\x2e\xbf\x1a" "\xbd\x8b\x3c\x08\x9b\x20\x16\x31\xe5\x37\x1e\xba\xac\xfd\x98\x63\x64\x8b" "\xe5\xba\x4f\x75\x0a\xcf\xa8\xc4\xb2\xbd\x61\x50\xde\x1c\xda\x11\x04\xdc" "\x58\xbc\x5d\x77\xc4\xbc\xe7\x50\xea\x31\xd8\x9a\x33\xa8\x78\x9c\xc5\x1a" "\x11\x17\x92\xab\xdd\xf3\xd0\xf2\x55\x33\x2e\xb1\xad\x43\x53\xb5\xb4\x1d" "\x9e\xf1\xbe\x8c\x01\xb3\x2e\x61\xea\xde\x41\x5c\x7f\x45\x55\xa9\x79\x8f" "\x8c\x5e\x19\x50\x14\xa4\xff\x76\x0e\x5f\x65\x18\x50\x1e\xaa\x9f\x0d\x4e" "\x2f\x35\x6c\x89\x0b\xbf\x4e\xea\x31\x82\x58\xd2\xff\x2c\x40\xe0\x10\x17" "\x3f\x37\x49\x79\xe7\x02\x1d\xd4\x3e\xbc\xca\x7b\x2f\x2e\x0e\xcf\xf5\x4c" "\x94\xa5\x56\x0e\x44\xc8\x37\xc7\xe6\x6b\x15\xff\x23\x77\xd8\xed\xef\xcb" "\x23\x46\xb8\xea\x3e\x2e\xdf\x4a\xb6\x90\xfb\x18\x1f\xac\xb0\x63\xad\xd2" "\xbe\x9d\xd1\xfd\xf0\xa9\xcc\x0a\xa8\x1e\xc5\x70\x26\xc9\x3b\x59\xd0\x8e" "\x85\xda\x7c\x86\xc1\x1b\xd4\xa1\x94\x3d\x0c\xf6\xa6\x1d\x78\x02\x2d\xa1" "\x7c\x19\x56\x6a\x0c\xdd\x64\xb1\x32\xfa\x99\xe3\x51\xd7\xe8\x4e\xaf\xdf" "\x1b\xb2\x0c\x89\x7f\x00\x28\x74\x95\x56\xd8\xed\x7b\x18\x14\x37\xdb\xf1" "\xce\x87\xe6\x8f\x6c\x21\xdd\x79\x20\xaf\xb3\xae\x37\x4f\x05\x85\xf1\x2e" "\xf9\xa8\x8d\x44\x78\x3f\x17\xa1\x2e\x0c\x0a\x86\xa4\x27\xc8\x92\xb3\x82" "\x3c\x57\xcd\x4a\xa7\xa1\x08\x2b\xf4\xbb\x74\x5d\x5e\x57\x5c\x69\x5e\x20" "\x58\x1a\xec\x77\x6b\xc5\x6f\x9b\xa3\x07\xc4\x2a\x9d\x2f\xd3\xec\x31\x54" "\x8c\x36\x5b\x12\x96\x94\x71\x90\xf8\x76\xc0\x49\xdd\xf8\x82\xf5\x08\x56" "\x65\x35\x69\xd9\x9c\xd4\xe0\x53\x35\x01\x09\x6f\x7a\xae\x94\x77\x0d\x87" "\x87\xf5\xe0\x35\x74\x2c\xd5\x3f\xde\xe5\x0a\x78\x41\xbc\x41\x45\x92\x0b" "\xa5\xe3\x5a\x90\x60\x18\x57\xfc\x93\x21\xba\x08\xb9\x2f\xb1\xef\x71\xf4" "\x06\xca\x5c\x49\x77\xd3\xd6\x1b\xd8\x50\x44\xa7\xda\x1c\x0a\x7e\xd4\x17" "\x90\xf8\x07\xf8\x0d\xa6\x69\x02\x45\x73\xe2\xc5\x21\x8b\x95\xf3\x2b\x9f" "\x2a\x1b\x59\x84\x46\xcc\xf8\x0c\x25\x6e\xee\xa5\x43\x99\x20\x18\xae\x5a" "\x2c\x04\x61\x76\xfd\xd4\x5f\x75\x9f\x5e\x0c\x31\x65\x0e\x3d\xb1\x34\x51" "\x28\x3e\x1a\x3b\xdb\x7e\x13\x35\xdf\xf9\x96\xac\xd0\x19\x30\x80\xad\xd6" "\x35\x01\x07\x91\xa2\x72\xdf\x3c\xf1\xb6\x88\xc2\xf0\xdf\x3e\xc5\xbb\x9e" "\x7b\x6f\xe4\x41\x3e\xff\x44\xef\x47\x2c\x71\x2d\xe2\x39\x62\x8f\x27\xa8" "\x56\x72\x64\xdf\x25\x70\x5a\x5f\x40\xd6\xb9\xe5\xd5\xc3\x10\xa0\x9e\xa7" "\x72\xcf\x82\x3e\x28\x6b\x1f\xf1\xa2\x6f\xb3\x0c\x9c\xf5\x2e\xfe\x20\x6d" "\xd6\xda\xb9\xe6\x0d\x23\x08\xe8\x29\x1d\xc7\x1a\x16\xb3\x76\xa3\x45\xe9" "\x2f\x24\xec\xe0\xeb\xdb\x6a\x14\xfb\x0b\x67\xbf\xbe\xbc\x45\xc2\x77\x1b" "\x6e\x76\xdd\x41\x4b\x20\xd1\x59\x6a\x9f\xbf\xb7\x90\x7e\xd5\x1a\x00\x1d" "\x16\x1e\x87\x4a\x6c\x88\x94\x48\xd1\x79\xb7\x9a\x8d\xef\x29\xc9\x24\x9f" "\x46\xb6\x4c\x39\xb2\x42\x86\x52\x48\xaf\x51\xe2\xc1\x62\x35\x9f\x34\x06" "\x02\x79\x5c\x90\x15\x32\x2a\x94\xc0\xcf\x99\x59\x3c\xcb\x20\x4c\xda\x8f" "\xe2\x42\xe7\x5b\xfd\x8a\xfb\x24\x17\x2a\xd1\x8d\x6d\xe2\x98\x98\xa9\x0b" "\x31\x03\x79\x7b\xd7\x48\x54\x8d\xeb\xbf\xac\xbf\x02\x6e\x24\x3a\xdc\xaa" "\x98\x2b\x15\x39\x7a\xbf\x9d\x96\xeb\xa3\xac\x33\xbd\x1d\xda\xb0\x22\x2b" "\xd8\xfd\x45\x5e\x87\xba\x48\xfd\x01\xa0\x56\xb0\x76\x4c\x68\xae\x87\x25" "\xb3\x52\x25\x66\xfb\xe4\xb7\x0b\xac\x22\x04\xd4\x45\x2b\x51\x27\x27\x75" "\x48\xe5\x9e\x1b\x6d\x1c\x91\xc6\xea\xb8\x2a\xe1\x82\xac\x08\xa8\xc9\x7d" "\xf3\x9a\xe9\x32\xff\xe0\x59\x5d\xac\xf4\x53\xf4\xfe\x2f\xca\xb3\x36\x52" "\x39\xf3\xb3\xff\x91\x2a\x50\x4b\x3a\x96\xb9\x10\x65\x3e\xc0\x52\x4a\xd2" "\xbc\x72\x49\x07\x0c\x8e\x35\xcf\x88\x98\xf3\xd0\x11\x2f\x25\xf3\x60\x3a" "\xdb\x85\x1e\x08\xd5\x52\xc9\x5e\xfb\xf0\x37\xd8\xfc\xe3\xcc\x23\x3c\xf6" "\xa4\x6e\x5d\xc5\x7b\xc4\xcd\x66\xf4\x7f\x4b\xd7\xfd\x36\x46\xa5\x4b\xb2" "\xe4\x55\x95\x8f\x25\x91\xf0\x83\x6f\xd7\xde\x5c\xcd\xb9\x60\x1e\xc2\x4d" "\x59\x18\xbf\x45\x2a\x92\xd1\x10\xaf\x5c\xdb\x85\xfc\xf3\xf2\x5a\x3a\xd0" "\x6b\x2c\xca\x3a\x72\xc0\x97\x10\x99\xe3\xbc\xa6\xd0\xa9\xfd\xae\xd9\xa0" "\x65\xa4\xa1\xa5\x81\x20\xba\xb2\x61\xfd\x80\xf1\x23\x25\x8f\x97\xde\xb7" "\xe0\x4c\x20\xda\xb9\xa7\xa5\xdb\x82\x7d\x1a\x1f\x80\x36\xc2\xd7\xbc\x35" "\x6c\x89\x5f\x67\x04\x82\xea\x51\xf6\xe9\x04\xf9\x46\x33\xb4\xe3\xa4\x99" "\x67\xb1\xe9\x76\x10\x1f\xb1\xbc\x7b\xde\xdc\x7e\xae\x51\x16\x17\xae\x3a" "\xc8\x79\x28\x6b\x1e\xff\x66\x40\xe9\xfa\xec\x72\x95\x5c\x7a\xd2\x96\xe0" "\x82\x5e\x40\x8b\xa2\x69\x0d\xd5\x01\xc1\x89\x81\x39\x95\xcd\x4d\x23\x5f" "\xcd\x91\x78\x8e\x58\x80\xe1\x8e\xa8\x26\xb9\x15\x58\x55\xfd\xdb\x30\x4f" "\x75\xc2\x8a\x19\x09\xd7\xd7\x43\x79\x79\x76\x5b\x4f\x80\xf8\x60\xa6\xc8" "\x87\x95\xc7\xd9\x51\xc0\x30\xf6\x38\x8d\xfd\x6f\xe7\xe1\x4f\x7f\x7a\x9c" "\xd0\x5d\x07\x9c\x6b\xdf\xb3\xdd\xa7\x66\x4f\x36\x6e\x28\xd2\x18\xc1\xc7" "\x65\x40\x77\xcd\x3b\xa7\xcb\xc5\x31\x07\x23\xb6\x8f\xb2\x47\xe1\x24\x0a" "\x23\x81\xe6\xeb\x9a\xcf\xf2\x5d\xfd\x2f\xf6\x1b\x27\xa2\x49\x62\x16\x6c" "\x15\xa6\x12\x24\x2b\x4e\x74\xfb\x54\x00\x23\x0e\x7e\x51\x2b\x4f\xf7\x88" "\x8a\xe2\x3f\xfc\x88\x72\x51\xc7\x87\xff\x0e\xd0\xca\xb2\x5f\xb5\xd9\xff" "\x7e\x42\xb9\x94\x4a\x91\x55\x89\x73\x0e\xb4\xdf\xcc\xec\xcb\xbc\x8a\xe8" "\x8a\x44\xb4\x61\xaf\x09\x64\x3f\xdc\x00\x75\xd9\x19\xef\x67\x01\x67\xdb" "\xb7\xb0\x10\x4b\xeb\xdf\x92\x4a\x25\x7a\xf6\x83\x9b\x30\x3d\x08\x81\x2f" "\x5f\x51\x7e\x3d\x02\x16\x01\x91\x72\x13\x1b\x1a\x88\x4b\xaf\x92\x6d\x67" "\x25\x2a\xec\xaf\x61\x3b\x59\xd2\x82\xe7\x5c\xb0\xe5\xde\xf7\x0a\xe2\x2c" "\x49\xd9\xce\x89\x49\xc1\xc4\x5a\xcb\x86\x8c\xc4\x8a\xcf\xb5\x7c\xb7\x78" "\x5c\x91\x04\x99\x88\x11\x18\x10\x4c\xa6\x6e\xab\xcc\xbb\x84\xb2\x10\xa4" "\x95\x77\xec\xb9\x50\x24\x4d\x5a\xef\x05\xc9\x84\xd1\x51\x41\x6d\x8e\x77" "\x9a\xcd\xe6\x61\x65\x36\x4c\xc7\xf5\xb1\xf3\x9c\xa5\x4f\x58\x94\xde\x7f" "\x1a\xef", 4088)); syscall(__NR_ioctl, -1, 0x5000940a, 0x20000380ul); NONFAILING(memcpy((void*)0x200002c0, "squashfs\000", 9)); NONFAILING(memcpy((void*)0x200000c0, "./file0\000", 8)); NONFAILING(*(uint64_t*)0x20000200 = 0x20010000); NONFAILING(memcpy( (void*)0x20010000, "\x68\x73\x71\x73\x07\x00\x00\x00\x91\x1d\x67\x5f\x00\x10\x00\x00\x07\x00" "\x00\x00\x01\x00\x0c\x00\xe0\x00\x02\x00\x04\x00\x00\x00\x1a\x01\x00\x00" "\x00\x00\x00\x00\xf5\x01\x00\x00\x00\x00\x00\x00\xa4\x01\x00\x00\x00\x00" "\x00\x00\xdd\x01\x00\x00\x00\x00\x00\x00\x81\x00\x00\x00\x00\x00\x00\x00" "\x15\x01\x00\x00\x00\x00\x00\x00\x6c\x01\x00\x00\x00\x00\x00\x00\x92\x01" "\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae\xac\xca\x4e\xcc\xc9\x49\x2d\x2a" "\xa6\x1d\xa3\x98\x0e\x76\x8c\x32\x46\x19\xa3\x8c\xa1\xc6\x40\x70\x01\x34" "\x43\xf4\x14\x92\x00\x78\xda\x63\x62\x78\xcb\xc8\xc0\xc0\xc8\x30\x51\x36" "\x3d\x1e\xc8\x40\x01\x29\x40\xcc\x84\x24\xcf\x8c\x26\x27\xc5\xc2\xc0\xc0" "\xcc\xf0\x1f\x2e\x0f\xe4\x32\x80\xcc\x50\x03\x62\xfd\x92\xdc\x02\xfd\xe2" "\xca\x2a\xdd\xcc\xdc\xc4\xf4\xd4\xf4\xd4\x3c\x13\x43\x4b\x73\x73\x33\x63" "\x4b\x23\xfd\xb4\xcc\x9c\x54\x03\x08\xc9\x88\x64\x3a\x13\xd4\x64\x10\xad" "\x09\xc4\xec\x40\xcc\x89\x24\xcf\x8a\x64\x3b\x17\x9a\x4b\x61\x2e\xaf\x63" "\x81\xd0\xc8\xfa\xd8\x80\xfc\x04\xa8\xbc\x86\x32\xaa\x3e\x90\x5d\xff\x81" "\x80\x01\x89\x46\x98\x79\x00\x6e\x06\x3b\x54\x0c\x14\x02\x21\x40\xff\x71" "\x00\x69\x00\x62\xdd\x28\x25\x45\x00\x78\xda\x63\x64\x80\x00\x66\x20\x56" "\x00\x62\x26\x06\x16\x86\xb4\xcc\x9c\x54\x03\x07\x06\x46\xa0\x20\x84\x63" "\xc8\x02\x55\xc5\x08\xa5\x99\x18\x38\xc0\x12\x7a\xc9\xf9\x39\x29\x75\x40" "\x61\x46\x98\xb6\x79\x40\x06\xcc\x0c\xc3\x6b\x0c\xac\x70\x8e\x11\x32\xc7" "\x18\x04\x38\xd7\x11\xc7\x0e\x00\x78\xda\x4b\x60\x80\x00\x45\x28\x0d\x00" "\x07\x18\x00\x82\x5c\x01\x00\x00\x00\x00\x00\x00\x1c\x00\x78\xda\x63\x60" "\x80\x80\x3a\x28\xad\x00\xa5\x1d\xa0\xf4\x3c\x28\x7d\x0d\x4a\x4b\x31\x42" "\x68\x00\x41\xdf\x02\x6e\x74\x01\x00\x00\x00\x00\x00\x00\x08\x80\x5c\xf9" "\x01\x00\x53\x5f\x01\x00\x9a\x01\x00\x00\x00\x00\x00\x00\x1d\x00\x78\xda" "\x63\x60\x60\x63\xa8\x48\x2c\x29\x29\x32\x64\x63\x60\x80\xb2\x18\x60\x62" "\x46\x70\x31\x23\x00\xb5\xbc\x09\xab\x10\x80\x00\x00\x00\x00\x00\x00\x00" "\x00\x02\x00\x00\x00\x24\x00\x00\x00\xac\x01\x00\x00\x00\x00\x00\x00" "\x01", 486)); NONFAILING(*(uint64_t*)0x20000208 = 0x1e6); NONFAILING(*(uint64_t*)0x20000210 = 0); NONFAILING(syz_mount_image(0x200002c0, 0x200000c0, 0xa0000000001f5, 1, 0x20000200, 0x200040, 0x20010200)); NONFAILING(memcpy((void*)0x20000140, "./file0\000", 8)); res = syscall(__NR_open, 0x20000140ul, 0ul, 0ul); if (res != -1) r[0] = res; NONFAILING( memcpy((void*)0x200003c0, "\x09\x00\x00\x00\x01\x00\x00\x00\x10", 9)); syscall(__NR_open_by_handle_at, r[0], 0x200003c0ul, 0ul); return 0; }