// https://syzkaller.appspot.com/bug?id=906433df4abcde9bf8261b1c105f7a48418b8663 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static __thread int clone_ongoing; static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { if (__atomic_load_n(&clone_ongoing, __ATOMIC_RELAXED) != 0) { exit(sig); } uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) ({ int ok = 1; __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); if (_setjmp(segv_env) == 0) { __VA_ARGS__; } else ok = 0; __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); ok; }) static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) { exit(1); } } closedir(dp); while (rmdir(dir)) { exit(1); } } #define CAST static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; NONFAILING(memcpy((void*)0x20000000, "/dev/rvnd0c\000", 12)); res = -1; NONFAILING(res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t))CAST(openat))(/*fd=*/0xffffffffffffff9c, /*file=*/0x20000000, /*flags=O_EXLOCK*/0x20, /*mode=*/0)); if (res != -1) r[0] = res; NONFAILING(memcpy((void*)0x20000080, "./file0\000", 8)); res = -1; NONFAILING(res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(open))(/*file=*/0x20000080, /*flags=O_NOFOLLOW|O_TRUNC|O_CREAT|O_APPEND|0x6*/0x70e, /*mode=*/0)); if (res != -1) r[1] = res; NONFAILING(((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(mmap))(/*addr=*/0x2000f000, /*len=*/0x2000, /*prot=PROT_EXEC*/4, /*flags=MAP_FIXED*/0x10, /*fd=*/r[1], /*offset=*/0)); NONFAILING(*(uint64_t*)0x20001580 = 0); NONFAILING(*(uint64_t*)0x20001588 = 0); NONFAILING(*(uint64_t*)0x20001590 = 0); NONFAILING(*(uint64_t*)0x20001598 = 0); NONFAILING(*(uint64_t*)0x200015a0 = 0x200004c0); NONFAILING(memcpy((void*)0x200004c0, "\xf7\x13\xc4\xd5\xf3\x38\x65\xc0\x32\xe1\x89\x90\x7f\x73\x27\x03\xf9\x21\xf2\x30\xc3\x67\x71\x3c\x96\x21\xd8\x26\xa4\x35\xc8\xa5\xa6\xb7\x3c\x5e\x38\xfa\x6d\xfa\x18\x81\xb4\xc5\x4c\x0f\xc8\x17\x1a\x85\x7a\x0f\x4c\x94\xec\xd5\xbe\x8a\xe6\x3e\x33\xec\xaa\x5f\x5c\xa3\x3d\x62\x26\x1c\x71\xe4\xa1\x50\x0d\x6e\x09\x97\xd7\x35\x81\x7e\xd2\xce\x00\xfd\xae\x07\x60\x86\x84\x12\x85\x27\x94\xff\x57\xce\xd4\xe6\x99\xa3\xe4\xdf\x1d\x9a\xb3\xe0\xb0\x38\x45\xf5\x49\xd6\xc2\x87\xcb\x0b\x4f\xe8\x26\x26\x1f\xeb\x0b\xf0\xbf\x09\x97\xd0\x7c\x06\x8f\x9f\xa8\x07\xe8\x84\x67\xf8\x5a\x54\x3c\x45\x8d\xdc\x1d\x57\x86\x03\xf4\x00\x78\xf2\x70\x28\x98\xff\x2c\xc9\x3c\x03\x46\x04\x9f\xe1\x0e\x7c\x8e\x06\x98\x1c\x8d\xbd\x8f\x53\x75\xd7\x1a\x32\xe7\x6e\xe5\xf7\x91\x44\xac\x39\x95\xbf\xbf\x7d\xf2\xdd\x74\x91\x2b\x45\xde\x52\x9f\x7c\x0c\x0a\x95\xa2\xb2\x5d\xc0\xdc\xd0\x2d\xb7\x02\xca\xf8\xea\xf1\x4e\xfc\xd3\x41\x09\xd7\xcd\xcd\x19\x1e\xb7\xdd\x38\x3e\x1e\x34\xae\x4a\xd2\x09\x92\x65\xa8\x0e\x1a\xb1\x6a\xaf\xf4\x3e\xd5\xbe\xc4\x2b\x94\x9f\xe2\x73\x31\x2c\x7a\xae\xd0\x9d\xaa\xf9\xbc\x48\x06\xfc\xe6\xea\x07\x69\x1d\x61\x09\x59\x16\x83\x94\xcd\x25\x07\x87\x93\x7b\xe3\xb9\xd9\xeb\x4f\xe5\xac\x4c\x81\x15\x45\x84\xd7\x55\x4a\xda\x65\x29\x43\x83\xe3\xdb\x70\x80\xaa\x66\x4f\x1e\x5b\x44\x26\xd2\xb3\xac\x85\x8b\x0d\xe6\x0f\x3b\x0d\x08\x26\x72\x3e\xda\xf9\x70\xe2\xe8\xf2\xa8\x5b\xdb\x22\xab\xd6\xe3\xf4\x36\x1b\x97\x46\x6d\xe4\xe1\x99\x46\xb3\xe1\x00\x27\x33\xf2\xce\xc3\xa7\x4d\x83\x1a\x08\xfe\x54\x9f\xec\xaf\x40\x9f\xb6\x50\x6a\x39\x78\x6d\x21\x6f\xce\x0f\xb0\x27\x24\xce\xa5\xa3\xe5\x98\x83\x49\x51\x29\xf0\x8c\x50\x93\xfb\x10\x75\x65\x7c\x1a\x6e\xb1\x03\xcc\x99\x53\x19\x16\x5a\x49\x98\x97\xd3\xd4\x42\x6c\x82\x32\x9b\xe4\xf2\x80\xc2\x15\xdc\x52\xce\x6c\xba\x3f\x77\x99\xeb\xf5\xcf\x05\x6e\x92\x3b\x1c\x77\x55\x55\x28\x7f\x96\x36\xae\x5a\xfd\x98\xc1\x52\xab\x54\x82\x8b\xeb\x9d\xef\x5f\x59\x67\x2e\x25\xca\x89\x7c\xbf\x7c\xb2\xe9\x61\x4e\x8f\xae\x93\xbc\x3c\x0f\x3c\xe2\x4f\x96\xa1\xcc\xe3\x68\x6e\xdf\x96\xfd\xcd\x46\x5c\x76\x8f\x70\x63\x69\xc2\x11\x2d\x6e\xf4\x01\xb5\xbc\x12\xd8\x08\x28\x2f\x29\x84\x95\x95\x0d\x40\x11\x70\x5b\xc2\x21\x19\x1d\x2d\x05\xc7\xc1\xaa\x94\xaa\xa3\xbd\x6b\xa2\xbf\x40\x3c\xa4\x88\x75\xf0\x47\x68\xe8\x3e\x03\xaf\x14\x5f\xc8\xaa\x74\xe3\xd9\x4a\xce\x30\x8e\x2b\x9b\x02\x4b\x9e\xd3\x99\x7d\xa2\xe8\xfd\x20\x3e\x35\x10\x1d\xc0\x8f\x06\x52\x45\xdb\x65\xcf\x33\x27\x1d\xd2\x49\xb8\xb4\xf1\xac\xd9\x1e\x7e\x4d\xf5\x89\x48\x70\xdf\x05\x6d\x31\xcf\x5b\x11\x97\x15\xd5\xc0\xac\x17\xb9\x95\xe8\xdb\xbb\x39\xe4\xa4\x67\x98\x6f\x88\xf0\x9b\xce\xf2\xb9\xe2\xae\xa4\x0c\xdc\x4b\xe8\x3b\x0d\xb0\x68\xeb\xed\x3e\xb9\x30\x38\xe6\x29\x36\xa1\x33\x1a\x39\x8f\xbb\x56\x0d\x30\x90\x5d\xdc\x36\xaf\xf0\x9e\x4e\xd7\x8b\x99\x8b\x53\x53\x53\xd9\x08\x5d\xb1\xee\x90\xcb\x17\x69\xa2\xd4\x40\x1a\x89\x93\x21\x69\x04\x05\xe9\xa9\xdb\xa9\x9d\x40\xa1\xd9\x1b\x7e\xcb\x12\x69\xb9\x4e\x43\x73\x61\x6c\x9f\x2b\xeb\x06\x62\x42\xfd\x42\x23\xbf\xe0\x3d\xb6\x44\x42\x94\x83\x6d\x6b\x66\xe9\x07\xd7\x2c\xb2\x0e\xe3\xb8\xd6\x06\x25\xa6\xdb\x6c\xcc\xea\x43\x40\x03\x3d\x5a\x41\x06\xca\x64\xe2\x94\x38\x1c\x99\x43\xd2\xe5\x3e\x85\x0b\xff\x6a\x01\xdf\x9f\xea\xfd\x48\x76\x8d\xd7\x45\xc0\x76\x0d\x26\xba\xc9\x41\xce\xa2\x00\xd0\xed\x4d\xa0\x95\xaa\x48\x73\xe3\x1a\x61\x26\xa0\xb5\x39\x60\x1d\xff\x80\x1c\x0c\xd1\x40\x78\xbb\x3f\x53\xd9\x8c\xff\x83\x56\x68\xa0\x78\x42\xfc\xf8\x01\xac\x69\xcd\x49\xd0\xb1\x96\x71\xdc\x2b\xe2\x4a\xf7\x17\xd2\xa9\xe5\x05\x5b\x96\x4e\xcb\x7e\xda\x7a\x48\x42\x65\x54\x98\x81\x19\x56\x5f\xea\x69\x21\x24\x7b\x34\xe0\x91\xb1\x8d\x41\x0f\xc6\x47\x52\xef\xdf\xbd\x1d\x5c\x53\x27\xfb\x73\x6f\xd4\x2a\xa1\xe6\x30\x25\x7c\xde\xf4\x60\x45\xe6\xa8\x58\xe3\x26\x31\x88\xe7\x4c\xcb\x92\xa1\x5d\xce\xc3\x30\x14\x11\x6d\xdc\xbd\x72\x36\x1c\xb1\x6f\x28\x41\xb5\x2d\x95\xe7\x29\x01\x40\xc4\x29\x57\x4c\x79\x70\x82\x62\x7c\x7f\x89\x6e\xeb\x1f\x76\x42\x92\x88\xd7\x7e\xf8\x6a\xc9\x07\x32\xe8\x4d\x3b\x6f\xec\x1f\x0e\xe7\xfe\x7b\x96\x4c\x81\x41\x8f\x6b\xe8\x04\x8b\xd6\xda\xbe\x12\x82\x12\x94\xc3\xfa\x90\xa9\x47\xda\x80\x8c\x75\xe9\xd0\xca\x07\xd8\x3d\xa5\xf8\xd2\xe8\x80\x57\xb9\xda\xf9\x4c\x62\xfd\xce\x31\x50\xbe\x3d\xaf\x40\x0f\x56\xc5\x73\x9f\x21\x4c\xc1\xc8\xdf\x41\x34\x63\xa4\xd7\xd9\xbb\x6c\xd1\x33\x54\x11\x6d\xfd\x3c\xfb\x16\x40\x53\x71\xf5\x24\x0d\xf4\x1b\x73\xa6\xe7\x0d\x74\x96\x51\x2e\xec\x6d\xdd\xad\xfa\xfd\xd9\x6e\x3d\x6d\x96\x21\xa2\x53\x9e\x9a\xae\xac\xae\x13\xd8\x49\xe0\x7d\x5a\x0a\xd5\xf5\xa6\x6f\x68\xf1\x36\xff\x9d\x45\x88\x59\x6e\x91\x1c\xcc\x36\x0b\xe1\xdf\x04\x66\xdd\xe1\x9f\x5d\xcf\x1f\xfb\xd9\x0f\x89\xf0\x2c\x5b\x0c\x8f\x4a\xd5\x0b\x63\x7f\x71\xc6\x86\xe1\x18\x09\x7f\x14\xc5\xe2\xe6\xd6\xa0\xd1\xed\x31\xc9\x85\xb7\x8e\xbb\xd7\x1d\xc1\xcd\x70\xb2\xef\xa6\xe8\x52\xad\x74\x6f\x16\xbe\x51\x18\xe1\x40\xfe\x19\x7f\x25\xfa\xcb\x23\x52\xc7\x1c\x5d\xe9\x53\x31\x64\x21\x09\x0c\x7a\xe0\xa1\x03\xdb\x45\x7f\xd5\x66\x61\xd5\x1b\xd4\xac\xe3\xdd\xb3\x49\xb0\xa3\x2f\xc4\x7d\x48\xcc\x93\xfa\x92\x54\x49\x1a\x02\xd9\x0b\x2a\x6e\x43\x10\x62\x9d\xd1\x62\x77\xbb\xd8\xe9\x09\x62\xa6\x01\xbc\x8c\x0a\x57\xe2\x35\xbc\x4f\x40\xd3\xd4\xf1\xc9\x90\x0a\xf6\xf9\xac\x48\x36\xf7\x15\xc9\x39\x02\x30\x8e\xbc\x05\x46\xad\x01\xb6\xc9\xdb\xf3\xcf\x5e\x81\x0c\xaa\x0c\x2d\xd2\x54\xbf\xae\xbd\xc1\x1b\xd5\xa7\x51\x15\x4f\x70\x4f\x06\xc1\x8b\x51\xc7\xb1\x89\x1d\xde\x00\xe4\x78\xb2\xd7\xea\x9d\x46\xbe\xca\xbc\x40\xb0\x5c\x83\xdf\x7f\x5c\xfc\x86\x50\xf2\x5d\x97\x66\xc8\x4b\x2b\xdb\x94\xc2\x6f\xda\x49\x13\xe3\x04\xb0\x9a\xf0\x7c\x7a\xd9\x79\x5a\xc3\x40\x89\x19\x7a\xfe\x1b\x89\xe4\xba\xb5\x4b\xdc\xbf\x0b\x51\xfc\x29\x52\x99\xe1\x17\x6e\x97\xf4\x9c\x1c\x37\x37\xea\x80\xc9\x02\xae\x54\x6f\x76\xa3\x90\x96\x09\x00\xc9\x53\x32\xfb\xfe\x0c\x5f\x38\x23\xab\xf8\x29\xba\x39\x6a\xfb\x7a\x30\x20\xc9\xff\x42\x03\xd6\x20\xee\xfa\x03\x0a\xfd\x72\xce\x0e\xb1\xa9\xc1\x50\xc6\x1b\x90\x1e\x2a\x4f\xa6\x76\x1b\x7f\x8b\x9a\xe8\x93\xd6\x70\xf6\xab\x08\x45\xc3\x3a\x24\x70\x02\x63\x45\xea\x7f\x2f\xa0\xe4\x87\xc2\x22\x06\x57\x73\xc6\x99\x2b\xc6\x4c\x3f\x3d\xf9\x27\x17\xbd\x45\xfa\x3e\xe4\x3e\x8b\xc4\x9b\xbb\x72\xb8\xb0\xb0\x9c\x42\xfe\x4d\x7b\xfe\x98\xe5\xf6\x93\xc2\x4e\x41\x6b\x1b\x1e\xcf\xb1\xba\x89\x27\xee\x15\xf1\xa4\xad\xc7\x5e\xac\x0f\x97\x05\x06\xda\xfe\xe7\xb4\x6b\xe2\x64\xe8\x67\x3d\x0b\xef\x30\xc6\x76\xe5\x06\x86\x71\x2a\x0d\x15\x55\x64\x52\xc1\xfe\x8c\x33\x7a\x18\xf2\xca\x02\x41\x45\x99\x99\xce\x11\x1b\x1c\x82\x58\x9d\x41\x31\x77\x70\xd6\x99\x87\x99\x75\x4d\x66\xba\x42\x42\xd3\xa1\xd1\x95\xa4\x7a\x53\x32\x6e\x18\xa2\x79\xed\xa6\xce\x2a\x73\xe9\x0c\x4f\x99\x15\x32\xb3\xd1\x67\x68\xad\x31\x94\x3a\xbe\x8a\x94\x3c\xde\x77\xa8\xaa\xaa\x82\x7e\x38\x59\x8a\x54\xe1\xfc\x83\xdc\x01\x0d\xa4\x9f\x4d\x86\x60\xce\x2a\x72\x9c\x83\x40\xcb\x49\xae\x89\x34\x74\xe6\x97\x0a\x56\x20\x4a\x93\x84\x97\xab\x09\xaf\xe7\xd7\xc7\xc8\x4c\x2d\xf9\xcd\x16\xd0\xa5\xf6\x03\x28\x77\xd8\x92\x9b\xd3\x73\x67\x99\xf0\xb0\x84\x34\xc7\x43\xe3\x87\x58\x7c\xa4\x03\x57\x19\x29\x42\xfd\x1b\x2d\x64\xb3\xa9\x15\x07\x38\x4c\xc2\xa6\xc9\x72\xdb\xd6\xd4\x8d\xa8\xa3\x92\x5a\x20\x4a\x11\xed\x36\x16\xdb\x3c\x2f\x2f\x5d\xcd\x85\x85\xc9\x39\x4d\x7b\x43\xd0\xcb\x53\x03\xdb\x0e\xee\x5d\x16\xe8\x70\xae\xc4\x42\x53\x56\x93\x8f\x79\x7d\x21\x4f\x32\xa4\x35\xce\xac\x0d\x54\x0d\x51\x14\x66\x23\xab\x1a\x37\x4f\xd7\xb5\x54\x4b\x40\xdc\x0e\x02\x97\x1b\x8f\x10\x31\xa1\x11\x80\xba\x9f\xea\x8f\xb0\x62\x39\x4e\xc8\x13\x26\xc4\xdc\xa9\x53\x99\x4f\x37\x15\x59\xd2\x92\x9e\x30\xe5\xbc\x90\xe0\x7c\x95\x1b\xcc\xd6\x2c\xaf\x89\xa9\xfc\x6b\xe3\x7e\x94\x3d\x31\x86\x4a\x93\x1d\x72\x93\x26\x91\xf1\x57\x82\x22\x09\x82\x16\xa8\x93\x9b\x26\xaf\x71\x4c\xdf\xb7\x4e\x9a\x8e\xb7\xdf\xd0\x5b\x01\xa6\x12\x95\x46\x16\xe8\x7d\xad\x5b\x37\x0c\xb3\xa0\xe5\xca\xb8\x66\x90\x9e\x25\x65\x6c\xc5\x57\x26\x8a\x6e\xd9\xc4\x31\x03\x44\x67\x53\xd5\x56\x28\x6b\x65\x60\xb2\xa3\x25\x73\x6e\xdd\x11\x07\x79\x46\x75\x24\x42\x1a\xe9\xd5\x7d\x46\x1a\xd4\x89\x09\xa0\x15\xb0\x22\xf2\xa3\xe0\xf0\x68\xa7\x5f\xe4\x89\xfb\xb4\xc3\x67\x54\x0d\x74\x4c\xcd\x2b\xd9\x7a\xc9\xff\x32\xe3\xcc\xc7\x42\x0d\xc7\x80\xc3\x63\x6b\x25\x6c\x4f\xb4\x0e\x7b\x22\x41\x09\xa4\x54\x84\xfa\x91\x4a\x3c\xde\x84\x28\xfc\x1f\x46\x23\xf1\x29\x4a\xda\x40\x68\x11\xda\x48\x8f\x67\x80\x79\x7e\xaf\x83\x73\xb7\x77\xbd\x00\xeb\x1d\x02\x1e\x12\xc5\x7d\x05\xe3\x73\xb8\xc2\xb4\x22\x65\x44\x39\x3a\xce\xe8\x6b\xc2\xc2\x60\x1d\x52\x84\x70\x8d\xdd\xaf\x4e\xb6\x82\x8a\x2d\xfb\xe0\xfb\x17\x85\x65\x4d\x10\x65\xdc\x05\x0f\x40\xd1\x85\x99\x43\xdd\xa5\x42\x03\x77\xfc\x65\x14\x14\x52\x64\xbd\x04\xc1\x11\xde\x4a\x76\xfa\x98\x5d\x57\x39\xeb\x58\x74\x41\x91\x19\xd8\x19\x19\x51\x2b\x48\x6e\xa0\x8f\x2e\x31\xbf\xff\x59\x4f\x56\xfc\x4e\xa7\x99\x81\x3b\x83\x96\x05\x4a\x81\xb5\x91\xae\xae\x99\x76\x24\x96\x25\xb7\xc1\x1b\x36\x01\xcc\xc3\xcf\x00\x21\x78\x8c\x19\x1c\xb7\x41\xf6\x93\x02\xbf\x89\xcd\xb1\x2c\x18\x45\xd1\x59\x5b\xa1\x66\xab\x05\x5f\x26\x38\xa5\x8b\x5b\x1d\xce\x44\x75\xdf\xc4\xab\xf0\xaf\x04\xda\xae\x19\x5d\x67\xb6\x42\x7f\xe3\x9d\x1e\xc1\xc8\x57\xb1\x32\x8c\x4f\x6a\xed\xe8\xff\xfc\xf3\xad\x64\x49\x37\x24\x57\xb2\x58\xd0\x55\x91\x78\xc4\xb9\x3f\x57\xa3\x33\x84\x1d\xf7\x78\xae\x58\xb3\x23\x89\x86\xc4\xc9\x4b\x1e\x0f\xd5\x24\x62\xb0\xf2\x85\x3a\x7a\x27\xab\xff\x63\x0c\x52\x53\xde\xb9\x6e\x77\xe1\x46\x34\xa5\x72\x90\xa3\xdd\xcf\xfa\xd8\x32\xb2\x07\x30\x5e\x07\x41\x5c\x7d\x51\x1f\x74\xb3\xab\xea\x8f\x0a\x59\xd4\x5f\x84\x9b\x0f\xc2\x49\xb2\xcc\x26\x56\x40\x1a\x30\xc6\x68\x9c\x53\x63\x10\xe5\x86\xf0\x26\x13\xc6\x67\x8c\xa8\xda\xa0\x55\x18\x29\x5d\x60\x01\x88\x89\x9f\xaa\xe0\x85\x97\x21\x53\x12\x1b\xea\x7c\x01\xb4\xf6\x10\x62\x2b\x0c\x3d\xc4\x78\xa9\xe5\xdf\xa5\x67\x99\x12\xaf\x6e\xf5\x33\xe6\xa8\x5d\x9f\xab\x90\x7e\xe8\xed\xbe\xb3\x68\x0a\xbd\x4f\x20\xd8\x55\xc3\xae\xe1\x42\x98\xe3\xab\x73\x86\xa6\xd4\x04\xfc\xe4\xc2\x18\x91\x98\x9c\x65\x10\xc6\xc2\x4f\xc0\x1a\x31\xc3\x81\xb5\x68\x24\x55\x85\xc9\xdf\xea\x93\xdd\xca\xcc\x25\x69\x54\xcc\x9b\xc8\x26\xa1\xef\x6f\x89\x42\x0d\x95\xdb\xec\x25\x31\xcd\x15\x34\xaf\x5b\x92\x1b\x23\x1f\x98\x4f\x55\x8f\x09\xfd\x36\x3f\x16\x41\xf5\x31\x30\x3c\x66\xea\xcd\xea\x12\x7e\xc3\xcd\x32\x15\x36\x68\x81\x26\xde\x22\xcd\xb8\x5a\xfe\x99\xc0\xfa\x8f\x4e\x0d\xd5\x5f\xb3\x08\x61\x44\x19\xa9\x83\xf7\xbe\x34\xd2\xaa\x83\x64\x3d\x06\x7f\x3e\x92\x63\x4b\xf6\xcc\x90\x86\x63\xaa\x7a\x8a\x1b\x57\xe6\xed\x1d\x4c\x1f\x6e\x41\x1e\x5a\xcc\x24\x2e\x92\xba\xfb\x2f\x0a\x22\xb9\xab\x78\x66\xd8\x9b\xee\xe2\xd4\xfa\xd4\x3f\xf7\xaa\x04\xdd\x35\xa8\x6f\x67\x6e\x51\xe4\x17\xce\x20\x2d\xb0\x75\x89\x8c\x49\xe4\xaf\xf3\x1e\x82\x28\xf8\x46\x2c\xff\xbf\x89\x7d\x35\x3b\xff\xa2\x36\x07\x71\x31\xfd\x5e\x9a\xe7\x62\x65\x3b\xe5\x2a\x85\xa8\xe5\xce\xd1\xae\xe1\xfc\x93\x7a\x2c\xc5\xc5\x90\x1c\x76\x89\xe1\xdb\x8f\xb1\x7c\xef\x66\xe6\xcb\xc3\x69\xb7\x24\x75\xec\xfa\x16\x59\x61\x1f\x53\xcd\xf5\xc3\x22\x27\x8c\x9b\xd3\xcd\x80\xaf\x3d\x2a\xda\x33\x3b\xbf\xf1\xe7\x99\x2d\xfe\xb4\xa1\xb5\xff\x13\x6a\x27\x66\xa2\xfe\x78\x6a\x20\x07\x94\xd4\x59\x5d\x0e\x69\xc4\xb9\xe0\x21\xbb\x9a\xde\x32\x4e\x51\xe1\x8b\xdd\x04\xb4\xca\xc6\x34\x25\x7e\xdb\xdb\xc8\xfe\x83\x9f\xae\xb3\x05\x3f\x83\xf9\x5d\xa3\x50\xea\xc0\x4d\xe3\x1f\xf2\x9e\xab\x8c\x57\xa4\xd0\xc0\x52\xc4\x8c\x37\x7a\xbd\x1c\x7c\x7b\x98\xac\xf4\xe7\x64\x58\xcd\xf8\x84\xb7\x28\xab\xe5\x9c\xb9\x7c\x76\x25\xd9\x17\x47\x90\x03\x68\x62\x72\x92\x2f\xf5\x46\xc1\xc9\xc9\x17\x90\x73\x10\x2e\x6a\x9c\x2c\xb7\xe3\x1d\xbe\x69\xc4\x10\x06\x65\x27\x56\x6b\x39\x1f\x32\x94\x07\x7a\xb4\xd5\xb0\xc0\x01\xf7\xea\xe6\xf7\xea\x6b\x2d\xbc\x5a\x8d\xa6\x93\x78\x63\xcb\x49\x53\x2c\x0c\x1f\x2b\xf1\x4f\x7b\x59\x6e\xae\x6c\x28\xa6\xc5\xf5\x17\x9c\xeb\x18\xa5\x5e\xcd\x3d\xaf\xd3\x6a\x74\xbc\x6a\xa1\x37\xcd\x6a\x8e\xaf\xb1\x0f\xb8\xaf\x62\xaa\xa2\x99\x14\xc3\x84\xdc\x17\x08\x5f\x43\xab\x70\x8a\x9c\x16\x4c\xc3\x9d\xcc\x87\x13\xae\x9b\xab\x8b\xcd\x07\xed\x9a\xc8\xa9\x55\x8e\x3a\x9b\x0c\xf9\xc0\xba\x2a\x47\x04\xc7\xe7\xbf\x9e\xc6\x3d\xb0\xa2\x3a\x84\x94\x5e\x60\x76\x8b\x9d\x80\x5a\xbd\xa7\xc3\x04\x92\x67\xdc\x15\x5f\x47\xff\xc3\x8a\x5e\xb6\x29\x3e\x9e\xbe\x4b\xac\xfe\xc3\x51\x8b\x85\x0b\x83\x95\x89\x4f\x6e\x71\x95\xd0\xf6\xa4\x99\x64\x7f\xbe\xd8\xb5\xeb\xf4\x3b\x4c\xf9\xe7\xb0\x6f\x91\xc4\x29\x6b\x5a\xb1\xeb\x42\x52\x17\xbe\xc3\x8e\xa4\xd1\xb3\x67\xfe\xcb\x03\xe5\xc6\xca\x65\x25\x51\x61\x5b\xa0\xb5\x82\x6b\x56\x24\xd3\xe0\xce\xe2\x3e\xca\x58\xc7\x25\xab\xe5\x0e\x35\x1d\xd9\x3d\xf2\x8b\xcf\x30\x96\x47\x42\x4b\x42\x6b\x14\x2b\xcb\x8e\x03\x61\x02\xb9\x38\x53\x57\xa4\xb5\x3d\xc2\x41\x26\x63\x19\xf8\xbe\xd2\x07\x3d\x57\xb8\x19\xa0\x0f\x62\x5d\x95\x82\x7a\x15\x64\xc5\x43\xe0\x9f\xa2\x9b\xd2\x80\xba\xb8\x19\x0c\x20\xd4\xae\xe3\x39\xaf\x73\x4c\xd3\x61\x65\x09\x4d\xbc\x5b\x2c\x00\x51\x02\x83\xbb\xb3\xc7\x15\xac\x9e\x83\x2a\xe9\x46\x6e\x7c\xe3\x64\x4c\x7b\x41\x36\xb6\x6a\x88\xfa\x27\x9b\x78\xe5\x19\xca\x08\xf6\xa5\xcc\xaf\xc9\x10\xda\x32\x1d\x51\x00\x46\x9b\x19\x3f\xdb\x7b\xad\x56\xc1\xc5\x2a\x76\x68\x75\xf6\x83\x95\x7f\xca\xc4\xb1\xf1\x77\xfd\x51\xc5\xf5\xa9\xed\xf0\x11\x8e\xdb\x57\xf8\x79\x50\x73\x08\x83\x76\x30\xcf\x24\x62\x7c\xda\x8a\x5f\x35\x14\x1b\xb5\x95\xbd\x4a\xf9\x0c\x03\x98\xd9\x74\xf9\x2f\x62\x28\xc6\x44\xe0\xaf\xe7\x84\x8d\x1d\x5a\xdf\xc0\xe5\x05\xb2\xd0\x49\x26\xa5\xc6\xf8\x52\x70\x60\xa8\x21\x88\xcb\x65\x89\x9b\x1f\xa3\x18\xb0\x39\xf4\xfe\x0a\xd1\xb1\x17\xf7\x60\x1d\xd4\x13\xce\xed\xea\x8c\x44\x3d\xe1\xfc\x8e\x9a\x3a\x8a\xf5\xcc\x60\xf7\x63\xda\xf3\x16\x5b\xb4\x20\xaa\xd2\xf8\x23\x4c\x4a\xee\xe9\xd3\x9f\xb2\x24\x34\x15\xaa\xc7\x15\x3e\x94\xd7\xd0\xbd\x1e\x82\x78\xd3\x1f\x4f\xf6\x36\xdb\x60\xf0\x0c\xde\x3c\xca\xb7\xbb\xf2\x05\x58\xbb\x7c\x45\x3a\x84\x07\x6a\xe2\x7f\x20\xeb\x5c\x49\x57\xc5\x2d\x66\x07\x2d\x55\xd5\x3f\xa1\x9b\x40\x01\xfc\x1b\x1e\x33\x7f\x75\xa2\x1c\x71\xd9\x19\x58\x66\x0b\xe4\x94\x10\x06\x4f\xd7\x8b\xe3\x65\x03\xeb\x30\x69\xb3\x75\x15\xea\xa9\x0d\xd7\x76\x67\x9b\xba\x5d\x56\x9d\xe6\x80\x91\x03\x5f\x5f\xf5\x1f\x2f\x99\x00\x8c\xc2\xce\x51\x52\xea\x3b\x8a\xac\x46\x64\x9f\xc1\x9a\x34\x14\x3b\xe7\x3e\x85\x85\x6c\x97\xd6\x3a\xfd\x54\x3d\x8d\x42\xb2\xc8\x22\x8f\xb4\xab\xbc\x14\x2c\x4b\xe6\xab\xbe\xee\x9c\x6e\xe3\x08\xad\x7a\xf3\xfc\x57\x47\x8e\x22\xdc\xee\xea\xec\x39\xc6\x9a\x4a\x45\x19\x0f\xe6\x23\xd3\x65\xf8\x67\xed\x93\x20\xc7\x1d\xb5\x8c\x02\x8e\xa5\xd4\x37\xce\x7d\xc5\x33\x47\x2a\xea\xe1\xf3\x6e\x80\xb1\x3e\x9d\x50\x13\x3f\x8e\xa1\xa7\xfe\x9b\x44\x2d\x82\x8b\x1f\xb3\xe3\x24\x6a\x00\x70\xd8\xba\x3c\xba\x73\xeb\x9b\x8b\xbe\x7d\x4a\x9e\x6c\x6e\x44\x49\xec\x01\xe6\x8e\xf5\x76\x50\xea\x3d\xcc\x24\x82\xc2\x90\x1d\x55\xfa\x73\x6b\x56\xd0\xbc\x75\xd7\xd0\xf9\x6d\x68\x29\x02\x93\xa5\xab\x7b\xbe\xba\xd7\xf9\x57\x8e\x96\xd3\x6d\x6c\x0f\x6c\x49\xde\xe6\x4a\xf1\xb4\x36\x49\x96\x7c\xa2\xfd\x44\x1d\x16\x7f\x0a\xe9\x0b\x38\x6e\x68\xae\x83\x05\xb2\x27\xaf\x7d\x17\x8e\xc2\xa7\xe3\xd8\x40\x95\xc6\x6e\x20\xcf\xdf\x59\xe9\x8c\x46\x9b\x4e\x02\x7f\x0f\x36\x32\xa3\xfd\x70\x64\x40\x9c\x97\x1a\xd6\x25\xd0\x17\x17\xfb\xf7\xb6\xd6\x17\xa3\xe1\x61\x2e\x1a\x1d\xd8\x7c\x9e\x7d\x00\x00\x78\x50\xd6\x67\x9d\x4d\xd8\x49\x39\x0f\xef\x20\x63\xd3\xcd\x00\x9f\x50\xf0\x27\x03\x42\x5c\x6d\xb5\xcf\xf4\x00\x4b\xa6\x5a\x1b\x7a\x0f\xe9\x70\xa1\x10\xef\xa7\xbb\x16\xde\xea\xe1\xac\x0d\x17\xaf\x06\x99\x72\xd3\x9a\x3b\xf2\x0d\xf1\xf3\xe8\x70\xe0\xbc\x94\x0a\x64\x12\xa4\x54\x75\x33\xed\x35\xc3\x2b\x32\xda\xef\x19\x79\x31\xa7\x31\xfd\x6d\x53\xe4\x6f\xb6\xd3\x9e\xa8\xe4\xb0\xb3\x7c", 3757)); NONFAILING(*(uint64_t*)0x200015a8 = 0xead); NONFAILING(((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(writev))(/*fd=*/r[1], /*vec=*/0x20001580, /*vlen=*/3)); NONFAILING(*(uint64_t*)0x20000100 = 0x20000080); NONFAILING(memcpy((void*)0x20000080, "./file0\000", 8)); NONFAILING(*(uint64_t*)0x20000108 = 0x4e3a78f2); NONFAILING(*(uint64_t*)0x20000110 = 0x200000c0); NONFAILING(memcpy((void*)0x200000c0, "./file0\000", 8)); NONFAILING(*(uint32_t*)0x20000118 = 8); NONFAILING(((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(ioctl))(/*fd=*/r[0], /*cmd=*/0xc0384600, /*arg=*/0x20000100)); } int main(void) { NONFAILING(((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(mmap))(/*addr=*/0x20000000, /*len=*/0x1000000, /*prot=PROT_WRITE|PROT_READ*/3, /*flags=MAP_ANONYMOUS|MAP_FIXED|MAP_PRIVATE*/0x1012, /*fd=*/-1, /*offset=*/0)); install_segv_handler(); use_temporary_dir(); loop(); return 0; }