// https://syzkaller.appspot.com/bug?id=741882e87437de1d73c70dff1161dffb50e39b73 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; memcpy((void*)0x20000080, "/dev/uhid\000", 10); res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20000080ul, 0x802ul, 0ul); if (res != -1) r[0] = res; *(uint32_t*)0x20000080 = 0xb; memcpy((void*)0x20000084, "syz0\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000", 128); memcpy((void*)0x20000104, "syz0\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000", 64); memcpy((void*)0x20000144, "syz1\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000", 64); *(uint16_t*)0x20000184 = 1; *(uint16_t*)0x20000186 = 0x1000; *(uint32_t*)0x20000188 = 0; *(uint32_t*)0x2000018c = 0; *(uint32_t*)0x20000190 = 0; *(uint32_t*)0x20000194 = 0; memcpy((void*)0x20000198, "\x80", 1); syscall(__NR_write, r[0], 0x20000080ul, 0x119ul); *(uint32_t*)0x20000040 = 8; memcpy( (void*)0x20000044, "\xf4\x7c\x09\xfa\x20\xc6\xe3\x6d\x3c\x1f\xc1\x7b\x57\x68\xd4\xa3\x60\xb5" "\x35\xa0\xdc\xaa\x97\x34\x70\x85\x69\xcf\x0c\x55\xab\xcd\xdb\x03\x8c\xa3" "\xf9\xde\xcb\xf5\x11\xed\x03\x46\x25\x90\x2a\x64\xf4\x74\x8c\xa1\x9f\x95" "\x68\xf9\x38\xcc\x03\xc6\x62\x28\xf9\xe0\xbf\x61\x29\x20\x78\x40\x24\x2e" "\x8b\xf8\xcf\x58\x01\xcb\x0f\xfc\x7b\x56\xe5\x97\xf9\x08\x05\x7b\xf3\x06" "\x59\x00\xbc\x5c\x34\xb5\x1e\x10\xbb\xea\x95\xcf\x7f\xe1\xcf\x22\x7a\x76" "\xbd\xba\x32\xd3\x2e\xfc\xfc\xc6\x9a\xf4\xc0\xe2\x8a\xec\x6b\x28\xc9\xd9" "\xb5\x78\x10\x21\x71\x55\x9a\x0d\x64\xdf\xf8\xdf\x57\xc1\xa0\xe3\x92\xab" "\x58\xae\x66\xfa\xc1\x86\x0b\xb8\x39\x86\x60\x1b\xd8\xf1\x1e\xb8\x8e\xa0" "\xee\x14\x76\xce\x9d\x20\xe3\x7a\x94\xea\x7d\x72\x0e\x11\xaf\x1a\xc2\xcd" "\xcd\x4c\x08\xb1\x75\x01\x49\x63\x53\xcd\xd5\xb2\xa6\xaa\x0f\xae\x64\x35" "\x4c\x09\x7d\xd7\x33\x5d\x3f\xbb\x4a\xf3\x6a\xbc\x53\x2c\x4a\xdd\x0a\xb2" "\xcc\x53\xac\x4c\x5f\x4f\x3c\x7d\xc2\xfc\x4b\x0f\x01\xe4\x07\x8d\x1a\x8c" "\x31\xd2\x1b\x13\xf1\x88\x97\xdb\xfa\x9e\xb0\x27\x93\x53\xe1\xab\xc6\x39" "\x2c\x5f\x63\x5f\x58\x12\xbf\xfc\x1e\xd8\x35\x69\x25\x53\x96\x87\x11\x8f" "\x77\x7d\xea\x18\xa6\x80\x44\x94\x3c\x76\x05\x3a\x32\x64\x43\xd6\x24\xc8" "\xea\xfb\x1a\xbe\x3c\xd4\x4c\x04\x6b\x6f\x6b\x28\xa7\xd6\x50\x90\x99\xa4" "\x05\x48\x3d\x8a\x2f\x92\x4d\x82\xea\x66\x3a\x3a\x18\x2a\x3a\x83\xdb\x64" "\x55\xa7\x50\x22\x63\x49\x7d\x74\x4b\x93\xae\x2e\x16\xd5\x41\x6d\xdb\x56" "\xe2\x59\x72\x0a\xeb\x87\x39\x8e\xa2\x88\x06\x03\x73\xc1\x9a\xe5\xe1\xe1" "\x6b\x00\x0a\xba\x56\x14\xfd\x15\xeb\x07\x08\x8d\xce\x38\x73\xec\xfa\x55" "\x02\xce\x1a\x3e\x5c\xab\x2b\x15\xe0\xd8\x51\x7e\x8e\x5e\xef\xb3\x3f\x48" "\x62\xa7\x40\x57\xc9\x76\xe6\x8d\x4b\x9e\x60\x59\x37\xba\x0e\x45\xeb\xaa" "\x0c\x23\xee\x86\x93\x91\x66\x0d\x6d\x7c\xf1\x5b\x3e\x5a\xbe\x98\x77\x86" "\xf0\x59\xee\x98\x3f\xa0\x6e\x47\x24\x18\xa7\x3e\xfa\x8b\xf3\x62\x86\xff" "\x2e\x8d\x11\x09\xaf\x09\xeb\x93\x1c\x4f\x70\xfd\xde\x78\x51\x38\x31\x1b" "\x92\x89\x6f\x6a\x32\x24\xa9\x1f\x5b\xca\x55\x60\x7d\x6e\x51\x66\x55\x82" "\x35\x98\x7e\xd9\x9d\x53\xd6\x05\x00\xcc\x94\xee\x39\xf9\xe5\xc4\x2c\xe2" "\xba\x4a\x4e\xf9\x1a\x65\x84\x6c\x81\x94\x3b\xda\xeb\x85\x25\x6e\xeb\x92" "\x08\x94\x67\x87\xbd\xd6\x12\xab\x87\x54\x1d\x78\x6a\xe8\x4a\x9d\xef\x1e" "\x67\xd2\xf1\x07\x99\x50\x38\x69\xfe\xc8\x2e\x1c\x45\xd6\x2b\xdc\x56\xe8" "\x56\x43\x0a\xa7\xb6\x00\x8f\x62\x35\x5b\x15\xc9\x36\xdf\xe1\x70\x05\xe6" "\x66\x12\xbe\x09\x12\x31\xd9\xc0\x5f\x75\x2d\xda\xdc\x51\x02\xc6\xf1\xff" "\x64\xb4\xbd\xdd\xb2\x4d\x97\x46\x41\xa3\xa4\xaa\xb4\xa3\xab\x20\xd0\x61" "\x33\xbf\xc4\x1e\x79\x34\x85\x42\xf0\x0d\x32\x02\x3d\x3c\xa3\x4f\x6b\x32" "\x19\x52\x67\xd5\xcf\x16\x0f\x01\xe2\xd9\x18\x77\xaa\x01\x6b\x99\x2e\x85" "\xd9\xfd\x9c\x27\x5e\x44\xa3\x50\x20\xb8\xb6\x80\x6d\xba\x78\xc7\x2a\xf3" "\x7a\xa2\x71\x5c\x88\x00\xb9\xf3\x97\x5e\xcd\x70\xcc\xeb\x51\x06\x12\x10" "\x10\xfa\xa6\x88\x79\xd3\x1e\x8d\x99\x6c\x89\x60\x83\x4a\x5b\xfb\xb6\xf2" "\x4d\x96\x96\xab\x43\x84\x67\xbe\x81\x3e\x69\x9e\x8f\x64\xf9\x2c\x5f\x21" "\x5e\x82\xc6\xc9\x82\xd1\xeb\x39\xf5\x57\xbb\xe5\x29\x26\x75\xee\x9a\xc2" "\x8e\xcc\x29\xf7\x68\x67\x49\x8a\xe6\x49\x02\xed\x76\xae\x0f\xe4\x69\x12" "\xed\x61\x3b\x6e\x1e\xde\xf4\x76\x45\xf5\xbe\x8f\x6c\x82\x03\xaf\xc7\x83" "\xe5\x0f\x5d\x4e\x34\xcc\x6b\x28\x77\x33\x87\x44\x61\x09\x26\xf4\x36\x9a" "\x70\x35\xf5\x5b\x61\x3c\x3a\x64\x81\x22\x59\xec\x8a\x6a\x81\xe8\xc0\x7d" "\xfa\x2e\xda\xb1\xc6\x5b\xc4\xec\x7d\x82\x46\x08\x7a\xfa\x70\xf2\x22\x8a" "\x2b\x93\x65\x19\x40\x56\xb7\xb8\xe4\x97\xf0\x50\xe8\x46\x9c\x51\xf3\xd3" "\xf9\x9d\xc2\x60\xb1\x6e\x30\xa5\x84\xbb\x6b\x26\xae\x5a\x3a\x3f\xb0\x5a" "\xd8\xb0\xfc\x83\x8d\xf2\x46\xd8\xa0\x2e\xce\x53\x32\x1c\x27\x9e\xbb\x52" "\xa0\x14\xf6\x70\x35\xc9\x59\xab\x98\xc9\x19\x14\xd6\x1c\xfe\x58\xfa\xe0" "\x23\xb8\x36\x84\xc1\xd3\xfd\x77\xed\x60\x91\x7b\x7e\x1e\xc0\xe8\x8c\x9b" "\x2c\x7b\x07\xc3\x64\xd6\x61\x77\x6f\xde\xd4\xfb\x1c\x0c\x27\xbe\xdc\xdc" "\x10\xa7\x67\xc5\x35\x20\x8a\x9e\xd6\xfa\x61\x73\xb5\xb0\xca\x3f\xf5\x3c" "\x8e\x4c\x9e\xb2\x82\xad\x8b\xed\x94\xb8\x72\x7b\x4e\xf4\x60\x8d\x05\xb2" "\x0f\xb4\x07\x39\x9e\x9f\x38\x12\xbc\xda\xaa\x7b\x94\x6c\x6c\xa9\xa3\x55" "\xd7\x8b\x36\x3f\x5a\x17\x48\x11\x2f\xdb\xed\x35\x9f\x1e\x8d\x6a\x7d\x3f" "\x65\x80\x4f\xda\x6a\x8a\x50\x9f\x21\x58\xcf\xd2\xf4\x0f\x11\x64\x35\xa3" "\x75\xd0\x1f\x5a\xde\x2c\xca\x5d\x38\xb2\x0e\xbd\x7b\xaf\xe8\x5a\x1a\x42" "\x4f\x36\xcb\x09\x28\x04\x8d\x2e\x58\x5e\x8a\xfd\x32\xb6\xd1\x73\x12\xd6" "\xfd\x22\x2d\x8c\x85\x66\x59\x40\xb4\x8b\x9c\xb2\x3e\xec\x75\xf9\xd4\xb4" "\x0d\x6a\x9d\x56\xf9\x30\x12\x44\xca\x15\x53\xd2\x05\x7c\xa1\xf9\xd4\x0d" "\x46\xf9\x90\x2c\x60\xf9\x08\x7a\x4f\x9d\x7d\x10\x7a\xaa\x9a\x36\x3f\xb6" "\xb7\x78\x3f\x7b\x31\xfe\x3b\x9c\xf4\x55\x14\x70\x4d\x74\xbb\x15\xe2\xf7" "\x16\xc3\x06\x60\x05\x1a\xfb\xf8\xdb\x91\x75\x90\x4c\x35\x25\x23\x23\xc0" "\xef\xf4\xbb\x9e\xdc\x25\x8c\x7a\xa0\x84\x87\xef\xb1\x70\x58\xe1\xc3\xb5" "\x58\x8a\x43\x59\x13\x4b\x4e\xf8\xb3\xde\xe8\xf2\x46\xf8\x8d\x3c\x27\xd2" "\x19\x65\x5c\x8c\xf0\x35\x9e\x40\x28\x64\x3d\x60\xdd\x38\xb0\xda\xe9\xd9" "\x0b\x73\x23\x52\x4b\x0b\x6f\xe9\xc3\x36\xbf\xa6\x5c\x95\x32\x79\xcf\x43" "\x73\x7b\x7f\x7f\x5a\xd0\xb4\xc0\xe9\x2f\x3c\x00\xea\x8c\xcd\xb6\xca\x30" "\xa4\x14\xb3\xf1\x8e\x20\xb1\x49\xa1\xa4\xac\xeb\x60\x84\x79\x30\x94\xcb" "\xee\x47\xa6\xf8\x43\xed\xbf\xc8\xd1\xc0\xd8\x5a\xce\x67\xd7\x10\x7a\x15" "\x6a\x36\x33\xfd\xde\x1d\x4a\x37\x75\xa2\xa6\x34\x68\xdf\xcc\x9b\x97\x8b" "\x38\x53\x30\x0f\x3c\xa9\xbb\x61\x77\x26\x59\xef\xa5\x5c\x54\x12\x5b\x2c" "\xde\x81\x01\xd0\x74\x34\xa7\xb7\x69\x87\x5b\xb7\x80\xe9\x80\xf8\x7f\x53" "\x44\xfe\x0f\xf3\x79\xe9\x72\xae\x8c\xcf\x2e\x4e\x4e\x2b\x7e\x68\xe4\xde" "\x61\x1e\x3e\xf3\xb3\xa0\x44\x6f\xdf\x21\x28\x34\x27\x40\x34\x40\xea\xc0" "\xd7\xc9\x83\x8b\xee\x4e\xbb\xcc\x7c\x0b\x29\x17\x20\x62\x20\xd7\xf9\xcf" "\x02\xab\xde\x2f\xab\xc7\xbf\x93\x07\x61\x91\x2a\xf0\x84\xa5\x42\xcf\x1c" "\x51\x1d\x5b\x98\xe5\x60\x4c\x8f\x84\x7d\xe0\x9c\x0f\x70\xbe\x27\xe7\xec" "\x7f\xe8\xad\x6c\x76\x02\xa7\x57\x1f\xfc\x6c\xc2\x0e\xb3\x83\x17\x89\x99" "\x38\x7b\x6d\x3d\x22\x33\xa9\xfc\x92\xeb\x4a\xa6\xb2\xe1\x90\x09\x59\x3e" "\xab\x58\x77\x9e\x20\xc8\xb3\x9e\x90\xd8\x80\xd8\xbf\x16\x10\xda\xbc\x3d" "\xcd\x30\xb2\xab\xa1\xf1\xa5\x7d\x27\x97\x88\x7f\x88\x5f\xbb\x53\x05\x67" "\x43\x28\xef\x0c\x44\x99\x93\x30\xed\xb3\x18\xe4\x0f\x60\xb8\x21\x10\x8f" "\x89\xc7\xa7\x91\x74\x45\x6d\x0c\x3e\x71\x32\x2d\x3f\xd9\x66\x68\x48\xdd" "\x07\xf6\x42\x5d\x25\x7a\xf3\x5f\xf9\xe7\x86\xae\x9d\xe9\x02\x36\x2d\x0c" "\x30\x05\xb4\x41\x31\x94\x70\x93\xcd\x15\x76\x6b\xdf\x35\x81\x07\x91\x4f" "\x48\x23\x78\xcc\x0c\xa3\x8a\x8b\x9d\x1b\xef\x7c\xd8\x69\xa4\xac\x95\xf3" "\xb1\x93\x3f\x9b\x5c\xac\x4c\x09\xa1\x13\x60\x0d\xdc\x33\x43\xb6\x28\xda" "\x10\xc7\x65\x74\xda\xfd\x28\x18\x07\x00\x19\x0a\x0f\x94\xcf\x9d\x05\xe9" "\xf2\x34\x7e\x82\x77\x0d\xc6\xa7\xaf\x55\xd4\x14\xc5\x9e\x04\x47\x9b\x12" "\x6d\xb5\x1e\x10\x7c\x91\x49\x6a\xfe\xa4\x27\x97\x4e\x79\x4e\xeb\x6b\x49" "\xdc\x87\xfe\x5a\x0a\x69\x2c\xde\x7d\x91\x06\x1a\x37\x8f\x4d\x1e\x11\x2a" "\xa9\x28\x5d\x06\xa8\xf8\x4a\x23\x4d\xc2\x89\x59\x31\xed\x06\xac\xc6\xb8" "\x58\xfa\x30\x4a\xfd\x00\x3f\x7b\x7e\x49\x50\xf3\x09\xb2\xbc\x9f\xdf\xe3" "\x11\x91\x13\x88\x18\xea\x4e\x9c\xdd\x44\x32\xd2\xa1\x01\x1e\xf2\x5d\xc1" "\x07\x94\xdb\x9f\xae\x8c\x0f\x6d\x3c\x6e\xb4\x72\xd0\x96\x9b\xc5\x76\x16" "\xf4\xb7\x35\xa8\xc1\x27\x3b\xee\x27\xcb\xa1\x4b\x58\x77\x74\x44\xfe\x98" "\x78\x91\xe1\xe3\xac\x77\xfc\xf6\x09\xec\x12\xb1\x68\x71\x6f\x53\xba\xcc" "\x6c\x5f\x87\x3c\xa6\x90\x84\xbb\x3d\xfa\x48\x66\x43\x4c\x92\x9b\x66\x57" "\x9d\xe7\x1d\x2f\x5a\x80\xbd\x02\xb3\xa3\x3a\xe3\xc1\x92\x22\xc0\x3b\x4d" "\x42\x9d\xf6\xf4\x3b\x73\xe7\x8e\x29\xa3\x0d\x9c\x58\xea\xe6\x5e\xb4\xdb" "\xd8\x46\x0f\x32\x52\xb5\xcd\xf7\x2f\x57\x41\x67\x4b\x93\x91\x8b\x5a\x32" "\xcd\x47\x3d\x53\x38\xeb\x86\xbd\x30\xc5\x3a\x35\xdf\x4e\x54\x82\x2b\x86" "\xa4\xe7\xa3\xe2\x88\x3d\xce\xa9\x65\xff\x29\x82\x15\x84\x41\x42\x91\xad" "\xba\x50\x20\x67\xd7\x24\xb7\xe0\xed\x92\x42\x47\xe1\x0c\x67\xf5\xad\x41" "\xf0\x56\x74\xe4\xdb\x77\xff\x21\xee\x9e\x7c\x59\xd1\x06\x18\x4f\x4a\xc2" "\x20\x12\x00\x46\x0e\x5a\x12\x8a\x52\xac\xd6\xfd\xe5\x4b\x19\x47\x82\xc6" "\x07\x84\xd9\x36\xf8\x8b\x55\xf6\x24\xc9\x8b\x31\xa1\xea\x78\x70\xe1\xb9" "\x4c\x0a\x28\x37\x1c\x59\x7e\x25\x41\x73\xbb\x69\x09\x27\xbd\x8d\x3e\xab" "\xed\x9b\xb0\x8d\x9d\x3d\x9f\x39\x4c\x6f\x73\xd6\x14\x35\x7e\x80\x30\xca" "\xb9\x1c\x55\x0f\xf6\x6d\xca\x9e\x11\xb5\xb0\x0b\x8b\x06\x8f\x2c\x2e\x81" "\x25\xc3\xa6\x79\x35\x16\x45\xd0\x98\xfa\x16\x0f\xb7\x21\x33\x06\xe4\xea" "\x46\xa6\xef\x98\x8e\x4e\xa6\xbb\x2a\x7f\x0d\x93\x85\x4a\x2c\xd5\xae\x91" "\x86\x64\xc8\xff\x4a\xd1\xe3\x58\x72\x14\xc4\x97\x39\xf3\xbf\xbb\xea\xb3" "\x64\x19\xf6\x2e\xbf\x9e\x08\x19\x97\xce\xdd\x6f\xe1\x07\x13\x73\x3d\xc3" "\xb1\xe1\xcb\x69\x35\x7f\x74\xc3\xd3\xa2\xe2\x2e\x0a\x50\xc4\x47\xf7\x2b" "\xf8\x48\x0c\xc5\xfa\x28\x17\x62\x16\x85\x18\x40\xe6\xcb\x2f\xf3\x25\x06" "\xd0\xc8\x3e\x0c\xb8\x6f\x80\x78\xc4\xed\x25\x79\xa2\x41\x2b\x22\xab\x79" "\xfd\x1f\xe6\x9e\xcf\x29\x90\x25\x26\xd0\xdf\x93\x0c\x59\x87\xca\xc5\x73" "\xd6\x01\x41\x88\x65\x96\xd2\xb6\x5a\x39\xe8\x7e\xe2\x8b\x6a\x5a\xd9\x73" "\x98\x37\xcc\x8e\x71\x64\x61\xb3\xe0\xa3\xce\x84\x91\x2e\xed\x10\xa2\x75" "\xfc\x96\xcc\xc2\x26\x61\x53\xea\x8d\x55\x41\x7a\x87\xe7\xc4\x4a\xbf\xf3" "\x45\xab\xdf\x0f\x84\xf2\x40\x07\x1f\x24\x94\x29\xb2\x7d\x66\x1f\x6d\xf0" "\x7e\xa7\x61\xfc\x60\xfc\x4b\xe1\xf7\x83\x6c\xdc\x86\x29\x1e\x27\x38\x39" "\x1f\x88\x16\xeb\x40\xd7\x24\xec\xb6\xee\x25\xb8\xb8\x4f\x5d\x12\x8f\x88" "\xea\x5d\xa8\x37\xae\x5b\x29\x2e\xfc\x17\xbc\x23\xe0\x5a\x34\xe8\x0c\x38" "\x24\x79\xa5\x73\x86\x30\xd3\x67\x03\x4b\x7c\x5e\xb3\x6f\x09\xe7\x6b\x31" "\x06\x23\x66\xc5\xef\x40\x8c\x98\x01\x62\x5a\x0a\x63\x1f\x24\x98\xd2\x45" "\xc0\xfd\x2d\x63\xa8\xfb\xd1\xec\xd3\x02\x4a\xcf\xd5\xcb\x2c\x15\x93\x6d" "\x48\xfa\x21\xa0\x87\xaa\xa0\x90\x35\xa4\xdf\x0e\xe4\xd1\x27\x17\xaf\xd4" "\x9b\x79\xb2\xd9\xac\x6c\xb5\x8d\xf6\xe8\x07\xd2\x3a\x5a\xc0\xec\x33\x71" "\xbf\xf3\x22\x01\x34\x1e\x76\x62\x99\x86\xb5\xd0\x52\x85\x9f\x6e\x08\xd6" "\x83\xa9\xc1\x0e\xc3\x87\x72\xfc\xbb\x13\x14\x2a\x45\xc3\x60\xc0\x71\x86" "\xa2\x69\x7c\xb0\xc3\x20\x81\x90\xbb\xb2\xe6\x62\x1d\x21\x30\x03\x4e\xc2" "\x3d\xac\x01\x00\xa4\x4e\x24\xbe\x81\xb9\x15\x0e\x14\xc0\xc5\xf1\xbe\xbd" "\x10\xa6\x6a\xc8\x8f\x0e\xf6\xbd\xf7\xf3\x3e\x3b\xd6\x9b\xcb\xce\x81\x25" "\xfc\x29\x32\x2c\x5c\x06\xf7\x06\xb0\xa8\x6d\xb9\xdb\xe5\x62\x2a\xc9\x4d" "\x88\x8e\x9c\xaa\xab\x08\x91\x9a\x76\x81\x49\xb0\xd2\x4f\x7a\xd3\xe5\x3d" "\x44\x25\xd0\x6b\x3a\xa4\x43\x42\x09\xb3\xd6\xa5\xc4\x5d\x32\xfa\x0d\xfa" "\x9f\x37\x5a\x0d\x26\x93\x44\x11\xdd\x3d\x3c\x00\xb1\x46\xca\xb8\x96\x6b" "\x6c\xa2\x13\x3c\x0a\x7f\x34\x94\xa6\x42\x76\x7e\xde\xc4\xa7\xb9\x90\x2c" "\x73\x62\x2f\x48\x43\x31\xa4\x28\x1a\x4b\xd7\xe4\x05\xc9\x69\xdc\xa6\x25" "\x41\xe9\x56\x48\x97\x22\x2f\xf9\x67\x49\x25\x3f\x0e\x48\xa6\x13\xac\xc2" "\xd5\x72\x7e\x0d\x6c\xa1\x39\xbd\x30\x4f\x6d\x04\xcc\x04\xec\x2b\xdb\x23" "\x82\x5d\x0c\x59\xaf\xd2\xac\x12\xb0\x30\xbc\x63\x25\x05\xd1\x8a\x4b\x5c" "\x2d\xf5\xa5\x33\x74\xc8\xe8\x63\x8e\xe9\x93\xdb\xd3\x4e\x78\x2a\xf2\x4f" "\x3a\xd9\x2d\xe9\x73\x30\x94\xb9\x69\xa3\x38\x48\x18\x3b\x34\x1b\x84\xea" "\x40\xec\x2e\xf5\xbd\x86\xa6\xfc\x7b\x31\xb8\xa6\xc7\x78\x44\x3b\xf1\x20" "\x5e\x7a\x9f\x3a\x37\x59\x1f\xa4\x27\x94\x03\xf9\x76\x98\x43\xe8\x8b\x65" "\x82\xc2\x85\x11\x4f\xe3\x2f\xaf\x9e\xe9\x06\x78\xe4\x0d\x56\x21\x86\xc0" "\x1a\xd5\x20\x27\x2c\x83\x08\x75\xda\x25\xb0\x1d\xf9\x0f\x03\x14\xa7\x84" "\x3d\x02\x9d\xc0\x16\x58\xa6\xff\x48\x23\x28\x5c\x21\x6a\xd8\xc2\x83\x31" "\x54\x59\x73\xaf\x5e\x7b\x3d\xb8\x62\x18\x64\x3c\xf5\x1f\xb2\x13\xd7\xe0" "\x6a\xb8\xf4\x9e\x5e\xb8\xea\x1c\x30\xae\x9c\xe2\x27\x6f\xdc\x91\xec\xa4" "\x5e\x6f\xad\x80\xdb\x28\x92\xb7\xc1\x32\x22\x7f\xb3\x38\x97\x7d\x08\xf1" "\x1a\xe9\x56\xfa\xf7\x54\xb6\x91\x66\xf9\xde\x66\x36\xbb\x2a\xbe\xd4\x2c" "\xac\xd0\x34\x93\x87\xc3\x72\xf5\xaf\x0a\x47\x88\x3c\x55\x8c\x67\xc5\xca" "\xd9\xf2\x06\x38\x6c\xc3\x24\x1d\x4b\x4e\x20\xa0\x82\x44\xc8\x24\x34\xe6" "\xea\xd1\xae\x8c\x60\xa4\xc5\x24\xf1\x97\xd0\xc0\xd8\x57\x62\x75\x3b\x9a" "\x86\x04\x51\x7e\x75\xc9\x7c\x8f\x2c\xe1\xfb\xbd\x69\xe1\xdd\xca\x78\x58" "\xba\x1e\xc3\x30\x41\x22\x92\x28\x38\xf1\x4b\xf9\x1a\x9a\xfe\x3a\x14\x68" "\x6a\x7e\xe7\x3c\x3c\x88\xf4\xd6\x4f\xb9\x52\x3b\xe8\xf9\x46\x45\x9f\xdd" "\x16\x56\xd7\x14\xee\x79\xc4\x93\x52\xd2\x12\x0e\x9f\x00\xa0\xe8\x18\xcb" "\xe6\x91\xb0\x93\x1e\x7e\x48\x1b\x2b\x47\xbb\xd7\x69\x9f\x73\x28\x71\xef" "\x55\x40\xf3\x79\xab\x8d\xe3\x8a\x3e\xef\x9b\xd1\x5a\xc5\x6c\x07\x0f\x8b" "\x3f\xfd\x22\xb4\x5c\xd5\xf7\x7e\x08\xa8\xe4\xe2\xfc\x34\xc6\xbb\x1e\xc6" "\x9b\x19\x80\xf9\x16\xb1\xeb\x5b\x1b\x06\xc0\xb9\xa9\xcb\xc5\x9e\x1a\x9b" "\xe2\x05\xc1\x10\x0c\x59\x11\x7c\x9d\x6e\xbb\xb1\xda\xa2\xe8\xf6\x20\x57" "\x61\xfb\x9f\xeb\x71\x09\xad\x73\x79\xb0\x0e\xee\x6b\xad\x89\x91\x37\x6b" "\xa0\xe2\x61\x56\x62\xec\xbb\xb2\xc3\x5d\x86\x43\x57\x1e\xa8\xe6\x65\xf3" "\x83\x00\xf7\xca\x91\xc3\xb3\xd3\x3a\x19\xbc\x30\x46\x67\xf4\xd2\x66\xd5" "\xc6\x65\xc6\x23\x52\x7d\x44\x5a\x12\xed\xc8\x94\x48\x8c\xad\x0c\xc0\xc6" "\x0c\x08\x0c\xe2\xa6\xdd\xdd\x31\x21\x57\x18\x59\x48\xc0\xd8\xdd\x52\xee" "\xb7\x79\xf7\xc8\x0f\xea\x8c\x11\xea\x90\xdd\x87\x03\x3c\x62\xeb\x94\x6c" "\xf4\x6f\x2e\x2d\x47\xc8\xfd\x53\x8e\x24\x48\xbc\x0e\x6f\x20\x98\x2a\x20" "\xfb\x1c\x80\xd5\x69\x9b\x15\x47\xeb\xfc\x04\xde\x16\x8c\xe3\x71\xe2\x95" "\x5d\x44\x61\xd2\xc8\x0c\x7c\x4b\xd1\x9b\xe9\xfb\x7c\x28\xad\x67\x06\xb3" "\xe7\xd8\x9b\x47\xa5\x44\x18\xba\x7d\xb1\xbe\x2d\xf5\x95\x6b\xac\x5a\x50" "\xbb\xc5\xde\x97\xc2\x6d\xf7\x44\x83\x19\xa6\x76\xa4\xe8\xcd\x0f\xd2\xe8" "\xf1\x5a\x53\xe3\x2a\x86\x54\x7e\xdc\x5c\xb4\x31\x3e\xd6\xab\x88\xaf\xdf" "\x37\xa4\x45\xa8\xa0\x5b\xfd\x74\x11\x2c\x99\x8d\x92\x24\xce\x2a\x2a\x83" "\x41\xc4\xc3\x16\x4b\x38\xa0\xdd\x29\x2f\x97\x0c\x27\x1e\x34\x48\x05\xfc" "\xf8\x3a\x40\x0a\x9a\xc5\x0a\x82\xf2\x54\x65\x28\xd4\x3e\x73\x60\xb3\x38" "\xda\x4f\x06\xff\xe4\xa5\x64\x56\x17\x04\x94\x00\x70\x28\xc4\x8b\xd4\xb5" "\x15\x40\xe1\x7a\x08\x11\x73\x5c\xfb\xbf\xc6\x6b\xe1\xc4\x46\xf4\xdf\xbf" "\x3e\x0b\xf3\xcb\x23\x20\x26\xb3\x2d\x8c\x95\xbe\x4a\x11\x8a\xb9\x16\x53" "\x4e\xa3\x8d\x29\x7e\x2b\x5f\x47\x9d\xf7\x6d\xea\xce\x32\x4c\x3c\x2b\x0c" "\xc5\xaa\xe2\x3c\xb6\xa9\xc5\xcd\x4d\xba\xc3\x0d\xfb\x77\xc9\xf6\x40\xb4" "\x05\xe4\xa6\x79\xab\x19\x48\xc2\x22\x24\x8e\xf3\x81\xf8\x71\x59\x37\x59" "\x40\x4b\xfd\x5b\x68\x0d\x94\x7d\x83\x27\x11\x62\x51\xf5\x8d\x42\x02\xa8" "\x5c\x9d\x16\xaa\x27\xc8\x5e\xa6\xf1\xa1\xae\xb1\xc7\xde\xd1\x1d\xc5\x50" "\x34\x07\xb3\xa9\x92\x82\x72\x4a\x51\x44\x70\x05\x81\xd4\xcd\x2a\xb4\x0e" "\x0b\xcb\xd8\xd9\x70\x6b\x07\x7e\x9c\x7a\x2f\xb9\x4b\x45\x31\x47\x14\xe0" "\x75\xd7\xdf\xe7\xa6\xd9\x55\x2b\x4f\xd5\x0e\xfc\x72\x61\x94\x68\x19\x0e" "\x31\x65\x10\x29\x4b\x9f\xdd\x45\x21\x53\xb9\xf1\xc4\x1f\xb0\x26\x13\xe8" "\x11\xa4\xb6\x86\x5e\x97\xe4\x89\x54\x43\xba\xb0\x0a\xb0\xe3\x6a\x38\xbc" "\xa4\xef\x16\x93\x97\xd6\x25\xeb\x39\x41\xc6\x42\xfb\x7d\x9e\xd8\xb2\x52" "\xc7\x4d\x18\x23\x82\xfb\xe2\x03\x64\x7d\xab\x64\x44\xba\x69\xc7\xb7\x1f" "\xee\x97\xc2\x19\x3e\xa2\xd1\x3f\x6a\xd0\x5d\x27\x8f\xd3\xfd\x93\xdc\x20" "\x61\xcb\x34\x1e\xe8\xc5\x5c\x05\x46\x3a\x17\x1a\x86\x62\x85\x62\xbd\x5d" "\xa6\xca\x1b\x59\x12\xb3\x85\xcc\xeb\xeb\x52\x48\x28\x78\xc3\x0b\x21\x96" "\x13\x27\xd0\xeb\x12\x49\xda\x59\xcd\x48\x3e\xbd\x4e\xcf\xe5\x6d\x1e\xbe" "\x46\xd8\x7f\x3f\x5b\xf0\x2b\x22\x56\x4e\x5f\x84\x26\x63\xf0\x5c\xce\x2b" "\xe2\xfc\x66\xc9\x41\x2c\xbd\x03\x37\xf1\xa8\x88\x18\x11\xf3\x79\xc2\x03" "\x1c\xeb\x2d\x7a\x64\xba\x8b\xaf\x74\x89\x50\xe9\xfd\xd8\xc8\x17\x18\xe0" "\xbf\x47\x02\x6f\x8a\xdf\x3f\x6f\x55\x0c\xb2\xb1\x67\xba\xba\xd3\xc0\x77" "\xfa\xa3\x81\x56\x5e\xcc\x02\xdb\x42\x4a\x27\xa3\x32\x27\x7f\x79\x9c\xdc" "\x15\x41\x1f\xf6\x5b\xb5\x60\x73\xa8\x6a\x69\x31\xe6\x24\x28\x7a\x72\x79" "\x0f\x11\x34\x04\xfb\x28\xa4\xb4\x48\x75\xc4\x79\xf6\x0a\x18\xf3\x37\xfe" "\x03\x2e\x55\x1d\x62\x15\x08\x62\x2c\xc0\xb6\x03\xe9\x16\x35\x26\xf1\x78" "\x33\x8f\x33\xe2\x3f\x9f\x82\xda\xc0\x91\xf0\x5a\xf6\xa1\x89\xa5\xf7\x89" "\xaf\x50\x77\x22\xa0\xd4\xc0\x8d\x6b\x90\x97\x93\x91\x82\x07\xda\x15\x60" "\x45\xaa\x96\x4b\x67\xbe\x9a\x26\xe4\xaf\x13\x37\x66\x9d\xbe\x98\x9e\x93" "\x4e\x0c\x9d\xcb\xf3\x77\x4a\x7d\x79\x7d\xc8\x1a\xaf\x94\xcb\xd4\x7c\x9e" "\xee\xd9\x94\x73\xf8\xce\xab\x7b\xe9\x2b\x30\x70\xbd\x58\xde\x49\x79\xd0" "\x9b\x5e\x3b\xcf\xfa\xb3\x65\x39\xd2\xb9\x15\xf0\xe8\x4a\x82\x68\x83\x5d" "\xd1\x2c\x19\x06\x7c\x35\x14\xe6\x87\x4e\xba\x81\x80\x19\x0c\x55\xce\xca" "\x12\x82\x15\x5d\xdc\x14\x3f\xcb\x19\xef\xae\x2b\x04\x74\xc5\x08\xdd\xf9" "\x6e\x42\x87\xde\xbb\x2d\x34\x23\xf0\x03\xf7\x16\xb0\xe7\x93\x0b\xdd\x16" "\x99\xe8\xb7\x4a\x77\xc3\x38\xae\xcb\x15\x69\x8a\xdc\x9f\x8d\x8b\x02\x47" "\x43\x77\x28\x5c\x3e\x6f\x59\x59\x12\x8c\xac\x80\x18\x78\x5c\x4a\xf7\x70" "\x7d\x86\x44\x47\x5e\x44\x63\x59\x43\xcb\xd1\x83\xfe\x2d\x87\xd8\xa1\x2b" "\x93\xe5\x9e\x38\x65\xae\xea\xdd\xad\xd2\xcc\xdf\xc4\xa9\x7c\xe4\x7f\x91" "\x88\x07\xf7\x93\x39\x45\x67\x4d\x1d\x32\xf6\x4b\x1d\x20\x16\x0c\xb5\x3f" "\xbc\x95\xa4\xf4\xd0\x04\xce\x29\xf3\xda\x80\xf2\x10\xeb\x0b\x9c\xbf\xc8" "\xa8\x64\xc2\x84\xd3\xa3\xe8\xc0\x74\x4f\x05\x74\xa0\xfc\x26\xce\x7a\xf9" "\x10\xff\x07\x4b\xcb\xa7\xdb\xeb\x19\xf2", 4096); *(uint16_t*)0x20001044 = 0x1000; syscall(__NR_write, r[0], 0x20000040ul, 0x1006ul); } int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); loop(); return 0; }