// https://syzkaller.appspot.com/bug?id=bda1a87bea05a9072003e6447c44b03ca1492b1c // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static long syz_open_pts(long a0, long a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static int inject_fault(int nth) { int fd; char buf[16]; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); sprintf(buf, "%d", nth + 1); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; memcpy((void*)0x20000100, "/dev/ptmx\000", 10); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000100, 0, 0); if (res != -1) r[0] = res; syscall(__NR_dup, r[0]); *(uint32_t*)0x203b9fdc = 0; *(uint32_t*)0x203b9fe0 = 0; *(uint32_t*)0x203b9fe4 = 0; *(uint32_t*)0x203b9fe8 = 0; *(uint8_t*)0x203b9fec = 0; *(uint8_t*)0x203b9fed = 0; *(uint8_t*)0x203b9fee = 0; *(uint8_t*)0x203b9fef = 0; *(uint32_t*)0x203b9ff0 = 0; *(uint32_t*)0x203b9ff4 = 0; *(uint32_t*)0x203b9ff8 = 0; *(uint32_t*)0x203b9ffc = 0; syscall(__NR_ioctl, r[0], 0x40045431, 0x203b9fdc); syscall(__NR_perf_event_open, 0, 0, 0, -1, 0); res = syz_open_pts(r[0], 0x80000000006); if (res != -1) r[1] = res; res = syscall(__NR_dup3, r[1], r[0], 0); if (res != -1) r[2] = res; syscall(__NR_ioctl, r[1], 0x5402, 0); *(uint32_t*)0x20001640 = 8; memcpy( (void*)0x20001644, "\xe5\x2a\xac\x31\x3b\xac\xcb\x9b\x55\x11\x56\xa2\xd7\xc1\x2b\x77\x11\xc3" "\x2a\x17\xd3\xc4\xc9\xce\xef\x08\xc2\x04\x6f\xe2\x88\xa7\x03\x6e\x51\x30" "\x19\xe5\xe1\x14\xcc\x4a\xe9\x35\xd2\x3a\x99\x90\x95\x28\x24\xf5\xd0\xc1" "\xf5\x2e\x2e\xb9\x4e\x53\x01\xba\x9d\xc9\xa0\x28\x18\x03\x8e\xae\xf4\x6f" "\xc2\xc3\xeb\xbe\x46\xe4\xa6\x02\x4c\x93\x82\x3f\x66\x46\x2b\xa3\xd6\x89" "\x13\xfd\xea\xdd\x10\x87\xb0\x68\x46\xaa\x3d\xdf\x6e\xd3\xdc\x2b\x61\xb4" "\x96\x0f\x48\xc2\xed\xf5\xcd\xf2\x3c\x7e\x8d\x3f\x2e\x6d\xaa\x71\xe6\x6b" "\x29\xbc\x19\xe3\x77\xd7\xdf\x46\x37\xd7\x35\x19\x4a\x52\xda\x50\x3a\x0a" "\xc4\x43\x83\xba\x5b\x3d\xa8\x67\xe0\x9c\xea\xe0\x2a\x9b\xfc\x21\xe7\xf2" "\x88\x14\xc2\xfa\xb7\xda\x41\x34\x4e\x20\x7c\xa7\x06\xdc\x37\x59\x2a\xbd" "\xb6\x85\xe4\xb8\x0e\xb6\xdc\x2b\x1d\xc5\x50\xa1\xd1\x61\x66\xd1\x63\xa4" "\xa2\x20\xa5\x4d\x78\x44\xfa\xcb\xbb\x26\x48\xee\x90\xaa\x05\xc3\xc0\x3e" "\xe4\x47\xd7\x9e\x51\x7d\xf8\xff\xe7\x0c\x21\x5b\xd0\xbf\x69\xe8\x6a\x5f" "\x48\xd5\x71\xb9\x33\x75\x90\xd0\x5e\x99\x47\x72\x7c\x0d\x77\xd1\x8a\x11" "\x7f\x11\x02\x52\x73\x5c\xa6\x70\x0a\x55\xfd\x26\x83\x89\x35\x80\x8c\xce" "\x7b\x7c\x22\x2a\x75\x33\x9e\x44\x23\x0b\xde\xb9\x9b\xc3\x9c\x0c\x1c\xc2" "\x0d\xe7\x4f\xcb\x97\x44\xf4\xc4\xa9\x88\xf3\x87\x4a\x84\x6d\x31\xab\xcf" "\x55\x04\xd7\x8a\x3e\x14\xf3\x5f\x6c\xbd\x12\x3f\xcf\xf2\x28\x90\xcc\x17" "\xc7\x30\xc3\xea\x9f\x74\x61\x6d\xfe\x60\x06\x45\x52\xec\x25\x56\x8a\x62" "\x11\xbd\xc3\x94\x83\xa2\x8b\xed\x0d\xf0\xaf\xc7\xd7\xc6\xd1\x3d\x30\x1e" "\x08\x0c\x88\x46\xea\x51\x2a\x8c\xca\xe7\xa9\x9d\xa8\xdd\x30\x09\xfe\xaf" "\x20\x4d\x22\xe3\x2c\x5e\xcc\x33\x3e\x61\x61\x59\xd5\x53\x28\xd3\x75\xe5" "\x91\x94\xc5\xc9\xa0\xb3\x84\x3a\xfb\x28\x3d\x1d\x26\xf5\x9e\x03\x10\x5e" "\x91\xaa\x55\x23\x86\x46\x84\x32\xa0\x9b\xe7\x32\x20\xe9\x42\x39\x4f\x34" "\xc5\x59\x79\x7b\x74\xbf\xe7\xc5\xc2\xc6\x39\xa4\x0e\x4d\x2e\x81\xe1\x00" "\x4b\x12\x75\x40\xa0\xbd\xd6\xbe\x2f\x95\x69\x8e\x75\xe4\xf1\x20\x3a\x47" "\xd6\x1f\x50\x6a\xc9\x36\x4b\xe9\xd9\x8a\xe4\x65\x36\xf7\x4a\xfe\x08\xc4" "\x50\xec\xb9\x02\xe0\x0f\x18\x8c\x9f\x32\xae\xd0\x67\x74\x55\xe1\x0b\xbe" "\x82\xc7\x63\xa4\x64\xf1\x0f\x64\xc4\x03\xc3\x53\x76\xb7\xa6\x75\x54\x68" "\x35\x20\x9f\x0e\x28\x09\xe9\xc2\xbd\x19\x1f\x78\x4d\xda\x4b\x72\x7b\xfa" "\xc5\x12\x49\x7a\x07\x47\x4e\x6d\x3e\x13\x23\x36\x01\xdf\x81\xab\xcd\xb6" "\xfb\xfb\x15\x24\x83\xec\x61\xba\xae\xe4\x5a\x5d\x73\x3c\x62\x10\x7f\x63" "\xc5\x5a\x04\x64\x01\xa5\xdd\xef\x70\xce\xf8\xd5\x2c\xb4\x78\x4e\x3e\xfc" "\x34\xde\x55\x4c\x8f\xf4\x8f\x7a\xe3\xd6\xdc\x1e\xd4\xeb\x70\xfe\x1e\x61" "\x03\x55\xfd\x66\xce\x1a\xf8\xff\x63\xb6\x64\x1f\xb3\xda\xdf\xab\x8a\x9b" "\x0b\x1f\x26\xca\x11\xf7\x28\x72\x58\xad\x47\x66\xe0\x83\x40\xf8\xf2\xfd" "\x53\xe7\xe5\xf2\x87\xbb\x73\xc1\x86\xf0\x29\x0f\x22\x56\x87\x04\x0c\x76" "\x27\x76\xa0\x2e\x5e\x65\xf1\xb9\xb7\x13\xe8\xef\x98\xff\xe1\x11\xb3\xe4" "\xe7\xb7\x61\xdd\x3e\xd7\x63\xed\x8d\xaf\xd6\x76\x25\xfb\x30\x0a\xc7\x52" "\xc0\xff\x9c\x0c\x04\xb7\x5b\xe2\x92\xc3\xf0\x24\x7b\xd0\xb3\x56\x0f\x1c" "\x76\xaf\xf3\x87\x91\x03\x7f\xcf\x2b\x81\x2f\x16\x01\x93\x4a\x8f\xc7\x69" "\xf7\x19\x8e\x0d\xf6\x85\x84\x14\x89\x26\x3a\x14\x95\xa8\xa8\xba\xb1\xa6" "\x3c\xb1\x2b\x30\x89\xa3\xe3\x0a\xab\x15\xae\x87\x24\x37\xe5\x2a\x6f\x0d" "\xbc\x4d\xf2\xd0\xe8\xdf\x4c\x6b\xcd\x47\xbe\xef\xc1\x79\xd8\x5b\x70\xb4" "\x2b\x31\x94\x53\xe6\xef\xaf\xf9\x6a\x50\x94\x20\xbe\xc2\x99\xf2\x27\xc4" "\xb6\x76\xc5\x80\x38\x91\x68\x97\xf1\x54\x30\xff\x52\x08\x7d\xd9\x7d\xd3" "\x29\xc6\xb6\xe2\x07\x37\x80\x53\xac\xca\xa3\x18\x43\xa3\x33\xe4\xf6\x95" "\x86\x10\x34\x24\xf4\x4b\xd6\x7e\xb3\x55\xc1\xfb\xe0\x78\xe6\x2f\x07\xeb" "\xaa\xe4\x6c\x3e\x33\x53\x72\x12\x7d\xc5\xfa\x70\xa4\x57\x9a\xf7\x15\xe5" "\x31\xbd\xa5\x27\x61\xdc\x20\x6a\xde\xd4\x67\x80\x79\x72\x06\x03\xa5\x77" "\xef\x7e\x5f\xb5\xa8\x1a\x52\x5b\x7c\x96\xa4\x04\x7d\x9d\x6b\xb8\x0d\x7e" "\x0c\xe5\x5c\xc0\xa4\xf7\x32\x56\xae\x9c\x51\x53\x07\xf1\x3f\xe5\x41\x26" "\x78\x6d\xe4\x25\xd7\xa6\x74\xb0\x51\x16\x10\x41\x76\xfa\xac\x5b\x93\x65" "\xb3\x3f\xd2\xf5\xa7\x10\xa5\x15\x9d\x34\x2a\xbe\xce\xde\x83\xad\x42\x1b" "\xbb\x71\x2c\xd5\xb0\x06\x67\x1a\x95\x8c\xec\x90\x73\x11\x71\x9e\xb3\xe0" "\xb5\xdc\x4f\xb5\x10\x54\xe0\x66\x56\xa7\xa2\xa0\x66\xc0\xaa\xc6\x5c\xeb" "\x43\x4c\xa3\xf2\x42\xcb\x2b\x1d\x7a\x22\x17\x9a\x85\xcb\xbe\xea\xcc\x2f" "\x01\x35\xd8\xdd\x4d\x13\x63\xa9\x8d\x25\x43\xfa\x49\x73\xe1\x9e\xb3\x59" "\xe9\x56\xd2\x7f\x14\x2c\x75\xf6\x2c\x7a\xec\xaf\x47\x09\x02\x36\xb9\x79" "\x18\x47\x72\x5b\xc6\xfd\xe1\x5c\xd4\xa1\x19\xa4\x97\x6a\x3f\x0f\x2d\x62" "\x29\x73\xad\x90\x00\xaa\xe5\x6f\x88\xb3\x96\xfa\x18\x81\xec\x0b\x0a\x5d" "\xe9\x95\x5f\xc8\xf8\x64\xb3\x6e\xac\xd6\x35\xb8\x88\x26\xe0\xa6\x48\x97" "\xd6\x05\xfa\x4a\x14\xf7\x78\x6b\x03\x7c\xf3\x08\xbe\xf6\x1c\x7f\x86\x0e" "\x38\xf1\xae\x67\xfe\x8c\xb7\x80\x2d\xbe\x85\xf9\xc0\xc0\x82\xee\xd1\xa1" "\x3e\x64\x53\x70\xd0\xc9\x5d\x63\xbb\xa2\x15\xac\x8a\x63\x7b\x8f\x96\x8a" "\xef\x06\x32\x9d\x62\xba\x13\x1b\x56\xb4\x6b\xfc\xfa\x6a\x5e\x82\x01\x6d" "\x5e\xeb\x6e\x7d\xb4\x55\x95\xd1\xac\xaa\xa5\xec\x98\x86\x31\x5d\x3d\xce" "\xd9\xd0\xa1\x5c\x44\xc0\x43\xac\x91\xe4\xae\x70\x77\x13\x97\x74\x60\x7b" "\x76\xcb\xc0\x17\xf6\x36\x14\x5b\xeb\x84\xc1\x82\x9a\x60\x30\xf4\xa8\x95" "\xa5\x6b\x8d\x14\x1f\x74\x3c\x91\x89\xa7\x13\x87\x89\x3f\x78\x58\x04\xf8" "\x59\x27\xa2\x3c\xcd\x79\xc4\x32\xab\x68\x6b\x62\x1e\xc9\x17\x06\xef\x08" "\x2b\x4e\xa4\xfa\x60\x8c\xe2\xda\xca\x0d\x2e\x2e\x07\xff\x51\xe6\xa8\xfd" "\xc2\x2f\x1c\x8e\xe5\xae\x53\x72\x0f\x93\xb4\x54\x77\x04\xfa\xe5\x80\xe5" "\x56\x0e\x3c\x7b\x1a\xc2\xa3\x8f\xfc\x29\x4d\x3c\x96\x63\x5e\x3b\x91\x93" "\x39\x39\x48\x43\xc8\xa1\x71\xc7\xd1\x2c\xeb\x9c\x0a\x11\xbe\x25\x78\x36" "\x94\xb1\x77\xb3\x99\xe7\xa4\x95\x53\x8e\x29\x3a\x59\xd3\xab\x44\xb1\x76" "\xaf\xed\x68\x94\xaa\x0e\x50\x1d\x9b\x98\x98\x1b\xe3\xf2\x05\x7b\xf6\xc9" "\x86\x94\x03\xa3\x4c\xb8\x3a\xd5\x71\x50\xc6\x74\x30\x1f\x39\x52\x4a\x02" "\x6f\x36\x08\xa3\x41\x42\x87\xbc\x4e\x50\x73\x55\x82\x3c\x6f\x86\x40\xbb" "\x80\x3a\x39\x2f\xb8\x84\x70\x23\xd1\xdb\x3c\x39\x75\x3e\x72\x41\x46\x82" "\xc6\x17\xde\x9b\xd0\xd5\xb6\xa5\x5d\x46\x00\x4d\x49\xf2\x0d\x2f\x8f\x53" "\xcd\xd8\xeb\x11\x40\x2f\x78\x95\xcd\x7c\x01\xb4\x96\x4f\xd0\x05\xc5\x64" "\xb0\xb0\xe1\x56\x96\x9c\xcd\xe8\x18\xdd\xa3\xa7\xca\xe0\x2d\x1d\x3a\xf9" "\x50\x81\xe6\x54\x9f\x28\x97\x6f\xa8\x1b\x5e\x90\xfb\xb0\xa6\x2f\xea\x85" "\x0f\xfa\xf0\x22\x01\x32\x18\x9c\x11\xa7\x49\x96\x26\x1f\x6d\xe6\x00\x1c" "\x50\x36\x4f\x08\xc4\xf4\x8f\xd4\x6a\x04\x17\xec\x8e\xe4\xd0\x03\xef\xee" "\xad\x64\xb8\x7d\x64\xb4\x3c\xd6\x86\x8f\x36\x5e\x72\xe2\x6d\xd9\xf5\xf9" "\xf7\x4d\x13\x5f\x64\x46\x4c\xb3\x8d\xd6\x20\x51\xae\x70\xc5\xa4\xda\xab" "\xeb\xe7\x00\xeb\x9b\x29\x0b\x8e\xd4\x14\x2d\xb0\x09\x02\x19\xe6\x18\x6f" "\x8f\x71\xfa\x8f\xe1\xeb\xe4\x2f\x62\x1b\x8e\xed\x18\x2e\xe8\xad\x04\x01" "\xf0\xa3\x53\x0f\xd4\x8e\x4d\x1e\xb2\x63\x7f\x1f\xbd\x2a\x70\x32\xb0\xf8" "\x57\x15\x20\x3c\x12\xab\x8f\xf4\x81\x31\xbc\x4f\xf2\x82\x72\xb5\x71\x19" "\xa7\x6b\xc0\xb3\x0f\xef\x52\x94\xc2\x3c\x0b\x2b\xca\xdf\xbb\xa3\x7a\x00" "\x50\x2b\x5e\x43\xd7\x21\x48\xd9\xac\xc7\xcb\x7c\xb3\x9d\xc8\x30\xcd\x6f" "\x30\x26\x2a\x09\xee\xcf\x29\xd1\x05\x5c\x2e\xdc\x39\x26\xcf\xd5\x07\x6a" "\xa5\xf9\xf1\x72\xed\x14\x53\x59\xfc\x97\x4c\xa5\xde\xd6\x52\x43\x3d\x21" "\x26\x07\xbe\xd1\x55\xdf\x1a\xff\x26\x94\x14\x54\x8a\x39\xa6\x44\xb6\xce" "\x92\x7d\xe5\xde\x6e\x67\x50\x57\x5c\x4f\xd7\xea\x7f\xe1\x0b\x1e\x51\xfd" "\xe6\x97\x5c\x0c\x23\xfc\x01\x2a\x8b\x12\xfe\x3f\xa6\x4e\x97\x2e\x4e\x09" "\xea\xfe\xa1\x65\xae\x5c\x1f\xfc\x9d\x76\x1e\x13\x14\xa7\x81\x95\x9c\x22" "\x3b\x96\xee\xfd\xe0\xf4\xf4\x5c\x7a\xc0\x32\xa8\xd3\xf1\xbd\x30\x41\x14" "\xc3\x32\x9a\x3e\x49\x66\xed\xdc\xc8\xd4\x4a\xe7\x0b\xad\x29\x32\xf9\x63" "\x10\x09\x55\xe2\xd2\xd4\x87\x34\x7c\x2a\xa8\x35\x6b\xc6\xbc\x3c\x84\xe4" "\x18\x16\x3c\x75\x8f\x13\x72\x24\x68\x84\xe6\xd8\x0d\x87\xd7\xab\x3f\xe6" "\x60\xdd\xa1\x3a\xda\x65\xf2\x00\xb4\xfb\x36\x52\x23\xb9\x3b\xbc\x29\x49" "\x3a\xe6\xdb\xbb\xb1\x82\x3e\xdb\x8e\x9f\x04\x5b\x60\x41\x4e\xda\xb9\x55" "\xe1\x04\x6b\x67\xa8\xd4\x90\x8a\xb0\x8a\xd9\x02\x16\x12\x5d\x2f\xfd\x8c" "\x78\x14\xa9\xa4\x94\x0d\xf0\xa6\x53\xb1\xcf\x53\xcf\x45\x64\x12\x22\x84" "\x45\xeb\xc8\xe1\x58\x4a\xdf\xe1\x32\x07\xff\x24\xfe\x60\x2e\x2a\x50\x62" "\x18\x71\x04\x83\xb5\x54\x43\x47\xa3\xd5\x15\xb7\xd2\xdd\xca\xa1\xbb\x7a" "\xe3\x57\x88\x41\x91\x8a\x8e\xd0\x06\x59\xd5\xf2\x60\xd2\x3a\xe1\x7a\x9f" "\xfc\x77\xf7\x97\x58\x84\x45\x86\xfe\x53\x51\x70\x97\x83\x8a\x92\xdd\xe8" "\x87\x3e\x8b\xe1\xcd\x59\x34\xf1\xa4\xbf\xdd\x9d\x0b\x57\x25\xb8\x11\xc4" "\xa2\xc1\x21\xb7\x72\x99\x46\x99\x3a\x73\x6b\xd1\x95\xc5\x56\x84\xea\x68" "\x03\x04\xaf\x48\x44\xa1\xb2\xf7\x4e\x2c\x2b\x2c\xca\xec\xeb\x00\xb9\xc2" "\xc5\x15\xb7\x09\x12\xef\xb2\x76\x43\xc5\x62\x40\x25\xe3\x58\xb4\x48\x53" "\xcc\x0e\xfd\xdc\x10\x3e\xe5\x14\x47\x1a\xf9\x02\xcd\x9b\x68\xf1\x02\xc9" "\x5a\x91\xd2\xb8\x25\xb4\x73\xce\x84\x2e\x63\x67\xb0\xb7\x30\x5c\xe8\xbe" "\x6f\x9c\x81\x2a\xbe\x86\x0b\xb6\x32\xe0\x0b\x69\xa0\x37\x0e\x5c\x8f\x9b" "\xa0\xce\xbb\xcb\xe1\xb9\x27\x69\x49\xc3\x03\xa4\xe9\xe3\xb6\xdb\x37\xa0" "\x71\x65\x20\xc0\x75\x12\x19\x23\x64\xab\xb5\x83\x99\xfc\xa9\x73\xa1\xb3" "\x21\x06\x09\x6e\xda\x8b\xb8\x57\x45\x56\x2e\x8a\x35\xc5\xe9\x17\xfd\xf8" "\x58\x09\x1a\x4c\x29\xd6\x54\x9e\x10\x09\x8d\x6b\x20\x5f\xc5\xca\xd5\x46" "\xfe\x07\xb3\xa7\x07\x56\xcf\x70\x79\xc8\x8f\x37\x08\xf0\xc8\x52\x70\x02" "\xb9\x9e\x80\xcb\xd5\x84\xa3\x73\x7f\xb3\x79\x53\xcd\x6d\xcc\xf2\x1a\xdd" "\x4d\x4b\x6e\x65\x89\x44\x90\x84\x0c\x00\x85\x78\x73\x7d\x5e\x20\x86\x49" "\xd1\xcd\x34\xbe\xb4\x03\xc2\x22\x63\x00\x29\x78\x53\xa2\x9c\xf6\xc6\x61" "\xb4\x26\xc1\x33\x06\x57\x5d\x81\xf6\xfd\x21\x71\x2e\x0e\xc4\x36\x60\x13" "\x88\x3b\x95\xa7\x1d\x50\x94\xac\xbf\x15\x6e\x42\xde\x11\xcb\x87\x37\x44" "\x98\x3e\xc1\xff\x9c\xfb\xee\x22\x78\x05\x3b\x8b\x4e\x52\x33\x88\xbd\x41" "\xdf\xd3\xc2\xec\xaa\xcc\x5d\x9d\x29\x58\xbb\xfa\x94\xf4\xbd\x0a\xc1\xc6" "\x1c\x98\xab\x29\x5d\xd5\xc6\x90\x20\xf1\x32\x98\x18\xdf\x9a\x2a\xa8\x8c" "\xed\x03\xf4\xe6\xa4\xd1\xf8\xcb\x02\x0a\xfc\xd2\x38\x4e\x65\x51\x1d\xde" "\xb9\x08\xba\x0c\x13\xa0\x3d\xd3\x2e\x8d\x4c\xcf\x02\x46\x00\x8f\x35\xef" "\x51\x84\xf8\x1b\x8f\xed\x73\xb4\xaa\xe4\x99\x8b\xd8\xc7\xd7\x84\x21\x00" "\x42\x24\x7d\x39\x39\x6b\xa8\x81\xbf\x43\x55\x5d\x0e\xc5\x8d\xee\xde\x7b" "\x47\x29\xe7\x9d\x31\xb2\xa3\x46\x52\x75\x94\xca\x3a\x47\xa1\x72\x3a\x79" "\x2a\x70\x1d\xc1\x8d\x01\x24\x36\x5e\x2c\x4a\x4f\xef\xed\x48\xc2\x9a\x9f" "\x2f\xc7\x47\xb3\x02\xea\xf9\x2a\x10\x0b\x2d\xa2\x11\xc9\x1d\xe4\xab\x79" "\xd4\xae\xde\x48\x3d\x85\x26\x35\xc6\xf1\x4d\x38\x09\x5a\x57\x39\xd4\x75" "\xc7\xaa\x67\xfd\xd5\x47\x67\xa0\x56\xee\xb3\x09\x8d\xfd\x8d\x1c\x21\xf3" "\x2e\x76\xf0\x24\x7f\x04\x11\x84\x48\x27\x35\x86\x85\x6e\x64\x1b\x83\xf5" "\x40\xa6\x43\xe7\x2d\xc1\x58\x04\xb7\x8b\xac\x47\x5f\x39\xe2\x32\x91\x79" "\x8a\xa4\x5a\x2c\x10\xaa\x5f\xef\x2d\x5e\x4d\x7b\x8f\x52\x9a\x66\x53\x5d" "\x11\xc6\x14\x9e\x97\x97\xf2\xfc\xce\x28\x04\xf2\xa5\x37\x03\x45\xe9\x8b" "\x0c\x02\xc7\xdd\x27\x13\x5d\x41\x4f\xe7\x2f\x07\x40\x42\x39\x20\xd6\x8b" "\x64\xf6\xb8\xc0\x57\x88\xc6\x69\x3e\xe1\xb9\xab\xb5\xd4\x59\x3a\x97\x0d" "\xc3\xee\x25\x28\x76\x5f\xb7\x39\x96\x4f\x4f\xed\x72\x00\xd7\xe7\x96\xa9" "\xf3\xd0\xd6\x08\x34\xe6\x38\xdd\x8c\x29\xd4\xe8\x50\x11\xe4\xba\x4f\x12" "\x7f\xe7\x65\x95\x4a\x5b\x5b\xb5\xd1\xcc\x69\xf2\x37\x65\x99\xd5\xa3\xe8" "\xc3\x07\x14\x89\x3f\x76\x3c\x06\x06\x10\x72\xc1\x0c\xb0\xee\xe1\x7e\xb2" "\xa2\x51\x4a\xcc\x58\x4b\x04\xe1\x69\xd4\xa3\x3a\x33\x03\x67\xbb\x72\x5f" "\xf9\x46\x2f\x5d\x50\x28\x2a\x2e\x39\x32\x93\xee\xc8\xea\x1e\xaa\xb8\x21" "\x7c\xc1\x08\x79\x8a\x4a\x57\xec\xcd\xb0\x06\x47\xab\x9f\x07\x31\x89\x93" "\xf7\xc5\x9c\x39\x5a\x93\xcb\xd6\x81\xd0\xa9\x67\xa5\x6e\x3f\x13\xc8\x32" "\xc4\x8d\xcc\x0d\x00\x96\x87\x0b\x0d\x51\xb7\x54\xe7\x0b\x12\xa8\x49\xb6" "\xf3\x76\x92\x3f\x7f\x7d\x90\x9f\x64\xd6\x4e\x1d\x6e\x33\x8d\x39\x16\x6b" "\x72\x52\x65\xb9\x6e\xd2\x1e\x36\xb1\x20\x57\x14\x8d\x66\xe5\xdf\x04\xb7" "\xb7\x34\xed\x09\x57\xd4\x7f\xde\x17\x2b\xe2\x47\x3b\x9a\xc6\xfd\xb8\x23" "\xab\xe3\xe1\x1e\xc6\x9a\x17\x0a\x14\x51\x1d\x55\x72\xd6\xc0\xd9\xf6\xb7" "\x49\xac\xad\x70\x03\xf0\x56\x7b\xb6\xf9\x38\x16\x49\xe4\x2d\x02\x76\x40" "\x77\x33\x0d\x5a\xf3\xd9\x31\x85\x96\x8a\x9f\x8d\xfe\xd1\x6c\x4a\x7c\x76" "\x8a\x2b\xb9\x83\x04\x94\x6a\x55\x71\x82\xc0\xce\x93\xe8\x2b\x34\x00\x74" "\xe3\x84\xcc\x6b\xd6\x12\x94\x83\x38\x6c\x65\x4a\x6a\xb3\xbb\x12\xfe\x8e" "\x86\xad\xaf\xa9\x3f\x21\x8f\xdf\x50\x19\xc0\x92\x92\x85\x8a\xcd\x8e\xf7" "\xaa\x6a\x78\xe3\xf8\x46\x21\x58\x56\xd6\x30\xae\x9c\x5f\xc4\x00\x96\x93" "\xb2\x76\x7e\xa5\x5c\x46\x9f\x90\x99\x69\x32\x87\xb3\x5d\x43\xee\x0f\x7a" "\x5b\xaf\x33\x28\xd3\x7b\x2c\x53\x6f\x2a\xbd\x6e\x21\xe4\x72\xc1\x05\xae" "\x98\x2c\xdd\x26\xa5\xa2\x05\x62\x12\x2e\x71\xef\xb1\x48\x6c\x28\xd9\x40" "\x9c\x31\x14\xb6\x08\xf2\x97\x69\x59\x58\xc5\x60\x4c\xf0\x91\x8c\x0c\x70" "\xc5\x6c\x79\x17\x02\x60\xd7\x3b\xde\x29\x7e\x47\xca\xe1\xc4\x04\xcc\xa0" "\xa9\x6e\xed\x51\xa2\xdc\x8f\x6f\x6a\xd8\x62\xfe\x76\x7e\xe5\xb5\xe6\x8f" "\x23\x10\x96\x82\x5d\x93\x5b\x80\x9b\x3c\x1b\x5d\x9a\x2c\xd7\x6c\xae\x22" "\x65\x2b\xed\x7d\x26\x3b\x42\x61\x2e\xd7\x17\xeb\xa0\xaa\xf2\xa3\x98\x9c" "\x45\x20\xc4\x02\xd2\x94\x28\x01\x00\x00\x00\x00\x00\x00\x00\x62\xfb\x3f" "\xdd\x07\x3b\x91\xd4\xe2\xf6\x89\x5f\xba\x96\x39\xee\x78\xbd\x8c\xcb\x5b" "\xc3\xce\x44\x2f\xbe\xb9\xa1\x52\x13\x14\xb8\x28\x04\x29\x31\x59\xfd\x7d" "\xf4\xdb\x66\xb7\x8a\x06\xfe\x93\xe7\x05\xbb\xc4\xe0\xd2\x94\xa7\x87\xc3" "\xcb\xf2\x71\xb2\xac\xd1\x5e\x7b\x49\x98\xc8\x22\xf7\x72\x4d\x31\x91\xe2" "\x26\x5b\xd0\xd6\x94\xdf\xb0\x80\x63\xc9\xff\x26\xa4\x24\x88\x4b\x46\xe2" "\x6b\x55\x60\xd7\x56\xc1\x14\xad\x1a\x7b\x92\xee\xe3\xf4\x9d\xc2\x88\x3b" "\x60\x4e\xcc\x49\xc5\xce\x92\xce\x46\x77\x78\x30\x13\x26\x58\x8a\x65\x77" "\xd4\x47\x58\xe8\xd9\x07\x10\x24\x8d\x11\x0d\xbf\x3d\x3d\x56\x87\x79\xbd" "\x1c\x61\x63\x69\xf8\x46\x19\xdd\x08\x9e\x38\xb5\x16\x34\xf7\xc5\xd2\xac" "\x9f\x15\x47\xa3\x42\x87\x78\x15\xa3\x86\x4a\xd7\x0b\x68\xb1\x96\xbd\xe9" "\xd8\x10\x51\x2f\x41\x1d\x52\x35\x63\x3e\xf6\x50\x88\x78\x8d\xfa\x3f\x15" "\x2d\xf7\xce\xe3\xa0\x80\x3f\x6a\xc7\xae\x19\x23\x01\xde\xc0\x7f\xf8\x70" "\xff\x3d\x7c\xf1\xc0\x9c\xc9\x09\x32\x63\xb2\x25\xd0\x12\x22\x37\x65\x31" "\x00\x7a\xf9\xe6\xfb\x96\xe5\xcc\xaa\x82\x74\xf7\x0a\xdc\x78\x6d\xb7\xf3" "\x3a\x20\xa7\x52\x71\x7b\x56\xb9\xa0\x3b\xfc\xe1\x5a\x1a\xac\xd7\x8c\x4a" "\xdf\x8b\xdf\x41\xde\x8a\xaf\x42\x16\x84\xc2\x75\x26\x08\x8c\x54\x32\x2b" "\x5e\xea\x91\x75\xef\x9c\x57\x4c\x1f\x87\x32\x18\xcc\x6f\x5d\xf2\x33\x89" "\x2d\x7d\x5b\x0b\x06\x49\xff\xc5\xa1\xc4\x90\x9f\x29\x67\xa8\xc1\xf1\x5b" "\x41\x9e\xcd\xe0\x44\x8f\x07\x1f\xa7\x1e\x55\x3f\x4f\x12\xcf\xa5\xe3\x50" "\x22\xe7\x5d\xdc\x55\x09\xed\xdd\xc3\xde\x82\xd9\x09\x77\x59\xb2\x7f\x7c" "\x24\x77\x67\x02\xe0\xff\x64\x55\x92\x81\xf7\x96\xf1\x1c\x1a\x9c\x77\xa1" "\x56\xf3\x90\xd2\xd1\x8d\x17\x59\xb6\xbe\x03\x47\xeb\x5b\xb4\xdf\x91\x2e" "\x9c\xfa\xfa\x0d\xb3\xbe\x32\x43\xba\xcb\x37\x8c\xa0\x94\x6c\xec\xe6\x95" "\xa8\x09\x9d\x6d\x7a\x24\xfc\x8b\xcc\xa4\xc0\x96\x95\xe3\x20\x8f\x17\xf0" "\x0b\xf4\x04\xf6\xeb\x78\x52\xdf\xe7\x3c\x16\x3a\x19\xfd\x4e\x89\x0e\x0e" "\xdd\x5c\x7a\x72\x79\x84\xb6\xf4\x7a\x95\x23\x73\xb9\x52\x00\xbb\xa0\x61" "\x75\x6c\x69\x9c\x21\x8b\x52\xc2\x65\xb2\x2b\xcd\x5c\xb2\x4f\xdf\x05\x66" "\x21\xfd\xd2\x12\x6c\xed\xe1\x71\xe4\x35\x32\x0c\xa3\x4e\x56\xe4\xc8\x2a" "\x2a\xfc\x9a\x59\xd3\xbf\x46\x47\x87\x76\x58\xb6\xf2\x3a\x64\x84\xf3\x7a" "\xcd\x8e\x2e\x18\x49\x26\x99\x3b\x5d\x1b\xbe\x6c\xdb\xa6\x4f\x48\x6b\x4f" "\xb4\x1b\xb9\x4a\x64\x41\x40\x54\x08\x94\xf8\xfc\x14\xe5\x85\xbc\x8b\xea" "\xe8\x8e\xab\xf9\x26\xad\xd2\x89\xc8\x2e\xb8\xce\xa9\x97\x43\xba\xed\x84" "\x2d\x76\xeb\x5c\x55\x73\xf7\xa7\xf3\xf2\x69\x39\x60\xd6\xbf\xed\x69\x7b" "\x56\x19\xaf\xd9\x42\xf4\x16\x89\xdb\xd2\x81\xa3\x5e\x32\x47\x8b\xa3\xa3" "\x88\xda\xda\x82\xa2\xf4\x16\x44\x81\xaa\x6a\x8f\x39\x46\xa8\x4e\xa6\x18" "\x6b\x20\xce\x38\x8c\x20\x2b\xe4\x29\x96\xae\x90\xfe\xec\x72\x58\xd4\xa4" "\xa2\x76\x35\x3d\xf8\x4c\x96\xb1\x60\xac\x00\x3d\x81\xcf\x39\x5c\x0e\x61" "\xb0\xf0\xa9\xe6\x92\xc3\x2f\xab\x30\x7f\x75\x4c\xae\x5d\xe7\x71\x6a\x00" "\xcb\x96\x16\x0c\xd3\x9c\x93\x1f\x48\x85\xd6\x12\x86\x2c\xec\xf6\xba\x76" "\x50\x2c\x9d\x26\x6f\x97\xe4\xcf\x6c\xf0\xa1\x6f\x78\x77\x88\xe5\x47\x14" "\x58\xa0\xdc\x24\xd3\xf2\xa2\x8c\xaa\x0f\x7e\xe0\x0c\xf8\xbb\x11\x3b\xd9" "\xc2\xb0\x86\x03\x7d\x76\x5b\x5e\xc9\xa8\x49\xdf\x6f\x48\x2f\xc0\x1b\x48" "\x26\x1e\x44\x29\x9b\x0b\xc8\x83\x21\xd8\x37\xb6\xe2\xd2\x21\xeb\xf2\x99" "\x6b\x41\x40\xcd\x82\xe5\x31\xde\x27\xf8\xde\x44\x5f\x31\xc6\x44\x69\xa5" "\xa1\x45\xb0\x31\xcd\x25\x69\xd1\x9e\x27\x36\x9c\x31\xec\x63\xa9\x89\xf0" "\xc9\xaa\xba\x7c\xc9\xd3\x6d\x65\x20\x01\xd4\x00\x04\xf8\x3a\x90\xd6\x46" "\x58\x54\xf3\x1b\xf1\x5d\x1e\xf6\xbf\xf4\xc0\x2d\x60\xb9\x48\xa3\x7e\x3f" "\x50\xd2\x50\xd7\xf8\x5f\x54\x5f\x50\x70\x14\xaa\xe5\xa3\x59\x08\x28\x31" "\x68\xc0\x34\xf6\x54\xac\xbb\x9d\x0f\xc2\x61\x67\x1d\x61\x2e\x3d\x74\x26" "\x16\x53\xe6\x9e\x5e\x9c\xf7\xc8\xfd\xa2\x98\xb4\xd6\xc8\x79\xcb\xbb\x97" "\xea\xfe\x64\x8b\xa7\x01\x50\x59\x90\x89\xd6\x5c\x1f\xdc\x0d\x5a\xf8\x79" "\xa2\xd4\x6a\x44\x3a\xc6\xdd\x21\xb3\x3f\x72\x51\x07\x42\xdb\x4f\xaf\x7e" "\xeb\x15\x80\x58\x0f\xfe\x26\xe2\xd5\xff", 4096); *(uint16_t*)0x20002644 = 0x1000; write_file("/sys/kernel/debug/failslab/ignore-gfp-wait", "N"); write_file("/sys/kernel/debug/fail_futex/ignore-private", "N"); inject_fault(1); syscall(__NR_write, r[2], 0x20001640, 0x1006); return 0; }