// https://syzkaller.appspot.com/bug?id=622c6d371f22f2e497b5adb01ed3b1e5276a37ba // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include #include #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void exitf(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(kRetryStatus); } extern unsigned long long procid; struct fs_image_segment { void* data; uintptr_t size; uintptr_t offset; }; #define IMAGE_MAX_SEGMENTS 4096 #define IMAGE_MAX_SIZE (129 << 20) #define SYZ_memfd_create 319 static uintptr_t syz_mount_image(uintptr_t fsarg, uintptr_t dir, uintptr_t size, uintptr_t nsegs, uintptr_t segments, uintptr_t flags, uintptr_t optsarg) { char loopname[64], fs[32], opts[256]; int loopfd, err = 0, res = -1; uintptr_t i; struct fs_image_segment* segs = (struct fs_image_segment*)segments; if (nsegs > IMAGE_MAX_SEGMENTS) nsegs = IMAGE_MAX_SEGMENTS; for (i = 0; i < nsegs; i++) { if (segs[i].size > IMAGE_MAX_SIZE) segs[i].size = IMAGE_MAX_SIZE; segs[i].offset %= IMAGE_MAX_SIZE; if (segs[i].offset > IMAGE_MAX_SIZE - segs[i].size) segs[i].offset = IMAGE_MAX_SIZE - segs[i].size; if (size < segs[i].offset + segs[i].offset) size = segs[i].offset + segs[i].offset; } if (size > IMAGE_MAX_SIZE) size = IMAGE_MAX_SIZE; int memfd = syscall(SYZ_memfd_create, "syz_mount_image", 0); if (memfd == -1) { err = errno; goto error; } if (ftruncate(memfd, size)) { err = errno; goto error_close_memfd; } for (i = 0; i < nsegs; i++) { if (pwrite(memfd, segs[i].data, segs[i].size, segs[i].offset) < 0) { } } snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } mkdir((char*)dir, 0777); memset(fs, 0, sizeof(fs)); strncpy(fs, (char*)fsarg, sizeof(fs) - 1); memset(opts, 0, sizeof(opts)); strncpy(opts, (char*)optsarg, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { if (strstr(opts, "errors=panic") || strstr(opts, "errors=remount-ro") == 0) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } if (mount(loopname, (char*)dir, fs, flags, opts)) { err = errno; goto error_clear_loop; } res = 0; error_clear_loop: ioctl(loopfd, LOOP_CLR_FD, 0); error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return res; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static int inject_fault(int nth) { int fd; char buf[16]; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exitf("failed to open /proc/thread-self/fail-nth"); sprintf(buf, "%d", nth + 1); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exitf("failed to write /proc/thread-self/fail-nth"); return fd; } uint64_t r[1] = {0xffffffffffffffff}; unsigned long long procid; void loop() { long res = 0; res = syscall(__NR_socket, 0xa, 0x1000000000002, 0); if (res != -1) r[0] = res; syscall(__NR_ioctl, r[0], 0x8912, 0x20000200); memcpy((void*)0x20000440, "iso9660", 8); memcpy((void*)0x20000480, "./bus", 6); *(uint64_t*)0x20002880 = 0x200015c0; *(uint64_t*)0x20002888 = 0; *(uint64_t*)0x20002890 = 0xa00000000; *(uint64_t*)0x20002898 = 0x20001700; *(uint64_t*)0x200028a0 = 0; *(uint64_t*)0x200028a8 = 0x10000; *(uint64_t*)0x200028b0 = 0x20001880; memcpy( (void*)0x20001880, "\x63\x7e\xd2\x74\xc0\xd0\x72\x19\x52\x2c\xc8\xbe\x25\xd2\xd8\x45\x60\x09" "\x17\xcc\x72\x71\xe4\xc7\x49\xfa\xd4\x4b\xf8\x5b\x33\x58\xd2\x5c\xcf\x1d" "\x21\x3d\x20\x69\xc1\xa0\x5e\x5f\x2f\x98\xc7\xb3\x62\xfc\x08\x19\x47\xc0" "\xb1\x0a\x2f\xad\x1d\x06\x68\x6e\x06\x29\x4e\x01\xc0\xaf\x03\xbb\x2c\xb4" "\xb8\x06\x96\x41\xe2\x53\x44\x61\x99\x84\xd8\xcf\x97\x09\xdb\x4a\x44\x25" "\x51\x8b\x4b\xa7\x45\xd1\x1a\x84\x66\x4a\x31\x56\xd4\x25\x6d\xaa\x86\xba" "\x32\x46\xdd\x18\xbf\x41\x3a\x12\xcc\x3b\xb4\x98\xca\x5b\xe3\x48\xfb\xff" "\x80\x01\x63\x6f\xa9\xae\x2d\x60\xcb\xa7\x6a\x98\xa4\x26\x78\x71\xab\xd6" "\x85\x90\xb4\x01\x06\x24\x80\xc0\xd5\x5c\x8b\xe8\x57\x43\x5e\xcc\x30\x5c" "\x6d\x3a\x3b\x76\xb2\x03\x17\x10\x25\x9c\x4f\x2a\xd0\xfd\x96\x38\x07\x92" "\x5e\xc4\x05\x8b\xcc\x10\x29\x61\xc2\xb2\x22\xcf\xe6\x9c\xb8\x66\x64\xfe" "\x67\x48\xef\x27\x77\x3b\x00\x54\x7f\x0a\x53\xab\xe1\x92\xc4\x0c\x4c\xed" "\x77\xa5\xe9\x6f\xcf\x68\x6d\x4a\x49\x01\xc3\xd6\x3d\xbf\x4d\x96\xee\xda" "\x20\x8a\xf0\x63\xd5\x73\x40\xf4\xb1\xe1\x0d\x61\x4e\x3b\xf8\x5e\x58\x29" "\x57\xdd\x35\xca\x7d\xdb\xff\xdc\x35\xbf\xf1\x7a\x54\xad\x57\x27\xe7\xa7" "\x8e\x31\x2b\xd3\x2a\x9f\xa7\x83\xd5\x15\x06\x25\xf7\x86\xe8\x5b\x52\x15" "\xad\xac\xae\x84\xe5\x3c\xc8\x89\x9a\xc6\x74\xb4\x78\x49\xfb\x34\x25\xbc" "\x4d\x08\x70\x1e\x6b\xd7\xad\x85\xbe\x19\x75\xcd\x1a\x65\x6a\x65\x43\xb5" "\x7c\xba\x25\x85\x0d\xb8\x54\x36\x7d\x88\x85\x65\x09\x5f\xe9\xd0\xea\xa7" "\xa6\xcc\xb5\x50\x44\xbd\x83\xb0\x37\xf8\xa4\x56\x30\xc1\xca\x0d\xd1\x5b" "\x1a\x90\xdb\xc5\xb9\x81\xdd\xf1\xff\x00\x71\x4b\xe6\x15\xe0\x40\x43\x3c" "\x48\xdb\x6b\x0c\x71\x8e\xca\x7c\x30\x6a\x92\x2b\x3d\x8c\xcd\x11\x40\x1b" "\x20\xbe\x47\x1d\x21\x51\x70\x7e\xee\xcb\x99\x8c\x6b\xb0\xb4\xf8\x17\x5c" "\x39\xd8\x9e\x0f\x69\xfa\x7b\xba\xbe\x6c\xb4\x1c\x64\x51\x83\x9e\x4d\xdc" "\xb5\xb9\x18\x78\x8c\x40\x68\x79\x3a\xed\x4a\x95\x44\x88\x5f\x18\xe4\xfa" "\xc7\x4b\x22\x99\x01\x09\x0e\xab\xf8\x8a\x68\x7a\xaa\xf2\x9d\x5f\xcc\x73" "\xf6\xe0\x7b\xd7\x49\xef\x89\x04\xb9\x37\x00\x25\x9c\x35\xe9\x24\xa9\x58" "\xc1\xa6\xd7\x02\x72\x5a\x71\x55\x60\xb3\xfb\x34\x0f\xde\x81\x30\xb8\x4f" "\x3d\x6b\x2d\x35\xd9\x69\xd7\x24\xc1\xda\x6c\x81\xbd\xc0\xb0\x4e\x31\x16" "\xf7\xc8\x2b\xa4\xa0\x41\x4a\x74\x76\x0f\x6c\x90\x17\xec\x1a\x9b\xe0\x64" "\xe0\xec\xf8\xe6\x7a\x4c\x5d\x81\xb1\x56\x9a\xc5\x8b\xbb\xb5\xec\xc5\x86" "\x98\x8c\xb6\x0c\xfb\x96\x6e\x91\x44\x7f\x8d\xe0\x4a\x14\x65\x34\x69\xb4" "\x8f\x25\x51\x1f\xf4\x15\xca\xe0\x37\x0c\x4e\xf0\x78\x9d\xd6\xbc\x09\x52" "\x24\x50\x8a\x1d\x32\xe9\xa6\x88\x31\x42\x1e\xc8\x56\xe8\xe3\xdb\xd4\xa9" "\xa0\x5c\xc1\xf9\xf9\x7d\x0e\x69\x90\x5c\xf5\x98\x01\xbb\x23\xa2\x33\xaf" "\xd4\x1b\x55\xee\xdc\xd3\x21\xed\xd9\xb0\x4e\xcf\x1e\x93\x89\x06\x7e\xa2" "\xe1\xa2\x9b\x77\x73\x33\xc0\xd4\x8b\xd2\x95\x77\x2b\x43\x36\x6d\x39\xea" "\x18\xa9\x89\x27\xe7\x96\x1e\xe2\x00\x73\x39\x1b\x7f\x51\x93\x02\xf2\x96" "\x4c\x5b\xbe\xd3\x5c\x77\xdf\x00\x04\x57\x05\x03\x92\x05\xa8\xaf\xf9\xc8" "\x6f\x68\x61\x1b\x04\x49\xcf\x61\x66\xd5\x24\xc1\xa8\x7c\xdc\x22\xa1\x1f" "\x5a\x1e\x0c\x93\x86\xd6\x32\xcb\x64\xf2\xf3\xf4\x8a\xe8\x7c\x0d\x62\x47" "\x0e\xf9\xd4\xc2\x87\xe5\x6f\xed\x16\x02\x76\x65\x0e\x85\xb5\x50\x37\xf0" "\x48\x29\x19\x97\x03\x63\xeb\xca\x9e\xcf\x21\x90\x10\x68\x6f\x4a\x54\x33" "\x34\xcf\x60\x63\x07\x7d\x5f\xaa\x66\x6d\x5c\xc8\x6c\xcb\x46\xc3\x4c\x7c" "\x5e\x5b\x77\xba\x7a\x4e\x74\x86\xdd\x03\xda\xdb\x0e\xd3\xd8\x07\x14\x92" "\xd7\xe0\xb8\x60\xf6\x4b\x91\x5b\xdf\x21\x8e\xfe\x44\x12\x6b\x74\x2a\x85" "\x54\x32\xd1\xe1\x8d\x79\xe3\x39\x56\xbc\x27\x33\x59\xad\x6b\x3b\x78\x3b" "\xa7\xaa\xa9\x41\x06\x5f\x81\x42\x50\xc2\x3f\x8f\x36\xa5\xcd\xae\x68\x53" "\x97\x09\x2f\x59\x10\x7b\x98\x87\x96\xfe\xb0\x19\xe9\xad\xfa\x81\xbc\x0e" "\x7b\x7c\x2c\x76\x71\xc7\x1e\xf1\x04\xf7\xc5\xe2\x71\xa3\x45\xb0\x3f\x08" "\xde\xfb\x39\x6e\xe2\xca\xa3\x54\x1d\x1c\x21\xff\x6d\x9b\xd7\x8f\xb1\xf4" "\xde\x2c\x28\x9f\xbc\x11\x44\x8e\x98\x2a\x39\xce\x88\x11\x31\x50\xc9\x43" "\x25\x8e\x20\x95\x32\x0f\x8c\xf1\xf5\x07\xb2\xea\x1b\xe0\xe8\x34\xa1\xd7" "\xc0\x75\x46\x84\x53\x62\x2a\x8c\x38\xa9\x0e\xd6\xb2\x20\x93\x6d\xcb\x61" "\x31\xd6\xba\x6f\x69\xd3\x66\xea\x5f\xb0\xa1\xaa\x11\x6c\x9d\x14\x89\x4d" "\xb1\x6b\x9b\x8a\x88\x9e\xbf\xc4\x63\xff\xdd\xa5\x0d\x14\xb3\xd2\x06\x9d" "\x5e\xd2\xc5\xfc\xc5\x6d\x4f\xf3\x96\x23\xe5\x2d\x5e\xaf\x3d\xac\x94\x1e" "\x4b\xb2\xab\x07\x96\xcd\xb3\x67\xb4\x6e\x68\xec\xac\xd7\x49\x28\xe1\xfc" "\x8b\xbd\xad\x6e\xbc\xab\xf8\x4c\x06\xbf\xc3\x4b\x67\x24\x14\x8e\x64\x47" "\xcd\x5b\x27\x57\xe6\xdf\x34\x25\x40\x12\xe5\xaa\x77\xd1\xbb\x89\xaa\x21" "\xf7\x9e\x96\x91\x18\xb8\x85\x93\x81\x7b\x80\x88\x7a\x50\xa5\x1b\x14\xdd" "\xcf\x9c\xda\xb5\xe5\xcc\x16\x9d\x57\x64\x69\x0e\x0c\x65\x9e\x87\xe2\x45" "\xa4\x4f\x5f\x69\x84\x15\xc3\xc4\x1f\x31\x91\x82\xd8\x37\x58\x61\x4a\x6d" "\xef\xb3\xc8\x0e\x19\x9b\xea\x28\x68\xb3\x22\x77\x63\x90\x05\xe2\x94\x75" "\xcd\x19\x8f\x2c\xd2\xc7\x3b\xfd\x83\xd4\xde\xc9\x7d\x5d\x6f\x28\xaf\x41" "\x47\xae\x99\x23\x7a\xc6\x4f\x2d\xde\x08\x89\x87\xd1\xb1\x24\xbe\xbb\xcb" "\xa4\x7c\xd5\x16\x39\x76\x90\x34\xaf\x1b\x4a\xa2\x7d\x5d\x1f\x12\x2f\x64" "\x3a\x70\xcc\x57\xd0\x3f\x5e\x88\xf8\x70\xcc\xca\xb1\x52\x47\xdc\xd9\xe2" "\xb2\xb0\x41\x50\xd2\x3c\x1c\x55\x1e\x4d\x2f\x6c\x59\xe3\xf2\x07\x0f\x70" "\x41\xec\x4e\x0b\x86\x08\x3e\x87\x66\xef\xf1\xde\x52\x82\x4c\xad\xe4\x10" "\x47\x4a\x21\x3d\x3e\x31\x02\xb3\xe2\xf5\x31\x9d\xea\xf6\x4f\x97\x3c\x9b" "\x68\x24\x80\x5f\x45\xff\x18\x44\xbf\xe2\xf5\x88\xb9\x32\x88\x1c\x82\x9a" "\x24\x73\x1f\x50\x0a\xb0\x0b\x28\xd3\x5b\x17\xad\x36\xd8\x54\x0d\xf3\x4d" "\x71\xb0\x5d\xf1\x92\xd1\x30\x64\x28\xd4\x6e\xa7\xde\x1d\x6a\x74\xb7\x9b" "\x65\x97\x13\x31\x4d\x1b\x4b\x70\xc8\xb1\x32\xa2\x59\xf3\xa4\x4b\x94\x42" "\x6f\x1a\x0f\x0d\xa0\x0c\xf6\x26\x3e\x3a\xe3\xb8\x6b\xc9\xb2\x93\xe7\xa8" "\x7e\xff\xa7\x6e\x6b\xfc\x45\xf5\x34\x86\xe7\xac\x97\x9d\xdd\x6d\xc8\xa6" "\x04\x41\xf0\x0b\xbd\xbc\x32\xf1\xe1\x09\x88\x6c\xae\xef\xdd\x4f\xf1\xd2" "\xb0\xbe\xf4\xcd\xb6\xa3\xe9\x28\x6f\xc2\x2f\x7d\x45\xfa\x58\x1b\xf0\xfc" "\x2e\x26\xd0\xad\x3b\x1e\x2b\x16\xd9\xa7\x72\xae\x5a\x33\xfb\x4e\x3f\xfc" "\xa1\x92\x7a\x9d\x6b\xc1\x57\xd4\x74\xbb\x68\x57\x43\x30\x32\x7a\xf3\x2b" "\x1d\x3d\x0e\xf5\x3e\x14\xa5\x6f\x1c\x5d\xe2\x17\x6f\xe2\xac\xac\xb7\x2f" "\x8e\xc7\xeb\xd1\x6f\x7c\x71\xba\xed\x58\x0a\xb4\x7f\x48\x46\xdd\xc9\xb9" "\xa4\xf8\xd3\xb6\xa7\x06\x33\x44\xdf\x62\x05\x5e\x55\x0e\x67\x93\x52\xd4" "\xd2\xb2\xc5\x5e\x09\x70\x0a\xf3\xa4\x15\x16\x18\xe4\xd0\x0a\x7a\x22\x08" "\xbe\x29\x9f\xe0\x74\x5b\x0c\xc7\x43\x33\x04\xab\x39\x57\x2b\x0b\x8c\x81" "\xa6\xc8\x8c\x5e\x2c\x32\x49\x61\xdf\x00\x79\x61\xba\xb5\xfe\x00\xb6\xdc" "\x7f\xad\x27\x5c\x1d\x2e\x26\xbc\xd1\x9e\x95\x9e\xbd\x48\x84\xf1\x48\xbe" "\xe0\x5a\x38\xd1\x61\xfe\x9b\xa4\x3e\xcd\x79\xb2\x22\x20\x13\x7a\xa8\xf2" "\x12\x77\x60\xc8\x97\xf1\xd7\x5b\x2f\xfe\x42\xce\x4f\x91\x75\x1e\xf0\x69" "\xb9\xe3\x35\x05\x3e\xf5\x3b\xff\xbc\x34\xd3\xd2\x59\x2f\x6a\x16\xd1\x48" "\x61\x9a\x0f\x32\x6d\x10\x5a\x18\xd3\x8f\x1d\x15\x82\x73\x69\x45\x0c\x9a" "\x18\xc1\xf2\x0a\x01\xb3\x57\x24\xe0\x46\x80\x46\x50\x55\xc7\xd6\x46\xc4" "\x2f\x26\xf7\xf1\xd0\xd9\x77\x2d\x75\xa4\xb1\x1a\xe4\x27\x1b\xdb\x8b\x70" "\xd4\x75\x8f\xaf\xa1\x51\x35\xb5\x6e\xd0\x32\xed\x85\x42\x4a\x34\xe8\xe1" "\x1a\x55\x9a\xf9\xf6\xe3\xab\x77\x26\xf6\x5b\x56\x01\x0d\xa6\xa3\x99\xb7" "\x90\xb6\xf0\x3d\x6e\x9f\x78\x17\x4b\xfd\xd1\x66\xcb\xd2\xca\x38\xf1\xc6" "\x48\xa1\x57\xf7\x7a\x0e\x48\xd2\x0c\x76\x9c\x81\xcd\xd8\xcd\x0f\x75\x18" "\xa4\x05\xb6\x27\xcc\xb2\x80\x25\x64\xa2\x6c\x8e\xa3\x4c\x0d\xef\x32\xe2" "\x5a\xa1\x02\xb0\xba\x4e\xe5\xda\x22\x2f\xb2\x60\xe1\xbb\x94\xba\xe6\x44" "\xf1\xb2\x3d\x6e\x45\xea\x83\xf1\xb8\x2b\xd9\x72\x98\x3e\x1c\x05\xae\xfb" "\x4a\xea\x0a\x9e\x39\x59\x29\xdd\x85\x91\x3d\xb8\xe2\x2c\x12\xfb\x06\xd1" "\x3c\xd2\x31\x9e\xfa\x56\xc8\x77\x11\x19\xc4\xe0\x0f\xd6\x8b\x0c\x53\x0a" "\xf9\x87\x45\x47\x49\x29\xb0\xb3\x81\xe8\x52\x23\xde\xc0\xfc\x44\x5d\x51" "\xab\xaa\xa6\xf5\x6d\x91\x65\x81\xe7\x26\xf2\x6c\x99\xab\xf3\xcf\xf0\xba" "\x1e\x08\xae\x79\xc5\x2b\x8e\xf8\x27\xc4\x1c\x3f\xce\xf7\x46\x79\x7f\x75" "\xc7\xdc\x71\x34\xf5\x26\xe0\xa4\xe9\xaf\x25\xc7\xdc\x8f\xc6\xdf\x64\xfc" "\x16\x3c\xff\x41\x95\x61\xb1\xe0\xd0\xc1\x99\x98\xe2\xe5\xdd\x64\x86\x15" "\xf1\x91\x34\xf7\xd7\x2a\x94\x2a\xcd\x1c\x79\x09\xe7\x21\x35\xf3\x35\xbc" "\xe8\x82\x97\x12\xb0\x73\x67\x0d\x1b\xe8\x49\x55\x79\xb0\xed\x2d\xb0\xb6" "\x31\x2d\xd7\x4f\xdb\x81\xa6\x8e\x81\x89\xe5\xef\x9c\x5f\x98\xf1\x19\x64" "\x5f\xcb\xa8\x71\xc0\x78\xa9\x1d\x8e\x56\x66\x3d\xd0\x82\x25\xbf\x9f\x80" "\xdb\xda\xee\xb8\x64\x87\x74\xc0\x08\xa0\xee\xfd\x73\xcb\xa8\x9e\x85\x08" "\x2d\xa0\x2f\x7e\xac\x29\xd5\x26\xe5\x7c\x74\xa3\x9f\x0e\x20\x1d\xea\x78" "\xb0\x89\xb6\xce\x5d\x6a\x08\xfe\x7e\x18\x54\x16\x5b\xd0\x9d\xef\xb1\xd3" "\xce\x8b\xb3\x0d\x0f\x20\x85\xb5\xcd\x2f\x9e\x70\x5b\x68\x3a\x83\x0f\x8b" "\x82\x1f\xb6\x38\x43\x14\x53\xb8\xa1\x6f\xba\x4e\x4a\xe2\xb0\xb6\xe3\xb9" "\x02\x39\x15\x1b\x35\x37\xfc\x50\x64\x30\x0b\x63\xee\x96\x92\xd4\x35\x94" "\x7c\x5e\xfe\x9d\x9d\x5c\x60\x2e\xf9\xba\x2e\xa3\xf0\x11\x4d\x7d\xa0\x70" "\x9f\x6a\x19\xee\xde\xab\xa1\xa6\xe8\x90\x8c\x73\xa7\x99\x34\x25\x09\x1f" "\x02\x3a\x1c\xfd\x09\x28\xda\x7f\xe0\x8c\xf8\xdd\xa0\x9b\xec\xf6\x54\x64" "\xa7\xa6\x31\x98\x7b\x06\xd3\xb2\x6f\x64\x95\x31\x6d\x06\x21\x14\x61\x27" "\xde\x00\xa1\x55\x0a\x78\xf3\xb8\x82\xc4\x5a\x79\xb3\xac\x0f\x42\xad\x74" "\x55\x5e\x70\x21\x90\x76\xc6\x27\xbb\x09\x49\xbe\x86\x33\xec\x1d\x27\x73" "\xe8\x70\xbc\xa5\xb6\x6b\xe5\x0a\xa2\xd2\x24\xec\x30\xaa\xef\x89\xe3\x5a" "\x3d\x0b\xce\x05\xbd\xf5\x64\x5d\xf4\x10\xd3\x8e\x23\xfe\xb0\x8f\x69\x99" "\xa4\x70\x89\x3f\x12\x28\xb7\x11\xcd\x71\xf3\xd5\x1a\x95\x63\xc8\x73\xf5" "\x99\x17\xae\x51\x7f\xa0\xd2\x49\xae\x90\x9b\x94\x10\xc2\x72\x03\x7a\x49" "\xf0\xbb\xbe\x9b\x71\x61\x6c\x31\x6b\x20\x5b\xcd\x5d\x8f\xf9\x39\x07\x17" "\x01\x96\xf0\xd7\x80\x11\x24\x5e\x78\xaf\xa1\x18\xcf\xe4\xcc\x4b\x0d\x0c" "\x8f\x2a\xea\x1a\x89\x85\x74\xdb\xf2\x50\xed\xbe\xf5\xe6\x12\xb3\x5f\xb5" "\x91\x58\x5d\x8e\x96\x52\xba\x11\xec\x20\xc7\x16\x88\x5f\x53\x01\x0a\x7d" "\x68\x63\xdf\x67\xdc\x81\xa9\xd8\x84\x0a\x3f\x96\x12\x65\x05\xf0\x47\x4d" "\x22\x1b\x6e\x9f\x8e\xb0\xfe\x7e\x18\xf4\xe8\xe0\xfe\x1f\x55\x2e\x7f\x92" "\x68\x24\x62\x58\x95\xf2\x61\x76\xea\xbd\xac\x97\x8c\xd7\x5e\xb2\x38\x6e" "\x7e\x32\xfc\x88\xcb\x59\xb5\xeb\x54\xec\x7b\xe6\x5d\x34\xb0\xd2\x3a\xe6" "\x4c\x1d\xdc\xb8\xbf\xf6\x78\x8a\xdd\x5e\xbe\xc2\x6f\x8f\xb9\xb3\x4d\x6b" "\x3e\x11\xdb\x5f\xe8\xf3\x79\xe8\x38\xef\xfc\xe0\x16\x05\x24\x5a\xa1\x7c" "\xd4\x13\xf5\x3c\x84\x62\x8d\x29\x22\xb9\xf6\xac\xc4\x67\xc7\x34\xac\xb2" "\x49\xb5\x6b\x10\x34\xd8\xe4\x85\x63\x2c\x84\x21\x47\xeb\xc9\xa1\xdf\xe5" "\xaf\xc3\xff\x27\xba\xf4\xcc\x9a\x85\x2b\x3d\x59\x0d\xea\xcb\x22\x3f\x46" "\xf0\x1b\x7a\x75\x31\x22\xd8\xf5\x0d\x95\x75\x54\x86\xe5\x67\x4e\x8d\x3b" "\xf2\x07\x20\x67\x33\x27\x5a\x67\xc1\x08\x3d\xe4\x4d\x84\x16\xa8\xd4\x23" "\x76\xe1\x57\x0b\xa3\x08\xf0\xeb\x11\x59\x5f\x1b\xd6\x8d\xfb\x35\xde\xd4" "\xbb\xae\xa6\x83\x1f\xd5\xc7\x1d\x70\xbd\x4f\x92\x13\x00\xe4\x77\x56\x8d" "\xc4\xb7\x29\x1e\x80\x51\x57\x59\x07\x99\x9a\x92\xd1\xc9\x98\xe3\x9e\x77" "\x3a\xd4\x75\x9a\xf8\x4b\x8b\x0a\x1d\x62\xb0\x71\x29\xf4\xb7\xb7\xdd\x00" "\x2b\xdf\xa4\x4d\xdf\x53\x0a\x7c\x8f\xca\xf6\x6e\x83\xf0\x20\xc8\x34\x62" "\x5b\x50\x4c\xa1\x33\xc3\xb5\xe9\x81\x9b\x6e\xc9\xc8\xb7\x6b\xb2\x2c\x65" "\x4e\x05\x47\x35\x53\x00\xc8\xf1\x5a\x9b\xfa\xfa\x48\x2e\xb7\x42\x0f\xa2" "\xc6\x8b\x27\x20\xa2\xb7\xd6\x16\x3c\x66\xa2\x37\xa6\x7e\x20\x73\x4f\xe5" "\x09\x37\x36\xb1\x4e\xe7\x1c\xad\x8d\x0b\x5f\x12\xf3\x3b\x21\x6d\x2c\x56" "\x0f\xad\x99\x38\xcc\x09\x03\xd9\x05\xc6\x65\xd9\x5f\x9b\x4a\x2f\xf4\x02" "\x06\x42\x23\xbc\xa4\x82\xb0\x2c\xfc\xc2\x4f\x2b\xd8\xf9\xe6\xe0\x64\xd0" "\x5d\x87\x32\x29\x42\x63\xed\xd5\x74\xd0\x7b\xb7\x91\x2b\xc8\x79\x84\x45" "\xa8\xb2\x98\x1f\x28\x95\x59\x28\xfa\xed\xaf\xe6\x53\x1b\x59\xae\x40\xd5" "\x9a\x32\xff\x73\xe0\xd4\xee\xe5\xce\xe8\x37\xbb\x0a\xca\xb2\xf6\x07\xf7" "\xc5\x53\x62\xae\x10\x69\x26\xb9\x5a\x46\x85\xe8\x7b\x26\x54\x0a\x29\xcc" "\x13\xba\x2d\x18\xb4\x7b\xf8\xd4\xb3\xdf\x74\xf5\xb4\x9c\x27\xa4\x92\xb8" "\x2a\x43\x32\xb0\xbe\x79\x11\x43\xd3\x77\xac\xda\x57\xf4\x02\x9c\x40\xf6" "\xa0\x0e\x9e\x91\x28\x1d\xf3\x9b\xe7\xbb\x22\x7a\x8f\x34\xaa\x7f\x1a\x18" "\x84\x71\xc0\xe9\x65\x11\x2e\x08\x0e\xfe\x0d\x98\xac\xa0\x2c\xe8\x90\x29" "\x18\x4a\x32\x96\xff\xff\x1b\x3d\xe3\x03\xb5\x97\xe2\xf7\x05\x74\xc8\xa0" "\xd9\x58\xc1\xd3\xff\xed\xb9\x02\xa8\x82\x35\x8e\xa8\xfd\xf3\xb2\xd2\xf5" "\x38\xa0\x40\x41\x56\x34\xf3\x49\xe6\xdb\xa4\xba\x50\x8c\x52\xa6\xbd\x4d" "\x95\xc9\xb4\xb3\xac\xee\x37\x2a\x17\x2a\x18\x46\xe3\x0a\x9a\x86\xe5\xfc" "\xf4\xf9\xbe\x8e\x41\x76\x48\x60\x4d\x21\x9e\xd5\x58\x82\x2e\x61\xdb\xaf" "\x1e\x2a\xd4\x27\xa2\x82\x18\xcb\x28\x58\x07\x84\x58\xce\xfd\xc2\xf4\xdf" "\x22\x55\x79\xf0\xff\xcf\x54\x30\x59\x0f\xde\x34\x31\xce\x5e\xd5\x81\xb2" "\x3a\x1a\xbc\xb1\x73\xad\x10\xa0\x98\x9d\xa8\xae\xb7\xc8\xd5\x6d\xe4\x87" "\x70\xfd\xd0\x86\x10\x57\xe2\x97\x24\x12\xdb\x47\x58\xed\xf8\x2f\x7b\x42" "\xa2\xb9\xbd\xd3\x22\xfb\x53\xf7\xd9\x12\x40\x6f\x65\x0b\xce\xff\x07\x36" "\x59\x94\x21\xe8\x0c\x59\x5b\xd4\xd0\xed\xee\x07\xf9\xce\x9e\xe7\x36\x89" "\xe2\x0e\x52\x76\xe6\xb1\x3a\xfb\x67\xc1\x76\x92\xc5\x24\xb9\xb3\xc4\xe1" "\x98\x5f\x52\xb0\x6f\x70\x09\xcb\x64\xdd\x66\x13\xbe\x9d\xf5\xd1\x69\x34" "\xbe\x19\xec\xad\xa4\x13\xe5\xae\x02\x5b\xea\x74\xf6\x14\x82\xaf\x9b\xde" "\xa7\x74\x7f\x45\x79\xfd\xce\xb2\x95\x44\xb1\xe3\x21\x83\x79\x03\xac\xd0" "\xf0\x80\x14\x2a\xa3\x91\xb2\xd6\x8d\x16\x72\xc1\xd8\x71\x45\x88\x7a\x24" "\x4a\x8f\xbd\x49\x16\x11\x65\x12\xee\x9e\x7a\xff\x0f\xfa\x45\xd1\x1c\x74" "\x03\x2a\x4e\x40\x39\xdb\xd3\x27\xfe\x8c\x2d\x85\x52\xdf\x8e\xc5\x26\x4a" "\xf2\x49\x58\xb3\x2c\x64\x24\xd5\xe3\xef\xe2\xf5\x2b\x43\x26\x87\x58\x7a" "\xda\xf0\x79\x84\xc4\xb4\xfd\xc5\x66\x69\x29\x81\x83\xf9\x25\xa4\x23\x61" "\x25\x91\x99\x9f\xc6\x43\xf1\x6a\x3a\x83\x7d\x55\xbe\x55\x8a\xa0\x03\x51" "\xc2\xbc\xd0\x7d\xf1\x73\xea\x48\xfe\x0b\x73\x69\xb2\xa5\xc0\x58\xee\x01" "\x8d\x58\xc9\x76\x80\x5f\xe9\x1a\x2b\x31\x13\xe8\x83\xb2\xe5\xee\x7a\x23" "\x55\x00\x35\xfd\x08\x2f\x99\x03\x92\x03\x05\x51\x68\xeb\xf5\xf2\x25\xc4" "\x38\x7e\x1b\xa7\x7f\x23\xac\x82\x97\x9d\x27\xce\x15\x46\xb2\x88\xc8\x72" "\x81\xb8\x62\x55\x57\x71\x14\xe5\x52\x41\xb4\x35\xbe\x4b\x8e\x2b\xf8\xe0" "\x4b\x23\x5f\x57\xde\xce\x2e\x77\xdd\x02\x75\xeb\x07\x1e\x44\x5d\x43\xe1" "\x48\x1d\x0a\x92\x4d\x01\x97\xc2\x8c\x63\x79\xa4\xb2\x00\x45\xbd\x10\xd5" "\xa5\x58\x19\x8d\x01\x23\x68\xae\xdd\x97\xa5\x09\x53\xb0\xc7\x58\xc3\x92" "\x19\xc1\x97\x01\xbb\x04\x2e\xf5\x24\x22\xbc\xbf\x11\xc4\x9d\x4f\x9c\x2e" "\x7e\xa4\xa4\xa3\x60\x88\x1f\x57\x2e\xd9\x7a\x1f\xcf\x9d\x04\x0b\x21\x03" "\x01\x8c\x68\x1e\x07\x6a\x23\x6d\x05\x68\xaf\x2f\x95\x1a\x0d\xad\x8b\x6e" "\xee\x0f\x0f\xea\xe6\x70\xbb\xc9\x0f\x7e\xa7\x18\xa5\xb1\xf7\x13\xc9\xf4" "\xd6\x54\x53\x00\x47\x65\x4b\xd8\x05\x51\xbd\x73\x18\xfb\x3f\x5d\xda\x26" "\x87\x74\xb8\xbd\xf4\x2f\x1b\xa6\xac\x02\x39\x2f\x0a\x02\xda\x45\xcd\x24" "\x92\xdd\x64\xce\x13\xcf\x2e\x6e\x40\xe5\x1c\x0d\x79\xb6\xf5\xff\x97\xe0" "\xd5\xf7\x9a\xa9\x98\x75\x38\x42\xff\x3c\xee\xbc\x59\x08\x32\x66\x58\x6c" "\x47\x26\x2c\xa5\x82\xe2\xbc\x64\x6a\x84\xa0\x11\x2e\x08\xe1\x41\x40\x27" "\x64\xc3\x84\xa2\x22\xd3\xd2\x61\xb1\xc7\x65\x6e\xb2\x24\x7b\x3d\x13\x97" "\x75\x3e\x8f\x61\xd7\x23\x2c\xd8\xf1\xaa\x44\x8b\x7c\x49\x24\x8e\x36\xb2" "\x58\x1c\xa2\xdb\xc8\x41\x8a\x88\x3f\x72\xbb\xd3\xf4\xee\x50\x7b\xfd\x02" "\xd8\x08\x80\xe3\xc1\x07\x06\x96\x97\x04\xe5\xc2\x8a\xe5\xe8\xd7\xa5\x55" "\xb4\x25\x78\x6d\x2f\xe5\xda\xa5\xef\x8f\xf1\x07\xa6\x1c\x5d\x6f\xd4\x68" "\xb9\x63\xcd\x7f\x6b\x5a\xfd\x66\x2f\x37\xad\xe5\xce\xfe\x9e\x74\x98\xd4" "\xb2\x1e\x66\xe9\xaf\x86\x08\xb4\xd3\xcc\xdc\x5a\xac\x9f\xcd\x64\x3a\x84" "\x00\xd6\x29\xe5\x66\x1a\x35\x25\xad\xd8\x0b\xf2\xbb\x13\x7f\x22\x4e\x73" "\x7b\x2b\xcf\x66\x69\xce\x31\xc5\x07\x19\x3f\x6f\x9c\x6e\x48\x81\xc7\xb1" "\xc0\x70\x1d\xf1\x6b\xf9\x5f\xdc\x85\x3d\x78\xab\x5c\x4e\x8d\x25\xf7\x71" "\x11\x97\xa6\x6c\x99\x04\xe4\x69\xe8\xc5\xdb\xb1\x22\xae\xf4\x2d\x25\xe3" "\xee\x8c\xfc\x14\x8b\x2b\x7e\xcc\xa0\x61\x2e\x27\x27\x83\xbe\xc8\x4c\xf0" "\x56\x33\x37\x81\x7b\xde\xcd\x23\xc9\x74\x40\x5c\x59\x20\x37\xc7\xf6\x2f" "\xda\x6a\x08\xd3\x84\xc8\x2f\xea\x54\xc6\x08\x26\x87\xe1\x05\xb1\xbb\x5e" "\xcb\x7d\x41\x2a\x15\x0e\x9a\xae\x25\xe3\xec\xc2\xfe\x7a\x01\xa7\x8d\xa6" "\xf5\x3d\xec\xcb\x2d\xad\x24\xa6\xcd\xf8\x06\xd4\x29\x8b\xff\x4c\xc4\x42" "\x80\x04\x02\xaf\xc2\x0d\xb6\x95\x79\xb7\x79\xf4\xfc\x06\x48\x4d\xc7\x15" "\x02\x21\xfa\x57\x28\x16\x44\x7a\xe6\x4a\xe1\x2e\x74\x49\x2b\xbe\x64\xd0" "\xda\xe6\x1c\x04\x3a\x94\xcb\x44\xb9\xec\x84\x11\x28\x3a\xc3\xc0\xe2\xf0" "\x06\x3e\x58\x47\x28\x7e\xbe\x98\xd1\xcf\x98\x15\x54\x2a\x86\xc1\xc4\xdc" "\x93\x81\xea\x50", 3964); *(uint64_t*)0x200028b8 = 0xf7c; *(uint64_t*)0x200028c0 = 0x406201df; *(uint8_t*)0x20002940 = 0; write_file("/sys/kernel/debug/failslab/ignore-gfp-wait", "N"); write_file("/sys/kernel/debug/fail_futex/ignore-private", "N"); inject_fault(5); syz_mount_image(0x20000440, 0x20000480, 0, 3, 0x20002880, 0x290000, 0x20002940); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }