// https://syzkaller.appspot.com/bug?id=389ea3bd2db54033d80e046b76e79adda09e5016 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include #include #include #include #include #include #include #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* uctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { _longjmp(segv_env, 1); } doexit(sig); for (;;) { } } static void install_segv_handler() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ } static void use_temporary_dir() { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) fail("failed to mkdtemp"); if (chmod(tmpdir, 0777)) fail("failed to chmod"); if (chdir(tmpdir)) fail("failed to chdir"); } long r[209]; void* thr(void* arg) { switch ((long)arg) { case 0: r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); break; case 1: NONFAILING(memcpy((void*)0x20e8b000, "\x2f\x64\x65\x76\x2f\x6b\x76\x6d\x00", 9)); r[2] = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20e8b000ul, 0x0ul, 0x0ul); break; case 2: r[3] = syscall(__NR_ioctl, r[2], 0xae01ul, 0x0ul); break; case 3: r[4] = syscall(__NR_ioctl, r[3], 0xae60ul); break; case 4: r[5] = syscall(__NR_ioctl, r[3], 0xae41ul, 0x2ul); break; case 5: NONFAILING(memcpy( (void*)0x20f64c00, "\x8a\x92\x77\x99\xb0\x9a\x02\x9f\x25\x06\x1e\xda\x96\xdd\x33" "\x77\xa5\xfc\x78\xb2\x8f\xcb\xf8\xeb\x84\x55\xa6\xfb\x67\xa8" "\xde\x46\xd4\xd4\x36\xf5\xa0\x1a\x47\x19\x1d\xc7\x92\xf4\x14" "\xac\x84\x37\x03\x6b\xb3\x4b\x66\x32\xc9\x80\x07\x3c\x4c\xdc" "\x08\x4a\x19\x66\xc4\x40\xf1\x58\x11\xd0\x16\xf5\xb5\x0e\x90" "\x81\x06\x03\x5c\x0a\x2c\x83\xeb\x8c\x06\x21\x94\x26\xb1\xb6" "\x7e\x4b\xb4\xb3\xc5\x19\x9c\x00\x00\x00\x01\x6f\xc7\x2a\x7e" "\xb0\x11\xb6\x22\x07\x25\x32\x22\x9f\xbc\x9d\x9c\x4d\x1e\x04" "\x51\x91\xee\x2b\x0d\x58\x4c\x8f\xd7\x36\xee\x3e\x7d\x73\xd5" "\x26\x9e\x67\xa6\x92\x51\xb1\xa8\x64\x7e\x90\x69\x2d\x30\xec" "\xfb\x80\x63\x26\xf1\xff\x00\x7a\xc0\xaa\x58\xb1\x11\x19\x3c" "\x88\x18\x19\x07\xd9\x58\xcb\x00\x95\x7d\x63\xdf\xb5\x87\x75" "\x21\x59\x37\xae\x2b\x62\xb4\x6c\x6d\x58\x16\xf2\xfc\x52\xee" "\xaa\xf1\x00\x00\x00\x00\x00\x00\x03\x25\x29\x29\xe6\x28\xad" "\x2c\x34\xa0\xef\x71\x7f\xb2\x50\x4d\x9b\xd6\x6e\xab\xce\x00" "\x2f\xaf\x05\x12\x14\x8e\x07\x2f\x30\x87\xa5\x56\x6c\x38\xfd" "\xa7\x29\x44\x2c\x3e\xbd\x62\xe9\x70\xa9\xa3\xeb\x24\x27\x47" "\x99\x36\x01\xa1\xa1\x86\xb8\x37\x6d\x39\xc6\x9c\x4c\xe5\x0f" "\xb2\x63\x8f\xee\xae\x79\x43\x6a\x97\x08\xb3\xbb\x19\xf3\x83" "\x77\x38\x2e\xa7\xb4\xc9\xc2\xd6\x74\xb8\x0e\xf2\x20\x10\x9f" "\x8f\xa8\x20\x0d\xe4\x79\x45\x47\xb4\xda\x64\x30\xac\x51\xef" "\x16\xd3\x58\x94\x9a\x29\x88\x12\xc5\xd5\x40\x17\xaa\x2f\xc8" "\xb8\x14\xec\xf2\x8c\x41\xd4\xc8\x34\x74\xba\x93\xa8\xad\x32" "\xb1\x63\x71\xb4\x23\x50\xbf\x98\x4a\xbb\x46\x52\x28\xcf\xd8" "\x48\xe5\x4a\xbc\x38\x3d\x00\x04\xa3\x31\x5f\x1b\x85\x99\xef" "\xa1\xbf\x10\xbd\x30\xa1\x37\x17\x57\xb1\x38\xed\x4a\x19\xda" "\x00\x00\x00\x08\xfd\x42\xad\x44\x6d\x9d\x27\x55\xf8\x55\x25" "\x63\xc7\x63\x9c\xe0\x0d\xa8\xee\x3e\xce\x9d\xed\x52\x62\x5a" "\xa3\xf0\xa1\xd7\xb7\x6b\x32\x53\x6d\x39\xee\xcc\x15\x82\x71" "\x06\x4e\xa7\x9b\xdd\xf1\x03\x2b\x6e\x6a\xc7\x94\xf3\x7e\xc9" "\xd0\xc3\xbc\x49\x23\xcc\x70\x63\x1c\x6d\xf6\x4f\x28\xd7\x5d" "\x99\x44\x3d\x66\x53\xdb\x3c\x6b\x79\x61\x19\x0e\x8f\x82\xa2" "\x33\x92\x55\x40\xb3\x2c\xe4\xf4\x71\x68\xef\x93\xf0\x1a\xef" "\x51\xc6\x97\xc4\x57\x94\x42\x06\xc1\xb2\xaf\x2e\xb2\x1e\xd8" "\x43\x7a\x37\x1c\x0b\x42\x7c\xd8\xc9\x4f\x39\x52\xee\x75\x2b" "\x75\x8e\xb5\xbf\x41\x0a\x0c\x4f\x47\x93\xcd\x66\x38\xa2\xa2" "\x3d\x68\xcb\x6e\x86\x92\x55\x99\xfb\xc1\x36\x1b\x8c\xe2\x7b" "\xf6\xd7\x90\x27\x89\x4b\x6c\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x83\xa5\x1e\x21\x94\x79\x15\x36\x9b\xdd\x4f\xc3\xcd\xed" "\x26\x63\xd1\x75\x15\x83\x8f\x8f\xbb\xa2\x84\xc5\xb6\xff\xc5" "\x25\x10\x19\xea\xee\x59\xd1\x17\xd3\x4c\x73\xe5\x0f\xbd\x33" "\xce\xb4\x50\x8c\xfa\x4e\xec\xb7\xd6\xbb\x11\xfc\x4a\x11\x4a" "\x13\x54\x2d\x49\x77\xb2\x65\x17\x83\xf6\xa5\xd9\x26\x00\x36" "\xcc\xc7\x0d\x69\x51\x05\xd1\xdd\xb5\x6f\x1a\xc2\x65\x84\x54" "\x7d\x8d\xf1\xec\xb3\xc6\x72\x06\x8c\xc7\x00\x00\x00\x01\xae" "\x0a\x25\x3b\x58\x7d\x71\x2c\x61\x13\xac\xdf\x49\xfa\x01\x00" "\xde\x0f\x7b\x37\x17\x52\x8e\x35\xb7\xe7\x07\x33\x53\x8a\x5c" "\xec\x8f\xb1\x76\x16\xd2\x19\x8d\x02\xba\x4e\x76\x90\xfa\xb7" "\x93\x3b\x67\x6d\x07\xdb\x27\x75\x5d\x6a\x8f\x29\xc6\x43\xdf" "\xff\x0e\x4b\xd7\xc2\xb1\x3b\x7a\x57\xa3\x12\x0c\xb2\xcb\xb7" "\x02\x00\x33\x9d\x24\x86\x2d\xaf\xad\x48\x1a\x63\xe7\xf9\x0d" "\x14\xc5\x48\x03\xd8\xb1\x00\xe0\xad\x5c\xae\x9a\x0a\x7b\x2f" "\x32\x9c\x3b\x00\x00\x00\x00\x00\x00\x00\x02\x0e\xb2\xee\xbf" "\x5b\xcd\x42\x68\x8b\x08\xad\x0a\x65\x75\xa3\x1f\x81\xf0\x1c" "\x13\xc7\xcb\x67\x4f\xf4\x1c\xb3\xc7\xf6\x89\x6d\x41\xe8\x6b" "\xda\x84\x51\x64\x82\x5e\x28\xb9\xfb\x71\x9e\x69\x5a\x9e\xd5" "\x71\x0f\x92\x4a\xef\xde\x1c\x96\xbe\xbe\x42\x74\x59\x40\x38" "\x34\x00\x00\xa0\x88\xf9\xbc\xae\xba\x90\x31\x5d\x3b\x3c\xfc" "\x24\x38\x8c\xc1\x5d\xff\xed\xa1\xbd\x61\x05\x82\xc5\xb7\x4f" "\xa6\xc6\xe7\x89\xce\x44\x0f\x71\x87\x1a\x5e\x8b\x85\x00\x00" "\x00\x00\x58\x06\x74\x3e\x8e\x07\x5b\x86\x24\x68\x6f\xeb\x21" "\xdb\xdb\x9a\xfd\x74\xdd\x00\x67\xd8\x2a\x72\xc0\x99\xa2\xd5" "\x2a\x59\x94\x94\x38\x8c\xb5\x6c\xdb\x5e\xf9\x19\x09\x80\xf9" "\x12\x8e\x68\x9e\xce\xe9\x8b\x2e\xd5\x9e\x15\x37\xfc\x9f\xe1" "\x44\xdc\x20\x30\x37\x4b\x0f\x5f\xcf\xd8\xf2\xef\x24\x28\x03" "\xf7\xbc\xbc\x07\x14\x5f\x65\xb8\x91\x2a\x4a\x33\x5b\x85\x8d" "\xe8\xac\xf0\x80\x85\x2c\x49\xd3\x53\xa0\x0a\x5a\xac\x3d\x6a" "\x33\xe0\x07\x55\x06\xa1\xff\x25\x79\x9f\x16\x37\xb1\xba\xfb" "\x0a\x99\x54\xef", 1024)); r[7] = syscall(__NR_ioctl, r[5], 0x4400ae8ful, 0x20f64c00ul); break; case 6: NONFAILING(*(uint32_t*)0x205e7000 = (uint32_t)0x0); r[9] = syscall(__NR_ioctl, r[5], 0x4004ae99ul, 0x205e7000ul); break; case 7: r[10] = syscall(__NR_ioctl, r[5], 0xae80ul, 0x0ul); break; case 8: NONFAILING(*(uint64_t*)0x20cc0f28 = (uint64_t)0x2); NONFAILING(*(uint32_t*)0x20cc0f30 = (uint32_t)0x0); NONFAILING(*(uint32_t*)0x20cc0f34 = (uint32_t)0x0); NONFAILING(*(uint32_t*)0x20cc0f38 = (uint32_t)0x0); NONFAILING(*(uint32_t*)0x20cc0f3c = (uint32_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f40 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f41 = (uint8_t)0x3); NONFAILING(*(uint8_t*)0x20cc0f42 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f43 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f44 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f45 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f46 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f47 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f48 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f49 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f4a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f4b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f4c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f4d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f4e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f4f = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f50 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f51 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f52 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f53 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f54 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f55 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f56 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f57 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f58 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f59 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f5a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f5b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f5c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f5d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f5e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f5f = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f60 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f61 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f62 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f63 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f64 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f65 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f66 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f67 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f68 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f69 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f6a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f6b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f6c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f6d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f6e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f6f = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f70 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f71 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f72 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f73 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f74 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f75 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f76 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f77 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f78 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f79 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f7a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f7b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f7c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f7d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f7e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f7f = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f80 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f81 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f82 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f83 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f84 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f85 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f86 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f87 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f88 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f89 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f8a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f8b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f8c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f8d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f8e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f8f = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f90 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f91 = (uint8_t)0x6); NONFAILING(*(uint8_t*)0x20cc0f92 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f93 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f94 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f95 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f96 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f97 = (uint8_t)0xffffffffffffffff); NONFAILING(*(uint8_t*)0x20cc0f98 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f99 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f9a = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f9b = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f9c = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f9d = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f9e = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0f9f = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa0 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa1 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa2 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa3 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa4 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa5 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa6 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa7 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa8 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fa9 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0faa = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fab = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fac = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fad = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fae = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0faf = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb0 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb1 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb2 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb3 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb4 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb5 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb6 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb7 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb8 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fb9 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fba = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fbb = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fbc = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fbd = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fbe = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fbf = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc0 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc1 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc2 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc3 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc4 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc5 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc6 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc7 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc8 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fc9 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fca = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fcb = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fcc = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fcd = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fce = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fcf = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd0 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd1 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd2 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd3 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd4 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd5 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd6 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd7 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd8 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fd9 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fda = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fdb = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fdc = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fdd = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fde = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fdf = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe0 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe1 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe2 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe3 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe4 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe5 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe6 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe7 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe8 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fe9 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fea = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0feb = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fec = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fed = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fee = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fef = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff0 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff1 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff2 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff3 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff4 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff5 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff6 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff7 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff8 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ff9 = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ffa = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ffb = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ffc = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ffd = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0ffe = (uint8_t)0x0); NONFAILING(*(uint8_t*)0x20cc0fff = (uint8_t)0x0); r[208] = syscall(__NR_ioctl, r[3], 0x8208ae63ul, 0x20cc0f28ul); break; } return 0; } void loop() { long i; pthread_t th[18]; memset(r, -1, sizeof(r)); for (i = 0; i < 9; i++) { pthread_create(&th[i], 0, thr, (void*)i); usleep(rand() % 10000); } usleep(rand() % 100000); } int main() { install_segv_handler(); use_temporary_dir(); loop(); return 0; }