Google Git
Sign in
kernel / pub / scm / linux / kernel / git / shuah / linux-arts / e20dfe47d05f05ce21a41761e154a826b4dbcf21 / . / syzkaller-repros / linux / 5b1b9853e5504f1f32511691917fec1401a827cb.c
blob: 70a952f2834359587cb1a5f37da34312e3976b8e [file] [log] [blame]
// WARNING in ext4_direct_IO
// https://syzkaller.appspot.com/bug?id=5b1b9853e5504f1f32511691917fec1401a827cb
// status:open
// autogenerated by syzkaller (https://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <pthread.h>
#include <sched.h>
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
#include <linux/futex.h>
static void sleep_ms(uint64_t ms)
{
usleep(ms * 1000);
}
static uint64_t current_time_ms(void)
{
struct timespec ts;
if (clock_gettime(CLOCK_MONOTONIC, &ts))
exit(1);
return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}
static void thread_start(void* (*fn)(void*), void* arg)
{
pthread_t th;
pthread_attr_t attr;
pthread_attr_init(&attr);
pthread_attr_setstacksize(&attr, 128 << 10);
if (pthread_create(&th, &attr, fn, arg))
exit(1);
pthread_attr_destroy(&attr);
}
typedef struct {
int state;
} event_t;
static void event_init(event_t* ev)
{
ev->state = 0;
}
static void event_reset(event_t* ev)
{
ev->state = 0;
}
static void event_set(event_t* ev)
{
if (ev->state)
exit(1);
__atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE);
syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG);
}
static void event_wait(event_t* ev)
{
while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0);
}
static int event_isset(event_t* ev)
{
return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE);
}
static int event_timedwait(event_t* ev, uint64_t timeout)
{
uint64_t start = current_time_ms();
uint64_t now = start;
for (;;) {
uint64_t remain = timeout - (now - start);
struct timespec ts;
ts.tv_sec = remain / 1000;
ts.tv_nsec = (remain % 1000) * 1000 * 1000;
syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts);
if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED))
return 1;
now = current_time_ms();
if (now - start > timeout)
return 0;
}
}
static void setup_common()
{
if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) {
}
}
static void loop();
static void sandbox_common()
{
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
setsid();
struct rlimit rlim;
rlim.rlim_cur = rlim.rlim_max = 160 << 20;
setrlimit(RLIMIT_AS, &rlim);
rlim.rlim_cur = rlim.rlim_max = 8 << 20;
setrlimit(RLIMIT_MEMLOCK, &rlim);
rlim.rlim_cur = rlim.rlim_max = 136 << 20;
setrlimit(RLIMIT_FSIZE, &rlim);
rlim.rlim_cur = rlim.rlim_max = 1 << 20;
setrlimit(RLIMIT_STACK, &rlim);
rlim.rlim_cur = rlim.rlim_max = 0;
setrlimit(RLIMIT_CORE, &rlim);
rlim.rlim_cur = rlim.rlim_max = 256;
setrlimit(RLIMIT_NOFILE, &rlim);
if (unshare(CLONE_NEWNS)) {
}
if (unshare(CLONE_NEWIPC)) {
}
if (unshare(0x02000000)) {
}
if (unshare(CLONE_NEWUTS)) {
}
if (unshare(CLONE_SYSVSEM)) {
}
}
int wait_for_loop(int pid)
{
if (pid < 0)
exit(1);
int status = 0;
while (waitpid(-1, &status, __WALL) != pid) {
}
return WEXITSTATUS(status);
}
static int do_sandbox_none(void)
{
if (unshare(CLONE_NEWPID)) {
}
int pid = fork();
if (pid != 0)
return wait_for_loop(pid);
setup_common();
sandbox_common();
if (unshare(CLONE_NEWNET)) {
}
loop();
exit(1);
}
static void kill_and_wait(int pid, int* status)
{
kill(-pid, SIGKILL);
kill(pid, SIGKILL);
int i;
for (i = 0; i < 100; i++) {
if (waitpid(-1, status, WNOHANG | __WALL) == pid)
return;
usleep(1000);
}
DIR* dir = opendir("/sys/fs/fuse/connections");
if (dir) {
for (;;) {
struct dirent* ent = readdir(dir);
if (!ent)
break;
if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
continue;
char abort[300];
snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
ent->d_name);
int fd = open(abort, O_WRONLY);
if (fd == -1) {
continue;
}
if (write(fd, abort, 1) < 0) {
}
close(fd);
}
closedir(dir);
} else {
}
while (waitpid(-1, status, __WALL) != pid) {
}
}
#define SYZ_HAVE_SETUP_TEST 1
static void setup_test()
{
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
}
#define SYZ_HAVE_RESET_TEST 1
static void reset_test()
{
int fd;
for (fd = 3; fd < 30; fd++)
close(fd);
}
struct thread_t {
int created, call;
event_t ready, done;
};
static struct thread_t threads[16];
static void execute_call(int call);
static int running;
static void* thr(void* arg)
{
struct thread_t* th = (struct thread_t*)arg;
for (;;) {
event_wait(&th->ready);
event_reset(&th->ready);
execute_call(th->call);
__atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED);
event_set(&th->done);
}
return 0;
}
static void execute_one(void)
{
int i, call, thread;
for (call = 0; call < 11; call++) {
for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0]));
thread++) {
struct thread_t* th = &threads[thread];
if (!th->created) {
th->created = 1;
event_init(&th->ready);
event_init(&th->done);
event_set(&th->done);
thread_start(thr, th);
}
if (!event_isset(&th->done))
continue;
event_reset(&th->done);
th->call = call;
__atomic_fetch_add(&running, 1, __ATOMIC_RELAXED);
event_set(&th->ready);
event_timedwait(&th->done, 45);
break;
}
}
for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++)
sleep_ms(1);
}
static void execute_one(void);
#define WAIT_FLAGS __WALL
static void loop(void)
{
int iter;
for (iter = 0;; iter++) {
int pid = fork();
if (pid < 0)
exit(1);
if (pid == 0) {
setup_test();
execute_one();
reset_test();
exit(0);
}
int status = 0;
uint64_t start = current_time_ms();
for (;;) {
if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
break;
sleep_ms(1);
if (current_time_ms() - start < 5 * 1000)
continue;
kill_and_wait(pid, &status);
break;
}
}
}
#ifndef __NR_creat
#define __NR_creat 8
#endif
#ifndef __NR_fchdir
#define __NR_fchdir 133
#endif
#ifndef __NR_fcntl
#define __NR_fcntl 55
#endif
#ifndef __NR_ftruncate
#define __NR_ftruncate 93
#endif
#ifndef __NR_io_setup
#define __NR_io_setup 245
#endif
#ifndef __NR_io_submit
#define __NR_io_submit 248
#endif
#ifndef __NR_mmap
#define __NR_mmap 192
#endif
#ifndef __NR_openat
#define __NR_openat 295
#endif
#ifndef __NR_pwrite64
#define __NR_pwrite64 181
#endif
#ifndef __NR_write
#define __NR_write 4
#endif
#undef __NR_mmap
#define __NR_mmap __NR_mmap2
uint64_t r[4] = {0xffffffffffffffff, 0xffffffffffffffff, 0x0,
0xffffffffffffffff};
void execute_call(int call)
{
long res;
switch (call) {
case 0:
memcpy((void*)0x20000100, "./cgroup.cpu", 13);
res = syscall(__NR_openat, 0xffffff9c, 0x20000100, 0x200002, 0);
if (res != -1)
r[0] = res;
break;
case 1:
syscall(__NR_fchdir, (long)r[0]);
break;
case 2:
memcpy((void*)0x20000140, "./bus", 6);
res = syscall(__NR_creat, 0x20000140, 0);
if (res != -1)
r[1] = res;
break;
case 3:
syscall(__NR_fcntl, (long)r[1], 4, 0x4001);
break;
case 4:
res = syscall(__NR_io_setup, 0x1002, 0x20000040);
if (res != -1)
r[2] = *(uint32_t*)0x20000040;
break;
case 5:
memcpy((void*)0x200004c0, "./bus", 6);
res = syscall(__NR_creat, 0x200004c0, 0);
if (res != -1)
r[3] = res;
break;
case 6:
syscall(__NR_fcntl, (long)r[3], 4, 0xb88cc547);
break;
case 7:
syscall(__NR_ftruncate, (long)r[3], 0x8008200);
break;
case 8:
*(uint32_t*)0x20000000 = 0;
*(uint32_t*)0x20000004 = 0x2710;
*(uint16_t*)0x20000008 = 0;
*(uint16_t*)0x2000000a = 0;
*(uint32_t*)0x2000000c = 0;
*(uint32_t*)0x20000010 = 0x77359400;
*(uint32_t*)0x20000014 = 0;
*(uint16_t*)0x20000018 = 0;
*(uint16_t*)0x2000001a = 0;
*(uint32_t*)0x2000001c = 0;
*(uint32_t*)0x20000020 = 0;
*(uint32_t*)0x20000024 = 0;
*(uint16_t*)0x20000028 = 0;
*(uint16_t*)0x2000002a = 0;
*(uint32_t*)0x2000002c = 0;
syscall(__NR_write, (long)r[3], 0x20000000, 0xfffffdc6);
break;
case 9:
memcpy(
(void*)0x20000580,
"\x5f\x78\xce\x74\x97\xa1\x0f\x54\x1d\xe0\x1b\x3f\xbf\x60\x7b\xde\xec"
"\x39\x71\xe6\xd2\x99\xc6\x7b\x54\xb2\xea\xe4\xd3\x79\x2a\x7e\x3d\x3a"
"\x18\xdc\x13\x4c\xc0\xe8\xd5\x42\x97\xba\xb4\x52\x51\x09\x46\xdc\xaf"
"\x8d\xbf\x1a\x01\xb5\x05\x6a\xa8\x3d\x85\x46\x21\x7f\xdb\x60\xe0\x39"
"\xef\x43\x78\x06\x37\xea\x5a\x26\xbd\xdb\x9a\x64\xfb\xf7\x01\x33\x36"
"\xe0\xd5\x5b\x80\x42\x54\xd9\xf1\x2e\x36\xc4\x33\xea\xfb\xd0\x70\x0a"
"\x6e\x53\x31\xa2\x4a\x14\x0f\xd2\x96\x31\xee\x34\x18\x68\xbc\x6b\xd8"
"\xf1\x31\x0d\x75\xcd\x9b\x94\x1b\x0f\xc1\xfc\x9d\xae\x71\xe1\x93\xbd"
"\xbf\xa6\x3e\xa7\x94\xe8\x75\xbe\xea\x3a\xfb\x4e\xa2\x4e\x1e\xbc\xf5"
"\x76\x6a\x73\x3b\x08\xf9\xc4\xc7\x42\x6f\xb5\x98\xb1\xaf\xf1\xfc\x43"
"\x7f\xb8\xe0\xd2\x33\x3d\x6c\xab\x9a\x7b\x2a\x61\x01\x48\xe6\x50\xf7"
"\x71\xb5\x78\x21\x46\x66\x06\x58\x04\xf8\xcc\xd4\xdb\xc0\x4e\x65\xf9"
"\xa8\x76\xd3\xe6\x4b\xc0\xfe\x90\x9a\xc8\x7d\xbc\x69\xb7\xe8\x9c\x25"
"\x0d\xcc\x1c\x42\x74\x51\xc7\x09\xfb\x5d\xa2\x8e\x82\x65\x94\x15\x0f"
"\x01\xfe\xaa\x87\xa8\xd8\xcf\xe8\xa5\x78\x3c\x31\xcb\xe2\xbe\xeb\x19"
"\xf9\x59\xe6\x3f\x4d\x73\x21\xf9\xac\x0c\x00\x64\x8b\x47\x7a\xc6\x12"
"\x85\x24\xe8\x44\x5b\xf0\x90\x7d\x2e\x9d\x74\x5f\x54\xb9\xde\x28\x78"
"\x1b\x39\x82\x4b\x66\xe2\x25\xca\x9d\x26\x34\x8e\x53\xb3\x1d\x0d\xaa"
"\xbf\x1a\x72\xde\x59\xad\x5c\x10\x69\x88\x8f\x91\x88\x67\xbf\x8a\x4c"
"\x09\xb9\xf6\x8c\x3d\x4c\xad\xb4\xfb\x93\xd0\x01\x67\xe6\xb4\x76\x4a"
"\x54\xde\x90\x0c\xb2\x25\x3e\x7f\x5b\x8d\xe7\x4e\x9b\xfb\x7b\xff\x65"
"\xdb\x21\xad\xf7\xd4\x4f\x1b\x03\xd5\xb8\x77\xfd\x39\x63\x80\x21\xd7"
"\x8e\x22\x83\x40\x42\x5f\x15\x80\x6a\x94\x52\x7b\x2d\x12\x80\x49\x17"
"\x99\xfc\xb2\xea\xde\x4b\x9e\xa4\xfd\x06\x2d\x2a\x82\x47\x02\xee\x5b"
"\x92\x0f\x34\x20\x60\xe3\x17\x73\xcb\x98\x3c\x32\x35\x11\x58\x73\x6a"
"\x1e\xe1\x36\xd0\x40\xb7\x80\xba\x1a\x40\xe8\x2e\xb0\x46\x3e\x1e\xfa"
"\x45\x8c\x8f\x44\xf7\x16\x49\x6f\xb1\x20\x2d\x54\x46\xb6\x1e\x62\xf7"
"\x32\xab\xcf\x57\x32\xcb\x77\xd0\x63\x70\x64\xd7\x1f\xbe\x8d\xb2\xf6"
"\xca\x40\xbc\x4a\x35\x2e\x29\x2a\x57\x3b\xb4\xa2\x3a\x17\x68\x8b\x69"
"\x80\xfc\xd4\x38\x28\xcc\x86\x2a\x44\xd0\xd7\x4f\x42\x56\x89\x75\x61"
"\x05\xe6\x0a\x61\x3b\xf8\x09\xb0\x35\xb1\x8f\x7b\xa6\xf0\x3e\x86\xd4"
"\xce\x84\xec\xe0\xc3\x37\xd7\x70\x5d\x81\x1c\x45\x0e\x7f\xdf\xe1\xe6"
"\xe1\x2e\xe6\xca\xbb\x1f\xaa\xc5\xde\x73\x9b\x43\x1b\x39\x07\x14\x4c"
"\x63\xe0\xd1\x30\xab\x83\x41\x3f\x1a\x60\xc8\xcc\x50\xb0\xb2\x89\x71"
"\xb7\x68\x0b\xda\xdd\x2e\x2f\x13\x3f\xf8\x5e\xc6\xe7\x21\x83\x41\xf4"
"\xf8\x30\x6d\xfc\xb2\xd8\x9d\x81\x18\x0d\xea\x18\x61\xe0\xb5\x28\x0e"
"\xec\x64\x33\xae\xec\xcd\x65\xfe\xdf\xd7\x6b\xd4\x88\x0d\xe1\x4d\x99"
"\x2b\x56\x76\x60\xe2\xb8\x22\x95\x2d\x54\xf5\xb1\x15\x16\x77\xcc\xe2"
"\xbf\x63\x65\x1b\xfa\xf7\xb2\x66\x8a\xb0\x70\x02\x08\xed\x2d\x81\xfe"
"\x1c\x03\xa4\xf0\x6f\x25\x6c\x1e\x80\x5e\xe7\x66\x19\xc5\xbf\x08\x26"
"\x45\xec\x35\xf2\xfb\xfa\x47\x12\x6a\xcc\xcc\x72\x12\x0a\x6d\xd8\xb6"
"\xbe\xf7\xd3\x65\x06\x05\xea\x6b\xb5\xeb\xb0\xf3\x9c\x03\x77\xe1\x68"
"\x0f\x54\x5e\x25\x75\xe5\x4b\x62\xd7\x6e\x8c\x06\x46\x77\xc4\x93\x2f"
"\x92\xc7\xc6\xde\x18\x2e\x69\x26\x42\x44\x04\x22\x97\xc5\xfc\x35\x46"
"\xde\x3f\xff\xa7\x84\x31\x7c\xcc\x78\x76\xf8\xa9\x18\xa5\x8a\xa3\x93"
"\x62\x45\xc3\x16\xa7\xdd\x64\x37\xda\x36\xcc\x1a\xcf\xfb\x37\x5c\xa8"
"\x9e\x72\x91\xa5\xdd\x66\x59\x0a\xf9\x1c\x02\x87\xec\x5c\x68\x5f\xcc"
"\x3a\xd5\xdc\xf1\xd9\x8f\x0c\xb2\x31\xab\xe6\x16\xed\x84\x52\xc5\x2c"
"\xa7\xdf\xbf\x81\x93\x39\xdb\x14\x7d\xc7\x10\xc0\x51\xe7\x55\x4a\x89"
"\x9d\x2b\xe9\xcc\x8e\x4e\x12\xc4\xa5\xaf\x76\xd7\xcd\x4f\x5b\x39\x31"
"\x4a\x86\x50\xb0\x53\x19\x5f\xfa\xf5\xfe\xe3\x78\xbf\x40\x07\xc3\x8f"
"\x68\x1a\x29\x1a\x08\xb3\x3c\x29\xc8\x93\xd3\xfc\x9d\x85\xc8\xf9\x83"
"\xff\x7c\xe1\x62\x4b\x61\x2d\xb9\xb7\xbd\x00\xe4\xf0\xc2\x8f\x2d\xb3"
"\x7b\x51\x21\x13\x86\x16\x47\x75\x48\x4a\x61\x9f\x71\x2f\x89\x56\x26"
"\x8f\x1b\x73\xce\xa3\x89\x88\x3a\xce\x49\x3b\xbc\x0b\xc2\xe3\xb9\xbf"
"\x4b\xca\xb8\xa0\x84\x40\x26\xd3\x04\x34\xd4\x31\xbb\xf8\x56\xcc\xba"
"\x4b\x83\x6c\x91\x80\xe3\x49\xe2\x0d\xe5\xcb\x31\x4d\x34\xb8\x65\xad"
"\x05\xda\xfa\xa9\x1d\x7d\x02\x24\xcf\x35\x0d\x88\x81\xbf\x87\xb8\x24"
"\xc7\x25\xd5\xc8\xba\xc8\x60\x78\x74\x58\xb7\xa3\x9f\x42\x2a\xae\x72"
"\x7a\x31\x6c\xc3\xe5\x46\x58\xeb\x6d\x45\x33\x5f\xb4\xa6\xfa\x1c\x95"
"\x29\xf5\xb3\xca\x40\xc0\x63\xb1\xdd\xd1\xea\x63\xc7\xf9\xdb\x5a\xe4"
"\x4b\xe2\xff\xde\x57\x90\x0c\x15\x7e\x18\x54\xc7\x60\x5b\x8a\x7b\x53"
"\xbf\xe7\xe1\x43\xc5\x0a\xba\x9f\xc0\x17\x7f\xf9\xba\x97\x2c\xc0\x91"
"\x98\xb1\xa6\x40\x61\x3d\x67\x2b\x70\xbe\x5e\xdd\xe1\x2e\x41\x9d\xfb"
"\x5a\xd0\x09\x17\xbc\x47\xdb\x16\x2b\xe5\x53\x7a\x41\x4d\xbc\x8d\x72"
"\x55\x23\x55\x2e\x9c\x65\x9d\x55\x1b\x2e\x24\xd7\xdd\xb4\x59\xbc\x75"
"\x2a\x53\x37\x86\x62\xe3\x94\x06\xeb\x34\x84\xb8\x46\x44\x2d\xe8\x86"
"\xc6\x3f\x8b\x87\x9c\x25\xf8\x4b\xa8\xa8\x74\xb9\xdd\xcc\x6b\x93\xb5"
"\xa3\xa9\x42\xc0\xd6\xe7\xa5\x48\xf3\xbf\xd2\x4d\x48\xd0\x93\xc0\xd8"
"\x37\xbd\x90\x3c\x74\x4f\xe2\x98\x26\xfa\xd4\xd3\x57\xda\x3b\x63\x33"
"\x54\xbf\x2f\xb3\xc6\x01\x4f\x6f\x5c\x51\x8b\x2f\xb5\x3c\x30\xe0\x6c"
"\x97\xe9\x4b\xd0\xad\x6e\x58\x88\xb3\xba\x5d\xe3\x1e\x1f\x2b\x04\xb9"
"\x88\xb0\x82\x4b\x69\xeb\xb7\xd2\xef\xee\x33\x65\x5d\xa4\xaa\x18\x47"
"\x66\x27\x6f\x28\xfd\x12\x2f\x17\x3b\x46\x02\xef\x48\xe4\x25\xa2\xb2"
"\x1b\x7a\x8b\x5f\x79\x2a\xca\x69\x66\xa1\xda\xb6\xc0\xa3\xe7\x1a\x1e"
"\x97\xe7\x4f\xec\x21\xcc\xad\x72\xb1\x2d\x4d\x59\xa4\xa1\xdc\xed\x17"
"\x90\x71\x08\x1d\x96\x0c\x33\x76\xbc\x4a\xa9\xa0\x22\xbf\xcd\x40\x61"
"\xe9\x36\x4e\xb5\xca\x08\x83\xa9\x18\xf5\xfa\xbd\xd6\xb4\xba\xb0\xf1"
"\x39\x0a\x4a\xb9\xb1\x52\x11\x01\x17\x85\xab\xaf\x8c\x81\x5d\x0b\xd9"
"\xc0\x02\xd8\xe9\x84\x65\x60\xfe\xf1\x6d\xf3\xa4\xbc\x21\x2d\xe8\x21"
"\x2c\xd7\x9d\x82\x8d\xb5\xf1\xf3\xbb\xb5\x89\xe6\xdc\x87\x11\xd2\x35"
"\x50\xba\x5b\x30\x64\x68\x80\x6c\x50\x53\x8a\xcd\x76\x50\x45\xfe\x99"
"\xdb\x83\x5e\x30\xa2\x64\x6a\x80\x63\x54\x93\x51\xf2\x1c\x21\x1e\xc2"
"\x15\xd2\xf2\xbc\x33\x82\x3c\xe6\xcf\xfb\x6d\xa1\x60\xbd\x8c\xec\x26"
"\xef\x7e\xbe\xc0\x87\xe6\xa8\xf6\x30\x48\x09\x5b\xea\x73\xba\x5f\x4e"
"\x26\x49\x81\x35\xeb\xea\x27\xb0\xe7\x81\x34\x06\x1d\xdd\x2a\xec\xb7"
"\x4c\xb4\xba\x24\xb1\xaa\x7a\x0f\xb0\x64\x14\x1a\x98\xd0\x65\x4a\xe9"
"\x1f\xd4\x12\x14\x64\x80\x6a\xf6\x0d\x7b\xb4\xe0\xe2\x9b\x01\x8d\x50"
"\x1a\xb6\x6a\x39\x09\x69\xd0\xa8\x95\x7f\x1c\xe7\xe0\xae\xc6\xbd\x9f"
"\x5e\xad\x9d\xb8\x73\x5f\xb2\xa1\x46\xc5\x9d\x28\x7f\x63\x58\xf3\x45"
"\x3b\xa3\xb5\x59\xa8\xb4\xe7\xd6\x2b\x4a\x5b\x99\x02\x8b\x5c\x88\x9e"
"\x5e\xbe\xba\x54\x21\xf6\xfe\x68\x6a\x07\xf9\x08\xa4\x28\x0d\x6e\x6d"
"\xfa\xda\x54\x15\x03\x62\x3e\x81\xaa\x74\xb0\x57\xa6\xfc\xba\x76\x5e"
"\xdf\xeb\x5a\x1d\xeb\xd7\x90\x04\x69\xa0\xae\x1e\x85\xfc\x8a\x83\x6a"
"\xb9\x9a\x82\xbe\x11\x69\xf5\xb1\x44\x41\x33\x1d\x2a\xbd\xed\x21\xf0"
"\x1f\x18\xee\x46\x2e\xb8\xc4\x14\xa4\xec\x89\x89\xce\xb2\xd4\xf7\x29"
"\xe2\x8f\x89\x7a\x53\x77\x18\xb9\xed\x97\x10\x6d\x32\xbf\x86\xef\x2a"
"\xc5\x5c\xcf\xda\x48\xb9\x2f\xe1\xc7\xda\xce\xde\x8c\x5e\x31\x89\xc4"
"\xa4\x96\x22\x1f\x48\x21\x5d\x24\x18\x8f\x15\x25\xe9\xa4\xc2\x61\x80"
"\xff\x7c\xfe\x62\x7b\x91\x60\x1d\x14\x11\x98\x69\xfc\x31\xc7\xa3\xa9"
"\x6e\xca\x94\xe9\xa5\xdb\x60\xea\x43\xec\xd6\x7b\xb0\x0e\xc9\xe9\xfc"
"\xb4\xc4\x9f\x9d\x64\x0f\xc2\x05\x64\x40\x3d\xa9\x30\x71\x15\xb1\x4e"
"\x9a\xe1\xbb\xa6\x58\x36\x62\xc0\x53\xdd\x4d\x9a\xe1\xd7\x5b\xed\xe6"
"\x0f\x17\x20\xbb\xbc\xd8\x3a\x48\xc3\x79\x0f\x69\x83\x8b\xdd\xc1\x63"
"\x38\xbf\xff\x5d\xf9\xdc\xb7\x18\x79\x29\x3f\xf5\x1f\x9e\x3f\x02\x32"
"\xee\x41\x45\xc3\xb3\x48\x32\x09\x7b\x82\x29\xd0\x7d\x3f\x93\x0b\xba"
"\x47\x8b\x13\x11\xab\x34\xe4\x9d\x12\x5b\x2a\xc7\x31\xeb\xd7\x2d\x36"
"\x0c\xb6\x46\x6d\x0e\x7e\xd9\x1c\x88\x96\x0c\xb3\x91\x54\xaa\x58\xd7"
"\x59\xb2\xac\x44\x04\x37\xc7\x9c\x26\x55\x8c\xf7\xbd\xcd\x6c\xe2\x74"
"\x71\x0e\x02\x96\x64\xed\xc7\xd8\xe9\x8e\x42\x60\x39\xff\x87\xe9\xfc"
"\x94\x84\x03\xe8\x60\xeb\x1f\xb6\x55\x2b\x5c\x52\xb5\x11\x0d\xda\x43"
"\xbd\xcc\x8a\x9f\x73\x7c\x11\x69\xb5\x81\xd9\xa0\x19\x3f\xba\xf2\x8e"
"\x36\x15\x05\x45\xc5\xfd\x18\x3a\x78\xbb\xd8\x71\x56\x68\x0d\x3c\xba"
"\x32\x49\x05\xe8\xcf\x42\x76\x06\x95\x82\x8a\xc0\x17\x96\xa8\xea\x3a"
"\x16\xb5\x97\x3a\xa4\xf4\xd0\xe9\xa6\x76\x9a\xee\xe5\xec\x7c\xab\xe6"
"\xe5\x60\x7b\xf0\xcf\x6f\x36\x1c\x3e\x42\xfa\xb9\x95\xd3\xce\x49\x31"
"\x5f\x60\xbe\x50\x9f\x2f\xc1\x3d\x71\x54\xbf\x0b\xcb\x6b\x6a\xf9\x4e"
"\x64\x35\x30\xef\xf0\xef\xdd\x39\x55\xaa\x3f\xd6\x85\xb4\xcf\x46\x53"
"\xb2\x05\x61\x1e\xfb\xec\x87\x55\xdd\x74\xfb\x0f\xb0\xb4\xc9\x18\x20"
"\x69\x4b\xfd\xf0\xb6\x2a\x79\x9b\x05\x4f\x66\x35\x58\x02\x4a\x9d\x49"
"\x4a\xe0\xb6\x30\xa5\x02\x37\xa1\x8c\x33\x89\x8e\x1b\x69\x20\x75\xee"
"\x1c\x15\xf1\x2c\x44\xe7\x4e\x4f\xe7\xa6\x6e\xe0\x1c\x32\xf9\xb8\xbd"
"\x65\xc1\x9b\xc3\x75\xbf\x4e\x7d\x6d\x78\xa5\x14\xe7\x06\xfe\xeb\x91"
"\xb6\x77\xad\x54\xe9\xc3\x5e\xbb\xb7\x8a\x24\x5c\xcd\x48\xbf\xe4\x62"
"\x41\x29\x5a\x42\xc3\x20\x1e\xa8\x4b\xec\x13\x2c\x56\x6a\x6b\x25\x56"
"\xd3\x23\xb0\x49\x5b\x01\x16\x46\x3c\x41\x81\x87\x9c\xdd\xb4\xe1\x92"
"\xb1\x7c\x5a\x2f\x32\xbb\x85\x22\x42\xb1\xb4\xfa\xb1\x73\xcb\x62\xfb"
"\x3a\xbb\x35\xf5\xa7\x6d\x84\xb5\x92\xc3\xef\x46\x9b\xf3\x94\xcf\xf5"
"\xf1\x75\x97\xb0\xb9\x75\x54\xbe\x37\x32\x32\x36\x50\x42\xc2\x2b\x27"
"\x92\xc2\x4e\x6e\x88\x7e\x61\xfb\x03\x1f\x05\xf4\x79\xb2\x19\x67\xfc"
"\xa4\x0c\x67\xdb\x7c\xd8\x11\xfa\xa7\x94\x97\x8b\x0e\xfd\xda\xc2\xda"
"\x9e\xaa\x74\x20\xdc\x59\xf8\x04\xce\x13\x3a\x23\x9c\x25\x5c\x49\x9d"
"\xa8\x77\x19\xac\xe8\xb0\x9c\xf3\xfc\xf8\x44\xe9\xd1\x28\x3a\x44\x42"
"\x07\x94\x16\xf7\xca\xbf\xcd\x69\x98\x86\x33\x04\x7a\x1c\xd7\xee\x8e"
"\x75\x0f\x29\x79\xae\x10\x11\x71\xf9\x9f\xd5\x7b\x0f\x2d\xb2\x2c\x93"
"\xb1\xc9\x68\x12\x01\x4e\x93\x75\xcd\xcd\xf2\x10\xa4\x23\x97\x33\x43"
"\x24\xaa\xcb\xf9\x1c\x7c\x7e\xe8\xb0\x56\x1d\x85\x42\xdf\x08\xbd\xd9"
"\xfe\xdf\x1a\x55\x6d\x82\x91\x7f\xc0\xfd\x58\xbc\x7a\xfd\xed\xa0\x11"
"\xf3\xc7\x82\xee\xa0\xc2\x5a\x30\x54\xc8\x65\x8c\x23\xff\x26\xb9\xa7"
"\x6a\xf1\xc0\x70\xcd\xf8\x2c\xe2\x47\x95\x4b\x88\x94\x8d\x47\x1c\xdd"
"\x3e\xf8\x42\xd3\x6c\x03\x15\x3d\x46\x8a\xef\x45\x1b\x97\xb0\x2e\xd8"
"\x9e\x05\x2d\x2c\xcb\x84\xd1\x94\x85\xd0\x4d\x3c\xcf\x28\xf0\xc6\x8d"
"\xc6\x96\x19\x6d\x8a\x5d\x83\xb6\x0d\x19\xdf\xea\x07\x67\xba\x38\x71"
"\x79\x13\xd8\xbe\x8c\xb4\x20\x16\x0a\x3c\x1b\xc7\xa0\x4e\xa0\xd8\xd3"
"\x2c\xb8\x11\xbd\x05\x46\x6d\x11\x8c\xa3\x15\xa6\xa7\x5f\x45\x59\x8f"
"\x14\x59\x9b\x37\xfc\xca\xde\x9a\xfa\x8a\x09\x02\x89\xfe\xb5\x01\xc7"
"\xe8\xc4\xc3\xbc\x07\xd8\x2a\xc6\x0c\xb5\x6e\xdb\x49\xdb\x88\x7a\x36"
"\x56\xaf\x14\x2a\xa1\xb6\xfa\x11\x44\x89\x05\xc8\x5a\xb1\x2a\xa1\x0f"
"\x9a\xc1\xb2\x92\x67\xc0\x21\xf3\x5b\x0a\x34\xff\x1b\x1b\x2e\x23\x14"
"\x85\x7e\x9b\xac\x7a\x54\x7f\xe5\xff\x41\x71\x6e\x1a\x30\xb4\x11\x93"
"\x83\x46\xf9\xd0\xf0\x49\xff\xf7\x5e\x76\x4b\xbc\x61\x6f\xa8\xa3\xfc"
"\x03\xe7\xe6\xa7\x54\xfc\x08\x29\x49\x9c\x16\x24\x6f\x04\xe1\xe8\xd3"
"\x73\xe6\xe8\x3c\x4e\xdc\x88\x4a\x53\x1b\x50\x6b\xea\x77\x10\xf7\xad"
"\xc8\xdb\x19\x70\x00\xac\x59\x17\x33\x90\x43\xab\x6e\x7f\x5f\x0c\x9b"
"\xfd\x7b\x1c\x5f\x63\x9c\xd2\x0a\xe4\x1e\xe1\x86\xf5\x6e\xfc\x16\x6f"
"\xd1\xe3\x8d\xc6\xbf\x33\x2e\x85\xe5\x91\x33\x95\xd2\x75\x44\x77\xc2"
"\xe0\x76\x9a\xcf\x07\xf5\x91\x31\xa6\x66\xff\xdd\x62\x31\x89\xdc\x73"
"\xbf\xed\x55\x15\xd3\x3a\x65\xee\xc7\x7f\x88\x0a\xa1\x90\xc3\xb4\x3b"
"\x4c\x15\x13\x86\xe6\x30\x71\x6a\xbd\x0c\x05\x70\xa1\x7f\x15\x0e\x22"
"\x34\xd8\xcf\x8f\x48\xb0\x10\xee\x5e\xca\x21\x7e\x09\xca\xa8\xe3\x9b"
"\xf4\x4b\x61\x5d\xa9\x18\x72\xc3\x7c\xf7\xc9\x6c\x79\xcb\x10\x8e\xb4"
"\x90\x2b\x9f\xd8\x79\x7e\x52\x7b\x78\xaf\x6c\x9b\xb3\x06\x58\xe5\x34"
"\x83\x6d\xe6\x05\x6d\xbb\xd3\xdb\x3a\xd7\x18\x69\x15\x04\x11\x7e\x21"
"\xa4\xda\x65\xa6\xed\x91\xfd\x95\x05\xd8\x58\xfb\xb9\xcf\x48\xdb\x5b"
"\x84\xee\x7f\xe9\xc5\x99\xf7\x72\x36\x1e\x35\x5b\x91\xde\x69\x9c\xab"
"\x92\xe6\x79\x9e\xcb\x7f\x49\xf9\x97\x18\xa8\x6e\x12\x27\x97\x90\x8d"
"\x6b\x94\x41\xa1\x64\x87\xd4\x0d\xf5\x38\x39\x25\x5a\x0c\xe4\xc8\x80"
"\x55\xfb\xec\xb5\xba\x8e\x1f\xa4\x4e\xa5\xe5\xb4\xcc\xe7\x1d\x8d\xd0"
"\x83\x10\xda\xe5\x34\x93\xc5\x59\x72\x8e\x5f\x92\x73\x7f\x8d\x08\xc1"
"\x6c\x96\x44\xb1\xf6\x33\xb1\xd4\x33\x0a\x7e\xd2\x21\x7e\xa9\xd9\xba"
"\xac\x0f\xec\x16\xff\x39\x18\xe1\x38\x97\x4a\x75\x38\xbf\xd6\x0f\x18"
"\xbe\x65\x59\x5b\x93\xb2\x43\xd3\xa9\x7c\xc5\x76\xba\x7d\x40\x3d\x94"
"\x3e\x5e\x5f\x4b\x25\x25\x7b\xd3\x11\xae\x24\xd9\xdb\x41\x4b\xdf\x4a"
"\xf6\x51\x6d\x16\x12\x2b\xf6\xe0\xec\xb4\x1f\x99\xfe\x68\x13\xb2\x55"
"\xfe\xa7\x45\x68\x4f\x4b\xbd\x94\x6a\xe4\xc5\xac\xda\x93\x3f\x85\xdb"
"\x1b\x61\xba\x17\x25\x94\x38\xa5\x7c\xa6\xe6\xfe\xbd\x01\x0c\x7c\x4f"
"\x9e\x09\x89\xa8\xe8\x99\x5d\x8e\x5b\x2c\x26\xa1\x0a\x7f\xf8\x3c\x5a"
"\x39\x62\xc0\x24\xa8\xc6\xba\x22\xa3\x69\x75\xf9\x61\x4a\x1f\xc6\x6f"
"\x92\x06\x24\xf4\x1f\x4d\xa6\xdb\x43\xf4\x10\x89\xe2\x29\xdd\xcf\x0a"
"\xd5\xc4\xf0\x70\xe3\x09\x58\x9d\xe3\xa6\xb0\x2c\x28\x72\xe1\x06\xe0"
"\xa2\xf2\x00\x0b\x8d\xda\x3f\x9e\xd2\x7b\x78\xc5\x70\xea\x7a\xa1\x99"
"\x76\x71\x81\x74\x29\xd5\x81\xd3\xf7\x4d\x1a\x70\x56\xd7\xeb\x53\x97"
"\x66\x96\x5b\x4d\x57\xd2\x63\x1d\xe9\x7e\xb2\x6f\x7b\x0a\x20\x0e\x6a"
"\x37\x4f\x0d\x31\x3e\xbf\x57\x79\x56\x79\x47\xf5\x4e\x8d\x99\xb0\xf5"
"\x90\xa5\x04\x36\xef\x69\x92\xe1\x75\xa0\xb1\x74\x17\xf1\x1b\x39\x82"
"\x16\xec\x7c\x44\xf3\x68\xa2\xcc\x04\xe7\x1c\x12\x55\x68\x78\x79\xc9"
"\x04\xab\x07\x4a\x8c\x4b\xf5\x7a\x50\xe0\x3a\x46\x78\x20\xa5\x7d\x63"
"\x14\xc7\x8e\xa3\xf7\xaa\xd6\xb3\xd7\x8b\x64\x98\xea\xa1\x65\x7d\x8c"
"\x70\xc6\xa9\xb3\x66\x75\x90\x66\x4b\x21\xa6\xd1\xa2\xb6\x5b\xbc\xdf"
"\xf7\x4f\x68\xa0\xa6\x56\xd7\x64\x60\x4c\xc1\xba\x97\x79\x85\x73\x15"
"\xf2\xd0\xb2\x29\x86\x30\xd2\xb2\x02\x66\xfa\x35\x7e\xbe\x20\x06\x44"
"\x0f\x4a\xe7\xa0\xa9\x58\x29\x0b\x1b\xc0\x1d\xa9\xde\x33\x9c\xdb\x84"
"\x45\x2f\x3a\x2f\x0f\xe8\x76\xbf\xbf\xe4\x09\x99\x60\xf8\xd5\x0e\x0f"
"\x94\x9e\x50\x87\xa4\x30\xd1\x5b\xb3\x67\x1d\xb1\x46\x77\x5d\xa6\xac"
"\xa0\x03\x71\xe2\x00\x24\xbd\x47\x5a\x58\x02\x32\xbd\xbb\xf8\x6c\x17"
"\xbb\xe6\xb3\x4f\x3a\x04\x88\x61\x67\x8c\x89\x4c\x20\x73\xd3\x3e\xb0"
"\xf8\x15\xb6\x7c\x03\x56\x46\xb9\x6a\xe2\x0a\x2c\x55\x9c\x89\x52\x1b"
"\x18\xc9\xec\xf9\x23\x96\x70\x35\xd9\x50\x32\x4f\xf3\xc4\xbd\xf1\xc1"
"\x53\x39\x72\x96\x24\x6f\x3b\x78\x22\xfa\xfc\xd4\x14\x56\x70\xc6\xfc"
"\xfb\x34\xe5\x13\x09\x96\xba\x10\x49\x9f\x54\xa3\x79\x3d\x0d\x83\x75"
"\x8e\x87\x17\x3a\x55\x25\xc4\x23\xbf\xdf\x3d\x5d\x06\xfe\x6a\xba\x05"
"\x01\x60\xe5\x13\x5c\x9c\xd6\xb5\xf3\x9c\x77\xaa\x7d\xea\xa9\x19\xdd"
"\x51\xd8\xb9\xfc\x83\xc5\x71\x50\x86\x34\xa9\xba\x9c\x74\x0c\x5a\x37"
"\xf2\x34\x6b\xdd\x49\xdd\x5e\xa3\x9a\xf5\x19\x34\x1b\xfa\x7c\x4b\xb2"
"\x1f\x36\x20\x1b\x42\xc6\x08\x03\xe5\xd9\x29\x68\x3e\x38\xfb\x0d\xb2"
"\x13\xa8\x23\x9b\xab\x25\x28\xf8\xe2\x09\x25\x7c\x66\xa7\x66\x9b\x72"
"\x4f\x0b\xb2\xea\xc0\xd0\xa5\x0a\x72\xd9\x76\x13\xf3\xe4\x18\x7c\x99"
"\xf7\x53\x1d\x90\x1c\x6e\xcf\xe4\x89\x5c\xfe\xb2\xe8\x3d\x93\xe8\x01"
"\xa9\xc1\x03\x4b\xde\x33\xc1\x52\x01\x0b\xc3\x53\x8f\xb1\x65\xeb\x20"
"\x3b\x8b\x7e\x3c\x3c\xc3\xca\xcf\xc4\xc6\x19\x73\xaf\xed\xbc\xc5\xf5"
"\xf8\x5d\x98\xdb\xc6\xc6\xd1\x98\xda\x9a\xde\xde\x4d\x1f\x75\x10\x92"
"\xab\xf4\x8c\x30\xf5\x21\x03\x45\x63\x74\x09\xd8\xea\x29\xfd\x7c\x26"
"\x49\x56\xa3\x11\xa9\x29\xf7\x51\x39\x63\x1e\x64\x66\xb7\x5c\xae\xfb"
"\xe2\xd2\xec\x90\x62\x99\x8f\xd2\x7f\xf9\x16\xa2\xe1\xf9\xe9\xb2\x10"
"\x0e\xf9\x14\xb6\x8a\x34\xf8\x1e\xa2\xff\xc9\x07\xaa\xd8\x47\xe1\xa9"
"\x05\x54\xd2\xc9\xb9\xba\xc3\xe2\x83\x2a\xa5\x34\x45\x6c\x3d\x19\x11"
"\x4f\xce\x26\xe9\xb5\xcd\xea\x35\x0d\x39\x80\xd7\xd4\x78\x7f\xdf\xe4"
"\xdb\x82\x34\xdd\x61\x77\x0c\x2d\x8c\xde\xf0\x0f\x10\x13\x45\xf6\x71"
"\xb0\xb4\xf6\xa2\x7a\x36\x35\xed\x5b\xa6\x43\x13\xf1\xec\x81\x3d\x98"
"\xf7\x49\xae\xc2\x56\x90\xd2\xad\x31\x34\xa5\x0e\xc5\xc0\xfe\xb2\x3a"
"\x1b\xb1\x17\x96\xbc\xf3\x3a\x20\xf5\x01\x13\xab\x7f\x2a\xb5\x3f\x00"
"\x1b\xb5\x74\x28\x83\xc7\x37\x7e\x60\x5a\x83\xef\x80\x12\xae\xb1\x27"
"\xbe\x44\x85\x02\xca\xfb\x17\x1e\x2a\x18\x57\xd9\x27\xba\x72\xbb\x74"
"\x44\xcd\x06\xf5\x1c\x81\x06\xb9\x85\xef\xd9\x8a\x23\xaf\xe6\x46\x4e"
"\x77\x3a\x27\x4e\x6c\x85\x05\x63\x09\x5c\xc7\xa2\x4a\xde\x1a\x06\x91"
"\x76\x12\xef\xdf\x88\xfd\x7e\x61\x49\x49\x39\x2f\x65\x80\xa0\xe6\x4c"
"\x26\xca\x10\x9b\x42\xc1\xfb\x50\x57\xfb\xa0\x22\xed\x97\x06\x15\xb9"
"\xea\xd5\xff\xa7\xf1\x13\xcb\xe2\x78\x00\x50\x8e\x1e\x1a\x64\x2d\x8b"
"\x0e\xbf\x15\x62\xf6\xb2\xc2\x58\x4a\x0e\x71\x2e\xf9\x05\x08\xe3\x52"
"\x2b\xb3\x2e\x9f\xf7\x80\x4a\xd6\x49\xdd\x9f\xc3\x42\xe5\x6b\xcc\xb3"
"\x35\xcc\x41\x6f\x0e\x8c\x67\xb6\xd9\x9b\x6c\xe1\xc2\x91\x8c\x96\x1c"
"\xae\x8d\xb5\x3a\x56\x42\x06\xe3\x56\x57\x68\x55\x2d\x5a\x22\xba\x1c"
"\x68\x96\x87\x90\xcc\xbf\xfa\x40\xd1\x97\x8c\x9c\xef\x9d\x64\x78\x02"
"\x7a\x4b\xb7\x0d\x2d\x94\xc6\xff\xf2\x4a\xcf\xb1\x63\x4a\x85\xdb\x1b"
"\xe0\xec\x2d\x19\x9c\x77\x0b\x49\x43\xcb\x6d\x3f\x0f\x26\xd1\x94\x47"
"\x2f\xb2\x5a\xf7\x61\xab\x34\x4c\xea\x3e\xb7\x1a\x9d\x4d\xd8\x38\x08"
"\x60\xe0\xd5\xd7\x75\xfa\x51\x41\x1e\x5f\xbb\x18\xac\xdf\x10\xc8\x9c"
"\x9c\xf1\x6a\x67\xc4\xfb\x72\xb4\x68\x0a\x74\x61\x41\x59\xcb\xaa\x34"
"\xed\x2f\x95\x0c\x37\x73\xb6\xb3\x92\x37\x72\x8f\xcb\x5c\x26\x50\x04"
"\x52\xa2\x71\xa0\xea\x35\xb6\x22\xb3\x01\x3a\x8c\xaa\x59\xd0\x02\x88"
"\x15\x7f\x3e\x0d\x28\x96\xee\x43\x9c\x04\x69\x79\xb5\xf2\x02\xb5",
4096);
syscall(__NR_pwrite64, (long)r[3], 0x20000580, 0x1000, 0);
break;
case 10:
*(uint32_t*)0x20000540 = 0x200000c0;
*(uint64_t*)0x200000c0 = 0;
*(uint32_t*)0x200000c8 = 0;
*(uint32_t*)0x200000cc = 0;
*(uint16_t*)0x200000d0 = 1;
*(uint16_t*)0x200000d2 = 0;
*(uint32_t*)0x200000d4 = r[1];
*(uint64_t*)0x200000d8 = 0x20000000;
*(uint64_t*)0x200000e0 = 0x377140be6b5ef4c7;
*(uint64_t*)0x200000e8 = 0;
*(uint64_t*)0x200000f0 = 0;
*(uint32_t*)0x200000f8 = 0;
*(uint32_t*)0x200000fc = -1;
syscall(__NR_io_submit, (long)r[2], 1, 0x20000540);
break;
}
}
int main(void)
{
syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
do_sandbox_none();
return 0;
}