// https://syzkaller.appspot.com/bug?id=ee6dcac7bc7393e8fbcec2f24276c35e737fb398 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth + 1); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; res = syscall(__NR_socket, 0x1eul, 2ul, 0); if (res != -1) r[0] = res; *(uint64_t*)0x20000380 = 0x20000080; *(uint16_t*)0x20000080 = 0x1e; *(uint8_t*)0x20000082 = 1; *(uint8_t*)0x20000083 = 0; *(uint32_t*)0x20000084 = 1; *(uint32_t*)0x20000088 = 0; *(uint32_t*)0x2000008c = 1; *(uint32_t*)0x20000388 = 0x10; *(uint64_t*)0x20000390 = 0x20000240; *(uint64_t*)0x20000240 = 0x20000b80; memcpy( (void*)0x20000b80, "\xe9\x3f\x39\x95\xae\x1b\x38\x85\xf0\xf3\x1d\xd9\xc4\x5b\x08\x79\x80\x7b" "\x0b\x3b\x01\xbd\x11\xa5\xd6\xa1\x12\x16\x9d\x78\xf2\x00\xc0\xa8\x5d\xe5" "\xd5\xb3\x7c\x25\x21\x5d\x1c\x56\x13\xe2\x6d\x8e\x9c\x87\x48\xd5\x79\xa6" "\x5f\x4d\x1a\x19\xcf\x6f\x4c\x1e\x18\xe8\x88\xf2\x5d\xb6\x39\x18\xa3\x62" "\x74\x39\x58\x78\xbf\xa3\xcf\xd4\x9f\x80\xf2\xc3\x25\xa8\x54\x55\xc0\x1e" "\x41\xd0\xcc\xaa\xf8\x39\x74\xf4\xca\x43\xf0\xd1\xaf\xe8\xd1\x01\xbb\x24" "\x86\x56\xc6\x2d\x51\x0d\x97\x3e\x83\x5b\x20\x6a\x22\xb6\xcb\x85\x7b\x33" "\x9d\x18\x86\x5d\x03\x25\xfd\xf9\xf1\x51\xc6\xf4\xb0\x45\xf5\x1f\x58\xe2" "\x6f\xaa\x9e\x15\xea\xab\xa1\xc2\x1c\xf7\xb3\xb7\x05\x00\x96\xd9\x0b\x9c" "\x42\x86\xfb\x51\x58\x6f\x35\x5c\x40\xbd\xb3\x28\xc3\x28\xfa\x03\xc5\x20" "\x8f\xe3\xea\x9b\x50\x03\x94\xa4\x12\x55\x3c\x71\xbd\x3a\xd6\x74\x16\x9f" "\x57\x15\x29\x0e\x18\x4a\x92\x97\xf8\xe3\xb1\x20\xab\x16\x70\x57\x8a\x3b" "\x7d\xa6\x3b\xb5\x90\x1f\x33\x77\x9b\x11\xff\x65\x1d\x63\x2d\xa7\x52\x15" "\x4e\xa6\x53\xef\xfd\x6c\x92\x69\x61\x5b\xde\xb1\xc0\x42\xc4\xad\x24\x32" "\xb9\x15\x35\xfb\x9e\xeb\xf9\x20\x19\x46\x21\xe2\x25\x0c\x9b\xed\x25\x33" "\x67\xf7\x6e\x18\x5d\x65\xe3\x17\xe9\x1b\xbb\x6d\x76\x14\x11\x37\x93\xb0" "\x60\xe0\x79\xe7\x85\x2b\x7f\x37\xc1\x4e\x0f\x0a\x8f\x73\xe1\x8c\x4a\x2b" "\x5b\x54\x75\xc0\xbd\xec\xfd\x9e\xe6\x18\xbe\x20\xe8\x4b\x74\x0d\x0a\x15" "\xa1\xd9\x95\x9e\x90\x17\x4d\x8c\x2e\xf5\xf6\x39\x25\x8e\x2f\xbf\x43\x2d" "\x7c\x59\x87\xee\xdc\x15\x13\x22\x0d\xf4\x37\x4c\x6d\xaf\xe0\x6f\x7c\x56" "\x27\x67\x95\x6e\x0f\xa7\x59\x3f\x67\xd2\x7e\x7a\xbc\xe5\xe3\xed\x64\xb0" "\x92\x8f\x3f\x2d\x85\x12\x06\xaf\x0d\x33\x97\xcc\x36\x86\xf0\xf2\xa5\xf8" "\x77\xdb\x29\x5a\x4f\x86\xf6\x7d\x34\x48\xbc\xfa\x60\x60\x07\x01\x3d\x23" "\x17\x96\x35\x3f\x65\xab\x81\x4d\x8c\xc4\xe7\x47\xdc\x2d\x5f\x4a\x1c\xad" "\xe8\x71\x92\x9e\xe0\x2e\xc8\x7a\x7e\xef\xac\x71\xfd\x84\x95\xf3\xa5\x66" "\x51\x66\xd2\x7b\x7f\x1d\x58\x99\x24\xfb\xc5\xc7\xc2\xc9\xa4\x42\xf4\xb0" "\xa6\x65\xe6\xa8\xc6\x5f\x45\x02\xb5\x77\x62\x82\x96\x24\x48\xb8\xc8\x41" "\xff\xc6\x55\xeb\x32\xfb\x00\xd0\xde\x81\x8c\x6f\x73\xdb\x19\x24\x95\x6c" "\xe3\x1b\x9c\x61\x13\x56\xaa\x9c\x62\xb3\x0f\x04\x40\xe5\xb7\xaa\x7c\xb7" "\x12\xe3\xa2\x5b\xfb\x85\x63\x15\xb7\xb7\x51\x38\xce\xbc\x35\xc5\xf6\x3a" "\xb6\x39\x83\xa1\xbf\x28\x5a\x25\x0e\x90\x3d\x3c\xe9\xa0\x58\x40\x38\xea" "\x37\xd3\xfc\x52\xde\x74\xe1\xf9\xbb\x43\x64\x1a\x7a\xb7\x28\x8f\x93\x90" "\xb6\x06\x24\xf6\xfb\xf8\xd7\xf1\x6d\x6a\x02\xc9\xa9\x43\xfa\x10\xfa\xcf" "\x80\xa3\x45\xac\xbf\xfe\xa7\x2b\x2b\xd7\x16\x13\x8d\xe0\x78\x5f\x23\xdd" "\xda\x7c\xb2\x6c\x4d\xa4\xc8\xa0\x70\x1b\x9c\x8d\x6f\x43\x87\x6f\x6d\xf2" "\x14\x53\xf8\x39\x7d\x32\xe7\x01\xa7\x19\xe8\xc4\xb8\x54\x2e\x39\x0b\x05" "\x4b\x80\x07\xa6\x72\xad\xbc\x22\x99\x4e\x85\x87\xd9\xf7\x19\x50\x9f\xbf" "\x61\xf2\x16\x8f\xc3\xb2\x4c\xad\x3d\x30\x96\xd7\xab\x31\x34\xb8\xd9\xc6" "\xa4\x0d\xf8\xb6\x16\x27\x02\x8a\x54\xd5\xa3\x4d\xe2\x28\x17\xa9\xd7\x58" "\x83\x91\xa1\xb3\xb4\x82\x70\x90\x16\x99\x7b\x3a\x13\x32\xc7\xc3\xb2\xe6" "\x01\x3c\xa5\xd5\xc1\xf3\xe5\xa1\xd3\x23\x1e\x9f\x2f\x63\xdf\x48\x26\xa8" "\x67\xf1\xa9\x97\xb6\xac\x9c\x77\xa5\x3a\x21\x0e\x59\xd1\x2c\x34\x3a\x32" "\x64\x69\x04\x1b\xbd\x09\xa3\x38\xfb\x97\xa9\xea\x1e\xcf\xf6\x6e\x2c\x72" "\x93\xca\xc8\x24\xd8\x4f\x89\xd6\x7e\xa4\xa0\x27\xd3\x9e\xe7\x2a\x81\x07" "\xad\x11\x5b\x25\x39\xde\xcc\xb8\xbf\x3a\x8a\xce\x57\xa9\x4d\xf8\xca\x4e" "\x10\x88\xd1\xaf\x1d\x35\xc1\x6a\x3e\xca\x7c\x98\xcc\xbb\xe3\x25\x56\xe8" "\x60\x6b\x62\xd3\xe4\xfb\xb7\xfb\xd7\x0f\xa0\x0d\x58\xb2\xc1\xcd\xa6\x26" "\xfb\x26\xf9\x17\x62\x03\xa8\xbb\x3b\x9b\x9e\x91\x9d\xbb\xde\xde\x3e\x99" "\xfb\xf3\xf0\x99\xea\x67\x8f\xe4\x0a\x42\x19\x50\x0a\x7d\x0a\xfb\xf8\xd5" "\xc5\x07\xf5\xc3\x97\x6d\xda\xc3\xb9\xd9\xd7\x03\xcc\xfc\x6e\xe9\x2a\x0d" "\x9a\xec\x2a\xd6\xa2\x08\x43\x0d\xa6\xc8\x8e\xf2\x44\x44\x19\x2d\x14\xec" "\x26\x08\xa4\x31\x99\xc5\xc6\x5a\xf8\x31\x2f\xa4\x64\x26\x60\x6f\x95\xaa" "\x68\xed\x4c\x90\xe7\x0c\xc8\xe9\x40\x7b\x6d\x80\x5d\x12\x31\x32\x20\x10" "\xcd\xec\xe9\xb2\x02\x2f\x02\x84\xd7\xe3\xf9\xd1\x2c\xca\xb5\x78\x97\x26" "\x51\x31\x98\xeb\x63\x20\x2d\x71\x68\x54\x7d\x7a\x4a\x0e\xca\x53\x60\x4d" "\xd6\xb9\x96\x0e\x70\x3d\xa1\xf8\x79\xd6\x93\x78\x1c\x95\x7b\x58\xbd\x2f" "\xcf\x1d\x25\x9b\x3a\x66\x92\x16\x0d\xa3\x78\xe3\x5e\x38\xa4\x8f\x11\x91" "\xe0\xbb\x80\xf1\x2e\xeb\x62\x9a\x37\x02\x82\x18\x44\x91\x5b\xb1\x6e\xd6" "\x9d\xf5\xec\x12\xb9\x74\x95\xd5\xd4\x1f\xca\x24\x0b\xf1\x8e\xa6\x1a\x67" "\x48\xd9\xa1\xd1\x0c\x21\xed\xfc\xa8\x71\xfa\xb3\xea\x30\x33\x3e\x51\x13" "\x58\x0f\x50\xc6\x00\x34\x31\xb3\x59\x0a\x23\x06\x0c\x7c\x5f\x22\xa6\x15" "\x21\x56\xb8\x3f\xed\xef\x43\x58\xd6\xd1\x1f\x6d\x7b\x84\x28\xf5\x14\xd4" "\x23\x51\xc3\x5d\xda\x08\x1c\xa2\xe9\x5f\x66\xb7\x53\xb1\x75\x3f\x16\xda" "\x63\xa2\xae\xb3\xab\x42\xd2\xb9\x23\xc4\xaa\x01\x7d\xd0\x8a\x8e\x1f\xc9" "\x24\x52\xfb\xd3\x98\x32\x00\x81\x0d\x32\x04\xf1\xc4\x0f\xd7\xc9\x4e\x4c" "\x5d\x0b\x06\x55\x30\x8e\xf1\x1c\xbf\x6c\x9c\x3a\x58\x45\xf9\x69\x3b\x14" "\x25\xeb\xdd\x93\x73\xa7\xfb\x42\x08\xc1\x6a\xf3\x01\xb0\x48\xaa\xd2\x1f" "\x6e\x3d\xd6\x93\xc4\x63\xa3\x75\xed\x40\x48\x64\x58\x47\xfd\x10\x7f\x7e" "\xd6\xe8\xb1\x3d\x08\x85\x40\x71\x72\x8a\xf3\x45\xd6\x0e\x24\x24\x03\x32" "\xab\x7e\x27\xf8\x4b\x81\xb0\x1c\x75\x5c\xab\x73\x59\xc8\xfb\x51\xb4\x3c" "\x01\x1c\x70\x70\x08\x1b\x95\x4a\x34\xba\x48\x18\x95\xf5\x6a\x32\x24\x3e" "\x0b\x09\xdd\x0c\x4d\xbb\x73\xe6\x98\xc7\xce\xe6\x6a\x1d\xf0\x57\xee\xbb" "\xb7\x13\x1c\x35\x91\x23\x3f\x10\x13\x79\x44\x0f\x5a\x05\xaa\xe5\x44\x10" "\x34\xdf\x66\xb3\x8f\x68\x4d\xcd\xa7\x5d\x99\x87\x06\xcb\x61\xb0\xc6\x50" "\x99\x00\x08\x1b\xfd\xbf\x71\x3c\x85\xcc\x45\xcf\x19\x62\xa5\x94\xc7\xea" "\xeb\xee\x8a\xfd\x4a\x71\xd4\x5a\x06\x5e\xe7\x94\x3d\x87\x70\x10\x97\x1d" "\x2c\x49\x4d\x1d\xee\x62\x29\x0c\xbf\x39\xc7\x03\x43\xb3\x38\x43\xa8\x01" "\x45\x9e\xab\xa2\xf6\x63\x85\xad\xa7\x04\xcd\x6a\x67\x14\xc8\xae\xd7\xaf" "\x1e\xe3\x92\x23\xdc\x39\x81\x03\xeb\x20\xb1\xed\x13\xba\x8a\x4e\x7f\xa7" "\xc3\xe1\x34\x63\x1d\x78\x6c\x64\xee\xe3\xa7\x63\x1b\x64\x5d\x26\xe3\xbc" "\xc4\x06\x48\x35\x1b\xa7\x63\x89\x41\xb2\xe9\x66\x92\x98\x61\x52\x5d\x5b" "\x6c\xe3\xd0\x61\x87\x7c\x25\x10\x62\xda\x21\x47\x5a\x66\xe7\xf1\x4a\x32" "\x11\x62\x04\x78\x7f\xef\xe4\xce\xe1\xae\x70\xe5\x16\x0d\x6c\x4d\x0b\x95" "\x7d\x59\x42\x8f\xc2\x89\x41\xd5\x82\xae\x5b\x9d\x97\x8e\x32\x00\xe5\xc6" "\x2d\x47\x40\x51\x47\xb6\xeb\x90\xc5\xc9\x49\x89\x49\xd1\x7c\xfe\xfa\x95" "\x17\x7b\x97\xfa\x4e\xa0\x15\x6c\x41\xf6\xba\xca\x65\xb1\x05\xe2\x85\x52" "\x3f\xed\x27\x4c\x84\x4a\x8d\xab\xce\xa4\x18\xb8\xd7\x9c\xd3\x53\xcf\xf2" "\x86\xf1\x3f\x8f\xf7\x15\x06\xbe\xee\xf4\x89\xaa\xa0\x95\x40\xf2\xf1\x0d" "\x06\x72\x81\x9c\x33\xe4\x2e\xda\x76\x17\x21\x07\xab\x6f\x40\x9c\xda\xd2" "\xed\x67\x48\x13\xd6\x9c\x94\x19\x55\xed\x95\x42\xfc\x14\xed\x3f\xfe\xe0" "\xfb\x5a\x01\xf8\x91\x03\xe0\xa9\xaa\x78\xe9\x17\xf0\xc8\x50\xbd\x78\x9e" "\xfc\xfa\xb8\x63\x4c\xcf\x36\x32\xf3\x85\xbd\x2d\x0f\x64\xf9\x30\xc6\xf2" "\xb8\x3e\xd7\x1a\xbd\x75\xc7\x01\x55\x13\x54\xc1\x6b\x15\x43\x08\xe6\xd5" "\xd0\xc4\xab\xc7\x55\x8d\xd7\xc7\x69\xb4\x41\x3d\x33\x0a\xfd\x63\x80\x8a" "\x83\xb0\x5a\x1d\xeb\x58\x6a\x29\xf4\xcc\x87\x94\xf8\xc9\xba\xd4\xa3\x4b" "\x16\x26\x14\x9b\xd8\x68\xa2\x96\x2c\x8b\x7e\x55\x86\x0d\xb7\x56\xf6\x3b" "\x5b\x79\xfe\x55\x43\x36\x18\xda\x2e\x9b\x50\x79\xb4\x85\xea\x09\x19\x93" "\x33\x1d\xeb\x35\x26\xae\x79\xfc\xc0\x6e\x5d\x00\x77\x95\x38\x11\xe1\x04" "\x80\x0b\x16\x8b\x8c\x46\x81\x87\x99\x18\x9e\xd1\xfb\xb9\xa9\x9e\xe3\x62" "\x8f\xd6\xe3\xec\xb3\xdc\x8c\xa0\xfb\xe5\xf9\x00\xdd\x6f\x75\x26\x65\xf0" "\xa5\xf5\xd8\x1f\x3c\x01\xed\x4f\x51\x5d\x16\x14\x16\x28\x08\x3b\x45\xca" "\x45\x29\xc7\x2c\x2d\x6f\xb1\xdd\x92\x8a\xbb\x4d\x22\xef\xa1\x89\xd9\xdc" "\xd9\x0f\x64\xf9\x7c\x33\xd4\xcd\x23\x2b\xe3\xf1\x27\x35\x29\xc7\x8e\x8c" "\x73\xa1\x2a\x7b\xcf\x2c\x10\x8d\xac\x29\x2c\x2b\x54\x22\x23\x1b\xdf\x49" "\xb8\x70\x1c\x22\x22\x91\x2b\x6c\x91\xff\x4c\x7a\x2b\xa0\x4c\xd9\x20\x3b" "\xfa\x71\xc6\x93\x21\xcf\xde\xfc\x20\xd0\x00\x99\x34\xa1\x2b\x0c\xfd\xe1" "\xe1\xb7\xaf\x10\x74\xfc\x72\xa7\xd5\xe0\x18\x38\x95\xf2\x0c\x76\x18\x88" "\x98\x13\xbf\x5f\x9b\x70\xa1\xc4\x41\x28\xb1\x1b\x64\xee\xc2\x74\x31\x40" "\xc8\x57\x11\x55\x91\xf0\x97\x6e\xef\x7d\x5b\x31\x9f\x2d\x2b\xbe\x07\x48" "\xd5\x54\xe4\x89\x0e\x42\xb1\x29\xdf\xdb\x3a\x8c\xe9\xb3\xde\x46\xe6\xa8" "\x36\xcd\x57\xd5\x5f\xdc\x9f\x1c\x1c\xda\xda\xd5\x8d\xc4\xf4\x31\xaf\xad" "\xb9\x7b\xe9\x02\x7e\xcb\xbf\xab\x4b\xe1\x89\x05\x4a\x6f\x5d\x46\xa9\xc7" "\x42\x9a\x96\x1f\x3d\x9d\x22\x3a\x69\x03\x4b\x3f\x15\x20\xe2\xac\xf8\x55" "\x89\x4e\x69\x6e\xef\xbe\xef\xa8\xaa\xdf\xae\x7c\xd4\x63\xd8\x44\xee\xc4" "\x45\x46\xeb\xd0\x88\xcd\x52\x46\x75\xed\xf2\x58\x40\x66\xe4\xae\xd0\xfd" "\xa3\x8a\x01\x08\xcf\xf9\x67\x96\x67\xd5\x40\x9c\x8f\x28\x76\x1a\xa0\x88" "\x2b\x29\x99\x26\xd7\x38\x12\x44\x7d\x1d\x2a\x9d\x20\x39\xa7\x65\x7f\x64" "\x12\x1b\xb1\x5b\xbe\xc0\x96\x14\xc2\x07\xce\x08\xf2\x10\x39\x67\x87\x70" "\x7e\x7a\x1c\x39\x6a\x74\x05\x18\xfe\x8d\x8b\xa7\xbf\x43\xa6\xeb\x1c\x72" "\xbc\xf5\xb5\xfa\x66\xd6\xec\x88\x43\x31\x4e\x17\x52\x8c\x67\x53\xed\xd0" "\x23\xad\xe7\xc8\x15\xdf\x4c\xf9\x6b\xb2\x4f\xf0\xc3\x87\x8a\x74\x30\x22" "\x21\x04\xa0\xcf\xac\x39\xba\x14\x92\xb3\x9a\xc6\xee\x1e\xab\x17\x8f\x40" "\x5a\x47\x63\x0f\x2b\xe0\x67\x47\xe0\xe2\x60\x1b\xfa\x9f\x83\xac\x01\x98" "\x11\xc6\x59\x1d\x45\xa7\x98\x8d\x04\x85\xae\xed\x5d\x57\x8b\xa0\x25\xbd" "\xc2\xe7\xf1\x7f\xcd\xcd\xa1\xfe\x0b\x01\xe6\x58\x79\x36\x87\xa1\x16\x2a" "\x16\x1c\xdb\x2a\x52\x15\x02\x6e\x41\x98\x4c\xe2\xcc\x92\x13\x64\xde\xb2" "\xa7\x76\xaf\x0e\x8f\x3d\xc4\xea\xe0\x02\xb3\x31\xb7\x59\xc9\xf6\x37\xb2" "\xd4\x80\x8e\xab\x4f\xd8\x5c\x71\xa7\x20\x9d\xe9\x8e\xcf\xf0\x70\x3d\xce" "\x04\x62\x7f\x7e\x1a\xf0\x03\xe8\x87\xaa\x7c\x4e\x2b\xc4\xa2\xe9\xfe\xb0" "\xad\x90\x5a\x71\xd2\x6a\x26\x0f\xda\x09\x9c\x6b\x29\x4d\xd2\x3f\xbc\x27" "\xe5\xe9\xd7\xd1\x26\x52\x82\x84\x7f\x51\xa0\x80\x68\x74\xb9\x7b\x5d\x9d" "\xc9\x1a\x84\xeb\x98\xf6\x27\x4f\xcd\x4a\x55\x5e\x22\xab\xa9\x37\xc4\x33" "\xab\x01\xeb\xab\x33\x50\x2d\xba\x79\x40\xb2\xa5\x69\x5d\xde\xd5\xfc\xec" "\x44\x13\x10\x79\x5f\x16\x39\x48\xe3\x7a\x3f\x63\x7d\x31\x9c\x97\x63\xe3" "\xed\x0a\xc1\x0d\x52\xcc\x0e\x7c\xff\xf4\xc3\x88\xfb\x93\x41\x19\xb8\x95" "\xc3\x9e\xad\xb5\x38\xa2\x16\x38\xce\xee\x82\x45\x8e\x29\xff\x28\x80\x07" "\xa7\x05\xef\x44\x2f\x83\xc1\xd3\x6e\xe4\xdc\x21\x3f\x0e\x67\x18\x9a\x7a" "\x44\x9f\xcd\x07\x71\x8f\x3b\x80\x03\x8b\x63\xc0\x2b\x19\x8b\x17\xc1\xa6" "\x3e\x2d\x04\xa3\xc5\xa5\x98\x70\x47\xe4\x67\x25\xc0\xa8\x5f\x24\xea\xac" "\x70\x03\xb9\xe2\xb8\xf2\x19\x01\x6f\xcc\x0b\x08\xe3\xc8\x10\x29\x46\xfb" "\x9e\x89\xd1\xeb\xfd\xf3\x63\xe8\x08\x0f\xe5\x5a\x21\xe5\xf5\x8c\xf2\xaf" "\xd5\x80\x76\xe8\x9f\x60\x2a\xf3\x2b\x86\x5e\x11\x43\x7b\x88\xc9\xaf\x5a" "\xe6\xcf\x21\xc3\xfd\xea\xdd\xee\x05\x88\x30\xae\x68\x73\x3e\x72\x58\xff" "\xb2\xee\xf7\xe4\x3d\xb9\x0a\x03\xa3\xe1\x2e\x6e\x52\xb3\x1b\x83\x99\x01" "\xc6\x9e\xcd\xc9\x6b\x34\x47\x60\x2e\x1b\x40\x89\xb7\x56\xe7\x12\x4f\x50" "\x0a\x7b\xd3\x30\xcb\x60\xd7\x70\xc1\xdf\xca\x28\x18\xe2\x1b\xff\x94\xf6" "\x18\x80\xd7\x32\x1e\xd0\x2a\xae\x16\x09\xfb\xc6\xa0\xdf\xac\x8b\x19\x98" "\xf5\xb4\xdb\x56\xe0\x99\x27\x08\xb3\x05\xff\x68\x04\xf8\xec\x55\x2e\x67" "\xa2\x4f\x33\xb9\x01\x03\xd2\xa0\x7c\x1e\xf6\xb4\x77\xe3\xee\x7e\x3a\x6c" "\x90\xca\x7a\x55\xdf\x02\xaa\xe1\xf4\x85\x97\x9f\x7c\xee\xb2\x95\xba\x18" "\x52\xcb\xd9\x40\xbc\xd8\x53\x58\xdc\xbe\x9d\x4d\x52\x95\x61\x40\x84\xbe" "\xe8\x17\x1b\x69\x0c\xbd\x4d\x21\x93\xfa\x3b\xf5\x54\x5a\x9c\x5c\x47\xd2" "\x8c\x9f\x93\x42\x2c\x59\xaf\x30\xd2\xe2\x6c\x1f\xfd\x1f\xb5\xe1\x13\xf2" "\xee\xae\x2e\x81\x5f\x53\xbb\x17\x31\xff\xc4\x34\xb4\x8a\xd3\xa7\x71\x74" "\x03\x37\xa5\xdc\xb6\x09\xd3\x7c\x79\xa3\x75\x9f\xef\x2c\x0c\x83\x97\xbc" "\x63\x01\x0f\x31\x3d\x6b\xb2\xeb\x12\x0e\x00\x97\x4f\x40\xa1\x84\xf5\x21" "\x6c\x59\xf6\xb5\x63\xd6\x03\x9a\x00\xae\xa0\x2c\x1f\x70\xd7\x9c\x99\xcd" "\x70\x47\xe8\xeb\x54\xcf\xb1\x5b\x41\x68\x8f\x2a\x45\xf2\x95\x5a\xf3\x0c" "\x40\xfa\xfe\xbe\xef\xde\x3c\xb7\xef\x91\xa5\xba\x0b\x45\x8a\x2e\xde\x6e" "\x98\x9c\x70\x07\x36\x1a\xab\x37\xc7\x5a\xc4\x0d\xcd\xe8\xff\x66\x65\x76" "\x4f\x14\x3a\xea\x7e\x86\x61\x83\xba\xa1\x67\xf9\x92\x9f\xa9\xa7\x8e\x6a" "\xd7\xf0\x68\xbf\xa0\x75\x1c\xad\x9f\x1b\x1e\x54\xd8\x00\x28\x1f\x5e\xc6" "\x7c\x1c\x81\x7c\x5e\x58\xa4\x0c\x5e\xc9\xf2\xb2\xb6\xac\xf8\x5f\x6a\xbf" "\xbf\x54\x76\x7c\x59\xd0\x25\x2a\x50\xa5\xdf\x38\x46\xdc\x9e\x4f\xb4\x14" "\xd0\xbc\xf0\x10\x1b\x1a\xd5\x47\x76\x63\x5c\x52\x22\x61\xba\x01\xd9\x4a" "\x8b\xe1\x68\x1f\x16\x2f\x9e\xde\x83\xfc\x8f\xa1\xf2\x49\x4e\x3d\x40\x94" "\x90\xb1\x78\x62\x57\xce\x0f\x75\x1b\x2c\xf6\x90\xe7\x7f\x09\x65\xd4\xfc" "\x72\x81\x1a\x70\x19\xd2\xa6\xaa\x8a\x4b\xc7\x35\xc5\x59\x2a\xbe\x2d\x07" "\xae\x22\x6f\xed\xa3\xf1\x0a\x5a\xe6\xfc\x31\xea\x95\x88\xd3\x62\x40\x0b" "\x4a\x88\xad\xd1\x25\x28\x22\x44\x32\xd2\xa4\xfa\xab\x1d\xa4\xde\x71\x3b" "\x07\x59\x90\xd2\xe5\xec\x52\x7d\x79\x1a\x03\xac\x89\x44\x37\x1d\x47\x12" "\x13\x30\xa1\x70\xe5\x59\x75\x8f\xf0\x8f\xb1\xc2\x54\xdf\x5a\x23\x13\x9d" "\x42\x31\x3e\xb8\x2b\x4f\x11\x15\x78\x10\x7f\x2c\x15\xff\x2e\xff\xd4\x4e" "\x4c\x0c\x0d\xaf\xc6\x09\xc6\xd2\xa6\x4d\xe1\x36\x8d\x44\x44\xdd\x30\x88" "\x22\x41\x56\xa0\xab\x55\x61\x57\xff\xa1\xc3\xba\x09\x99\x8e\x43\xd0\x9e" "\xc7\x8f\x6a\x7b\x9a\x99\xfc\xc2\x02\xea\x4c\x6a\xfc\x4e\xc8\xb4\x63\xa7" "\x91\x6b\x59\xdd\x79\x98\x6e\x09\xe8\x5b\x1f\xf8\x1a\xd1\x42\xcf\xe5\x66" "\xd8\x69\xca\x20\xfe\xaf\xea\xb1\x0b\xbf\x8f\xf7\xcb\xb8\x50\x83\x75\x64" "\x93\xb1\x1f\xee\x6f\xb7\x05\x11\x26\x0c\x3c\xa0\xf5\xea\xb4\x19\x0c\x69" "\xb0\x8c\x85\x92\x9c\xbb\x39\x34\xfd\xf1\x47\x0a\x5a\x75\xd2\xfa\x93\xd9" "\xd2\x04\xf8\xa2\xeb\x64\xe6\xb6\x0f\x4b\x6a\x9d\x95\x85\x55\xce\x9f\x2f" "\xd7\x68\x9d\x44\xb7\x77\xca\x5c\xc7\xfc\xca\x49\x93\x99\xe0\x1a\x39\x0a" "\x68\xa6\x9c\xee\x9f\x11\x24\x91\xb5\x95\x28\xc4\xb8\x58\x00\x40\xae\x09" "\xc0\xd7\xe9\xa3\xa7\x07\x8d\x20\xe0\xbc\xf0\xa0\x15\x84\xb6\x6f\xc8\x8f" "\x3b\x94\x64\x26\x46\x4a\x1f\x77\xbd\x83\x84\xb7\x91\x8d\x12\xc7\x87\xb0" "\x9c\xbf\x5d\x9a\x53\xcb\xc7\x3a\x46\xef\xd9\xc1\xec\x8f\x4b\x1c\x87\x64" "\x76\xf6\x42\xe6\x12\x0d\x8f\xe2\x79\x2a\x71\x03\x82\xa0\x70\x82\x60\xb9" "\x76\xce\xb5\x74\x31\x03\xed\xe0\xda\xe4\xbd\xea\x85\x82\x63\xbb\xdb\xe4" "\x08\xa7\xca\xc6\xb0\x83\x4f\xb5\x35\xd3\x56\x3e\x09\x44\x37\x9d\x75\x81" "\x49\xe3\x73\x34\x50\x57\x38\xfb\x95\x02\xdc\xf4\xc2\x30\x14\x00\x4e\xf2" "\x1a\xd4\x38\xc8\x3d\x0b\xa7\xb9\x09\xd4\x5f\x9c\xb8\xbd\xb1\xe4\x39\x1d" "\x83\x14\x02\xd3\xd4\xe8\x08\xbf\x8a\x04\x64\xdc\x67\x60\xf2\x18\x8f\x32" "\xad\x21\x1e\xc8\xfa\x70\xda\x09\xf5\x75\xdf\xe9\x2e\x27\x94\x3b\xbf\x87" "\x9d\x21\x9b\x5b\x0c\xe4\xfc\x3d\x9f\x05\x77\x8c\x83\x8c\xb4\x30\xd4\x33" "\xa0\x6e\xec\x6a\x2d\xec\x8b\x2e\x5a\xe2\xdb\x8b\x5b\x1f\xfb\xc2\x35\x72" "\x6f\xb0\x86\x72\x20\x17\xf6\xc3\x65\x0f\xd5\x6d\x12\xe6\xba\x16\x01\xb3" "\x26\x43\x3b\x36\x32\x8f\xf7\x6d\x24\xc3\xbb\x32\xbb\x8a\x9e\x0a\x15\x3a" "\xea\x5e\x34\xb9\x4c\x7c\x27\xe6\xed\xc2\xe0\x6a\xaa\xf9\x81\xa9\x68\x1c" "\x5a\x84\x51\x37\x3a\x46\xf5\xca\x68\x48\x22\xb9\x06\x7b\x82\x7d\xa3\xcc" "\x9f\x67\x6d\xbf\x90\xf4\xc7\x38\x93\x6e\xb5\xfd\x18\x15\x69\x0a\xef\x6a" "\x95\x96\x26\xb7\xeb\x53\x2b\x3a\x4a\xd0\xa0\x1b\xeb\x4b\x42\x07\x00\x65" "\xef\x2d\x0e\x01\x42\x09\x1c\xd8\x66\xb9\xa0\xa6\x32\x1f\x26\xf2\x8d\x14" "\x74\x6a\x14\x5d\xcb\xe7\x5f\xc7\x8b\xc0\x43\x1b\xf0\x07\x72\x32\x54\x88" "\xe3\xfd\x29\x3b\x7a\x6f\xc1", 3661); *(uint64_t*)0x20000248 = 0xe4d; *(uint64_t*)0x20000398 = 1; *(uint64_t*)0x200003a0 = 0; *(uint64_t*)0x200003a8 = 0; *(uint32_t*)0x200003b0 = 0; inject_fault(5); syscall(__NR_sendmsg, r[0], 0x20000380ul, 0ul); } int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); inject_fault(5); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); setup_fault(); loop(); return 0; }