// https://syzkaller.appspot.com/bug?id=2c2d50b2b911163383f8ee2141f0d075ddf9bf64 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif #ifndef __NR_pwritev2 #define __NR_pwritev2 328 #endif static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler@alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, max_destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static void reset_loop_device(const char* loopname) { int loopfd = open(loopname, O_RDWR); if (loopfd == -1) { return; } if (ioctl(loopfd, LOOP_CLR_FD, 0)) { } close(loopfd); } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { int loopfd; memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; close(loopfd); source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } else if (strncmp(fs, "gfs2", 4) == 0 && (strstr(opts, "errors=panic") || strstr(opts, "debug"))) { strcat(opts, ",errors=withdraw"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) reset_loop_device(loopname); errno = err; return res; } #define FS_IOC_SETFLAGS _IOW('f', 2, long) static void remove_dir(const char* dir) { int iter = 0; DIR* dp = 0; const int umount_flags = MNT_FORCE | UMOUNT_NOFOLLOW; retry: while (umount2(dir, umount_flags) == 0) { } dp = opendir(dir); if (dp == NULL) { if (errno == EMFILE) { exit(1); } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); while (umount2(filename, umount_flags) == 0) { } struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } int i; for (i = 0;; i++) { if (unlink(filename) == 0) break; if (errno == EPERM) { int fd = open(filename, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno != EBUSY || i > 100) exit(1); if (umount2(filename, umount_flags)) exit(1); } } closedir(dp); for (int i = 0;; i++) { if (rmdir(dir) == 0) break; if (i < 100) { if (errno == EPERM) { int fd = open(dir, O_RDONLY); if (fd != -1) { long flags = 0; if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) { } close(fd); continue; } } if (errno == EROFS) { break; } if (errno == EBUSY) { if (umount2(dir, umount_flags)) exit(1); continue; } if (errno == ENOTEMPTY) { if (iter < 100) { iter++; goto retry; } } } exit(1); } } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void reset_loop() { char buf[64]; snprintf(buf, sizeof(buf), "/dev/loop%llu", procid); int loopfd = open(buf, O_RDWR); if (loopfd != -1) { ioctl(loopfd, LOOP_CLR_FD, 0); close(loopfd); } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); if (symlink("/dev/binderfs", "./binderfs")) { } } static void setup_sysctl() { int cad_pid = fork(); if (cad_pid < 0) exit(1); if (cad_pid == 0) { for (;;) sleep(100); } char tmppid[32]; snprintf(tmppid, sizeof(tmppid), "%d", cad_pid); struct { const char* name; const char* data; } files[] = { {"/sys/kernel/debug/x86/nmi_longest_ns", "10000000000"}, {"/proc/sys/kernel/hung_task_check_interval_secs", "20"}, {"/proc/sys/net/core/bpf_jit_kallsyms", "1"}, {"/proc/sys/net/core/bpf_jit_harden", "0"}, {"/proc/sys/kernel/kptr_restrict", "0"}, {"/proc/sys/kernel/softlockup_all_cpu_backtrace", "1"}, {"/proc/sys/fs/mount-max", "100"}, {"/proc/sys/vm/oom_dump_tasks", "0"}, {"/proc/sys/debug/exception-trace", "0"}, {"/proc/sys/kernel/printk", "7 4 1 3"}, {"/proc/sys/kernel/keys/gc_delay", "1"}, {"/proc/sys/vm/oom_kill_allocating_task", "1"}, {"/proc/sys/kernel/ctrl-alt-del", "0"}, {"/proc/sys/kernel/cad_pid", tmppid}, }; for (size_t i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].name, files[i].data)) { } } kill(cad_pid, SIGKILL); while (waitpid(cad_pid, NULL, 0) != cad_pid) ; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 5; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50 + (call == 0 ? 4000 : 0) + (call == 4 ? 4000 : 0)); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); reset_loop(); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: // syz_mount_image$nilfs2 arguments: [ // fs: ptr[in, buffer] { // buffer: {6e 69 6c 66 73 32 00} (length 0x7) // } // dir: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 33 00} (length 0x8) // } // flags: mount_flags = 0x0 (8 bytes) // opts: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // } // } // chdir: int8 = 0x1 (1 bytes) // size: len = 0xadc (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0xadc) // } // ] // returns fd_dir memcpy((void*)0x200000000180, "nilfs2\000", 7); memcpy((void*)0x200000000300, "./file3\000", 8); memcpy( (void*)0x200000001900, "\x78\x9c\xec\xdd\x5d\x88\x5c\x57\x01\x00\xe0\x73\x77\x77\x36\xbb\x69" "\x6b\xa6\x35\xb5\x6b\x1a\xdb\xa4\xd5\xb6\xfe\x74\xd3\x6c\xd6\xf8\x13" "\x34\x29\x09\x82\xa1\x29\xe2\x4b\xa1\xf8\x12\xd2\xb4\x06\x63\x04\x2b" "\xa8\xa5\xd0\x24\x4f\xbe\xd9\x52\x52\xf0\xc9\x1f\x7c\xea\x4b\xa9\x22" "\x58\x10\x09\x7d\xf2\xa5\x60\x03\x45\xe8\x53\x15\xf4\xa1\x21\x62\xc1" "\x87\x1a\x4d\x46\xb2\x73\xce\xcc\x9d\x93\x99\xcc\xcc\x66\x77\xee\xce" "\xee\xf7\xc1\xdd\x33\xe7\x9e\x73\xe7\x9c\x3b\x7b\xe7\xce\xfd\x3b\xe7" "\x04\x60\xc3\x9a\x58\xfa\xbb\xb8\x38\x57\x84\x70\xee\x8d\x97\x0f\xbd" "\xff\xc0\x3f\x66\xaf\xcd\xd9\xdf\xca\x51\x5f\xfa\x3b\x55\x8a\xd5\x42" "\x08\x45\x8c\x4f\x65\xef\xf7\xde\x64\x33\xbc\xf2\xc1\xf3\xc7\xba\x85" "\x45\x58\x58\xfa\x9b\xe2\xe1\xf1\x4b\xad\x65\x6f\x09\x21\x9c\x0e\x3b" "\xc2\xf9\x50\x0f\xdb\xce\x5d\x78\xe9\xad\x85\xc7\x8e\x9c\x39\x7c\x76" "\xe7\xdb\xaf\xee\xbb\xb8\x3a\x6b\x0f\x00\x00\x1b\xcb\x37\xce\xef\x5b" "\xbc\xf3\xaf\x7f\xbe\xfb\xf6\xcb\xaf\xdd\x73\x20\x6c\x6a\xcd\x4f\xc7" "\xe7\xf5\x34\x63\xa6\x79\xdc\x7f\x20\x1e\xf8\xa7\xe3\xff\x89\xd0\x19" "\x2f\x4a\x53\xd9\x74\x96\x6f\x2a\x4e\x13\xb3\x9d\xf9\x26\xbb\xe4\x2b" "\x97\x53\xcb\xf2\x4d\xf5\x28\x7f\x3a\x2b\xbf\xd6\x23\xdf\xa6\x70\xe3" "\xf2\x27\x4b\xf3\xba\xad\x37\x8c\xb3\xb4\x1d\xd7\x43\x31\x31\x1f\x42" "\xd8\xdc\x8a\x4f\x4c\xcc\xcf\x37\xcf\xc9\xc3\xd2\x79\xfd\x74\x31\x7f" "\xea\xc4\xc9\xa7\x9f\xad\xa8\xa2\xc0\x8a\xfb\xf7\xbd\x21\x84\x1d\xa5" "\xe9\xe0\xd9\xce\xf8\x5a\x9b\xf6\xaf\x81\x3a\x2c\x73\x6a\xac\x81\x3a" "\x8c\xe5\x74\x60\x74\x65\x5d\x6e\x34\x55\xbe\xce\x23\x9a\x1a\x5b\xaa" "\xde\x03\x01\x34\xe5\xf7\x0b\xaf\x73\x3a\xbf\xb2\x70\x73\x5a\xef\x36" "\x35\x58\xf9\x97\x1e\x9d\xe8\xbe\x3c\xac\x80\x51\x6f\xff\x43\x95\x3f" "\x5d\x71\xf9\x41\xf9\xbf\x3e\x63\x8f\xc3\xca\x59\xaf\x5b\x53\x5a\xaf" "\xf4\x3d\xba\x35\xc6\xf3\xfb\x08\xf9\xf3\x4b\xaf\xfc\xa1\x73\xb9\xb6" "\xfc\x4e\x47\xe7\xdc\xfc\x7e\x44\x6d\xc0\x7a\xf6\xba\x8f\x30\x2e\xf7" "\x17\x7a\xd5\x73\x72\xc4\xf5\x58\xae\x5e\xf5\xcf\xb7\x8b\xf5\xea\x2b" "\x31\x4c\x9f\xc3\x57\x3b\x52\xef\xed\xf8\xfe\xe4\xff\xd3\x71\xf9\x1f" "\x03\xdd\x7d\x98\x5f\xff\x37\x99\x4c\x6b\x7b\x0a\x1d\xf1\xda\xcd\xbc" "\x57\xa3\xe2\xfd\x0f\xb0\x76\xe5\xcf\xcd\x35\xd2\xfd\xd1\x28\x7f\xae" "\x2f\x4f\xdf\xd4\x27\x7d\xa6\x4f\xfa\x6c\x9f\xf4\xcd\x7d\xd2\x6f\xe9" "\x93\x0e\x1b\xd9\x6f\x7f\xf0\xd3\xf0\x62\xd1\xbe\xde\x95\x9f\xd3\x0f" "\x7b\x3d\x3c\x5d\x67\xbb\x2d\x86\x1f\x19\xb2\x3e\xf9\xf5\xc8\x61\xcb" "\xcf\x9f\xfb\x1d\xd6\xcd\x96\x9f\x3f\x4f\x0c\x6b\xd9\xef\x8f\x3e\x71" "\xfc\x8b\x4f\x3d\x79\xa1\xf9\xfc\x7f\xd1\xda\xfe\xaf\xc6\xed\x3d\x9d" "\x6e\xd4\xe3\x77\xeb\x7c\xcc\x90\xae\x17\xe6\xd7\xd5\x5b\xcf\xfe\xd7" "\x3b\xcb\x99\xe8\x91\xef\x8e\xac\x3e\xb7\x75\xc9\xbf\xf4\x7a\x6b\x67" "\xbe\x62\x6b\xfb\x7d\x42\x69\x3f\x73\x5d\x3d\xe6\x3a\x97\xdb\xd2\x2b" "\xdf\xf6\xce\x7c\xf5\x2c\xdf\x6c\x9c\x66\xb2\xfa\xe6\xc7\x27\x9b\xb3" "\xe5\xd2\xf1\x47\xda\xaf\xa6\xcf\x6b\x2a\x5b\xdf\x5a\xb6\x1e\xd3\x59" "\x3d\xd2\x7e\xe5\xf6\x18\xe6\xf5\x80\xe5\x48\xdb\x63\x7a\xfe\xbf\xdd" "\x1e\xa0\xf9\xfc\x7f\xda\x3e\xe7\x42\xad\x78\xfa\xc4\xc9\xe3\x8f\xc4" "\x78\xda\x4e\xff\x34\x59\xdb\x74\x6d\xfe\xee\x11\xd7\x1b\x58\x39\xbd" "\xbe\xff\xe9\xf7\x6b\x2e\x74\xb6\xff\xb9\xb5\x35\xbf\x36\x51\xde\x2f" "\x6c\x69\xcf\x2f\x9a\xfb\x85\xd7\xe3\xfb\x75\xce\x5f\x68\x95\x53\x9a" "\x5f\xfa\x51\x4b\xbf\x73\xdf\x9e\x9c\x5d\xca\x3f\x7f\xec\x7b\x27\x9f" "\x5a\x85\xf5\x86\x8d\xec\xd9\x1f\x3f\xf7\x9d\xa3\x27\x4f\x1e\xff\xbe" "\x17\xcb\x7e\xf1\xb5\xb5\x51\x8d\x61\x5e\xa4\xd3\x96\xb5\x52\x1f\x2f" "\x86\x7d\xb1\x63\xb5\x8b\xa8\x78\xc7\x04\xac\xba\x5d\x2f\x34\x0f\x02" "\x1e\x3e\xf1\xdd\xa3\xcf\x1c\x7f\xe6\xf8\xa9\x3d\x7b\xf7\xee\x59\x58" "\xd8\xfb\xa5\x3d\x8b\xbb\x96\x8e\xeb\x77\x95\x8f\xee\xcb\x4e\x57\x50" "\x5b\x60\x25\xb5\x7f\xf4\xab\xae\x09\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x30\xa8\x1f\x1e\x3e\x74\xe1\x9d\x37\xbf\xf0\x6e\xb3\xfd\x7f\xbb" "\xfd\x5f\x6a\xff\x9f\x9e\xfc\x4d\xed\xff\x7f\x92\xb5\xff\xcf\xdb\xc9" "\xa7\x76\xf0\xa9\x1d\xe0\xed\x5d\xd2\x97\xf2\x64\x1d\xac\x4e\x67\xf9" "\x6a\x71\xfa\x68\x56\xdf\xd4\x0d\x40\xf1\x42\x33\xbc\x33\x5b\xee\x63" "\x31\x6c\x8d\xe3\x17\xdb\xff\xa7\xe2\xf2\x7e\x5d\x53\x7d\xee\xca\xe6" "\xd7\x7a\x44\xb3\xee\x04\xae\xeb\x2f\x65\x3a\xeb\x83\x24\x1f\x2f\xf0" "\xbe\x18\x9e\x8d\xe1\xaf\x02\x54\xa8\x98\xed\x3e\x3b\x86\x37\xe8\xdf" "\xba\xf8\xb0\xb4\xad\xa7\xfe\x29\x4a\x4d\x78\x1b\xfa\x07\x1e\x1f\xe9" "\xff\x96\xf7\x5f\x94\xda\x7f\x77\xed\xd7\xa9\x4b\x7b\x6d\xc6\xcb\x28" "\x5a\x2c\x56\xbd\x8e\x40\x77\xff\xdc\x50\xfd\x7f\xff\xab\xbd\xe2\x95" "\xd7\xc5\xd4\x7b\x9a\x1a\x6d\x79\x3f\xdb\xb8\xdb\x44\xa3\xe7\x51\xfa" "\xa0\x23\xd8\x00\xac\x8c\xaa\xc7\xff\xfc\x7b\x68\x96\x9b\xae\x7f\x9e" "\xfa\xe3\xd7\x67\xae\x4d\x29\xdb\xa5\x47\x3b\xf7\x97\x79\xff\xa5\x30" "\x8c\xbf\xbc\xd3\x19\x5f\xeb\xe3\x4f\xae\x76\xf9\xf9\xb8\x7d\xa3\x2e" "\xbf\xea\xf5\x1f\xf5\xf8\x9f\xad\xf1\xef\xe2\xfe\x2f\xed\xf7\x7a\xef" "\xff\xb2\x11\xf3\xea\xcb\x2b\xf7\x3f\x3f\xbf\xf8\x6e\xa9\xd8\xb0\x6d" "\xd0\xf2\xf3\xf5\x4f\xfd\x40\x6f\x1d\xae\xfc\xcb\xb1\xfc\xb4\x36\x0f" "\x86\xc1\xca\x6f\xfc\x32\x2b\x3f\xbf\x21\x34\xa0\xff\x66\xe5\x6f\x1e" "\xb0\xfc\xeb\xd6\x7f\xfb\xf2\xca\xff\x5f\x2c\x3f\x7d\x6c\x0f\xdd\x3f" "\x68\xf9\xcd\x1a\x17\x13\x9d\xf5\x98\xcd\xd6\x23\xdd\xff\xcb\xaf\x1b" "\x27\x57\xb2\xf5\x4f\x7d\x7b\xde\xa0\xfc\x6f\x3e\xd7\x6d\xfd\x97\x39" "\x50\xe3\xd5\x58\x3e\x6c\x64\xe3\x32\xce\xec\xb0\xb2\xe3\x88\xd6\x41" "\x7b\xbf\xf1\x7f\x87\xfd\xfd\xbf\xd9\xf1\x7f\x5b\x95\xcd\x76\x6b\xf9" "\x73\x18\x9f\x8f\xf1\xb4\x23\x4e\xcf\x39\xe4\xe3\x9d\x0c\x5b\xff\xf4" "\x7c\x45\xfa\x1d\xb8\x33\x7b\xff\xa2\xcf\xef\x9b\xf1\x7f\xc7\xdb\x97" "\x63\xd8\xef\xfb\x90\xc6\xff\x4d\xdb\x63\x3d\xfe\xe4\x97\xe2\x4b\x9f" "\x65\x8a\xd7\xba\x7c\xb6\xeb\x75\x5f\x03\xe3\xea\xbd\x0d\x75\xff\x6f" "\x54\xd3\xc5\xe6\x69\xd0\xf2\x96\x9f\xa9\xbe\xfe\xa6\x21\xa6\xc6\xe4" "\x32\x96\x6b\x3d\x67\x55\x71\xfd\x1b\x8d\xc6\xea\x5e\xd0\xea\xa3\xd2" "\xc2\xa9\xfc\xf3\xaf\xfa\xee\x73\xd5\xe7\x29\xf7\x55\x5c\x7e\x3f\xf9" "\xf8\xbf\xf9\x31\x7c\x3e\xfe\x6f\x9e\x9e\x8f\xff\x9b\xa7\xe7\xe3\xff" "\xe6\xe9\xb3\xf1\x3f\xf4\x7e\x8f\xf4\x7c\xfc\xdf\x7c\x7b\xce\xc7\xff" "\xcd\xd3\xef\xca\xde\x37\x1f\x1f\x78\xae\x4f\xfa\xc7\xbb\xa4\x17\xa1" "\x9d\xbe\xad\xfb\xf2\xad\xd3\xf6\xbb\xfb\xbc\xff\xf6\x3e\xe9\x9f\xe8" "\x93\xbe\xb3\x95\xbe\xbf\x23\x47\x4a\xbf\xe7\x86\xcb\xb7\xf3\xf5\x7a" "\xff\x3b\xfa\xa4\xdf\xdf\x27\xfd\x93\x7d\xd2\x3f\xd5\x27\xfd\x81\x3e" "\xe9\x0f\x95\xd2\xcb\x63\x40\xa7\xf4\x4f\x67\xcb\x17\x59\xfa\x7a\x97" "\xf6\x3f\xbd\x3e\x3f\x60\xfd\xca\xdb\xe7\xf9\xfe\xc3\xc6\x91\xee\xff" "\xf4\xfa\xfe\x6f\x6d\xa7\x4f\x97\xb3\x8c\xb6\x96\xc0\x6a\x78\xe5\xb5" "\xdd\x07\x9f\xfc\xcd\xb7\xea\xcd\xf6\xff\xd3\xad\xeb\x21\xe9\x3e\xde" "\x81\x18\xaf\xc5\x73\xa3\x1f\xc5\x78\x7e\xdf\x3b\x94\xe2\xd7\xd2\xde" "\x8c\xf1\xbf\x65\xe9\x55\x5f\x6f\x02\xda\xf2\xfe\x33\xf2\xdf\xff\x07" "\xfb\xa4\x03\xe3\x2b\x3d\xe7\xe5\xfb\x0d\x1b\x50\x31\xd3\x7d\x76\x0c" "\xfb\xf5\x5b\xd5\xeb\x38\x9f\xf1\xf2\x99\x18\x7e\x36\x86\x9f\x8b\xe1" "\xc3\x31\x9c\x8f\xe1\xae\x18\xee\x8e\xe1\xc2\x88\xea\xc7\xea\x38\xf8" "\xfa\xef\xf6\xbd\x58\xb4\xcf\xf7\xb7\x64\xe9\x83\x3e\x4f\x9e\xb7\x07" "\xea\xe8\x27\x2a\x84\xb0\x67\xc0\xfa\xe4\xd7\x07\x86\x7d\x9e\x3d\xef" "\xc7\x6f\x58\x37\x5b\xfe\x32\x9b\x83\x01\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x54\x66\x62\xe9\xef\xe2\xe2\x5c\x11\xc2\xb9\x37\x5e\x3e\xf4\xc4\x91" "\x13\xbb\xae\xcd\xd9\xdf\xca\x51\x5f\xfa\x3b\x55\x8a\xd5\x5a\xcb\x85" "\xf0\x48\x0c\x27\x63\xf8\x8b\xf8\xe2\xca\x07\xcf\x1f\x2b\x87\x57\x63" "\x58\x84\x85\x50\x84\xa2\x35\x3f\x3c\x7e\xa9\x55\xd2\x2d\x21\x84\xd3" "\x61\x47\x38\x1f\xea\x61\xdb\xb9\x0b\x2f\xbd\xb5\xf0\xd8\x91\x33\x87" "\xcf\xee\x7c\xfb\xd5\x7d\x17\x57\xef\x13\x00\x00\x00\x80\xf5\xef\xff" "\x01\x00\x00\xff\xff\x4f\x76\x07\x39", 2780); syz_mount_image(/*fs=*/0x200000000180, /*dir=*/0x200000000300, /*flags=*/0, /*opts=*/0x200000001040, /*chdir=*/1, /*size=*/0xadc, /*img=*/0x200000001900); break; case 1: // open arguments: [ // file: ptr[in, buffer] { // buffer: {2e 2f 66 69 6c 65 31 00} (length 0x8) // } // flags: open_flags = 0x66842 (8 bytes) // mode: open_mode = 0x21 (8 bytes) // ] // returns fd memcpy((void*)0x2000000000c0, "./file1\000", 8); res = syscall( __NR_open, /*file=*/0x2000000000c0ul, /*flags=O_NONBLOCK|O_NOFOLLOW|O_NOATIME|O_DIRECT|O_CREAT|0x2002*/ 0x66842ul, /*mode=S_IXOTH|S_IRGRP*/ 0x21ul); if (res != -1) r[0] = res; break; case 2: // pwritev2 arguments: [ // fd: fd (resource) // vec: ptr[in, array[iovec[in, array[int8]]]] { // array[iovec[in, array[int8]]] { // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {85} (length 0x1) // } // len: len = 0x78c00 (8 bytes) // } // } // } // vlen: len = 0x1 (8 bytes) // off_low: int32 = 0x2000 (4 bytes) // off_high: int32 = 0x0 (4 bytes) // flags: rwf_flags = 0x3 (8 bytes) // ] *(uint64_t*)0x200000000240 = 0x200000000000; memset((void*)0x200000000000, 133, 1); *(uint64_t*)0x200000000248 = 0x78c00; syscall(__NR_pwritev2, /*fd=*/r[0], /*vec=*/0x200000000240ul, /*vlen=*/1ul, /*off_low=*/0x2000, /*off_high=*/0, /*flags=RWF_HIPRI|RWF_DSYNC*/ 3ul); break; case 3: // poll arguments: [ // fds: nil // nfds: len = 0x0 (8 bytes) // timeout: int32 = 0x423ff (4 bytes) // ] syscall(__NR_poll, /*fds=*/0ul, /*nfds=*/0ul, /*timeout=*/0x423ff); break; case 4: // syz_mount_image$msdos arguments: [ // fs: ptr[in, buffer] { // buffer: {6d 73 64 6f 73 00} (length 0x6) // } // dir: ptr[in, buffer] { // buffer: {2e 00} (length 0x2) // } // flags: mount_flags = 0x1a62438 (8 bytes) // opts: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYRES32: ANYRES32 (resource) // } // union ANYUNION { // ANYRESHEX: ANYRES64 (resource) // } // union ANYUNION { // ANYRES8: ANYRES8 (resource) // } // union ANYUNION { // ANYRESOCT: ANYRES64 (resource) // } // union ANYUNION { // ANYRES16: ANYRES16 (resource) // } // union ANYUNION { // ANYRESOCT: ANYRES64 (resource) // } // union ANYUNION { // ANYRESDEC: ANYRES64 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {37 b5 7c fa 7d 01 21 34 5c 29 b6 06 4f 49 a0 // f9 5b 88 67 1b 8e 91 49 55 6e 5f f3 c7 01 2f 78 56 b6 55 7b ae // 1d 1d 61 ef ea 62 31 14 a0 b4 b5 2f 68 38 7d 20 40 dd 08 c5 aa // 75 3b 59 6e de 3f 3d 63 7f 96 75 23 10 a3 89 ef cd 8c f3 35 ca // 9d bb bc 10 bd a7 a1 63 42 96 8c 9a b4 fd 1a c6 5d a6 04 cd 9b // 42 d6 d0 dc 0e 89 5e 0b 2f 42 82 2d 1b 34 2f 88 a8 d6 07 00 8d // 20 b2 2b 77 6a 70 a0 7a 2c 53 fc 32 be 09 4c 85 72 79 c5 85 42 // b1 76 bf bc c6 c7 e9 80 8d a6 87 b4 4a 8b 21 d2 3c c2 f8 00 50 // f8 fd 45 7f 5a 55 95 22 6d 20 08 bc de d2 26 ab 2e 75 d0 0a b5 // 59 2d aa 23 e8 09 e0 4c 2b 37 0a f4 60 ae 93 b7 ef c3 2b f1 74 // 83 07 79 05 8a d7 52 90 b9 ab b5 9b e5 f8 85 90 01 e6 51 c1 d4 // 04 a5 f2 8e af 37 81 f2 28 82 49 ae 7b 38 5a 9c 40 92 9c ae 3f // a5 a6 f1 42 cd 05 7e bd bc 00 00 00 e3 4d b2 d1 4a 64 58 49 9d // e0 81 9d 89 f5 70 a7 2f ee 0d d8 cf 74 4e 0d af 8f 31 b1 d8 ed // da 87 29 6c a7 63 2e 1e 6e 23} (length 0x12a) // } // union ANYUNION { // ANYBLOB: buffer: {48 c9 42 8a fe 91 e0 96 7e 32 39 82 40 fa 5d // ee 66 bf e5 5c d9 92 7c a5 54 37 5c fe bb 0f 3d f0 26 27 b5 d3 // ad ac 5d 8d 30 cc 2c 9b 36 6e 42 a6 a3 49 83 b6 83 ce 2a 2f bc // af dc 21 4f 5d ff 0b b1 00 4d e7 cb 3f c8 b2 58 6f 87 5f ba 1b // 7b b2 d9 a9 06 2a db c5 dd 3a e2 ff f0 a9 f5 0c 3e b1 ea b1 68 // 78 85 d8 73 00 db 28 ca bc 87 9a 95 bc 02 5c 2b 8d b8 a3 68 7e // 46 58 9a 15 ed bf 0c} (length 0x7f) // } // union ANYUNION { // ANYRESHEX: ANYRES64 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {ac 2d 5b 5b 89 45 d5 7e 78 69 64 8e be 10 b8 // d2 71 97 63 b4 bf 3f 66 67 bf 8f 72 26 06 d2 b3 59 3f 26 21 8e // 9a 5f ba 2e 7d 41 66 78 7d a7 17 37 b3 80 04 5f b0 a6 82 e2 91 // 52 71 f2 14 c0 11 29 61 b7 3c 46 38 e7 ba 68 de b3 48 26 d7 68 // 2a ce 75 49 c8 3b f5 2b d9 14 2b 6c 5a de bf 82 15 52 70 d3 32 // 04 c0 9c 07 ed 4c a2 fc 93 2a f4 86 46 c9 62 4e 3e 35 44 d6 8f // 61 a2 b0 73 fb 85 33 25 99 b2 99 a4 f4 41 a8 e2 f7 4c 57 aa 38 // b5 b5 96 23 82 80 c1 69 3b ba 97 ff 25 86 79 ab 84 48 59 70 b6 // 0f 81 09 3d da 65 01 ba ba 18 a7 79 0c a3 e6 fc fa 12 89 8b 9f // ff 3f af 61 3d 71 f9 d6 4d bd 5c 2e da d8 e7 74 fb 0d a3 9e 53 // 2d 92 16 4e 2d 34 af f7 ca e3 2f 3c d7 aa 9a ac e0 00 f1 36 32 // 3e 48 08 d0 c6 6c 08 28 94 2d ef 38 de b2 e1 d8 47 55 5f e0 d5 // ba 80 84 ba bb 31 69 f9 f0 62 46 ec d5 32 77 58 44 8c 9c 7e 45 // 91 da 12 ff 1b 08 4e 75 7d 05 af 4f 0f 04 44 ec fc c0 c4 d2 06 // 7a 98 d4 9f e5 24 12 21 83 80 bb 75 e2 1c d2 37 24 e0 39 0b 11 // 6b 9a 1c 1e 33 50 b3 e6 f1 7c 5b d1 f1 ad b4 ce 1d 03 d5 b3 0e // b0 69 03 40 70 8f 06 df ca 5c 9d 74 a7 c1 40 ca bd dd 0f 37 d8 // bc f1 5e 57 8d de 85 d7 c2 8c cb 1c 96 33 ce eb 54 bb 27 8d 55 // 09 72 20 ca 53 a2 ea 47 81 ac a2 b7 01 89 19 99 38 af ba 9a 70 // 0a 61 02 25 31 1f e8 31 67 94 ca 0a e1 39 a5 0d bd 34 d5 72 d6 // 16 5e aa a9 48 44 62 00 45 e6 15 d5 1f 5e 19 c2 9a ad ad 35 39 // 49 09 61 13 58 51 f1 5b bf d0 60 4f 39 26 87 75 83 d8 5c 45 a0 // 4c 6f 15 5a d6 e1 96 6d 20 04 ab 6a b5 1f 9b eb 82 db cd ca aa // b8 86 56 4c bf 81 b5 81 da 39 7e ba 4f c8 fe 43 0e f9 3e d6 13 // cd 58 8e 39 96 69 b9 f4 b6 34 81 16 3e 6c 2b 74 11 25 38 19 2b // e9 55 1c a4 00 bc 2b 94 7a 53 5f cc bc 56 7a 68 a3 ab 94 55 43 // 85 bb 1f 2a 0e 21 46 31 01 13 10 2a 9f fb cb bf 44 d3 0e 07 6d // 36 3d 62 01 fa ec f8 bb bb c9 d7 fc d3 81 95 86 0b bc 85 ee 3f // 5f 9b 2c 99 01 64 ab c3 a7 67 4a b2 a6 31 14 7d 70 85 85 f5 26 // 94 a4 6b 68 1c bc 62 3b 53 a2 72 f2 1f 2a a5 59 7b ee c8 09 49 // 54 54 13 16 cc 45 ec 97 51 fe f1 23 69 e7 27 2b 7b dc b5 27 ba // c4 a1 9e 0b ba 1b 68 ef 98 e3 56 37 05 e9 ca 40 bb 91 4c ec e2 // fd 75 c2 37 5b 81 a0 6d ad cd b1 c5 4a 17 58 55 e3 0c 3d 9c a5 // 8c a8 73 e4 3d 70 3b 14 71 52 6f b3 df e1 2e 14 0b 81 df 3a fa // e6 10 4e 5f fa 4e 85 85 b4 56 a7 19 9c 75 c5 ab c7 af ec a7 43 // fc e3 10 df 09 06 2f 20 b9 a9 9f ac 5d 01 93 38 d9 86 06 80 5f // 4f aa d9 cc 81 eb f0 3b 72 39 a3 40 c9 73 82 8b 67 6a f4 e5 94 // d7 96 68 9f 98 23 73 0c 5e ad 8d ba 25 69 25 86 9a b0 d7 19 6a // 99 b7 5a 15 f9 92 78 52 d7 81 3a a5 a4 cb 76 76 47 49 e8 82 d5 // 9c 09 4c 5e bd 19 11 15 31 50 e8 d5 3a a8 ab bf 36 0a 40 45 b6 // 3e 0e 29 6d 03 15 8d e8 aa 02 b5 ae b4 59 dc dc 6b 9d 5a a8 c0 // e4 55 e7 cb 6a 5d 9b 26 ee 54 20 e4 1d 89 59 0a 0c 04 ca 87 01 // a6 a3 86 71 6a 32 e0 41 02 f2 81 f6 63 17 a2 19 40 c0 cf 83 e1 // 28 f4 f8 3b df 67 70 17 0d 74 d4 3f 3b 1f 4c 0b b5 e8 c6 92 54 // e0 bf d1 5c 6d 02 59 6b f3 b5 47 e5 b9 b8 e8 43 90 45 5a 9c 4b // 00 b6 33 c6 61 61 6a ca 4a 41 58 86 8b e2 16 33 f3 43 15 59 96 // ea ff 00 c2 c3 47 fe a0 3c 6f 06 e7 ad cd 83 cf 32 0e 3a 44 6d // 07 db a2 02 e5 96 06 32 56 0d a8 a3 b6 0e fe 5a 81 4a 5c b2 a4 // ff 08 42 ff f2 38 97 b5 83 b3 81 e5 03 0e 50 6c ae f8 dc 97 be // f9 53 21 11 e3 eb 36 21 87 0e c3 9f e2 35 1d 38 14 a0 2d 2f 9e // 38 aa c1 f0 89 7f 32 dd bf fd c6 e0 ac de a9 5f f7 f6 78 65 da // ae 11 30 f6 8f 00 98 56 82 ec ef c4 3f b6 f8 52 15 14 92 3b 5c // f3 56 0b e0 73 9a eb 4e b0 0b 38 9d 39 eb b9 b9 74 e0 54 12 0f // cd 48 c0 d6 bc 09 44 1c 2c 19 f4 1b df ce ed 01 a3 b6 86 92 15 // 00 fa e8 87 95 f2 16 79 4d 21 dd 3a 98 f2 fd b5 a1 59 0e 0c bd // c5 cd 95 93 b1 64 e2 55 13 1c 21 f2 2e d7 e7 ed 4e c8 3d b9 1f // 8b f5 f3 27 d7 22 2b e1 e4 70 a7 c0 d0 a6 57 c7 3a d6 06 f2 ef // 0c 59 d3 c1 18 c6 01 d2 3d 67 ee 16 ce 36 58 c9 15 3b 81 31 f0 // 6c 1e 4f 83 c4 9d be 6d bc 34 78 b1 31 3b 92 21 bc 4c 5e ad eb // fd 16 cd 07 af de 50 9f 2e 92 6f cf d5 f8 fe ab e8 36 f4 08 0e // a5 e6 5c 1e 4d 85 9f 16 ac 45 ad 8c 80 4e b9 ec ce 36 3f af 19 // c1 40 9d 81 92 a6 44 82 35 78 cc fd 5b 64 34 78 eb 94 82 23 67 // 6d 37 5f 81 1f ff a8 74 f7 c2 a2 81 10 4a 28 ba f4 da 27 16 ae // 87 0a bb 3e 0f 05 e6 34 66 17 63 56 72 8a 70 0f e3 9e bb 62 bd // bf f1 39 fd bf 21 52 00 22 98 4d c6 d3 ee d1 d8 1b 94 f2 8a 07 // cc 23 8c cb 64 d6 5e 87 53 4c 01 11 bb 76 21 23 68 c6 e8 e9 a5 // 36 e7 58 fa 2f 16 a2 ca b9 d3 19 84 05 54 88 b2 7b cf f1 2b cc // 5a 0f e2 1a 0e 44 ed fb 87 c6 81 06 0e 69 44 ff 89 dc e4 a9 c7 // 12 2c 53 ac c2 79 13 a5 fb f1 5c 9a da 97 1d f8 8f 0d f3 f8 2e // b5 63 f6 3c 64 0a d6 e3 9a 1f 5c 1a ad 83 c3 64 95 7e c6 d6 45 // f4 24 3d 1f b4 ec ef 27 5d 4c 0c a0 28 40 64 cd e0 c2 82 d7 93 // f2 90 ba b5 a4 de c1 5f 3e 2a dc c9 d4 55 d2 e2 8b d0 40 d6 e0 // f6 51 ac 6f 20 f5 5d 13 03 d2 aa ef 21 04 b3 93 af c8 49 e9 cd // 77 43 ca 20 a6 f0 92 cb f4 2a 67 44 68 92 49 31 28 d3 8b b0 d0 // f5 07 ff e3 fd 71 8e c4 8e ff 58 df 72 97 28 bc 01 ee 18 0d 67 // 6d fa 22 c8 1d a0 e4 e3 fd a9 4f 4f 94 19 5b c8 2e 1f 94 1d 8a // 29 0c a0 d4 16 37 3d 42 0e ba 19 64 70 e4 f2 59 40 50 60 61 c6 // 01 f1 2b 36 56 d6 d6 b3 a4 7e 50 d5 23 5b 7f d0 f8 2b b0 83 5a // ee 34 70 b6 9b f7 e5 96 16 ec e4 47 d9 af 36 c3 96 f6 87 21 4f // f7 d7 e2 79 61 f4 61 c7 80 b4 c5 63 ae b4 7f a9 f3 35 cb da de // 8a 06 71 1b a7 9b 6f e8 77 8a c1 bc 06 bb 59 13 1c 17 40 9c 1d // 1d 0c c7 46 ae c8 c3 b1 34 8f 95 85 94 51 92 d8 e3 20 02 c6 76 // 75 3a b2 46 a9 27 02 fc 8e 3a 3c e8 9b 84 66 1b 1b 10 dc d7 3f // dd ac d3 11 ca 66 3d 48 3b 87 a5 92 25 f6 06 27 ee cf 40 9d 61 // 88 23 6b 19 86 33 d4 7c 5f 1c 0b a0 bb 43 21 aa c8 8a 60 61 d5 // e9 78 83 91 4c d7 42 84 ab 93 7b 95 79 cc ee 6a b5 bb 39 f6 27 // 4a 04 e3 e7 a8 c3 d0 33 e3 40 35 7b c1 5c 5f 6d aa 04 7b 1c ee // 44 8a c3 80 bb de 4b f8 06 b0 89 1a 04 b9 e4 08 60 9b 04 0b 7d // 3a 02 d2 a7 6d 40 13 75 6d 79 24 47 92 c5 43 fe 23 27 a3 c3 71 // 85 2b ed 5a b5 4d e9 87 bc 46 99 b3 2a d1 c0 8f 7f ff 7a 23 06 // 9e 72 bd dc 9a 59 0b 2c 70 7b ac 39 57 d4 6b 65 7a 4e 17 f1 91 // 4d b5 8f b6 43 6b dd 58 b8 6d f4 91 01 6a 2b 9e be 0c 35 a8 59 // b2 16 f1 7f 48 28 c8 de e3 0a 38 ed 1f c3 63 47 af 97 89 99 d0 // c4 04 31 3c f9 9c 92 81 c4 51 94 ab d7 94 75 a8 0e a1 48 68 40 // aa d7 2b 1c 0c 4f 17 fe 35 a1 50 fc b5 74 fa 9f cc 09 a7 fc 5d // cd 34 e1 5d 4b f1 bc cf a8 bf 42 3d 24 37 e2 eb 0d 3c a9 32 4f // bf c7 e2 56 b8 62 c5 0e bc 8d b3 fb 69 f6 90 03 d3 78 07 af 8d // dc cf 2d 92 9a d9 d0 6e bb b7 e5 38 d9 3b b0 b7 bc 82 8e 16 39 // e0 b5 e8 9c 22 ba dc a3 07 ad 28 18 3c 30 83 e8 7c 91 7f eb 4c // 88 23 97 d3 97 ea 2e 7f f0 e0 5e bb 25 29 40 30 2c dc 0f 0f 7e // fe 40 68 5f 7c 3e 89 23 e3 79 5d 70 d6 9c 70 d9 a0 71 e4 01 ce // e7 71 f2 9d cb 53 16 47 17 68 46 4c 46 59 f2 c7 6d 11 71 3a b4 // 4f 4c 94 4a 48 19 de b1 24 8b 02 45 74 03 e9 63 0a af 4a 18 0e // 9e 55 bb 4d 29 1e 9a 2b c8 5a 1e d1 7f 90 6d 54 93 5c 7e 5e 8b // 70 7e ad 56 28 4f da 02 08 bd 88 ab 5c 32 59 bd 53 29 c0 d2 66 // 53 eb 07 b6 85 6a d7 99 fd 6f a8 d2 11 1d a3 97 0f f8 50 9b c2 // ef 3a 88 13 d0 4f 36 00 15 26 b7 07 57 64 6e d4 bf 25 a2 56 75 // 1b 8e c7 14 f2 e6 2d ea 19 e8 2a ac ec 38 91 95 53 2b f7 f3 35 // af ae 43 51 ad b9 3c 84 6e 22 f1 f2 a3 e0 d6 20 d8 16 88 bd 55 // 30 e3 89 f2 28 4b 3c 99 7d 4a ba b7 c3 0a ac 1b 14 14 25 cd 9a // a3 15 dc 5a 5e 8b 04 fd 50 3d 79 89 6b 14 94 d8 be 48 04 8c 73 // 92 fc 92 c3 25 b7 6b de 44 96 c4 9d a3 4c 9f f9 59 69 be c8 f9 // 5c 35 62 39 d5 33 69 07 95 73 83 b1 2c 51 2f ff 6d 79 70 97 a2 // 6a 5a ee 92 51 ba e9 40 ef 1a 19 b3 f7 46 39 63 00 d3 ba eb 47 // 6b 02 3f 74 0e d7 c1 da 92 fd bf 18 34 c3 a8 82 a6 07 98 85 b9 // 33 33 3d 0e 19 4c c1 f2 5a 06 c3 a2 d3 70 93 68 86 cb 38 5d 98 // 61 d6 76 2c 74 16 a1 db 52 75 22 8b 64 99 cd ef 97 67 fb 99 8d // 43 25 1b 96 3b c4 47 7b 2c 05 1b 70 a0 31 7d e5 f6 ec 31 58 91 // 41 45 bd 03 6f f1 94 df 97 22 d2 a3 d2 ac 23 97 89 1b 57 3a 34 // ad 16 23 6c dc 7c a7 7b c1 5f 0f db c3 ca e9 23 d6 16 33 a4 2b // ab 45 0a 80 cf 3e e6 58 0e 79 2b 16 17 d7 4f a1 89 d4 50 a6 4c // a1 2d 8c 79 76 98 20 8e a6 10 10 b6 07 28 85 b7 62 af 59 81 59 // 62 1f 83 8e ba cc 00 ea 11 f5 92 4b 39 b2 bb bc 5c 7d 66 78 71 // ce 32 e9 aa 75 89 3a 9f a1 3a 2f fe 66 b3 60 e2 66 44 62 59 a8 // 74 5a dd b4 e1 86 13 9d 86 d4 e8 d4 85 37 ac 35 02 9b 0d 87 c0 // 3e 8c 1a 9b 9a 42 25 94 49 6f ed a8 bc 55 02 77 74 28 fe 73 71 // 98 ed 89 6c 21 28 a4 f7 d5 52 f2 ee a8 fe f6 e6 8f ea f3 cb fd // 54 9e 62 2e ea 7b c9 88 bb 16 fc 49 b7 ab 24 14 26 f2 e4 0e dc // ca 07 d4 f9 47 cc b1 d3 b8 c2 e9 cb 14 a0 c0 44 95 db b7 5b d9 // c9 35 f3 6b fe 39 84 55 b0 e5 f9 27 d5 72 6e 61 7c 69 ca 81 fe // 36 c3 e6 ea 51 0c 5f e4 73 51 61 c9 92 f9 eb f6 67 27 e5 a7 de // d5 90 06 1d 4d a3 b8 6b 99 68 46 a6 bb 10 2e 47 d3 34 65 d8 8a // 68 64 4c 8a 76 a7 70 d5 e0 31 8e 6c 30 1e 7c 7f 55 75 bf 15 a9 // 58 9b 32 cf aa 41 ee 15 97 24 88 49 71 95 a2 cb 49 a6 b6 f9 37 // a8 e3 11 e3 4d 31 1d fd 4f e2 22 d3 ab c0 95 b0 b2 4a 1b 71 93 // eb 33 53 de f0 cc 15 11 c8 fc e9 b0 a7 86 7a e2 fe d4 db 93 00 // 96 46 dc 91 a3 74 53 87 cb e6 1b 37 f7 49 b4 0d 5d 38 97 08 56 // b7 ab 8b 6e 1e 0b 81 c0 78 c6 8c b5 5c 57 85 4b 8b 58 63 b7 a4 // c8 7f 42 e6 d6 dc a2 de 03 26 b1 b2 69 70 16 8c 99 f5 98 16 87 // 74 48 e7 f7 26 26 f5 35 4f db 5e 03 3c d6 b4 2e 94 76 66 5e fa // e6 62 87 e6 56 59 0d 1f 80 b3 a0 95 57 a5 7d 7d e4 ba de 6a 12 // 2d 40 a9 2d b1 d3 47 46 3b 74 15 1d 44 a0 2d be 06 72 59 c6 33 // b8 c8 44 25 e7 7a 73 6f ca 99 f0 6d 0f d6 6e 35 36 55 11 ec 01 // 75 37 f4 c2 12 e7 f2 e2 33 69 95 8c 3a 7b 92 fe ff ad 9e db 12 // 13 9f 1f 69 0f 95 12 72 5c 0a 1a 16 4e 78 b4 13 0c 91 fd 39 61 // df 91 c1 a1 17 83 c2 4b 03 bc f3 05 fd 0e 14 e6 51 0f 4d 58 cf // 73 32 6e 94 f2 bc 1b 1a b2 95 29 7b ee 7a 98 b7 7a fe 48 3a 7d // 66 e7 80 d5 e1 11 b4 20 22 85 f5 80 ce 57 1e cc 09 85 50 1f aa // 0e 9f 2f 5b 98 48 d7 70 d8 d8 ad 7b 90 a9 51 f8 32 79 07 3e 45 // a0 c7 ab cf 89 cd 62 00 f7 fc 32 0e 46 ea 3d e2 ad de e3 a9 84 // 43 25 01 06 3f 99 28 d0 89 7d 93 dd e2 0f e8 fb e4 da bc 1a c3 // 4b 0e fd b3 d7 c7 b4 d4 95 71 ea 64 25 2d 72 09 ff 6d 0a e5 b9 // 5e f3 5d 81 60 c5 97 6f 7e d9 c4 b6 9d b8 1a 73 f6 d0 0f d2 54 // c4 17 69 6d 6a f6 94 f3 68 88 26 cc 04 db 80 19 f2 41 9f a9 9e // 47 dc 43 6f d7 68 90 b5 29 1c d2 72 47 17 a1 e6 04 e6 cb 5e 21 // 42 35 66 4e 8c 71 48 c2 bd 87 99 6c 05 bc fe 1f 29 20 0f 40 a0 // d7 66 df 3d dc 6f ae f8 2f b3 4d 38 5f 90 b8 f0 e4 bb 7b a5 19 // e7 98 67 35 c1 69 cb 35 46 d6 2f b7 0f bd 49 ee c4 ed d7 03 97 // d2 fc bf db 9c d8 73 31 fc e3 c9 78 6b 70 90 50 1b 90 4c 8f 92 // 5a 1d bf a1 51 a1 8e 6c 14 5e bb 74 da 71 00 de 60 a6 27 10 0d // 6c 04 ce 78 9a 7d 4e 88 69 2c b0 90 fd 9f f2 00 6e 5d db 87 0f // 5b 2a a5 02 08 1e b7 a2 67 44 de 9a 0d 29 a6 6e f1 8e b0 97 e1 // d3 96 56 10 78 e3 f9 25 80 46 a3 a3 e9 b5 87 89 64 d7 1b 52 67 // 55 08 4f 38 5d 97 77 b2 ab 50 3f 9d 77 c0 9a 46 00 4b 50 05 f6 // 9e ed ee 80 ed d8 7d d1 7f 22 92 eb a0 0f 71 de db 01 0b 7b 00 // 3a 84 00 f6 b4 4d 63 55 9a 10 bc 00 52 c6 78 ac 8e d9 65 8a ff // 4f 85 87 78 eb b6 0c ba f5 3d 82 24 8a 26 0c 72 55 f9 43 71 1e // 8a c3 1a 4b 7a 46 94 dc da ce 3b e2 5e a4 3b dc 9d fd 52 d3 69 // 29 2d 8d 75 81 a6 97 9d 1b 8a d5 43 ba eb 92 96 90 7e 09 26 02 // 5f 4c 35 97 e9 8e 2e ac d0 48 a5 de dd 0e 9d ab c3 26 8e d3 5a // 91 c6 18 09 08 af 07 a9 5b f3 74 57 3c 7b 4f 61 1e b3 0b bb 5f // 17 21 a6 55 0f 48 3d ca ed 51 d8 4f da a5 c6 a5 2d 7c 4d 04 ca // 4e df d2 88 d5 aa eb f6 f0 6c 6f ff 8b ff 81 39 23 ac 8c 6e dd // 0e ad ef ab 93 84 42 ff 09 b1 b3 ff 92 6c 96 3d 67 a0 1c cc bd // 86 cb 69 bb 5e 5a 4a dc a8 21 10 f8 7d 3e e7 80 0b 14 41 2b 48 // cd 94 fe ac ba a9 c1 92 1e 81 6d 02 87 ad 11 98 b9 4f d6 de 31 // 49 12 b7 99 38 a0 d0 0e f5 96 8c a4 cb 50 6a fa 14 96 ce 48 86 // c8 c4 49 55 a9 2c 9d 23 95 f1 08 a3 57 e2 40 51 1c c7 e6 54 8a // c4 17 4e 5b 52 cc 1f 03 ea 8f a8 26 8a 72 83 e9 cd 25 51 8c c7 // 11 14 86 95 37 89 1b 64 33 72 22 f0 4c 11 14 07 bc 2c 87 77 f1 // 13 2e 1b 29 4e c5 33 61 0f d1 ae 3b 4a a7 e2 0c 31 5d 87 ae ed // 3a 19 15 16 77 e0 41 73 fb d5 5e 88 66 9f 51 5d ea 19 c8 b9 9f // 8d 7e 82 97 34 f6 15 a9 b9 5e 27 8f ec 62 cf 2d 1a 37 d5 35 ef // 71 99 65 30 c6 2e 65 bb 6f de 62 54 47 e9 12 2c fd 94 7d 70 32 // c7 58 0b fa 52 86 bd de 0b d9 c4 f0 c6 3c bc ed dc 30 2e 1d ae // f7 f2 7b f2 89 f7 24 56 80 25 60 e4 47 7b 27 52 0b 45 f3 a3 9e // 78 78 24 f1 69 b3 fa 0e c7 fb a1 c3 7f 44 99 d4 3a 9c dc a7 59 // 5f 3e 9a b7 42 23 c3 48 19 b2 60 13 0d 8a 76 13 65 31 01 cc 9a // 6e 23 6a c0 19 65 35 6c 90 81 4c 63 2e d4 21 a6 26 54 a4 57 cc // c6 60 40 02 64 51 61 0b 94 89 8d 13 29 2c f2 09 6f c1 74 4b 8f // e6 7c eb bc ee 0a 38 30 be 98 76 94 e5 93 d7 32 f0 5e 3c 65 03 // a7 11 73 dc 98 70 c3 ec a0 17 31 8b 62 8d d6 51 23 2e a1 c4 24 // a9 8b 39 41 88 c8 b8 db f3 0d 69 f1 97 62 19 fd 5b 19 75 f8 de // eb ab ec a9 70 58 1f 01 1f 42 8c 16 4b b3 5e 0d 6b e1 87 a5 a2 // 88 7d 6b b0 88 9c 41 c5 c2 4d 0b 17 3f 05 db 5d 3a 9e 50 31 8b // 44 8b 3c 8c 00 00 00} (length 0x1000) // } // union ANYUNION { // ANYRESDEC: ANYRES64 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {88 d2 55 86 18 f7 c4 90 fc 79 67 49 fc 7a d4 // d0 e5 8a 14 56 ee d8 a4 ec e8 6a fc 5e a4 c6 fa fb 51 15 6d 1a // 84 e6 5c 21 15 c6 89 0b 81 7c 3c 84 05 4f cb 6e 09 c6 97 f5 fe // 74 7a 74 4b 09 83 d5 7a ed 44 c7 96 d0 41 e3 2f 9d 12 23 51 ae // 59 b4 14 3d 51 6e 07 8d 3e 88 f9 47 35 a9 34 12 c6 04 b4 2d 89 // dc 3a 0c 0a 8d 30 d0 11 f4 a4 90 8a ca 5c 2b 04 0e 20 f8 25} // (length 0x77) // } // union ANYUNION { // ANYRES16: ANYRES16 (resource) // } // } // } // chdir: int8 = 0xb (1 bytes) // size: len = 0x0 (8 bytes) // img: ptr[in, buffer] { // buffer: (compressed buffer with length 0x0) // } // ] // returns fd_dir memcpy((void*)0x200000000f40, "msdos\000", 6); memcpy((void*)0x200000000f00, ".\000", 2); *(uint32_t*)0x200000000f80 = 0; sprintf((char*)0x200000000f84, "0x%016llx", (long long)0); *(uint8_t*)0x200000000f96 = -1; sprintf((char*)0x200000000f97, "%023llo", (long long)-1); *(uint16_t*)0x200000000fae = -1; sprintf((char*)0x200000000fb0, "%023llo", (long long)-1); sprintf((char*)0x200000000fc7, "%020llu", (long long)-1); memcpy( (void*)0x200000000fdb, "\x37\xb5\x7c\xfa\x7d\x01\x21\x34\x5c\x29\xb6\x06\x4f\x49\xa0\xf9\x5b" "\x88\x67\x1b\x8e\x91\x49\x55\x6e\x5f\xf3\xc7\x01\x2f\x78\x56\xb6\x55" "\x7b\xae\x1d\x1d\x61\xef\xea\x62\x31\x14\xa0\xb4\xb5\x2f\x68\x38\x7d" "\x20\x40\xdd\x08\xc5\xaa\x75\x3b\x59\x6e\xde\x3f\x3d\x63\x7f\x96\x75" "\x23\x10\xa3\x89\xef\xcd\x8c\xf3\x35\xca\x9d\xbb\xbc\x10\xbd\xa7\xa1" "\x63\x42\x96\x8c\x9a\xb4\xfd\x1a\xc6\x5d\xa6\x04\xcd\x9b\x42\xd6\xd0" "\xdc\x0e\x89\x5e\x0b\x2f\x42\x82\x2d\x1b\x34\x2f\x88\xa8\xd6\x07\x00" "\x8d\x20\xb2\x2b\x77\x6a\x70\xa0\x7a\x2c\x53\xfc\x32\xbe\x09\x4c\x85" "\x72\x79\xc5\x85\x42\xb1\x76\xbf\xbc\xc6\xc7\xe9\x80\x8d\xa6\x87\xb4" "\x4a\x8b\x21\xd2\x3c\xc2\xf8\x00\x50\xf8\xfd\x45\x7f\x5a\x55\x95\x22" "\x6d\x20\x08\xbc\xde\xd2\x26\xab\x2e\x75\xd0\x0a\xb5\x59\x2d\xaa\x23" "\xe8\x09\xe0\x4c\x2b\x37\x0a\xf4\x60\xae\x93\xb7\xef\xc3\x2b\xf1\x74" "\x83\x07\x79\x05\x8a\xd7\x52\x90\xb9\xab\xb5\x9b\xe5\xf8\x85\x90\x01" "\xe6\x51\xc1\xd4\x04\xa5\xf2\x8e\xaf\x37\x81\xf2\x28\x82\x49\xae\x7b" "\x38\x5a\x9c\x40\x92\x9c\xae\x3f\xa5\xa6\xf1\x42\xcd\x05\x7e\xbd\xbc" "\x00\x00\x00\xe3\x4d\xb2\xd1\x4a\x64\x58\x49\x9d\xe0\x81\x9d\x89\xf5" "\x70\xa7\x2f\xee\x0d\xd8\xcf\x74\x4e\x0d\xaf\x8f\x31\xb1\xd8\xed\xda" "\x87\x29\x6c\xa7\x63\x2e\x1e\x6e\x23", 298); memcpy((void*)0x200000001105, "\x48\xc9\x42\x8a\xfe\x91\xe0\x96\x7e\x32\x39\x82\x40\xfa\x5d\xee" "\x66\xbf\xe5\x5c\xd9\x92\x7c\xa5\x54\x37\x5c\xfe\xbb\x0f\x3d\xf0" "\x26\x27\xb5\xd3\xad\xac\x5d\x8d\x30\xcc\x2c\x9b\x36\x6e\x42\xa6" "\xa3\x49\x83\xb6\x83\xce\x2a\x2f\xbc\xaf\xdc\x21\x4f\x5d\xff\x0b" "\xb1\x00\x4d\xe7\xcb\x3f\xc8\xb2\x58\x6f\x87\x5f\xba\x1b\x7b\xb2" "\xd9\xa9\x06\x2a\xdb\xc5\xdd\x3a\xe2\xff\xf0\xa9\xf5\x0c\x3e\xb1" "\xea\xb1\x68\x78\x85\xd8\x73\x00\xdb\x28\xca\xbc\x87\x9a\x95\xbc" "\x02\x5c\x2b\x8d\xb8\xa3\x68\x7e\x46\x58\x9a\x15\xed\xbf\x0c", 127); sprintf((char*)0x200000001184, "0x%016llx", (long long)-1); memcpy( (void*)0x200000001196, "\xac\x2d\x5b\x5b\x89\x45\xd5\x7e\x78\x69\x64\x8e\xbe\x10\xb8\xd2\x71" "\x97\x63\xb4\xbf\x3f\x66\x67\xbf\x8f\x72\x26\x06\xd2\xb3\x59\x3f\x26" "\x21\x8e\x9a\x5f\xba\x2e\x7d\x41\x66\x78\x7d\xa7\x17\x37\xb3\x80\x04" "\x5f\xb0\xa6\x82\xe2\x91\x52\x71\xf2\x14\xc0\x11\x29\x61\xb7\x3c\x46" "\x38\xe7\xba\x68\xde\xb3\x48\x26\xd7\x68\x2a\xce\x75\x49\xc8\x3b\xf5" "\x2b\xd9\x14\x2b\x6c\x5a\xde\xbf\x82\x15\x52\x70\xd3\x32\x04\xc0\x9c" "\x07\xed\x4c\xa2\xfc\x93\x2a\xf4\x86\x46\xc9\x62\x4e\x3e\x35\x44\xd6" "\x8f\x61\xa2\xb0\x73\xfb\x85\x33\x25\x99\xb2\x99\xa4\xf4\x41\xa8\xe2" "\xf7\x4c\x57\xaa\x38\xb5\xb5\x96\x23\x82\x80\xc1\x69\x3b\xba\x97\xff" "\x25\x86\x79\xab\x84\x48\x59\x70\xb6\x0f\x81\x09\x3d\xda\x65\x01\xba" "\xba\x18\xa7\x79\x0c\xa3\xe6\xfc\xfa\x12\x89\x8b\x9f\xff\x3f\xaf\x61" "\x3d\x71\xf9\xd6\x4d\xbd\x5c\x2e\xda\xd8\xe7\x74\xfb\x0d\xa3\x9e\x53" "\x2d\x92\x16\x4e\x2d\x34\xaf\xf7\xca\xe3\x2f\x3c\xd7\xaa\x9a\xac\xe0" "\x00\xf1\x36\x32\x3e\x48\x08\xd0\xc6\x6c\x08\x28\x94\x2d\xef\x38\xde" "\xb2\xe1\xd8\x47\x55\x5f\xe0\xd5\xba\x80\x84\xba\xbb\x31\x69\xf9\xf0" "\x62\x46\xec\xd5\x32\x77\x58\x44\x8c\x9c\x7e\x45\x91\xda\x12\xff\x1b" "\x08\x4e\x75\x7d\x05\xaf\x4f\x0f\x04\x44\xec\xfc\xc0\xc4\xd2\x06\x7a" "\x98\xd4\x9f\xe5\x24\x12\x21\x83\x80\xbb\x75\xe2\x1c\xd2\x37\x24\xe0" "\x39\x0b\x11\x6b\x9a\x1c\x1e\x33\x50\xb3\xe6\xf1\x7c\x5b\xd1\xf1\xad" "\xb4\xce\x1d\x03\xd5\xb3\x0e\xb0\x69\x03\x40\x70\x8f\x06\xdf\xca\x5c" "\x9d\x74\xa7\xc1\x40\xca\xbd\xdd\x0f\x37\xd8\xbc\xf1\x5e\x57\x8d\xde" "\x85\xd7\xc2\x8c\xcb\x1c\x96\x33\xce\xeb\x54\xbb\x27\x8d\x55\x09\x72" "\x20\xca\x53\xa2\xea\x47\x81\xac\xa2\xb7\x01\x89\x19\x99\x38\xaf\xba" "\x9a\x70\x0a\x61\x02\x25\x31\x1f\xe8\x31\x67\x94\xca\x0a\xe1\x39\xa5" "\x0d\xbd\x34\xd5\x72\xd6\x16\x5e\xaa\xa9\x48\x44\x62\x00\x45\xe6\x15" "\xd5\x1f\x5e\x19\xc2\x9a\xad\xad\x35\x39\x49\x09\x61\x13\x58\x51\xf1" "\x5b\xbf\xd0\x60\x4f\x39\x26\x87\x75\x83\xd8\x5c\x45\xa0\x4c\x6f\x15" "\x5a\xd6\xe1\x96\x6d\x20\x04\xab\x6a\xb5\x1f\x9b\xeb\x82\xdb\xcd\xca" "\xaa\xb8\x86\x56\x4c\xbf\x81\xb5\x81\xda\x39\x7e\xba\x4f\xc8\xfe\x43" "\x0e\xf9\x3e\xd6\x13\xcd\x58\x8e\x39\x96\x69\xb9\xf4\xb6\x34\x81\x16" "\x3e\x6c\x2b\x74\x11\x25\x38\x19\x2b\xe9\x55\x1c\xa4\x00\xbc\x2b\x94" "\x7a\x53\x5f\xcc\xbc\x56\x7a\x68\xa3\xab\x94\x55\x43\x85\xbb\x1f\x2a" "\x0e\x21\x46\x31\x01\x13\x10\x2a\x9f\xfb\xcb\xbf\x44\xd3\x0e\x07\x6d" "\x36\x3d\x62\x01\xfa\xec\xf8\xbb\xbb\xc9\xd7\xfc\xd3\x81\x95\x86\x0b" "\xbc\x85\xee\x3f\x5f\x9b\x2c\x99\x01\x64\xab\xc3\xa7\x67\x4a\xb2\xa6" "\x31\x14\x7d\x70\x85\x85\xf5\x26\x94\xa4\x6b\x68\x1c\xbc\x62\x3b\x53" "\xa2\x72\xf2\x1f\x2a\xa5\x59\x7b\xee\xc8\x09\x49\x54\x54\x13\x16\xcc" "\x45\xec\x97\x51\xfe\xf1\x23\x69\xe7\x27\x2b\x7b\xdc\xb5\x27\xba\xc4" "\xa1\x9e\x0b\xba\x1b\x68\xef\x98\xe3\x56\x37\x05\xe9\xca\x40\xbb\x91" "\x4c\xec\xe2\xfd\x75\xc2\x37\x5b\x81\xa0\x6d\xad\xcd\xb1\xc5\x4a\x17" "\x58\x55\xe3\x0c\x3d\x9c\xa5\x8c\xa8\x73\xe4\x3d\x70\x3b\x14\x71\x52" "\x6f\xb3\xdf\xe1\x2e\x14\x0b\x81\xdf\x3a\xfa\xe6\x10\x4e\x5f\xfa\x4e" "\x85\x85\xb4\x56\xa7\x19\x9c\x75\xc5\xab\xc7\xaf\xec\xa7\x43\xfc\xe3" "\x10\xdf\x09\x06\x2f\x20\xb9\xa9\x9f\xac\x5d\x01\x93\x38\xd9\x86\x06" "\x80\x5f\x4f\xaa\xd9\xcc\x81\xeb\xf0\x3b\x72\x39\xa3\x40\xc9\x73\x82" "\x8b\x67\x6a\xf4\xe5\x94\xd7\x96\x68\x9f\x98\x23\x73\x0c\x5e\xad\x8d" "\xba\x25\x69\x25\x86\x9a\xb0\xd7\x19\x6a\x99\xb7\x5a\x15\xf9\x92\x78" "\x52\xd7\x81\x3a\xa5\xa4\xcb\x76\x76\x47\x49\xe8\x82\xd5\x9c\x09\x4c" "\x5e\xbd\x19\x11\x15\x31\x50\xe8\xd5\x3a\xa8\xab\xbf\x36\x0a\x40\x45" "\xb6\x3e\x0e\x29\x6d\x03\x15\x8d\xe8\xaa\x02\xb5\xae\xb4\x59\xdc\xdc" "\x6b\x9d\x5a\xa8\xc0\xe4\x55\xe7\xcb\x6a\x5d\x9b\x26\xee\x54\x20\xe4" "\x1d\x89\x59\x0a\x0c\x04\xca\x87\x01\xa6\xa3\x86\x71\x6a\x32\xe0\x41" "\x02\xf2\x81\xf6\x63\x17\xa2\x19\x40\xc0\xcf\x83\xe1\x28\xf4\xf8\x3b" "\xdf\x67\x70\x17\x0d\x74\xd4\x3f\x3b\x1f\x4c\x0b\xb5\xe8\xc6\x92\x54" "\xe0\xbf\xd1\x5c\x6d\x02\x59\x6b\xf3\xb5\x47\xe5\xb9\xb8\xe8\x43\x90" "\x45\x5a\x9c\x4b\x00\xb6\x33\xc6\x61\x61\x6a\xca\x4a\x41\x58\x86\x8b" "\xe2\x16\x33\xf3\x43\x15\x59\x96\xea\xff\x00\xc2\xc3\x47\xfe\xa0\x3c" "\x6f\x06\xe7\xad\xcd\x83\xcf\x32\x0e\x3a\x44\x6d\x07\xdb\xa2\x02\xe5" "\x96\x06\x32\x56\x0d\xa8\xa3\xb6\x0e\xfe\x5a\x81\x4a\x5c\xb2\xa4\xff" "\x08\x42\xff\xf2\x38\x97\xb5\x83\xb3\x81\xe5\x03\x0e\x50\x6c\xae\xf8" "\xdc\x97\xbe\xf9\x53\x21\x11\xe3\xeb\x36\x21\x87\x0e\xc3\x9f\xe2\x35" "\x1d\x38\x14\xa0\x2d\x2f\x9e\x38\xaa\xc1\xf0\x89\x7f\x32\xdd\xbf\xfd" "\xc6\xe0\xac\xde\xa9\x5f\xf7\xf6\x78\x65\xda\xae\x11\x30\xf6\x8f\x00" "\x98\x56\x82\xec\xef\xc4\x3f\xb6\xf8\x52\x15\x14\x92\x3b\x5c\xf3\x56" "\x0b\xe0\x73\x9a\xeb\x4e\xb0\x0b\x38\x9d\x39\xeb\xb9\xb9\x74\xe0\x54" "\x12\x0f\xcd\x48\xc0\xd6\xbc\x09\x44\x1c\x2c\x19\xf4\x1b\xdf\xce\xed" "\x01\xa3\xb6\x86\x92\x15\x00\xfa\xe8\x87\x95\xf2\x16\x79\x4d\x21\xdd" "\x3a\x98\xf2\xfd\xb5\xa1\x59\x0e\x0c\xbd\xc5\xcd\x95\x93\xb1\x64\xe2" "\x55\x13\x1c\x21\xf2\x2e\xd7\xe7\xed\x4e\xc8\x3d\xb9\x1f\x8b\xf5\xf3" "\x27\xd7\x22\x2b\xe1\xe4\x70\xa7\xc0\xd0\xa6\x57\xc7\x3a\xd6\x06\xf2" "\xef\x0c\x59\xd3\xc1\x18\xc6\x01\xd2\x3d\x67\xee\x16\xce\x36\x58\xc9" "\x15\x3b\x81\x31\xf0\x6c\x1e\x4f\x83\xc4\x9d\xbe\x6d\xbc\x34\x78\xb1" "\x31\x3b\x92\x21\xbc\x4c\x5e\xad\xeb\xfd\x16\xcd\x07\xaf\xde\x50\x9f" "\x2e\x92\x6f\xcf\xd5\xf8\xfe\xab\xe8\x36\xf4\x08\x0e\xa5\xe6\x5c\x1e" "\x4d\x85\x9f\x16\xac\x45\xad\x8c\x80\x4e\xb9\xec\xce\x36\x3f\xaf\x19" "\xc1\x40\x9d\x81\x92\xa6\x44\x82\x35\x78\xcc\xfd\x5b\x64\x34\x78\xeb" "\x94\x82\x23\x67\x6d\x37\x5f\x81\x1f\xff\xa8\x74\xf7\xc2\xa2\x81\x10" "\x4a\x28\xba\xf4\xda\x27\x16\xae\x87\x0a\xbb\x3e\x0f\x05\xe6\x34\x66" "\x17\x63\x56\x72\x8a\x70\x0f\xe3\x9e\xbb\x62\xbd\xbf\xf1\x39\xfd\xbf" "\x21\x52\x00\x22\x98\x4d\xc6\xd3\xee\xd1\xd8\x1b\x94\xf2\x8a\x07\xcc" "\x23\x8c\xcb\x64\xd6\x5e\x87\x53\x4c\x01\x11\xbb\x76\x21\x23\x68\xc6" "\xe8\xe9\xa5\x36\xe7\x58\xfa\x2f\x16\xa2\xca\xb9\xd3\x19\x84\x05\x54" "\x88\xb2\x7b\xcf\xf1\x2b\xcc\x5a\x0f\xe2\x1a\x0e\x44\xed\xfb\x87\xc6" "\x81\x06\x0e\x69\x44\xff\x89\xdc\xe4\xa9\xc7\x12\x2c\x53\xac\xc2\x79" "\x13\xa5\xfb\xf1\x5c\x9a\xda\x97\x1d\xf8\x8f\x0d\xf3\xf8\x2e\xb5\x63" "\xf6\x3c\x64\x0a\xd6\xe3\x9a\x1f\x5c\x1a\xad\x83\xc3\x64\x95\x7e\xc6" "\xd6\x45\xf4\x24\x3d\x1f\xb4\xec\xef\x27\x5d\x4c\x0c\xa0\x28\x40\x64" "\xcd\xe0\xc2\x82\xd7\x93\xf2\x90\xba\xb5\xa4\xde\xc1\x5f\x3e\x2a\xdc" "\xc9\xd4\x55\xd2\xe2\x8b\xd0\x40\xd6\xe0\xf6\x51\xac\x6f\x20\xf5\x5d" "\x13\x03\xd2\xaa\xef\x21\x04\xb3\x93\xaf\xc8\x49\xe9\xcd\x77\x43\xca" "\x20\xa6\xf0\x92\xcb\xf4\x2a\x67\x44\x68\x92\x49\x31\x28\xd3\x8b\xb0" "\xd0\xf5\x07\xff\xe3\xfd\x71\x8e\xc4\x8e\xff\x58\xdf\x72\x97\x28\xbc" "\x01\xee\x18\x0d\x67\x6d\xfa\x22\xc8\x1d\xa0\xe4\xe3\xfd\xa9\x4f\x4f" "\x94\x19\x5b\xc8\x2e\x1f\x94\x1d\x8a\x29\x0c\xa0\xd4\x16\x37\x3d\x42" "\x0e\xba\x19\x64\x70\xe4\xf2\x59\x40\x50\x60\x61\xc6\x01\xf1\x2b\x36" "\x56\xd6\xd6\xb3\xa4\x7e\x50\xd5\x23\x5b\x7f\xd0\xf8\x2b\xb0\x83\x5a" "\xee\x34\x70\xb6\x9b\xf7\xe5\x96\x16\xec\xe4\x47\xd9\xaf\x36\xc3\x96" "\xf6\x87\x21\x4f\xf7\xd7\xe2\x79\x61\xf4\x61\xc7\x80\xb4\xc5\x63\xae" "\xb4\x7f\xa9\xf3\x35\xcb\xda\xde\x8a\x06\x71\x1b\xa7\x9b\x6f\xe8\x77" "\x8a\xc1\xbc\x06\xbb\x59\x13\x1c\x17\x40\x9c\x1d\x1d\x0c\xc7\x46\xae" "\xc8\xc3\xb1\x34\x8f\x95\x85\x94\x51\x92\xd8\xe3\x20\x02\xc6\x76\x75" "\x3a\xb2\x46\xa9\x27\x02\xfc\x8e\x3a\x3c\xe8\x9b\x84\x66\x1b\x1b\x10" "\xdc\xd7\x3f\xdd\xac\xd3\x11\xca\x66\x3d\x48\x3b\x87\xa5\x92\x25\xf6" "\x06\x27\xee\xcf\x40\x9d\x61\x88\x23\x6b\x19\x86\x33\xd4\x7c\x5f\x1c" "\x0b\xa0\xbb\x43\x21\xaa\xc8\x8a\x60\x61\xd5\xe9\x78\x83\x91\x4c\xd7" "\x42\x84\xab\x93\x7b\x95\x79\xcc\xee\x6a\xb5\xbb\x39\xf6\x27\x4a\x04" "\xe3\xe7\xa8\xc3\xd0\x33\xe3\x40\x35\x7b\xc1\x5c\x5f\x6d\xaa\x04\x7b" "\x1c\xee\x44\x8a\xc3\x80\xbb\xde\x4b\xf8\x06\xb0\x89\x1a\x04\xb9\xe4" "\x08\x60\x9b\x04\x0b\x7d\x3a\x02\xd2\xa7\x6d\x40\x13\x75\x6d\x79\x24" "\x47\x92\xc5\x43\xfe\x23\x27\xa3\xc3\x71\x85\x2b\xed\x5a\xb5\x4d\xe9" "\x87\xbc\x46\x99\xb3\x2a\xd1\xc0\x8f\x7f\xff\x7a\x23\x06\x9e\x72\xbd" "\xdc\x9a\x59\x0b\x2c\x70\x7b\xac\x39\x57\xd4\x6b\x65\x7a\x4e\x17\xf1" "\x91\x4d\xb5\x8f\xb6\x43\x6b\xdd\x58\xb8\x6d\xf4\x91\x01\x6a\x2b\x9e" "\xbe\x0c\x35\xa8\x59\xb2\x16\xf1\x7f\x48\x28\xc8\xde\xe3\x0a\x38\xed" "\x1f\xc3\x63\x47\xaf\x97\x89\x99\xd0\xc4\x04\x31\x3c\xf9\x9c\x92\x81" "\xc4\x51\x94\xab\xd7\x94\x75\xa8\x0e\xa1\x48\x68\x40\xaa\xd7\x2b\x1c" "\x0c\x4f\x17\xfe\x35\xa1\x50\xfc\xb5\x74\xfa\x9f\xcc\x09\xa7\xfc\x5d" "\xcd\x34\xe1\x5d\x4b\xf1\xbc\xcf\xa8\xbf\x42\x3d\x24\x37\xe2\xeb\x0d" "\x3c\xa9\x32\x4f\xbf\xc7\xe2\x56\xb8\x62\xc5\x0e\xbc\x8d\xb3\xfb\x69" "\xf6\x90\x03\xd3\x78\x07\xaf\x8d\xdc\xcf\x2d\x92\x9a\xd9\xd0\x6e\xbb" "\xb7\xe5\x38\xd9\x3b\xb0\xb7\xbc\x82\x8e\x16\x39\xe0\xb5\xe8\x9c\x22" "\xba\xdc\xa3\x07\xad\x28\x18\x3c\x30\x83\xe8\x7c\x91\x7f\xeb\x4c\x88" "\x23\x97\xd3\x97\xea\x2e\x7f\xf0\xe0\x5e\xbb\x25\x29\x40\x30\x2c\xdc" "\x0f\x0f\x7e\xfe\x40\x68\x5f\x7c\x3e\x89\x23\xe3\x79\x5d\x70\xd6\x9c" "\x70\xd9\xa0\x71\xe4\x01\xce\xe7\x71\xf2\x9d\xcb\x53\x16\x47\x17\x68" "\x46\x4c\x46\x59\xf2\xc7\x6d\x11\x71\x3a\xb4\x4f\x4c\x94\x4a\x48\x19" "\xde\xb1\x24\x8b\x02\x45\x74\x03\xe9\x63\x0a\xaf\x4a\x18\x0e\x9e\x55" "\xbb\x4d\x29\x1e\x9a\x2b\xc8\x5a\x1e\xd1\x7f\x90\x6d\x54\x93\x5c\x7e" "\x5e\x8b\x70\x7e\xad\x56\x28\x4f\xda\x02\x08\xbd\x88\xab\x5c\x32\x59" "\xbd\x53\x29\xc0\xd2\x66\x53\xeb\x07\xb6\x85\x6a\xd7\x99\xfd\x6f\xa8" "\xd2\x11\x1d\xa3\x97\x0f\xf8\x50\x9b\xc2\xef\x3a\x88\x13\xd0\x4f\x36" "\x00\x15\x26\xb7\x07\x57\x64\x6e\xd4\xbf\x25\xa2\x56\x75\x1b\x8e\xc7" "\x14\xf2\xe6\x2d\xea\x19\xe8\x2a\xac\xec\x38\x91\x95\x53\x2b\xf7\xf3" "\x35\xaf\xae\x43\x51\xad\xb9\x3c\x84\x6e\x22\xf1\xf2\xa3\xe0\xd6\x20" "\xd8\x16\x88\xbd\x55\x30\xe3\x89\xf2\x28\x4b\x3c\x99\x7d\x4a\xba\xb7" "\xc3\x0a\xac\x1b\x14\x14\x25\xcd\x9a\xa3\x15\xdc\x5a\x5e\x8b\x04\xfd" "\x50\x3d\x79\x89\x6b\x14\x94\xd8\xbe\x48\x04\x8c\x73\x92\xfc\x92\xc3" "\x25\xb7\x6b\xde\x44\x96\xc4\x9d\xa3\x4c\x9f\xf9\x59\x69\xbe\xc8\xf9" "\x5c\x35\x62\x39\xd5\x33\x69\x07\x95\x73\x83\xb1\x2c\x51\x2f\xff\x6d" "\x79\x70\x97\xa2\x6a\x5a\xee\x92\x51\xba\xe9\x40\xef\x1a\x19\xb3\xf7" "\x46\x39\x63\x00\xd3\xba\xeb\x47\x6b\x02\x3f\x74\x0e\xd7\xc1\xda\x92" "\xfd\xbf\x18\x34\xc3\xa8\x82\xa6\x07\x98\x85\xb9\x33\x33\x3d\x0e\x19" "\x4c\xc1\xf2\x5a\x06\xc3\xa2\xd3\x70\x93\x68\x86\xcb\x38\x5d\x98\x61" "\xd6\x76\x2c\x74\x16\xa1\xdb\x52\x75\x22\x8b\x64\x99\xcd\xef\x97\x67" "\xfb\x99\x8d\x43\x25\x1b\x96\x3b\xc4\x47\x7b\x2c\x05\x1b\x70\xa0\x31" "\x7d\xe5\xf6\xec\x31\x58\x91\x41\x45\xbd\x03\x6f\xf1\x94\xdf\x97\x22" "\xd2\xa3\xd2\xac\x23\x97\x89\x1b\x57\x3a\x34\xad\x16\x23\x6c\xdc\x7c" "\xa7\x7b\xc1\x5f\x0f\xdb\xc3\xca\xe9\x23\xd6\x16\x33\xa4\x2b\xab\x45" "\x0a\x80\xcf\x3e\xe6\x58\x0e\x79\x2b\x16\x17\xd7\x4f\xa1\x89\xd4\x50" "\xa6\x4c\xa1\x2d\x8c\x79\x76\x98\x20\x8e\xa6\x10\x10\xb6\x07\x28\x85" "\xb7\x62\xaf\x59\x81\x59\x62\x1f\x83\x8e\xba\xcc\x00\xea\x11\xf5\x92" "\x4b\x39\xb2\xbb\xbc\x5c\x7d\x66\x78\x71\xce\x32\xe9\xaa\x75\x89\x3a" "\x9f\xa1\x3a\x2f\xfe\x66\xb3\x60\xe2\x66\x44\x62\x59\xa8\x74\x5a\xdd" "\xb4\xe1\x86\x13\x9d\x86\xd4\xe8\xd4\x85\x37\xac\x35\x02\x9b\x0d\x87" "\xc0\x3e\x8c\x1a\x9b\x9a\x42\x25\x94\x49\x6f\xed\xa8\xbc\x55\x02\x77" "\x74\x28\xfe\x73\x71\x98\xed\x89\x6c\x21\x28\xa4\xf7\xd5\x52\xf2\xee" "\xa8\xfe\xf6\xe6\x8f\xea\xf3\xcb\xfd\x54\x9e\x62\x2e\xea\x7b\xc9\x88" "\xbb\x16\xfc\x49\xb7\xab\x24\x14\x26\xf2\xe4\x0e\xdc\xca\x07\xd4\xf9" "\x47\xcc\xb1\xd3\xb8\xc2\xe9\xcb\x14\xa0\xc0\x44\x95\xdb\xb7\x5b\xd9" "\xc9\x35\xf3\x6b\xfe\x39\x84\x55\xb0\xe5\xf9\x27\xd5\x72\x6e\x61\x7c" "\x69\xca\x81\xfe\x36\xc3\xe6\xea\x51\x0c\x5f\xe4\x73\x51\x61\xc9\x92" "\xf9\xeb\xf6\x67\x27\xe5\xa7\xde\xd5\x90\x06\x1d\x4d\xa3\xb8\x6b\x99" "\x68\x46\xa6\xbb\x10\x2e\x47\xd3\x34\x65\xd8\x8a\x68\x64\x4c\x8a\x76" "\xa7\x70\xd5\xe0\x31\x8e\x6c\x30\x1e\x7c\x7f\x55\x75\xbf\x15\xa9\x58" "\x9b\x32\xcf\xaa\x41\xee\x15\x97\x24\x88\x49\x71\x95\xa2\xcb\x49\xa6" "\xb6\xf9\x37\xa8\xe3\x11\xe3\x4d\x31\x1d\xfd\x4f\xe2\x22\xd3\xab\xc0" "\x95\xb0\xb2\x4a\x1b\x71\x93\xeb\x33\x53\xde\xf0\xcc\x15\x11\xc8\xfc" "\xe9\xb0\xa7\x86\x7a\xe2\xfe\xd4\xdb\x93\x00\x96\x46\xdc\x91\xa3\x74" "\x53\x87\xcb\xe6\x1b\x37\xf7\x49\xb4\x0d\x5d\x38\x97\x08\x56\xb7\xab" "\x8b\x6e\x1e\x0b\x81\xc0\x78\xc6\x8c\xb5\x5c\x57\x85\x4b\x8b\x58\x63" "\xb7\xa4\xc8\x7f\x42\xe6\xd6\xdc\xa2\xde\x03\x26\xb1\xb2\x69\x70\x16" "\x8c\x99\xf5\x98\x16\x87\x74\x48\xe7\xf7\x26\x26\xf5\x35\x4f\xdb\x5e" "\x03\x3c\xd6\xb4\x2e\x94\x76\x66\x5e\xfa\xe6\x62\x87\xe6\x56\x59\x0d" "\x1f\x80\xb3\xa0\x95\x57\xa5\x7d\x7d\xe4\xba\xde\x6a\x12\x2d\x40\xa9" "\x2d\xb1\xd3\x47\x46\x3b\x74\x15\x1d\x44\xa0\x2d\xbe\x06\x72\x59\xc6" "\x33\xb8\xc8\x44\x25\xe7\x7a\x73\x6f\xca\x99\xf0\x6d\x0f\xd6\x6e\x35" "\x36\x55\x11\xec\x01\x75\x37\xf4\xc2\x12\xe7\xf2\xe2\x33\x69\x95\x8c" "\x3a\x7b\x92\xfe\xff\xad\x9e\xdb\x12\x13\x9f\x1f\x69\x0f\x95\x12\x72" "\x5c\x0a\x1a\x16\x4e\x78\xb4\x13\x0c\x91\xfd\x39\x61\xdf\x91\xc1\xa1" "\x17\x83\xc2\x4b\x03\xbc\xf3\x05\xfd\x0e\x14\xe6\x51\x0f\x4d\x58\xcf" "\x73\x32\x6e\x94\xf2\xbc\x1b\x1a\xb2\x95\x29\x7b\xee\x7a\x98\xb7\x7a" "\xfe\x48\x3a\x7d\x66\xe7\x80\xd5\xe1\x11\xb4\x20\x22\x85\xf5\x80\xce" "\x57\x1e\xcc\x09\x85\x50\x1f\xaa\x0e\x9f\x2f\x5b\x98\x48\xd7\x70\xd8" "\xd8\xad\x7b\x90\xa9\x51\xf8\x32\x79\x07\x3e\x45\xa0\xc7\xab\xcf\x89" "\xcd\x62\x00\xf7\xfc\x32\x0e\x46\xea\x3d\xe2\xad\xde\xe3\xa9\x84\x43" "\x25\x01\x06\x3f\x99\x28\xd0\x89\x7d\x93\xdd\xe2\x0f\xe8\xfb\xe4\xda" "\xbc\x1a\xc3\x4b\x0e\xfd\xb3\xd7\xc7\xb4\xd4\x95\x71\xea\x64\x25\x2d" "\x72\x09\xff\x6d\x0a\xe5\xb9\x5e\xf3\x5d\x81\x60\xc5\x97\x6f\x7e\xd9" "\xc4\xb6\x9d\xb8\x1a\x73\xf6\xd0\x0f\xd2\x54\xc4\x17\x69\x6d\x6a\xf6" "\x94\xf3\x68\x88\x26\xcc\x04\xdb\x80\x19\xf2\x41\x9f\xa9\x9e\x47\xdc" "\x43\x6f\xd7\x68\x90\xb5\x29\x1c\xd2\x72\x47\x17\xa1\xe6\x04\xe6\xcb" "\x5e\x21\x42\x35\x66\x4e\x8c\x71\x48\xc2\xbd\x87\x99\x6c\x05\xbc\xfe" "\x1f\x29\x20\x0f\x40\xa0\xd7\x66\xdf\x3d\xdc\x6f\xae\xf8\x2f\xb3\x4d" "\x38\x5f\x90\xb8\xf0\xe4\xbb\x7b\xa5\x19\xe7\x98\x67\x35\xc1\x69\xcb" "\x35\x46\xd6\x2f\xb7\x0f\xbd\x49\xee\xc4\xed\xd7\x03\x97\xd2\xfc\xbf" "\xdb\x9c\xd8\x73\x31\xfc\xe3\xc9\x78\x6b\x70\x90\x50\x1b\x90\x4c\x8f" "\x92\x5a\x1d\xbf\xa1\x51\xa1\x8e\x6c\x14\x5e\xbb\x74\xda\x71\x00\xde" "\x60\xa6\x27\x10\x0d\x6c\x04\xce\x78\x9a\x7d\x4e\x88\x69\x2c\xb0\x90" "\xfd\x9f\xf2\x00\x6e\x5d\xdb\x87\x0f\x5b\x2a\xa5\x02\x08\x1e\xb7\xa2" "\x67\x44\xde\x9a\x0d\x29\xa6\x6e\xf1\x8e\xb0\x97\xe1\xd3\x96\x56\x10" "\x78\xe3\xf9\x25\x80\x46\xa3\xa3\xe9\xb5\x87\x89\x64\xd7\x1b\x52\x67" "\x55\x08\x4f\x38\x5d\x97\x77\xb2\xab\x50\x3f\x9d\x77\xc0\x9a\x46\x00" "\x4b\x50\x05\xf6\x9e\xed\xee\x80\xed\xd8\x7d\xd1\x7f\x22\x92\xeb\xa0" "\x0f\x71\xde\xdb\x01\x0b\x7b\x00\x3a\x84\x00\xf6\xb4\x4d\x63\x55\x9a" "\x10\xbc\x00\x52\xc6\x78\xac\x8e\xd9\x65\x8a\xff\x4f\x85\x87\x78\xeb" "\xb6\x0c\xba\xf5\x3d\x82\x24\x8a\x26\x0c\x72\x55\xf9\x43\x71\x1e\x8a" "\xc3\x1a\x4b\x7a\x46\x94\xdc\xda\xce\x3b\xe2\x5e\xa4\x3b\xdc\x9d\xfd" "\x52\xd3\x69\x29\x2d\x8d\x75\x81\xa6\x97\x9d\x1b\x8a\xd5\x43\xba\xeb" "\x92\x96\x90\x7e\x09\x26\x02\x5f\x4c\x35\x97\xe9\x8e\x2e\xac\xd0\x48" "\xa5\xde\xdd\x0e\x9d\xab\xc3\x26\x8e\xd3\x5a\x91\xc6\x18\x09\x08\xaf" "\x07\xa9\x5b\xf3\x74\x57\x3c\x7b\x4f\x61\x1e\xb3\x0b\xbb\x5f\x17\x21" "\xa6\x55\x0f\x48\x3d\xca\xed\x51\xd8\x4f\xda\xa5\xc6\xa5\x2d\x7c\x4d" "\x04\xca\x4e\xdf\xd2\x88\xd5\xaa\xeb\xf6\xf0\x6c\x6f\xff\x8b\xff\x81" "\x39\x23\xac\x8c\x6e\xdd\x0e\xad\xef\xab\x93\x84\x42\xff\x09\xb1\xb3" "\xff\x92\x6c\x96\x3d\x67\xa0\x1c\xcc\xbd\x86\xcb\x69\xbb\x5e\x5a\x4a" "\xdc\xa8\x21\x10\xf8\x7d\x3e\xe7\x80\x0b\x14\x41\x2b\x48\xcd\x94\xfe" "\xac\xba\xa9\xc1\x92\x1e\x81\x6d\x02\x87\xad\x11\x98\xb9\x4f\xd6\xde" "\x31\x49\x12\xb7\x99\x38\xa0\xd0\x0e\xf5\x96\x8c\xa4\xcb\x50\x6a\xfa" "\x14\x96\xce\x48\x86\xc8\xc4\x49\x55\xa9\x2c\x9d\x23\x95\xf1\x08\xa3" "\x57\xe2\x40\x51\x1c\xc7\xe6\x54\x8a\xc4\x17\x4e\x5b\x52\xcc\x1f\x03" "\xea\x8f\xa8\x26\x8a\x72\x83\xe9\xcd\x25\x51\x8c\xc7\x11\x14\x86\x95" "\x37\x89\x1b\x64\x33\x72\x22\xf0\x4c\x11\x14\x07\xbc\x2c\x87\x77\xf1" "\x13\x2e\x1b\x29\x4e\xc5\x33\x61\x0f\xd1\xae\x3b\x4a\xa7\xe2\x0c\x31" "\x5d\x87\xae\xed\x3a\x19\x15\x16\x77\xe0\x41\x73\xfb\xd5\x5e\x88\x66" "\x9f\x51\x5d\xea\x19\xc8\xb9\x9f\x8d\x7e\x82\x97\x34\xf6\x15\xa9\xb9" "\x5e\x27\x8f\xec\x62\xcf\x2d\x1a\x37\xd5\x35\xef\x71\x99\x65\x30\xc6" "\x2e\x65\xbb\x6f\xde\x62\x54\x47\xe9\x12\x2c\xfd\x94\x7d\x70\x32\xc7" "\x58\x0b\xfa\x52\x86\xbd\xde\x0b\xd9\xc4\xf0\xc6\x3c\xbc\xed\xdc\x30" "\x2e\x1d\xae\xf7\xf2\x7b\xf2\x89\xf7\x24\x56\x80\x25\x60\xe4\x47\x7b" "\x27\x52\x0b\x45\xf3\xa3\x9e\x78\x78\x24\xf1\x69\xb3\xfa\x0e\xc7\xfb" "\xa1\xc3\x7f\x44\x99\xd4\x3a\x9c\xdc\xa7\x59\x5f\x3e\x9a\xb7\x42\x23" "\xc3\x48\x19\xb2\x60\x13\x0d\x8a\x76\x13\x65\x31\x01\xcc\x9a\x6e\x23" "\x6a\xc0\x19\x65\x35\x6c\x90\x81\x4c\x63\x2e\xd4\x21\xa6\x26\x54\xa4" "\x57\xcc\xc6\x60\x40\x02\x64\x51\x61\x0b\x94\x89\x8d\x13\x29\x2c\xf2" "\x09\x6f\xc1\x74\x4b\x8f\xe6\x7c\xeb\xbc\xee\x0a\x38\x30\xbe\x98\x76" "\x94\xe5\x93\xd7\x32\xf0\x5e\x3c\x65\x03\xa7\x11\x73\xdc\x98\x70\xc3" "\xec\xa0\x17\x31\x8b\x62\x8d\xd6\x51\x23\x2e\xa1\xc4\x24\xa9\x8b\x39" "\x41\x88\xc8\xb8\xdb\xf3\x0d\x69\xf1\x97\x62\x19\xfd\x5b\x19\x75\xf8" "\xde\xeb\xab\xec\xa9\x70\x58\x1f\x01\x1f\x42\x8c\x16\x4b\xb3\x5e\x0d" "\x6b\xe1\x87\xa5\xa2\x88\x7d\x6b\xb0\x88\x9c\x41\xc5\xc2\x4d\x0b\x17" "\x3f\x05\xdb\x5d\x3a\x9e\x50\x31\x8b\x44\x8b\x3c\x8c\x00\x00\x00", 4096); sprintf((char*)0x200000002196, "%020llu", (long long)-1); memcpy( (void*)0x2000000021aa, "\x88\xd2\x55\x86\x18\xf7\xc4\x90\xfc\x79\x67\x49\xfc\x7a\xd4\xd0\xe5" "\x8a\x14\x56\xee\xd8\xa4\xec\xe8\x6a\xfc\x5e\xa4\xc6\xfa\xfb\x51\x15" "\x6d\x1a\x84\xe6\x5c\x21\x15\xc6\x89\x0b\x81\x7c\x3c\x84\x05\x4f\xcb" "\x6e\x09\xc6\x97\xf5\xfe\x74\x7a\x74\x4b\x09\x83\xd5\x7a\xed\x44\xc7" "\x96\xd0\x41\xe3\x2f\x9d\x12\x23\x51\xae\x59\xb4\x14\x3d\x51\x6e\x07" "\x8d\x3e\x88\xf9\x47\x35\xa9\x34\x12\xc6\x04\xb4\x2d\x89\xdc\x3a\x0c" "\x0a\x8d\x30\xd0\x11\xf4\xa4\x90\x8a\xca\x5c\x2b\x04\x0e\x20\xf8\x25", 119); *(uint16_t*)0x200000002221 = -1; syz_mount_image( /*fs=*/0x200000000f40, /*dir=*/0x200000000f00, /*flags=MS_I_VERSION|MS_PRIVATE|MS_UNBINDABLE|MS_SYNCHRONOUS|MS_STRICTATIME|MS_REMOUNT|0x202408*/ 0x1a62438, /*opts=*/0x200000000f80, /*chdir=*/0xb, /*size=*/0, /*img=*/0x200000000100); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); setup_sysctl(); const char* reason; (void)reason; for (procid = 0; procid < 4; procid++) { if (fork() == 0) { use_temporary_dir(); loop(); } } sleep(1000000); return 0; }