API tools faq
paste
Advertisement
xiaoy1

Untitled

xiaoy1
May 18th, 2025
34
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 54.51 KB | None | 0 0
raw download clone embed print report
  1. // autogenerated by syzkaller (https://github.com/google/syzkaller)
  2.  
  3. #define _GNU_SOURCE
  4.  
  5. #include <endian.h>
  6. #include <errno.h>
  7. #include <fcntl.h>
  8. #include <setjmp.h>
  9. #include <stdbool.h>
  10. #include <stddef.h>
  11. #include <stdint.h>
  12. #include <stdio.h>
  13. #include <stdlib.h>
  14. #include <string.h>
  15. #include <sys/ioctl.h>
  16. #include <sys/mman.h>
  17. #include <sys/mount.h>
  18. #include <sys/stat.h>
  19. #include <sys/syscall.h>
  20. #include <sys/types.h>
  21. #include <unistd.h>
  22. #include <linux/loop.h>
  23.  
  24. #ifndef __NR_memfd_create
  25. #define __NR_memfd_create 319
  26. #endif
  27.  
  28. static unsigned long long procid;
  29.  
  30. #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off))
  31. #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \
  32. *(type*)(addr) = \
  33. htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \
  34. (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len))))
  35.  
  36. static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2)
  37. {
  38. if (a0 == 0xc || a0 == 0xb) {
  39. char buf[128];
  40. sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
  41. (uint8_t)a2);
  42. return open(buf, O_RDWR, 0);
  43. } else {
  44. char buf[1024];
  45. char* hash;
  46. strncpy(buf, (char*)a0, sizeof(buf) - 1);
  47. buf[sizeof(buf) - 1] = 0;
  48. while ((hash = strchr(buf, '#'))) {
  49. *hash = '0' + (char)(a1 % 10);
  50. a1 /= 10;
  51. }
  52. return open(buf, a2, 0);
  53. }
  54. }
  55. static long syz_proconfig_set__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump(volatile long val)
  56. {
  57. char command[256];
  58. sprintf(command, "echo %ld > /sys/module/rcupdate/parameters/rcu_cpu_stall_ftrace_dump", val);
  59. int ret = system(command);
  60. if (ret != 0) {
  61. return 0;
  62. }
  63. return 0;
  64. }
  65. static long syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump()
  66. {
  67. char command[256];
  68. sprintf(command, "echo 0 > /sys/module/rcupdate/parameters/rcu_cpu_stall_ftrace_dump");
  69. int ret = system(command);
  70. if (ret != 0) {
  71. return 0;
  72. }
  73. return 0;
  74. }
  75. static long syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_proto_down(volatile long val)
  76. {
  77. char command[256];
  78. sprintf(command, "echo %ld > /sys/devices/pci0000:00/0000:00:03.0/net/eth0/proto_down", val);
  79. int ret = system(command);
  80. if (ret != 0) {
  81. return 0;
  82. }
  83. return 0;
  84. }
  85. static long syz_proconfig_reset__sys_devices_pci0000_00_0000_00_03_0_net_eth0_proto_down()
  86. {
  87. char command[256];
  88. sprintf(command, "echo 0 > /sys/devices/pci0000:00/0000:00:03.0/net/eth0/proto_down");
  89. int ret = system(command);
  90. if (ret != 0) {
  91. return 0;
  92. }
  93. return 0;
  94. }
  95. static long syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(volatile long val)
  96. {
  97. char command[256];
  98. sprintf(command, "echo %ld > /proc/sys/vm/zone_reclaim_mode", val);
  99. int ret = system(command);
  100. if (ret != 0) {
  101. return 0;
  102. }
  103. return 0;
  104. }
  105. static long syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode()
  106. {
  107. char command[256];
  108. sprintf(command, "echo 0 > /proc/sys/vm/zone_reclaim_mode");
  109. int ret = system(command);
  110. if (ret != 0) {
  111. return 0;
  112. }
  113. return 0;
  114. }
  115. static long syz_proconfig_set__sys_module_8250_parameters_skip_txen_test(volatile long val)
  116. {
  117. char command[256];
  118. sprintf(command, "echo %ld > /sys/module/8250/parameters/skip_txen_test", val);
  119. int ret = system(command);
  120. if (ret != 0) {
  121. return 0;
  122. }
  123. return 0;
  124. }
  125.  
  126. static long syz_proconfig_reset__sys_module_8250_parameters_skip_txen_test()
  127. {
  128. char command[256];
  129. sprintf(command, "echo 0 > /sys/module/8250/parameters/skip_txen_test");
  130. int ret = system(command);
  131. if (ret != 0) {
  132. return 0;
  133. }
  134. return 0;
  135. }
  136. //% This code is derived from puff.{c,h}, found in the zlib development. The
  137. //% original files come with the following copyright notice:
  138.  
  139. //% Copyright (C) 2002-2013 Mark Adler, all rights reserved
  140. //% version 2.3, 21 Jan 2013
  141. //% This software is provided 'as-is', without any express or implied
  142. //% warranty. In no event will the author be held liable for any damages
  143. //% arising from the use of this software.
  144. //% Permission is granted to anyone to use this software for any purpose,
  145. //% including commercial applications, and to alter it and redistribute it
  146. //% freely, subject to the following restrictions:
  147. //% 1. The origin of this software must not be misrepresented; you must not
  148. //% claim that you wrote the original software. If you use this software
  149. //% in a product, an acknowledgment in the product documentation would be
  150. //% appreciated but is not required.
  151. //% 2. Altered source versions must be plainly marked as such, and must not be
  152. //% misrepresented as being the original software.
  153. //% 3. This notice may not be removed or altered from any source distribution.
  154. //% Mark Adler [email protected]
  155.  
  156. //% BEGIN CODE DERIVED FROM puff.{c,h}
  157.  
  158. #define MAXBITS 15
  159. #define MAXLCODES 286
  160. #define MAXDCODES 30
  161. #define MAXCODES (MAXLCODES + MAXDCODES)
  162. #define FIXLCODES 288
  163.  
  164. struct puff_state {
  165. unsigned char* out;
  166. unsigned long outlen;
  167. unsigned long outcnt;
  168. const unsigned char* in;
  169. unsigned long inlen;
  170. unsigned long incnt;
  171. int bitbuf;
  172. int bitcnt;
  173. jmp_buf env;
  174. };
  175. static int puff_bits(struct puff_state* s, int need)
  176. {
  177. long val = s->bitbuf;
  178. while (s->bitcnt < need) {
  179. if (s->incnt == s->inlen)
  180. longjmp(s->env, 1);
  181. val |= (long)(s->in[s->incnt++]) << s->bitcnt;
  182. s->bitcnt += 8;
  183. }
  184. s->bitbuf = (int)(val >> need);
  185. s->bitcnt -= need;
  186. return (int)(val & ((1L << need) - 1));
  187. }
  188. static int puff_stored(struct puff_state* s)
  189. {
  190. s->bitbuf = 0;
  191. s->bitcnt = 0;
  192. if (s->incnt + 4 > s->inlen)
  193. return 2;
  194. unsigned len = s->in[s->incnt++];
  195. len |= s->in[s->incnt++] << 8;
  196. if (s->in[s->incnt++] != (~len & 0xff) ||
  197. s->in[s->incnt++] != ((~len >> 8) & 0xff))
  198. return -2;
  199. if (s->incnt + len > s->inlen)
  200. return 2;
  201. if (s->outcnt + len > s->outlen)
  202. return 1;
  203. for (; len--; s->outcnt++, s->incnt++) {
  204. if (s->in[s->incnt])
  205. s->out[s->outcnt] = s->in[s->incnt];
  206. }
  207. return 0;
  208. }
  209. struct puff_huffman {
  210. short* count;
  211. short* symbol;
  212. };
  213. static int puff_decode(struct puff_state* s, const struct puff_huffman* h)
  214. {
  215. int first = 0;
  216. int index = 0;
  217. int bitbuf = s->bitbuf;
  218. int left = s->bitcnt;
  219. int code = first = index = 0;
  220. int len = 1;
  221. short* next = h->count + 1;
  222. while (1) {
  223. while (left--) {
  224. code |= bitbuf & 1;
  225. bitbuf >>= 1;
  226. int count = *next++;
  227. if (code - count < first) {
  228. s->bitbuf = bitbuf;
  229. s->bitcnt = (s->bitcnt - len) & 7;
  230. return h->symbol[index + (code - first)];
  231. }
  232. index += count;
  233. first += count;
  234. first <<= 1;
  235. code <<= 1;
  236. len++;
  237. }
  238. left = (MAXBITS + 1) - len;
  239. if (left == 0)
  240. break;
  241. if (s->incnt == s->inlen)
  242. longjmp(s->env, 1);
  243. bitbuf = s->in[s->incnt++];
  244. if (left > 8)
  245. left = 8;
  246. }
  247. return -10;
  248. }
  249. static int puff_construct(struct puff_huffman* h, const short* length, int n)
  250. {
  251. int len;
  252. for (len = 0; len <= MAXBITS; len++)
  253. h->count[len] = 0;
  254. int symbol;
  255. for (symbol = 0; symbol < n; symbol++)
  256. (h->count[length[symbol]])++;
  257. if (h->count[0] == n)
  258. return 0;
  259. int left = 1;
  260. for (len = 1; len <= MAXBITS; len++) {
  261. left <<= 1;
  262. left -= h->count[len];
  263. if (left < 0)
  264. return left;
  265. }
  266. short offs[MAXBITS + 1];
  267. offs[1] = 0;
  268. for (len = 1; len < MAXBITS; len++)
  269. offs[len + 1] = offs[len] + h->count[len];
  270. for (symbol = 0; symbol < n; symbol++)
  271. if (length[symbol] != 0)
  272. h->symbol[offs[length[symbol]]++] = symbol;
  273. return left;
  274. }
  275. static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode,
  276. const struct puff_huffman* distcode)
  277. {
  278. static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13,
  279. 15, 17, 19, 23, 27, 31, 35, 43, 51, 59,
  280. 67, 83, 99, 115, 131, 163, 195, 227, 258};
  281. static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2,
  282. 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0};
  283. static const short dists[30] = {
  284. 1, 2, 3, 4, 5, 7, 9, 13, 17, 25,
  285. 33, 49, 65, 97, 129, 193, 257, 385, 513, 769,
  286. 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577};
  287. static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3,
  288. 4, 4, 5, 5, 6, 6, 7, 7, 8, 8,
  289. 9, 9, 10, 10, 11, 11, 12, 12, 13, 13};
  290. int symbol;
  291. do {
  292. symbol = puff_decode(s, lencode);
  293. if (symbol < 0)
  294. return symbol;
  295. if (symbol < 256) {
  296. if (s->outcnt == s->outlen)
  297. return 1;
  298. if (symbol)
  299. s->out[s->outcnt] = symbol;
  300. s->outcnt++;
  301. } else if (symbol > 256) {
  302. symbol -= 257;
  303. if (symbol >= 29)
  304. return -10;
  305. int len = lens[symbol] + puff_bits(s, lext[symbol]);
  306. symbol = puff_decode(s, distcode);
  307. if (symbol < 0)
  308. return symbol;
  309. unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]);
  310. if (dist > s->outcnt)
  311. return -11;
  312. if (s->outcnt + len > s->outlen)
  313. return 1;
  314. while (len--) {
  315. if (dist <= s->outcnt && s->out[s->outcnt - dist])
  316. s->out[s->outcnt] = s->out[s->outcnt - dist];
  317. s->outcnt++;
  318. }
  319. }
  320. } while (symbol != 256);
  321. return 0;
  322. }
  323. static int puff_fixed(struct puff_state* s)
  324. {
  325. static int virgin = 1;
  326. static short lencnt[MAXBITS + 1], lensym[FIXLCODES];
  327. static short distcnt[MAXBITS + 1], distsym[MAXDCODES];
  328. static struct puff_huffman lencode, distcode;
  329. if (virgin) {
  330. lencode.count = lencnt;
  331. lencode.symbol = lensym;
  332. distcode.count = distcnt;
  333. distcode.symbol = distsym;
  334. short lengths[FIXLCODES];
  335. int symbol;
  336. for (symbol = 0; symbol < 144; symbol++)
  337. lengths[symbol] = 8;
  338. for (; symbol < 256; symbol++)
  339. lengths[symbol] = 9;
  340. for (; symbol < 280; symbol++)
  341. lengths[symbol] = 7;
  342. for (; symbol < FIXLCODES; symbol++)
  343. lengths[symbol] = 8;
  344. puff_construct(&lencode, lengths, FIXLCODES);
  345. for (symbol = 0; symbol < MAXDCODES; symbol++)
  346. lengths[symbol] = 5;
  347. puff_construct(&distcode, lengths, MAXDCODES);
  348. virgin = 0;
  349. }
  350. return puff_codes(s, &lencode, &distcode);
  351. }
  352. static int puff_dynamic(struct puff_state* s)
  353. {
  354. static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5,
  355. 11, 4, 12, 3, 13, 2, 14, 1, 15};
  356. int nlen = puff_bits(s, 5) + 257;
  357. int ndist = puff_bits(s, 5) + 1;
  358. int ncode = puff_bits(s, 4) + 4;
  359. if (nlen > MAXLCODES || ndist > MAXDCODES)
  360. return -3;
  361. short lengths[MAXCODES];
  362. int index;
  363. for (index = 0; index < ncode; index++)
  364. lengths[order[index]] = puff_bits(s, 3);
  365. for (; index < 19; index++)
  366. lengths[order[index]] = 0;
  367. short lencnt[MAXBITS + 1], lensym[MAXLCODES];
  368. struct puff_huffman lencode = {lencnt, lensym};
  369. int err = puff_construct(&lencode, lengths, 19);
  370. if (err != 0)
  371. return -4;
  372. index = 0;
  373. while (index < nlen + ndist) {
  374. int symbol;
  375. int len;
  376. symbol = puff_decode(s, &lencode);
  377. if (symbol < 0)
  378. return symbol;
  379. if (symbol < 16)
  380. lengths[index++] = symbol;
  381. else {
  382. len = 0;
  383. if (symbol == 16) {
  384. if (index == 0)
  385. return -5;
  386. len = lengths[index - 1];
  387. symbol = 3 + puff_bits(s, 2);
  388. } else if (symbol == 17)
  389. symbol = 3 + puff_bits(s, 3);
  390. else
  391. symbol = 11 + puff_bits(s, 7);
  392. if (index + symbol > nlen + ndist)
  393. return -6;
  394. while (symbol--)
  395. lengths[index++] = len;
  396. }
  397. }
  398. if (lengths[256] == 0)
  399. return -9;
  400. err = puff_construct(&lencode, lengths, nlen);
  401. if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1]))
  402. return -7;
  403. short distcnt[MAXBITS + 1], distsym[MAXDCODES];
  404. struct puff_huffman distcode = {distcnt, distsym};
  405. err = puff_construct(&distcode, lengths + nlen, ndist);
  406. if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1]))
  407. return -8;
  408. return puff_codes(s, &lencode, &distcode);
  409. }
  410. static int puff(unsigned char* dest, unsigned long* destlen,
  411. const unsigned char* source, unsigned long sourcelen)
  412. {
  413. struct puff_state s = {
  414. .out = dest,
  415. .outlen = *destlen,
  416. .outcnt = 0,
  417. .in = source,
  418. .inlen = sourcelen,
  419. .incnt = 0,
  420. .bitbuf = 0,
  421. .bitcnt = 0,
  422. };
  423. int err;
  424. if (setjmp(s.env) != 0)
  425. err = 2;
  426. else {
  427. int last;
  428. do {
  429. last = puff_bits(&s, 1);
  430. int type = puff_bits(&s, 2);
  431. err = type == 0 ? puff_stored(&s)
  432. : (type == 1 ? puff_fixed(&s)
  433. : (type == 2 ? puff_dynamic(&s) : -1));
  434. if (err != 0)
  435. break;
  436. } while (!last);
  437. }
  438. *destlen = s.outcnt;
  439. return err;
  440. }
  441.  
  442. //% END CODE DERIVED FROM puff.{c,h}
  443.  
  444. #define ZLIB_HEADER_WIDTH 2
  445.  
  446. static int puff_zlib_to_file(const unsigned char* source,
  447. unsigned long sourcelen, int dest_fd)
  448. {
  449. if (sourcelen < ZLIB_HEADER_WIDTH)
  450. return 0;
  451. source += ZLIB_HEADER_WIDTH;
  452. sourcelen -= ZLIB_HEADER_WIDTH;
  453. const unsigned long max_destlen = 132 << 20;
  454. void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ,
  455. MAP_PRIVATE | MAP_ANON, -1, 0);
  456. if (ret == MAP_FAILED)
  457. return -1;
  458. unsigned char* dest = (unsigned char*)ret;
  459. unsigned long destlen = max_destlen;
  460. int err = puff(dest, &destlen, source, sourcelen);
  461. if (err) {
  462. munmap(dest, max_destlen);
  463. errno = -err;
  464. return -1;
  465. }
  466. if (write(dest_fd, dest, destlen) != (ssize_t)destlen) {
  467. munmap(dest, max_destlen);
  468. return -1;
  469. }
  470. return munmap(dest, max_destlen);
  471. }
  472.  
  473. static int setup_loop_device(unsigned char* data, unsigned long size,
  474. const char* loopname, int* loopfd_p)
  475. {
  476. int err = 0, loopfd = -1;
  477. int memfd = syscall(__NR_memfd_create, "syzkaller", 0);
  478. if (memfd == -1) {
  479. err = errno;
  480. goto error;
  481. }
  482. if (puff_zlib_to_file(data, size, memfd)) {
  483. err = errno;
  484. goto error_close_memfd;
  485. }
  486. loopfd = open(loopname, O_RDWR);
  487. if (loopfd == -1) {
  488. err = errno;
  489. goto error_close_memfd;
  490. }
  491. if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
  492. if (errno != EBUSY) {
  493. err = errno;
  494. goto error_close_loop;
  495. }
  496. ioctl(loopfd, LOOP_CLR_FD, 0);
  497. usleep(1000);
  498. if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
  499. err = errno;
  500. goto error_close_loop;
  501. }
  502. }
  503. close(memfd);
  504. *loopfd_p = loopfd;
  505. return 0;
  506.  
  507. error_close_loop:
  508. close(loopfd);
  509. error_close_memfd:
  510. close(memfd);
  511. error:
  512. errno = err;
  513. return -1;
  514. }
  515.  
  516. static void reset_loop_device(const char* loopname)
  517. {
  518. int loopfd = open(loopname, O_RDWR);
  519. if (loopfd == -1) {
  520. return;
  521. }
  522. if (ioctl(loopfd, LOOP_CLR_FD, 0)) {
  523. }
  524. close(loopfd);
  525. }
  526.  
  527. static long syz_mount_image(volatile long fsarg, volatile long dir,
  528. volatile long flags, volatile long optsarg,
  529. volatile long change_dir,
  530. volatile unsigned long size, volatile long image)
  531. {
  532. unsigned char* data = (unsigned char*)image;
  533. int res = -1, err = 0, need_loop_device = !!size;
  534. char* mount_opts = (char*)optsarg;
  535. char* target = (char*)dir;
  536. char* fs = (char*)fsarg;
  537. char* source = NULL;
  538. char loopname[64];
  539. if (need_loop_device) {
  540. int loopfd;
  541. memset(loopname, 0, sizeof(loopname));
  542. snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
  543. if (setup_loop_device(data, size, loopname, &loopfd) == -1)
  544. return -1;
  545. close(loopfd);
  546. source = loopname;
  547. }
  548. mkdir(target, 0777);
  549. char opts[256];
  550. memset(opts, 0, sizeof(opts));
  551. if (strlen(mount_opts) > (sizeof(opts) - 32)) {
  552. }
  553. strncpy(opts, mount_opts, sizeof(opts) - 32);
  554. if (strcmp(fs, "iso9660") == 0) {
  555. flags |= MS_RDONLY;
  556. } else if (strncmp(fs, "ext", 3) == 0) {
  557. bool has_remount_ro = false;
  558. char* remount_ro_start = strstr(opts, "errors=remount-ro");
  559. if (remount_ro_start != NULL) {
  560. char after = *(remount_ro_start + strlen("errors=remount-ro"));
  561. char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1);
  562. has_remount_ro = ((before == '\0' || before == ',') &&
  563. (after == '\0' || after == ','));
  564. }
  565. if (strstr(opts, "errors=panic") || !has_remount_ro)
  566. strcat(opts, ",errors=continue");
  567. } else if (strcmp(fs, "xfs") == 0) {
  568. strcat(opts, ",nouuid");
  569. }
  570. res = mount(source, target, fs, flags, opts);
  571. if (res == -1) {
  572. err = errno;
  573. goto error_clear_loop;
  574. }
  575. res = open(target, O_RDONLY | O_DIRECTORY);
  576. if (res == -1) {
  577. err = errno;
  578. goto error_clear_loop;
  579. }
  580. if (change_dir) {
  581. res = chdir(target);
  582. if (res == -1) {
  583. err = errno;
  584. }
  585. }
  586.  
  587. error_clear_loop:
  588. if (need_loop_device)
  589. reset_loop_device(loopname);
  590. errno = err;
  591. return res;
  592. }
  593.  
  594. uint64_t r[5] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
  595. 0xffffffffffffffff, 0xffffffffffffffff};
  596.  
  597. int main(void)
  598. {
  599. syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
  600. /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
  601. /*offset=*/0ul);
  602. syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
  603. /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
  604. /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
  605. /*offset=*/0ul);
  606. syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
  607. /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
  608. /*offset=*/0ul);
  609. intptr_t res = 0;
  610. syz_proconfig_set__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump(
  611. /*val=*/3);
  612. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x6609, 0);
  613. syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump();
  614. syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump();
  615. syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_proto_down(
  616. /*val=*/2);
  617. *(uint32_t*)0x20000000 = 1;
  618. *(uint32_t*)0x20000004 = 1;
  619. *(uint32_t*)0x20000008 = 0x18;
  620. *(uint32_t*)0x2000000c = -1;
  621. *(uint32_t*)0x20000010 = 2;
  622. memcpy((void*)0x20000018, "./file0\000", 8);
  623. res =
  624. syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0xc018937e, /*arg=*/0x20000000ul);
  625. if (res != -1)
  626. r[0] = *(uint32_t*)0x2000000c;
  627. syz_proconfig_reset__sys_devices_pci0000_00_0000_00_03_0_net_eth0_proto_down();
  628. memcpy((void*)0x20000040, "./file0\000", 8);
  629. syscall(__NR_readlinkat, /*fd=*/r[0], /*path=*/0x20000040ul,
  630. /*buf=*/0x20000080ul, /*siz=*/4ul);
  631. syz_proconfig_set__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump(
  632. /*val=*/0);
  633. syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/8);
  634. syscall(__NR_mincore, /*addr=*/0x20ffb000ul, /*size=*/0x4000ul,
  635. /*vec=*/0x200000c0ul);
  636. syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
  637. *(uint32_t*)0x20000180 = 0x20;
  638. *(uint32_t*)0x20000184 = 0x61;
  639. *(uint64_t*)0x20000188 = 0x80000000;
  640. *(uint64_t*)0x20000190 = 0;
  641. *(uint32_t*)0x20000198 = 0;
  642. *(uint32_t*)0x2000019c = 4;
  643. *(uint64_t*)0x200001a0 = 4;
  644. syscall(__NR_open_by_handle_at, /*mountdirfd=*/r[0], /*handle=*/0x20000180ul,
  645. /*flags=O_TRUNC|O_LARGEFILE|O_WRONLY*/ 0x8201ul);
  646. syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump();
  647. *(uint32_t*)0x200001c0 = 5;
  648. *(uint32_t*)0x200001c4 = 0x80;
  649. *(uint8_t*)0x200001c8 = 0x40;
  650. *(uint8_t*)0x200001c9 = 5;
  651. *(uint8_t*)0x200001ca = 0x80;
  652. *(uint8_t*)0x200001cb = 7;
  653. *(uint32_t*)0x200001cc = 0;
  654. *(uint64_t*)0x200001d0 = 5;
  655. *(uint64_t*)0x200001d8 = 0x14050;
  656. *(uint64_t*)0x200001e0 = 1;
  657. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 0, 1);
  658. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 1, 1);
  659. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 2, 1);
  660. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 3, 1);
  661. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 4, 1);
  662. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 5, 1);
  663. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 6, 1);
  664. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 7, 1);
  665. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 8, 1);
  666. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 9, 1);
  667. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 10, 1);
  668. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 11, 1);
  669. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 12, 1);
  670. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 13, 1);
  671. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 14, 1);
  672. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 3, 15, 2);
  673. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 17, 1);
  674. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 18, 1);
  675. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 19, 1);
  676. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 20, 1);
  677. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 21, 1);
  678. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 22, 1);
  679. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 23, 1);
  680. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 24, 1);
  681. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 25, 1);
  682. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 26, 1);
  683. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 27, 1);
  684. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 28, 1);
  685. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 29, 1);
  686. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 30, 1);
  687. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 31, 1);
  688. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 32, 1);
  689. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 33, 1);
  690. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 34, 1);
  691. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 35, 1);
  692. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 36, 1);
  693. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 1, 37, 1);
  694. STORE_BY_BITMASK(uint64_t, , 0x200001e8, 0, 38, 26);
  695. *(uint32_t*)0x200001f0 = 0xac8f;
  696. *(uint32_t*)0x200001f4 = 2;
  697. *(uint64_t*)0x200001f8 = 4;
  698. *(uint64_t*)0x20000200 = 3;
  699. *(uint64_t*)0x20000208 = 0x100;
  700. *(uint64_t*)0x20000210 = 0x8000000000000000;
  701. *(uint32_t*)0x20000218 = 4;
  702. *(uint32_t*)0x2000021c = 8;
  703. *(uint64_t*)0x20000220 = 5;
  704. *(uint32_t*)0x20000228 = 0x10000;
  705. *(uint16_t*)0x2000022c = 0x81;
  706. *(uint16_t*)0x2000022e = 0;
  707. *(uint32_t*)0x20000230 = 0xe45f;
  708. *(uint32_t*)0x20000234 = 0;
  709. *(uint64_t*)0x20000238 = 0x80000000;
  710. syscall(__NR_perf_event_open, /*attr=*/0x200001c0ul, /*pid=*/0, /*cpu=*/1ul,
  711. /*group=*/r[0], /*flags=PERF_FLAG_FD_OUTPUT*/ 2ul);
  712. *(uint64_t*)0x20000580 = 0x20000240;
  713. *(uint16_t*)0x20000240 = 0x10;
  714. *(uint16_t*)0x20000242 = 0;
  715. *(uint32_t*)0x20000244 = 0;
  716. *(uint32_t*)0x20000248 = 2;
  717. *(uint32_t*)0x20000588 = 0xc;
  718. *(uint64_t*)0x20000590 = 0x20000540;
  719. *(uint64_t*)0x20000540 = 0x20000280;
  720. *(uint32_t*)0x20000280 = 0x2c0;
  721. *(uint16_t*)0x20000284 = 0x1b;
  722. *(uint16_t*)0x20000286 = 0x100;
  723. *(uint32_t*)0x20000288 = 0x70bd25;
  724. *(uint32_t*)0x2000028c = 0x25dfdbfb;
  725. *(uint64_t*)0x20000290 = htobe64(0);
  726. *(uint64_t*)0x20000298 = htobe64(1);
  727. *(uint8_t*)0x200002a0 = 0xfe;
  728. *(uint8_t*)0x200002a1 = 0x80;
  729. memset((void*)0x200002a2, 0, 13);
  730. *(uint8_t*)0x200002af = 0xbb;
  731. *(uint16_t*)0x200002b0 = htobe16(0x4e22);
  732. *(uint16_t*)0x200002b2 = htobe16(0x20);
  733. *(uint16_t*)0x200002b4 = htobe16(0x4e20);
  734. *(uint16_t*)0x200002b6 = htobe16(7);
  735. *(uint16_t*)0x200002b8 = 0xa;
  736. *(uint8_t*)0x200002ba = 0;
  737. *(uint8_t*)0x200002bb = 0x80;
  738. *(uint8_t*)0x200002bc = 0x2c;
  739. *(uint32_t*)0x200002c0 = 0;
  740. *(uint32_t*)0x200002c4 = 0xee00;
  741. *(uint64_t*)0x200002c8 = 8;
  742. *(uint64_t*)0x200002d0 = 9;
  743. *(uint64_t*)0x200002d8 = 0x40;
  744. *(uint64_t*)0x200002e0 = 0x401;
  745. *(uint64_t*)0x200002e8 = 8;
  746. *(uint64_t*)0x200002f0 = 0x8001;
  747. *(uint64_t*)0x200002f8 = 1;
  748. *(uint64_t*)0x20000300 = 8;
  749. *(uint64_t*)0x20000308 = 6;
  750. *(uint64_t*)0x20000310 = 5;
  751. *(uint64_t*)0x20000318 = 9;
  752. *(uint64_t*)0x20000320 = 0x6c7;
  753. *(uint32_t*)0x20000328 = 0x7fffffff;
  754. *(uint32_t*)0x2000032c = 0;
  755. *(uint8_t*)0x20000330 = 1;
  756. *(uint8_t*)0x20000331 = 1;
  757. *(uint8_t*)0x20000332 = 0;
  758. *(uint8_t*)0x20000333 = 2;
  759. *(uint8_t*)0x20000338 = 3;
  760. *(uint16_t*)0x20000340 = 0xe4;
  761. *(uint16_t*)0x20000342 = 6;
  762. *(uint8_t*)0x20000344 = 0xfc;
  763. *(uint8_t*)0x20000345 = 0;
  764. memset((void*)0x20000346, 0, 13);
  765. *(uint8_t*)0x20000353 = 2;
  766. *(uint64_t*)0x20000354 = htobe64(0);
  767. *(uint64_t*)0x2000035c = htobe64(1);
  768. *(uint16_t*)0x20000364 = htobe16(0x4e20);
  769. *(uint16_t*)0x20000366 = htobe16(0);
  770. *(uint16_t*)0x20000368 = htobe16(0x4e20);
  771. *(uint16_t*)0x2000036a = htobe16(0xc2);
  772. *(uint16_t*)0x2000036c = 2;
  773. *(uint8_t*)0x2000036e = 0x80;
  774. *(uint8_t*)0x2000036f = 0;
  775. *(uint8_t*)0x20000370 = 0;
  776. *(uint32_t*)0x20000374 = 0;
  777. *(uint32_t*)0x20000378 = -1;
  778. memcpy((void*)0x2000037c,
  779. " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\002", 16);
  780. *(uint32_t*)0x2000038c = htobe32(0x4d4);
  781. *(uint8_t*)0x20000390 = 0x33;
  782. *(uint8_t*)0x20000394 = -1;
  783. *(uint8_t*)0x20000395 = 1;
  784. memset((void*)0x20000396, 0, 13);
  785. *(uint8_t*)0x200003a3 = 1;
  786. *(uint64_t*)0x200003a4 = 2;
  787. *(uint64_t*)0x200003ac = 0x3ff;
  788. *(uint64_t*)0x200003b4 = 5;
  789. *(uint64_t*)0x200003bc = 1;
  790. *(uint64_t*)0x200003c4 = 0x100000001;
  791. *(uint64_t*)0x200003cc = 0x7fffffffffffffff;
  792. *(uint64_t*)0x200003d4 = 1;
  793. *(uint64_t*)0x200003dc = 0;
  794. *(uint64_t*)0x200003e4 = 0x7ff;
  795. *(uint64_t*)0x200003ec = 1;
  796. *(uint64_t*)0x200003f4 = 0x7fff;
  797. *(uint64_t*)0x200003fc = 0x8000000000000001;
  798. *(uint32_t*)0x20000404 = 0;
  799. *(uint32_t*)0x20000408 = 6;
  800. *(uint32_t*)0x2000040c = 3;
  801. *(uint32_t*)0x20000410 = 0x70bd27;
  802. *(uint32_t*)0x20000414 = 0;
  803. *(uint16_t*)0x20000418 = 0xa;
  804. *(uint8_t*)0x2000041a = 0;
  805. *(uint8_t*)0x2000041b = 3;
  806. *(uint8_t*)0x2000041c = 0x40;
  807. *(uint16_t*)0x20000424 = 8;
  808. *(uint16_t*)0x20000426 = 0xb;
  809. *(uint32_t*)0x20000428 = 0x1000;
  810. *(uint16_t*)0x2000042c = 8;
  811. *(uint16_t*)0x2000042e = 0x18;
  812. *(uint32_t*)0x20000430 = 2;
  813. *(uint16_t*)0x20000434 = 0xff;
  814. *(uint16_t*)0x20000436 = 3;
  815. memcpy((void*)0x20000438,
  816. "deflate\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
  817. "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
  818. "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
  819. "\000\000\000\000\000\000\000\000",
  820. 64);
  821. *(uint32_t*)0x20000478 = 0x5b8;
  822. memcpy((void*)0x2000047c,
  823. "\x0d\xd8\x31\x8f\x64\x73\x09\xbe\x20\xb0\xfe\x3d\x81\x8b\x39\x63\x2f"
  824. "\xfd\x63\x26\xb2\x9e\xbf\xc9\x0b\x9a\xb9\x19\xc5\x61\x46\xc4\x4f\xb0"
  825. "\xaa\x3c\x47\x03\x04\x37\xf9\xde\xc8\x97\x32\xce\x8e\xb0\x4f\xbc\x59"
  826. "\x31\x3b\xf1\xb9\xe4\xe7\x9c\x6c\x59\xde\xd5\x2c\x6d\x13\xdd\xd2\xe8"
  827. "\x46\x28\x22\x60\xdc\x84\x5d\x29\x03\x70\xfe\xd0\x5a\xe5\x86\x7a\x60"
  828. "\x6a\xb4\xc5\xc0\xf2\x39\x21\x96\x89\x00\xd0\x6e\x8c\xc2\xdb\xa3\x39"
  829. "\x4e\x47\x13\x8f\x65\xba\x33\x74\x5b\xa0\x35\x18\x72\x93\x2e\x85\xdc"
  830. "\x5e\xe2\x14\xfc\x52\xd7\x37\x98\x45\x7c\xf9\xf3\xc2\xa5\x5b\x87\xda"
  831. "\xee\x62\x64\x77\x3b\x39\x0d\x24\x36\x37\x64\xb7\xc6\xdb\xa5\x55\xf1"
  832. "\x38\x05\x0d\x71\x29\x52\x04\xdc\x5d\x6a\xa3\x2f\xf6\xba\x6c\xc1\xac"
  833. "\x59\x3f\x8e\x98\x07\x9e\x10\x84\x1b\x4b\xc9\x68\xd9",
  834. 183);
  835. *(uint16_t*)0x20000534 = 0xc;
  836. *(uint16_t*)0x20000536 = 0x15;
  837. *(uint32_t*)0x20000538 = 0x350759;
  838. *(uint32_t*)0x2000053c = 4;
  839. *(uint64_t*)0x20000548 = 0x2c0;
  840. *(uint64_t*)0x20000598 = 1;
  841. *(uint64_t*)0x200005a0 = 0;
  842. *(uint64_t*)0x200005a8 = 0;
  843. *(uint32_t*)0x200005b0 = 1;
  844. syscall(__NR_sendmsg, /*fd=*/r[0], /*msg=*/0x20000580ul,
  845. /*f=MSG_MORE|MSG_DONTWAIT*/ 0x8040ul);
  846. syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/8);
  847. syscall(__NR_get_mempolicy, /*mode=*/0x200005c0ul, /*nodemask=*/0x20000600ul,
  848. /*maxnode=*/0x8000000000000000ul, /*addr=*/0x20ffd000ul,
  849. /*flags=MPOL_F_ADDR*/ 2ul);
  850. syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
  851. syz_proconfig_set__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump(
  852. /*val=*/0xfffffffd);
  853. syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump();
  854. syz_proconfig_set__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump(
  855. /*val=*/0x159d);
  856. syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump();
  857. syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/0x3f);
  858. syscall(__NR_ioctl, /*fd=*/r[0], /*cmd=*/0xb704, /*arg=*/0x20000640ul);
  859. memcpy((void*)0x20000680, "./file0\000", 8);
  860. memcpy((void*)0x200006c0, "./file0\000", 8);
  861. memcpy((void*)0x20000700, "pipefs\000", 7);
  862. syscall(__NR_mount, /*src=*/0x20000680ul, /*dst=*/0x200006c0ul,
  863. /*type=*/0x20000700ul, /*flags=MS_I_VERSION*/ 0x800000ul,
  864. /*data=*/0ul);
  865. syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump();
  866. syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump();
  867. syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump();
  868. syz_proconfig_reset__sys_module_rcupdate_parameters_rcu_cpu_stall_ftrace_dump();
  869. syscall(__NR_perf_event_open, /*attr=*/0ul, /*pid=*/0, /*cpu=*/0ul,
  870. /*group=*/-1, /*flags=*/0ul);
  871. memcpy((void*)0x20000080, "./file0\000", 8);
  872. res = syscall(__NR_open, /*file=*/0x20000080ul,
  873. /*flags=O_EXCL|O_DIRECT|O_CREAT|O_WRONLY|0x4*/ 0x40c5ul,
  874. /*mode=*/0ul);
  875. if (res != -1)
  876. r[1] = res;
  877. *(uint32_t*)0x2001d000 = 1;
  878. *(uint32_t*)0x2001d004 = 0x70;
  879. *(uint8_t*)0x2001d008 = 0;
  880. *(uint8_t*)0x2001d009 = 0;
  881. *(uint8_t*)0x2001d00a = 0;
  882. *(uint8_t*)0x2001d00b = 0;
  883. *(uint32_t*)0x2001d00c = 0;
  884. *(uint64_t*)0x2001d010 = 0x200;
  885. *(uint64_t*)0x2001d018 = 0;
  886. *(uint64_t*)0x2001d020 = 0;
  887. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 0, 1);
  888. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 1, 1);
  889. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 2, 1);
  890. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 3, 1);
  891. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 4, 1);
  892. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 5, 1);
  893. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 6, 1);
  894. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 7, 1);
  895. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 8, 1);
  896. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 9, 1);
  897. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 10, 1);
  898. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 11, 1);
  899. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 12, 1);
  900. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 13, 1);
  901. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 14, 1);
  902. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 15, 2);
  903. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 17, 1);
  904. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 18, 1);
  905. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 19, 1);
  906. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 20, 1);
  907. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 21, 1);
  908. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 22, 1);
  909. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 23, 1);
  910. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 24, 1);
  911. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 25, 1);
  912. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 26, 1);
  913. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 27, 1);
  914. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 28, 1);
  915. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 29, 1);
  916. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 30, 1);
  917. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 31, 1);
  918. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 32, 1);
  919. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 33, 1);
  920. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 34, 1);
  921. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 35, 1);
  922. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 36, 1);
  923. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 37, 1);
  924. STORE_BY_BITMASK(uint64_t, , 0x2001d028, 0, 38, 26);
  925. *(uint32_t*)0x2001d030 = 0;
  926. *(uint32_t*)0x2001d034 = 0;
  927. *(uint64_t*)0x2001d038 = 0x20000000;
  928. *(uint64_t*)0x2001d040 = 0;
  929. *(uint64_t*)0x2001d048 = 0;
  930. *(uint64_t*)0x2001d050 = 0;
  931. *(uint32_t*)0x2001d058 = 0;
  932. *(uint32_t*)0x2001d05c = 0;
  933. *(uint64_t*)0x2001d060 = 0;
  934. *(uint32_t*)0x2001d068 = 0;
  935. *(uint16_t*)0x2001d06c = 0;
  936. *(uint16_t*)0x2001d06e = 0;
  937. *(uint32_t*)0x2001d070 = 0;
  938. *(uint32_t*)0x2001d074 = 0;
  939. *(uint64_t*)0x2001d078 = 0;
  940. syscall(__NR_perf_event_open, /*attr=*/0x2001d000ul, /*pid=*/0, /*cpu=*/-1,
  941. /*group=*/-1, /*flags=*/0ul);
  942. memcpy(
  943. (void*)0x20001400,
  944. "\x3b\x27\xa4\xb4\x6e\xe9\x2b\x4a\x59\x07\x3c\x36\x9a\x5e\x19\xf9\xdb\x15"
  945. "\x3c\x4f\xdb\xc7\x6a\xa2\xa4\xbb\x9f\x3e\x5e\x1a\xa1\x97\xa9\xe9\x7d\x10"
  946. "\x16\xc0\x18\x13\x79\x2e\x50\xc2\x69\x2c\x17\x5a\xad\x71\x5d\x11\x0a\x89"
  947. "\x29\x49\xcc\xc6\xe2\xe5\x4c\x2d\x5c\x8f\x0b\x79\x32\xb6\x97\x97\xf2\x17"
  948. "\x16\x8b\x0c\x1f\xeb\x12\x8a\xe3\x4f\x0d\xaf\x48\x7a\x70\xb5\xc1\x17\xac"
  949. "\xd4\x37\x25\xfe\x17\x99\x36\x34\xf1\x69\x5d\xab\xd7\xf9\x98\xcd\x55\xe9"
  950. "\xd5\xbd\x91\x1e\x86\xaa\x7a\x4a\xd7\x5a\x57\x4b\xb9\x69\x51\xd6\x01\x8b"
  951. "\x25\xd9\x42\xa9\x54\x4b\xca\x1e\xbb\x0e\x8d\x10\xc0\x92\xcd\xcb\x85\x79"
  952. "\x76\x73\x97\x20\x99\xe4\x04\x1a\xaf\x8d\x63\x6f\x66\xcb\x11\x03\xef\x20"
  953. "\x50\xad\x28\xfa\xba\xed\x33\xd6\x92\x78\x89\xd9\x7f\x4b\x5c\xe0\xde\x71"
  954. "\xd3\xfd\x83\x29\x80\xf4\xf0\x88\xd0\xd8\x24\xe2\x05\x49\xb4\xbb\xd9\x06"
  955. "\xff\xa5\x1c\xe9\xde\x54\xd7\x79\xeb\x4d\xe4\x62\xfa\xac\x20\xa3\xab\x0e"
  956. "\xd9\x93\x43\x73\xca\x22\xce\xa5\x45\x4f\x4c\x2a\x74\x0c\xd4\x61\xe3\x99"
  957. "\x56\xbb\x5f\x98\xdf\x2a\xeb\xc6\x0c\xf3\x26\x23\xad\xbf\xfb\xcc\x37\x8f"
  958. "\xa7\x25\x0b\x6a\x3f\xc8\x63\xda\xdc\xf6\xd4\xf8\xb8\x55\xc4\xe7\x0f\x07"
  959. "\x96\xee\xe6\x21\x84\x45\xda\xd2\x81\x1d\xd6\xb5\x40\xff\x52\xef\xa2\xf1"
  960. "\x67\xdd\x9c\x1b\x8b\x01\x62\x68\xd3\x7d\xb4\x30\x98\x3f\xef\xc0\x64\x5d"
  961. "\x20\x61\x4c\x8d\xf2\xeb\x08\x72\xc5\x8e\x09\x66\x4e\x67\x2b\x0b\x6a\x99"
  962. "\x70\xfe\xc1\x99\x25\x7e\x1c\x60\x6e\xc3\xe3\x64\xc6\x6a\x0f\x4d\x25\x8c"
  963. "\x74\xac\xcd\x43\xb9\x87\xc7\x56\xd6\x02\xfd\x87\x87\xfe\xd3\xaa\x43\xfd"
  964. "\x8d\x84\xe9\x65\x6d\x4a\x41\x3f\xa9\xa4\x23\xbc\x54\xb8\x73\x58\x3d\x6d"
  965. "\x49\x70\x05\xe5\x47\x12\xfa\xfc\x71\x38\x49\x88\xd8\x01\x34\xfb\xf8\x4f"
  966. "\x53\xfd\xd7\x4b\x35\x48\x48\x00\x6b\x8b\x5b\x67\xe7\xcc\x5a\x47\x24\x75"
  967. "\xd3\xae\x54\x5c\xa1\xfc\xf7\x62\x8b\x87\x3e\x31\xba\x83\xa9\x8a\x7a\xd5"
  968. "\xb0\xcf\xbe\x97\x11\xb5\x17\xa9\xa1\x38\x8a\xd0\xef\xa2\xa3\xb4\xe2\x21"
  969. "\x52\x02\x1d\x63\x1b\x73\x1e\x2e\x10\x0a\x98\x31\x11\x1d\xb7\xac\xce\x94"
  970. "\x8b\xb5\xde\xee\xa2\x60\x46\x3c\x14\x0a\xc9\x29\xe7\x7c\x58\x40\x27\x76"
  971. "\xca\xf8\x5d\x45\x69\xa7\x5d\xde\x2f\x64\xc4\x49\x15\x08\xaf\xb5\x41\xed"
  972. "\x9b\x2c\x81\xfc\x95\xc0\x67\x06\x23\x5f\x38\x3e\x31\xcf\x66\x2c\x95\xb1"
  973. "\xe4\x9c\xfd\x94\x87\x1e\x22\x72\x0a\x41\x53\x57\x56\xe4\x19\xb2\x71\x27"
  974. "\x69\x41\x69\x2b\xd0\x23\xdd\x9c\x9d\xbe\xc4\xf7\xdb\x1e\x5c\x00\xd8\xb3"
  975. "\xbe\x7b\x8e\x82\x6a\x6a\xad\xd0\x01\xed\xd0\xdf\xeb\x00\xf8\x04\x84\x42"
  976. "\xb5\xc4\x84\x56\xfd\x64\x2e\x62\x9d\xcb\x2f\xf5\x55\x92\x66\x5f\xf4\x91"
  977. "\xcd\x83\x26\x72\xce\x4d\x99\x9d\xa1\x86\xdb\x2c\x3a\x1f\x8b\x6b\x1f\x7d"
  978. "\x37\x50\xd7\xcd\xb3\x09\x79\x54\xe6\xe1\x4f\xb2\x18\x3a\xd6\x62\xc6\x3d"
  979. "\x4c\xe8\xb8\x2d\xc2\x48\x7f\x0f\xe2\xea\x28\x27\xb5\x3a\x7c\x6d\xcc\xed"
  980. "\x87\x8d\x2f\xb2\x9c\x1d\x3f\xf5\x83\x57\x0e\x7b\xc1\x72\xd1\xa5\xc7\x16"
  981. "\xe0\x44\x7c\xb0\x8c\xe3\xc4\x68\xff\xdf\x97\x5d\xa3\x72\xf3\xf3\xeb\x45"
  982. "\x5a\xaf\x58\x22\xbc\x04\xa5\x1b\x6c\xad\x24\xa2\x33\x13\x69\xdf\x81\xc1"
  983. "\x23\xb0\x09\xa2\x38\x1b\x42\xe9\xae\xb0\x77\xf6\x21\x60\x8d\x81\xc1\x2a"
  984. "\x5f\x5c\x6c\x29\x5d\x74\xaf\xd4\xdd\x5c\x05\x12\x96\xbe\x0b\x54\xc7\x0b"
  985. "\xf8\x99\xb3\x47\xc3\x6b\xff\x62\xf3\x13\x07\x99\x83\x40\x9d\x7f\x9c\xf1"
  986. "\x24\x2c\x91\x79\x85\xc1\xb5\xd0\x73\x6f\xe2\x1f\x85\x14\xf6\x3d\x03\x69"
  987. "\xa3\x74\xc4\x2d\xa4\x0b\xd5\x14\x0b\xc3\xe6\x02\xd0\x0c\x3c\xb4\xf8\xe6"
  988. "\x21\x86\x3a\xb4\x74\x22\x77\x8d\x67\xd7\x2d\xe3\x47\x53\xfd\x72\xce\xf8"
  989. "\x06\x49\xa1\x54\x8e\x4e\x8d\xcb\xcf\xfe\x40\x54\xcc\x9d\x8a\x1f\x92\x26"
  990. "\x23\xa7\x59\x04\xcb\xda\xac\xde\x76\x81\x31\xe5\x87\x26\x9a\x4a\x99\xd8"
  991. "\x2f\x70\x09\xc1\xb8\xab\x79\xaa\x23\x2a\x2f\xd4\x5a\xd7\x1b\x60\x38\x03"
  992. "\x12\x3f\x6b\xa9\x79\xfa\x6a\x87\x52\x58\x84\xb0\x8d\x72\x1a\x21\x40\x0f"
  993. "\xb1\xf9\x50\xb9\x6e\xad\x82\xf4\x08\xcc\x43\x88\xd3\xb7\x8f\xb4\x56\x61"
  994. "\x64\x29\xa5\x20\x65\x6d\x5e\x5a\x87\x6f\xd0\x47\x48\x49\x89\x02\xc8\x6f"
  995. "\x58\xd4\x5f\x4c\x1b\x39\x19\xeb\x84\x6a\x00\xed\xf0\x7e\x7a\x83\x0b\xf7"
  996. "\x23\xe4\x77\x4f\x08\x5f\x15\x53\x4d\xd3\xb5\x24\x6c\x0c\x09\x70\xb5\xad"
  997. "\x7b\xb3\x9b\x30\xb1\x56\xa9\x43\x03\x78\xc5\xb0\xaa\xb1\x26\x1c\x78\xd7"
  998. "\x2a\xc3\x01\xcd\x55\x2d\x5e\x8d\xd4\xb6\x42\xec\x1d\xc0\x67\x27\x45\xd5"
  999. "\x93\xbb\x26\xd0\x95\xb5\xb2\x35\x76\xe3\xcf\xd6\xab\x58\x0f\x6e\x09\x41"
  1000. "\x9d\x0f\x0c\x64\x25\x0f\xaf\xaa\x37\x59\xaa\x18\x88\xda\x48\xd8\x9c\x3f"
  1001. "\x7c\x94\x54\xb0\xb3\xd0\xab\x40\x44\x5f\x5b\xed\x44\x93\xef\x43\xab\x08"
  1002. "\xf3\x1b\x13\x45\xac\x4f\xfd\x94\xad\x79\xc9\xee\xe5\x39\x04\xed\x6f\x57"
  1003. "\x28\x17\x15\x31\x90\xd2\xe6\x86\x3f\x2e\x39\x35\x6b\xb9\x99\x26\x41\x9f"
  1004. "\xd3\x14\x34\x1a\x53\x6b\x7e\x76\xca\xe6\x0b\xf7\x75\x0a\x4c\x29\xe3\xf4"
  1005. "\xc7\xf0\x05\x53\x0b\x1d\x4e\xe0\xe2\x5b\x93\xb7\x6f\xcc\x11\x08\x22\x2f"
  1006. "\x0b\x00\xde\x52\xcf\x41\x00\xe9\x7a\xdf\xd7\xb9\xdb\x13\x70\x58\x6b\xa2"
  1007. "\x7e\x1e\x18\x32\x99\xbe\x00\xd0\xdf\x84\x39\xc3\x80\xed\xf2\xf7\x9d\xeb"
  1008. "\x44\x1e\xac\x59\xb8\x14\xb0\x4a\xcc\xdf\xf5\xe1\x7f\x02\x04\x61\x39\xf9"
  1009. "\x1f\x03\x32\x66\x16\x76\xff\x50\x6e\x57\x5f\x0c\xb2\x85\x0b\xcc\x9f\x86"
  1010. "\x66\xf6\xd1\xf6\x9f\x8f\x42\x71\xcb\x80\x4a\x79\xfc\xcd\x70\x16\xf0\x49"
  1011. "\xd1\xa4\x94\xc2\x6a\x52\x7c\x43\x7f\xa0\xbe\x6d\x51\xec\x75\x43\xd9\xbd"
  1012. "\x7a\x2f\x01\x61\x94\xeb\xe3\xc9\x90\x80\xa6\xc9\xb5\x11\x98\x63\xdf\xe8"
  1013. "\x65\xf8\xe6\x0c\xae\x29\xf5\x0b\x67\xdb\xfa\xa0\xa3\xc9\x79\x4d\x73\x03"
  1014. "\x44\x85\xca\x16\x13\x34\x4c\x57\x27\x83\xdb\x3d\xfa\xb0\x1b\x28\x08\x9c"
  1015. "\x51\xcd\xa9\x9c\xef\xa4\xc1\xc8\x81\xa2\x9e\x22\x9f\x04\xc7\xe0\xfd\x04"
  1016. "\xdc\x42\x5a\xe8\x41\x78\x52\xe6\xe3\x15\x20\xc6\x20\x7e\x9d\x4e\x35\x28"
  1017. "\x5f\xee\xf2\xa2\xcb\x8a\x3b\xce\xb0\x8a\x16\x6f\xa4\x28\x4a\x51\x63\x62"
  1018. "\x62\x1e\x2c\x06\x73\x1a\x44\x27\x91\xf1\xdb\x06\x3a\x32\xcf\x1f\x00\x5c"
  1019. "\x91\x41\x02\xc7\x27\x3c\xb4\xd7\xab\x1b\xf5\x67\xd7\x2f\x23\x07\x83\xd2"
  1020. "\xea\x99\xc4\x3a\x60\xe8\x72\x91\x32\x44\x1e\xe6\xc5\x36\x2c\x33\xf9\xb6"
  1021. "\x13\xf8\x44\x17\xc3\xc5\x54\x9f\x4e\x3d\x9e\x73\xc6\xf8\x3f\x16\xc8\xe5"
  1022. "\x7a\xe2\x2f\xe5\xf5\x45\x15\xe1\x11\xfe\x43\xad\x7c\x40\x0d\x21\x42\x81"
  1023. "\x45\x2b\xb6\x14\x1c\xec\xad\x84\xb2\x3a\x69\x5f\x06\x19\x88\xd9\x06\xd0"
  1024. "\x3b\xe5\xd8\x95\x84\x63\x4b\x9e\x9d\x9a\x9b\x07\x2f\x8e\x7c\xbb\x47\xc4"
  1025. "\x77\x19\x31\x8a\x20\x01\xca\xfa\x66\x5d\xd2\xc8\x26\x72\xd1\x68\x77\xea"
  1026. "\x11\x5b\xd0\x23\xfc\x19\x75\xf7\xc5\x96\x64\xbf\xb0\x6f\x66\xa1\xa5\xe3"
  1027. "\xf0\x5c\xb2\x83\xfb\x45\xea\x67\xa2\x72\x7e\xe6\xe1\x0b\xf3\x5b\x31\xfd"
  1028. "\xd0\x3d\x43\xec\x67\xb7\x53\xf6\x73\x7e\x0d\x2f\x4a\x52\x75\x03\x15\x95"
  1029. "\x87\x8c\xef\xc8\xf0\xca",
  1030. 1536);
  1031. syscall(__NR_write, /*fd=*/r[1], /*data=*/0x20001400ul, /*size=*/0x600ul);
  1032. syscall(__NR_ftruncate, /*fd=*/-1, /*len=*/0ul);
  1033. *(uint32_t*)0x20000000 = 7;
  1034. *(uint8_t*)0x20000004 = 0x7b;
  1035. *(uint16_t*)0x20000005 = 1;
  1036. syscall(__NR_write, /*fd=*/r[1], /*data=*/0x20000000ul, /*size=*/7ul);
  1037. memcpy((void*)0x20000380, "./file0\000", 8);
  1038. res = syscall(__NR_open, /*file=*/0x20000380ul, /*flags=*/0ul, /*mode=*/0ul);
  1039. if (res != -1)
  1040. r[2] = res;
  1041. syscall(__NR_sendfile, /*fdout=*/r[1], /*fdin=*/r[2], /*off=*/0ul,
  1042. /*count=*/0x10000ul);
  1043. syscall(
  1044. __NR_sendmsg, /*fd=*/-1, /*msg=*/0ul,
  1045. /*f=MSG_ZEROCOPY|MSG_FASTOPEN|MSG_BATCH|MSG_PROBE|MSG_DONTWAIT|0xe284928c9a0b0520*/
  1046. 0xe284928cbe0f0570ul);
  1047. memcpy((void*)0x20000040, "/dev/sg#\000", 9);
  1048. res = -1;
  1049. res = syz_open_dev(/*dev=*/0x20000040, /*id=*/0, /*flags=*/0);
  1050. if (res != -1)
  1051. r[3] = res;
  1052. res = syscall(__NR_dup, /*oldfd=*/r[3]);
  1053. if (res != -1)
  1054. r[4] = res;
  1055. syscall(__NR_ioctl, /*fd=*/r[4], /*cmd=*/0x2286, /*arg=*/0x816d000ul);
  1056. syz_proconfig_reset__sys_module_8250_parameters_skip_txen_test();
  1057. syscall(__NR_ioctl, /*fd=*/r[3], /*cmd=*/0x2282, /*arg=*/0ul);
  1058. syscall(__NR_ioctl, /*fd=*/r[3], /*cmd=*/0x2203, /*arg=*/0ul);
  1059. memcpy((void*)0x20000b80, "ext4\000", 5);
  1060. memcpy((void*)0x20000140, "./file1\000", 8);
  1061. memcpy((void*)0x200000c0, "barrier", 7);
  1062. *(uint8_t*)0x200000c7 = 0x3d;
  1063. sprintf((char*)0x200000c8, "0x%016llx", (long long)0);
  1064. *(uint8_t*)0x200000da = 0x2c;
  1065. memcpy((void*)0x200000db, "dioread_nolock", 14);
  1066. *(uint8_t*)0x200000e9 = 0x2c;
  1067. *(uint8_t*)0x200000ea = 0;
  1068. memcpy(
  1069. (void*)0x20000bc0,
  1070. "\x78\x9c\xec\xdc\xcb\x6b\x5c\x55\x18\x00\xf0\xef\xde\xbc\x9b\xd8\xa4\x22"
  1071. "\x6a\x8b\x60\x40\x6a\x45\x71\x9a\x36\x45\xa1\xab\xd6\xb5\xa8\xa0\x8b\x2e"
  1072. "\x1b\x93\x49\x09\x99\x3e\x4c\x22\x98\xd0\x45\x5a\xf7\xea\x42\xc4\x45\x41"
  1073. "\xfa\x27\x08\xee\xad\x0b\x57\x82\x8b\xba\xd0\xfa\x17\x14\xb1\x48\xd1\x4d"
  1074. "\xeb\x22\x72\xe7\x91\x8e\xc9\x4c\x12\xe3\x4c\x4f\x1f\xbf\x1f\x9c\xb9\xe7"
  1075. "\xcc\x99\x99\xef\xfb\xe6\x92\x7b\xcf\x85\xb9\x09\xe0\xb1\x35\x5e\x3c\xe4"
  1076. "\x11\xfb\x23\xe2\x74\x16\x31\x5a\x7f\x3e\x8f\x88\xfe\x6a\x6f\x30\x62\xb5"
  1077. "\xf6\xba\xbb\xb7\x2f\x4e\x17\x2d\x8b\xb5\xb5\x77\xff\xc8\x22\x8b\x88\x3b"
  1078. "\xb7\x2f\x4e\x37\x3e\x2b\xab\x6f\x87\xeb\x83\xc1\x88\xb8\xfe\x46\x16\x4f"
  1079. "\x7e\xbc\x39\xee\xe2\xf2\xca\xfc\x54\xa5\x52\x5e\xa8\x8f\x0f\x2f\x9d\xbd"
  1080. "\x70\x78\x71\x79\xe5\xd5\xb9\xb3\x53\x67\xca\x67\xca\xe7\x8e\x4d\xbe\x7e"
  1081. "\x6c\xf2\xb5\xc9\xc9\x0e\xd6\x7a\xf3\xc2\xfb\x5f\x3e\xf7\xd3\x5b\x2f\x5e"
  1082. "\xbe\xfa\xc9\xc4\xdb\x5f\xec\xfd\x21\x8b\x13\x31\x52\x9f\x6b\xae\xa3\x53"
  1083. "\xc6\x63\x7c\xfd\x3b\x69\xd6\x1b\x11\x53\x9d\x0e\x96\x48\x4f\xbd\x9e\xe6"
  1084. "\x3a\xb3\xde\x84\x09\x01\x00\xb0\xa5\xbc\x69\x0d\xf7\x74\x8c\x46\x4f\xdc"
  1085. "\x5b\xbc\x8d\xc6\xf7\x3f\x27\x4d\x0e\x00\x00\x00\xe8\x88\xb5\x9e\x88\xb5"
  1086. "\x96\xda\x4e\x00\x00\x00\x00\x0f\x9d\x6c\xfd\x32\x7f\x20\x5c\xf2\x03\x00"
  1087. "\x00\xc0\xa3\xa8\xf1\x3b\x80\x3b\xb7\x2f\x4e\x37\x5a\xda\x5f\x24\xdc\x5f"
  1088. "\xb7\x4e\x46\xc4\x58\xad\xfe\xc6\xfd\xcd\xb5\x99\xde\x58\xad\x6e\x07\xa3"
  1089. "\x2f\x22\xf6\xfc\x99\x45\xf3\x6d\xad\x59\xed\x6d\xff\xdb\x78\x11\xe9\x9b"
  1090. "\x1f\xcb\x45\x5b\xeb\xd2\x7d\xc8\x5b\x59\xbd\x14\x11\xcf\xb6\xda\xff\x59"
  1091. "\xb5\xfe\xb1\xea\x5d\xdc\x9b\xeb\xcf\x23\x62\xa2\x03\xf1\xc7\x37\x8c\x1f"
  1092. "\xa6\xfa\x4f\x74\x20\x7e\xea\xfa\x01\x78\x3c\x5d\x3b\x59\x3b\x91\x6d\x3e"
  1093. "\xff\xe5\xeb\xeb\x9f\x68\x71\xfe\xeb\x6d\x71\xee\xda\x8d\x96\xe7\xbf\xbc"
  1094. "\x03\x1f\xbc\x43\x8d\xf5\xdf\xdd\x4d\xeb\xbf\x7b\xf5\xf7\x44\xc4\xd0\x86"
  1095. "\xf7\x15\xeb\xbf\x77\x76\x18\xe3\xc0\xdf\x2f\x5f\x6f\x37\xd7\xbc\xfe\x3b"
  1096. "\xf5\xe9\xaf\x33\x45\xfc\x62\xbb\xeb\x82\xfe\xa3\x5b\x97\x22\x0e\xf4\xb6"
  1097. "\xaa\x3f\x5b\xaf\x3f\x6b\xb3\xfe\x3d\xbd\xc3\x18\xc3\xd3\x37\xaf\xb4\x9b"
  1098. "\x2b\xea\x2f\xea\x6d\xb4\xfb\x5d\xff\xda\xd5\x88\x83\xd1\xba\xfe\x86\x6c"
  1099. "\xab\xff\x4f\x74\x78\x76\xae\x52\x9e\xa8\x3d\xb6\x89\x71\xf0\xbb\x53\x87"
  1100. "\xda\xc5\x6f\xde\xff\x45\x2b\xe2\x17\xdb\x8e\x17\xda\x46\xb1\xff\xf7\xb4"
  1101. "\xa9\x7f\xbb\xfd\x7f\x61\x87\x31\xc6\x9e\xf9\x7d\x7f\xbb\xb9\xed\xeb\xcf"
  1102. "\x7f\xeb\xcf\xde\xab\xf6\xfa\xeb\xa1\x1b\x79\xf4\x67\x6f\x36\x3f\x1f\x1f"
  1103. "\x4d\x2d\x2d\x2d\x1c\xdd\x3a\x97\xc6\x6b\xaa\xdb\x23\xb5\xfa\x5f\x7a\x61"
  1104. "\xeb\xbf\xff\x56\xf5\x17\xc7\x84\xd5\xfa\xf7\x50\x1c\xae\x2e\xd5\xb7\xc5"
  1105. "\xf8\xf2\x86\x98\xc3\x07\x8f\x7e\xbd\xfb\xfa\xbb\xab\xa8\x7f\x66\x97\xfb"
  1106. "\xff\xb3\x1d\xc6\xf8\xea\xdb\x2b\x1f\xb4\x9b\x4b\x5d\x3f\x00\x00\x00\x00"
  1107. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1108. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1109. "\x00\x00\x00\x0f\x87\x3c\x22\x46\x22\xcb\x4b\xeb\xfd\x3c\x2f\x95\x22\x86"
  1110. "\x23\xe2\xa9\xd8\x93\x57\xce\x2f\x2e\xbd\x32\x7b\xfe\xc3\x73\x33\xc5\x5c"
  1111. "\xc4\x58\xf4\xe5\xb3\x73\x95\xf2\x44\x44\x8c\xd6\xc6\x59\x31\x3e\x52\xed"
  1112. "\xdf\x1b\x1f\xdd\x30\x9e\x8c\x88\x7d\x11\xf1\xf9\xe8\x50\x75\x5c\x9a\x3e"
  1113. "\x5f\x99\x49\x5d\x3c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1114. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1115. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1116. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xeb\x86\x23\x62"
  1117. "\x24\xb2\xbc\x14\x11\x79\x44\xfc\x35\x9a\xe7\xa5\x52\xea\xac\x00\x00\x00"
  1118. "\x80\x8e\x1b\x4b\x9d\x00\x00\x00\x00\xd0\x75\xae\xff\x01\x00\x00\xe0\xd1"
  1119. "\xe7\xfa\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1120. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1121. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80"
  1122. "\x2e\xdb\xf7\xfc\xb5\x1b\x59\x44\xac\x1e\x1f\xaa\xb6\x42\x7f\x7d\xae\x2f"
  1123. "\x69\x66\x40\xb7\xe5\xa9\x13\x00\x92\xe9\x49\x9d\x00\x90\x4c\x6f\xea\x04"
  1124. "\x80\x64\x5c\xe3\x03\xd9\x36\xf3\x83\x6d\x67\x06\x3a\x9e\x0b\x00\x00\x00"
  1125. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1126. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1127. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1128. "\x00\x0f\xae\x43\xfb\xaf\xdd\xc8\x22\x62\xf5\xf8\x50\xb5\x15\xfa\xeb\x73"
  1129. "\x7d\xff\x7a\xe5\x74\x82\xec\x80\x6e\xca\x53\x27\x00\x24\xd3\x93\x3a\x01"
  1130. "\x20\x99\xde\xd4\x09\x00\xc9\xf4\xa5\x4e\x00\x48\x2e\xdb\x66\x7e\xb0\xed"
  1131. "\xcc\x40\xc7\x73\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1132. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1133. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1134. "\x00\x00\x00\x00\x00\x00\x00\x00\xe0\xc1\x35\x52\x6d\x59\x5e\x8a\x88\xbc"
  1135. "\xda\xcf\xf3\x52\x29\xe2\x89\x88\x18\x8b\xbe\x6c\x76\xae\x52\x9e\x88\x88"
  1136. "\xbd\x11\xf1\xcb\x68\xdf\x40\x31\x3e\x92\x3a\x69\x00\x00\x00\x00\x00\x00"
  1137. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1138. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1139. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1140. "\x00\x00\x00\x3a\x6e\x71\x79\x65\x7e\xaa\x52\x29\x2f\xe8\xe8\xe8\xe8\xac"
  1141. "\x77\x52\x1f\x99\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1142. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1143. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1144. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x48\x61\x71\x79\x65\x7e"
  1145. "\xaa\x52\x29\x2f\x2c\xa6\xce\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1146. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1147. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1148. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1149. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1150. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1151. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1152. "\x00\x00\x00\x00\x00\x00\x00\x00\x48\x6d\x71\x79\x65\x7e\xaa\x52\x29\x2f"
  1153. "\x74\xb1\x93\xba\x46\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1154. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1155. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1156. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1157. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1158. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1159. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1160. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1161. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1162. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1163. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1164. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1165. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1166. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1167. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1168. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1169. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1170. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1171. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1172. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1173. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1174. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1175. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1176. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1177. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1178. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1179. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1180. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1181. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1182. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1183. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1184. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1185. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1186. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1187. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1188. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1189. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1190. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1191. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1192. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1193. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1194. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1195. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1196. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1197. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1198. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1199. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1200. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1201. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1202. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1203. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1204. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1205. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1206. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1207. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1208. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1209. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1210. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1211. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1212. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1213. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1214. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1215. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1216. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1217. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1218. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1219. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1220. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1221. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1222. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1223. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1224. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1225. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1226. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1227. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1228. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1229. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1230. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1231. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1232. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1233. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
  1234. "\x00\x00\x00\x00\x00\x00\x00\xd2\xf9\x27\x00\x00\xff\xff\x90\x99\xfd"
  1235. "\x27",
  1236. 2970);
  1237. syz_mount_image(/*fs=*/0x20000b80, /*dir=*/0x20000140,
  1238. /*flags=MS_LAZYTIME*/ 0x2000000, /*opts=*/0x200000c0,
  1239. /*chdir=*/1, /*size=*/0xb9a, /*img=*/0x20000bc0);
  1240. syz_proconfig_set__sys_module_8250_parameters_skip_txen_test(/*val=*/0x81);
  1241. return 0;
  1242. }
  1243.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!