// https://syzkaller.appspot.com/bug?id=8cce7c2c0566b3a1bdb55c5b1026833a88cf8b0f // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); int i; for (i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } #define KMEMLEAK_FILE "/sys/kernel/debug/kmemleak" static void setup_leak() { if (!write_file(KMEMLEAK_FILE, "scan")) exit(1); sleep(5); if (!write_file(KMEMLEAK_FILE, "scan")) exit(1); if (!write_file(KMEMLEAK_FILE, "clear")) exit(1); } static void check_leaks(void) { int fd = open(KMEMLEAK_FILE, O_RDWR); if (fd == -1) exit(1); uint64_t start = current_time_ms(); if (write(fd, "scan", 4) != 4) exit(1); sleep(1); while (current_time_ms() - start < 4 * 1000) sleep(1); if (write(fd, "scan", 4) != 4) exit(1); static char buf[128 << 10]; ssize_t n = read(fd, buf, sizeof(buf) - 1); if (n < 0) exit(1); int nleaks = 0; if (n != 0) { sleep(1); if (write(fd, "scan", 4) != 4) exit(1); if (lseek(fd, 0, SEEK_SET) < 0) exit(1); n = read(fd, buf, sizeof(buf) - 1); if (n < 0) exit(1); buf[n] = 0; char* pos = buf; char* end = buf + n; while (pos < end) { char* next = strstr(pos + 1, "unreferenced object"); if (!next) next = end; char prev = *next; *next = 0; fprintf(stderr, "BUG: memory leak\n%s\n", pos); *next = prev; pos = next; nleaks++; } } if (write(fd, "clear", 5) != 5) exit(1); close(fd); if (nleaks) exit(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter; for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } check_leaks(); } } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; res = syscall(__NR_socket, 0xa, 3, 0x3c); if (res != -1) r[0] = res; *(uint16_t*)0x20000000 = 0xa; *(uint16_t*)0x20000002 = htobe16(0); *(uint32_t*)0x20000004 = htobe32(0); *(uint64_t*)0x20000008 = htobe64(0); *(uint64_t*)0x20000010 = htobe64(1); *(uint32_t*)0x20000018 = 0; syscall(__NR_connect, r[0], 0x20000000, 0x1c); *(uint64_t*)0x20000100 = 0; *(uint32_t*)0x20000108 = 0; *(uint64_t*)0x20000110 = 0x20000440; *(uint64_t*)0x20000440 = 0x20000080; memcpy((void*)0x20000080, "+", 1); *(uint64_t*)0x20000448 = 1; *(uint64_t*)0x20000118 = 1; *(uint64_t*)0x20000120 = 0; *(uint64_t*)0x20000128 = 0; *(uint32_t*)0x20000130 = 0; syscall(__NR_sendmsg, r[0], 0x20000100, 0xc100); *(uint64_t*)0x200001c0 = 0x20000480; memcpy( (void*)0x20000480, "\xa9\x77\x2d\x9b\xea\x48\x24\xcc\x38\x54\xa6\x2f\xfb\x84\xc4\xfb\x11\x4d" "\x80\xfe\x46\x2f\xd7\x27\xb6\xf6\x82\xcf\x0f\x9c\xcf\xe4\x5f\x46\xed\x18" "\xfc\x8a\xf0\x50\x5d\xf8\x6b\x42\x30\x37\x0b\xfa\xcd\x1f\x72\x66\xfa\xe5" "\x85\x9a\x36\x08\x35\x7c\x69\xf5\x1c\xfa\x47\x3e\xf1\x9a\x9d\xc2\xae\xb4" "\x3f\x9e\xd6\x8a\xcc\x03\x4c\xf8\x41\x22\x9f\xbb\xe3\xf5\x71\x30\xfe\x2a" "\xd7\x07\xc5\x6a\x92\xdb\xe6\x4e\x59\xaa\x78\xe2\x4d\xb8\xe9\xb5\x05\x97" "\xab\x00\x24\xca\x25\x64\xfb\xdb\x50\xe7\xb8\xcf\xa5\xc7\x02\x8d\x55\x69" "\x77\xad\x6a\x90\xad\xf7\x68\xa5\xac\x05\x05\xab\x07\xf8\x25\x63\x68\xc6" "\xe7\x1d\xd4\xb5\xa1\xc2\xe3\xc9\x94\x6b\x61\x0a\xb2\xb3\x24\x09\x9b\xeb" "\x70\x6b\x6a\x51\x0c\x13\x4a\xd1\x8c\x92\x8b\xe3\xaf\x6c\xf2\x0e\x50\x16" "\xc9\xa0\x50\xe3\x5e\x30\x71\x6e\x49\x13\xc8\x82\x27\x2b\xbf\xc8\xf0\xe1" "\xee\x9c\x31\x48\x4a\xf6\x95\x3e\x7d\x96\x76\x40\xef\xf8\xac\xca\xce\xe6" "\xda\xf3\xf9\x80\x51\xa3\xee\x28\x15\x55\xa4\x13\x40\x27\x3d\xcb\x0b\xd8" "\xcc\x8c\xd5\x49\x67\x6f\x3e\xc2\x3c\xbc\xa4\x2d\x4b\x76\xa1\x78\x37\x6e" "\xef\xb3\xda\x03\x6d\x60\xcb\x88\xb5\xcb\x9c\x0a\xe0\x13\x5b\xe1\xd4\xf5" "\x98\xc5\x64\xfb\xe9\x7a\xd4\xb6\x91\xf5\x9b\xa4\x06\x3b\x89\x84\x82\xd9" "\xcd\xe4\x49\x70\x09\x88\x4d\x75\xb1\x96\x58\x74\xe9\xc4\xd5\xa7\xcf\x8a" "\x64\x04\x33\xc0\x2a\xcd\x34\x0a\x98\xef\xf7\x3e\x59\x48\x61\x11\x84\xc7" "\xc6\x0d\xa3\xb2\x33\x36\x7d\x58\xaa\xf4\xe4\x07\xe2\xe2\xc5\x06\xb8\x71" "\xfd\x82\x2e\xc2\x31\x38\x97\x34\xd2\x3a\x2a\xa5\xdc\x19\x78\x31\xd8\xfe" "\xe1\x93\x61\xe5\xb9\x9d\x0b\x51\xe5\xb1\xf0\xca\xdf\x29\x6b\x91\xaa\x94" "\x77\xfa\x72\x87\x9b\x4a\x3a\x30\x40\x77\x7c\xf7\x78\xce\xe1\xde\x32\x61" "\x97\x01\xd7\x1c\xb5\x31\x6c\x72\x34\xa9\x10\xb4\x97\xb5\xf1\xb2\xcd\x2a" "\x0d\x39\xe9\x2b\x6b\x92\xe0\x91\xb4\x70\xda\x2c\xec\x0e\x1b\x1f\xd3\xce" "\x1a\x15\xd5\x59\xb3\x73\x3b\x97\xb2\xdd\xb1\xdd\x2a\xa7\x3c\x9e\x03\xf1" "\x89\xb8\xdd\x48\xc9\x09\x3d\xad\xdc\xd2\xc3\xfd\x0e\x1a\x9d\x16\x04\x6d" "\x85\xc8\x93\x4d\x2f\x90\x94\xaa\x5f\xa7\xb8\xff\x06\x1c\xb7\x53\xde\xa2" "\x63\x7a\xc2\xa8\xd5\x23\xc9\x79\x1a\xe4\x54\xea\x2e\x8c\xb1\x0c\xe4\xa3" "\xad\x89\x37\xed\x58\x3c\xd6\x53\xbd\xb0\x5b\x96\x5e\x65\x8f\x9c\x5f\x06" "\xa4\x3b\xb1\xe6\x1c\xfa\x4c\xb9\xbe\x2c\xb4\xef\x26\x4d\x10\xf3\x7e\x52" "\x92\x57\x6b\xfd\xc9\x7b\x2e\x1f\x8b\x69\x2f\x0b\x64\xf7\x62\x87\xe6\x78" "\x05\xdf\x91\x42\x73\x67\x7a\x9c\x39\xbd\x1e\x4f\x73\xd3\xc1\xaf\xd9\x9a" "\xd1\x8a\x21\x0c\xae\xe4\x2a\xb5\xc8\x79\x69\xf6\xf9\x9d\x74\x23\xdb\xb7" "\x2d\x43\x6e\xf3\xa3\xde\xad\x8e\xda\x03\x27\x4d\x2e\x8e\x7f\x10\x7e\xb0" "\x4f\xdc\x3e\x36\xd6\xd4\x02\x2d\xbc\x5c\x2f\xe3\x88\xaa\xa3\x23\x49\x50" "\x58\x8e\xf5\x63\x62\x70\x81\x89\x82\x6b\x98\xd3\xc9\xed\x4d\xab\xcb\x33" "\x58\x2a\x7e\x55\x32\x7e\x82\x68\x6a\xac\x97\x3a\x5d\x02\x92\xaf\xd7\x17" "\x5a\x9c\x57\xb4\xfc\x1e\x5b\xa7\xcb\x0a\x34\xe3\x5e\x50\x52\x6d\x40\xbd" "\xb5\x1a\x22\x4e\x5b\x89\xe7\x4e\x87\x52\xc1\xb3\x9a\xb2\x50\xb1\x78\xad" "\xfa\xb9\x1c\x73\xc0\x4d\x3c\x01\x2b\x24\x4c\xb7\x74\x5d\xde\x4f\x71\x62" "\x03\xff\xcd\xda\xa0\x96\x18\x6e\xd0\x40\x3b\x32\x3c\x3a\xaa\x79\xaa\x4a" "\x0e\x6d\x12\x31\xce\x99\xf8\x37\x88\xba\x0d\xc8\x6d\xa0\x1c\xda\xd2\x58" "\x16\xc2\x6b\xf8\xe5\x23\xb2\x87\xd7\xee\x83\xb5\xd0\xc5\x55\x99\xdd\xbd" "\x20\x2f\x74\x3a\x1b\xc3\xd1\x07\xa9\xc9\x61\x0d\xc6\x25\x37\xaf\x48\xee" "\xcd\xd1\x74\xee\x4e\x79\x69\x43\x25\x0b\x81\xaf\x0d\xa2\x8c\x57\x95\x5a" "\xea\x14\x90\x10\xed\xe1\x3e\xb9\x73\xdb\xe9\x59\x50\x0a\xfe\x5e\x77\xb3" "\x2a\xd5\xa1\x1a\x35\x35\x55\xb4\x8e\xb7\x68\x45\x96\xea\xdc\x48\x1c\x29" "\x1f\x18\x5d\x0d\x47\xc6\x39\xfa\x5b\xcb\x2d\xff\xe8\x59\xa9\xd4\xa0\xe1" "\x84\xa6\x40\xe3\x0f\x0a\xfe\x83\xf2\x09\x6f\xae\xf9\xc0\x12\x92\x89\x68" "\x8a\x52\x67\xe0\xd2\xda\xda\xdd\x0f\x8c\xb1\x3f\x35\x82\x7f\x03\x37\xd2" "\xed\xf6\x22\x0a\x24\x4d\xd8\xc1\x35\x56\x30\x51\xf6\xfc\xd7\xfd\xad\x78" "\x79\xff\x3e\xf0\x19\x75\x93\x8b\xc6\xe4\x7a\xee\x74\x5d\x47\x01\xcf\xc5" "\xe5\x54\x6f\x05\x90\x3b\xbc\xde\x01\x20\xad\x84\x7c\x32\x65\x8c\x13\x84" "\xa6\xd8\xf1\x88\x54\x4d\xf3\x37\xa2\x5f\x80\x60\x51\xa3\x46\xfb\x98\x0a" "\x4e\x84\xfe\xe0\x6b\x0d\x36\x7b\xc8\x11\x61\xe9\x60\x72\xb2\xe7\xe4\x79" "\x99\xac\x93\x43\x77\x49\xd1\x18\x64\xfa\x4c\x03\xa2\xd3\x33\x13\x56\x60" "\xaa\x17\xbd\x42\x16\x23\xe6\x65\x4e\xea\xe9\x56\xe5\x1a\x01\x57\xcb\x87" "\x6d\xb3\xe9\xcb\x32\x46\x41\xd1\x32\xcd\xa7\xaa\xbd\x9d\xca\xa5\x1f\x09" "\x0c\x19\x55\xd2\x0c\x26\x18\x46\x6a\x0e\xa5\xac\xba\xea\xc5\xa4\x6e\x00" "\xb8\x86\x9c\xa9\xa3\x37\xeb\x5d\x94\x06\x59\x2a\x79\x06\x78\xa1\xf0\xbb" "\xe7\x29\x05\x4a\xbb\x48\x10\xf4\xfd\xf5\x0c\x51\x7d\x4d\xd3\x12\xb2\xd3" "\x82\x41\x2d\x45\xb9\xf6\x04\x64\xc1\x07\xc0\x73\x5b\x16\xce\xce\xd7\x34" "\x84\xf3\x7c\xdc\xc8\xb9\xa4\xa6\x2b\xc9\x97\xbb\xd1\xd2\x3b\x99\x3f\xc5" "\xcf\xed\x9a\x43\xd2\xf4\xd3\x35\x57\x0e\x76\x71\x5b\x02\x06\x64\xbe\xdb" "\x0d\xb8\x88\x16\xbc\x97\xec\x37\xd1\x3d\x64\xf6\x04\xb7\x1f\xc7\x3f\x3c" "\x38\x95\x4a\xe5\x54\xe4\x59\x97\x20\x9a\xfb\x0f\xf1\x02\xdc\x17\x09\x86" "\xe2\xd7\x2e\x41\x78\xa7\xe6\x13\x13\x08\xaf\xa2\x9b\xa7\x32\xe2\x51\xeb" "\xdf\x62\x54\xc0\x58\x97\x52\xbf\xca\x3b\xef\x7f\xd0\xfc\x60\xba\x68\x3c" "\x60\x16\xb1\x62\x34\x21\x6b\xdc\xf8\x97\x5b\xeb\xaf\xd8\xee\x46\x06\xa9" "\x6c\x19\x93\xd1\xf0\x96\xb4\x35\xfa\x84\x27\x93\x44\xb9\x14\xde\xc8\xe5" "\x65\x66\xe1\x03\x59\x2a\x7e\xd4\x4c\x63\xc8\xb5\xc1\x8e\x01\xfa\x87\x30" "\x32\xb1\x08\x76\x22\xf2\x25\x74\x73\x39\xd3\x8f\xa8\x9e\x70\x08\x69\x5c" "\xe0\xb3\xd6\xf5\x05\xab\x7e\xcd\xf9\x91\x82\xab\x7a\xa2\x64\xd9\x10\x8a" "\xf3\x5b\x0a\x37\x3d\xa1\x8a\x81\x83\xf6\x96\xdc\x70\xa8\xac\x88\xc5\x66" "\x3a\x86\x6e\x89\xc7\xd7\xdb\xdf\x72\x96\xd6\x3e\x51\x67\x97\x8b\x38\x46" "\x3a\xe9\xf3\x6f\xe4\x12\x12\x29\xe9\x2c\xce\xd0\x4e\x23\x13\xe9\x45\xb8" "\x35\x65\x5b\x59\x30\xb0\xfa\x8a\xbc\x59\xfd\x9f\xc5\xe0\xa2\xd0\x50\xea" "\x91\xa9\x3b\x2d\xbc\xde\xea\x8f\xdf\xdb\x55\x74\xb8\x64\x8c\x46\xc0\x8a" "\x13\xa9\x09\xf4\xf9\x1b\xf2\xe0\x97\x5f\x8c\xec\x68\x61\x85\xeb\x12\xf4" "\x46\xfd\x95\x81\x94\x71\x6f\x0d\xa1\xea\x95\x49\xf1\x8f\xcb\xa6\xd1\x54" "\xfc\x95\xf0\xc6\x4d\xb2\x2a\xeb\xce\x36\xdf\x3d\xc3\x1b\x27\x4f\x10\x24" "\xde\x42\x81\x3d\xa3\x5c\x41\x60\x00\x90\xe8\xb4\xe9\x33\x48\xdc\x8a\x42" "\xec\x4f\x6e\xd2\x6c\xc3\x6f\x52\x58\x65\x52\x54\xa4\x79\xd2\x38\xdd\x33" "\x94\x43\x1a\x70\xa2\x63\xa2\x6a\x1e\x34\xae\x13\x45\x07\x82\x75\xe3\x13" "\x93\xdf\xf5\xa1\x70\xc4\x22\xe6\x93\x8b\x32\xa7\xfd\xa0\x92\x82\xaa\x2d" "\x54\x5b\x70\x2c\x4b\x5c\xf2\xce\x88\xc6\xd5\x01\x29\xad\x90\x81\xac\x30" "\x36\x44\x0f\x33\xd2\xb5\xfa\x9e\x24\x8b\x01\x87\xbd\x79\x67\x99\x26\xc5" "\x55\x5d\x94\x83\x12\x56\x55\x56\x4e\xc5\xc9\x91\x9b\xd1\x30\x79\x82\xcf" "\xe7\x47\x06\xbb\x6c\x6c\x21\x9e\x14\x3d\x68\x68\x6f\x2f\x88\x04\xec\x23" "\xd2\x96\x7e\x9f\x81\xbb\x8c\x69\xb0\xed\xaa\x0f\xf3\xc9\xf6\x81\x56\x0e" "\xaa\xae\xae\x1f\xac\x89\xd3\xdc\xc5\xc9\x2d\x14\x80\xb5\xb4\x3b\x83\x38" "\xee\x46\x30\x86\x8a\x68\x32\x02\x04\xed\x4d\xc5\x2f\xdb\x62\x0a\xb9\x1a" "\xb3\xae\xf6\x69\x31\xfc\xb7\xe1\xda\x77\xc8\xb0\x33\x4d\xdc\x0e\xfa\x54" "\x0d\x30\x7e\xab\xe7\xa7\xaf\x63\x1e\x5a\xa4\xa2\x63\x06\x6a\xfa\xb4\x33" "\x15\x27\xa5\x5d\x72\x22\x6b\x81\x87\x1b\x74\x16\x6e\xab\x40\x34\x22\xe8" "\x44\xf3\xa1\xd2\x11\xbe\x42\x1f\x54\xbe\x18\x8a\x1e\xd4\x84\x9d\xd6\xb8" "\xbe\x9d\xb1\x3a\xa8\xc8\xf9\xb9\xa5\x6a\x64\x30\x3f\xf8\xf0\x08\xb4\xca" "\x0a\x0c\x18\xf8\x75\x2f\x7c\xf9\x5b\xeb\x5a\x38\x93\xfa\x3b\xa4\x9d\x0d" "\x34\x92\x40\x56\xb7\xa1\x83\x76\x1a\xd0\x5e\x77\x43\x5d\xe5\x43\xc7\xc5" "\x75\xb7\x16\x41\x60\x0c\x2c\x8f\x8f\xcf\xc9\x6a\x66\x80\x7e\x66\xa7\x1a" "\xc1\x31\x5e\x70\xe6\xa9\x8f\xec\xd7\x59\x3d\xaa\xb4\x79\xf1\xb0\x62\xc6" "\xff\xfe\x9c\x12\x15\x7f\x2c\xe2\x0b\x29\x91\x40\x68\x63\x20\xce\xe6\x03" "\x25\xb0\xda\xb1\xb5\x63\x2e\x6e\xe9\x18\xff\xef\x00\x80\xfe\xb3\xa3\xb1" "\x5b\x59\x8d\xc7\x61\x9d\x6e\xdc\x9b\xbb\x92\xa2\x4e\xf4\xf0\x6e\xc2\x2f" "\x44\x9d\x55\x6e\x35\x7c\xdc\x22\xcd\xcf\x51\x33\xe2\x2e\x6a\xf8\x1e\xfa" "\x47\xdb\x92\x62\x2c\x63\x32\x40\x25\x7b\xff\xf7\x78\x01\xcf\x23\x22\x58" "\x7f\x18\x7b\x7b\x36\xd1\x96\x71\x61\x68\x8a\x31\x88\xe3\x6c\x14\x29\x17" "\x0d\x13\xad\xa4\x68\xc7\x5e\x4f\x23\x36\x6d\x41\xf6\xbc\x3e\x2f\x7a\x5f" "\xc7\xd8\x27\x8a\x87\xff\x8e\x16\x6e\xd4\x4b\x98\xc1\x2c\xe9\x10\xf0\x42" "\xbe\xe6\x01\xcb\xb6\xfd\x5b\xb1\xbb\x70\x0f\xe3\xfa\x80\xbe\x6a\x1d\x4f" "\xb6\x14\x41\xc4\xe6\xfb\x04\xdc\x78\x19\xe4\x4b\x4f\xa6\x92\xec\x1d\xe2" "\x7f\xe7\x90\x1f\x7e\xc4\x7c\x85\xbc\xef\x06\x0c\xe9\x5f\xab\x9a\x9f\x69" "\xfa\x67\xbd\x04\x30\xc6\x46\xc9\xb3\xd8\x69\xfd\x13\xd6\xe1\xa0\x9e\xff" "\x9c\x70\x09\x00\xaf\x71\x0e\x31\x4d\xeb\x16\x2e\xf4\x61\xad\xf6\x41\x17" "\xc2\x27\x73\x8a\xf1\x3c\x0c\xd8\xb1\xd7\x23\x00\x00\x00\x00\x00\x00\x00" "\x00\x29\x21\x28\x1c\x4d\x53\x16\xc2\x8e\x67\x9d\x29\x1f\x87\xd0\x41\xdd" "\x3b\x70\x65\x41\x54\x24\x78\x86\xdb\x8f\x8e\xed\xd1\xe1\xd1\x3f\xd1\x7e" "\x06\xda\xc7\x50\x61\x39\xf7\xf1\x37\x12\x57\x31\x34\x64\xd7\x1c\xf4\xc5" "\x06\xa4\xc2\x37\x89\xc9\xcf\xe1\x32\xd0\x63\xd1\x37\x93\xf9\x1a\xad\x26" "\xb0\xb7\x30\xce\x1f\x24\xf5\x6c\x14\x0f\x5d\x99\x77\x4f\x59\x4d\xb4\xf2" "\x17\x26\x5a\x24\xa9\x15\xf9\x7f\x15\xa2\xfc\x27\xf3\x06\xe4\x7a\xe1\x86" "\xdf\x32\x31\xdd\xbb\xb3\xdf\x43\x27\x27\x38\xae\xa5\x56\xde\xa2\xda\x63" "\x94\xd0\x7c\x97\xe2\xcf\xf7\x61\x2b\x77\xab\xd1\x24\x95\x0c\x55\x06\x25" "\x2b\xd7\xf9\x03\xba\x38\x3f\x3c\x10\x75\x64\xab\x7a\x5e\x44\x43\xeb\xa9" "\xc4\xae\xd2\xeb\xd2\x03\xf2\x98\x79\xb2\x2d\x2c\x8a\x86\xbd\xeb\x1d\x75" "\xa7\x1b\x94\x3e\x34\x92\xc0\x17\x7c\x46\x8a\x6f\x82\x15\x47\x06\x87\x6d" "\x63\xe6\x93\xb3\x35\x6c\x2e\x79\x19\x89\xb5\x3a\x9b\xee\xb4\x99\xc2\xca" "\x0c\xc2\xd4\x7c\xef\xd9\x78\x46\x34\xf2\x0a\xe8\xfa\x51\x41\x06\x77\xb4" "\xb2\x5c\x42\xbc\xc4\x73\x19\x39\x90\xe3\xb6\xeb\x53\x95\xfe\xe3\x6e\xed" "\x53\xc2\xce\xed\x91\x13\xe7\x9f\x09\x11\x7c\xcd\xdd\xef\x22\x7c\x05\xc8" "\xba\x8b\xed\xe7\xec\xab\x4b\x98\xb7\xa0\x65\x6a\x78\xe0\xbd\xd0\xca\x31" "\x93\xec\xde\xe1\x87\x05\xcb\x97\x07\x53\xf3\x87\xa6\xa1\x60\x50\x07\x16" "\xaa\x58\xf9\x53\x51\x60\x38\xe6\xeb\x40\x38\x39\x38\x36\x0b\xc8\xe3\xc8" "\x91\x4f\x02\xe5\xad\x55\x88\x7e\xbb\xc4\x04\x40\xd5\x4c\x08\xf5\xb1\xec" "\x5b\x61\x20\x00\x00\x00\xc7\x01\xb1\x4b\x61\x91\xe2\x83\x83\xa1\x63\x56" "\x2d\x0f\x4d\x9a\xf7\x4e\x0d\xf0\x66\x4d\x70\xb3\x22\x86\x46\x84\xd5\x1b" "\xd0\x35\x9e\x75\xe8\xf6\x53\x3d\x10\xca\x7d\x87\xa0\x13\x66\xe2\x82\x63" "\x37\x5e\x3c\x90\x71\x84\x2d\x53\x00\x99\x11\xac\x9e\x65\xb1\x20\x2a\x43" "\x5a\xe1\xa3\xef\x1f\xdc\xe8\xe8\x69\x52\x8f\x0a\x39\x29\x96\x45\x44\x4c" "\x3a\x8e\x23\x21\x5d\x1f\x42\x55\xa2\x94\xd0\x99\xc1\xde\x6f\x79\xe4\x62" "\x6b\x00\x02\x0e\x38\x84\xba\xe9\xe1\xdd\x1f\x2d\x12\xf4\x63\x74\xa9\x22" "\x09\xb7\xc6\x3b\x45\x73\xc5\x2b\xdd\xac\x9a\x9b\x8e\x81\x0a\x1d\x86\x38" "\x60\xe8\x5c\x41\xb5\xb0\x74\x06\x4a\x08\x56\x48\x3c\x9a\xae\x60\x3e\x11" "\x7e\x8d\x8a\xf4\x5e\xb2\xc5\x44\xf2\x85\x4c\xf4\xa5\xc3\x17\x23\xf5\xc8" "\x1c\x83\x81\x0e\x9a\xe7\x48\xa1\x1b\x0d\x66\xb1\x27\xd1\x54\xa7\xa7\x72" "\x53\xd7\x8b\x58\x70\x33\x2c\xfb\xaa\xe3\x11\x4e\x4c\x95\x4b\xdf\xbc\xf0" "\x9b\x7c\x82\x01\xee\x07\xb3\x1b\x0c\xfa\x02\xad\x6e\x69\x34\x51\x47\xec" "\x3d\xfa\xad\x38\xa1\xd7\x56\x66\x2d\x9a\xe4\x01\x0a\xfb\x8b\xb9\xc2\x8c" "\xd7\xea\x62\x60\x2f\x92\xe8\xe1\x20\x68\x9f\x2b\x7e\xd5\x58\x85\x83\xcd" "\x55\xe8\x07\xde\xc3\x3f\xb2\xff\xbb\x02\x0b\x53\xe3\x41\x92\x9e\x74\x8e" "\xee\x1c\xc6\x93\xcc\xf5\xdc\x5e\x84\x04\x58\x86\x55\x54\x74\x23\x22\xae" "\xbc\x04\xeb\x82\xd7\x47\x69\xdb\x20\x74\x19\x3a\x53\x0e\x85\xd0\xfd\xe2" "\xe4\x32\x5f\xcb\xce\x50\xf4\x12\x12\x71\x0f\x43\xd1\x55\xfc\x79\xaf\x29" "\x81\x89\x82\x82\xec\x2a\xcc\x37\xa0\xac\x77\xe8\xd7\xdc\xd4\x0a\xdb\xbd" "\x38\x4a\x31\xb5\x6f\xaa\x00\x8f\x51\x20\x10\x56\x73\x13\xc0\xe9\x16\x1d" "\x1f\x3a\x40\x0e\xda\x66\xa3\x09\x00\x52\xcb\xb0\xd4\x81\x59\x89\x9f\x34" "\x99\x3f\x2f\x5f\xbe\xec\x67\x1c\x6c\xc9\xe5\x16\xec\xd6\xab\x03\xe6\xb6" "\x98\xe4\x7c\xa4\xd4\x05\x05\x64\x82\x5f\xd9\x4d\xfa\xee\xc1\xef\xc8\xda" "\xeb\xc4\xce\x69\xaa\x00\x9c\x7a\x47\x04\x79\x85\x45\x63\x71\xeb\x4e\x86" "\xa5\x0b\x0f\x22\x0b\xee\x72\x81\x7b\xfb\xd7\x88\x3c\xdf\xca\xb1\x86\x8e" "\x42\x95\x26\xed\x9a\x56\x65\x32\x07\xa8\xea\x83\x5c\x58\x83\x3e\x9f\x33" "\xda\x0e\x32\xa2\xf4\x36\xb4\x4b\x49\x6f\xe0\x7f\x13\x3c\x54\x52\x1f\x1f" "\x99\x25\x54\xbf\xad\xcb\xa0\x14\x0c\x08\x86\xa0\x7b\xf9\x66\x67\x28\xe9" "\x1d\xd5\xc8\x0d\x14\xeb\xc4\x35\x75\xbe\xef\xfb\xad\x13\xb9\xd1\x0f\x57" "\x2c\x91\xe0\x43\x07\xd7\xeb\xea\x94\x85\x25\x1b\x30\x4f\x6d\xce\xaa\x77" "\x4d\xd6\xb1\xd6\x64\x90\x6c\x41\x95\x59\xe4\x34\x26\xe2\xea\xd1\x0c\x06" "\x72\x24\x93\x6a\x5a\x73\x00\x92\x0c\x6e\x1c\xf6\xc1\x22\x30\x05\xfb\xe1" "\x32\xa1\x1b\x80\xe6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 3023); *(uint64_t*)0x200001c8 = 0xbcf; syscall(__NR_writev, r[0], 0x200001c0, 1); } int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); setup_leak(); loop(); return 0; }