// https://syzkaller.appspot.com/bug?id=70f3dfb58906e09339317275a07983cabe05f3ab // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static int inject_fault(int nth) { int fd; fd = open("/proc/thread-self/fail-nth", O_RDWR); if (fd == -1) exit(1); char buf[16]; sprintf(buf, "%d", nth + 1); if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf)) exit(1); return fd; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void setup_fault() { static struct { const char* file; const char* val; bool fatal; } files[] = { {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true}, {"/sys/kernel/debug/fail_futex/ignore-private", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false}, {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false}, {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false}, }; unsigned i; for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].file, files[i].val)) { if (files[i].fatal) exit(1); } } } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5 * 1000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[1] = {0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; res = syscall(__NR_socketpair, 0x1eul, 2ul, 0, 0x20000840ul); if (res != -1) NONFAILING(r[0] = *(uint32_t*)0x20000840); NONFAILING(*(uint64_t*)0x20000280 = 0x20000000); NONFAILING(*(uint16_t*)0x20000000 = 0x1e); NONFAILING(*(uint8_t*)0x20000002 = 1); NONFAILING(*(uint8_t*)0x20000003 = 0); NONFAILING(*(uint32_t*)0x20000004 = 1); NONFAILING(*(uint32_t*)0x20000008 = 0); NONFAILING(*(uint32_t*)0x2000000c = 0x63ed); NONFAILING(*(uint32_t*)0x20000288 = 0x10); NONFAILING(*(uint64_t*)0x20000290 = 0x20000140); NONFAILING(*(uint64_t*)0x20000140 = 0x20000300); NONFAILING(memcpy( (void*)0x20000300, "\x26\x37\x08\x3a\x1e\x5f\x4e\x3e\x19\x63\x18\x63\x00\x55\xca\xf9\xcf\x55" "\x49\x89\xf7\xf7\x03\xd1\xc5\x2b\x1f\x0f\x16\x83\x18\x7c\xdd\x65\x86\x6d" "\x0f\x40\x43\x49\x8e\xf8\x8c\x40\xe3\xeb\xb0\x11\x14\x48\xde\x4a\x03\x59" "\x94\x03\x69\x3e\x20\xed\x66\x2a\x9b\xd0\xd8\xa7\x28\x7f\xbf\x69\x22\xe3" "\x68\x77\xc6\x04\xa1\xcf\xd8\xd3\xb7\xdb\x25\x10\xc8\xc0\x6a\x0f\xa9\x8d" "\x59\x9e\xc8\x34\x77\xae\xf0\x37\xf1\xc4\x23\xaf\x0c\x92\x54\xdd\xc7\x66" "\xa0\x86\x54\xc0\x55\x83\xbf\x2f\x52\xab\xf1\x45\x28\xf2\x44\xa9\xc5\xca" "\x64\xc3\xa3\xe9\x2c\xf8\x15\x3f\xa4\xf5\xab\xfe\xa7\x82\x92\x71\xd9\x5b" "\xc3\xb0\xc1\xf2\x2a\x08\x02\xd2\x14\x48\xf1\x1a\x86\x31\x2c\x21\xbe\xa3" "\x4c\xd9\x4d\x56\x01\x66\x22\x97\x61\x60\x1e\x4c\x88\xe4\x9b\x94\x15\xff" "\x2e\x67\x61\xca\x17\x53\xee\x29\x41\x42\x0b\x87\xf6\x5f\x19\x44\x42\x1a" "\x00\x1e\x7e\x69\xdf\x2c\xb8\x17\x0c\xdf\x57\x55\x6f\x08\xce\x0e\x09\xe8" "\x0f\xc9\x2a\x10\x6e\x70\x56\x74\x49\x94\xbd\xc1\x20\xdb\x9d\xb8\xb2\x8e" "\xee\x32\x4d\x1a\x8c\x64\xb5\x7d\xe1\xa0\x60\x0a\x3e\xcd\xcf\xe6\x0d\xca" "\x9f\x78\x9b\x86\x0b\x80\x7e\x33\xe5\x47\xbe\x81\xc4\x7d\xa4\x9e\xb9\x97" "\x3c\xd8\xd1\x49\x9d\x9c\x1e\xe7\x83\x88\x0b\x0d\xf7\xd4\xab\x5c\xe4\x94" "\x9c\xe3\x00\x2e\x07\x47\xed\xd9\x12\x36\x1e\x1b\xdf\xa3\xf5\xfc\xac\xe1" "\x79\x94\x40\xf3\xad\x41\x8d\x73\x91\x68\x3f\xed\x32\x48\xa4\x5f\x42\xc5" "\xd6\xc6\xf9\x8c\x77\x23\x9f\x5f\x4b\x7a\x1b\x22\xda\x7e\x03\x53\x33\xd0" "\x40\xd8\xe3\xe3\x50\xbf\xc3\x67\xf7\xe0\xf2\xa7\x0e\xbb\x4e\x22\x9e\xf4" "\x2e\x09\x50\xea\xb2\x2e\xe1\x31\x4b\x72\x0c\xb8\xa3\x2e\x80\xf0\xb6\xda" "\x14\x96\x55\x1c\xe7\xba\x14\xda\xca\xe0\x17\x90\x6f\x41\x9b\x81\xb1\xee" "\xbe\xe4\xd3\x61\x36\x5f\x4b\xd2\x37\x7b\x15\x4f\x20\x09\xe6\x27\x73\x59" "\xde\x71\x82\xd5\x20\x79\xe5\xbe\x7c\xe1\x8e\x82\xea\x3c\xbb\xc3\x6a\x0f" "\xa4\x7f\xfb\xce\x14\xad\xa8\x3b\x82\x20\x9d\xfa\xdf\xe7\x5f\x1c\x0c\xde" "\x8f\x4f\xea\x76\x54\xc4\x87\x01\x7d\x3d\x13\x89\x94\x37\xb6\x12\x7f\x7d" "\x36\x4a\xb9\xd8\x0f\xa4\xbe\xdb\xbe\xb2\xe4\x44\x82\x44\x5b\x7c\x04\xa4" "\x07\xe6\xb6\x97\xa7\x7f\xe3\x6d\xd1\x36\x0a\x43\x31\x27\x5e\xd5\x9c\xe3" "\x56\xb4\xc4\x7b\xc9\xa7\xe6\xee\xeb\xd6\xd3\xda\x7d\x9d\xe7\x92\x94\xb8" "\xdf\x02\x42\xaa\xa2\xc9\x0c\xc3\x99\x61\xf5\xe7\xc4\x95\x13\x37\x34\x1e" "\xa6\x03\xab\xfd\x17\x61\x77\xbd\x54\x5e\x28\xd7\x55\x3e\xe5\xe0\xda\x63" "\x88\x50\x93\x16\xe6\x8f\x86\x05\xd9\xd1\x73\xc4\x98\x9e\xab\xeb\xec\x4a" "\x0f\x4d\xc0\xf7\xac\x35\x24\x45\xf8\x0b\x62\xf5\xcc\x04\x68\x3f\x1f\xdd" "\x3c\xa6\x4e\x11\x43\x5f\x42\xa8\x53\x69\x7b\x1e\x92\x41\x5a\xe2\xb9\x21" "\xb3\x82\x0e\x59\x3c\xfc\x46\x51\x14\x8d\x61\xc7\x35\x3c\x31\x05\xb2\x51" "\xf4\x63\x1f\x4d\x19\x66\x6e\xca\xaa\xbf\x97\xd2\xe0\x1b\xf9\xe6\x78\x0e" "\xe8\x43\x1a\xf8\x81\x05\x2e\xfc\x03\xf2\x24\xcd\x39\xab\x93\xd8\x80\xbb" "\x6e\x17\x19\x59\xb5\xab\x09\x5f\xde\x0a\x3b\x59\x5e\x7e\xc7\xe7\x0d\x88" "\xf7\x4b\x2d\x96\x4c\xa8\xe5\xe8\x39\x50\xce\x25\x6f\xe7\x20\xb2\x71\x33" "\x71\x5b\x46\x96\x44\x1f\x7d\x21\x40\xfd\x19\x4a\x86\x3d\x80\x34\xa8\xb4" "\x9f\xcb\x0d\xe2\xfb\xdc\xbb\x7c\xb6\xcc\xab\x43\x07\x77\x4c\x37\x20\xe3" "\x0b\x95\xbd\xda\x40\x64\xd7\xb7\x26\x51\x4d\x98\x0d\xa7\xf5\x44\x37\x86" "\x84\x07\x76\x1c\x2f\xa7\xb1\x2d\xb0\x10\x8e\x90\xda\x56\x1c\x7e\x7e\x5f" "\x3c\xbe\x7a\xb8\x15\xe3\xc7\x51\x8c\x82\x83\x00\xd5\x02\x42\xdf\x67\xff" "\xe6\x82\xe2\x20\x44\x4d\x31\x99\x28\x26\x08\xdc\x7c\xf5\x05\x43\xff\xf2" "\x63\xec\x35\xb2\xe3\x03\x53\x86\x69\x46\xcc\x5d\x46\x38\xa0\x7f\x4e\x53" "\x50\x30\xd7\xd2\xe5\x51\xd7\x06\x6b\x24\xbe\x8c\x60\x62\xf7\xe6\xb8\x37" "\x50\xa2\xc8\xf1\xed\x20\x01\xea\x03\xf3\x2b\x06\xd6\x01\x6e\x67\x8b\x74" "\xbf\x9e\x10\x21\xee\x0d\x92\x07\xdc\xe7\x47\x0c\x01\xb7\xf6\x64\x8a\xf8" "\x7f\xd7\x09\x36\x0a\x19\x67\x33\xd0\xf2\xad\xf8\x22\xfd\xaa\x35\x6a\x38" "\x4d\x9f\x2b\x07\x99\x3e\x69\xf9\x0a\x64\xc6\x56\xa0\x10\x66\x20\x0e\xa6" "\x28\x06\x82\x7a\xac\x5a\xe5\xb4\x4e\xd3\x5b\x46\xb8\xfa\x94\x33\x38\x0b" "\xfc\x1f\x1b\xb9\x92\x34\x7c\x90\x29\x0c\xb2\x12\xdb\x7b\x31\x42\x61\x17" "\xa6\xd1\xf0\xef\x2b\x20\x3e\x5a\x63\x34\x0b\xd8\x44\xfc\x2f\xbf\xd2\xd3" "\xe1\x53\x65\xbd\xcd\x52\x4e\xe8\x4e\xfe\x12\xf6\xd7\x2e\xe0\xdc\x59\x68" "\xef\xbc\x8e\x69\xac\x25\x72\x6a\x1e\x57\xfd\x68\xbb\x69\x27\xda\xd9\x83" "\x97\x6c\xb5\x42\x10\xd2\x2a\x60\x6e\xbd\xde\x9a\xaa\x2b\x09\x90\x7d\x15" "\xbd\x1d\x44\x00\xe9\x05\x9e\x19\xe4\x6d\xf1\x1a\x1f\x32\x10\xd5\x24\x31" "\x2c\x26\x9b\xbe\xdf\x18\xb3\xf5\xca\x26\x6e\x98\x61\x13\x50\xc0\x79\x96" "\xa3\xef\x01\x64\xbf\xf5\xaa\xd9\x85\xe8\xac\xa8\xa4\x3e\x27\x36\xce\x15" "\xe7\xbd\xcd\x22\x9f\x19\xf7\x66\x48\xaf\x02\x6e\xea\xd4\x44\xfd\xcf\x48" "\xfe\x31\xc0\x22\x67\xe1\x15\x16\x78\x36\xdc\x07\x07\x14\x41\x25\xdd\xc0" "\x8d\x9f\x26\x3c\x78\x9b\xcb\x6a\xbe\xe9\x7d\x97\xac\x0a\x08\x18\xab\x11" "\x30\x98\x37\x59\x00\x05\x09\xb2\xa2\xa6\x3f\x11\x05\xed\x10\xad\xb5\x0e" "\xc5\x02\xb5\xd3\x35\x32\x0e\x5f\x58\x4d\x14\xaa\x56\x36\x48\xb6\x14\x90" "\xc5\xf1\x3e\x27\x71\x9f\xcc\x32\xdc\x14\xe5\xf7\xae\xd6\xa4\x60\x08\x12" "\x56\x32\xeb\x21\x11\xe4\x70\x78\x5e\x4e\xf3\x6d\xb0\x98\xec\x07\x0c\xd7" "\x92\x7b\xb3\x50\x89\x96\xd8\x25\x76\xd7\x72\xe2\x2e\x65\x95\xea\xd5\x6e" "\x3e\xa8\x69\xba\x5e\x51\xb6\x60\x5c\x6f\x60\x16\x86\x00\x3b\x63\x4a\x48" "\x26\x41\x9e\x8b\x12\xfc\x90\xad\x6e\x48\xce\xc6\x0c\xfa\x3a\xf1\x26\x62" "\xe2\x88\x64\xf3\xaf\xb3\x37\xe6\xd1\x06\x43\x9e\x13\x6c\x7f\xd5\xc3\xdd" "\x86\xe2\xe2\x76\x77\xf1\x9b\x6e\x51\xf1\x47\x7b\x45\xd6\xe5\xd7\xc2\x55" "\x39\x62\xfe\xf7\x6d\x13\x26\x58\xed\xbe\xcc\x55\xa1\x62\x76\x66\xc9\x54" "\xf4\xa2\x53\x6c\x24\xb5\x09\x66\x55\x33\x2a\x72\xdb\x0d\x64\x6f\xf5\x4b" "\x9c\x35\x12\x59\xbb\xac\xa7\xc6\x6d\xf6\x11\xa6\xcb\xb7\x3d\x61\x18\x67" "\x9b\xa5\xcd\x0e\x0f\x1a\xbb\xad\xc1\xed\xaa\x7f\x35\x87\x75\x61\xf0\x73" "\xa4\x81\x76\xaf\x41\x4f\xb3\x41\x38\x32\x95\xf6\x96\x18\xc6\x82\xcd\x56" "\x08\xa4\x12\x19\x21\xaa\x3c\x4e\x9e\x0e\x49\x25\xe9\x64\x1a\x8e\x2b\x4d" "\x66\xdd\xab\x59\xbe\x40\x35\x7c\xfb\x0e\xf5\xa2\x98\xa3\xfd\x3b\xa0\xf3" "\xb0\x09\x94\x2f\x48\x82\x30\x7c\x6a\xaf\xdf\xa6\xa1\x65\xda\x2d\x08\x2d" "\x07\xec\x97\x30\x15\xfc\xb3\xd2\x01\xc3\x18\x94\x4c\x36\x99\x77\xc7\x91" "\x81\x0a\xfd\x59\x26\x16\x27\xe8\xe5\xde\xe0\xea\xc2\xb3\x0c\xc1\xba\xda" "\x15\x9f\xdf\x6e\x62\xfb\x5d\x8a\x4e\xcf\x89\x01\xcf\xf1\xb9\x37\x9c\xa0" "\x03\x3d\xa2\x0e\x9b\x16\xb2\x81\x4e\x60\x96\xc6\xa8\xad\xb6\xb2\x07\xd5" "\xa2\xb3\x42\x30\xa5\x64\xe2\xb2\x0d\xf6\xce\x7c\xee\xf7\xcc\x8e\x75\xe6" "\x4c\x0c\x17\x30\x5b\xc0\x3a\x68\xad\xcb\x19\x0a\x11\x40\xbe\x2e\x25\x12" "\x09\x3f\x6d\xb0\xef\x94\x89\x52\x6d\xcd\xb1\xb2\x09\xed\x4c\x35\xc5\x11" "\xf7\x00\xb0\x9c\x97\x0a\xcf\xb1\x0f\x55\x18\xc0\x92\xad\xa8\x07\x20\x44" "\xb9\x17\x3c\x43\xa0\x65\x63\xfb\xe3\xe9\x42\xaf\x9c\x19\x2f\x6a\x77\x10" "\x94\x68\xb6\xbb\x8c\x10\xc1\x77\x16\xcf\xa1\x47\x79\xa8\x13\x81\xf9\x4d" "\x34\x42\xc7\x09\x63\xab\xa8\xb9\x46\xc4\x3d\x3e\x03\x68\x9c\x7a\x88\x5e" "\x67\x8e\x8c\x89\xef\x67\xca\x61\x82\xc3\x17\x5c\x64\xc1\x1d\x31\xd7\xa5" "\x9a\x80\x4b\xd2\xcb\x81\xb2\x82\xbd\x8c\x0e\x17\xa4\xec\x15\xea\xc8\xd9" "\x83\xd6\x26\xec\xc5\x57\x01\x62\x7f\x5d\xb3\xc9\x23\xdd\x60\x66\xc5\x9d" "\x54\x97\x59\xf9\xb8\x97\x9d\x33\x56\x74\x79\x3a\xf8\xdd\xd8\x62\x87\x42" "\x0f\x1e\x44\x80\x22\x74\x38\x1c\x11\xf4\xf7\xde\x84\xa6\x33\x73\x72\x12" "\x13\x93\xfc\x40\xf3\x7b\xf1\xd2\x21\x2f\x01\x91\xf0\x11\x82\xfa\x0c\x0d" "\xc6\xc3\x8d\xb8\x45\x1f\x7f\x68\xe8\x6d\x37\x04\xdd\x4f\x04\x84\xc5\xef" "\x69\xaa\x00\x5b\x8a\xb6\xb9\xf1\x4d\xfb\x37\x63\xf0\x5c\xb7\xe6\xd5\x27" "\x51\xd4\x08\x7e\xc8\x28\x28\x53\x3b\x86\x13\x15\x09\x24\xaf\xd9\x18\xde" "\x73\xe5\x5f\xaa\x5a\x0a\x9e\x0c\x58\x27\x6f\xba\xa3\xac\x85\xc5\x90\x47" "\xc5\xfe\x37\x80\x16\xe0\x93\x1d\xfa\x1e\x3d\x43\x3c\xef\x5b\x72\xa8\xab" "\x86\x7b\x71\x54\x70\x10\xb3\x1d\x0b\x0b\x15\x5a\x9e\x3f\x01\x30\x39\xbb" "\x03\xb0\xf2\x27\x5f\x0b\x09\xad\x60\x9d\xed\x0a\x4b\x24\x37\x01\x0d\xdf" "\x1d\xae\xf7\x66\x6e\xf9\x5a\x9f\x7c\x41\x4c\xd9\xac\x28\x2a\x5b\x1f\x8a" "\x72\x95\xbc\x85\x34\x0f\x85\xa9\x82\x8e\x91\x08\x1a\x76\xa1\x01\x60\x0a" "\x8d\xae\xb7\x54\x4d\x59\xde\x90\xca\x40\xc7\x4b\x18\x0b\xff\xb7\x2d\x42" "\xe7\xe0\x0b\xef\xb4\x75\x45\xa7\x8e\x17\xf2\xb3\xd8\xab\x4c\xb7\x46\xd0" "\x97\x6f\xa0\xf1\xcc\x37\x93\x91\x0f\x3f\xc4\x97\xc4\x4e\x6f\xf1\xec\x6f" "\x80\x80\x4a\x16\x84\x04\x78\xed\x1e\x13\x94\x46\xe7\x1e\xbc\x6f\x8d\x1a" "\xb1\x3b\x83\x47\x50\xd9\x77\xb8\x8d\xfe\x9f\xde\x4b\xff\x83\x97\xc0\x55" "\x1d\xae\x60\xb1\xa1\x46\x65\xdd\xdf\x0b\x61\x4d\x7c\x68\x6e\x9b\x6a\x40" "\x3a\x42\x8a\xc2\xd2\x83\x5a\xdd\xc2\x7d\xa3\x88\x61\xe8\x0d\x72\x7f\x4c" "\x07\xf5\x6b\xd4\x5a\xdf\x02\x2b\x1b\x94\x1e\x55\x29\x3f\x4f\x88\x8c\xcd" "\xe3\x88\xfa\x52\x97\x20\x12\x14\x5e\xc1\xca\x02\x18\x95\x1f\x06\x7e\xd5" "\xf0\x3f\xc6\x58\xc4\x3f\x94\x1d\xbe\xab\xcd\x12\x02\x85\x59\x82\x1a\xe8" "\xc0\xee\xd1\x14\xcd\xc1\x82\xe6\xd1\x4d\x55\x97\xbe\x40\x80\xde\xfe\xf6" "\x89\x5b\x2d\xd5\xdb\x08\x1a\x18\xbe\x69\xcf\x13\xe1\xb7\x0d\xe1\x70\xa6" "\x95\x1b\x6e\x11\xa6\xc0\xa4\x4e\x03\xd5\x3c\xd5\x84\x39\x16\x63\x54\x93" "\xc1\x48\x47\xcb\x7a\x10\x70\x7f\x3a\x18\xce\xa2\x54\x56\x19\x19\xd8\x19" "\xf0\xa8\xdd\xe0\x63\x6e\x38\x3d\xfd\xd2\xde\x47\xa0\x89\x09\xcb\x13\x38" "\x0c\x2f\xbb\x9d\x04\xd0\x15\xdf\x07\x87\x97\xeb\x84\x80\x63\x55\x4e\x9f" "\x1d\x90\x3d\xcb\xca\x4e\x9e\x50\x8f\x74\x11\x05\x27\x86\x1b\x8e\x67\xd9" "\xc7\x08\x48\xae\x3e\x41\x38\x46\xe0\xa6\x12\x09\x8c\xf8\xda\x8c\x57\xd2" "\x9c\x95\x29\xc7\x45\x88\x54\x88\x6c\x15\x68\xa7\x72\xfc\xd4\x74\xa7\xab" "\xd7\x57\x7b\x33\xfe\x9a\xa4\xb5\x9a\x95\xea\x64\xa3\x39\x5f\x96\xd2\x4f" "\x18\x72\xd8\xdb\x3b\x6f\xc9\x45\x33\x7a\xc8\xa7\xe4\xe5\x23\xa3\x54\x34" "\xf3\x6c\xa3\xb9\x9f\x3d\x8c\xf6\x61\xba\x44\x87\x1b\xf8\x20\xbb\xe1\xc6" "\x09\x1c\x7f\x5d\x6a\xe5\x0e\x52\xbd\xdb\x8d\xa3\xd6\x2e\x73\x6d\xbf\x72" "\xfc\xc5\xea\xf5\x7d\xf1\x31\x1c\xc6\x46\x87\xd0\xd4\xdd\x95\x15\xd5\x13" "\x81\x6f\xa8\x12\x6f\xc7\xea\xb4\x51\x16\x17\xca\xb8\x94\xd5\x8f\x3d\x9e" "\xa2\x9a\x51\xa9\x5c\x09\x19\xab\x11\x86\x6b\x97\x3c\xbe\x42\xbf\x9c\x0a" "\x94\xb7\xe7\xd6\x56\x64\x38\xcc\x64\xd2\xff\x93\x91\x20\xe7\xe9\x35\xd6" "\x09\x98\xf9\xd0\xa1\x81\x26\xb0\xe4\x53\x28\x1b\xb3\xaf\xbb\xe3\xe4\x71" "\x6d\xf3\x9f\x19\x6f\xb7\x85\x1d\xbc\xf6\x45\xcb\x60\x94\xa0\x8c\xd6\x30" "\xf9\x6c\x37\xeb\xc6\x1a\x23\x9f\x5d\x93\xaf\xa5\x7d\x65\xc2\x11\xdd\x7a" "\xdb\xc6\x55\x17\x3b\xd1\xf7\xa3\x0f\x16\x10\x40\x43\x9b\x9b\x76\xa7\xc3" "\x61\x58\x4d\x7d\x2d\x2a\xd5\x16\x72\xd6\x51\x9d\x54\x2e\xb4\x1f\xed\x89" "\x88\xc1\x78\x44\x4a\x94\x87\xeb\x6a\x62\xa1\xff\x31\x85\x9e\x49\x7e\x0e" "\x9b\xdc\x7b\x1f\x24\xba\xd0\x5f\xfe\xf5\x89\xcc\x1f\xf5\x56\x29\x51\x21" "\xce\x86\x3c\xa1\x98\x42\x7f\x17\xa6\xa3\x6d\xc8\xd7\xd2\x45\xaf\x29\x13" "\x0c\x17\xf6\xa7\x89\xca\x8e\x13\x1a\x15\xfd\x7a\x4b\x5f\x16\x84\xd6\xf0" "\xdb\xe7\xc5\x03\xab\x67\x51\x63\x8b\xfb\xe7\x4d\x29\xc5\x08\x65\x0e\xa4" "\xbf\x5a\xb3\x28\x2f\x14\xa4\x52\x03\xca\xc1\x4a\xf5\x3f\xde\x59\x75\xc4" "\x46\x37\x2b\x89\xc3\x89\xd4\xc8\xf1\xb5\xb3\x87\x9b\xa4\x7f\x35\x8f\x37" "\x5c\x3b\xf0\x60\x7a\x09\x60\xec\x2f\x59\x50\xbc\x57\x51\x0d\x42\x56\xa7" "\x13\x98\x7c\x64\x18\xf5\x31\xbd\xf1\x26\x1d\x90\xd2\x72\x8c\xa8\x93\x9c" "\x9e\x9f\x36\xb0\x4b\x06\x2b\x80\xa3\x88\x54\xf1\xa0\xe3\x1c\x8b\x73\x7e" "\x0a\x48\xea\x67\x5a\xc4\xd2\xba\x17\x45\xb6\x62\x29\x19\x5b\x79\x08\x7f" "\x23\x78\x8e\x2c\x9e\x6d\x2c\x71\x3d\xdf\xa0\xd7\xdf\x06\xb9\x32\xa8\x6e" "\x4e\x58\x16\xcb\xb9\x8c\x82\x85\x5b\xa3\x7d\x5c\x8a\x38\x00\xaa\x3b\x9d" "\x1a\xf8\x93\x9a\x30\x25\x2a\x1d\x88\x05\x84\x7f\xbc\xa5\x5b\xb1\xad\x42" "\x37\x4b\x11\x64\x2d\x89\x52\xb1\x64\xec\x79\xc7\x69\x13\xe5\x9b\xfa\x2e" "\x2f\x5d\x09\xc2\xda\x47\xe6\x9e\xeb\xa1\x04\x43\x7b\x92\xa7\x0f\x65\x02" "\xb8\xb6\x4c\x99\xaf\x5a\x66\xc4\x44\xda\x2a\x11\x2e\x96\xfc\xdb\x93\x5a" "\xf9\x66\x01\xd5\x0d\xd3\x8c\x1c\xc3\xe2\x6c\xf5\x43\x8a\x58\x14\x9d\x10" "\xfd\xc8\x64\x9c\x8c\x07\xac\xb1\x51\xa9\xa2\x82\xee\xc4\x83\x94\x0d\x55" "\xc6\x0e\x36\xbb\x8e\xd8\x0c\x38\x60\x2c\xf0\xe3\xce\x84\xe3\x53\x8c\x4d" "\xed\x62\x2c\x2c\x6f\x1c\xd0\xa2\x10\x78\xc7\xab\x76\x98\xa2\x71\x73\xdd" "\xf4\x19\x79\xe1\xcc\x15\xee\x67\xc3\x33\x5e\xc3\x04\xcb\xfa\x74\x80\xba" "\xa4\x58\x7d\x8f\xb6\xb8\x08\x5f\xee\x84\x8f\x84\x8d\x44\x28\xfb\x0b\xac" "\x7f\xe2\x9e\x74\x52\xc0\xec\x34\xed\x51\x78\xd2\xec\x27\xad\x52\xcf\xf7" "\x8d\xa1\xef\x5b\x7a\xc4\x54\x22\x34\x9f\xed\x63\xfb\x50\xb6\x8a\xd8\x99" "\x7d\xa5\x9b\xd0\x8f\x72\x38\x2e\xa2\x68\xcf\xed\x58\x38\xd2\xd1\x2b\xca" "\x41\xf2\x34\x74\x8f\xa6\xf6\x56\x01\x02\x01\x7a\x7e\x42\x72\x30\xaf\x15" "\x3b\xc2\x19\x5f\xdf\x81\x62\xf5\x4b\xc5\x45\xf8\xae\x12\x14\x71\x0f\x57" "\x0f\x74\x69\x7e\xcb\x93\x2d\xc1\x45\x11\x06\xbe\xdb\x8d\x17\xb6\x75\xfd" "\x33\xd3\xf2\x1b\x9f\x39\x80\xe1\x39\x0d\x95\x48\x5d\xe7\xbb\x09\x2d\x54" "\x53\x80\x4b\xec\x54\x4f\x8d\x3a\xdb\x87\x2b\xc1\xd2\xfe\xaf\xb3\x7e\x6e" "\x29\x88\xa1\x15\x4a\xfb\x3e\x2c\xc0\x28\xd6\x22\x54\x06\xd8\x83\xae\x38" "\xac\x8b\xfd\x09\x7c\x11\x15\x51\x6f\x28\x93\x6b\xa5\xce\x4d\x90\x07\x86" "\x3f\x72\x26\x70\x9e\xb6\x39\xe0\x36\x61\xd0\x3e\x33\x2a\x43\x67\x08\xcd" "\x29\x95\x40\x30\x71\xd8\xbb\xbf\x5d\xab\x82\xde\x3a\x8c\xc0\x4a\xa3\x07" "\x0e\x5d\xad\xec\x58\xb6\xf9\x8f\x11\x26\xcb\x61\x9a\x95\x31\xb2\x3a\x3a" "\xb4\xf2\xf4\x9a\xbd\xe6\xa9\xa4\xe7\x34\x16\xec\x46\x6b\xdb\xfa\x72\x84" "\x3e\x0e\xce\xbf\x6e\x7a\x0a\x02\x18\x1f\xe4\xc5\x74\x6a\x6c\x52\x47\xd4" "\x62\x5c\x10\x0b\xde\x85\xc2\x7c\x86\xf4\x9a\xfb\xf6\x37\x2c\xa0\x4f\xdd" "\x67\x73\x4a\x91\x6c\xb1\xa6\x70\x04\x33\x7c\xaa\x63\x34\x9b\x26\xda\x7a" "\x13\xac\x61\x6e\x5a\x4e\x58\x2a\x16\xb7\x64\x31\x9f\x2b\x29\x49\x99\x4c" "\xdb\x8c\xb6\x70\x4b\x84\x30\xe7\xf7\x03\x98\x58\xaa\x14\x12\xfa\xa6\x8b" "\x25\xe0\xd3\x2d\xe8\x37\xef\xb1\xf4\xef\x9e\xde\x62\xe3\x98\xe4\xc3\x60" "\x78\x3b\xd7\xb3\xfd\xbd\x70\x6b\x76\x49\x4d\xb9\x90\x10\x07\xc6\xf5\x72" "\x7b\x48\xb7\x4a\x19\xa9\x7e\xc8\x52\xdb\x5b\x41\x8c\xb8\xc1\xec\x13\x59" "\x77\x59\xc5\x90\x5f\xec\xc3\x33\x55\x47\x6d\x84\xf5\x79\x1a\xe8\xca\x68" "\x3f\x01\xf4\x85\x2c\x1f\x72\xd4\x34\x3f\xd7\xfc\xc5\xf0\x1a\xe7\xa0\x09" "\xa8\xd8\x55\x35\x90\x81\x89\x39\xb6\x70\x02\x1d\x6a\xca\xb6\xb7\x32\x7b" "\x1a\x59\x38\xa4\x5e\xa0\x38\x08\xc9\x1e\x7c\x31\x8f\x00\x9c\x3c\xec\x1e" "\xae\xef\x6c\x14\x37\x45\x73\xed\x6a\x63\xce\xc3\xad\x3a\x95\x86\x25\x6f" "\xa5\x09\xcc\x52\x37\xd8\xfe\x86\x4d\xf6\x6b\xa5\x81\xc5\xc8\x9b\x6b\x3f" "\x86\xc7\x57\x77\xd5\x61\x90\x00\x70\x02\xb9\x84\x44\x14\xb4\xaa\x07\x68" "\x02\x1f\x35\x8f\xb8\x70\x41\x5d\x3e\x8d\x96\x26\x74\xab\xd4\xaa\x26\xfa" "\x2a\x53\x0c\xc3\x88\x00\xee\xad\x09\xa6\xcf\x12\x41\x88\x5e\x23\x64\x9c" "\xbc\x20\x7f\x78\xec\x11\x3d\xe3\x49\x48\xe1\x77\x11\x70\xc4\xdd\x16\x67" "\x3c\xc8\xe1\xd7\xdf\xc0\x32\x5f\x1a\x52\x9e\x97\x71\x09\x8a\x1d\xbb\xdf" "\x02\xa1\xac\xca\x10\x46\xf5\xd8\xc8\x59\xe2\x02\xb0\x18\x3b\x48\x89\x65" "\xbb\x92\xbf\x12\x32\x4b\xff\xd5\x5e\x9c\x04\xc4\xe7\x2b\x80\x51\x3f\x12" "\xa9\x17\x82\xad\xda\xc4\x17\xf8\x0e\x27\xf5\x4f\xe2\xca\x5f\x2b\xe1\x96" "\x38\x2d\xa0\x1e\xb0\x87\x38\x72\xe1\x50\x9a\x7e\xa6\x9c\x33\xc1\x2d\x51" "\x93\x0a\xaf\x78\x5b\xc7\x0b\xdd\x2e\x36\x63\x04\x5c\xa8\x46\x0f\xd8\xfa" "\x6a\x2d\x5e\x8a\xc6\x39\x7e\xda\x31\x86\x46\x43\x96\xe6\x70\x2f\x6f\xe5" "\x7a\xce\xca\xee\xea\x5c\xf4\x6c\x0f\xa1\xf0\x2c\x6e\x35\xf0\x5c\xe6\x56" "\xf1\xb3\x5c\x53\x67\xcd\xec\xbc\x87\xf3\x12", 3629)); NONFAILING(*(uint64_t*)0x20000148 = 0xe2d); NONFAILING(*(uint64_t*)0x20000298 = 1); NONFAILING(*(uint64_t*)0x200002a0 = 0); NONFAILING(*(uint64_t*)0x200002a8 = 0); NONFAILING(*(uint32_t*)0x200002b0 = 0); inject_fault(4); syscall(__NR_sendmsg, r[0], 0x20000280ul, 0ul); } int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); inject_fault(4); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); setup_fault(); install_segv_handler(); loop(); return 0; }