// https://syzkaller.appspot.com/bug?id=bf6bc49587ba7b58cb1be9e86202c3ca256a528e // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } #define KMEMLEAK_FILE "/sys/kernel/debug/kmemleak" static void setup_leak() { if (!write_file(KMEMLEAK_FILE, "scan")) exit(1); sleep(5); if (!write_file(KMEMLEAK_FILE, "scan")) exit(1); if (!write_file(KMEMLEAK_FILE, "clear")) exit(1); } static void check_leaks(void) { int fd = open(KMEMLEAK_FILE, O_RDWR); if (fd == -1) exit(1); uint64_t start = current_time_ms(); if (write(fd, "scan", 4) != 4) exit(1); sleep(1); while (current_time_ms() - start < 4 * 1000) sleep(1); if (write(fd, "scan", 4) != 4) exit(1); static char buf[128 << 10]; ssize_t n = read(fd, buf, sizeof(buf) - 1); if (n < 0) exit(1); int nleaks = 0; if (n != 0) { sleep(1); if (write(fd, "scan", 4) != 4) exit(1); if (lseek(fd, 0, SEEK_SET) < 0) exit(1); n = read(fd, buf, sizeof(buf) - 1); if (n < 0) exit(1); buf[n] = 0; char* pos = buf; char* end = buf + n; while (pos < end) { char* next = strstr(pos + 1, "unreferenced object"); if (!next) next = end; char prev = *next; *next = 0; fprintf(stderr, "BUG: memory leak\n%s\n", pos); *next = prev; pos = next; nleaks++; } } if (write(fd, "clear", 5) != 5) exit(1); close(fd); if (nleaks) exit(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } check_leaks(); } } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; res = syscall(__NR_socket, /*domain=*/0x29ul, /*type=*/2ul, /*proto=*/0); if (res != -1) r[0] = res; *(uint64_t*)0x200000c0 = 0; *(uint32_t*)0x200000c8 = 0; *(uint64_t*)0x200000d0 = 0x20000080; *(uint64_t*)0x20000080 = 0x20000040; *(uint64_t*)0x20000088 = 0x34; *(uint64_t*)0x200000d8 = 1; *(uint64_t*)0x200000e0 = 0; *(uint64_t*)0x200000e8 = 0; *(uint32_t*)0x200000f0 = 0; syscall(__NR_sendmsg, /*fd=*/r[0], /*msg=*/0x200000c0ul, /*f=*/0x8010ul); *(uint64_t*)0x200011c0 = 0; *(uint32_t*)0x200011c8 = 0; *(uint64_t*)0x200011d0 = 0x20001180; *(uint64_t*)0x20001180 = 0x20000180; memcpy( (void*)0x20000180, "\x4d\x69\x86\x4b\x53\x68\x41\x57\x02\x93\xf4\xd0\xf7\x62\xed\xd8\x59\xcb" "\xc9\xc0\x55\xf8\x1d\xee\xfe\xf4\xf3\xe7\x63\xec\x37\xa2\x09\xc4\x14\xaf" "\x57\x6c\x13\x12\x45\x52\xbe\xd3\x10\xec\x81\x21\xb2\xef\xcb\x53\x47\x4d" "\x30\xd0\x02\xbd\x9b\xc3\x66\xb5\x2a\x50\xfa\xfc\x12\x18\xec\x4c\xab\xf0" "\xae\x00\x03\x9f\x71\x77\x1a\x5f\x27\x08\x6c\x2f\xaa\x97\x96\x9f\x3f\xa2" "\xd5\xfb\xfe\x16\x8b\xc7\x29\xba\x58\x1f\x4c\x2f\x8a\x6c\x54\x5b\x81\xe1" "\x30\x3e\xb1\x41\xe9\x51\x8b\xad\x3a\x78\xab\x9b\x92\xbc\x24\x7b\x03\xba" "\x63\x34\x15\x74\xda\xa0\x4b\x74\xe8\x73\x3a\x8e\x64\x4d\xbb\xac\xd3\xa8" "\x7b\x44\xf8\xdb\x0d\xc6\x31\xbb\x91\x4d\x43\x15\x6d\xff\xe9\x2d\x97\x18" "\xf8\xab\x12\x8f\xfc\x64\x6f\x2c\xe0\xcb\x92\xbb\x4e\x09\x4a\xbd\xeb\x37" "\xfc\xa0\x6c\xe7\x35\x00\x5f\x55\x77\x14\xb6\x1e\xd9\x72\xc4\xac\xe5\x64" "\x1c\xf4\xf3\x7f\xb6\x81\xc0\x3e\x0c\x6e\x0a\x91\x42\x6b\x8e\xa5\x50\x5a" "\x4c\x1c\x28\x03\x93\xad\x9c\xe2\xd8\xd9\x4d\xff\xd5\xa1\x6a\x32\xe7\x9a" "\x1f\x47\x48\xeb\x42\x1f\xe3\xc4\x4d\x22\xd9\x0b\x64\xd7\x28\x5b\xac\x27" "\xce\xea\x7b\x0e\x55\x11\x2a\x3c\xdc\xf2\xff\x43\xbe\x6a\x94\xb3\xe3\xa3" "\x7c\x9f\xa0\x97\x3a\xb0\x33\xcf\xc5\x6f\xa0\x04\x25\xfe\x4c\xf1\x5d\x8d" "\xcd\x79\xcc\x47\x1a\xa4\xec\xc1\x2a\x58\x23\xb8\x8e\x64\x6a\xb1\xbf\xe2" "\xcd\x6e\x64\xc1\xac\xe5\x7e\x7d\x4e\x1d\x1b\xc1\xa2\x61\xa2\x43\x81\x62" "\x12\x85\x90\x94\x7c\xa9\x10\x1e\x71\x67\x02\x5a\x07\x88\x62\x3b\x9e\xaf" "\xbf\x72\x44\xb8\x07\xea\x70\x3e\x40\x7b\x1a\x5a\x04\x58\x14\x48\x9b\x78" "\xd5\x95\xa8\xa5\x01\xe5\x10\xeb\x44\xa9\xcc\xee\x37\x17\xf9\x50\x71\x94" "\x48\xd2\x26\x10\xec\xda\x42\x5c\x5e\xb0\xf3\x6f\x0a\x4f\x60\x4f\x4f\x65" "\x96\x39\x52\xd7\x33\x62\x08\xcf\x94\x07\xa2\xb8\x70\x5e\xdb\xc0\xca\x4a" "\x02\x5b\x20\x67\xcf\x13\x7e\x2e\x5d\xc9\xe3\x37\xad\x79\x2e\x5d\x2b\x88" "\x8a\x44\x27\x65\x3e\x1a\x39\x22\xa1\x4a\x90\x74\x20\xd0\xb8\x27\x1c\xa9" "\xd3\x85\xd3\xa7\x52\x09\x68\xa9\x3a\x33\xb2\x9d\x28\x9c\xdb\xcd\x05\x6a" "\xae\x3b\x75\x5c\x56\x73\x39\x14\x58\xdd\xd0\xe3\x6e\x79\x8f\xe8\xa0\x3d" "\xe5\x43\xc6\x01\xd5\xd9\xda\x58\xbc\x46\x88\xa9\x6b\x06\x86\xda\xa9\x7e" "\xc7\xbd\xc2\xb6\x92\x2a\x2d\x36\xc2\x18\x45\xfc\x3d\x1f\x8a\xc2\x45\x18" "\x1b\xac\x73\x05\x3e\x67\x57\x43\x0d\xe7\x83\xc9\xb6\x4c\x9f\x28\x7d\xf5" "\x16\xea\x1e\x1d\x1d\xf6\x5e\xe4\x20\x8a\x6f\x82\x76\x62\xc2\xc4\x84\x9b" "\x1b\x22\xf5\xf7\xfa\xc0\xc9\x77\x47\x26\xba\x91\x8f\x40\xfb\xdd\x54\xae" "\x2a\x37\x42\xe0\x8e\x27\x38\x9b\x17\x05\x17\xcd\x7e\x0f\xb8\x3d\x01\x85" "\xf0\xc9\xfc\xb7\x29\x10\x43\x8b\xd0\x37\xaf\x18\xbd\x4f\xc3\x8e\xd3\xb6" "\xa4\xe0\x07\xc2\x06\x38\x89\xff\x4d\x5e\x17\x9a\x47\xe4\x1a\x59\x50\x32" "\x36\x99\x6d\xc8\x7c\x0c\x92\x39\x88\x1a\xb0\x59\x58\x23\x5b\x4b\x29\x3f" "\xa2\x2f\x67\x58\xbe\xa7\x32\x9f\xca\x0e\xb0\xa5\xfd\x24\x40\x0d\x0d\xfb" "\x13\xb5\x1b\xc1\x8a\x4c\xd4\x45\x7b\xf5\x1b\x40\xf8\x50\xb9\x73\xfe\x4c" "\x37\xe5\xaa\x2a\x63\x8c\x96\x7a\xaa\x15\xce\x9d\x6b\xb9\x33\xab\x8f\xba" "\x24\x55\x43\xe3\x64\x73\x95\xc9\x87\x8e\x7e\x23\x2b\xc1\xb3\xd2\x11\xa2" "\x78\xa8\x57\x0d\xfe\x7f\x43\xe4\xc6\x8d\x24\x3d\xee\x16\xd2\x3d\x10\xb5" "\x6e\x51\xdf\x96\xaf\xaf\xea\xbb\xc0\xf4\xc0\x2c\x86\x4b\x28\x66\x54\x9c" "\xaf\xd2\xf8\x77\x90\x09\x17\x43\xd9\xc4\x85\x54\x5e\x80\x55\x7e\x95\x83" "\x3e\x18\xaa\xa7\x88\x54\x71\xe0\x33\x78\xf3\xae\x4f\x41\x9c\xaa\x07\xbf" "\xc3\xa5\x6e\x93\xc1\x2a\x23\x18\xda\x1c\xef\xf2\x4c\x9f\xbe\xaa\xcb\x56" "\xa9\x3e\x33\x23\x59\x28\xaf\x60\x62\xed\x8a\x70\xe5\xbc\x9f\x9f\x65\x55" "\x72\x21\x7e\xf3\xfb\x42\xf6\xcf\x61\x34\xaa\x2e\xc0\xd9\xd8\xd8\x2b\x3e" "\xfc\x38\x73\x77\x59\x1c\xeb\xf3\xfe\x61\xf7\xc4\x2d\xe5\xb8\xf9\x1d\x0e" "\x4e\x2b\xc1\xcc\xbc\xfc\xfa\xe7\x7a\xd7\x3e\xb4\xdb\x2b\xb8\x5d\xe7\xfd" "\x3e\x06\x85\x6a\x4f\xa7\xc6\x2c\x36\xd6\xf0\xaa\xeb\xe4\x14\x13\x2c\x34" "\xfe\x3d\xf4\x61\xf2\x90\x80\x0b\x71\xfc\xea\x47\xfc\x7d\xc7\xbd\xe5\x08" "\x30\xa7\xbc\xf1\x4c\x83\x1a\x61\x08\xd5\xe2\x4b\x70\xc2\x2b\x8e\xb8\xbc" "\xb6\x1d\x19\x85\x1c\x1d\x1b\x91\xd4\x36\x81\x1a\xa5\xda\xb2\x3c\x09\xc1" "\x5e\x6f\x8b\x78\x60\xc5\x84\x68\xe4\xab\xc2\x46\x8d\xa3\x32\x13\x5e\x34" "\x91\x9f\xa6\x69\xfe\x0f\xd1\x9c\x8a\x8f\x19\xf8\x22\xc6\xf5\x51\xd2\xa0" "\xac\x54\xfe\xd6\x58\x4a\x7d\x09\xce\xa3\x34\x15\xf2\xbb\x77\x40\xed\x05" "\xa0\x19\x85\x02\x58\x81\x4f\x1f\x0d\xc6\x7b\x8b\x3f\xc3\x87\xa6\xb2\xf7" "\x7a\xd3\xca\x0d\x9b\xdc\xae\x3e\x83\x46\xa1\x04\x4d\x10\x99\x85\xe6\x93" "\x99\xce\xa6\xe0\x63\x3b\x1c\xa9\x25\x29\x07\x50\x22\xc7\x34\x23\xe9\xef" "\xb3\x70\x69\xfd\xd8\x21\x31\xe9\xc6\xff\xe6\xdf\x87\x9d\x2e\xc1\xfc\x15" "\x1d\x05\x6a\x02\x1b\x03\x06\xc7\xa1\x3e\x48\x03\x2a\x70\xb4\xab\xbe\x75" "\x79\x40\xad\x2f\x67\x06\x9d\x67\x49\x7d\xaa\x0b\xb2\x71\xeb\x83\x8f\x6b" "\x03\x59\x74\xbe\x51\xb8\x74\x97\x3c\x76\xb5\x44\x7a\x12\x71\xa0\xeb\xf7" "\x61\x75\x51\x5b\x13\x45\x95\x73\x48\x99\x10\xf8\xcd\x54\x9f\xf9\x49\xd6" "\x53\x45\xe2\x5e\x90\xf4\xec\xc5\x0a\x89\xf0\xbb\x71\x0c\xcc\xe1\xdb\x0e" "\xd4\xf6\xac\x45\x63\xae\xf2\x81\xd1\x7c\xe8\xc5\xab\x15\x7e\x3f\x5e\x56" "\xe4\x1d\xa4\x48\xad\xd3\xbf\xcb\x93\xd2\x9e\x09\x5a\xd2\x14\x6c\x79\x54" "\x9e\xfc\x47\x87\x54\xc9\x9d\xda\x6d\xdf\x1f\xa8\xec\x25\xfa\xac\x9d\xb9" "\x75\x92\xc0\xab\xcd\xa2\x12\xa7\xa9\x9e\xc2\x35\xde\xf9\xdf\xfa\x6b\xaf" "\x1f\xf1\x6d\x19\xb9\x56\xc2\x57\x33\x2d\xe7\xb3\xce\xbc\x28\x89\x1f\xb3" "\xf9\x04\x3f\x76\x62\xae\x7c\x55\x6e\xbd\x16\xdb\x9e\x48\xcb\x0e\x7d\x01" "\x8d\xc2\x4a\x1b\x0f\xa1\x43\x50\xd1\x08\x93\x0c\x12\xb3\x70\xea\xed\xeb" "\x32\x49\x72\x25\xe9\x99\xaa\x07\x95\xe2\xe9\x12\x00\xc5\x59\x90\xf3\xfd" "\xf9\x7b\x5c\x20\x5d\x24\x03\x8e\xfc\xcf\x7b\x36\xcb\x7f\xf8\x79\xd4\x32" "\xa2\x2d\xd4\x79\xfd\x8d\x3b\xc7\x37\x03\x27\xd7\xb4\x54\x30\x66\x34\xdd" "\x70\xe7\xd0\xdd\xf9\x2b\x2e\xa1\x4e\x2e\x2e\xf6\xda\xf7\xd5\x22\xe7\x45" "\xb5\xd5\xb9\x52\x05\x33\x83\xc5\x86\xf2\xe6\xde\x00\xe8\x24\x5d\x19\x74" "\xd7\x01\x4c\x36\xd1\x68\x6c\xa1\xfa\x10\x41\x43\x36\x79\xe9\xe9\xa5\x32" "\xcb\x0f\x0f\x3c\x91\x41\x4e\x5f\xe5\x54\x1d\x14\xef\xba\x36\x00\x77\xf8" "\x21\xf8\x36\xb6\x32\x6d\xcf\x75\xb1\x8c\x65\x70\xde\x63\xdc\xef\x00\xc8" "\x24\xd2\xde\x35\x2a\x56\x74\x24\x87\xcb\x59\xfc\xba\xe4\xfe\x1e\x8d\xd8" "\x5b\x4a\x49\xe3\x7f\x9b\x0d\xda\xb9\x77\xc4\xb0\xe0\xed\x35\x1c\x9f\xd1" "\x69\x73\x3c\x19\xd4\x86\x3c\x2f\xf5\x55\x37\x54\xdd\x5e\xae\x71\x90\x49" "\x53\x64\xe5\xac\x69\xb1\x56\xb9\x87\x27\xbb\xd5\xd3\xc0\x72\xd2\x5a\xd1" "\x8b\xec\xba\x91\xee\x58\x60\xb6\xd4\x8a\x14\x18\x35\x18\x5b\x8a\xad\x74" "\x0d\x39\x14\x02\xd9\x22\xc2\xd2\x70\xa7\xe4\x27\x7a\xcd\xf9\xb8\xcd\xe8" "\x2b\x99\x93\x62\xf9\xcc\x35\xb4\x7c\xf6\x8d\xdb\xc9\xf2\x7b\x9d\x2b\xd0" "\xaf\x72\x53\x17\xf4\x34\x6b\x76\x3c\xdc\x1a\xf3\x16\x7a\xb1\xa7\x2f\x58" "\xa0\xc5\x99\x83\x0a\x76\x19\x7f\xeb\xf9\xe0\xcf\x70\x28\x8b\xca\x56\x50" "\xc4\x51\x3c\x71\xd0\x08\x8f\xf0\x49\xb3\x08\x25\x08\xc7\xf0\x3a\x56\x89" "\xe7\x83\xfc\x7e\xae\x4c\x68\x39\xee\xb6\x48\x01\x26\xa8\xc9\xa5\x05\x71" "\xfe\x96\x83\x38\x1b\x5a\x57\x52\x43\x1d\x4b\x6d\x86\x7f\xad\xa6\xc9\x87" "\x98\x35\x1d\xfd\x2b\x53\x87\xf4\x30\xa0\xc4\xe3\x00\xf5\xb3\x9f\x76\xc2" "\x0a\xd6\x1b\x92\x0e\xf5\x1c\x18\xde\x7c\x20\xe1\x69\x3a\x19\x5a\xbc\x52" "\x03\x7e\xc0\xc2\x36\x7f\xb9\x5c\xdd\x84\x21\x6f\x01\xdf\xb0\x8c\x92\x43" "\xf6\x9d\x30\x6d\x4f\x88\x41\xdc\xc8\x60\xa7\x17\x37\x5c\x55\x2f\xa3\x4f" "\xd6\x01\x70\x97\xc0\xff\x27\xf9\xad\x7e\x7b\xa4\x6e\x26\x26\x31\x49\x49" "\x61\x35\x44\xb2\x0d\x4d\x11\xa1\xdb\xdb\x29\x3e\x2b\x8b\x9a\xc0\xbd\x3f" "\x66\x7d\x0f\x5e\xed\xd6\x67\xda\xbd\x23\x9b\x62\x35\x8f\xcb\x7f\x06\xd6" "\x80\x4d\x53\x5c\x68\xa3\x56\x99\x6e\xdf\xf5\x32\xe0\xf9\x36\xd9\x61\x09" "\x5e\x6c\x40\xa0\x0b\xb3\x0b\x34\xf5\xd7\x3f\xea\xfc\x82\x23\xc2\x54\x4e" "\x82\x6a\xc2\x98\x78\xb3\x0a\xe6\xf2\x2f\x60\x19\xaf\x03\x6e\x89\x9d\x49" "\x40\x3e\x78\x59\x11\x15\x4c\xd2\x2e\x4b\x71\xa8\x8b\x3a\xe5\x84\x93\x6b" "\xfe\xf1\xaf\xd3\xf2\x81\x37\xd9\x32\x41\x09\x0a\xac\xd9\xd3\xaf\x9f\xee" "\x78\xd2\xa6\x32\x0f\x53\x4d\x6f\x50\x5b\xfe\xc6\xb4\x95\xe7\x53\xe3\x00" "\xdb\x9a\xda\xb9\x8c\x90\x8a\xc0\x00\xd8\x23\xdc\xa2\x7a\x4a\x98\xcd\xb2" "\x3e\xaf\x78\x93\x78\x6d\x4b\x1c\x1f\xb0\xe3\x37\x1a\x44\xe8\xe3\xa0\x0a" "\xcb\xcd\x16\x94\x05\x99\x34\xf7\xd3\x80\x6e\x04\xd3\x67\x11\xd4\x6f\xb1" "\x2d\xb2\x89\x41\xd9\x43\x69\xc3\x49\x4d\x7f\x13\x59\x91\xc9\x3a\x18\x13" "\x85\xeb\xf3\x52\xad\xef\xb8\x11\x77\x8e\x7e\xc5\xc9\xd7\x44\xba\x31\xb6" "\xbf\x15\x09\x7d\x90\x16\x4c\x50\x71\x65\x39\xe2\xd4\x7f\x19\x83\x93\x27" "\x98\x0f\xf0\xd0\x12\xb2\xdb\xf6\x78\x11\xe3\x53\xb0\x46\xb3\x7d\x62\xb8" "\x72\x97\xa8\x46\x89\x62\xc6\xfd\x07\x48\xa1\x53\xd4\x4a\x37\x62\x41\xcc" "\x2d\x8c\xb5\x17\x09\x74\xce\xcb\x39\x44\xca\xbe\xeb\xbf\x35\x14\xc5\xf6" "\xd6\x7a\xfb\x08\x19\xad\x59\x22\x88\x54\xb8\xfc\xb7\x51\x7d\x2a\xdd\xb5" "\x74\x6e\xe4\x17\xe3\x04\x51\xeb\xa0\x41\x50\x94\xa8\xa9\x5e\x39\x9c\xf7" "\x48\x91\x7e\x77\xc0\xfa\xed\x56\x11\xb9\x58\x82\x79\xb4\x7d\x95\xb0\xd7" "\x3b\xf4\x02\xc7\x65\x33\x2f\xe4\xd6\xbf\xa4\x88\x1c\xfd\x94\x46\xcb\xd3" "\xdd\xf4\x21\xd2\x7b\xc4\xec\x27\x99\x93\x64\xe0\xb6\x16\x43\xc1\xdb\xad" "\xd2\x61\xc1\xe8\x7a\x8a\x5a\x89\x20\x46\x28\x1e\x44\x2a\x5f\x48\xf7\xe1" "\x20\x18\xb4\x57\x90\x68\x95\x55\x82\x06\x5e\x2b\xa9\xd3\x4f\xf5\x92\x3e" "\xcd\x39\x29\x7b\x8b\x93\x87\x8f\xe8\xfc\xc3\x4e\x09\x83\xfd\xb4\xc7\xf3" "\x59\xb9\x8a\xb6\xc6\xf6\x63\x76\xc1\xbf\xc1\x2a\xd0\x32\x56\x0f\xd8\xe2" "\xdd\xff\xa2\x76\x65\x92\x66\xe2\x0b\x5a\xfd\xa0\xd6\x66\x96\x56\x10\x77" "\x87\x80\x4c\x74\xa1\x3b\x53\xd4\x98\x82\xb7\x7c\xff\x7d\x5b\x4d\x10\x60" "\x14\x88\x09\x03\x32\x54\xea\x17\x95\xfa\xf6\x3b\xed\xd1\x18\xf2\x7c\x44" "\xd7\x1b\x1b\xc8\xb0\xb5\xb4\x13\xa7\x8e\x95\xef\xd3\xed\x29\xcc\xd8\xc1" "\x73\x7f\xd0\x51\x14\xc9\x28\xf3\x9c\xdf\x57\xc3\x9a\xa5\xd1\x94\x0d\x6d" "\xe1\xfb\x29\x0b\x11\xd6\x86\x0a\x53\x7f\x57\xcb\x87\xc0\x5c\x1b\x2d\x84" "\x9c\x06\xd2\x9f\xda\xa2\x1f\x50\x0a\xae\x52\x2b\xa4\x8e\xfe\x27\xe9\x3d" "\x29\x04\xaf\x22\xed\x5f\xbc\x52\x2b\x77\x1d\xea\x8a\xb2\xca\xed\x5b\x6b" "\x86\xae\x98\x23\x6c\xa7\xb6\xec\x85\x87\x16\xce\xf9\xbe\x00\x88\x12\x6a" "\x6b\x17\xb1\xf8\x17\x9d\x2a\x9b\xc2\xfa\x64\xdc\x96\x24\xd5\x70\x5a\xfc" "\xe9\x22\x6c\x4c\xd3\x17\x05\x5c\xbd\x22\x01\xfb\x9c\xc2\x4c\xf6\xb7\x4f" "\x75\xe7\xe2\xc7\x38\x01\xd3\x76\x0d\x7d\x4b\x75\x94\xab\x88\x06\xc2\xd8" "\xfb\x02\xc7\x12\x48\x14\x70\x40\x6c\x03\xdf\x20\x4f\x9f\x6a\x22\x2c\x60" "\x0b\xde\x11\xfb\x84\x9a\x23\x16\xce\x6c\x13\x7b\x68\xc1\x40\xb8\x57\xef" "\x35\xff\xcd\x8c\xfa\x93\xc1\x73\xd0\x37\x25\x61\xad\x39\xfc\x77\x64\x65" "\x62\x26\x51\x2e\x5a\xa0\x3d\x19\x27\x4e\x36\xee\x5a\xd8\x3b\xb1\x20\x23" "\xe6\x9b\x38\x87\x59\x70\x51\x43\xb6\x9d\x6d\x65\x35\xf6\x2b\x78\x10\xd3" "\xba\x5b\x7c\x33\x39\xec\x3a\x4d\x99\xd3\xfa\x36\x05\xc2\x09\x03\x66\x1e" "\x8c\xb0\x3b\xab\x9b\x89\xcc\x83\x1c\xc5\xe7\x17\x3f\xc3\xa1\x5d\x2e\x03" "\x10\x42\x84\xbd\xcc\x50\x64\x6d\x5b\xf2\x2d\xb4\xf2\xdd\xae\x8e\xf7\x7f" "\x84\xc6\x7f\x58\x89\xa8\xd0\xdb\xae\xcb\xc4\x85\x35\x16\xe1\x91\x3d\xed" "\x31\x79\xd4\x0e\x6c\x0c\x81\xaf\x22\x38\xd4\x9e\xd6\xea\x3a\x94\x5f\x11" "\xd9\xc4\x33\xa2\x15\x92\x75\x9e\xa6\x6f\xd0\x8e\x2f\x90\x81\x33\xf8\x53" "\x4f\x21\x69\x8d\xf6\x3a\x77\x40\xf2\xed\x4e\xc7\x54\x44\x5b\xae\xd6\x09" "\xfd\xe0\x35\xa5\x5c\x7c\xb7\x03\x5d\x5f\xaf\x87\xf0\x3a\x56\x91\x2d\xef" "\x1d\xb3\x1f\x72\x77\x25\x49\x8b\x69\x82\x86\x9a\xd8\x75\x6a\x80\xda\x30" "\xfb\x09\x3b\x16\x29\x33\x5c\xe1\xaa\x31\xb0\xa9\x75\x93\x06\x12\x23\x49" "\x01\xaf\x2f\x0c\xbc\x1f\x94\xc2\xc9\xed\xd5\x1c\xda\x1a\x14\x52\x66\xcf" "\x55\x5b\x44\xe2\x9e\xb5\x84\xa1\x98\xb7\x5d\x9a\x3f\xf1\x70\x89\x94\xbb" "\x7d\x43\x17\xcf\x92\x31\x6c\xb0\xaa\x04\x35\xac\xe5\xf8\xc2\x6e\x22\x76" "\x01\xbe\xee\x83\x6c\x7a\x4c\x9e\xca\x9d\x61\x1f\x2f\x56\x07\x0f\x2f\xcb" "\x19\xb5\x79\x69\xa1\x97\xb2\x03\x44\xa0\x39\x48\xdb\x3a\x9f\x5e\x71\xb6" "\x0b\x98\x62\xa2\x57\x3f\x82\x43\x6f\x37\x01\x61\xc7\x54\xf0\x8f\x78\xcf" "\xf9\xca\x94\x4e\x70\xfd\xd5\x6c\xbb\x23\x93\xf5\xa7\xc5\x16\xe2\x3a\x06" "\xef\x95\xe6\x1b\x9c\x81\x5e\xa3\xb7\xfb\xc4\x6b\x6a\xb4\x35\x3f\x51\x50" "\xca\x4b\x53\x1c\x49\x37\xd4\x89\x25\x2b\x28\xbe\x2b\xd9\x0e\x3e\x19\x14" "\xe6\x28\x04\xc7\x73\xcb\x49\x59\xdd\x99\xa1\x9f\x7d\xab\xb9\xf1\xb2\xeb" "\x4a\x14\x24\x81\x53\xc9\x91\xe9\x7f\x9e\x6b\x7f\x31\x43\x0d\x00\xe2\x95" "\xfd\x21\x46\xeb\x01\xc1\x51\x91\xdf\x48\xd5\x00\x5b\x30\xc2\x7d\x50\x6c" "\x85\x5d\x14\x51\x60\x8d\x70\xe4\x3c\x13\x1e\x8a\xe4\x4c\x8e\xc3\xd9\x31" "\x34\x4c\x3f\x28\x62\x71\x9d\x1b\xb3\x48\xb2\x52\xc0\xaf\x9f\x87\x98\x57" "\xe0\x96\x82\x26\x81\x59\x00\xb4\xe5\x26\xce\x06\x9c\x36\x58\x0e\xb7\x73" "\xba\xd9\x35\x87\x36\x46\xda\xb5\xdd\x94\x4a\xdb\x58\x41\x33\x8c\x13\x2b" "\xf0\x91\x6a\x18\x56\xa8\xbe\x34\xda\x5a\x11\xf2\xb4\x46\xbc\xac\x3e\x43" "\xa1\x9a\x17\x3a\x65\x19\xca\x2f\xf3\xb9\xa7\x61\x54\xaa\x93\xc7\xbf\xfb" "\x6f\xf5\xed\x0f\x3c\x39\xf9\x01\x25\xd5\xa5\x8d\x76\x5d\x21\xf6\x68\x50" "\x23\xa0\x0b\x85\xb8\x59\x89\xf1\x36\x1c\x25\x70\x00\x45\x27\xec\x36\x23" "\xf9\x95\xcd\xd9\x04\x76\x1e\xc0\x01\xc2\xfb\xc7\x27\x37\x60\x94\xe1\xea" "\x22\x39\x43\xca\x02\xb9\xaf\x1e\x37\xd2\xe3\x20\x88\xf6\x1b\xf9\xf4\x70" "\x82\x77\x20\x16\xe3\x1c\x0a\xf7\x5a\x99\x54\xd7\x1f\xab\x06\xa2\x3b\x8e" "\xb0\xa2\x93\x81\xe8\xc0\x81\x7e\x2d\x00\x02\x36\xff\xe3\x19\xa7\x0d\x48" "\x2b\x54\x61\x7f\xfb\xff\xfe\x79\x8e\x52\x5c\x44\xb7\x2e\x50\xb8\x57\x55" "\x7b\x7f\x6e\x67\xda\x0c\x98\x93\x8c\x32\x46\xae\xa2\x7b\xc1\xb6\x01\xd9" "\x51\x47\x03\x58\x13\x74\xa0\xf4\x9e\xff\x20\xd7\xc8\x59\xc6\xdb\x88\x4c" "\x26\x20\x47\x34\x28\xd9\xd6\x95\xa4\x52\x75\x7a\x00\x50\x04\xb9\x5b\xfa" "\xcf\x5a\xe0\x56\x85\x14\xc6\x38\x5b\xd8\xb0\x13\x59\x8c\x17\xf4\x52\xb5" "\x1a\x0d\xf6\x86\x05\x52\xb4\xb1\xe9\x82\xe7\xdd\x7a\x1d\x28\x06\xc4\x4e" "\x48\x2f\xb3\xac\xc7\x84\x4e\x8a\x8b\x35\x64\xb4\x9e\x48\xbc\x8e\xe6\x90" "\x08\xcb\x2f\x4d\xf1\x1a\x9f\x47\xe3\x15\xc6\x07\x49\x2f\xa5\xd3\xb8\x33" "\xd2\x87\xce\x0b\x1d\x9e\xd5\x3e\x8f\x35\xb0\xcd\xe9\xa2\x6b\x90\xc1\xbd" "\xfa\x1c\xdc\x1a\x26\x9d\xb9\xb2\xcd\xff\x14\x49\x1e\xa6\x3c\xa5\x69\xde" "\x15\xfd\x12\xed\x8e\xe1\xa1\x93\x74\x9e\x43\x9d\xec\x7a\xcc\x45\x27\xc5" "\xa2\xba\xc4\x91\x4d\x2b\x73\x44\x68\x8f\x4a\x96\x7e\x78\x0a\x3f\x06\xf3" "\xc5\x4d\x9b\xcd\x3e\x78\x76\xe7\xb2\x72\x8c\x59\x49\xe5\xdf\x77\x79\x88" "\x74\x40\x0e\x4d\x15\x82\x36\x13\x72\x11\x06\x8a\x65\x6d\x8d\x98\x14\xa8" "\x3a\xee\x92\xf4\x43\xcd\xc9\xc4\xfa\x20\xdc\x9f\xb6\x0d\xcf\x61\x85\x71" "\xe7\x8f\x8b\x9b\x8c\x63\xe0\xc2\x53\xee\x08\x07\x22\x56\x0f\x4b\x7c\xc0" "\xb6\x2c\xc1\x37\xa2\x01\x5c\x81\xd1\xae\x75\xc6\x39\x35\x44\x88\x96\x5e" "\x37\x60\x7c\x08\x43\xc8\xc3\x7d\x28\xd5\x33\xf0\x4f\xea\x22\x1b\x75\x0f" "\x12\x5d\xd6\x4c\x4c\x6f\xf2\x54\xb2\xe5\xd4\xbe\x66\x5b\xa2\x04\x18\x78" "\x84\xa5\x53\xad\xf4\x82\xf5\x03\xbf\x7f\x29\x0e\xc3\xfa\x27\x7e\x0d\x6b" "\xbd\xe3\x9e\x9a\xac\x61\x05\x37\x96\xc2\xb2\xcc\x18\xe4\xfe\xc0\x09\x29" "\xc7\x15\xe0\x28\x77\x89\xac\x23\xb4\x11\x08\xdb\xa1\xe9\x11\xb2\x99\x1c" "\x1b\x57\x74\x45\xde\x4e\xd8\xd5\x67\x2d\x0b\xbd\x46\xfa\x54\x89\x57\x07" "\x45\x56\x4f\x85\xd0\x81\x5d\xdd\x4e\x75\xc6\x27\x8d\x91\x63\x6c\xc8\xec" "\xe9\xc1\x71\xdf\x42\xab\x20\xc3\xd3\x11\xc0\x85\x73\xce\x23\x54\x2d\x73" "\xec\x44\x93\xf3\x92\x5d\xc8\xe6\x22\xd5\x20\x88\xca\x33\x2e\x57\x92\x23" "\xee\xe5\xfa\x7d\x15\xd5\x83\x01\x72\x30\xf1\xa6\xd2\xeb\x30\x96\xb3\x70" "\x58\xd1\x22\xb9\x07\x43\x2f\x93\x23\x0a\xaf\x71\x6d\xfc\x4f\x36\xf4\x1c" "\xb0\x72\x89\x9a\x16\xb4\xdb\x8b\xdf\x58\x09\xdb\x62\x2a\x2a\x71\xf3\x46" "\xf1\x9e\x99\x70\x0b\xb7\x65\x43\x12\xf1\xb1\x31\x44\xd6\x34\x84\xe7\xd3" "\xd7\xa4\x31\xe9\x52\x86\x62\xb4\x9a\x40\x57\x35\xd9\x2b\x41\x66\x20\x11" "\x05\x2b\xde\xed\xfe\xa5\x57\x2b\xf7\x78\x7b\xc5\x1e\xf8\x3e\x59\x4c\x27" "\xa4\xa1\x55\x92\xfa\xd1\xdf\x62\x73\xca\x20\x64\x64\xe4\x93\xe3\x6b\x0b" "\xdb\xf7\x8e\x3f\x5d\xd8\x82\x4b\x52\x0c\xfc\xbf\x2d\xff\x12\xc8\xda\x9e" "\x03\x17\xf1\x12\xf8\xaf\xf2\xac\xb0\x45\xbb\x16\xd4\xa5\x8e\x31\x61\x02" "\x8a\xa5\xfe\x4a\x16\xe4\x49\x4e\xdc\xc7\xed\x98\x9c\x03\x13\x1c\x3d\x12" "\x35\xaa\x1d\x66\x14\x00\x00\x40\xe3", 3789); *(uint64_t*)0x20001188 = 0x4b86694d; *(uint64_t*)0x200011d8 = 1; *(uint64_t*)0x200011e0 = 0; *(uint64_t*)0x200011e8 = 0; *(uint32_t*)0x200011f0 = 0; syscall(__NR_sendmsg, /*fd=*/r[0], /*msg=*/0x200011c0ul, /*f=*/0ul); *(uint64_t*)0x20001280 = 0; *(uint32_t*)0x20001288 = 0; *(uint64_t*)0x20001290 = 0x20001140; *(uint64_t*)0x20001140 = 0x20001200; *(uint32_t*)0x20001200 = 0x14; *(uint16_t*)0x20001204 = 0; *(uint16_t*)0x20001206 = 0; *(uint32_t*)0x20001208 = 0; *(uint32_t*)0x2000120c = 0; *(uint8_t*)0x20001210 = 0xf; *(uint8_t*)0x20001211 = 0; *(uint16_t*)0x20001212 = 0; *(uint64_t*)0x20001148 = 0x14; *(uint64_t*)0x20001298 = 1; *(uint64_t*)0x200012a0 = 0; *(uint64_t*)0x200012a8 = 0; *(uint32_t*)0x200012b0 = 0; syscall(__NR_sendmsg, /*fd=*/r[0], /*msg=*/0x20001280ul, /*f=*/0ul); } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); setup_leak(); loop(); return 0; }