Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // autogenerated by syzkaller (https://github.com/google/syzkaller)
- #define _GNU_SOURCE
- #include <arpa/inet.h>
- #include <endian.h>
- #include <errno.h>
- #include <fcntl.h>
- #include <net/if.h>
- #include <netinet/in.h>
- #include <setjmp.h>
- #include <stdbool.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <sys/ioctl.h>
- #include <sys/mman.h>
- #include <sys/mount.h>
- #include <sys/socket.h>
- #include <sys/stat.h>
- #include <sys/syscall.h>
- #include <sys/types.h>
- #include <unistd.h>
- #include <linux/genetlink.h>
- #include <linux/if_addr.h>
- #include <linux/if_link.h>
- #include <linux/in6.h>
- #include <linux/loop.h>
- #include <linux/neighbour.h>
- #include <linux/net.h>
- #include <linux/netlink.h>
- #include <linux/rtnetlink.h>
- #include <linux/veth.h>
- static long syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(volatile long val)
- {
- char command[256];
- sprintf(command, "echo %ld > /proc/sys/vm/zone_reclaim_mode", val);
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode()
- {
- char command[256];
- sprintf(command, "echo 0 > /proc/sys/vm/zone_reclaim_mode");
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_proconfig_reset__sys_fs_cgroup_system_slice_rsyslog_service_cgroup_freeze()
- {
- char command[256];
- sprintf(command, "echo 0 > /sys/fs/cgroup/system.slice/rsyslog.service/cgroup.freeze");
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_proconfig_set__sys_fs_ext4_sda_inode_readahead_blks(volatile long val)
- {
- char command[256];
- sprintf(command, "echo %ld > /sys/fs/ext4/sda/inode_readahead_blks", val);
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_proconfig_reset__sys_fs_ext4_sda_inode_readahead_blks()
- {
- char command[256];
- sprintf(command, "echo 32 > /sys/fs/ext4/sda/inode_readahead_blks");
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_proconfig_reset__sys_devices_breakpoint_perf_event_mux_interval_ms()
- {
- char command[256];
- sprintf(command, "echo 1 > /sys/devices/breakpoint/perf_event_mux_interval_ms");
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_sysconfig_set__proc_sys_vm_vfs_cache_pressure(volatile long val)
- {
- char command[256];
- sprintf(command, "echo %ld > /proc/sys/vm/vfs_cache_pressure", val);
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_sysconfig_reset__proc_sys_vm_vfs_cache_pressure()
- {
- char command[256];
- sprintf(command, "echo 100 > /proc/sys/vm/vfs_cache_pressure");
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_proconfig_set__sys_fs_ext4_sda_mb_min_to_scan(volatile long val)
- {
- char command[256];
- sprintf(command, "echo %ld > /sys/fs/ext4/sda/mb_min_to_scan", val);
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_proconfig_reset__sys_fs_ext4_sda_mb_min_to_scan()
- {
- char command[256];
- sprintf(command, "echo 10 > /sys/fs/ext4/sda/mb_min_to_scan");
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_sysconfig_set__proc_sys_net_ipv4_neigh_sit0_unres_qlen_bytes(volatile long val)
- {
- char command[256];
- sprintf(command, "echo %ld > /proc/sys/net/ipv4/neigh/sit0/unres_qlen_bytes", val);
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_proconfig_set__sys_fs_cgroup_system_slice_rsyslog_service_pids_max(volatile long val)
- {
- char command[256];
- sprintf(command, "echo %ld > /sys/fs/cgroup/system.slice/rsyslog.service/pids.max", val);
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- static long syz_proconfig_reset__sys_fs_cgroup_system_slice_rsyslog_service_pids_max()
- {
- char command[256];
- sprintf(command, "echo 971 > /sys/fs/cgroup/system.slice/rsyslog.service/pids.max");
- int ret = system(command);
- if (ret != 0) {
- return 0;
- }
- return 0;
- }
- #ifndef __NR_copy_file_range
- #define __NR_copy_file_range 326
- #endif
- #ifndef __NR_io_pgetevents
- #define __NR_io_pgetevents 333
- #endif
- #ifndef __NR_memfd_create
- #define __NR_memfd_create 319
- #endif
- #ifndef __NR_openat2
- #define __NR_openat2 437
- #endif
- #ifndef __NR_quotactl_fd
- #define __NR_quotactl_fd 443
- #endif
- #ifndef __NR_seccomp
- #define __NR_seccomp 317
- #endif
- static unsigned long long procid;
- #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off))
- #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \
- *(type*)(addr) = \
- htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \
- (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len))))
- struct csum_inet {
- uint32_t acc;
- };
- static void csum_inet_init(struct csum_inet* csum)
- {
- csum->acc = 0;
- }
- static void csum_inet_update(struct csum_inet* csum, const uint8_t* data,
- size_t length)
- {
- if (length == 0)
- return;
- size_t i = 0;
- for (; i < length - 1; i += 2)
- csum->acc += *(uint16_t*)&data[i];
- if (length & 1)
- csum->acc += le16toh((uint16_t)data[length - 1]);
- while (csum->acc > 0xffff)
- csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16);
- }
- static uint16_t csum_inet_digest(struct csum_inet* csum)
- {
- return ~csum->acc;
- }
- struct nlmsg {
- char* pos;
- int nesting;
- struct nlattr* nested[8];
- char buf[4096];
- };
- static void netlink_init(struct nlmsg* nlmsg, int typ, int flags,
- const void* data, int size)
- {
- memset(nlmsg, 0, sizeof(*nlmsg));
- struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf;
- hdr->nlmsg_type = typ;
- hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
- memcpy(hdr + 1, data, size);
- nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size);
- }
- static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data,
- int size)
- {
- struct nlattr* attr = (struct nlattr*)nlmsg->pos;
- attr->nla_len = sizeof(*attr) + size;
- attr->nla_type = typ;
- if (size > 0)
- memcpy(attr + 1, data, size);
- nlmsg->pos += NLMSG_ALIGN(attr->nla_len);
- }
- static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type,
- int* reply_len, bool dofail)
- {
- if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting)
- exit(1);
- struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf;
- hdr->nlmsg_len = nlmsg->pos - nlmsg->buf;
- struct sockaddr_nl addr;
- memset(&addr, 0, sizeof(addr));
- addr.nl_family = AF_NETLINK;
- ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0,
- (struct sockaddr*)&addr, sizeof(addr));
- if (n != (ssize_t)hdr->nlmsg_len) {
- if (dofail)
- exit(1);
- return -1;
- }
- n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0);
- if (reply_len)
- *reply_len = 0;
- if (n < 0) {
- if (dofail)
- exit(1);
- return -1;
- }
- if (n < (ssize_t)sizeof(struct nlmsghdr)) {
- errno = EINVAL;
- if (dofail)
- exit(1);
- return -1;
- }
- if (hdr->nlmsg_type == NLMSG_DONE)
- return 0;
- if (reply_len && hdr->nlmsg_type == reply_type) {
- *reply_len = n;
- return 0;
- }
- if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) {
- errno = EINVAL;
- if (dofail)
- exit(1);
- return -1;
- }
- if (hdr->nlmsg_type != NLMSG_ERROR) {
- errno = EINVAL;
- if (dofail)
- exit(1);
- return -1;
- }
- errno = -((struct nlmsgerr*)(hdr + 1))->error;
- return -errno;
- }
- static int netlink_query_family_id(struct nlmsg* nlmsg, int sock,
- const char* family_name, bool dofail)
- {
- struct genlmsghdr genlhdr;
- memset(&genlhdr, 0, sizeof(genlhdr));
- genlhdr.cmd = CTRL_CMD_GETFAMILY;
- netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr));
- netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name,
- strnlen(family_name, GENL_NAMSIZ - 1) + 1);
- int n = 0;
- int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail);
- if (err < 0) {
- return -1;
- }
- uint16_t id = 0;
- struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN +
- NLMSG_ALIGN(sizeof(genlhdr)));
- for (; (char*)attr < nlmsg->buf + n;
- attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) {
- if (attr->nla_type == CTRL_ATTR_FAMILY_ID) {
- id = *(uint16_t*)(attr + 1);
- break;
- }
- }
- if (!id) {
- errno = EINVAL;
- return -1;
- }
- recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0);
- return id;
- }
- static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2)
- {
- if (a0 == 0xc || a0 == 0xb) {
- char buf[128];
- sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
- (uint8_t)a2);
- return open(buf, O_RDWR, 0);
- } else {
- char buf[1024];
- char* hash;
- strncpy(buf, (char*)a0, sizeof(buf) - 1);
- buf[sizeof(buf) - 1] = 0;
- while ((hash = strchr(buf, '#'))) {
- *hash = '0' + (char)(a1 % 10);
- a1 /= 10;
- }
- return open(buf, a2, 0);
- }
- }
- static long syz_open_procfs(volatile long a0, volatile long a1)
- {
- char buf[128];
- memset(buf, 0, sizeof(buf));
- if (a0 == 0) {
- snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1);
- } else if (a0 == -1) {
- snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1);
- } else {
- snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1);
- }
- int fd = open(buf, O_RDWR);
- if (fd == -1)
- fd = open(buf, O_RDONLY);
- return fd;
- }
- static long syz_genetlink_get_family_id(volatile long name,
- volatile long sock_arg)
- {
- int fd = sock_arg;
- if (fd < 0) {
- fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC);
- if (fd == -1) {
- return -1;
- }
- }
- struct nlmsg nlmsg_tmp;
- int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, false);
- if ((int)sock_arg < 0)
- close(fd);
- if (ret < 0) {
- return -1;
- }
- return ret;
- }
- //% This code is derived from puff.{c,h}, found in the zlib development. The
- //% original files come with the following copyright notice:
- //% Copyright (C) 2002-2013 Mark Adler, all rights reserved
- //% version 2.3, 21 Jan 2013
- //% This software is provided 'as-is', without any express or implied
- //% warranty. In no event will the author be held liable for any damages
- //% arising from the use of this software.
- //% Permission is granted to anyone to use this software for any purpose,
- //% including commercial applications, and to alter it and redistribute it
- //% freely, subject to the following restrictions:
- //% 1. The origin of this software must not be misrepresented; you must not
- //% claim that you wrote the original software. If you use this software
- //% in a product, an acknowledgment in the product documentation would be
- //% appreciated but is not required.
- //% 2. Altered source versions must be plainly marked as such, and must not be
- //% misrepresented as being the original software.
- //% 3. This notice may not be removed or altered from any source distribution.
- //% Mark Adler [email protected]
- //% BEGIN CODE DERIVED FROM puff.{c,h}
- #define MAXBITS 15
- #define MAXLCODES 286
- #define MAXDCODES 30
- #define MAXCODES (MAXLCODES + MAXDCODES)
- #define FIXLCODES 288
- struct puff_state {
- unsigned char* out;
- unsigned long outlen;
- unsigned long outcnt;
- const unsigned char* in;
- unsigned long inlen;
- unsigned long incnt;
- int bitbuf;
- int bitcnt;
- jmp_buf env;
- };
- static int puff_bits(struct puff_state* s, int need)
- {
- long val = s->bitbuf;
- while (s->bitcnt < need) {
- if (s->incnt == s->inlen)
- longjmp(s->env, 1);
- val |= (long)(s->in[s->incnt++]) << s->bitcnt;
- s->bitcnt += 8;
- }
- s->bitbuf = (int)(val >> need);
- s->bitcnt -= need;
- return (int)(val & ((1L << need) - 1));
- }
- static int puff_stored(struct puff_state* s)
- {
- s->bitbuf = 0;
- s->bitcnt = 0;
- if (s->incnt + 4 > s->inlen)
- return 2;
- unsigned len = s->in[s->incnt++];
- len |= s->in[s->incnt++] << 8;
- if (s->in[s->incnt++] != (~len & 0xff) ||
- s->in[s->incnt++] != ((~len >> 8) & 0xff))
- return -2;
- if (s->incnt + len > s->inlen)
- return 2;
- if (s->outcnt + len > s->outlen)
- return 1;
- for (; len--; s->outcnt++, s->incnt++) {
- if (s->in[s->incnt])
- s->out[s->outcnt] = s->in[s->incnt];
- }
- return 0;
- }
- struct puff_huffman {
- short* count;
- short* symbol;
- };
- static int puff_decode(struct puff_state* s, const struct puff_huffman* h)
- {
- int first = 0;
- int index = 0;
- int bitbuf = s->bitbuf;
- int left = s->bitcnt;
- int code = first = index = 0;
- int len = 1;
- short* next = h->count + 1;
- while (1) {
- while (left--) {
- code |= bitbuf & 1;
- bitbuf >>= 1;
- int count = *next++;
- if (code - count < first) {
- s->bitbuf = bitbuf;
- s->bitcnt = (s->bitcnt - len) & 7;
- return h->symbol[index + (code - first)];
- }
- index += count;
- first += count;
- first <<= 1;
- code <<= 1;
- len++;
- }
- left = (MAXBITS + 1) - len;
- if (left == 0)
- break;
- if (s->incnt == s->inlen)
- longjmp(s->env, 1);
- bitbuf = s->in[s->incnt++];
- if (left > 8)
- left = 8;
- }
- return -10;
- }
- static int puff_construct(struct puff_huffman* h, const short* length, int n)
- {
- int len;
- for (len = 0; len <= MAXBITS; len++)
- h->count[len] = 0;
- int symbol;
- for (symbol = 0; symbol < n; symbol++)
- (h->count[length[symbol]])++;
- if (h->count[0] == n)
- return 0;
- int left = 1;
- for (len = 1; len <= MAXBITS; len++) {
- left <<= 1;
- left -= h->count[len];
- if (left < 0)
- return left;
- }
- short offs[MAXBITS + 1];
- offs[1] = 0;
- for (len = 1; len < MAXBITS; len++)
- offs[len + 1] = offs[len] + h->count[len];
- for (symbol = 0; symbol < n; symbol++)
- if (length[symbol] != 0)
- h->symbol[offs[length[symbol]]++] = symbol;
- return left;
- }
- static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode,
- const struct puff_huffman* distcode)
- {
- static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13,
- 15, 17, 19, 23, 27, 31, 35, 43, 51, 59,
- 67, 83, 99, 115, 131, 163, 195, 227, 258};
- static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2,
- 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0};
- static const short dists[30] = {
- 1, 2, 3, 4, 5, 7, 9, 13, 17, 25,
- 33, 49, 65, 97, 129, 193, 257, 385, 513, 769,
- 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577};
- static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3,
- 4, 4, 5, 5, 6, 6, 7, 7, 8, 8,
- 9, 9, 10, 10, 11, 11, 12, 12, 13, 13};
- int symbol;
- do {
- symbol = puff_decode(s, lencode);
- if (symbol < 0)
- return symbol;
- if (symbol < 256) {
- if (s->outcnt == s->outlen)
- return 1;
- if (symbol)
- s->out[s->outcnt] = symbol;
- s->outcnt++;
- } else if (symbol > 256) {
- symbol -= 257;
- if (symbol >= 29)
- return -10;
- int len = lens[symbol] + puff_bits(s, lext[symbol]);
- symbol = puff_decode(s, distcode);
- if (symbol < 0)
- return symbol;
- unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]);
- if (dist > s->outcnt)
- return -11;
- if (s->outcnt + len > s->outlen)
- return 1;
- while (len--) {
- if (dist <= s->outcnt && s->out[s->outcnt - dist])
- s->out[s->outcnt] = s->out[s->outcnt - dist];
- s->outcnt++;
- }
- }
- } while (symbol != 256);
- return 0;
- }
- static int puff_fixed(struct puff_state* s)
- {
- static int virgin = 1;
- static short lencnt[MAXBITS + 1], lensym[FIXLCODES];
- static short distcnt[MAXBITS + 1], distsym[MAXDCODES];
- static struct puff_huffman lencode, distcode;
- if (virgin) {
- lencode.count = lencnt;
- lencode.symbol = lensym;
- distcode.count = distcnt;
- distcode.symbol = distsym;
- short lengths[FIXLCODES];
- int symbol;
- for (symbol = 0; symbol < 144; symbol++)
- lengths[symbol] = 8;
- for (; symbol < 256; symbol++)
- lengths[symbol] = 9;
- for (; symbol < 280; symbol++)
- lengths[symbol] = 7;
- for (; symbol < FIXLCODES; symbol++)
- lengths[symbol] = 8;
- puff_construct(&lencode, lengths, FIXLCODES);
- for (symbol = 0; symbol < MAXDCODES; symbol++)
- lengths[symbol] = 5;
- puff_construct(&distcode, lengths, MAXDCODES);
- virgin = 0;
- }
- return puff_codes(s, &lencode, &distcode);
- }
- static int puff_dynamic(struct puff_state* s)
- {
- static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5,
- 11, 4, 12, 3, 13, 2, 14, 1, 15};
- int nlen = puff_bits(s, 5) + 257;
- int ndist = puff_bits(s, 5) + 1;
- int ncode = puff_bits(s, 4) + 4;
- if (nlen > MAXLCODES || ndist > MAXDCODES)
- return -3;
- short lengths[MAXCODES];
- int index;
- for (index = 0; index < ncode; index++)
- lengths[order[index]] = puff_bits(s, 3);
- for (; index < 19; index++)
- lengths[order[index]] = 0;
- short lencnt[MAXBITS + 1], lensym[MAXLCODES];
- struct puff_huffman lencode = {lencnt, lensym};
- int err = puff_construct(&lencode, lengths, 19);
- if (err != 0)
- return -4;
- index = 0;
- while (index < nlen + ndist) {
- int symbol;
- int len;
- symbol = puff_decode(s, &lencode);
- if (symbol < 0)
- return symbol;
- if (symbol < 16)
- lengths[index++] = symbol;
- else {
- len = 0;
- if (symbol == 16) {
- if (index == 0)
- return -5;
- len = lengths[index - 1];
- symbol = 3 + puff_bits(s, 2);
- } else if (symbol == 17)
- symbol = 3 + puff_bits(s, 3);
- else
- symbol = 11 + puff_bits(s, 7);
- if (index + symbol > nlen + ndist)
- return -6;
- while (symbol--)
- lengths[index++] = len;
- }
- }
- if (lengths[256] == 0)
- return -9;
- err = puff_construct(&lencode, lengths, nlen);
- if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1]))
- return -7;
- short distcnt[MAXBITS + 1], distsym[MAXDCODES];
- struct puff_huffman distcode = {distcnt, distsym};
- err = puff_construct(&distcode, lengths + nlen, ndist);
- if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1]))
- return -8;
- return puff_codes(s, &lencode, &distcode);
- }
- static int puff(unsigned char* dest, unsigned long* destlen,
- const unsigned char* source, unsigned long sourcelen)
- {
- struct puff_state s = {
- .out = dest,
- .outlen = *destlen,
- .outcnt = 0,
- .in = source,
- .inlen = sourcelen,
- .incnt = 0,
- .bitbuf = 0,
- .bitcnt = 0,
- };
- int err;
- if (setjmp(s.env) != 0)
- err = 2;
- else {
- int last;
- do {
- last = puff_bits(&s, 1);
- int type = puff_bits(&s, 2);
- err = type == 0 ? puff_stored(&s)
- : (type == 1 ? puff_fixed(&s)
- : (type == 2 ? puff_dynamic(&s) : -1));
- if (err != 0)
- break;
- } while (!last);
- }
- *destlen = s.outcnt;
- return err;
- }
- //% END CODE DERIVED FROM puff.{c,h}
- #define ZLIB_HEADER_WIDTH 2
- static int puff_zlib_to_file(const unsigned char* source,
- unsigned long sourcelen, int dest_fd)
- {
- if (sourcelen < ZLIB_HEADER_WIDTH)
- return 0;
- source += ZLIB_HEADER_WIDTH;
- sourcelen -= ZLIB_HEADER_WIDTH;
- const unsigned long max_destlen = 132 << 20;
- void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ,
- MAP_PRIVATE | MAP_ANON, -1, 0);
- if (ret == MAP_FAILED)
- return -1;
- unsigned char* dest = (unsigned char*)ret;
- unsigned long destlen = max_destlen;
- int err = puff(dest, &destlen, source, sourcelen);
- if (err) {
- munmap(dest, max_destlen);
- errno = -err;
- return -1;
- }
- if (write(dest_fd, dest, destlen) != (ssize_t)destlen) {
- munmap(dest, max_destlen);
- return -1;
- }
- return munmap(dest, max_destlen);
- }
- static int setup_loop_device(unsigned char* data, unsigned long size,
- const char* loopname, int* loopfd_p)
- {
- int err = 0, loopfd = -1;
- int memfd = syscall(__NR_memfd_create, "syzkaller", 0);
- if (memfd == -1) {
- err = errno;
- goto error;
- }
- if (puff_zlib_to_file(data, size, memfd)) {
- err = errno;
- goto error_close_memfd;
- }
- loopfd = open(loopname, O_RDWR);
- if (loopfd == -1) {
- err = errno;
- goto error_close_memfd;
- }
- if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
- if (errno != EBUSY) {
- err = errno;
- goto error_close_loop;
- }
- ioctl(loopfd, LOOP_CLR_FD, 0);
- usleep(1000);
- if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
- err = errno;
- goto error_close_loop;
- }
- }
- close(memfd);
- *loopfd_p = loopfd;
- return 0;
- error_close_loop:
- close(loopfd);
- error_close_memfd:
- close(memfd);
- error:
- errno = err;
- return -1;
- }
- static void reset_loop_device(const char* loopname)
- {
- int loopfd = open(loopname, O_RDWR);
- if (loopfd == -1) {
- return;
- }
- if (ioctl(loopfd, LOOP_CLR_FD, 0)) {
- }
- close(loopfd);
- }
- static long syz_mount_image(volatile long fsarg, volatile long dir,
- volatile long flags, volatile long optsarg,
- volatile long change_dir,
- volatile unsigned long size, volatile long image)
- {
- unsigned char* data = (unsigned char*)image;
- int res = -1, err = 0, need_loop_device = !!size;
- char* mount_opts = (char*)optsarg;
- char* target = (char*)dir;
- char* fs = (char*)fsarg;
- char* source = NULL;
- char loopname[64];
- if (need_loop_device) {
- int loopfd;
- memset(loopname, 0, sizeof(loopname));
- snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
- if (setup_loop_device(data, size, loopname, &loopfd) == -1)
- return -1;
- close(loopfd);
- source = loopname;
- }
- mkdir(target, 0777);
- char opts[256];
- memset(opts, 0, sizeof(opts));
- if (strlen(mount_opts) > (sizeof(opts) - 32)) {
- }
- strncpy(opts, mount_opts, sizeof(opts) - 32);
- if (strcmp(fs, "iso9660") == 0) {
- flags |= MS_RDONLY;
- } else if (strncmp(fs, "ext", 3) == 0) {
- bool has_remount_ro = false;
- char* remount_ro_start = strstr(opts, "errors=remount-ro");
- if (remount_ro_start != NULL) {
- char after = *(remount_ro_start + strlen("errors=remount-ro"));
- char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1);
- has_remount_ro = ((before == '\0' || before == ',') &&
- (after == '\0' || after == ','));
- }
- if (strstr(opts, "errors=panic") || !has_remount_ro)
- strcat(opts, ",errors=continue");
- } else if (strcmp(fs, "xfs") == 0) {
- strcat(opts, ",nouuid");
- }
- res = mount(source, target, fs, flags, opts);
- if (res == -1) {
- err = errno;
- goto error_clear_loop;
- }
- res = open(target, O_RDONLY | O_DIRECTORY);
- if (res == -1) {
- err = errno;
- goto error_clear_loop;
- }
- if (change_dir) {
- res = chdir(target);
- if (res == -1) {
- err = errno;
- }
- }
- error_clear_loop:
- if (need_loop_device)
- reset_loop_device(loopname);
- errno = err;
- return res;
- }
- uint64_t r[83] = {0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0x0,
- 0x0,
- 0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0x0,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff,
- 0xffffffffffffffff};
- int main(void)
- {
- syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
- /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
- /*offset=*/0ul);
- syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
- /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
- /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
- /*offset=*/0ul);
- syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
- /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
- /*offset=*/0ul);
- const char* reason;
- (void)reason;
- intptr_t res = 0;
- if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
- }
- res =
- syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x8903, /*arg=*/0x200000000140ul);
- if (res != -1)
- r[0] = *(uint32_t*)0x200000000140;
- *(uint32_t*)0x200000000000 = 2;
- *(uint32_t*)0x200000000004 = 0x80;
- *(uint8_t*)0x200000000008 = 0xb9;
- *(uint8_t*)0x200000000009 = 0;
- *(uint8_t*)0x20000000000a = 0;
- *(uint8_t*)0x20000000000b = 0;
- *(uint32_t*)0x20000000000c = 0;
- *(uint64_t*)0x200000000010 = 0;
- *(uint64_t*)0x200000000018 = 0x302;
- *(uint64_t*)0x200000000020 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 38, 26);
- *(uint32_t*)0x200000000030 = 0;
- *(uint32_t*)0x200000000034 = 0;
- *(uint64_t*)0x200000000038 = 0;
- *(uint64_t*)0x200000000040 = 0;
- *(uint64_t*)0x200000000048 = 0;
- *(uint64_t*)0x200000000050 = 0;
- *(uint32_t*)0x200000000058 = 0;
- *(uint32_t*)0x20000000005c = 0;
- *(uint64_t*)0x200000000060 = 0;
- *(uint32_t*)0x200000000068 = 0;
- *(uint16_t*)0x20000000006c = 0;
- *(uint16_t*)0x20000000006e = 0;
- *(uint32_t*)0x200000000070 = 0;
- *(uint32_t*)0x200000000074 = 0;
- *(uint64_t*)0x200000000078 = 0;
- res = syscall(__NR_perf_event_open, /*attr=*/0x200000000000ul, /*pid=*/r[0],
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- if (res != -1)
- r[1] = res;
- *(uint32_t*)0x2000000011c0 = 0;
- *(uint32_t*)0x2000000011c4 = 0;
- *(uint32_t*)0x2000000011c8 = 0;
- *(uint32_t*)0x2000000011cc = 0;
- *(uint32_t*)0x2000000011d0 = 0;
- *(uint32_t*)0x2000000011d4 = 0;
- syscall(__NR_getgroups, /*size=*/6ul, /*list=*/0x2000000011c0ul);
- res = syscall(__NR_socket, /*domain=*/0xaul, /*type=SOCK_CLOEXEC*/ 0x80000ul,
- /*proto=*/4);
- if (res != -1)
- r[2] = res;
- *(uint32_t*)0x200000000100 = 0;
- syscall(__NR_setsockopt, /*fd=*/r[2], /*level=*/0x29,
- /*optname=IPV6_MULTICAST_HOPS*/ 0x12, /*optval=*/0x200000000100ul,
- /*optlen=*/3ul);
- syscall(__NR_setreuid, /*ruid=*/0, /*euid=*/0xee00);
- res = syscall(__NR_epoll_create1, /*flags=*/0ul);
- if (res != -1)
- r[3] = res;
- *(uint32_t*)0x20000025c000 = 2;
- *(uint32_t*)0x20000025c004 = 0x80;
- *(uint8_t*)0x20000025c008 = 0x15;
- *(uint8_t*)0x20000025c009 = 1;
- *(uint8_t*)0x20000025c00a = 0;
- *(uint8_t*)0x20000025c00b = 6;
- *(uint32_t*)0x20000025c00c = 0;
- *(uint64_t*)0x20000025c010 = 1;
- *(uint64_t*)0x20000025c018 = 0;
- *(uint64_t*)0x20000025c020 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0x8000, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000025c028, 0, 38, 26);
- *(uint32_t*)0x20000025c030 = 0;
- *(uint32_t*)0x20000025c034 = 2;
- *(uint64_t*)0x20000025c038 = 0xfff;
- *(uint64_t*)0x20000025c040 = 0;
- *(uint64_t*)0x20000025c048 = 0;
- *(uint64_t*)0x20000025c050 = 0;
- *(uint32_t*)0x20000025c058 = 0x2000000;
- *(uint32_t*)0x20000025c05c = 0;
- *(uint64_t*)0x20000025c060 = 0;
- *(uint32_t*)0x20000025c068 = 0;
- *(uint16_t*)0x20000025c06c = 0;
- *(uint16_t*)0x20000025c06e = 0;
- *(uint32_t*)0x20000025c070 = 0;
- *(uint32_t*)0x20000025c074 = 0;
- *(uint64_t*)0x20000025c078 = 0x1000000000000000;
- res = syscall(__NR_perf_event_open, /*attr=*/0x20000025c000ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/r[1], /*flags=*/0ul);
- if (res != -1)
- r[4] = res;
- *(uint32_t*)0x20000001d000 = 1;
- *(uint32_t*)0x20000001d004 = 0x80;
- *(uint8_t*)0x20000001d008 = 0x10;
- *(uint8_t*)0x20000001d009 = 0x40;
- *(uint8_t*)0x20000001d00a = 0;
- *(uint8_t*)0x20000001d00b = 0;
- *(uint32_t*)0x20000001d00c = 0;
- *(uint64_t*)0x20000001d010 = 0;
- *(uint64_t*)0x20000001d018 = 2;
- *(uint64_t*)0x20000001d020 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 38, 26);
- *(uint32_t*)0x20000001d030 = 0;
- *(uint32_t*)0x20000001d034 = 0;
- *(uint64_t*)0x20000001d038 = 0x200000000000;
- *(uint64_t*)0x20000001d040 = 2;
- *(uint64_t*)0x20000001d048 = 0;
- *(uint64_t*)0x20000001d050 = 0;
- *(uint32_t*)0x20000001d058 = 0;
- *(uint32_t*)0x20000001d05c = 2;
- *(uint64_t*)0x20000001d060 = 0;
- *(uint32_t*)0x20000001d068 = 0;
- *(uint16_t*)0x20000001d06c = 0;
- *(uint16_t*)0x20000001d06e = 0;
- *(uint32_t*)0x20000001d070 = 0;
- *(uint32_t*)0x20000001d074 = 0;
- *(uint64_t*)0x20000001d078 = 0;
- res = syscall(__NR_perf_event_open, /*attr=*/0x20000001d000ul, /*pid=*/r[0],
- /*cpu=*/-1, /*group=*/-1, /*flags=PERF_FLAG_FD_NO_GROUP*/ 1ul);
- if (res != -1)
- r[5] = res;
- syscall(__NR_mmap, /*addr=*/0x200000ffc000ul, /*len=*/0x3000ul,
- /*prot=PROT_GROWSUP*/ 0x2000000ul,
- /*flags=MAP_UNINITIALIZED|MAP_FIXED*/ 0x4000010ul, /*fd=*/r[5],
- /*offset=*/0ul);
- syscall(__NR_ioctl, /*fd=*/r[4], /*cmd=*/0x2405, /*other=*/r[5]);
- *(uint32_t*)0x200000000100 = 1;
- *(uint32_t*)0x200000000104 = 0x80;
- *(uint8_t*)0x200000000108 = 0;
- *(uint8_t*)0x200000000109 = 0x10;
- *(uint8_t*)0x20000000010a = 0;
- *(uint8_t*)0x20000000010b = 0;
- *(uint32_t*)0x20000000010c = 0;
- *(uint64_t*)0x200000000110 = 7;
- *(uint64_t*)0x200000000118 = 0;
- *(uint64_t*)0x200000000120 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000128, 0, 38, 26);
- *(uint32_t*)0x200000000130 = 0;
- *(uint32_t*)0x200000000134 = 0;
- *(uint64_t*)0x200000000138 = 0x200000000000;
- *(uint64_t*)0x200000000140 = 0;
- *(uint64_t*)0x200000000148 = 0x10;
- *(uint64_t*)0x200000000150 = 0;
- *(uint32_t*)0x200000000158 = 0;
- *(uint32_t*)0x20000000015c = 0;
- *(uint64_t*)0x200000000160 = 0;
- *(uint32_t*)0x200000000168 = 0;
- *(uint16_t*)0x20000000016c = 0;
- *(uint16_t*)0x20000000016e = 0;
- *(uint32_t*)0x200000000170 = 0;
- *(uint32_t*)0x200000000174 = 0;
- *(uint64_t*)0x200000000178 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000100ul, /*pid=*/0,
- /*cpu=*/-1, /*group=*/-1, /*flags=*/0ul);
- syscall(
- __NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xff5000ul, /*prot=*/0ul,
- /*flags=MAP_POPULATE|MAP_NORESERVE|MAP_NONBLOCK|MAP_HUGETLB|MAP_FIXED|0x2000000000821*/
- 0x200000005c831ul, /*fd=*/-1, /*offset=*/0ul);
- syscall(__NR_mprotect, /*addr=*/0x200000000000ul, /*len=*/0x800000ul,
- /*prot=PROT_SEM|PROT_WRITE*/ 0xaul);
- *(uint64_t*)0x2000000000c0 = 0;
- *(uint32_t*)0x2000000000c8 = 0x12;
- *(uint32_t*)0x2000000000cc = 0;
- *(uint64_t*)0x2000000000d0 = 0;
- *(uint64_t*)0x2000000000d8 = 0;
- syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x2000000000c0ul,
- /*timerid=*/0x200000000080ul);
- *(uint64_t*)0x200000000000 = 0;
- *(uint32_t*)0x200000000008 = 0x14;
- *(uint32_t*)0x20000000000c = 0;
- *(uint64_t*)0x200000000010 = 0;
- *(uint64_t*)0x200000000018 = 0;
- res = syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x200000000000ul,
- /*timerid=*/0x200000000200ul);
- if (res != -1)
- r[6] = *(uint32_t*)0x200000000200;
- *(uint64_t*)0x200000000180 = 0;
- *(uint64_t*)0x200000000188 = 0;
- *(uint64_t*)0x200000000190 = 0;
- *(uint64_t*)0x200000000198 = 0x1c9c380;
- syscall(__NR_timer_settime, /*timerid=*/0, /*flags=TIMER_ABSTIME*/ 1ul,
- /*new=*/0x200000000180ul, /*old=*/0ul);
- *(uint64_t*)0x200000000140 = 0;
- *(uint64_t*)0x200000000148 = 0x989680;
- *(uint64_t*)0x200000000150 = 0;
- *(uint64_t*)0x200000000158 = 0x1c9c380;
- syscall(__NR_timer_settime, /*timerid=*/r[6], /*flags=*/0ul,
- /*new=*/0x200000000140ul, /*old=*/0ul);
- *(uint32_t*)0x200000000240 = 1;
- syscall(__NR_futex, /*addr=*/0x200000000240ul, /*op=FUTEX_LOCK_PI*/ 6ul,
- /*val=*/0, /*timeout=*/0ul, /*addr2=*/0ul, /*val3=*/0);
- syscall(__NR_openat, /*fd=*/-1, /*file=*/0ul, /*flags=*/0, /*mode=*/0);
- syscall(__NR_getpid);
- syscall(__NR_timer_gettime, /*timerid=*/r[6], /*setting=*/0ul);
- *(uint64_t*)0x200000000100 = 0;
- memcpy((void*)0x200000000108,
- "\x3c\xc0\x9b\x27\xb1\xbc\x34\x4e\x52\x71\x28\xf0\x68\xfc\x41\x3e",
- 16);
- *(uint64_t*)0x200000000118 = 0;
- *(uint64_t*)0x200000000120 = 0;
- memset((void*)0x200000000128, 0, 3032);
- memset((void*)0x200000000d00, 0, 1024);
- syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0xd000941e, /*arg=*/0x200000000100ul);
- memcpy((void*)0x200000000040, "/sys/kernel/oops_count", 22);
- res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
- /*dir=*/0x200000000040ul, /*flags=*/0, /*mode=*/0);
- if (res != -1)
- r[7] = res;
- *(uint32_t*)0x200000000080 = 0;
- *(uint64_t*)0x200000000084 = 0;
- syscall(__NR_epoll_ctl, /*epfd=*/r[3], /*op=*/1ul, /*fd=*/r[7],
- /*ev=*/0x200000000080ul);
- memcpy((void*)0x2000000000c0, "&\000", 2);
- *(uint64_t*)0x200000000180 = 0x1ff;
- *(uint64_t*)0x200000000188 = 1;
- *(uint64_t*)0x200000000190 = 0xffffefff;
- *(uint64_t*)0x200000000198 = 0x66;
- memset((void*)0x2000000001a0, 0, 32);
- syscall(__NR_mq_open, /*name=*/0x2000000000c0ul, /*flags=O_RDWR*/ 2ul,
- /*mode=S_IXGRP|S_IWGRP|S_IRGRP*/ 0x38ul, /*attr=*/0x200000000180ul);
- *(uint64_t*)0x200000000180 = 0x200000000080;
- memcpy((void*)0x200000000080,
- "\x39\x00\x00\x00\x13\x00\x03\x47\x00\xbb\x65\xe1\xc3\xe4\xff\xff\x01"
- "\x00\x00\x00\x01",
- 21);
- *(uint64_t*)0x200000000188 = 0x15;
- syscall(__NR_writev, /*fd=*/-1, /*vec=*/0x200000000180ul, /*vlen=*/1ul);
- res = syscall(__NR_socket, /*domain=*/0xaul, /*type=SOCK_DGRAM*/ 2ul,
- /*proto=*/0);
- if (res != -1)
- r[8] = res;
- syscall(__NR_setsockopt, /*fd=*/r[8], /*level=*/0x29, /*optname=*/0x14,
- /*optval=*/0ul, /*optlen=*/0x46ul);
- syscall(__NR_socket, /*domain=AF_NETLINK*/ 0x10ul, /*type=SOCK_RAW*/ 3ul,
- /*proto=*/0x1f);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/0);
- memcpy((void*)0x200000000200, "./bus\000", 6);
- res = syscall(__NR_creat, /*file=*/0x200000000200ul, /*mode=*/0ul);
- if (res != -1)
- r[9] = res;
- memcpy((void*)0x200000000040, "./bus\000", 6);
- res = syscall(__NR_creat, /*file=*/0x200000000040ul, /*mode=*/0ul);
- if (res != -1)
- r[10] = res;
- memcpy((void*)0x200000000000, "/dev/loop#\000", 11);
- res = -1;
- res = syz_open_dev(/*dev=*/0x200000000000, /*id=*/0x100, /*flags=*/0);
- if (res != -1)
- r[11] = res;
- syscall(__NR_ioctl, /*fd=*/r[11], /*cmd=*/0x1274, /*arg=*/0ul);
- syscall(__NR_fallocate, /*fd=*/r[10], /*mode=FALLOC_FL_KEEP_SIZE*/ 1ul,
- /*off=*/0ul, /*len=*/0xc000000ul);
- *(uint64_t*)0x200000000500 = 0x200000000580;
- memset((void*)0x200000000580, 153, 1);
- *(uint64_t*)0x200000000508 = 1;
- syscall(__NR_writev, /*fd=*/r[10], /*vec=*/0x200000000500ul, /*vlen=*/1ul);
- syscall(__NR_fallocate, /*fd=*/r[9], /*mode=FALLOC_FL_INSERT_RANGE*/ 0x20ul,
- /*off=*/0ul, /*len=*/0xffff77ff000ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- memcpy((void*)0x200000000140, "msdos\000", 6);
- memcpy((void*)0x200000000180, "./file0\000", 8);
- memcpy(
- (void*)0x200000000400,
- "\x6e\x6f\x64\x6f\x74\x73\x2c\x66\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30"
- "\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x33\x35\x37\x30\x34\x2c"
- "\x64\x6f\x73\x31\x78\x66\x6c\x6f\x70\x70\x79\x2c\x73\x68\x6f\x77\x65\x78"
- "\x65\x63\x2c\x64\x6f\x74\x73\x2c\x64\x6f\x74\x73\x2c\x64\x6f\x74\x73\x2c"
- "\x6e\x6f\x64\x6f\x74\x73\x2c\x71\x75\x69\x65\x74\x2c\x6e\x6f\x64\x6f\x74"
- "\x73\x2c\x6e\x6f\x64\x6f\x74\x73\x2c\x63\x68\x65\x63\x6b\x3d\x72\x65\x6c"
- "\x61\x78\x65\x64\x2c\x64\x6f\x74\x73\x2c\x00\xff\x95\x6c\x49\x5f\x61\x73"
- "\x56\x6d\xd9\x82\x63\xe8\x35\x83\xd4\x80\xb6\x47\xbb\x87\x96\xe2\x79\xc9"
- "\xc7\x2c\x1d\x3d\x86\xa0\xfc\x98\x01\xb6\xdc\xf1\xe9\x90\xe3\x32\xbd\xab"
- "\xca\x6e\x40\x98\x2b\xc1\x74\x1d\xf3\xd7\xf9\xe2\x9e\x68\xbc\x24\x34\xaa"
- "\xa9\xef\x1c\xe1\x40\xd6\xd4\x93\xbc\xa5\x72\x81\x46\x17\x3a\x02\x82\xbf"
- "\xb9\xec\xfb\xac\xa4\x17\x2e\xd7\x75\xf6\xb1\xd8\x8e\x5f\xbd\x09\x1f\xe8"
- "\x52\x16\x22\x1b\xcd\x4a\x9b\x74\x85\xe9\x6e\x88\x06\xb9\xbf\x7f\x2c\xa2"
- "\xdd\x9e\x53\x23\xa6\x54\x8b\xfc\x72\x7c\xab\x84\xac\x98\x87\x5c\x0f\x09"
- "\xec\x6a\xf8\x38\x3c\xbb\x94\x85\x1c\x82\xf6\x0a\x85\x81\x62\x06\x9d\x7e"
- "\xfd\x82\x75\x12\xab\x8a\xfe\xe2\x81\xa3\x77\x0b\x30\x27\xee\x18\x81\xff"
- "\x4f\x98\x3c\x30\x8b\xb8\x4d\xfe\x53\x75\x51\x01\x7d\x0f\x67\xdd\x62\x32"
- "\x72\x57\xf3\x7d\xb9\x7b\xf9\xb3\x0a\xe9\xb4\x50\xa1\x13\xbd\x65\x0e\x87"
- "\x50\xf7\xa0\x3e\x7a\xd2\x86\xca\xe6\x19\xcc\x49\x2f\x47\xce\xe1\xab\x4e"
- "\x9f\xc1\x86\x13\x83\x53\xff\x1e\xb7\xbd\xe0\x53\x9d\x46\x66\x7a\x37\xe0"
- "\x15\x67\xf8\xbe\xbd\xc8\x98\x4e\x9c\x71\x87\x3a\xe6\xcd\xf1\x7e\x9d\x07"
- "\x41\x2d\x5a\xe4\xea\x69\x04\x1f\xea\x25\x84\xb0\xa9\x1c\x43\xcd\xa3\x20"
- "\x54\xf3\xca\x7c\x51\x3a\x55\x99\x62\x07\x9c\x96\xc0\x4c\xc4\xb2\x40\xb8"
- "\x7c\x2d\x35\xe8\x78\x28\x6f\x81\x4f\x2c\x66\x90\x14\x4a\x9a\x07\xfa\xf0"
- "\x29\xf0\xbf\x8e\x62\xff\x93\x0f\xaf\x52\x50\x6a\x0e\xf8\xdd\xc2\xa4\x3d"
- "\x67\x0c\xb7\xe5\x01\x7a\x19\x00",
- 458);
- memcpy(
- (void*)0x200000000200,
- "\x78\x9c\xec\xdb\x31\x4b\x1b\x61\x18\x07\xf0\x27\x69\xda\xa6\xed\x92\xb9"
- "\x74\x38\xe8\xd2\x29\xb4\xa5\x1f\xa0\xa5\x44\x10\x0f\x04\x25\x83\x4e\x0a"
- "\xd1\x25\x11\xc1\x2c\xa7\x53\x3e\x8a\x5f\x50\x90\x4c\xd9\x5e\xd1\xd3\x44"
- "\x43\x32\x38\x24\x07\xe6\xf7\x5b\xee\x0f\x7f\x0e\xde\x67\xb8\x3b\xde\x83"
- "\xf7\xe8\xdb\x59\xbf\x77\x3e\x3c\x1d\xfc\x19\x47\xb3\x56\x8b\xfa\xdf\xc8"
- "\x62\x52\x8b\x56\xd4\xe3\xc9\x28\x00\x80\xb7\x64\x92\x52\xdc\xa6\x94\xd2"
- "\xc7\x51\x7c\xba\x8e\x94\x52\xd5\x2b\x02\x00\x56\xcd\xf7\x1f\x00\x36\xcf"
- "\xfe\xc1\xe1\xce\xbf\x3c\xef\xec\x65\x59\x33\xe2\x66\x54\x74\x8b\x6e\x79"
- "\x2d\xfb\xad\xed\xbc\xf3\x33\x7b\xd0\x9a\xdd\x35\x2e\x8a\xee\xbb\x69\xff"
- "\xab\xec\xb3\x97\xfd\xfb\xf8\xfc\xd8\xff\x5e\xd8\x7f\x88\x1f\xdf\xcb\xfe"
- "\xbe\xfb\xbf\x9b\xcf\xf5\x5f\xa2\xb7\xfa\xf1\x01\x00\x00\x60\x23\xb4\xb3"
- "\xa9\x85\xfb\xfb\x76\x7b\x59\x5f\xa6\x67\xff\x07\xe6\xf6\xef\x8d\xf8\xda"
- "\x58\xdb\x18\x00\xc0\x2b\x0c\x2f\xaf\xfa\xc7\x83\xc1\xc9\x85\x20\x08\xc2"
- "\x34\x54\xfd\x66\x02\x56\x6d\xf6\xd0\x57\xbd\x12\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x60\x99\x75\x1c\x27\xaa\x7a\x46\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x36\xcf\x5d\x00"
- "\x00\x00\xff\xff\x0c\x2e\x39\xe7",
- 314);
- syz_mount_image(/*fs=*/0x200000000140, /*dir=*/0x200000000180, /*flags=*/0,
- /*opts=*/0x200000000400, /*chdir=*/1, /*size=*/0x13a,
- /*img=*/0x200000000200);
- memcpy((void*)0x200000000000, "./bus\000", 6);
- res = syscall(
- __NR_open, /*file=*/0x200000000000ul,
- /*flags=O_SYNC|O_NONBLOCK|O_NOATIME|O_LARGEFILE|O_CREAT|0x2*/ 0x149842ul,
- /*mode=*/0ul);
- if (res != -1)
- r[12] = res;
- syscall(__NR_mmap, /*addr=*/0x200000002000ul, /*len=*/0x4000ul, /*prot=*/0ul,
- /*flags=MAP_LOCKED|MAP_FIXED|MAP_DENYWRITE|0x2*/ 0x2812ul,
- /*fd=*/r[12], /*offset=*/0ul);
- memcpy((void*)0x200000000100, "target default\000", 15);
- syscall(__NR_write, /*fd=*/r[12], /*data=*/0x200000000100ul, /*len=*/0xful);
- *(uint32_t*)0x200000000200 = 9;
- *(uint32_t*)0x200000000204 = 0x80;
- *(uint8_t*)0x200000000208 = 0;
- *(uint8_t*)0x200000000209 = 0;
- *(uint8_t*)0x20000000020a = 0;
- *(uint8_t*)0x20000000020b = 0;
- *(uint32_t*)0x20000000020c = 0;
- *(uint64_t*)0x200000000210 = 0;
- *(uint64_t*)0x200000000218 = 0;
- *(uint64_t*)0x200000000220 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 38, 26);
- *(uint32_t*)0x200000000230 = 0;
- *(uint32_t*)0x200000000234 = 0;
- *(uint64_t*)0x200000000238 = 0x200000000000;
- *(uint64_t*)0x200000000240 = 3;
- *(uint64_t*)0x200000000248 = 0;
- *(uint64_t*)0x200000000250 = 0;
- *(uint32_t*)0x200000000258 = 0;
- *(uint32_t*)0x20000000025c = 0;
- *(uint64_t*)0x200000000260 = 0;
- *(uint32_t*)0x200000000268 = 0;
- *(uint16_t*)0x20000000026c = 0;
- *(uint16_t*)0x20000000026e = 0;
- *(uint32_t*)0x200000000270 = 0;
- *(uint32_t*)0x200000000274 = 0;
- *(uint64_t*)0x200000000278 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000200ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- syz_open_procfs(/*pid=*/0, /*file=*/0);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/0x10001);
- syscall(__NR_memfd_create, /*name=*/0x200000000000ul, /*flags=*/0ul);
- syscall(__NR_madvise, /*addr=*/0x200000559000ul, /*len=*/0x1000ul,
- /*advice=*/0ul);
- res = syscall(__NR_socket, /*domain=*/0xaul, /*type=SOCK_DGRAM*/ 2ul,
- /*proto=*/0);
- if (res != -1)
- r[13] = res;
- *(uint32_t*)0x200000000280 = 0;
- syscall(__NR_getsockopt, /*fd=*/-1, /*level=*/1, /*optname=*/0x11,
- /*optval=*/0ul, /*optlen=*/0x200000000280ul);
- *(uint8_t*)0x2000000000c0 = -1;
- *(uint8_t*)0x2000000000c1 = 1;
- memset((void*)0x2000000000c2, 0, 13);
- *(uint8_t*)0x2000000000cf = 1;
- *(uint32_t*)0x2000000000d0 = 0x800;
- *(uint8_t*)0x2000000000d4 = 0;
- *(uint8_t*)0x2000000000d5 = 3;
- *(uint16_t*)0x2000000000d6 = 1;
- *(uint16_t*)0x2000000000d8 = 0;
- *(uint16_t*)0x2000000000da = 0;
- *(uint32_t*)0x2000000000dc = 0;
- syscall(__NR_setsockopt, /*fd=*/r[13], /*level=*/0x29, /*optname=*/0x20,
- /*optval=*/0x2000000000c0ul, /*optlen=*/0x20ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- *(uint32_t*)0x200000000040 = 2;
- *(uint32_t*)0x200000000044 = 0x80;
- *(uint8_t*)0x200000000048 = 0x55;
- *(uint8_t*)0x200000000049 = 1;
- *(uint8_t*)0x20000000004a = 0;
- *(uint8_t*)0x20000000004b = 0;
- *(uint32_t*)0x20000000004c = 0;
- *(uint64_t*)0x200000000050 = 0;
- *(uint64_t*)0x200000000058 = 0;
- *(uint64_t*)0x200000000060 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 38, 26);
- *(uint32_t*)0x200000000070 = 0;
- *(uint32_t*)0x200000000074 = 0;
- *(uint64_t*)0x200000000078 = 0;
- *(uint64_t*)0x200000000080 = 0;
- *(uint64_t*)0x200000000088 = 0;
- *(uint64_t*)0x200000000090 = 0;
- *(uint32_t*)0x200000000098 = 0;
- *(uint32_t*)0x20000000009c = 0;
- *(uint64_t*)0x2000000000a0 = 0;
- *(uint32_t*)0x2000000000a8 = 0;
- *(uint16_t*)0x2000000000ac = 0;
- *(uint16_t*)0x2000000000ae = 0;
- *(uint32_t*)0x2000000000b0 = 0;
- *(uint32_t*)0x2000000000b4 = 0;
- *(uint64_t*)0x2000000000b8 = 0;
- res = syscall(__NR_perf_event_open, /*attr=*/0x200000000040ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- if (res != -1)
- r[14] = res;
- *(uint32_t*)0x200000000000 = 0xe8;
- res = syscall(__NR_getsockopt, /*fd=*/-1, /*level=*/0, /*optname=*/0x11,
- /*optval=*/0x200000000180ul, /*optlen=*/0x200000000000ul);
- if (res != -1)
- r[15] = *(uint32_t*)0x2000000001b4;
- syscall(__NR_quotactl_fd, /*fd=*/r[14],
- /*cmd=Q_GETINFO_GRP*/ 0xffffffff80000501ul, /*id=*/r[15],
- /*addr=*/0x200000000280ul);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/5);
- *(uint32_t*)0x200000048000 = 1;
- syscall(__NR_futex, /*addr=*/0ul, /*op=FUTEX_TRYLOCK_PI*/ 8ul, /*val=*/0,
- /*timeout=*/0ul, /*addr2=*/0x200000048000ul, /*val3=*/0);
- syscall(__NR_prctl, /*option=*/7ul, 0, 0, 0, 0);
- syscall(__NR_ftruncate, /*fd=*/r[14], /*len=*/2ul);
- syscall(__NR_mkdirat, /*fd=*/0xffffff9c, /*path=*/0ul, /*mode=*/0ul);
- syscall(__NR_syslog, /*cmd=SYSLOG_ACTION_READ_ALL*/ 3ul,
- /*buf=*/0x2000000000c0ul, /*len=*/0x6558a7e3409167e0ul);
- *(uint32_t*)0x2000000002c0 = 2;
- *(uint32_t*)0x2000000002c4 = 0x80;
- *(uint8_t*)0x2000000002c8 = 0xe7;
- *(uint8_t*)0x2000000002c9 = 0x20;
- *(uint8_t*)0x2000000002ca = 9;
- *(uint8_t*)0x2000000002cb = 0x80;
- *(uint32_t*)0x2000000002cc = 0;
- *(uint64_t*)0x2000000002d0 = 0x32c;
- *(uint64_t*)0x2000000002d8 = 0x300;
- *(uint64_t*)0x2000000002e0 = 8;
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 1, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000002e8, 0, 38, 26);
- *(uint32_t*)0x2000000002f0 = 2;
- *(uint32_t*)0x2000000002f4 = 1;
- *(uint64_t*)0x2000000002f8 = 0xf487a34;
- *(uint64_t*)0x200000000300 = 0x136;
- *(uint64_t*)0x200000000308 = 0;
- *(uint64_t*)0x200000000310 = 4;
- *(uint32_t*)0x200000000318 = 0x80000000;
- *(uint32_t*)0x20000000031c = 9;
- *(uint64_t*)0x200000000320 = 6;
- *(uint32_t*)0x200000000328 = 0x1ff;
- *(uint16_t*)0x20000000032c = 0xc95;
- *(uint16_t*)0x20000000032e = 0;
- *(uint32_t*)0x200000000330 = 0xff;
- *(uint32_t*)0x200000000334 = 0;
- *(uint64_t*)0x200000000338 = 5;
- syscall(__NR_perf_event_open, /*attr=*/0x2000000002c0ul, /*pid=*/0,
- /*cpu=*/0xbul, /*group=*/r[14], /*flags=PERF_FLAG_FD_CLOEXEC*/ 8ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- res = syscall(__NR_socket, /*domain=*/1ul, /*type=SOCK_DGRAM*/ 2ul,
- /*proto=*/0);
- if (res != -1)
- r[16] = res;
- memcpy((void*)0x200000000b80, "ext4\000", 5);
- memcpy((void*)0x200000000bc0, "./file0\000", 8);
- memcpy((void*)0x200000000040, "stripe", 6);
- *(uint8_t*)0x200000000046 = 0x3d;
- sprintf((char*)0x200000000047, "0x%016llx", (long long)0xfff);
- *(uint8_t*)0x200000000059 = 0x2c;
- memcpy((void*)0x20000000005a, "nolazytime", 10);
- *(uint8_t*)0x200000000064 = 0x2c;
- memcpy((void*)0x200000000065, "stripe", 6);
- *(uint8_t*)0x20000000006b = 0x3d;
- sprintf((char*)0x20000000006c, "0x%016llx", (long long)5);
- *(uint8_t*)0x20000000007e = 0x2c;
- *(uint8_t*)0x20000000007f = 0;
- memcpy(
- (void*)0x200000000c40,
- "\x78\x9c\xec\xdc\xcd\x6b\x5c\xe5\x1a\x00\xf0\xe7\x9c\x7c\xb4\xb7\xe9\xbd"
- "\xc9\x85\xbb\xb8\x75\x15\xd0\x62\xa1\x74\xf2\xd1\xfa\x05\x2e\xda\x85\xae"
- "\x2c\x14\x14\xdc\x59\xc7\xc9\x34\x84\x4c\x32\x25\x33\xa9\x4d\x0c\xda\x82"
- "\x2e\x0a\x2e\x04\xbb\x71\x59\xff\x04\xb7\x16\x29\x5d\xb9\x55\x10\x41\x70"
- "\xe1\x42\x29\x85\x22\xc1\x65\x03\x91\x33\x39\x99\xa4\xc9\x4c\x9a\xa4\x49"
- "\x06\xe2\xef\x07\x27\xf3\x3c\xe7\x9d\x99\xf7\x3c\x73\xce\x79\xf3\x0e\xcc"
- "\x39\x01\xfc\x63\x0d\x66\x7f\xd2\x88\x13\x11\xf1\x45\x12\xd1\x9f\xaf\x4f"
- "\x23\xa2\xb7\x11\x1d\x8d\xb8\xb1\xf2\xbc\xc7\x8b\x0b\xa5\xa5\xc5\x85\x52"
- "\x12\xcb\xcb\x6f\xff\x99\x44\x92\xaf\x5b\x7d\xaf\x24\x7f\xec\xcb\x93\xff"
- "\x47\xc4\xfd\xcf\x22\x4e\xa7\x9b\xfb\xad\xcd\xcd\x4f\x16\x2b\x95\xf2\x4c"
- "\x9e\x0f\xd5\xa7\xae\x0e\xd5\xe6\xe6\xcf\x4c\x4c\x15\xc7\xcb\xe3\xe5\xe9"
- "\x73\x23\xe7\x5e\x7b\xe9\xec\xf0\xab\xa3\x2f\xef\x59\xad\x6f\x2e\x17\x7f"
- "\x7c\xe1\xb7\x37\x7e\xbe\x7b\xeb\x8f\x0f\xef\xdf\x3e\xfb\x20\x89\xf3\x71"
- "\x3c\x6f\x5b\x5f\xc7\x5e\x19\x8c\xc1\xfc\x33\xe9\x89\xf3\x1b\xda\xde\xdb"
- "\xeb\xce\x3a\x2c\xe9\xf4\x06\x00\x00\xb0\x2d\xd9\xd4\xbc\x2b\x22\xba\x23"
- "\xfb\x0e\xd0\x1f\x5d\x8d\x08\x00\x00\x00\x38\x4c\x3e\x89\x88\x65\x00\x00"
- "\x00\xe0\x90\x4b\x7c\xff\x07\x00\x00\x80\x43\x6e\xf5\x77\x00\x8f\x17\x17"
- "\x4a\xab\x4b\x67\x7f\x91\x70\xb0\x1e\x5d\x88\x88\x81\xb5\x6b\x9b\x97\x9a"
- "\xf5\x77\xc7\x8d\xc6\xe3\xd1\xe8\x89\x88\x63\x7f\x25\x4f\x5c\x19\x91\xac"
- "\xbc\xec\x99\x0d\x46\xc4\xf7\xb7\x3e\x3d\x91\x2d\xb1\x4f\xd7\x21\x03\xb4"
- "\x72\xe3\x66\x44\xdc\x3b\xdf\x62\xfc\x4f\xf2\xf1\x6f\xf7\x86\x37\xe4\xad"
- "\xee\x11\x30\xb8\x21\x37\xfe\xc1\xc1\xb9\x77\x61\xe5\x44\xdd\x7c\xfe\xa7"
- "\xcd\xf9\x4f\xb4\x98\xff\x74\xb5\x38\x77\x77\xe3\xe9\xe7\x7f\xfa\x70\x0f"
- "\xba\x69\x2b\x9b\xff\xbd\x1e\x11\x4b\x9b\xe6\x7f\xcd\x9b\xd6\x0c\x74\xe5"
- "\xd9\xbf\x1b\x73\xbe\x9e\xe4\xca\x44\xa5\x9c\x8d\x6d\xff\x89\x88\x53\xd1"
- "\x73\x24\xcb\x47\xb6\xe8\xe3\xe4\xc7\xf3\x5f\xb5\x6b\x5b\x3f\xff\xcb\x96"
- "\xac\xff\xd5\xb9\x60\xbe\x1d\x0f\xbb\x8f\x3c\xf9\x9a\xb1\x62\xbd\xf8\x2c"
- "\x35\xaf\xf7\xe8\x66\xc4\x73\xdd\xad\xea\x4f\x9a\xfb\x3f\x69\x33\xff\xbd"
- "\xb4\xcd\x3e\xee\x7e\xf4\xca\xaf\xed\xda\x9e\x5e\xff\xfe\x5a\xbe\x13\xf1"
- "\x62\xcb\xfd\xbf\xf6\xdf\x2a\xd9\xfa\xfe\x44\x43\x8d\xe3\x61\x68\xf5\xa8"
- "\xd8\xec\x9b\xd1\x93\x9f\xb7\xeb\xbf\xd3\xf5\x67\xfb\xff\xd8\xd6\xf5\x0f"
- "\x24\xeb\xef\xd7\x54\xdb\x79\x1f\x5f\x7e\xfb\xee\xef\xed\xda\x76\x7b\xfc"
- "\xf7\x26\xef\x34\xe2\xde\x7c\xdd\xf5\x62\xbd\x3e\x33\x12\xd1\x9b\xbc\xb5"
- "\x79\xfd\xe8\xda\x6b\x57\xf3\xd5\xe7\x67\xf5\x9f\x7a\xbe\xf5\xf9\xbf\xd5"
- "\xf1\x9f\x8d\x09\xef\xe7\x9f\x52\x36\x36\x14\xf3\xc7\x2c\xff\x60\x43\x8d"
- "\xbf\xfc\xd0\x77\x7a\xf7\xf5\xef\xaf\xac\xfe\xb1\x1d\xed\xff\x9d\x07\x77"
- "\xbe\xfe\xee\xa7\x76\xfd\x6f\x6f\xff\x9f\x6b\x44\xa7\xf2\x35\xdb\x19\xff"
- "\xb6\xbb\x81\xcf\xf2\xd9\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x70\x70\xd2\x88\x38"
- "\x1e\x49\x5a\x68\xc6\x69\x5a\x28\x44\xf4\x45\xc4\xff\xe2\x58\x5a\xa9\xd6"
- "\xea\xa7\xaf\x54\x67\xa7\xc7\xb2\xb6\x88\x81\xe8\x49\xaf\x4c\x54\xca\xc3"
- "\x11\xd1\xbf\x92\x27\x59\x3e\xd2\x88\xd7\xf2\xd1\x0d\xf9\xd9\x88\xf8\x6f"
- "\x44\xdc\xee\xff\x57\x23\x2f\x94\xaa\x95\xb1\x4e\x17\x0f\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x40\x53\x5f\x44\x1c\x8f\x24\x2d\x44\x44\xda\x88\xd3\xb4"
- "\x50\x58\x69\x7b\xd0\xdf\xe9\xad\x03\x00\x00\x00\xf6\xcc\x40\xa7\x37\x00"
- "\x00\x00\x00\xd8\x77\xbe\xff\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x7b\xe0\xd2\xc5\x8b\xd9\xb2\xbc\xb4\xb8\x50\xca\xf2\xb1\x6b\x73\xb3\x93"
- "\xd5\x6b\x67\xc6\xca\xb5\xc9\xc2\xd4\x6c\xa9\x50\xaa\xce\x5c\x2d\x8c\x57"
- "\xab\xe3\x95\x72\xa1\x54\x9d\x7a\xda\xfb\x55\xaa\xd5\xab\xc3\x31\x3d\x7b"
- "\x7d\xa8\x5e\xae\xd5\x87\x6a\x73\xf3\x97\xa7\xaa\xb3\xd3\xf5\xcb\x13\x53"
- "\xc5\xf1\xf2\xe5\x72\xcf\x81\x54\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0"
- "\x4e\xd5\xe6\xe6\x27\x8b\x95\x4a\x79\x46\x20\x10\x08\x9a\x41\xa7\x47\x26"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x0e\xb3\xbf\x03\x00\x00\xff\xff\x6f\x6b\x12\xe6",
- 2895);
- syz_mount_image(/*fs=*/0x200000000b80, /*dir=*/0x200000000bc0, /*flags=*/0,
- /*opts=*/0x200000000040, /*chdir=*/1, /*size=*/0xb4f,
- /*img=*/0x200000000c40);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/0x40000);
- *(uint32_t*)0x200000000000 = 2;
- *(uint32_t*)0x200000000004 = 0x80;
- *(uint8_t*)0x200000000008 = 0xb9;
- *(uint8_t*)0x200000000009 = 0;
- *(uint8_t*)0x20000000000a = 0;
- *(uint8_t*)0x20000000000b = 0;
- *(uint32_t*)0x20000000000c = 0;
- *(uint64_t*)0x200000000010 = 0;
- *(uint64_t*)0x200000000018 = 0;
- *(uint64_t*)0x200000000020 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 38, 26);
- *(uint32_t*)0x200000000030 = 0;
- *(uint32_t*)0x200000000034 = 0;
- *(uint64_t*)0x200000000038 = 0;
- *(uint64_t*)0x200000000040 = 0;
- *(uint64_t*)0x200000000048 = 0;
- *(uint64_t*)0x200000000050 = 0;
- *(uint32_t*)0x200000000058 = 0;
- *(uint32_t*)0x20000000005c = 0;
- *(uint64_t*)0x200000000060 = 0;
- *(uint32_t*)0x200000000068 = 0;
- *(uint16_t*)0x20000000006c = 0;
- *(uint16_t*)0x20000000006e = 0;
- *(uint32_t*)0x200000000070 = 0;
- *(uint32_t*)0x200000000074 = 0;
- *(uint64_t*)0x200000000078 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000000ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- memcpy((void*)0x200000000040, "./file0\000", 8);
- res = syscall(__NR_open, /*file=*/0x200000000040ul, /*flags=*/0ul,
- /*mode=*/0ul);
- if (res != -1)
- r[17] = res;
- syscall(__NR_futimesat, /*dir=*/r[17], /*pathname=*/0ul, /*times=*/0ul);
- *(uint16_t*)0x200000003000 = 1;
- memcpy(
- (void*)0x200000003002,
- "\351\037q\211Y\036\2223aK\000\000\000\000\000\000\000\000\000\000\000"
- "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
- "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
- "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
- "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
- "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
- 108);
- syscall(__NR_bind, /*fd=*/r[16], /*addr=*/0x200000003000ul,
- /*addrlen=*/0x6eul);
- memcpy((void*)0x200000000000, "\351\037q\211Y\036\2223aK\000", 11);
- memcpy((void*)0x200000000180, "tmpfs\000", 6);
- memcpy((void*)0x2000000002c0,
- "\x6d\x70\x6f\x6c\x3d\x69\x6e\x74\x65\x72\x6c\x65\x61\x76\x65\x3d\x72"
- "\x65\x6c\x61\x74\xa5\x83\x63\xe7\x1a\x2e\xd6\xa5\x5b\x6a\x38\x0a\x43"
- "\xfc\xa9\x69\x76\x65\x90\x09\x99\xd4\x3a\x38\x2d\x37",
- 47);
- sprintf((char*)0x2000000002ef, "%020llu", (long long)-1);
- syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000000ul,
- /*type=*/0x200000000180ul, /*flags=*/0ul, /*opts=*/0x2000000002c0ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x541c, /*arg=*/0ul);
- syscall(__NR_preadv, /*fd=*/-1, /*vec=*/0x2000000017c0ul, /*vlen=*/0x333ul,
- /*off_low=*/0, /*off_high=*/0);
- memcpy((void*)0x200000000000, "./file0\000", 8);
- syscall(__NR_openat, /*fd=*/-1, /*file=*/0x200000000000ul,
- /*flags=__O_TMPFILE|O_CREAT|O_RDWR*/ 0x400042, /*mode=*/0);
- syscall(__NR_prctl, /*option=*/0x23ul, /*opt=PR_SET_MM_ENV_START*/ 0xaul,
- /*arg=*/0x2000002d5000ul, 0, 0);
- res = syscall(__NR_getpgrp, /*pid=*/0);
- if (res != -1)
- r[18] = res;
- *(uint32_t*)0x200000000040 = 2;
- *(uint32_t*)0x200000000044 = 0x70;
- *(uint8_t*)0x200000000048 = 0x6a;
- *(uint8_t*)0x200000000049 = 1;
- *(uint8_t*)0x20000000004a = 0;
- *(uint8_t*)0x20000000004b = 0;
- *(uint32_t*)0x20000000004c = 0;
- *(uint64_t*)0x200000000050 = 0;
- *(uint64_t*)0x200000000058 = 0;
- *(uint64_t*)0x200000000060 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 38, 26);
- *(uint32_t*)0x200000000070 = 0;
- *(uint32_t*)0x200000000074 = 0;
- *(uint64_t*)0x200000000078 = 0x200000000000;
- *(uint64_t*)0x200000000080 = 0;
- *(uint64_t*)0x200000000088 = 0;
- *(uint64_t*)0x200000000090 = 0;
- *(uint32_t*)0x200000000098 = 0;
- *(uint32_t*)0x20000000009c = 0;
- *(uint64_t*)0x2000000000a0 = 0;
- *(uint32_t*)0x2000000000a8 = 0;
- *(uint16_t*)0x2000000000ac = 0;
- *(uint16_t*)0x2000000000ae = 0;
- *(uint32_t*)0x2000000000b0 = 0;
- *(uint32_t*)0x2000000000b4 = 0;
- *(uint64_t*)0x2000000000b8 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000040ul, /*pid=*/0,
- /*cpu=*/-1, /*group=*/-1, /*flags=*/0ul);
- *(uint32_t*)0x200000000040 = 1;
- *(uint32_t*)0x200000000044 = 0x70;
- *(uint8_t*)0x200000000048 = 0;
- *(uint8_t*)0x200000000049 = 0;
- *(uint8_t*)0x20000000004a = 0;
- *(uint8_t*)0x20000000004b = 0;
- *(uint32_t*)0x20000000004c = 0;
- *(uint64_t*)0x200000000050 = 0x510;
- *(uint64_t*)0x200000000058 = 0;
- *(uint64_t*)0x200000000060 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 38, 26);
- *(uint32_t*)0x200000000070 = 0;
- *(uint32_t*)0x200000000074 = 0;
- *(uint64_t*)0x200000000078 = 0x200000000000;
- *(uint64_t*)0x200000000080 = 0;
- *(uint64_t*)0x200000000088 = 0;
- *(uint64_t*)0x200000000090 = 0;
- *(uint32_t*)0x200000000098 = 0;
- *(uint32_t*)0x20000000009c = 0;
- *(uint64_t*)0x2000000000a0 = 0;
- *(uint32_t*)0x2000000000a8 = 0;
- *(uint16_t*)0x2000000000ac = 0;
- *(uint16_t*)0x2000000000ae = 0;
- *(uint32_t*)0x2000000000b0 = 0;
- *(uint32_t*)0x2000000000b4 = 0;
- *(uint64_t*)0x2000000000b8 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000040ul, /*pid=*/0,
- /*cpu=*/-1, /*group=*/-1, /*flags=*/0ul);
- memcpy((void*)0x200000000100, "fdinfo\000", 7);
- res = -1;
- res = syz_open_procfs(/*pid=*/0, /*file=*/0x200000000100);
- if (res != -1)
- r[19] = res;
- syscall(__NR_getdents64, /*fd=*/r[19], /*ent=*/0x200000000140ul,
- /*count=*/0x1000ul);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/4);
- syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0ul, /*f=MSG_NOSIGNAL*/ 0x4000ul);
- syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0ul, /*f=*/0ul);
- memcpy((void*)0x200000003f80,
- "wg2\000\000\000\000\000\000\000\000\000\000\000\000\000", 16);
- syscall(__NR_ioctl, /*fd=*/r[19], /*cmd=*/0x8933, /*arg=*/0x200000003f80ul);
- memcpy((void*)0x200000004100, "ip_vti0\000\000\000\000\000\000\000\000\000",
- 16);
- *(uint64_t*)0x200000004110 = 0x200000004080;
- memcpy((void*)0x200000004080, "ip_vti0\000\000\000\000\000\000\000\000\000",
- 16);
- *(uint32_t*)0x200000004090 = 0;
- *(uint16_t*)0x200000004094 = htobe16(0x29);
- *(uint16_t*)0x200000004096 = htobe16(4);
- *(uint32_t*)0x200000004098 = htobe32(0x40);
- *(uint32_t*)0x20000000409c = htobe32(0xfffffffd);
- STORE_BY_BITMASK(uint8_t, , 0x2000000040a0, 0, 0, 4);
- STORE_BY_BITMASK(uint8_t, , 0x2000000040a0, 4, 4, 4);
- STORE_BY_BITMASK(uint8_t, , 0x2000000040a1, 0, 0, 2);
- STORE_BY_BITMASK(uint8_t, , 0x2000000040a1, 0, 2, 6);
- *(uint16_t*)0x2000000040a2 = htobe16(0);
- *(uint16_t*)0x2000000040a4 = htobe16(0);
- *(uint16_t*)0x2000000040a6 = htobe16(0);
- *(uint8_t*)0x2000000040a8 = 0;
- *(uint8_t*)0x2000000040a9 = 0;
- *(uint16_t*)0x2000000040aa = htobe16(0);
- *(uint32_t*)0x2000000040ac = htobe32(0);
- *(uint32_t*)0x2000000040b0 = htobe32(0);
- struct csum_inet csum_1;
- csum_inet_init(&csum_1);
- csum_inet_update(&csum_1, (const uint8_t*)0x2000000040a0, 20);
- *(uint16_t*)0x2000000040aa = csum_inet_digest(&csum_1);
- syscall(__NR_ioctl, /*fd=*/r[19], /*cmd=*/0x89f8, /*arg=*/0x200000004100ul);
- syz_open_dev(/*dev=*/0, /*id=*/2, /*flags=*/0);
- memcpy((void*)0x200000000140, "/dev/input/event#\000", 18);
- res = -1;
- res = syz_open_dev(/*dev=*/0x200000000140, /*id=*/2, /*flags=*/0);
- if (res != -1)
- r[20] = res;
- syscall(__NR_ioctl, /*fd=*/r[20], /*cmd=*/0x40284504, /*arg=*/0ul);
- *(uint16_t*)0x200000001240 = 0;
- *(uint16_t*)0x200000001242 = 1;
- *(uint64_t*)0x200000001248 = 0;
- *(uint64_t*)0x200000001250 = 9;
- *(uint32_t*)0x200000001258 = 0;
- *(uint32_t*)0x20000000125c = 0;
- memset((void*)0x200000001260, 0, 16);
- syscall(__NR_ioctl, /*fd=*/r[20], /*cmd=*/0x40305828,
- /*arg=*/0x200000001240ul);
- *(uint64_t*)0x2000000000c0 = 0x20000000f000;
- *(uint64_t*)0x2000000000c8 = 0x200000ffc000;
- *(uint64_t*)0x2000000000d0 = 0x200000002000;
- *(uint64_t*)0x2000000000d8 = 0x2000002d6000;
- *(uint64_t*)0x2000000000e0 = 0x200000011000;
- *(uint64_t*)0x2000000000e8 = 0x20000000d000;
- *(uint64_t*)0x2000000000f0 = 0x200000ffa000;
- *(uint64_t*)0x2000000000f8 = 0x200000fed000;
- *(uint64_t*)0x200000000100 = 0x200000003000;
- *(uint32_t*)0x200000000140 = 0xff;
- *(uint32_t*)0x200000000144 = 9;
- *(uint32_t*)0x200000000148 = 0xb5d;
- *(uint32_t*)0x20000000014c = 0x7a290914;
- syscall(__NR_move_pages, /*pid=*/r[18], /*nr=*/9ul,
- /*pages=*/0x2000000000c0ul, /*nodes=*/0x200000000140ul,
- /*status=*/0x200000000180ul, /*flags=MPOL_MF_MOVE*/ 2ul);
- memcpy((void*)0x2000000001c0, "environ\000", 8);
- res = -1;
- res = syz_open_procfs(/*pid=*/-1, /*file=*/0x2000000001c0);
- if (res != -1)
- r[21] = res;
- *(uint64_t*)0x200000001400 = 0x200000000040;
- *(uint64_t*)0x200000001408 = 0x200000b1;
- syscall(__NR_preadv, /*fd=*/r[21], /*vec=*/0x200000001400ul, /*vlen=*/1ul,
- /*off_low=*/0, /*off_high=*/0);
- syscall(__NR_shmat, /*shmid=*/0, /*addr=*/0x200000000000ul,
- /*flags=SHM_REMAP*/ 0x4000ul);
- syscall(__NR_shmctl, /*shmid=*/0, /*cmd=*/0xcul, 0);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/2ul, /*proto=*/0x88);
- if (res != -1)
- r[22] = res;
- memcpy((void*)0x200000000000, "./bus\000", 6);
- res = syscall(
- __NR_open, /*file=*/0x200000000000ul,
- /*flags=O_SYNC|O_NONBLOCK|O_NOATIME|O_LARGEFILE|O_CREAT|0x2*/ 0x149842ul,
- /*mode=*/0ul);
- if (res != -1)
- r[23] = res;
- syscall(__NR_mmap, /*addr=*/0x200000002000ul, /*len=*/0x4000ul, /*prot=*/0ul,
- /*flags=MAP_LOCKED|MAP_FIXED|MAP_DENYWRITE|0x2*/ 0x2812ul,
- /*fd=*/r[23], /*offset=*/0ul);
- memcpy(
- (void*)0x200000001780,
- "\x7e\x11\xb8\x60\x58\x1c\x55\x25\x55\x86\xe5\xe1\x3d\xff\x83\x1d\x3e\x27"
- "\x1d\x77\x29\x7f\x2c\xca\xce\x05\xa5\x27\x4b\x41\xfb\x17\xe4\x8f\xe9\x04"
- "\x5d\xaa\x72\xe0\xda\xa9\x28\xfe\x9c\xd4\x67\x09\x5a\x0f\x9e\x58\x86\xa9"
- "\xff\x23\x32\x16\x41\xcd\x30\x01\x3b\xa6\xc9\x33\x3b\x24\xce\x38\x62\x6c"
- "\x13\x6a\xf2\x65\x5f\xa4\xc2\x1e\x01\x99\xd8\x88\xd1\x33\xbb\x53\x97\x89"
- "\x55\xdd\x40\x76\x57\x37\xa7\x98\x23\x34\x59\xc1\xf5\xa1\xd0\xc6\x19\xbd"
- "\x30\xa4\xfe\x1d\x74\x69\x5c\x0d\x47\x90\xd1\xbe\xb5\x96\xcf\xec\x3f\xe5"
- "\x58\x6a\xf1\xc6\x4f\xce\xf3\x02\x40\x9c\x69\x2a\xa8\x5d\x14\x2f\xac\x08"
- "\x83\xcf\x67\x70\xf5\xe2\x70\x9c\xd5\xba\x0c\x64\x2f\x8d\x5e\xdb\x10\x5d"
- "\x19\x10\xdd\xb8\x9e\xc3\x78\xcd\x1c\x1f\xfb\x2e\xcc\xab\x6e\xa0\x55\x0d"
- "\xa9\x48\x12\x6a\xce\xde\xd0\xf9\x35\xd8\x40\xd2\x92\x55\x9c\xee\x76\x8e"
- "\x6b\xc3\x93\xfb\x86\xfa\x55\x1c\x50\x46\x5f\xb8\xd3\x85\x1c\x17\xd7\x14"
- "\x9d\x18\x1e\x93\x7c\x49\xf8\xda\x37\xa1\x21\x75\xa5\x8b\x53\x7a\xba\xb0"
- "\xcb\x8c\xa0\xfb\x4b\xfe\xbd\x9e\xa2\xd3\x9e\xbc\x14\xa3\xd2\x05\x99\x44"
- "\x83\x90\x0e\xbd\x87\x20\x11\x4f\x51\x36\x95\x36\xf9\x10\xde\xb2\x3e\x6d"
- "\x6c\x88\xb7\x5a\x57\x8b\x6b\x38\xdd\xc9\xc7\x13\x7d\xfe\x2c\xad\x6a\xac"
- "\x39\xd6\xcb\xb9\xf3\x36\x70\x4a\x7b\x86\xe3\x70\xd8\x3f\x96\xc8\x04\x96"
- "\xc8\xf3\x39\xc9\x14\xd2\xbc\x4b\x62\x05\x3e\xad\x2b\xcf\xee\x7b\xc8\x96"
- "\x7b\xae\xb9\x2e\x78\xba\xca\xd0\x8d\xe3\xe7\xc5\xca\xd8\xbb\x52\xf5\x66"
- "\x38\xab\xce\xe6\x13\x29\x95\x51\x0e\x00\xc6\x5f\x44\xbc\x9d\x9f\x60\xa3"
- "\x3a\xa2\x95\xc3\xbd\x0b\x02\xa3\xae\x6b\x45\x6a\xf0\x84\xe0\x54\xf8\x81"
- "\x0f\xa3\x48\x49\x60\xfc\xb5\x95\x00\x98\x3d\xed\x1a\x93\xf2\x10\x0c\x6b"
- "\x83\xc2\xb4\x90\xa9\xd1\x0f\xf5\x58\xb3\xbd\xc5\xb6\xed\x7c\x6b\x54\xc4"
- "\x51\xc5\x76\x00\x5f\x9b\x04\xa3\xf0\x1b\xc0\x8a\x93\x2a\x56\x9b\xce\xc5"
- "\xd2\xe8\x2e\x8e\xb7\xf9\x47\x3b\x8c\x4b\x2a\x5a\x9e\xe4\x1d\x97\x0e\xe5"
- "\x03\x10\x40\x84\xfb\x32\xcb\xb6\x2d\x8f\xa8\x76\xae\x67\xd0\x8e\x44\xce"
- "\xa5\xf5\xc8\x19\xfa\x2e\xe6\x17\xb6\xf5\x4b\x56\xba\xa2\x48\x02\x1a\xd7"
- "\x97\x18\x28\xd0\x5d\xb2\x76\x6a\xf8\x84\x84\xfe\x47\xb0\x0e\x4a\x7f\xac"
- "\xf3\xde\xd6\x89\x69\x33\xcf\xd0\xa6\xe3\x88\x04\x4f\x89\xdd\x50\xdb\x82"
- "\x52\x04\xfc\x11\x63\xc5\x0e\x47\xba\x9f\xa8\xd6\xcd\xeb\x75\x2e\xc5\x28"
- "\x41\x53\xb4\x8d\xbc\x19\x82\xb0\xa5\x32\x35\x97\xce\x4f\xa1\xa8\x05\xa7"
- "\x1e\x16\x6c\x2e\x67\xdb\x41\x5c\xed\xcb\x48\xea\x9c\x5b\xcb\xe3\xc4\xc1"
- "\xf6\x18\x6e\xd9\x40\xd3\xee\x24\xaa\x11\xd2\x26\xa4\x4f\xe4\x1e\x80\xd9"
- "\x93\x5a\x46\x5e\x29\x23\x58\x64\xfa\x77\xec\x9a\x05\x66\xd7\x83\x38\x14"
- "\x6f\x4b\x8c\x8d\x31\xb4\xc7\x50\x28\x19\x6e\x4c\x27\xe4\xd7\x6d\x3b\xca"
- "\x69\x2e\xa8\xdf\xca\xe0\x04\xb9\x22\xe7\x32\x97\x6f\xa3\x15\x62\x64\xba"
- "\xfe\x21\x80\xab\x78\xb0\x53\xbb\x0c\x54\xee\x86\x41\x3d\x10\x4c\xaa\x33"
- "\xde\x3c\x6c\xbe\x68\x7d\xc4\xe4\xf5\xdd\x2d\xbb\x20\xd1\x2f\xa9\x53\xdc"
- "\x0f\x16\xe2\x53\x5f\x4e\x88\x31\xce\xc0\xf7\x87\xa4\x16\x68\xd4\xa0\xad"
- "\xd2\x75\x5d\xf5\x1d\x88\x50\xad\x9b\x18\x01\xa5\x08\x5b\xff\x9d\x02\x92"
- "\x01\x6b\xf3\x4a\xa0\x11\x42\xb0\xc9\x9a\xa2\x6c\x75\x01\xe1\x9f\x2d\x20"
- "\x5d\x37\xd1\xe6\x92\x31\x43\xa2\x8b\xfb\x47\x63\xfe\xcf\x26\x21\x12\x3e"
- "\xe4\x8a\x73\x6d\xd3\x35\x35\x8c\x3f\xd5\x45\x08\xe2\x9e\x0f\x24\x68\xad"
- "\x0e\xf7\x79\x0f\xfe\xd1\xb8\x35\xde\x3d\x70\xfc\xf0\x32\x4d\x62\xf3\xab"
- "\x2f\xab\x7b\x88\xdd\x3c\xe4\xf5\x1a\xab\x35\x30\x2d\x14\x99\x61\xe7\xfb"
- "\x28\x1a\x44\x92\x99\x14\x45\x90\x9e\x9f\xc8\x7d\x46\xd3\xb0\xed\xe3\x1d"
- "\xf1\xfd\x82\x55\xb8\x8d\xa4\x0c\x67\x95\xd7\xa7\x7b\x13\x76\x3d\x56\x16"
- "\xe1\x81\x60\x99\xeb\x0d\x96\x54\x77\xc1\x2a\x43\x55\x56\xb6\xb3\x0d\x6c"
- "\x3f\x91\x29\xe4\x90\xdc\x95\x23\x34\x37\x16\x39\xe5\x59\x23\xbc\xc1\x2e"
- "\x0e\xa4\x4c\x4d\x14\x53\xa1\xaf\xb2\xf3\xfd\x92\xc6\xa8\x23\xf2\x9e\xca"
- "\xa4\xac\x14\xe5\xb4\x8c\x4f\xa3\x20\x9b\x81\x27\x7d\xfb\x8b\xa9\x6d\x2a"
- "\x35\x21\x05\x60\x27\xbf\x58\xa4\x7f\x42\x36\xd4\xea\x6a\x34\xfa\x6b\x89"
- "\x07\x75\x04\x6b\x1f\x53\x84\x33\x56\x80\x36\xeb\x43\x65\x66\xee\xb7\x42"
- "\xd2\xe9\x2d\x1d\x17\xa9\xb3\xa4\x0b\x25\xd0\x2f\x63\x31\x2a\x3a\xd9\x25"
- "\xe0\xa3\x51\x81\xe1\xa3\x60\x0d\x0c\x31\x02\x94\x9a\x10\x49\x51\xa5\x5f"
- "\x99\xb7\x28\x01\x03\x31\x37\xba\xa5\x35\xc1\xd5\x06\x26\x2e\x29\x91\x8a"
- "\x70\x3c\x15\xb5\xeb\x8e\xab\x49\x1f\xc0\x0e\xe0\xbf\x99\x29\x74\xcf\x86"
- "\xbd\x17\xe1\xd5\xa5\x34\xf8\x67\x5f\x8b\x28\x0e\x9b\x18\xf1\x10\x2d\xc7"
- "\x1e\xb0\xe8\x9a\x42\xa4\x6a\x9d\xb5\xd6\xcd\xed\x23\x74\x0c\x30\xb6\x48"
- "\x94\xbe\x62\x5c\x3b\x23\xfe\x8b\xa4\xb5\x84\x5e\x79\xdb\x26\xf5\x2d\x93"
- "\x8f\xcd\x13\xdf\x10\x90\xe9\x54\xb6\x8d\x93\xb9\x76\x5f\x95\x6f\xa3\x0d"
- "\x9f\x59\x88\xea\x82\x07\x54\xff\x3e\xb3\x57\xe6\x41\xca\x86\x51\x9d\xdf"
- "\x70\x26\xe6\x88\x65\xe9\x9d\x3b\x96\x74\xa5\x52\x43\x7d\x48\x52\x68\x19"
- "\x78\x1b\xb3\xf9\x30\xd1\xba\x5e\xc8\x0a\x51\xf9\x5f\x58\x8c\x9a\xe6\xe0"
- "\xd6\x44\xde\xb3\xd6\x82\xe4\xe2\xa3\x42\x57\xb8\x9b\x1c\xa9\x33\xd7\x8a"
- "\xce\xdf\x27\x92\x77\x5c\xcf\x51\xe7\x1b\x87\xe4\x5d\x77\x3f\xec\xd5\xcb"
- "\x7c\x5b\x4e\xe0\x33\xd8\x87\xcb\x0e\x3d\xc3\xff\x1c\xca\x2f\x31\xc9\x5e"
- "\x1e\xc3\xed\x01\xec\xf0\x06\x25\xba\x5b\xb6\x8e\x94\xa5\x36\xd0\xf2\x98"
- "\xa2\x7e\x93\xfa\x03\x9c\x6a\x3e\x8d\x8a\x12\x46\xf0\x3a\x5d\x0c\x11\xf5"
- "\x1a\xde\xde\x02\x8a\x83\x19\x51\x46\x76\x70\x71\xeb\x00\xb6\x1a\xbc\xc1"
- "\x01\xf8\x1a\xa5\x0b\x17\x88\x45\x6e\x48\x07\x4f\x68\x9f\x11\x72\xe5\x97"
- "\xa7\x55\x6e\x66\x1a\x42\x71\x0b\x5f\xda\xf2\x73\x9d\x1d\xf6\xa2\xed\x89"
- "\xc3\x57\xb7\x8b\xd7\xd9\x5d\x49\x4a\x60\x3b\x00\x39\xfb\x84\xf9\x0e\x0f"
- "\x98\x7d\x74\xb9\xc8\xea\x40\x4b\xff\x69\x3a\xb8\x69\xce\x58\x17\xbe\xad"
- "\x42\xf9\xf9\x5d\x59\x05\xc8\xb0\x25\xe0\x2a\xd1\xd5\xe2\x96\x4b\xc1\xb8"
- "\x27\x70\x36\x1b\xc8\x5b\x43\x0e\x5f\x10\x75\xc9\xcc\x77\x43\xea\xcc\x69"
- "\xa4\xd8\x9a\xdf\x2f\xcd\xf2\x65\xa5\x64\x24\xa6\x60\x66\xdd\xbb\xda\x85"
- "\x23\x55\x15\x4f\x64\x57\x85\x56\x1b\xea\x9e\x8a\x20\xd5\xfd\xbe\x05\x25"
- "\x8f\x4c\x0f\x93\xc7\xe8\x2a\x5e\xe5\x53\xbf\xaf\x06\x7a\x13\xa4\xeb\x25"
- "\xae\x2b\x71\x75\xe4\xa6\x30\x1c\x55\x94\xcf\x86\x60\x49\xb6\x1e\x71\x61"
- "\xc1\x7b\x97\x35\x75\xff\x3a\xf3\x70\x46\x8f\x3d\x31\x69\x66\xbd\x10\x2b"
- "\xfa\x6b\x20\xf3\x1c\x79\x24\x89\x2f\x3d\x7f\x1c\xa9\x02\x91\x45\xaf\xc0"
- "\x0e\x5e\x81\x52\xfa\x04\x3a\xd2\x4a\x29\xe2\x7c\x8a\xc5\x33\xe1\xf2\x4a"
- "\x23\x93\x47\x55\x71\x91\x8d\xca\x44\x8e\x31\x2b\x55\xb6\xf2\x04\x1f\x12"
- "\x98\x60\x98\x3b\x79\x60\x2a\x08\x7f\xa4\xfa\xb3\xa0\xa5\x93\xf1\x61\xdd"
- "\xd9\x14\x65\x81\x3a\x51\x7a\xf6\x81\xbd\x3f\xd9\xd1\x0e\xc4\x6c\x0b\x31"
- "\xc5\x6a\xcb\xfd\xd6\xa5\x51\x5e\xa8\xd7\xfa\x16\x1d\xc4\x5c\xca\x3a\x0d"
- "\x4b\xa0\x2d\xce\x7d\x88\xbb\x3a\x0a\x88\x83\x24\x85\x1b\xa3\x8a\x7c\x65"
- "\x9d\x6f\x1c\xa5\xaf\x76\x4e\x63\xfb\x8a\x9c\xa4\xc9\xd4\x6f\x91\xd0\x5c"
- "\x48\xf6\x68\xe7\x2e\xba\x32\x5f\x2c\xf7\xda\xb6\x6b\x9b\x0e\xea\x98\x81"
- "\xd9\x6c\x01\x47\x31\x44\xfb\x88\xf5\x6d\x83\x2f\x96\x32\xe0\xae\x4d\xe9"
- "\x1e\xc5\xd0\x04\x63\xc3\xed\xcb\xe6\xe4\x75\xd2\x2b\x42\x57\x49\x00\x20"
- "\x5f\x45\x22\xd8\x2c\xe2\x3c\x87\xcb\x91\x87\xd2\x33\x32\x49\x82\x31\x39"
- "\xe2\x04\xb0\x33\x01\x94\xf1\x41\xc3\x50\x54\x12\xe7\x4e\x7d\x1a\x5a\x23"
- "\x34\xd5\x7a\x65\xb9\x04\x2e\x5a\x06\xc6\x8b\xf8\xa2\x6f\xe0\xe8\x33\x38"
- "\x25\xc6\x61\xff\x2e\xef\x1b\xb6\xca\xc0\x45\x0e\x26\x00\x64\x18\xf1\xcb"
- "\xa6\xae\x66\x91\xe0\xc6\x46\x5f\xf6\x6c\xdb\x97\x57\xf7\x38\x5c\xfb\xc2"
- "\x17\x69\x1e\xd7\x68\xd3\x4c\x59\x5c\xc7\x6c\x30\x0a\xb8\xc0\x68\x79\x09"
- "\x63\xd7\x2d\xc6\xd6\x9f\x0d\x0d\xad\x36\xfd\x1b\x18\xff\x0b\x7d\x48\x6a"
- "\x61\xee\x64\x7f\x7b\x20\x1f\xd6\xd7\x6a\xf5\x54\x6f\x77\x0f\xef\x85\xc6"
- "\xc9\xe8\xa9\xe8\x51\x29\x81\x56\x1c\xaa\x27\x4a\x1b\x5e\x9d\xbf\x10\xb1"
- "\x5d\x12\x56\x80\xc6\x81\x8c\x6a\x4b\x88\x2e\x9a\x70\x9d\x95\xb0\xbf\x5f"
- "\x66\xa5\x4c\xd8\x2b\x3f\x15\x6d\xc2\x19\x46\x1b\x7d\x9e\x02\x64\x1e\x2d"
- "\x0e\x96\xb6\xe3\xe5\x8c\x17\x9a\x76\x04\x7d\xb7\x4b\x9e\x9c\xe3\x7a\x7b"
- "\xa8\x59\xa1\xb7\x3e\x6f\x37\x97\x5a\x44\xd1\x11\x8f\x82\x0c\xda\x01\x28"
- "\x2c\x09\x8d\x39\x47\xf4\xba\xce\x61\xf2\x2a\xe2\xf6\x47\x86\x4e\xbe\xb7"
- "\x87\xaa\x33\x69\x25\x0c\x04\x9d\xbe\x71\xc4\xf4\xf3\x0e\x50\x9f\xfc\x20"
- "\x34\x41\x6c\x5e\xae\x5d\x91\x95\xb1\x95\x9f\x8a\x3f\xc9\xcb\x2c\x90\xa2"
- "\x88\xfa\xe9\x07\xe5\xdb\x05\xd7\x76\x87\x8c\x85\x09\x7c\x83\x1d\x6a\x46"
- "\x75\x9d\x32\x94\xe5\xef\x2e\x85\x7c\x72\x45\xd3\x30\x30\xd0\x3d\x4e\x0f"
- "\xb6\x26\x9d\xca\x2a\x85\xa6\x8f\x55\xf9\x71\xa4\x46\x68\x64\x3b\x4f\xc8"
- "\x70\x76\x22\xc1\x99\x04\x1c\x00\x9b\x44\x1e\xfc\x92\x6b\xe4\x67\x8a\xff"
- "\x45\x26\x21\xfd\xbd\xdd\x86\x6e\x4d\x60\xfd\x48\xec\x1a\x5c\x7b\x2e\xa4"
- "\x0f\xaa\x26\xb8\x6c\xfd\x4d\x36\xe9\xc4\x2b\x1f\x98\xbe\x96\xb0\x35\x80"
- "\x7d\x83\x5d\xd2\x35\xf4\xbd\xad\x89\x85\x93\xe8\x95\xf0\xc0\x90\x6b\x2b"
- "\x69\xa9\x4f\xf8\x26\x28\x04\xfb\x2b\x13\x9b\xcb\x6a\x35\xa8\x9d\xb1\x97"
- "\xc3\x4a\x83\xa8\x3b\x38\xfc\x50\x47\xbf\x4b\x3e\xd3\x52\x2e\xb7\xf3\x07"
- "\x42\x4c\x29\xab\x33\x7d\x04\x81\xf5\x07\x72\xe1\x2b\xde\x7c\x16\xda\x7c"
- "\xc4\x49\x36\x8d\x3b\xb1\x97\x86\x32\xab\x8b\xd8\xe1\x56\xcc\xb1\x20\xd6"
- "\x35\xf4\x71\x29\x16\xe1\x91\x10\x7d\xfc\x04\x65\x75\x97\x7c\x5a\x80\xe2"
- "\x80\x52\x86\xd5\xe0\x88\x50\x64\xb9\x16\x99\x9c\x00\x75\x83\x23\x16",
- 2177);
- *(uint16_t*)0x200000000100 = 0xa;
- *(uint16_t*)0x200000000102 = htobe16(0x4e21);
- *(uint32_t*)0x200000000104 = htobe32(0);
- memset((void*)0x200000000108, 0, 16);
- *(uint32_t*)0x200000000118 = 0;
- syscall(__NR_sendto, /*fd=*/r[22], /*buf=*/0x200000001780ul, /*len=*/0x881ul,
- /*f=*/0ul, /*addr=*/0x200000000100ul, /*addrlen=*/0x1cul);
- memcpy((void*)0x200000000240, "msdos\000", 6);
- memcpy((void*)0x200000000280, "./file0\000", 8);
- *(uint8_t*)0x200000000540 = r[22];
- memcpy(
- (void*)0x2000000002c0,
- "\x78\x9c\xec\xdd\xcf\x6a\x13\x51\x14\x07\xe0\x63\x93\x34\xb1\x9b\x74\x2d"
- "\x0a\x17\xdc\xb8\x0a\xea\x13\x18\xa4\x82\x18\x10\x22\x59\xe8\xca\x40\x75"
- "\xd3\x8a\x90\x6e\xa2\xab\xf8\x16\x3e\x80\x2b\x1f\xc9\xc7\xe8\xaa\xbb\x91"
- "\x64\x5a\xf3\xcf\x9a\x48\x9b\x4c\xcb\x7c\x1f\xb4\x39\xf0\xbb\x03\x67\x02"
- "\x99\x9b\xc5\x99\xc9\xfb\xfb\x9f\x8e\x0e\x3f\x9f\x7c\xcc\x7e\x7d\x8f\x46"
- "\x23\x45\x35\x62\x14\x67\x11\xfb\xb1\x13\x95\x88\xb8\x1b\x53\x3b\x11\x71"
- "\x27\x76\x63\xd6\x28\xd6\xf0\x6d\xfc\xef\xc7\x3a\x2b\x01\x80\x2d\xe8\x76"
- "\xfb\xed\xff\x3e\xa8\xb2\x91\x56\xd8\x90\xc1\xa0\xdd\xaf\x45\x44\x7d\x29"
- "\xe9\xfd\x2c\xa4\x21\x00\x00\x00\x00\x00\x00\x00\x00\x00\xae\x6c\xd5\xfc"
- "\x7f\x4c\x66\xfe\x73\xf9\xfc\x7f\x6d\xee\xf8\xb5\xe6\xff\x01\x80\x1b\x65"
- "\x79\xfe\xff\xd9\xd2\x1a\x7b\xfc\xed\x36\x18\xb4\xfb\x7b\xe7\xdf\xdf\xe6"
- "\x99\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8a\x73\x96"
- "\x65\xcd\xec\x1f\x7f\x45\xf7\x07\x00\x5c\x3f\xfb\x3f\x00\x94\x8f\xfd\x1f"
- "\x00\xca\xc7\xfe\x0f\x00\xe5\xf3\xe6\xed\xbb\x57\xed\x4e\xe7\xa0\x9b\x52"
- "\x23\xe2\x74\x34\xec\x0d\x7b\xf9\x6b\x9e\xbf\x78\xd9\x39\x78\x9c\x26\xf6"
- "\xa7\x47\x9d\x0e\x87\xbd\xca\x9f\xfc\x49\x9e\xa7\xf9\xbc\x16\x7b\xe7\xf9"
- "\xd3\xbf\xe6\xbb\xf1\xe8\x61\x9e\x8f\xb3\xe7\xaf\x3b\x0b\x79\x3d\x0e\x2f"
- "\xe9\x39\xcb\xae\xf7\x3d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x80\xa2\xb5\x52\x4a\x59\xf3\xf2\xfb\xfb\x5b\xad\x74\x61\x21"
- "\xcf\xab\x99\xe7\x03\x2c\xdc\xbf\x5f\x8d\x7b\xd5\xad\x9d\x06\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdc\x6a\x27\x5f\xbe\x1e"
- "\xd5\x23\x62\x30\x2e\xfa\xc7\xc7\x1f\x36\x5a\x64\xcd\xd5\x6b\x62\x94\x3f"
- "\x36\x60\x26\x8a\x88\xd1\x66\x1b\x53\x28\x8a\x2b\x1e\x54\xa7\x1f\xc6\x9b"
- "\xd0\xcf\xa4\xb8\xb8\x42\xa4\xc2\xae\x4d\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x50\x36\xd3\x9b\x7e\x57\xaf\xad\x6d\xa3\x21\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x28\xc0\xf4\xf7\xff\x37"
- "\x57\x14\x7d\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x39"
- "\xfc\x0e\x00\x00\xff\xff\xe9\xc4\x8f\xed",
- 640);
- syz_mount_image(/*fs=*/0x200000000240, /*dir=*/0x200000000280, /*flags=*/0,
- /*opts=*/0x200000000540, /*chdir=*/1, /*size=*/0x280,
- /*img=*/0x2000000002c0);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/0);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- syscall(__NR_prctl, /*option=*/0x26ul, /*arg=*/1ul, 0, 0, 0);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/5);
- syz_proconfig_reset__sys_fs_cgroup_system_slice_rsyslog_service_cgroup_freeze();
- res = syscall(__NR_timerfd_create, /*clockid=CLOCK_MONOTONIC_RAW*/ 4ul,
- /*flags=TFD_NONBLOCK*/ 0x800ul);
- if (res != -1)
- r[24] = res;
- *(uint64_t*)0x200000000000 = 0x200000001840;
- memcpy(
- (void*)0x200000001840,
- "\x71\xe9\xfa\x2b\xb0\xb0\xe9\x0a\x3e\x99\x06\x17\x1d\xc2\x46\xf6\xc3\xc7"
- "\x03\xc2\x6d\xed\x59\x5a\xfa\x44\x7d\xda\x45\x93\x21\xb6\xf8\xd8\x7b\x80"
- "\xf9\x69\x5d\xe3\xc0\xa4\xa5\x84\x92\x04\x77\x54\xad\x73\x50\xe3\x97\x80"
- "\xd8\x89\xba\x04\x06\x0f\x6a\x27\x21\xd6\x88\xfc\x80\xfd\x62\xd1\x84\xe6"
- "\xc1\xf7\x7d\xe7\x17\xea\x13\x43\x03\xc1\x99\x69\xee\xdd\x99\xc3\xcf\x56"
- "\x10\x2b\xb5\x5d\x33\x7b\x84\x69\xc0\x73\x8d\x84\x96\x1d\x21\x23\xc7\xfd"
- "\x0c\x6e\x5b\x53\x7d\xff\x97\x62\x02\x25\x6d\x4a\x89\x18\xb3\x89\x39\xc1"
- "\x66\x31\x0f\x02\x94\xfd\x9f\x32\xf0\x08\xd8\x19\x0c\x31\xfa\x91\x80\x26"
- "\x5f\xc5\xac\x11\xea\x1a\x5d\x62\x52\xce\x47\x05\xaa\xa9\xcc\x95\x0f\xd1"
- "\x1f\x9a\x58\x4a\x4f\x1f\xaa\x0b\x9f\x6b\x0d\xdc\x4e\xed\x3e\x56\x26\x52"
- "\xab\xad\x6a\x6a\x6b\xa8\x1b\x97\x12\x07\x82\x88\x48\xcb\x08\xcf\x98\x09"
- "\x94\x31\x91\xb9\xa9\x9c\x35\x4c\x34\x3e\x9f\xfa\xef\xef\xd3\xfd\x67\x07"
- "\xb2\xd7\x34\xe9\x8b\xb9\xbc\xd0\x8a\x18\x6f\x61\xb4\x01\x07\x7d\xd7\x96"
- "\x20\x6d\xeb\xaf\x99\x9c\x3f\x93\xf4\xea\x8c\x82\x36\xe3\xad\x59\xc5\x4b"
- "\x63\xa5\x15\x70\x8d\xfa\x01\xc6\xa4\xc9\x2f\xee\x11\xb1\x61\x19\x60\x0f"
- "\xcf\x92\x91\xfe\xc6\x22\x4d\x01\xdb\x63\xd1\xd1\xae\x57\x21\xc4\x42\x95"
- "\xf4\x66\x4e\xbe\x54\xcd\x23\xac\xef\x37\x70\xdd\xb3\xdd\xff\x87\x1f\xc2"
- "\x07\xa1\x46\x84\xde\x0b\xf8\x74\xe9\xaa\xc6\xe6\x27\xb0\x70\x3f\xdc\xd0"
- "\x5e\x38\xf7\xaa\x50\xe3\x1c\x56\x8d\x70\x5f\xcd\xd8\x79\xe8\x24\x5d\x72"
- "\xd8\xfc\x2f\xfe\xb3\xd5\x79\xf4\x4d\x6b\x32\xdf\x40\x83\xc5\xcb\xe0\xb4"
- "\xf8\x37\xe9\x82\x00\x36\x20\x58\x55\x20\xb1\x70\xb8\x36\xf8\x08\x4f\x26"
- "\x42\xbd\xff\x4d\x1d\x9a\x2e\x61\x34\xda\x1d\x26\xa5\xc4\x1a\xc0\x8c\x6c"
- "\x06\x27\x9d\xe7\x45\xc9\xbb\xd1\x67\x3b\x32\x22\x7c\xf5\xbb\xcb\x9e\x85"
- "\x22\x6d\x6e\x83\xa2\x6d\xb5\x02\xf8\x65\x0e\xd1\x16\xa9\xd9\x2c\xad\xf9"
- "\x61\xbb\x5e\xff\xcb\x85\xcc\x3b\xc9\x15\x13\x7a\xe0\x3f\x95\x41\x20\x22"
- "\x38\xc1\x0c\xf6\xf6\xce\x8a\x91\xb5\x7a\x89\x5c\x4a\x7b\x36\x50\x7c\x5d"
- "\x56\x3f\xdd\xbe\x9b\x83\xde\x6d\x17\x33\x67\x17\xd4\x32\x35\xb9\xf5\xf5"
- "\xbd\xcb\x20\xff\xed\xa2\x98\x8b\x11\xfc\x72\x21\xcc\xba\xf0\x65\x7a\x56"
- "\x9e\xee\xe3\x7f\xb8\xef\x52\x7f\x87\x60\x43\x3b\xcc\x33\xca\xb1\xc8\x48"
- "\x33\x0b\x2b\xb5\x9f\x80\x8a\x5d\x6e\xa9\x77\x35\xc1\xce\x89\x3e\x85\x0e"
- "\xed\xf8\x41\xdd\x91\x1c\x6b\x78\x59\x63\xb9\xb8\x7c\xd1\x64\xcf\xd5\x38"
- "\xb5\x0e\x25\x91\x41\xba\xf1\xd1\xa7\xf9\x19\xa9\xb9\xcd\xd9\x63\x18\x37"
- "\x6f\xee\x12\x36\x9e\x7c\x70\x2a\x29\x9c\xdd\x08\x32\x13\x78\xc3\x9b"
- "\x3a",
- 594);
- *(uint64_t*)0x200000000008 = 0x252;
- *(uint64_t*)0x200000000010 = 0;
- *(uint64_t*)0x200000000018 = 0;
- syscall(__NR_writev, /*fd=*/r[24], /*vec=*/0x200000000000ul, /*vlen=*/2ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- *(uint16_t*)0x200000000000 = 1;
- *(uint64_t*)0x200000000008 = 0x200000000140;
- *(uint16_t*)0x200000000140 = 6;
- *(uint8_t*)0x200000000142 = 0;
- *(uint8_t*)0x200000000143 = 0;
- *(uint32_t*)0x200000000144 = 0x7fffff7a;
- res = syscall(__NR_seccomp, /*op=*/1ul, /*flags=*/0ul,
- /*arg=*/0x200000000000ul);
- if (res != -1)
- r[25] = res;
- syscall(__NR_ioprio_get, /*which=IOPRIO_WHO_USER*/ 3ul, /*who=*/0);
- res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/2ul, /*proto=*/0x88);
- if (res != -1)
- r[26] = res;
- *(uint32_t*)0x200000000280 = 5;
- res = syscall(__NR_getsockopt, /*fd=*/r[26], /*level=*/1, /*optname=*/0x11,
- /*optval=*/0x200000000240ul, /*optlen=*/0x200000000280ul);
- if (res != -1) {
- r[27] = *(uint32_t*)0x200000000244;
- r[28] = *(uint32_t*)0x200000000248;
- }
- syscall(__NR_setuid, /*uid=*/r[27]);
- syscall(__NR_quotactl_fd, /*fd=*/r[25],
- /*cmd=Q_QUOTAOFF_PRJ*/ 0xffffffff80000302ul, /*id=*/r[27],
- /*addr=*/0ul);
- *(uint32_t*)0x200000000180 = 1;
- *(uint32_t*)0x200000000184 = 1;
- *(uint32_t*)0x200000000188 = 0x18;
- *(uint32_t*)0x20000000018c = r[25];
- *(uint32_t*)0x200000000190 = r[27];
- *(uint32_t*)0x200000000194 = r[28];
- memcpy((void*)0x200000000198, "./file0\000", 8);
- res = syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0xc018937b,
- /*arg=*/0x200000000180ul);
- if (res != -1)
- r[29] = *(uint32_t*)0x200000000190;
- *(uint32_t*)0x200000000000 = 2;
- *(uint32_t*)0x200000000004 = 0x80;
- *(uint8_t*)0x200000000008 = 0xb9;
- *(uint8_t*)0x200000000009 = 0;
- *(uint8_t*)0x20000000000a = 0;
- *(uint8_t*)0x20000000000b = 0;
- *(uint32_t*)0x20000000000c = 0;
- *(uint64_t*)0x200000000010 = 0;
- *(uint64_t*)0x200000000018 = 0;
- *(uint64_t*)0x200000000020 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 38, 26);
- *(uint32_t*)0x200000000030 = 0;
- *(uint32_t*)0x200000000034 = 0;
- *(uint64_t*)0x200000000038 = 0;
- *(uint64_t*)0x200000000040 = 0;
- *(uint64_t*)0x200000000048 = 0;
- *(uint64_t*)0x200000000050 = 0;
- *(uint32_t*)0x200000000058 = 0;
- *(uint32_t*)0x20000000005c = 0;
- *(uint64_t*)0x200000000060 = 0;
- *(uint32_t*)0x200000000068 = 0;
- *(uint16_t*)0x20000000006c = 0;
- *(uint16_t*)0x20000000006e = 0;
- *(uint32_t*)0x200000000070 = 0;
- *(uint32_t*)0x200000000074 = 0;
- *(uint64_t*)0x200000000078 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000000ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- syscall(__NR_rt_sigtimedwait, /*these=*/0ul, /*info=*/0ul, /*ts=*/0ul,
- /*sigsetsize=*/0ul);
- memcpy((void*)0x200000000080, "syz\000", 4);
- memcpy((void*)0x2000000000c0, "./file0\000", 8);
- memcpy((void*)0x200000000100, "9p\000", 3);
- memcpy((void*)0x2000000002c0, "trans=virtio,", 13);
- memcpy((void*)0x2000000002cd, "cache=mmap", 10);
- *(uint8_t*)0x2000000002d7 = 0x2c;
- memcpy((void*)0x2000000002d8, "pcr", 3);
- *(uint8_t*)0x2000000002db = 0x3d;
- sprintf((char*)0x2000000002dc, "%020llu", (long long)0xa);
- *(uint8_t*)0x2000000002f0 = 0x2c;
- memcpy((void*)0x2000000002f1, "euid<", 5);
- sprintf((char*)0x2000000002f6, "%020llu", (long long)r[29]);
- *(uint8_t*)0x20000000030a = 0x2c;
- memcpy((void*)0x20000000030b, "fsmagic", 7);
- *(uint8_t*)0x200000000312 = 0x3d;
- sprintf((char*)0x200000000313, "0x%016llx", (long long)7);
- *(uint8_t*)0x200000000325 = 0x2c;
- memcpy((void*)0x200000000326, "smackfsfloor", 12);
- *(uint8_t*)0x200000000332 = 0x3d;
- memcpy((void*)0x200000000333, "session", 7);
- *(uint8_t*)0x20000000033a = 0x2c;
- memcpy((void*)0x20000000033b, "dont_appraise", 13);
- *(uint8_t*)0x200000000348 = 0x2c;
- *(uint8_t*)0x200000000349 = 0;
- syscall(__NR_mount, /*src=*/0x200000000080ul, /*dst=*/0x2000000000c0ul,
- /*type=*/0x200000000100ul,
- /*flags=MS_PRIVATE|MS_REMOUNT|MS_NODIRATIME*/ 0x40820ul,
- /*opts=*/0x2000000002c0ul);
- memcpy((void*)0x200000000680, "iso9660\000", 8);
- memcpy((void*)0x2000000006c0, "./file0\000", 8);
- memcpy((void*)0x2000000001c0,
- "\x73\x62\x73\x65\x63\x74\x6f\x72\x3d\x30\x78\x30\x30\x30\x30\x4d\xee"
- "\x00\x8e\x22\x00\x00\x00\x30\x30\x30\x33\x2c\x73\x65\x73\x73\x69\x6f"
- "\x6e\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30"
- "\x30\x34\x34\x2c\x64\x6d\x6f\x64\x02\x00\x00\x00\x30\x30\x30\x30\x30"
- "\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x35\x2c\x00\x7d\x56\x5b\x7f"
- "\x91\x57\x22\x1d\x96\x3b\x95\x3d\xab\x51\x84\x8f\xd7\x1b\x25\xc7\x89"
- "\x90\xd5\x16\xbd\x0f\xde\x83\x35\xcf\xde\x42\x1b\x51\xec",
- 116);
- memcpy(
- (void*)0x200000000740,
- "\x78\x9c\xec\xdd\xdf\x6e\x14\xe7\xd9\x00\xf0\x67\xf9\xa3\x0f\xf9\x93\x50"
- "\xd5\x56\x08\x21\x42\x26\xd0\x4a\x20\x11\xb3\xbb\x0e\x46\x56\x8e\xb6\xe3"
- "\x59\x7b\x92\xdd\x9d\xd5\xcc\x3a\x82\xa3\x08\x05\x13\x21\x4c\x52\x41\x2a"
- "\x15\xce\x38\xa1\xad\xd4\x5e\x44\x4e\x7b\x11\xed\x15\x45\xbd\x84\x56\x33"
- "\xbb\x26\x06\x6c\x2f\x05\xe2\x4d\xd1\xef\xb7\x82\xf7\xdd\x99\x67\xe6\x7d"
- "\x66\xbc\x9a\x47\x63\xef\xcc\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x10\xad\x74\xbd\xdd\xee\xb4\x62\x90\x8f\xb6\x6e\x26\x07\x4b"
- "\xd7\xcb\x62\x78\xc8\xfc\xdd\xf5\xfd\xf3\x85\xe6\x90\x71\x23\x5a\xf5\xbf"
- "\x38\x75\x2a\xce\x4e\x27\x9d\xfd\xf5\x8f\xb3\xcf\xd4\xff\x5d\x8c\xf3\xd3"
- "\x77\xe7\xe3\x54\xdd\x9c\x8a\x27\xff\x7f\xe6\x17\x9f\xfe\xea\xc4\xb1\xdd"
- "\xe5\x0f\x49\xe8\x48\x3c\x7a\xfc\xe4\xfe\xed\x9d\x9d\xed\x87\x8b\x4e\x64"
- "\x41\x36\xb2\x51\x5e\x15\xf9\xb0\xb7\x91\x25\x79\x55\x24\x6b\xab\xab\xed"
- "\x6b\x9b\xfd\x2a\xe9\xe7\x83\xac\xba\x55\x4d\xb2\x61\x92\x96\x59\x6f\x52"
- "\x94\xc9\xe5\xf4\x4a\xd2\x59\x5b\x5b\x49\xb2\xe5\x5b\xc5\xd6\x68\x63\xbd"
- "\x37\xc8\x76\x27\xde\xf8\xb8\xdb\x6e\xaf\x26\x9f\x2d\x8f\xb3\x5e\x59\x15"
- "\xa3\x6b\x9f\x2d\x57\xe9\x66\x3e\x18\xe4\xa3\x8d\x26\xa6\x9e\x5d\xc7\xdc"
- "\xa8\x3f\x88\x9f\xe7\x93\x64\x92\xf5\x86\x49\x72\xf7\xde\xce\xf6\xca\xbc"
- "\x24\xeb\xa0\xce\xeb\x04\x75\xe7\x05\x75\xdb\xdd\x6e\xa7\xd3\xed\x76\x56"
- "\xaf\xaf\x5d\xbf\xd1\x6e\x9f\x78\x65\x42\xfb\x25\xf1\x4a\xc4\xe2\x3f\xb4"
- "\x2c\xd6\x3b\x3e\x82\xc3\x9b\x3b\x36\xab\xff\x31\x88\x3c\x46\xb1\x15\x37"
- "\x23\xd9\xf7\x95\xc6\x7a\x94\x51\xc4\xf0\x80\xf9\x33\xbb\xf5\xff\xb7\xd7"
- "\xb2\x43\xc7\xdd\x5b\xff\x77\xab\xfc\xd9\x1f\x67\x9f\x8b\xa6\xfe\x5f\x98"
- "\xbe\xbb\x70\x50\xfd\x3f\x20\x97\xa3\x7b\x3d\x8a\xc7\xf1\x24\xee\xc7\xed"
- "\xd8\x89\x9d\xd8\x8e\x87\x0b\xcf\xe8\x68\x5f\x1b\x91\xc5\x28\xf2\xa8\xa2"
- "\x88\x3c\x86\xd1\x6b\xa6\x24\xb3\x29\x49\xac\xc5\x6a\xac\x46\x3b\xbe\x8c"
- "\xcd\xe8\x47\x15\x49\xf4\x23\x8f\x41\x64\x51\xc5\xad\xa8\x62\x12\x59\xf3"
- "\x89\x4a\xa3\x8c\x2c\x7a\x31\x89\x22\xca\x48\xe2\x72\xa4\x71\x25\x92\xe8"
- "\xc4\x5a\xac\xc5\x4a\x24\x91\xc5\x72\xdc\x8a\x22\xb6\x62\x14\x1b\xb1\x1e"
- "\xbd\x66\x2d\x77\xe3\x5e\xb3\xdf\x57\x0e\xc9\xf1\x79\x50\xe7\x75\x82\xba"
- "\x87\x04\xa9\xff\xbc\xbd\x77\x7f\x10\x87\x37\xf4\xef\xdd\xfa\x0f\x00\x00"
- "\x00\xbc\xb7\x5a\xcd\x6f\xdf\xeb\xf3\xff\x93\xf1\x41\xd3\xeb\xe7\x83\xac"
- "\xbd\xe8\xb4\x00\x00\x00\x80\x77\xa8\xf9\xcb\xff\xf9\xba\x39\x59\xf7\x3e"
- "\x88\x96\xf3\x7f\x00\x00\x00\x78\xdf\xb4\x9a\x6b\xec\x5a\x11\xb1\x14\x1f"
- "\x4e\x7b\xbb\x57\x42\xf9\x25\x00\x00\x00\x00\xbc\x27\x9a\xbf\xff\x5f\xa8"
- "\x9b\xa5\xba\xf7\x61\xb4\x9c\xff\x03\x00\x00\xc0\xfb\xe6\xcf\x73\xef\xb1"
- "\x5f\x8d\xff\xaf\xf5\x8f\x7f\x45\x59\x9e\x6c\x3d\x1d\xdf\xfc\x4d\xeb\x41"
- "\xaf\x8e\xeb\x3d\x38\x3e\x5d\xee\xf8\xcb\x6b\x9c\xf4\xcf\xb5\x4e\xcf\x56"
- "\xd2\x34\xab\x27\x66\xef\xd2\xec\x7c\x6b\x76\xf7\xcb\xe7\x37\xc1\xfc\x61"
- "\xd6\xdc\x9d\x97\x47\xeb\x1d\x24\x10\x7f\x8d\x8f\xa6\x31\x1f\xdd\x99\xb6"
- "\x77\x76\xe7\x4c\x47\x59\xea\xe7\x83\x6c\x39\x2d\x06\x9f\x76\xa2\xd7\x3b"
- "\x7d\x6c\x92\xdd\x9c\xfc\xe1\x9b\x7b\x7f\x8c\x66\xf3\xff\x32\x1a\x9e\x6e"
- "\xc5\xdd\x7b\x3b\xdb\xcb\x5f\x7d\xbb\x73\xa7\xc9\xe5\x69\xbd\x96\xa7\x0f"
- "\x66\x37\x50\x7c\xe5\x3e\x8a\x87\xe4\xf2\x5d\x73\xbf\x85\xe6\x9a\x8b\x7d"
- "\xb7\xf8\x64\x73\x21\xc6\x6c\xdc\xa5\xe9\xb8\xed\xbd\xdb\x7f\x6c\xba\xf8"
- "\xb1\xff\x62\xcc\x67\x71\x71\x1a\x73\x71\x69\xda\x2e\xbd\xb8\xfd\xa7\xea"
- "\x31\x3b\xcb\x07\x6d\xfd\x2c\x8b\xce\x5b\x6e\xf9\xb3\xb8\x34\x8d\xb9\x74"
- "\xf9\xd2\xb4\xd9\x27\x8b\xee\xbc\x2c\xba\x7b\xb3\x78\xa3\x7d\xf1\x1a\x59"
- "\xac\xcc\xcb\x62\xe5\x2d\xb3\x00\x58\x94\xbb\x73\xaa\x50\xeb\xd5\xc2\xff"
- "\x06\x47\xb9\xa3\xa9\xee\xcf\xe2\xf2\x34\xe6\xf2\xb9\xe6\xc0\x7a\xe2\xdc"
- "\x3e\x47\xf4\xf6\xbc\x23\x7a\xfb\x2d\xab\xdb\xdf\xe3\xca\x34\xe6\xca\x6e"
- "\xf0\x41\x35\xb6\x1e\xf7\x6f\x2f\x55\xd5\xef\xeb\x05\xbe\x3f\x70\xdc\x6a"
- "\xd0\x6d\xd5\xbb\xf0\xf8\x77\x0f\x7e\x1f\x67\x1e\x3d\x7e\xf2\xf1\xbd\x07"
- "\xb7\xbf\xde\xfe\x7a\xfb\x9b\x6e\x77\x65\xb5\xfd\x49\xbb\x7d\xbd\x1b\x27"
- "\x9b\xcd\x98\x35\x6a\x0f\x00\xfb\x98\xff\x8c\x9d\xb9\x11\xad\x4f\xe6\x9c"
- "\x55\xff\xf2\xf9\x57\x0a\x96\xe3\xab\xf8\x36\x76\xe2\x4e\x5c\x6d\xae\x36"
- "\x68\xbe\x71\xb0\xef\x5a\x97\xf6\x7c\x0d\xe1\xea\x9c\xb3\xd6\xa5\x3d\x4f"
- "\x78\xb9\x3a\xe7\xac\x6e\x69\xcf\x83\x5e\x5e\x3f\x76\xe5\x08\x7e\x12\x00"
- "\x70\x74\x2e\xce\xa9\xc3\xaf\x53\xff\xaf\xce\x39\xef\x7e\xb1\x96\x1f\x7e"
- "\x76\xbc\xb7\x96\x03\x00\x3f\x8d\xac\xfc\xa1\xb5\x34\xf9\x53\xab\x2c\xf3"
- "\xf1\x97\x9d\xb5\xb5\x4e\x6f\xb2\x99\x25\x65\x91\x7e\x9e\x94\xf9\xfa\x46"
- "\x96\xe4\xa3\x49\x56\xa6\x9b\xbd\xd1\x46\x96\x8c\xcb\x62\x52\xa4\xc5\xa0"
- "\xee\x7c\x91\xaf\x67\x55\x52\x6d\x8d\xc7\x45\x39\x49\xfa\x45\x99\x8c\x8b"
- "\x2a\xbf\xd9\x3c\xf9\x3d\x99\x3d\xfa\xbd\xca\x86\xbd\xd1\x24\x4f\xab\xf1"
- "\x20\xeb\x55\x59\x92\x16\xa3\x49\x2f\x9d\x24\xeb\x79\x95\x26\xe3\xad\xdf"
- "\x0d\xf2\x6a\x33\x2b\x9b\x85\xab\x71\x96\xe6\xfd\x3c\xed\x4d\xf2\x62\x94"
- "\x54\xc5\x56\x99\x66\xcb\x49\x52\x65\xd9\x9e\xc0\x7c\x3d\x1b\x4d\xf2\x7e"
- "\x5e\x77\x47\xc9\xb8\xcc\x87\xbd\xf2\x56\xf2\x45\x31\xd8\x1a\x66\xc9\x7a"
- "\x56\xa5\x65\x3e\x9e\x14\xd3\x15\xee\x8e\x95\x8f\xfa\x45\x39\x6c\x56\xbb"
- "\xbc\xe8\x9d\x0d\x00\x3f\x13\x8f\x1e\x3f\xb9\x7f\x7b\x67\x67\xfb\xe1\x4f"
- "\xd8\x59\xf4\x36\x02\x00\x2f\x52\xa5\x01\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\xe0\xe7\xef\x28\xae\xff\xd3\xd1\xd1\xf9\x5f\xeb\x2c\xfa\xc8\x04"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaf\xfa\x4f\x00\x00\x00\xff\xff"
- "\xee\x6e\x58\x08",
- 1606);
- syz_mount_image(/*fs=*/0x200000000680, /*dir=*/0x2000000006c0, /*flags=*/0,
- /*opts=*/0x2000000001c0, /*chdir=*/1, /*size=*/0x646,
- /*img=*/0x200000000740);
- syz_proconfig_set__sys_fs_ext4_sda_inode_readahead_blks(/*val=*/0x80000000);
- syz_proconfig_reset__sys_fs_ext4_sda_inode_readahead_blks();
- memcpy(
- (void*)0x2000000001c0,
- "secur\215ty.se|\374H\234\'}"
- "\000\313u\000\000q\020B\220\332\2102\024\326\232\216ic\324N\t\352\r0\226"
- "3\212R\321\266\r\361\332\263\246\216\266\203,\223wc\021k\027\234\255>"
- "\005\317\265\341X\273H\221f\246T\000\000\000\000\275r\342\273T\025F$"
- "\300?\211\266\354P\272\254\312=\352\240\273\361\327\005\301\354$E#"
- "\306\214I5\023\312\035g\225\263I\355\252m\222\226q\005\000\344\225\0350"
- "\330\243\340\350\245\322AH&\022\037\020\351\n\256\0167Y\306^"
- "\340l\006A\365\304\345c\352\"#\312\275BQ\220\231E\020)N\335Kd\3431\231`"
- "\277*"
- "\020\356\200\004\300I\201\301\016\376\305i\245\273\030\242\223\0311V\275"
- ",\273\265\352\376Z\036\311\224\345\310fnz\345\240F\212\346\003\000\235"
- "\324\344\255\276\212;"
- "\342\272\377\034\\\237U\337\244\223\2625\236\337\264\356\253)"
- "\177\335\000\357\203$\346\35349=\000\000\321\300\360\316\221P;\242$"
- "\223\023\336f\335\215\363\024+{"
- "\366\236\260\361\362sf\257\225\213\345\360\334\3377\255\271#"
- "m\227\353W\020[\260Bq\250\372^\347\311\024q\367\a\341\260z."
- "K\2415\204\315",
- 326);
- syscall(__NR_memfd_create, /*name=*/0x2000000001c0ul,
- /*flags=MFD_ALLOW_SEALING*/ 2ul);
- memcpy((void*)0x200000000b80, "ext4\000", 5);
- memcpy((void*)0x200000000bc0, "./file0\000", 8);
- memcpy((void*)0x200000000140, "debug_want_extra_isize", 22);
- *(uint8_t*)0x200000000156 = 0x3d;
- sprintf((char*)0x200000000157, "0x%016llx", (long long)0xc000000000000000);
- *(uint8_t*)0x200000000169 = 0x2c;
- memcpy((void*)0x20000000016a, "nolazytime", 10);
- *(uint8_t*)0x200000000174 = 0x2c;
- memcpy((void*)0x200000000175, "stripe", 6);
- *(uint8_t*)0x20000000017b = 0x3d;
- sprintf((char*)0x20000000017c, "0x%016llx", (long long)5);
- *(uint8_t*)0x20000000018e = 0x2c;
- *(uint8_t*)0x20000000018f = 0;
- memcpy(
- (void*)0x2000000017c0,
- "\x78\x9c\xec\xdc\xcd\x6b\x1c\xe5\x1f\x00\xf0\xef\x4c\x5e\xda\x5f\xd3\x9f"
- "\x89\xe0\xc1\x7a\x0a\x68\xb1\x50\xba\x79\x69\x7d\x03\x0f\xed\x41\x4f\x16"
- "\x0a\x0a\xde\xac\xeb\x66\x1b\x42\x36\xd9\x92\xdd\xd4\x26\x06\x6d\xa1\x1e"
- "\x0a\x1e\x04\x7b\xf1\x58\xff\x04\xaf\x16\x29\x3d\xf5\xaa\x20\x82\xe0\xc1"
- "\x83\x52\x0a\x45\x82\xc7\x06\x22\xb3\x99\xbc\x34\xd9\x4d\x93\x34\xc9\x42"
- "\xfc\x7c\x60\x33\xdf\xef\x3c\xbb\xfb\xcc\x77\x67\xe6\xc9\xb3\xb0\x33\x01"
- "\xfc\x67\xf5\x67\x7f\xd2\x88\x63\x11\xf1\x75\x12\xd1\x9b\xaf\x4f\x23\xa2"
- "\xbb\x11\x1d\x8e\xb8\xb6\xf4\xbc\xc7\xf3\x73\xa5\x85\xf9\xb9\x52\x12\x8b"
- "\x8b\xef\xff\x9d\x44\x92\xaf\x5b\x7e\xaf\x24\x5f\xf6\xe4\xc9\x8b\x11\x71"
- "\xef\xcb\x88\x93\xe9\xc6\x7e\x6b\x33\xb3\xe3\xc5\x4a\xa5\x3c\x95\xe7\x03"
- "\xf5\x89\xcb\x03\xb5\x99\xd9\x53\x63\x13\xc5\xd1\xf2\x68\x79\xf2\xcc\xd0"
- "\x99\xb7\x5e\x3b\x3d\xf8\xe6\xf0\xeb\xbb\x56\xeb\xbb\x8b\xc5\x9f\x5f\xf9"
- "\xe3\x9d\x5f\xef\xdc\xfc\xeb\xd3\x7b\xb7\x4e\x3f\x48\xe2\x6c\x1c\xcd\xdb"
- "\xd6\xd6\xb1\x5b\xfa\xa3\x3f\xff\x4c\xba\xe2\xec\xba\xb6\x8f\x76\xbb\xb3"
- "\x36\x4b\xda\xbd\x01\x00\x00\x6c\x49\x36\x35\xef\x88\x88\xce\xc8\xbe\x03"
- "\xf4\x46\x47\x23\x02\x00\x00\x00\x0e\x92\x2f\x22\x62\x11\x00\x00\x00\x38"
- "\xe0\x12\xdf\xff\x01\x00\x00\xe0\x80\x5b\xfe\x1d\xc0\xe3\xf9\xb9\xd2\xf2"
- "\xa3\xbd\xbf\x48\xd8\x5f\x8f\xce\x45\x44\xdf\xea\xb5\xcd\x0b\x2b\xf5\x77"
- "\xc6\xb5\xc6\xf2\x70\x74\x45\xc4\x91\x7f\x92\x27\xae\x8c\x48\x96\x5e\xf6"
- "\xcc\xfa\x23\xe2\xfe\xcd\x1b\xc7\xee\xdf\xbc\xd1\x11\x7b\x74\x1d\x32\x40"
- "\x33\xd7\xae\x47\xc4\xdd\xb3\x4d\xc6\xff\x24\x1f\xff\x76\x6e\x70\x5d\xde"
- "\xec\x1e\x01\xfd\xeb\x72\xe3\x1f\xec\x9f\xbb\xe7\x96\x4e\xd4\x8d\xe7\x7f"
- "\xba\x32\xff\x89\x26\xf3\x9f\x8e\x26\xe7\xee\x4e\x3c\xfd\xfc\x4f\x1f\xee"
- "\x42\x37\x2d\x65\xf3\xbf\xb7\x23\x62\x61\xc3\xfc\x6f\xe5\xa6\x35\x7d\x1d"
- "\x79\xf6\xff\xc6\x9c\xaf\x2b\xb9\x34\x56\x29\x67\x63\xdb\x73\x11\x71\x22"
- "\xba\x0e\x65\xf9\xd0\x26\x7d\x1c\xff\x7c\xf6\xdb\x56\x6d\x6b\xe6\x7f\x8d"
- "\x47\xd6\x7f\xb6\x5c\x7d\x46\xfa\xb0\xf3\xd0\x93\xaf\x19\x29\xd6\x8b\xcf"
- "\x52\xf3\x5a\x8f\xae\x47\xbc\xd4\xd9\xac\xfe\x64\x65\xff\x27\x2d\xe6\xbf"
- "\x17\xb6\xd8\xc7\x9d\xcf\xde\xf8\xbd\x55\xdb\xd3\xeb\xdf\x5b\x8b\xb7\x23"
- "\x5e\x6d\xba\xff\x57\xff\x5b\x25\x9b\xdf\x9f\x68\xa0\x71\x3c\x0c\x2c\x1f"
- "\x15\x1b\x7d\x3f\x7c\xfc\xab\x56\xfd\xb7\xbb\xfe\x6c\xff\x1f\xd9\xbc\xfe"
- "\xbe\x64\xed\xfd\x9a\x6a\xdb\xef\xe3\x9b\x1f\x3e\xfc\xb3\x55\xdb\x4e\x8f"
- "\xff\xee\xe4\x83\x46\xdc\x9d\xaf\xbb\x5a\xac\xd7\xa7\x86\x22\xba\x93\xf7"
- "\x36\xae\x1f\x5e\x7d\xed\x72\xbe\xfc\xfc\xac\xfe\x13\x2f\x37\x3f\xff\x37"
- "\x3b\xfe\xb3\x31\xe1\xe3\xfc\x53\xca\xc6\x86\x62\xbe\xcc\xf2\x4f\xd6\xd5"
- "\xf8\xdb\x4f\x3d\x27\x77\x5e\xff\xde\xca\xea\x1f\xd9\xd6\xfe\xdf\x7e\x70"
- "\xfb\xbb\x1f\x7f\x69\xd5\xff\xd6\xf6\xff\x99\x46\x74\x22\x5f\xb3\x95\xf1"
- "\x6f\xab\x1b\xf8\x2c\x9f\x1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfb\x27\x8d\x88"
- "\xa3\x91\xa4\x85\x95\x38\x4d\x0b\x85\x88\x9e\x88\x78\x21\x8e\xa4\x95\x6a"
- "\xad\x7e\xf2\x52\x75\x7a\x72\x24\x6b\x8b\xe8\x8b\xae\xf4\xd2\x58\xa5\x3c"
- "\x18\x11\xbd\x4b\x79\x92\xe5\x43\x8d\x78\x35\x1f\x5e\x97\x9f\x8e\x88\xe7"
- "\x23\xe2\x56\xef\xff\x1a\x79\xa1\x54\xad\x8c\xb4\xbb\x78\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x56\xf4\x44\xc4\xd1\x48\xd2\x42\x44\xa4\x8d\x38\x4d"
- "\x0b\x85\xa5\xb6\x07\xbd\xed\xde\x3a\x00\x00\x00\x60\xd7\xf4\xb5\x7b\x03"
- "\x00\x00\x00\x80\x3d\xe7\xfb\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\xb0\x0b\x2e\x9c\x3f\x9f\x3d\x16\x17\xe6\xe7\x4a\x59\x3e\x72\x65\x66\x7a"
- "\xbc\x7a\xe5\xd4\x48\xb9\x36\x5e\x98\x98\x2e\x15\x4a\xd5\xa9\xcb\x85\xd1"
- "\x6a\x75\xb4\x52\x2e\x94\xaa\x13\x4f\x7b\xbf\x4a\xb5\x7a\x79\x30\x26\xa7"
- "\xaf\x0e\xd4\xcb\xb5\xfa\x40\x6d\x66\xf6\xe2\x44\x75\x7a\xb2\x7e\x71\x6c"
- "\xa2\x38\x5a\xbe\x58\xee\xda\x97\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\xd8\xae\xda\xcc\xec\x78\xb1\x52\x29\x4f\x09\x04\x02\xc1\x4a\xd0\xee\x91"
- "\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x80\x83\xec\xdf\x00\x00\x00\xff\xff\xe8\x68\x12\xd0",
- 2896);
- syz_mount_image(/*fs=*/0x200000000b80, /*dir=*/0x200000000bc0, /*flags=*/0,
- /*opts=*/0x200000000140, /*chdir=*/1, /*size=*/0xb50,
- /*img=*/0x2000000017c0);
- res = syscall(__NR_inotify_init1, /*flags=*/0ul);
- if (res != -1)
- r[30] = res;
- res = -1;
- res = syz_open_procfs(/*pid=*/-1, /*file=*/0);
- if (res != -1)
- r[31] = res;
- syscall(__NR_lseek, /*fd=*/-1, /*offset=*/0ul, /*whence=*/0ul);
- syz_proconfig_reset__sys_devices_breakpoint_perf_event_mux_interval_ms();
- syscall(__NR_inotify_rm_watch, /*fd=*/r[30], /*wd=*/0);
- syscall(__NR_unlink, /*path=*/0ul);
- memcpy((void*)0x200000000080, "memory.events\000", 14);
- res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000080ul,
- /*flags=*/0x275a, /*mode=*/0);
- if (res != -1)
- r[32] = res;
- memcpy((void*)0x200000000040, "memory.events\000", 14);
- res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000040ul,
- /*flags=*/0x275a, /*mode=*/0);
- if (res != -1)
- r[33] = res;
- syscall(__NR_io_pgetevents, /*ctx=*/0ul, /*min_nr=*/0ul, /*nr=*/0ul,
- /*events=*/0ul, /*timeout=*/0ul, /*usig=*/0ul);
- memcpy((void*)0x200000000100, "memory.events\000", 14);
- res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000100ul,
- /*flags=*/0x100002, /*mode=*/0);
- if (res != -1)
- r[34] = res;
- syscall(__NR_dup2, /*oldfd=*/r[31], /*newfd=*/r[33]);
- sprintf((char*)0x200000000200, "0x%016llx", (long long)0);
- syscall(__NR_write, /*fd=*/r[33], /*buf=*/0x200000000200ul, /*len=*/0xfdeful);
- syscall(__NR_copy_file_range, /*fd_in=*/r[32], /*off_in=*/0ul,
- /*fd_out=*/r[34], /*off_out=*/0ul, /*len=*/9ul, /*flags=*/0ul);
- syscall(__NR_write, /*fd=*/-1, /*buf=*/0ul, /*len=*/0ul);
- syscall(__NR_unshare, /*flags=CLONE_NEWPID|CLONE_NEWNET*/ 0x60000000ul);
- *(uint64_t*)0x200000000340 = 0x101;
- syscall(__NR_sched_setaffinity, /*pid=*/-1, /*cpusetsize=*/8ul,
- /*mask=*/0x200000000340ul);
- syz_genetlink_get_family_id(/*name=*/0, /*fd=*/-1);
- *(uint64_t*)0x200000000100 = 0;
- res = syscall(__NR_signalfd, /*fd=*/-1, /*mask=*/0x200000000100ul,
- /*size=*/8ul);
- if (res != -1)
- r[35] = res;
- syscall(__NR_fcntl, /*fd=*/r[35], /*cmd=*/8ul, /*pid=*/0);
- syscall(__NR_fcntl, /*fd=*/r[35], /*cmd=*/9ul, /*sz=*/0ul);
- syz_sysconfig_set__proc_sys_vm_vfs_cache_pressure(/*val=*/0);
- res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/2ul, /*proto=*/0);
- if (res != -1)
- r[36] = res;
- syscall(__NR_write, /*fd=*/r[36], /*data=*/0x200000000080ul, /*len=*/0x70ul);
- syscall(__NR_renameat, /*oldfd=*/-1, /*old=*/0ul, /*newfd=*/-1, /*new=*/0ul);
- syz_sysconfig_reset__proc_sys_vm_vfs_cache_pressure();
- res = -1;
- res = syz_open_dev(/*dev=*/0xc, /*major=*/4, /*minor=*/1);
- if (res != -1)
- r[37] = res;
- syscall(__NR_ioctl, /*fd=*/r[37], /*cmd=*/0x540a, /*arg=TCIOFF*/ 2ul);
- syscall(__NR_madvise, /*addr=*/0x200000aab000ul, /*len=*/0x3000ul,
- /*advice=*/0ul);
- res = syscall(__NR_socket, /*domain=*/0x11ul, /*type=SOCK_DGRAM*/ 2ul,
- /*proto=*/0x300);
- if (res != -1)
- r[38] = res;
- memcpy((void*)0x200000000000, "./file0\000", 8);
- *(uint64_t*)0x200000000040 = 0;
- *(uint64_t*)0x200000000048 = 0x94;
- *(uint64_t*)0x200000000050 = 1;
- res = syscall(__NR_openat2, /*fd=*/0xffffffffffffff9cul,
- /*file=*/0x200000000000ul, /*how=*/0x200000000040ul,
- /*size=*/0x18ul);
- if (res != -1)
- r[39] = res;
- memcpy((void*)0x200000000080, "./file0\000", 8);
- syscall(__NR_openat, /*fd=*/r[39], /*file=*/0x200000000080ul,
- /*flags=O_NOATIME|O_CREAT|O_APPEND*/ 0x40440, /*mode=S_IXGRP*/ 8);
- syz_proconfig_reset__sys_fs_ext4_sda_mb_min_to_scan();
- *(uint32_t*)0x200000000100 = 0x401;
- *(uint32_t*)0x200000000104 = 0x4010;
- *(uint32_t*)0x200000000108 = 0x91;
- *(uint32_t*)0x20000000010c = 0x81;
- syscall(__NR_setsockopt, /*fd=*/r[38], /*level=*/0x107, /*optname=*/5,
- /*optval=*/0x200000000100ul, /*optlen=*/0x10ul);
- syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x2000ul, /*prot=*/0ul,
- /*flags=MAP_FIXED|MAP_SHARED*/ 0x11ul, /*fd=*/r[38], /*offset=*/0ul);
- syz_proconfig_set__sys_fs_ext4_sda_mb_min_to_scan(/*val=*/-1);
- memcpy((void*)0x200000000100, "update ", 7);
- memcpy((void*)0x200000000107, "ecryptfs", 8);
- *(uint8_t*)0x20000000010f = 0x20;
- memcpy((void*)0x200000000110, "trusted:", 8);
- memcpy((void*)0x200000000118, "user\000", 5);
- *(uint8_t*)0x20000000011d = 0;
- syscall(__NR_keyctl, /*code=*/0xcul, /*key=*/0, /*payload=*/0x200000000100ul,
- /*paylen=*/0xfffffffffffffd81ul, /*keyring=*/0);
- res = syscall(__NR_socketpair, /*domain=*/1ul, /*type=SOCK_STREAM*/ 1ul,
- /*proto=*/0, /*fds=*/0x200000000040ul);
- if (res != -1)
- r[40] = *(uint32_t*)0x200000000044;
- memcpy((void*)0x200000000280,
- ")\213\212\026\021\222O\325 "
- "1\301\214N\355H\335\337k\201\377\377\377\377\377\377\377J\002u\233"
- "\257a\254\320\370TU\257\266\274\322\377\253ll\312\332\220\316\347\357"
- "\230\3628\2128\375\212\006o\3600\317^\250\306\275> "
- "zY3R\316h\354\001b\264\201}\313\f\032\331S*"
- "\373\327Eh5\310\224\317eX0L\032\266\274\v\002)^"
- "\a\257\333\246\336\255 \314N\312\005yy\333",
- 120);
- res = syscall(__NR_memfd_create, /*name=*/0x200000000280ul,
- /*flags=MFD_ALLOW_SEALING|MFD_CLOEXEC*/ 3ul);
- if (res != -1)
- r[41] = res;
- syscall(__NR_write, /*fd=*/r[41], /*data=*/0x2000000002c0ul, /*len=*/8ul);
- *(uint64_t*)0x2000000001c0 = 0;
- syscall(__NR_sendfile, /*fdout=*/r[40], /*fdin=*/r[41],
- /*off=*/0x2000000001c0ul, /*count=*/0xfffful);
- syscall(__NR_fcntl, /*fd=*/r[41], /*cmd=*/0x409ul,
- /*seals=F_SEAL_WRITE*/ 8ul);
- syscall(__NR_mmap, /*addr=*/0x200000ffe000ul, /*len=*/0x1000ul,
- /*prot=PROT_GROWSDOWN|PROT_SEM*/ 0x1000008ul,
- /*flags=MAP_FIXED|MAP_32BIT*/ 0x50ul, /*fd=*/-1,
- /*offset=*/0x7716f000ul);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/0);
- syscall(__NR_fallocate, /*fd=*/r[41], /*mode=*/0ul, /*off=*/0ul,
- /*len=*/0x18e7ul);
- syscall(__NR_write, /*fd=*/r[41], /*buf=*/0x200000000300ul, /*count=*/0ul);
- res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0ul,
- /*flags=*/0x200002, /*mode=*/0);
- if (res != -1)
- r[42] = res;
- memcpy((void*)0x200000000000, "syz0\000", 5);
- syscall(__NR_openat, /*fd=*/r[42], /*file=*/0x200000000000ul,
- /*flags=*/0x200002, /*mode=*/0);
- syscall(__NR_openat, /*fd=*/r[42], /*file=*/0ul, /*flags=*/0x26e1,
- /*mode=*/0);
- syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0ul, /*timerid=*/0ul);
- syz_sysconfig_set__proc_sys_net_ipv4_neigh_sit0_unres_qlen_bytes(/*val=*/0);
- syscall(__NR_msgget, /*key=*/0ul, /*flags=*/0ul);
- *(uint16_t*)0x200000000240 = 2;
- *(uint64_t*)0x200000000248 = 0x200000000040;
- *(uint16_t*)0x200000000040 = 5;
- *(uint8_t*)0x200000000042 = 0;
- *(uint8_t*)0x200000000043 = 0;
- *(uint32_t*)0x200000000044 = 0;
- *(uint16_t*)0x200000000048 = 6;
- *(uint8_t*)0x20000000004a = 0;
- *(uint8_t*)0x20000000004b = 0;
- *(uint32_t*)0x20000000004c = 0;
- syscall(__NR_seccomp, /*op=*/1ul, /*flags=*/0ul, /*arg=*/0x200000000240ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- *(uint32_t*)0x2000000001c0 = 2;
- *(uint32_t*)0x2000000001c4 = 0x80;
- *(uint8_t*)0x2000000001c8 = 0x52;
- *(uint8_t*)0x2000000001c9 = 1;
- *(uint8_t*)0x2000000001ca = 0;
- *(uint8_t*)0x2000000001cb = 0;
- *(uint32_t*)0x2000000001cc = 0;
- *(uint64_t*)0x2000000001d0 = 0;
- *(uint64_t*)0x2000000001d8 = 0;
- *(uint64_t*)0x2000000001e0 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000001e8, 0, 38, 26);
- *(uint32_t*)0x2000000001f0 = 0;
- *(uint32_t*)0x2000000001f4 = 0;
- *(uint64_t*)0x2000000001f8 = 0;
- *(uint64_t*)0x200000000200 = 0;
- *(uint64_t*)0x200000000208 = 0;
- *(uint64_t*)0x200000000210 = 0;
- *(uint32_t*)0x200000000218 = 0;
- *(uint32_t*)0x20000000021c = 0;
- *(uint64_t*)0x200000000220 = 0;
- *(uint32_t*)0x200000000228 = 0;
- *(uint16_t*)0x20000000022c = 0;
- *(uint16_t*)0x20000000022e = 0;
- *(uint32_t*)0x200000000230 = 0;
- *(uint32_t*)0x200000000234 = 0;
- *(uint64_t*)0x200000000238 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x2000000001c0ul, /*pid=*/0,
- /*cpu=*/-1, /*group=*/-1, /*flags=*/0ul);
- memcpy((void*)0x200000000000, "./bus\000", 6);
- res = syscall(__NR_creat, /*file=*/0x200000000000ul, /*mode=*/0ul);
- if (res != -1)
- r[43] = res;
- *(uint32_t*)0x200000000200 = 9;
- *(uint32_t*)0x200000000204 = 0x80;
- *(uint8_t*)0x200000000208 = 0;
- *(uint8_t*)0x200000000209 = 0;
- *(uint8_t*)0x20000000020a = 0;
- *(uint8_t*)0x20000000020b = 0;
- *(uint32_t*)0x20000000020c = 0;
- *(uint64_t*)0x200000000210 = 0;
- *(uint64_t*)0x200000000218 = 0;
- *(uint64_t*)0x200000000220 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 38, 26);
- *(uint32_t*)0x200000000230 = 0;
- *(uint32_t*)0x200000000234 = 0;
- *(uint64_t*)0x200000000238 = 0x200000000000;
- *(uint64_t*)0x200000000240 = 0;
- *(uint64_t*)0x200000000248 = 0;
- *(uint64_t*)0x200000000250 = 0;
- *(uint32_t*)0x200000000258 = 0;
- *(uint32_t*)0x20000000025c = 0;
- *(uint64_t*)0x200000000260 = 0;
- *(uint32_t*)0x200000000268 = 0;
- *(uint16_t*)0x20000000026c = 0;
- *(uint16_t*)0x20000000026e = 0;
- *(uint32_t*)0x200000000270 = 0;
- *(uint32_t*)0x200000000274 = 0;
- *(uint64_t*)0x200000000278 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000200ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- memcpy((void*)0x200000000080, "./bus\000", 6);
- res = syscall(__NR_open, /*file=*/0x200000000080ul, /*flags=*/0ul,
- /*mode=*/0ul);
- if (res != -1)
- r[44] = res;
- *(uint64_t*)0x2000000000c0 = 0xfa17;
- *(uint64_t*)0x2000000000c8 = 6;
- *(uint64_t*)0x2000000000d0 = 1;
- *(uint64_t*)0x2000000000d8 = 0x7fffffffffffffff;
- *(uint64_t*)0x2000000000e0 = 0x8000000000000000;
- *(uint64_t*)0x2000000000e8 = 3;
- *(uint64_t*)0x2000000000f0 = 0x400;
- *(uint64_t*)0x2000000000f8 = 5;
- *(uint32_t*)0x200000000100 = 0x20000;
- syscall(__NR_quotactl_fd, /*fd=*/r[43],
- /*cmd=Q_SETQUOTA_USR*/ 0xffffffff80000800ul, /*id=*/-1,
- /*addr=*/0x2000000000c0ul);
- *(uint64_t*)0x200000000040 = r[43];
- syscall(__NR_write, /*fd=*/r[43], /*data=*/0x200000000040ul, /*size=*/0x23ul);
- syscall(__NR_mmap, /*addr=*/0x2000004c8000ul, /*len=*/0x1000ul, /*prot=*/0ul,
- /*flags=MAP_FIXED|MAP_PRIVATE*/ 0x12ul, /*fd=*/r[44], /*offset=*/0ul);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/5);
- syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xb36000ul,
- /*prot=PROT_GROWSUP|PROT_SEM|PROT_WRITE|PROT_EXEC|0xb635773f04ebbee0*/
- 0xb635773f06ebbeeeul,
- /*flags=MAP_POPULATE|MAP_FIXED|MAP_ANONYMOUS|MAP_SHARED*/ 0x8031ul,
- /*fd=*/-1, /*offset=*/0ul);
- *(uint8_t*)0x200000000000 = 0;
- syscall(__NR_prctl, /*option=*/0x3bul, /*mode=*/1ul, /*offset=*/0ul,
- /*len=*/0ul, /*selector=*/0x200000000000ul);
- syscall(__NR_madvise, /*addr=*/0x200000000000ul, /*len=*/0x60000bul,
- /*advice=MADV_REMOVE*/ 9ul);
- syscall(__NR_ioctl, /*fd=*/r[43], /*cmd=*/0x40043d04, /*arg=*/0ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- syscall(__NR_chdir, /*dir=*/0ul);
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/1);
- memcpy((void*)0x2000000000c0, "./bus\000", 6);
- res = syscall(__NR_open, /*file=*/0x2000000000c0ul,
- /*flags=O_SYNC|O_NOCTTY|O_EXCL|O_CREAT|O_RDWR|0x3c*/ 0x1011feul,
- /*mode=*/0ul);
- if (res != -1)
- r[45] = res;
- res = syscall(__NR_open, /*file=*/0ul,
- /*flags=O_SYNC|O_NOATIME|O_CREAT|O_RDWR*/ 0x141042ul,
- /*mode=*/0ul);
- if (res != -1)
- r[46] = res;
- *(uint64_t*)0x200000000180 = 0x200000000040;
- memcpy((void*)0x200000000040,
- "\x03\xc2\xcc\xcf\x16\x72\x39\x85\xdb\x6e\x2a\xc8\x6b\x45\xb1\xaa",
- 16);
- *(uint64_t*)0x200000000188 = 0x10;
- syscall(__NR_pwritev, /*fd=*/-1, /*vec=*/0x200000000180ul, /*vlen=*/1ul,
- /*off_low=*/0, /*off_high=*/0);
- memcpy((void*)0x200000000000, "./bus\000", 6);
- syscall(__NR_chdir, /*dir=*/0x200000000000ul);
- syscall(__NR_ioctl, /*fd=*/r[45], /*cmd=*/0x8904, /*arg=*/0x200000000080ul);
- memcpy((void*)0x200000002000, "./bus\000", 6);
- res = syscall(__NR_open, /*file=*/0x200000002000ul,
- /*flags=O_SYNC|O_NONBLOCK|O_NOFOLLOW|O_NOATIME|O_CREAT|O_RDWR*/
- 0x161842ul, /*mode=*/0ul);
- if (res != -1)
- r[47] = res;
- syscall(__NR_ftruncate, /*fd=*/r[47], /*len=*/0x2007ffful);
- syscall(__NR_connect, /*fd=*/r[46], /*addr=*/0ul, /*addrlen=*/0ul);
- syscall(__NR_lseek, /*fd=*/r[45], /*offset=*/0ul, /*whence=SEEK_HOLE*/ 4ul);
- syscall(__NR_sendfile, /*fdout=*/r[45], /*fdin=*/r[45], /*off=*/0ul,
- /*count=*/0x8080fffffffeul);
- syscall(__NR_ftruncate, /*fd=*/r[45], /*len=*/4ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- res = syscall(__NR_socket, /*domain=AF_NETLINK*/ 0x10ul,
- /*type=SOCK_RAW*/ 3ul, /*proto=*/0);
- if (res != -1)
- r[48] = res;
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/4);
- memcpy((void*)0x200000000300,
- "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16);
- *(uint64_t*)0x200000000310 = 0x200000000240;
- memcpy((void*)0x200000000240, "syztnl2\000\000\000\000\000\000\000\000\000",
- 16);
- *(uint32_t*)0x200000000250 = 0;
- *(uint16_t*)0x200000000254 = htobe16(0);
- *(uint16_t*)0x200000000256 = htobe16(0);
- *(uint32_t*)0x200000000258 = htobe32(0);
- *(uint32_t*)0x20000000025c = htobe32(0);
- STORE_BY_BITMASK(uint8_t, , 0x200000000260, 5, 0, 4);
- STORE_BY_BITMASK(uint8_t, , 0x200000000260, 4, 4, 4);
- STORE_BY_BITMASK(uint8_t, , 0x200000000261, 0, 0, 2);
- STORE_BY_BITMASK(uint8_t, , 0x200000000261, 0, 2, 6);
- *(uint16_t*)0x200000000262 = htobe16(0x14);
- *(uint16_t*)0x200000000264 = htobe16(0);
- *(uint16_t*)0x200000000266 = htobe16(0);
- *(uint8_t*)0x200000000268 = 0;
- *(uint8_t*)0x200000000269 = 0;
- *(uint16_t*)0x20000000026a = htobe16(0);
- *(uint32_t*)0x20000000026c = htobe32(0xe0000002);
- *(uint32_t*)0x200000000270 = htobe32(0);
- struct csum_inet csum_2;
- csum_inet_init(&csum_2);
- csum_inet_update(&csum_2, (const uint8_t*)0x200000000260, 20);
- *(uint16_t*)0x20000000026a = csum_inet_digest(&csum_2);
- syscall(__NR_ioctl, /*fd=*/r[48], /*cmd=*/0x89f1, /*arg=*/0x200000000300ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- syz_sysconfig_set__proc_sys_vm_zone_reclaim_mode(/*val=*/0xfffff591);
- memcpy((void*)0x200000000280, "./file0\000", 8);
- res = syscall(__NR_creat, /*file=*/0x200000000280ul,
- /*mode=S_IXOTH|S_IWOTH*/ 3ul);
- if (res != -1)
- r[49] = res;
- memcpy((void*)0x200000000300, "#! ", 3);
- *(uint8_t*)0x200000000303 = 0x20;
- memcpy((void*)0x200000000304,
- "\343\f\223@\002\347\205\025\261="
- "\2001\257\337F\335\t\214\374\341\2155\b4\003\000\000\000\025\025\004"
- "\v\214\206\\m\n\203\t\320\353\226c\362\371\300g\254;s "
- "\305s\306p536\301\241hE\207\340\260\003%$"
- "\256\253\207\240G\330h\227\367\027f\204\326\314_"
- "\204\317gm\2567\003\241\034\241\001\003\262\276\253\334s3\000\322."
- "\026Us\353U\245\321\267\275u`"
- "\247P\306t\250\370s\320\003\230\266\253\327\244\312\375\223\311\202"
- "\2264\230Wb|"
- "M\000\000\000\200\000\000\000\000\302zG\362\337\b\303\335\335\206\247"
- "\331\352_\347\245\004\270e\270n\256_\321\f\250sin\177,"
- "\r\2743\2039\246\310\021\356\016_"
- "65\2263\267\263\b\030\246\363U\314s\303\005Sv\253\201\t\311\205\361"
- "\362*&\251\356w\2104\241\300<p\005_\310\301\253\202%~s:C\252\005-"
- "\247\006\332{\215\177\214\006\371\0323\3559^\365\252z\247_X\305\371<"
- "\211T\362t\216\215\267e<D\244\215\326\032\004\rb{"
- "\345F\357\201\271T\305$\\\223",
- 291);
- *(uint8_t*)0x200000000427 = 0xa;
- syscall(__NR_write, /*fd=*/r[49], /*data=*/0x200000000300ul, /*len=*/0x128ul);
- *(uint32_t*)0x200000000040 = 4;
- *(uint32_t*)0x200000000044 = 0x80;
- *(uint8_t*)0x200000000048 = 9;
- *(uint8_t*)0x200000000049 = 0x81;
- *(uint8_t*)0x20000000004a = 5;
- *(uint8_t*)0x20000000004b = 0xdf;
- *(uint32_t*)0x20000000004c = 0;
- *(uint64_t*)0x200000000050 = 0x101;
- *(uint64_t*)0x200000000058 = 0x9204;
- *(uint64_t*)0x200000000060 = 9;
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 3, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 1, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000068, 0, 38, 26);
- *(uint32_t*)0x200000000070 = 0xff;
- *(uint32_t*)0x200000000074 = 0;
- *(uint64_t*)0x200000000078 = 0x200000000000;
- *(uint64_t*)0x200000000080 = 0;
- *(uint64_t*)0x200000000088 = 0x8000;
- *(uint64_t*)0x200000000090 = 5;
- *(uint32_t*)0x200000000098 = 5;
- *(uint32_t*)0x20000000009c = 8;
- *(uint64_t*)0x2000000000a0 = 8;
- *(uint32_t*)0x2000000000a8 = 6;
- *(uint16_t*)0x2000000000ac = 0xb7;
- *(uint16_t*)0x2000000000ae = 0;
- *(uint32_t*)0x2000000000b0 = 0;
- *(uint32_t*)0x2000000000b4 = 0;
- *(uint64_t*)0x2000000000b8 = 2;
- res = syscall(__NR_perf_event_open, /*attr=*/0x200000000040ul, /*fd=*/r[49],
- /*cpu=*/2ul, /*group=*/r[49],
- /*flags=PERF_FLAG_PID_CGROUP|0x1*/ 5ul);
- if (res != -1)
- r[50] = res;
- syscall(__NR_close, /*fd=*/r[50]);
- memcpy((void*)0x200000000180, "./file0\000", 8);
- syscall(__NR_execve, /*file=*/0x200000000180ul, /*argv=*/0ul, /*envp=*/0ul);
- syz_sysconfig_reset__proc_sys_vm_zone_reclaim_mode();
- res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/2ul, /*proto=*/0x88);
- if (res != -1)
- r[51] = res;
- *(uint32_t*)0x200000000280 = 0;
- syscall(__NR_setsockopt, /*fd=*/r[51], /*level=*/0x29,
- /*optname=IPV6_AUTOFLOWLABEL*/ 0x46, /*optval=*/0x200000000280ul,
- /*optlen=*/1ul);
- res =
- syscall(__NR_socket, /*domain=*/2ul, /*type=SOCK_RAW*/ 3ul, /*proto=*/7);
- if (res != -1)
- r[52] = res;
- memcpy((void*)0x200000000040,
- "lo\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16);
- *(uint16_t*)0x200000000050 = 2;
- *(uint16_t*)0x200000000052 = htobe16(0);
- *(uint32_t*)0x200000000054 = htobe32(-1);
- syscall(__NR_ioctl, /*fd=*/r[52], /*cmd=*/0x8918, /*arg=*/0x200000000040ul);
- syscall(__NR_socket, /*domain=AF_PHONET*/ 0x23ul, /*type=SOCK_RDM*/ 4ul,
- /*proto=*/0);
- memcpy((void*)0x200000000240, "./file0\000", 8);
- syscall(__NR_creat, /*file=*/0x200000000240ul, /*mode=*/0ul);
- syscall(__NR_pipe, /*pipefd=*/0ul);
- syscall(__NR_write, /*fd=*/-1, /*buf=*/0ul, /*count=*/0ul);
- *(uint32_t*)0x200000000000 = 2;
- *(uint32_t*)0x200000000004 = 0x80;
- *(uint8_t*)0x200000000008 = 0;
- *(uint8_t*)0x200000000009 = 0;
- *(uint8_t*)0x20000000000a = 0;
- *(uint8_t*)0x20000000000b = 0;
- *(uint32_t*)0x20000000000c = 0;
- *(uint64_t*)0x200000000010 = 0;
- *(uint64_t*)0x200000000018 = 0;
- *(uint64_t*)0x200000000020 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000028, 0, 38, 26);
- *(uint32_t*)0x200000000030 = 0;
- *(uint32_t*)0x200000000034 = 0;
- *(uint64_t*)0x200000000038 = 0;
- *(uint64_t*)0x200000000040 = 0;
- *(uint64_t*)0x200000000048 = 0;
- *(uint64_t*)0x200000000050 = 0;
- *(uint32_t*)0x200000000058 = 0;
- *(uint32_t*)0x20000000005c = 0;
- *(uint64_t*)0x200000000060 = 0;
- *(uint32_t*)0x200000000068 = 0;
- *(uint16_t*)0x20000000006c = 0;
- *(uint16_t*)0x20000000006e = 0;
- *(uint32_t*)0x200000000070 = 0;
- *(uint32_t*)0x200000000074 = 0;
- *(uint64_t*)0x200000000078 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000000ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- *(uint32_t*)0x20000000a000 = 1;
- *(uint32_t*)0x20000000a004 = 0x80;
- *(uint8_t*)0x20000000a008 = 0;
- *(uint8_t*)0x20000000a009 = 0;
- *(uint8_t*)0x20000000a00a = 0;
- *(uint8_t*)0x20000000a00b = 0;
- *(uint32_t*)0x20000000a00c = 0;
- *(uint64_t*)0x20000000a010 = 0;
- *(uint64_t*)0x20000000a018 = 0x2129;
- *(uint64_t*)0x20000000a020 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x20000000a028, 0, 38, 26);
- *(uint32_t*)0x20000000a030 = 0;
- *(uint32_t*)0x20000000a034 = 0;
- *(uint64_t*)0x20000000a038 = 0;
- *(uint64_t*)0x20000000a040 = 0;
- *(uint64_t*)0x20000000a048 = 0;
- *(uint64_t*)0x20000000a050 = 0;
- *(uint32_t*)0x20000000a058 = 7;
- *(uint32_t*)0x20000000a05c = 0;
- *(uint64_t*)0x20000000a060 = 0x20000000;
- *(uint32_t*)0x20000000a068 = 0;
- *(uint16_t*)0x20000000a06c = 0;
- *(uint16_t*)0x20000000a06e = 0;
- *(uint32_t*)0x20000000a070 = 0;
- *(uint32_t*)0x20000000a074 = 0;
- *(uint64_t*)0x20000000a078 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x20000000a000ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/2ul, /*proto=*/0x88);
- if (res != -1)
- r[53] = res;
- res = syscall(__NR_io_setup, /*n=*/7, /*ctx=*/0x200000000000ul);
- if (res != -1)
- r[54] = *(uint64_t*)0x200000000000;
- res = syscall(__NR_eventfd2, /*initval=*/0, /*flags=*/0ul);
- if (res != -1)
- r[55] = res;
- memcpy((void*)0x200000000280, "./file0\000", 8);
- syscall(__NR_mkdir, /*path=*/0x200000000280ul, /*mode=*/0ul);
- memcpy((void*)0x20000000aff8, "./file0\000", 8);
- memcpy((void*)0x2000000000c0, "hugetlbfs\000", 10);
- syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x20000000aff8ul,
- /*type=*/0x2000000000c0ul, /*flags=*/0ul, /*data=*/0ul);
- memcpy((void*)0x200000cd2ff8, "./file0\000", 8);
- syscall(__NR_chdir, /*dir=*/0x200000cd2ff8ul);
- memcpy(
- (void*)0x2000000013c0,
- "./"
- "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\000",
- 4089);
- syscall(__NR_mknod, /*file=*/0x2000000013c0ul, /*mode=*/0ul, /*dev=*/0x701);
- *(uint64_t*)0x200000000140 = 0x200000000000;
- *(uint64_t*)0x200000000000 = 0;
- *(uint32_t*)0x200000000008 = 0;
- *(uint32_t*)0x20000000000c = 0;
- *(uint16_t*)0x200000000010 = 8;
- *(uint16_t*)0x200000000012 = 0;
- *(uint32_t*)0x200000000014 = r[53];
- *(uint64_t*)0x200000000018 = 0;
- *(uint64_t*)0x200000000020 = 0;
- *(uint64_t*)0x200000000028 = 0;
- *(uint64_t*)0x200000000030 = 0;
- *(uint32_t*)0x200000000038 = 0;
- *(uint32_t*)0x20000000003c = -1;
- *(uint64_t*)0x200000000148 = 0x200000000040;
- *(uint64_t*)0x200000000040 = 0;
- *(uint32_t*)0x200000000048 = 0;
- *(uint32_t*)0x20000000004c = 0;
- *(uint16_t*)0x200000000050 = 8;
- *(uint16_t*)0x200000000052 = 0x8001;
- *(uint32_t*)0x200000000054 = r[53];
- *(uint64_t*)0x200000000058 = 0;
- *(uint64_t*)0x200000000060 = 0;
- *(uint64_t*)0x200000000068 = 0;
- *(uint64_t*)0x200000000070 = 0;
- *(uint32_t*)0x200000000078 = 3;
- *(uint32_t*)0x20000000007c = r[55];
- syscall(__NR_io_submit, /*ctx=*/r[54], /*nr=*/2ul,
- /*iocbpp=*/0x200000000140ul);
- memcpy((void*)0x2000000000c0, "./file0\000", 8);
- memcpy((void*)0x2000005f7ffb, "nfs4\000", 5);
- syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x2000000000c0ul,
- /*type=*/0x2000005f7ffbul, /*flags=*/0ul, /*data=*/0x20000000a000ul);
- memcpy((void*)0x200000000580, "ext4\000", 5);
- memcpy((void*)0x200000000040, "./file0\000", 8);
- memcpy((void*)0x2000000005c0, "auto_da_alloc", 13);
- *(uint8_t*)0x2000000005cd = 0x2c;
- memcpy((void*)0x2000000005ce, "grpjquota=", 10);
- *(uint8_t*)0x2000000005d8 = 0x2c;
- memcpy((void*)0x2000000005d9, "discard", 7);
- *(uint8_t*)0x2000000005e0 = 0x2c;
- memcpy((void*)0x2000000005e1, "lazytime", 8);
- *(uint8_t*)0x2000000005e9 = 0x2c;
- memcpy((void*)0x2000000005ea, "nolazytime", 10);
- *(uint8_t*)0x2000000005f4 = 0x2c;
- *(uint8_t*)0x2000000005f5 = 0;
- memcpy(
- (void*)0x200000002600,
- "\x78\x9c\xec\xdd\x4d\x8f\x53\x55\x1f\x00\xf0\xff\xbd\x9d\x99\x67\x80\x79"
- "\x9c\xc1\x18\x03\x6e\x9c\x68\x82\x24\xc6\x32\x0c\x8a\xd1\x8d\xc0\x5a\x13"
- "\x13\xdd\xb8\x63\x02\x85\x8c\x94\x97\xcc\x8c\x89\x10\x17\xb0\x30\x6e\x5c"
- "\x60\x62\xc2\xc2\x44\x43\xd8\xf8\x21\x5c\x10\x13\xbf\x80\x2b\x71\xe7\xd6"
- "\x84\x18\x03\xc4\x97\x4d\xcd\x6d\x6f\xa7\x65\xa6\x1d\x86\xd2\x72\xa1\xf7"
- "\xf7\x4b\xee\xf4\x9c\x7b\xda\x9e\xf3\xef\xe5\xf4\x9e\xd3\xdb\x43\x03\x28"
- "\xad\xf9\xec\x4f\x1a\xb1\x37\x22\x8e\x27\x11\xb3\x5d\x65\x13\x91\x17\xce"
- "\xb7\xee\x77\xe7\xcf\xcf\x4e\x64\x5b\x12\x8d\xc6\x07\x7f\x24\x91\xe4\xfb"
- "\xda\xf7\x4f\xf2\xdb\x5d\x79\x66\x3a\x22\x7e\x3e\x16\xf1\x6c\x65\x73\xbd"
- "\xab\x17\x2f\x9d\x59\xaa\xd7\x6b\x2b\x79\xfe\xc0\xda\xd9\x0b\x07\x56\x2f"
- "\x5e\x7a\x6d\xf9\xec\xd2\xe9\xda\xe9\xda\xb9\xc3\xaf\xbf\xf1\xd6\xe2\x9b"
- "\x87\x17\x0f\x0d\x2d\xd4\xc9\x8f\x7e\xa8\x5f\xdb\xf3\xeb\xb1\xbf\xbe\x58"
- "\xb9\xb7\xef\xc6\xdf\xf1\x71\x12\x47\x62\x26\x2f\xec\x8e\x63\x58\xe6\x63"
- "\x7e\xfd\x35\xe9\x96\xbd\xae\xef\x0c\xbb\xb2\x82\x54\xf2\x78\x7a\xc5\xc9"
- "\x93\xaf\x7d\xfc\x26\x23\xe2\xf9\x98\x8d\x4a\xde\xeb\x33\xb3\xb1\xfc\x65"
- "\xa1\x8d\x03\x46\xaa\x51\x89\x68\x00\x25\x95\xe8\xff\x50\x52\xed\x71\x40"
- "\x7b\x6e\x3f\x8a\x79\xf0\x93\xec\xf6\xd1\xd6\x04\x68\x73\xfc\x13\xad\xcf"
- "\x46\x62\xba\x39\x37\xda\x79\x27\xe9\x9a\x19\xb5\xe6\xbb\x73\x43\xa8\x3f"
- "\xab\x63\xfa\xa7\xef\xbf\xca\xb6\x18\xd1\xe7\x10\x5b\xb9\x7c\x25\x22\xf6"
- "\xf4\x8a\x3f\x69\xb6\x6d\xae\xf9\x29\x4e\x16\x7f\x7a\x5f\xfc\x69\x44\x2c"
- "\xe4\xb7\xd9\xfe\xc5\x01\xeb\x9f\xdf\x90\x7f\x9a\xe2\x3f\xd2\x15\xff\xb1"
- "\x01\xeb\x2f\x3a\x7e\x00\xca\xe9\xe6\xd1\xd6\x89\x7c\xf3\xf9\x2f\x5d\x1f"
- "\xff\x44\x8f\xf1\xcf\x4c\x8f\x73\xd7\x20\x8a\x3e\xff\xf5\x1f\xff\x75\xe2"
- "\xaf\xf4\x19\xff\xbd\xbf\xcd\x3a\x6e\x5c\xff\xee\x48\xbf\xb2\xee\xf1\x5f"
- "\xb6\x65\xf5\xb7\xc7\x82\x8f\xc3\xed\x2b\x11\x2f\xf4\x8c\x3f\x59\x8f\x3f"
- "\xe9\x11\x7f\x36\xee\x39\xbe\xcd\x3a\x5e\xaa\x7d\x7b\xab\x5f\x59\xd1\xf1"
- "\x37\xae\x47\xec\xeb\x39\xff\xe9\x5c\xd1\x4a\xb6\xbc\x3e\x79\xe0\xd4\x72"
- "\xbd\xb6\xd0\xfa\xdb\xbb\x8e\xab\x9f\x37\xae\xf5\xab\xbf\xe8\xf8\xb3\xe3"
- "\xbf\xb3\x4f\xfc\x5b\x1d\xff\x6c\xdf\x85\x6d\xd6\xf1\xe3\xdd\x7b\xbf\xf5"
- "\x2b\x7b\x70\xfc\xe9\xef\x53\xc9\x87\xcd\xd4\x54\xbe\xe7\xd3\xa5\xb5\xb5"
- "\x95\x83\x11\x53\xc9\xbb\x9b\xf7\x3f\x60\x22\xd2\xbe\x4f\xfb\x39\xb2\xf8"
- "\xf7\xbf\xbc\x75\xff\xef\x15\xff\x8e\x6c\xee\xb0\xcd\xf8\xef\xec\x3f\xfc"
- "\xde\xa0\xf1\xdf\xfe\xa7\x33\x47\x1f\x85\x2c\xfe\x93\x03\x1e\xff\xab\xdb"
- "\xac\x63\x71\xa1\xfa\x4d\xbf\xb2\xa2\xff\xfd\x03\x00\x00\x00\x00\x00\xc0"
- "\x38\x49\x9b\xdf\xe5\x48\xd2\xea\x7a\x3a\x4d\xab\xd5\xd6\x1a\xde\xe7\x62"
- "\x67\x5a\x3f\xbf\xba\xf6\xea\xa9\xf3\x9f\x9c\x3b\xd9\xfa\xce\xc7\x5c\x4c"
- "\xa6\xed\x4b\xdd\xb3\xad\x7c\x92\xe5\x0f\xe6\xdf\x87\x6d\xe7\x17\x37\xe4"
- "\x0f\x45\xc4\xee\x88\xf8\xba\xb2\xa3\x99\xaf\x9e\x38\x5f\x3f\x59\x74\xf0"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x84\xd8"
- "\xb5\x61\xfd\xff\xdd\x4a\x6b\xfd\x3f\x50\x12\x13\x45\x37\x00\x28\x8c\xfe"
- "\x0f\xe5\xa5\xff\x43\x79\xe9\xff\x50\x5e\x0f\xdb\xff\xbd\x5f\xc0\xf8\xd0"
- "\x9f\xa1\xbc\xf4\x7f\x28\x2f\xfd\x1f\xca\x4b\xff\x87\xf2\xd2\xff\xa1\xbc"
- "\xf4\x7f\x00\x00\x00\x00\x18\x4b\xbb\x5f\xbc\x79\x2b\x89\x88\xcb\x6f\xef"
- "\x68\x6e\x99\xa9\xbc\x6c\xb2\xd0\x96\x01\xa3\x96\x16\xdd\x00\xa0\x30\x95"
- "\xa2\x1b\x00\x14\xc6\xa5\x7f\x28\x2f\x73\x7c\x20\x59\x4f\xfd\xdb\x68\xb9"
- "\xbf\x7c\xba\xdf\x03\x6f\x26\x03\xd4\x36\x35\xc0\x63\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x80\x57\xf6\x5a\xff\x0f\x65\x65\xfd\x3f\x94\x97\xf5"
- "\xff\x50\x5e\x8f\xb0\xfe\xdf\x7f\x1d\x00\x4f\xb9\x47\x9a\xe3\x7b\x07\x80"
- "\xb1\xf0\xa0\x55\xfc\x9d\xf5\xff\x1b\x66\x0c\x03\xad\xff\x07\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x06\x31\xd3\xdc\x92\xb4\x9a\xaf\x05\x9e\x89"
- "\x34\xad\x56\x23\xfe\x1f\x11\x73\x31\x99\x9c\x5a\xae\xd7\x16\x22\xe2\x99"
- "\x88\xf8\xa5\x32\xf9\xbf\x2c\x7f\xb0\xe8\x46\x03\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x98\x59\xbd\x78\xe9\xcc\x52\xbd\x5e"
- "\x5b\x19\x42\xa2\x91\xff\x34\xd8\xd0\x9e\xf0\x21\x12\x13\x11\xf1\xd8\x2b"
- "\x95\x90\x18\xdb\x44\xd1\xef\x4c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x50\x3e\x9d\x45\xbf\x45\xb7\x04\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x8a\xd3\xf9\xfd\xff\xd1\x25\x8a\x8e\x11\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x78\x3a\xfd\x17\x00\x00\xff\xff\xe8\xb2\x24\xd0",
- 1419);
- syz_mount_image(/*fs=*/0x200000000580, /*dir=*/0x200000000040,
- /*flags=MS_SYNCHRONOUS|MS_NOATIME*/ 0x410,
- /*opts=*/0x2000000005c0, /*chdir=*/1, /*size=*/0x58b,
- /*img=*/0x200000002600);
- memcpy((void*)0x2000000000c0, "fd/3\000", 5);
- res = -1;
- res = syz_open_procfs(/*pid=*/0, /*file=*/0x2000000000c0);
- if (res != -1)
- r[56] = res;
- memcpy((void*)0x2000000001c0, "mounts\000", 7);
- res = -1;
- res = syz_open_procfs(/*pid=*/0, /*file=*/0x2000000001c0);
- if (res != -1)
- r[57] = res;
- memcpy((void*)0x200000000040, ".\000", 2);
- memcpy((void*)0x200000000080, "9p\000", 3);
- memcpy((void*)0x200000000300, "trans=fd,rfdno=", 15);
- sprintf((char*)0x20000000030f, "0x%016llx", (long long)r[56]);
- memcpy((void*)0x200000000321, ",wfdno=", 7);
- sprintf((char*)0x200000000328, "0x%016llx", (long long)r[57]);
- syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000040ul,
- /*type=*/0x200000000080ul, /*flags=*/0ul, /*opts=*/0x200000000300ul);
- memcpy((void*)0x200000000080, ".\000", 2);
- syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000080ul, /*type=*/0ul,
- /*flags=MS_REC|MS_REMOUNT|MS_RDONLY|MS_NOSUID|0x40c*/ 0x442ful,
- /*data=*/0ul);
- res = syscall(__NR_socket, /*domain=*/0xaul, /*type=SOCK_DGRAM*/ 2ul,
- /*proto=*/0);
- if (res != -1)
- r[58] = res;
- res = syscall(__NR_socket,
- /*domain=AF_PACKET|0x200000000000000*/ 0x200000000000011ul,
- /*type=SOCK_RAW*/ 3ul, /*proto=*/0);
- if (res != -1)
- r[59] = res;
- memcpy((void*)0x200000000080,
- "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16);
- res = syscall(__NR_ioctl, /*fd=*/r[59], /*cmd=*/0x8933,
- /*arg=*/0x200000000080ul);
- if (res != -1)
- r[60] = *(uint32_t*)0x200000000090;
- *(uint32_t*)0x2000000004c0 = 2;
- *(uint32_t*)0x2000000004c4 = 0x80;
- *(uint8_t*)0x2000000004c8 = 0x97;
- *(uint8_t*)0x2000000004c9 = 0;
- *(uint8_t*)0x2000000004ca = 0;
- *(uint8_t*)0x2000000004cb = 0;
- *(uint32_t*)0x2000000004cc = 0;
- *(uint64_t*)0x2000000004d0 = 0;
- *(uint64_t*)0x2000000004d8 = 0;
- *(uint64_t*)0x2000000004e0 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 38, 26);
- *(uint32_t*)0x2000000004f0 = 0;
- *(uint32_t*)0x2000000004f4 = 0;
- *(uint64_t*)0x2000000004f8 = 0;
- *(uint64_t*)0x200000000500 = 0;
- *(uint64_t*)0x200000000508 = 0;
- *(uint64_t*)0x200000000510 = 0;
- *(uint32_t*)0x200000000518 = 0x20;
- *(uint32_t*)0x20000000051c = 0;
- *(uint64_t*)0x200000000520 = 0;
- *(uint32_t*)0x200000000528 = 0;
- *(uint16_t*)0x20000000052c = 0;
- *(uint16_t*)0x20000000052e = 0;
- *(uint32_t*)0x200000000530 = 0;
- *(uint32_t*)0x200000000534 = 0;
- *(uint64_t*)0x200000000538 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x2000000004c0ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- *(uint8_t*)0x200000000000 = 0xfc;
- *(uint8_t*)0x200000000001 = 0;
- memset((void*)0x200000000002, 0, 13);
- *(uint8_t*)0x20000000000f = 0;
- *(uint32_t*)0x200000000010 = 0;
- *(uint32_t*)0x200000000014 = r[60];
- syscall(__NR_ioctl, /*fd=*/r[58], /*cmd=*/0x8916, /*arg=*/0x200000000000ul);
- syscall(__NR_socket, /*domain=AF_KCM*/ 0x29ul, /*type=SOCK_STREAM*/ 1ul,
- /*proto=*/0xfffffff9);
- memcpy((void*)0x2000000025c0, "./file0\000", 8);
- syz_mount_image(/*fs=*/0, /*dir=*/0x2000000025c0, /*flags=*/0, /*opts=*/0,
- /*chdir=*/0, /*size=*/0, /*img=*/0);
- memcpy((void*)0x200000000080, "./file0\000", 8);
- memcpy((void*)0x2000000000c0, "tmpfs\000", 6);
- memcpy((void*)0x200000000100,
- "\x63\x8f\xc3\xf6\x0f\x68\x8b\x67\x04\x00\x18\x3e\x1e\x38", 14);
- syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000080ul,
- /*type=*/0x2000000000c0ul, /*flags=*/0ul, /*opts=*/0x200000000100ul);
- memcpy((void*)0x200000000280, "ext4\000", 5);
- memcpy((void*)0x200000000300, "./file0\000", 8);
- memcpy((void*)0x2000000003c0, "quota", 5);
- *(uint8_t*)0x2000000003c5 = 0x2c;
- memcpy((void*)0x2000000003c6, "euid", 4);
- *(uint8_t*)0x2000000003ca = 0x3d;
- sprintf((char*)0x2000000003cb, "%020llu", (long long)0);
- *(uint8_t*)0x2000000003df = 0x2c;
- memcpy((void*)0x2000000003e0, "fscontext", 9);
- *(uint8_t*)0x2000000003e9 = 0x3d;
- memcpy((void*)0x2000000003ea, "root", 4);
- *(uint8_t*)0x2000000003ee = 0x2c;
- memcpy((void*)0x2000000003ef, "dont_appraise", 13);
- *(uint8_t*)0x2000000003fc = 0x2c;
- memcpy((void*)0x2000000003fd, "uid", 3);
- *(uint8_t*)0x200000000400 = 0x3d;
- sprintf((char*)0x200000000401, "%020llu", (long long)0);
- *(uint8_t*)0x200000000415 = 0x2c;
- memcpy((void*)0x200000000416, "uid>", 4);
- sprintf((char*)0x20000000041a, "%020llu", (long long)0);
- *(uint8_t*)0x20000000042e = 0x2c;
- *(uint8_t*)0x20000000042f = 0;
- memcpy(
- (void*)0x200000000580,
- "\x78\x9c\xec\xdd\xd1\x6f\x53\x5f\x1d\x00\xf0\xef\xed\x36\xb6\xdf\x7e\xfb"
- "\xfd\x36\x94\x07\x35\x2a\x88\x28\x1a\x42\xbb\x15\x58\x08\x2f\xc2\x8b\xc6"
- "\x10\x12\x23\xf1\xc9\x07\x58\xb6\xb2\x2c\xeb\xd6\x65\xed\x90\x4d\x12\xc7"
- "\xff\x60\x22\x89\x4f\xfa\x27\xf0\x60\xe2\x83\x09\x4f\xbe\xfb\xa6\x6f\xbe"
- "\xe0\x83\x09\x2a\xc1\x30\x13\x1f\x6a\xee\xed\xed\x1c\x63\xdd\x06\x94\x95"
- "\xac\x9f\x4f\x72\x72\xcf\xb9\xa7\xeb\xf7\x9c\x36\xf7\x9c\xf6\xac\xed\x09"
- "\xa0\x6f\x9d\x89\x88\xcd\x88\x38\x11\x11\x77\x23\x62\x3c\x3f\x9f\xe4\x29"
- "\xae\xb7\x52\x7a\xbb\x57\x2f\x1e\xce\x6e\xbd\x78\x38\x9b\x44\xb3\x79\xfb"
- "\x9f\x49\x8c\xec\xba\xaf\x24\x3f\x7e\x9a\xdf\x67\x5a\xff\xe3\x1f\xe4\x85"
- "\x5d\xea\xeb\x1b\x8b\x33\xd5\x6a\x65\x35\x2f\x97\x1a\x4b\x2b\xa5\xfa\xfa"
- "\xc6\xc5\x85\xa5\x99\xf9\xca\x7c\x65\xb9\x5c\x9e\x9e\x9a\x9e\xbc\x7a\xe9"
- "\x4a\xb9\x6b\x7d\x3d\xbd\xf4\xe4\xf9\xf7\x17\x6e\xfe\xe4\x0f\xbf\xff\xda"
- "\xb3\x3f\x6d\x7e\xf7\xe7\x69\x7b\xc7\xf2\xba\xb4\x6f\x5d\x0b\xb4\x43\xeb"
- "\x31\x19\xda\x8e\x93\x1a\x8c\x88\x9b\x1f\x22\x58\x0f\x0c\xe4\xfd\x39\xd1"
- "\xeb\x86\xf0\x4e\x0a\x11\xf1\x85\x88\x38\x9b\x5d\xff\xe3\x31\x90\x3d\x9b"
- "\x00\xc0\x71\xd6\x6c\x8e\x47\x73\x7c\x67\x19\x00\x38\xee\x0a\xd9\x1a\x58"
- "\x52\x28\xe6\x6b\x01\x63\x51\x28\x14\x8b\xad\x35\xbc\x53\x31\x5a\xa8\xd6"
- "\xea\x8d\x0b\xf7\x6a\x6b\xcb\x73\xad\xb5\xb2\x89\x18\x2a\xdc\x5b\xa8\x56"
- "\x26\xf3\xb5\xc2\x89\x18\x4a\xd2\xf2\x54\x96\xff\x7f\xb9\xbc\xab\x7c\x29"
- "\x22\x4e\x46\xc4\x2f\x87\x3f\xc9\xca\xc5\xd9\x5a\x75\xae\x97\x2f\x7c\x00"
- "\xa0\x8f\x7d\xba\x6b\xfe\xff\xf7\x70\x6b\xfe\x07\x00\x8e\xb9\xdd\x1f\xe4"
- "\x01\x00\x8e\x3f\xf3\x3f\x00\xf4\x1f\xf3\x3f\x00\xf4\x1f\xf3\x3f\x00\xf4"
- "\x1f\xf3\x3f\x00\xf4\x1f\xf3\x3f\x00\xf4\x1f\xf3\x3f\x00\xf4\x95\x1f\xdd"
- "\xba\x95\xa6\xe6\x56\xfe\xfb\xd7\x73\xf7\xd7\xd7\x16\x6b\xf7\x2f\xce\x55"
- "\xea\x8b\xc5\xa5\xb5\xd9\xe2\x6c\x6d\x75\xa5\x38\x5f\xab\xcd\x67\xbf\xd9"
- "\xb3\x74\xd0\xfd\x55\x6b\xb5\x95\xa9\xcb\xb1\xf6\xa0\xd4\xa8\xd4\x1b\xa5"
- "\xfa\xfa\xc6\x9d\xa5\xda\xda\x72\xe3\x4e\xf6\xbb\xde\x77\x2a\x43\x47\xd2"
- "\x2b\x00\x60\x3f\x27\x4f\x3f\xfd\x4b\x12\x11\x9b\xd7\x3e\xc9\x52\xec\xd8"
- "\xcb\xc1\x5c\x0d\xc7\x5b\xa1\xd7\x0d\x00\x7a\x66\xa0\xd7\x0d\x00\x7a\xe6"
- "\xdd\xae\xff\x1b\x4f\xba\xde\x10\xe0\xc8\xed\xf3\x1e\xdf\x5b\x03\xe8\x13"
- "\xc9\x01\xf5\x1d\x3f\x22\xf4\xb8\xfb\x6d\x01\x8e\xc6\xf9\x2f\x5b\xff\x87"
- "\x7e\xe5\x45\x3e\xf4\x2f\xeb\xff\xd0\xbf\x06\x7b\xdd\x00\xa0\x67\x9a\xcd"
- "\xc4\x9e\xff\x00\xd0\x67\xac\xf1\x03\xfe\xff\x0f\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x6f\x6f\x2c\x4b\x49\xa1\x98\xef\x05\x3e\x16\x85\x42\xb1\x18\xf1\x59\x44"
- "\x4c\xc4\x50\x72\x6f\xa1\x5a\x99\x8c\x88\xcf\x23\xe2\xcf\xc3\x43\xc3\x69"
- "\x79\xaa\xd7\x8d\x06\x00\xde\x53\xe1\xef\x49\xbe\xff\xd7\xf9\xf1\x73\x63"
- "\xbb\x6b\x4f\x24\xff\x19\xce\x8e\x11\xf1\xb3\x5f\xdf\xfe\xd5\x83\x99\x46"
- "\x63\x75\x2a\x3d\xff\xaf\xed\xf3\x8d\xc7\xf9\xf9\x72\x2f\xda\x0f\x00\x1c"
- "\xa4\x3d\x4f\xb7\xe7\xf1\xb6\x57\x2f\x1e\xce\xb6\xd3\x51\xb6\xe7\xf9\x8d"
- "\xd6\xe6\xa2\x69\xdc\xad\x3c\xb5\x6a\x06\x63\x30\x3b\x8e\xc4\x50\x44\x8c"
- "\xbe\x4c\xf2\x72\x4b\xfa\x7a\x65\xa0\x0b\xf1\x37\x1f\x45\xc4\x97\xf6\xea"
- "\x7f\x92\xad\x8d\x4c\xe4\x3b\x9f\xbe\xdc\xf5\x77\x69\xec\xcf\x8e\x30\xfe"
- "\xe8\xcb\xc2\x6b\xfd\x2f\x66\x75\xad\x35\x9b\xf4\xb1\xf8\x62\x17\xda\x02"
- "\xfd\xe6\x69\x3a\xfe\x5c\xdf\xeb\xfa\x2b\xc4\x99\xec\xd8\xbe\xfe\x5e\x1f"
- "\x7f\x46\xb2\x11\xea\xfd\xb5\xc7\xbf\xad\x37\xc6\xbf\xc2\xf6\xf8\x37\xd0"
- "\x61\xfc\x3b\x73\xd8\x18\x97\xff\xf8\xc3\x8e\x75\x8f\x22\xbe\x32\xb8\x57"
- "\xfc\x64\x3b\x7e\xd2\x21\xfe\xb9\x3c\x7f\xd0\x38\xfc\xd7\xaf\x7e\xfd\x6c"
- "\xa7\xba\xe6\x6f\x22\xce\xc7\xde\xf1\x77\xc6\x2a\x35\x96\x56\x4a\xf5\xf5"
- "\x8d\x8b\x69\xa1\x32\x5f\x59\x2e\x97\xa7\xa7\xa6\x27\xaf\x5e\xba\x52\x2e"
- "\x65\x6b\xd4\xa5\xf6\x4a\xf5\x9b\xfe\x71\xed\xc2\xe7\xfb\xf5\x7f\xb4\x43"
- "\xfc\x91\x03\xfa\xff\xad\x03\xfa\xdd\xf6\xdb\xff\xde\xfd\xe9\x37\xf6\x89"
- "\xff\x9d\x6f\xee\xfd\xfc\x9f\xda\x27\x7e\x3a\x27\x7e\xfb\x90\xf1\x67\x46"
- "\x7f\xd7\x71\xfb\xee\x34\xfe\x5c\x87\xfe\x1f\xf4\xfc\x5f\x38\x64\xfc\x67"
- "\x7f\xdb\x98\x3b\xe4\x4d\x01\x80\x23\x50\x5f\xdf\x58\x9c\xa9\x56\x2b\xab"
- "\xf5\xef\xb5\x33\xeb\x32\x32\xdd\xc8\xfc\xe2\xe3\x68\x46\x6f\x33\xe9\x45"
- "\xf6\x11\x34\xe3\xed\x33\xbd\x1e\x99\x80\x0f\xed\xf5\x81\x0a\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\xf8\x18\x75\xeb\x3b\x43\x11\xcd\xe6\x7e"
- "\x5f\x81\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x80\x0f\xe1\x7f\x01\x00\x00\xff\xff\x9e"
- "\xfa\xd4\x50",
- 1227);
- syz_mount_image(/*fs=*/0x200000000280, /*dir=*/0x200000000300,
- /*flags=MS_DIRSYNC*/ 0x80, /*opts=*/0x2000000003c0,
- /*chdir=*/1, /*size=*/0x4cb, /*img=*/0x200000000580);
- memcpy((void*)0x200000000080, ".\000", 2);
- syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000080ul, /*type=*/0ul,
- /*flags=MS_REC|MS_REMOUNT|MS_NOSUID|MS_NOEXEC|0x440*/ 0x446aul,
- /*data=*/0ul);
- memcpy((void*)0x200000000040, "./bus\000", 6);
- res = syscall(__NR_creat, /*file=*/0x200000000040ul, /*mode=*/0ul);
- if (res != -1)
- r[61] = res;
- res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/6);
- if (res != -1)
- r[62] = res;
- *(uint32_t*)0x2000000004c0 = 2;
- *(uint32_t*)0x2000000004c4 = 0x80;
- *(uint8_t*)0x2000000004c8 = 0x97;
- *(uint8_t*)0x2000000004c9 = 0;
- *(uint8_t*)0x2000000004ca = 0;
- *(uint8_t*)0x2000000004cb = 0;
- *(uint32_t*)0x2000000004cc = 0;
- *(uint64_t*)0x2000000004d0 = 0;
- *(uint64_t*)0x2000000004d8 = 0;
- *(uint64_t*)0x2000000004e0 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 38, 26);
- *(uint32_t*)0x2000000004f0 = 0;
- *(uint32_t*)0x2000000004f4 = 0;
- *(uint64_t*)0x2000000004f8 = 0;
- *(uint64_t*)0x200000000500 = 0;
- *(uint64_t*)0x200000000508 = 0;
- *(uint64_t*)0x200000000510 = 0;
- *(uint32_t*)0x200000000518 = 0x100;
- *(uint32_t*)0x20000000051c = 0;
- *(uint64_t*)0x200000000520 = 0;
- *(uint32_t*)0x200000000528 = 0;
- *(uint16_t*)0x20000000052c = 0;
- *(uint16_t*)0x20000000052e = 0;
- *(uint32_t*)0x200000000530 = 0;
- *(uint32_t*)0x200000000534 = 0;
- *(uint64_t*)0x200000000538 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x2000000004c0ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- res = syscall(__NR_socket, /*domain=*/0xaul,
- /*type=SOCK_DGRAM|0x800000000000000*/ 0x800000000000002ul,
- /*proto=*/0);
- if (res != -1)
- r[63] = res;
- *(uint16_t*)0x200000000000 = 0xa;
- *(uint16_t*)0x200000000002 = htobe16(0);
- *(uint32_t*)0x200000000004 = htobe32(0);
- *(uint8_t*)0x200000000008 = 0xfe;
- *(uint8_t*)0x200000000009 = 0x80;
- memset((void*)0x20000000000a, 0, 13);
- *(uint8_t*)0x200000000017 = 0xaa;
- *(uint32_t*)0x200000000018 = 1;
- syscall(__NR_connect, /*fd=*/r[63], /*addr=*/0x200000000000ul,
- /*addrlen=*/0x1cul);
- syscall(__NR_perf_event_open, /*attr=*/0ul, /*pid=*/-1, /*cpu=*/3ul,
- /*group=*/r[61], /*flags=*/0ul);
- memcpy((void*)0x200000000200, "msdos\000", 6);
- memcpy((void*)0x200000000240, "./bus\000", 6);
- memcpy(
- (void*)0x200000000700,
- "\x78\x9c\xec\xda\x3d\x6b\x5b\x57\x18\x07\xf0\x73\x55\xb7\x7e\xc3\x2f\xa5"
- "\xb4\xc5\x5e\x7a\x68\x97\x76\x11\xb5\xe7\x0e\x36\xc5\x86\x52\xd1\x96\xd6"
- "\x2a\xb4\x05\xe3\x6b\x2c\xb7\x42\xaa\x64\x74\x35\x48\xa5\x83\xe6\x4e\x85"
- "\x7c\x81\xcc\x21\x63\xb6\x40\xf0\x17\xf0\x77\xc8\x90\xcd\x04\x8c\x27\x4f"
- "\xb9\xc1\x56\x62\x3b\x26\x89\xe3\x80\x2d\x13\xff\x7e\x8b\x1e\xf1\x3f\x07"
- "\x9d\xa3\x03\x87\x87\xcb\xdd\xfd\xe6\xff\xbf\x6b\x9b\x59\x71\x33\x6d\x87"
- "\x42\x92\x84\xc2\x42\xe8\x85\x83\x24\x4c\x87\x42\x78\xae\x17\xbe\x5a\xfd"
- "\x61\xff\xbf\x5f\x7e\xfb\xfd\xfb\xc5\x52\x69\xe9\xe7\x18\x97\x17\x57\xe6"
- "\xe6\x63\x8c\x93\x9f\x3d\xf8\xe3\xdf\xbb\x9f\x6f\xb7\xc7\x7f\xbd\x37\x79"
- "\x7f\x38\xec\x4c\xaf\xee\xee\xcd\x3f\xda\xf9\x64\x67\x66\xf7\xc9\xca\x5f"
- "\xd5\x2c\x56\xb3\xd8\x68\xb6\x63\x1a\xd7\x9b\xcd\x76\xba\x5e\xaf\xc4\x8d"
- "\x6a\x56\x2b\xc6\xf8\x53\xbd\x92\x66\x95\x58\x6d\x64\x95\xd6\x0b\xf9\x66"
- "\xbd\xb9\xb5\xd5\x8d\x69\x63\x63\x62\x6c\xab\x55\xc9\xb2\x98\x36\xba\xb1"
- "\x56\xe9\xc6\x76\x33\xb6\x5b\xdd\x98\xfe\x99\x56\x1b\xb1\x58\x2c\xc6\x89"
- "\xb1\xc0\x45\xdc\x3a\xf3\xbd\x7c\xe7\x20\xcf\xc3\x5e\xfe\xfe\x5a\xc8\xf3"
- "\x7c\xf4\x76\x18\xdf\x0e\x13\x0f\xc3\x54\x48\x3e\x8c\xc9\x47\x0b\xc9\xc7"
- "\x6b\xc9\xa7\xbd\x64\x66\x2f\xcf\xa7\x06\xb4\x62\x2e\x97\xf3\xbf\xd9\x4e"
- "\x5d\xea\x23\x21\x3c\xee\x75\xca\x9d\x72\xff\xb3\x9f\x2f\x7f\x57\x5a\xfa"
- "\x3a\x1e\x99\x3e\x99\x35\x7a\x5c\x1d\xe6\x73\xfd\x3c\x9e\xe4\xfb\x9d\x4e"
- "\x79\x38\x8c\x3d\xcb\xe7\x5f\x9a\x8f\x84\x2f\xbf\xe8\xe7\x87\xd9\xb7\x3f"
- "\x96\xce\xe4\xb3\x61\xe3\x72\xb7\x0e\x00\x70\x23\x15\xe3\xb1\x53\xfd\xdd"
- "\x61\xff\xf5\x5e\x3f\x2f\xbe\x2a\xef\x57\xa7\xfa\xc3\x33\xfd\xdb\x50\x98"
- "\x1d\xba\xb2\x6d\xf0\x96\xb2\xee\x3f\xb5\xb4\x5e\xaf\xb4\x5e\x53\x7c\x10"
- "\xce\x1f\x33\xa8\xa2\x30\xa8\x5f\x3f\x7a\x2e\x16\x42\x38\x7f\x70\x32\x74"
- "\x1d\xfe\xa8\x77\xa2\x08\xc9\xb5\x58\xc6\x8d\x28\x06\x7d\x33\x71\x15\x4e"
- "\x0e\xfd\x82\x13\x0b\x97\xb4\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde"
- "\xc8\x55\xbc\x4e\x38\xe8\x3d\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\xd7\xdb\xd3\x00\x00\x00\xff\xff\x39\xf9\x70\xe7",
- 535);
- syz_mount_image(/*fs=*/0x200000000200, /*dir=*/0x200000000240,
- /*flags=MS_LAZYTIME|MS_STRICTATIME|MS_MANDLOCK*/ 0x3000040,
- /*opts=*/0x2000000002c0, /*chdir=*/1, /*size=*/0x217,
- /*img=*/0x200000000700);
- memcpy((void*)0x2000000001c0, "./bus\000", 6);
- res = syscall(__NR_creat, /*file=*/0x2000000001c0ul,
- /*mode=S_IWOTH|S_IROTH|S_IXGRP|S_IRUSR*/ 0x10eul);
- if (res != -1)
- r[64] = res;
- syscall(__NR_setreuid, /*ruid=*/0, /*euid=*/0xee00);
- *(uint32_t*)0x200000000000 = 0;
- syscall(__NR_ioctl, /*fd=*/r[64], /*cmd=*/0x40047211,
- /*arg=*/0x200000000000ul);
- syscall(__NR_write, /*fd=*/r[62], /*data=*/0x200000000180ul, /*len=*/0x1dul);
- *(uint64_t*)0x200000006d00 = 0;
- *(uint32_t*)0x200000006d08 = 0x1002000;
- *(uint64_t*)0x200000006d10 = 0;
- *(uint64_t*)0x200000006d18 = 0;
- *(uint64_t*)0x200000006d20 = 0;
- *(uint64_t*)0x200000006d28 = 0;
- *(uint32_t*)0x200000006d30 = 0x3800;
- *(uint32_t*)0x200000006d38 = 0;
- syscall(__NR_sendmmsg, /*fd=*/r[63], /*mmsg=*/0x200000006d00ul,
- /*vlen=*/0xc6ul, /*f=*/0ul);
- syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0xc);
- *(uint64_t*)0x200000000080 = 0;
- *(uint32_t*)0x200000000088 = 0;
- *(uint64_t*)0x200000000090 = 0x200000000240;
- *(uint64_t*)0x200000000240 = 0x2000000000c0;
- memcpy((void*)0x2000000000c0,
- "\xac\x00\x00\x00\x00\x01\x19\x05\x00\x00\x00\x00\x00\x00\x00\x1f\x0a"
- "\x00\x00\x00\x3c\x00\x01\x00\x2c\x00\x01\x00\x14\x00\x03\x00\x16\xf8"
- "\xbc\xd3\x83\x2f\x9b\x15\x77\xde\xf1\x3e\xda\xc1\xb8\xbf\x14\x00\x04"
- "\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xbb"
- "\x0c\x00\x02\x00\x05\x00\x01\x00\x00\x00\x00\x00\x3c\x00\x02\x00\x0c"
- "\x00\x02\x00\x05\x00\x01\x00\x00\x00\x00\x00\x2c\x00\x01\x00\x14\x00"
- "\x03\x00\xfe\x88\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x01\x14\x00\x04\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08"
- "\x00\x00\x00\x01\x08\x00\x07\x00\x00\x00\x00\x00\x18\x00\x06",
- 151);
- *(uint64_t*)0x200000000248 = 0xac;
- *(uint64_t*)0x200000000098 = 1;
- *(uint64_t*)0x2000000000a0 = 0;
- *(uint64_t*)0x2000000000a8 = 0;
- *(uint32_t*)0x2000000000b0 = 0;
- syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0x200000000080ul,
- /*f=MSG_DONTWAIT*/ 0x40ul);
- res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0xc);
- if (res != -1)
- r[65] = res;
- *(uint64_t*)0x200000000000 = 0;
- *(uint32_t*)0x200000000008 = 0;
- *(uint64_t*)0x200000000010 = 0x200000000200;
- *(uint64_t*)0x200000000200 = 0;
- *(uint64_t*)0x200000000208 = 0;
- *(uint64_t*)0x200000000018 = 8;
- *(uint64_t*)0x200000000020 = 0;
- *(uint64_t*)0x200000000028 = 0;
- *(uint32_t*)0x200000000030 = 0;
- syscall(__NR_sendmsg, /*fd=*/r[65], /*msg=*/0x200000000000ul, /*f=*/0ul);
- res = syscall(__NR_socket, /*domain=*/0x11ul, /*type=SOCK_RAW*/ 3ul,
- /*proto=*/0x300);
- if (res != -1)
- r[66] = res;
- res = syscall(__NR_socket, /*domain=*/2ul, /*type=SOCK_CLOEXEC*/ 0x80000ul,
- /*proto=*/0xfb7c);
- if (res != -1)
- r[67] = res;
- memset((void*)0x200000001480, 48, 1);
- syscall(__NR_setsockopt, /*fd=*/r[67], /*level=*/0, /*optname=*/8,
- /*optval=*/0x200000001480ul, /*optlen=*/1ul);
- *(uint32_t*)0x200000000140 = 0xc;
- res = syscall(__NR_getsockopt, /*fd=*/r[67], /*level=*/0, /*optname=*/8,
- /*optval=*/0x200000000040ul, /*optlen=*/0x200000000140ul);
- if (res != -1)
- r[68] = *(uint32_t*)0x200000000040;
- *(uint16_t*)0x200000000100 = 0x11;
- *(uint16_t*)0x200000000102 = htobe16(0);
- *(uint32_t*)0x200000000104 = r[68];
- *(uint16_t*)0x200000000108 = 1;
- *(uint8_t*)0x20000000010a = 0;
- *(uint8_t*)0x20000000010b = 6;
- memset((void*)0x20000000010c, 170, 5);
- *(uint8_t*)0x200000000111 = 0xaa;
- memset((void*)0x200000000112, 0, 2);
- syscall(__NR_bind, /*fd=*/r[66], /*addr=*/0x200000000100ul,
- /*addrlen=*/0x14ul);
- syscall(__NR_close, /*fd=*/r[66]);
- syscall(__NR_lseek, /*fd=*/r[61], /*offset=*/0x800002ul, /*whence=*/0ul);
- syscall(__NR_write, /*fd=*/r[61], /*data=*/0x200000000580ul, /*len=*/0x23ul);
- memcpy((void*)0x200000000000, "io.pressure\000", 12);
- syscall(__NR_openat, /*fd=*/r[61], /*file=*/0x200000000000ul, /*flags=*/2,
- /*mode=*/0);
- *(uint64_t*)0x200000000140 = 4;
- syscall(__NR_ioctl, /*fd=*/r[61], /*cmd=*/0x4b63, /*arg=*/0x200000000140ul);
- memcpy((void*)0x2000000000c0, "./bus\000", 6);
- res = syscall(__NR_creat, /*file=*/0x2000000000c0ul, /*mode=*/0ul);
- if (res != -1)
- r[69] = res;
- *(uint32_t*)0x200000000200 = 9;
- *(uint32_t*)0x200000000204 = 0x80;
- *(uint8_t*)0x200000000208 = 0;
- *(uint8_t*)0x200000000209 = 0;
- *(uint8_t*)0x20000000020a = 0;
- *(uint8_t*)0x20000000020b = 0;
- *(uint32_t*)0x20000000020c = 0;
- *(uint64_t*)0x200000000210 = 0;
- *(uint64_t*)0x200000000218 = 0;
- *(uint64_t*)0x200000000220 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 38, 26);
- *(uint32_t*)0x200000000230 = 0;
- *(uint32_t*)0x200000000234 = 0;
- *(uint64_t*)0x200000000238 = 0x200000000000;
- *(uint64_t*)0x200000000240 = 0;
- *(uint64_t*)0x200000000248 = 0;
- *(uint64_t*)0x200000000250 = 0;
- *(uint32_t*)0x200000000258 = 0;
- *(uint32_t*)0x20000000025c = 0;
- *(uint64_t*)0x200000000260 = 0;
- *(uint32_t*)0x200000000268 = 0;
- *(uint16_t*)0x20000000026c = 0;
- *(uint16_t*)0x20000000026e = 0;
- *(uint32_t*)0x200000000270 = 0;
- *(uint32_t*)0x200000000274 = 0;
- *(uint64_t*)0x200000000278 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000200ul, /*pid=*/0,
- /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul);
- memcpy((void*)0x200000000080, "./bus\000", 6);
- res = syscall(__NR_open, /*file=*/0x200000000080ul, /*flags=*/0ul,
- /*mode=*/0ul);
- if (res != -1)
- r[70] = res;
- memcpy((void*)0x200000000140, "msdos\000", 6);
- memcpy((void*)0x200000000180, "./file0\000", 8);
- memcpy((void*)0x200000000000,
- "\x00\x0f\x7f\xf7\x72\x18\x75\xd8\xba\xcc\xeb\x2f\xbb\x96\x0d\x5b\x1c"
- "\x33\x98\x8e\xac\x29\x7f\x7d\xed\xa3\x42\xbf\x10\x33\x23\xf6\x99\xe8"
- "\xd3\x87\x65\xae\xad\x29\x5a\xb1\xff\x55\x00\xa9\x93\x0e\x66\x77\x94"
- "\x15\xd3\x78\xac\x83\x82\x3c\x71\xe2\x9a\x17\xae\x07\x0b\x2f\x6d\xd0"
- "\x42\xb2\xf0\x10\xa2\x7c\xc0\xd1",
- 76);
- memcpy(
- (void*)0x200000000200,
- "\x78\x9c\xec\xdb\xbd\x8a\x13\x51\x18\x06\xe0\x6f\x62\xd4\x44\x2d\x52\x8b"
- "\xc5\x80\x8d\x55\x50\xf1\x02\x14\x89\x20\x0e\x08\xca\x14\x5a\x29\x44\x41"
- "\x12\x11\x4c\x33\x5a\xe5\x52\xbc\x41\x41\x52\xa5\x3b\xb2\x3b\xbb\xf9\x59"
- "\x36\xc5\x42\x92\x09\x9b\xe7\x69\xf2\xc2\xcb\x81\xef\x40\x66\x86\x33\x30"
- "\x9f\x1e\x7c\x1f\x0d\x7f\x4c\xbe\x8e\x9f\xcd\xa2\x93\x65\xd1\x7a\x1e\x79"
- "\xcc\xb3\xe8\x45\x2b\xce\x4d\x03\x00\xb8\x4e\xe6\x29\xc5\xbf\x94\x52\xba"
- "\x3d\x8d\xee\x9f\x48\x29\x35\x3d\x11\x00\xb0\x6b\x9e\xff\x00\x70\x7c\xde"
- "\x7f\xf8\xf8\xe6\x45\x51\x0c\xde\xe5\x79\x27\xe2\xef\xb4\x2a\xab\xb2\xfe"
- "\xad\xfb\x57\xaf\x8b\xc1\xe3\xfc\x54\x6f\xb9\x6a\x56\x55\xe5\x8d\x45\xff"
- "\xa4\xee\xf3\xf5\xfe\x66\xdc\x39\xeb\x9f\xd6\x75\xd6\x5e\xeb\x6f\xc5\xa3"
- "\x87\x75\x7f\x52\xbe\x7c\x5b\xac\xac\x8f\xaa\x2a\xef\xc6\x70\xf7\xdb\x07"
- "\x00\x00\x80\xa3\xd0\xcf\x17\x2e\x3d\xdf\xf7\xfb\x9b\xfa\x3a\xad\xbc\x1f"
- "\xb8\x70\xfe\x6f\xc7\xfd\xf6\xde\xb6\x01\x00\x5c\xc1\xe4\xd7\xef\xd1\xe7"
- "\xf1\xf8\xcb\x4f\x41\xd8\x42\xf8\x76\xaf\xfe\x5f\x1d\xca\x3c\x5b\x0b\xdd"
- "\xc3\x18\x63\x7f\xa1\xe9\x3b\x13\xb0\x6b\xcb\x8b\xbe\xe9\x49\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x80\x4d\xf6\xf1\x39\x51\xd3\x7b\x04\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0"
- "\xf8\xfc\x0f\x00\x00\xff\xff\x9d\xa1\x35\x71",
- 335);
- syz_mount_image(/*fs=*/0x200000000140, /*dir=*/0x200000000180, /*flags=*/0,
- /*opts=*/0x200000000000, /*chdir=*/1, /*size=*/0x14f,
- /*img=*/0x200000000200);
- syscall(__NR_write, /*fd=*/r[69], /*data=*/0x200000000280ul, /*size=*/0x64ul);
- syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x600000ul,
- /*prot=*/0ul, /*flags=MAP_FIXED|MAP_PRIVATE*/ 0x12ul, /*fd=*/r[70],
- /*offset=*/0ul);
- memcpy((void*)0x2000000001c0, "TIPC\000", 5);
- res = -1;
- res = syz_genetlink_get_family_id(/*name=*/0x2000000001c0, /*fd=*/r[70]);
- if (res != -1)
- r[71] = res;
- syz_proconfig_reset__sys_fs_cgroup_system_slice_rsyslog_service_pids_max();
- memcpy((void*)0x200000000100, "/dev/cpu/#/msr\000", 15);
- syz_open_dev(/*dev=*/0x200000000100, /*id=*/0, /*flags=*/0);
- memcpy((void*)0x200000000080, "fd/3\000", 5);
- res = -1;
- res = syz_open_procfs(/*pid=*/0, /*file=*/0x200000000080);
- if (res != -1)
- r[72] = res;
- *(uint64_t*)0x200000000600 = 0x200000000200;
- memset((void*)0x200000000200, 137, 1);
- *(uint64_t*)0x200000000608 = 1;
- syscall(__NR_pwritev, /*fd=*/r[72], /*vec=*/0x200000000600ul, /*vlen=*/1ul,
- /*off_low=*/0, /*off_high=*/0);
- *(uint64_t*)0x200000000400 = 0x200000000100;
- *(uint16_t*)0x200000000100 = 0x10;
- *(uint16_t*)0x200000000102 = 0;
- *(uint32_t*)0x200000000104 = 0;
- *(uint32_t*)0x200000000108 = 0x4000;
- *(uint32_t*)0x200000000408 = 0xc;
- *(uint64_t*)0x200000000410 = 0x2000000003c0;
- *(uint64_t*)0x2000000003c0 = 0x200000000380;
- *(uint32_t*)0x200000000380 = 0x24;
- *(uint16_t*)0x200000000384 = r[71];
- *(uint16_t*)0x200000000386 = 0x800;
- *(uint32_t*)0x200000000388 = 0x70bd2b;
- *(uint32_t*)0x20000000038c = 0x25dfdbfd;
- *(uint8_t*)0x200000000390 = 1;
- *(uint8_t*)0x200000000391 = 0;
- *(uint16_t*)0x200000000392 = 0;
- *(uint32_t*)0x200000000394 = 0;
- *(uint16_t*)0x200000000398 = 0x8001;
- *(uint16_t*)0x20000000039a = 0;
- *(uint16_t*)0x20000000039c = htobe16(8);
- *(uint16_t*)0x20000000039e = htobe16(0x11);
- *(uint32_t*)0x2000000003a0 = htobe32(0);
- *(uint64_t*)0x2000000003c8 = 0x24;
- *(uint64_t*)0x200000000418 = 1;
- *(uint64_t*)0x200000000420 = 0;
- *(uint64_t*)0x200000000428 = 0;
- *(uint32_t*)0x200000000430 = 0x20040;
- syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0x200000000400ul,
- /*f=MSG_FASTOPEN|MSG_BATCH|MSG_NOSIGNAL|0x100*/ 0x20044100ul);
- syz_proconfig_set__sys_fs_cgroup_system_slice_rsyslog_service_pids_max(
- /*val=*/0xfffffffc);
- res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/1ul, /*proto=*/0);
- if (res != -1)
- r[73] = res;
- *(uint32_t*)0x200000000080 = 1;
- syscall(__NR_setsockopt, /*fd=*/r[73], /*level=*/6,
- /*optname=TCP_THIN_LINEAR_TIMEOUTS|TCP_CORK*/ 0x13,
- /*optval=*/0x200000000080ul, /*optlen=*/4ul);
- *(uint32_t*)0x2000000000c0 = 1;
- syscall(__NR_setsockopt, /*fd=*/r[73], /*level=*/6,
- /*optname=TCP_THIN_LINEAR_TIMEOUTS|TCP_KEEPIDLE*/ 0x14,
- /*optval=*/0x2000000000c0ul, /*optlen=*/4ul);
- *(uint16_t*)0x200000000040 = 2;
- *(uint16_t*)0x200000000042 = htobe16(0);
- *(uint8_t*)0x200000000044 = 0xac;
- *(uint8_t*)0x200000000045 = 0x14;
- *(uint8_t*)0x200000000046 = 0x14;
- *(uint8_t*)0x200000000047 = 0xbb;
- syscall(__NR_connect, /*fd=*/r[73], /*addr=*/0x200000000040ul,
- /*addrlen=*/0x10ul);
- *(uint32_t*)0x200000000000 = 0;
- syscall(__NR_setsockopt, /*fd=*/r[73], /*level=*/1,
- /*optname=SO_RCVBUFFORCE*/ 0x21, /*optval=*/0x200000000000ul,
- /*optlen=*/4ul);
- *(uint64_t*)0x200000001d80 = 0;
- *(uint32_t*)0x200000001d88 = 0;
- *(uint64_t*)0x200000001d90 = 0x2000000001c0;
- *(uint64_t*)0x2000000001c0 = 0x200000000140;
- memcpy((void*)0x200000000140,
- "\x31\xc5\x99\xaa\xe1\x00\x5d\xb9\x40\xf7\x14\x32\x77\x9c\x78\xb6\x43"
- "\xb6\x4e\xc6\x95\x79\x59\x65\x08\xca\x0d\xd5\xb8\xd3\x37\x58\x02\x90"
- "\xa8\xb0\x46\x38\xad\xb1\x52\x81\x64\x36\x96\x7a\x79\x8a\x83\xa4\x62"
- "\x14\x66\x6e\xcc\xf9\x8d\xf2\x4e\xc7\x43\x89\x3e\xd5\x07\x1c\x8f\x8b"
- "\xce\x37\xfe\x41\xfc\x84\xd4\x87\xe8\x21\x18\xfb\x6b\x03\x3f\xe5\x05"
- "\x9f\x12\x87\xe8\xcd\x42\x17\xde\xee\x8b\x0f\x9e\xda\x36\xac\xbd\xb0"
- "\x82\xcb\x50\x00\x89\xa4\xe9\x2e\xde\xfb\xc7\x34\x60\x79\xbf",
- 117);
- *(uint64_t*)0x2000000001c8 = 0x75;
- *(uint64_t*)0x200000001d98 = 1;
- *(uint64_t*)0x200000001da0 = 0;
- *(uint64_t*)0x200000001da8 = 0;
- *(uint32_t*)0x200000001db0 = 0;
- *(uint32_t*)0x200000001db8 = 0;
- *(uint64_t*)0x200000001dc0 = 0;
- *(uint32_t*)0x200000001dc8 = 0;
- *(uint64_t*)0x200000001dd0 = 0x200000000400;
- *(uint64_t*)0x200000000400 = 0x200000000380;
- memcpy((void*)0x200000000380,
- "\xc8\xa5\x68\xae\xf7\xeb\x5b\x33\x25\xfa\xc5\xd5\xf0\xd0\x93\x13\x7a"
- "\xaa\xca\xbc\x31\x8e\x18",
- 23);
- *(uint64_t*)0x200000000408 = 0x17;
- *(uint64_t*)0x200000000410 = 0x200000000940;
- memcpy(
- (void*)0x200000000940,
- "\x75\x9f\x38\xfb\x79\x37\x4a\xdd\x12\x2f\x44\xe4\x60\x20\x8b\xdc\x7f\x3f"
- "\xb2\xcb\x89\xca\xf9\x60\xc1\xd2\xa5\xe8\x38\x2a\xc4\x62\xb3\xa2\x6f\x78"
- "\xaf\x62\x6f\xfc\x0e\x58\x6d\xd7\x74\xa0\xb6\x25\xc2\x65\x6b\x8b\xcf\x4f"
- "\xe2\xa0\xc4\x2a\xae\xac\x66\x23\xa2\xe3\x16\xea\x0b\x30\x29\xe1\x6e\xdc"
- "\xa6\xba\x04\xbf\x3e\x74\xd2\xf9\xf5\x0f\x6b\x09\xfa\x05\x22\x1a\x8e\xc6"
- "\xbd\x4f\x44\x4d\x35\x03\x11\x26\x67\x09\xaa\xd6\xac\xa1\x17\xcd\xb4\xda"
- "\x14\xcf\x26\xbe\xd1\xf7\xf1\xa9\x09\x71\xed\x32\x0a\x98\x5f\xbc\xae\x87"
- "\x55\x47\xc7\x04\x80\xdf\x77\xbd\x98\xd0\x6f\x8c\x45\x0d\x3d\x9e\x7e\x1d"
- "\xe4\xe2\x17\xa8\xa6\x30\x06\xc0\x03\x71\xba\x4a\x54\x73\x0b\x0e\x59\x30"
- "\xb7\xb4\xb1\x91\x83\x2d\xc9\x5d\x6b\xd9\x7d\xc5\x8e\xcf\xf9\x4a\x58\xea"
- "\xe8\xfb\x79\xad\xc0\x0a\x94\x13\x55\x7b\xc7\x56\x32\xe0\x7a\xd9\x6f\xe5"
- "\xe0\xb9\x99\x56\x6f\xc5\xdd\x57\x78\x70\x9a\x06\xf6\x24\xb0\x07\x3d\xbb"
- "\x8e\x12\x53\x0c\xed\x80\x17\x64\xf7\x09\x93\x4b\x37\x91\x0c\x20\x04\xf9"
- "\x67\x6d\xe1\xcb\x8d\x56\x4f\xc6\xcb\x89\x0b\x6b\x6d\xac\x47\xfd\xce\xa2"
- "\x5a\x96\xda\x89\xea\x26\x71\x65\x3c\xc2\x56\x20\xe1\x1c\x92\x60\x06\xce"
- "\x11\xf0\xa9\x78\xdb\x7e\xf8\x5d\x58\xc3\x96\x2d\x07\x41\x9c\x5b\xdb\x82"
- "\xe5\x7c\xf3\x0e\xbd\x49\xc0\x18\xac\xfb\x31\x19\xb5\x82\xd7\xc5\x39\x1b"
- "\xff\xb1\x68\x36\x94\x81\x95\xda\x63\xf2\x9d\x2f\x86\xce\x17\xca\xdc\x19"
- "\x99\x27\xc8\xf1\x48\x2d\x93\x89\x44\x3b\x19\xbd\xa2\x3c\x23\x30\xee\x0c"
- "\x5b\xb3\x4b\x87\x25\x1d\x75\x41\x43\xc5\x3c\xae\xa9\xe2\x65\xa4\x06\x0f"
- "\x92\x60\x7b\x5b\x64\x5b\x6e\x98\x9e\x6f\x42\xec\xe5\x2c\x0f\x57\x59\xf4"
- "\xf4\xe3\x19\x59\x35\xc3\x36\x75\xf8\x19\x61\x49\x44\xf7\x47\xcc\x4a\xe7"
- "\x94\xeb\x50\xd5\x2e\x99\x92\x51\x13\x0c\xbc\x2f\x20\x38\x48\x5b\x65\x71"
- "\x8a\x21\xcd\x88\x10\xf3\x38\x89\x24\x76\x83\x49\x70\xf9\x98\x20\x3a\x95"
- "\xf7\xc1\x79\x24\x4c\xb4\x0b\xaa\x3b\xbb\x3a\x4a\xa6\x38\x17\x46\x37\x2c"
- "\x29\x75\xa4\x68\x54\x16\x22\x04\x34\x1b\xf5\x35\x2b\x43\x5b\xfb\xc3\xc1"
- "\x48\xa7\x4e\xea\x4a\x7a\xe8\x17\x10\x3b\x68\x1a\x9c\x25\x6d\xe4\x25\x87"
- "\x55\x6d\x0e\x9b\xf7\xb2\x6a\xda\x33\x77\x64\xd2\x5b\x12\xca\x82\x3d\xa4"
- "\xb9\xcd\x5c\xd1\xbf\xd3\xb6\x99\x11\x61\x2d\x59\x4f\x7f\xd3\xf4\xf0\x51"
- "\xd6\xe4\x7c\x52\xa5\x4c\xdb\x6e\x0d\x00\x12\xf5\x6f\x7a\x0b\xa1\x78\x1e"
- "\x3c\x9c\xbb\x8e\x5f\x03\x3d\xe6\x2f\x9b\xcb\x2b\x05\xa2\xe3\x35\xa1\xb9"
- "\xf5\x61\x7c\xd0\x4c\x96\x70\xf7\x7b\x16\x7e\x6a\xec\x2d\x18\xc9\x31\xdc"
- "\xfd\x30\x8c\xc6\xbe\x26\xc2\x29\x4b\xa3\x07\x9a\x6f\x2c\x13\xd2\x92\xae"
- "\x7a\xbc\xab\x9c\xc3\xac\xe7\x92\xac\x31\xea\x7c\x86\xf7\xd0\xd2\x80\x08"
- "\x90\x0e\x97\x37\x32\x8a\x39\xf1\xa7\x3f\x3a\xa4\x86\x0e\x54\x91\x1b\x8f"
- "\x69\x68\xc2\x35\xd0\xf4\x0b\xc7\xca\x6b\xa7\xf7\xdc\x19\x61\x85\xe2\x35"
- "\x1a\xbe\x60\x80\xb3\x68\x3b\xd6\x88\x60\x23\xa5\x80\x85\xeb\x28\x0e\x31"
- "\xd8\x7b\x11\x75\x5a\x2d\x7c\xe8\x9e\x52\x90\x88\xdf\xb6\x24\x2f\xa3\x52"
- "\x56\x6b\x93\xa5\xb0\x93\x46\x60\x37\x86\xbf\x28\x87\xa9\xb0\x79\xa4\x6f"
- "\xcc\xdc\xac\xc4\x76\x54\x38\x1c\xdb\xca\x7b\x33\xad\xe3\x54\x17\x26\x49"
- "\x51\xcf\x8b\xe5\x24\x2c\xbe\x9c\xdd\x27\x85\x13\x93\xb3\xce\xfb\xb2\xe7"
- "\x40\xd1\xfe\xe7\x26\x6b\xce\x2d\x92\x90\xbd\x40\x41\x29\x1e\x0e\xe0\xb7"
- "\x38\x99\x92\x63\xc7\x3e\x53\xab\x63\xfb\x5e\x61\x41\xc1\x3d\x34\x8f\x8f"
- "\x10\x0c\x9d\x03\x26\x46\xb9\xbb\x4c\x64\x59\x1c\xf5\x41\xaf\xcb\x46\x2a"
- "\x27\xd0\xcc\xb0\x54\x62\x33\x5f\xe6\x32\xde\xd2\xdd\x69\x6d\xdf\x14\x11"
- "\x97\x9c\xce\x44\xda\x76\x1c\x72\x57\x49\xd3\xaf\xb3\x2f\x22\x0e\x35\x2f"
- "\x6c\x33\xc5\x15\x65\x76\x37\xb9\x78\x3c\x85\xd2\x66\x44\x35\x75\x39\x84"
- "\x36\xde\x23\xfb\xfe\x2f\x21\x54\x01\x4c\x13\x72\x15\x6d\xd7\x32\x82\x34"
- "\xb4\xaf\x40\xdb\xc2\x79\xad\xb3\x56\x60\x6d\x2b\x29\x47\xd4\x49\x8d\xfd"
- "\xd9\xc2\xa5\xec\xea\x1a\x1d\xaf\x7d\x48\xae\xf1\x00\x52\x50\x81\x40\x6d"
- "\x46\x9e\x67\x2e\xa1\xde\x35\x81\x5c\x42\x5c\x4c\x00\x82\x5a\xcf\xb6\x90"
- "\x0b\xb1\x4c\xe4\x9a\x79\x19\xda\x31\x2d\x1e\xb5\xf4\xad\x83\xd9\xf7\xde"
- "\x9d\x43\xa2\x1c\xb7\x2a\x33\xfd\x69\x9f\x18\x8c\x5f\xec\x3b\x2b\x3d\x4a"
- "\x4d\x19\x93\x99\x30\xd0\x53\x59\x76\xac\x04\x3d\x95\x52\x88\x03\x05\x15"
- "\xd5\x12\x07\x6a\x4c\xee\xb0\x5b\x80\x48\x74\x35\xbe\x70\x17\xc6\x3c\x89"
- "\xdb\x5c\xbe\x4a\xe9\xed\x2e\x68\x23\x05\x69\x28\x0e\x19\xff\xe3\x89\xfc"
- "\x95\x45\x39\x53\xde\xbb\x16\x46\xa4\x17\x89\xf8\x02\x47\x62\x0e\xb1\x2f"
- "\x01\x18\x41\x5d\x10\x15\xad\x38\x38\xec\xcc\x9e\x90\x55\x23\xba\xe6\x8a"
- "\xe9\x9a\x3a\x4c\xc7\xd8\x4e\xcd\x7f\xd0\x01\x83\x91\x83\x91\x9a\xaa\x04"
- "\xe1\x69\x2f\x5b\xec\xc1\xe5\x7f\xa5\x8e\x5a\xaa\xf3\x26\x79\x2b\x53\xb7"
- "\x5a\xfd\x28\xa7\xd7\x37\x5e\x76\x9c\x8a\x56\x7c\xd1\x28\x1d\xc1\xcb\x1a"
- "\xc1\x9f\x09\xa0\xab\x29\xe8\xc0\x88\x02\x3c\xb5\xe0\x3f\xa0\xc2\x15\xf5"
- "\x48\xef\x1d\x47\x3f\x51\x55\x4e\xae\xf4\x49\xf1\x9d\xea\x56\x92\xbf\x7c"
- "\x7f\x5e\xa3\xc1\xaf\x53\xd0\x32\xf4\xb8\x54\xce\x7e\xaa\xc8\xe4\xd5\x34"
- "\x4c\xca\xe3\x08\x5d\x70\x17\xef\xbc\x00\xe4\x1f\x02\xa4\x52\x7c\x23\x9d"
- "\x18\xb0\x65\xc2\xb5\xe5\x98\x8d\x0c\x4e\x4b\x8e\x1e\x59\x7c\x8d\x48\x18"
- "\xf6\x79\xb9\x57\x55\x54\x7f\x0a\xa6\x2d\xad\xc3\xdb\x99\x72\x9f\x4a\x46"
- "\x86\xdf\x70\x4a\x75\x8c\x98\x3d\x21\x04\xcf\xea\xa8\xa9\x9b\xf7\x24\x6e"
- "\xb5\x77\x3b\xf5\x58\xcd\x3d\xb7\xdf\xa7\xeb\x91\x3b\x6d\xa6\x58\x88\x59"
- "\xf7\x11\xdc\xa0\x7d\xae\x62\x28\x08\x11\xe1\x63\x7d\x8f\xf3\x1f\xf0\xca"
- "\x2f\x77\x5f\x64\xbd\xe2\xef\x69\x72\x1a\x91\x31\x37\x42\xa3\x1f\x8f\x59"
- "\x10\x05\xe4\x33\x98\xca\xdb\xbd\x71\x3a\x75\x48\x69\xdf\x63\x96\xed\x12"
- "\xa2\xf8\x8f\x38\x9e\x01\x85\x97\xbf\x5d\xb1\xdc\x5b\x99\x7a\x3d\x19\x99"
- "\x0f\x1e\xa7\xc5\x65\xb5\x7f\x75\xbb\xa2\xe5\xa5\x1a\x53\x53\x1c\x69\xb5"
- "\xc6\x68\xa1\xbf\x90\xb4\x6f\x7f\x75\xb3\x7b\x57\x76\x9b\x7b\xf2\x0d\x9f"
- "\x97\x22\xe4\xec\x8d\xe6\xe8\x19\x60\x7d\x85\x7c\x41\x8f\x16\x63\x8c\xe4"
- "\x00\x1e\xc5\x24\x9b\x68\x01\xec\xeb\x25\xf5\x18\x92\x4c\xc1\x7e\x42\xc6"
- "\x08\xcf\xb1\x95\x53\x77\x63\x34\x92\x04\x19\xf5\x1f\x70\xc2\x69\x9a\xab"
- "\xf4\xf2\xdc\x65\x91\x81\x94\x8d\xbd\x3d\x11\x08\xc9\xec\x6b\x4d\xee\xa2"
- "\x5b\xf1\xa6\xa4\x14\xb7\xb8\x11\xa0\x3a\xfe\xf1\x30\x51\x52\xc7\xba\xb7"
- "\xf3\x5b\x57\x90\xec\xea\x95\x1b\x2a\xce\x03\x45\xd2\x81\x6c\x42\x54\x7b"
- "\xbc\x69\x6d\xf7\xc6\xcd\xc9\x6a\xc2\x56\x3c\x28\x62\x62\x73\x1c\x74\x35"
- "\x19\xf7\xfa\xdc\x3f\xde\x75\x9e\xd4\x6d\x86\xaf\x01\xa9\xac\x4e\x96\x85"
- "\x11\x41\x1d\x33\xc0\xea\xe6\x58\x20\x8e\x38\x1f\x14\x32\x2f\xa3\x9c\x48"
- "\x37\xbd\xdb\x54\x53\x38\xec\x7d\x30\xbc\xf8\xbf\xa1\xec\x14\xca\x74\x8e"
- "\x98\x0a\xa5\x60\xa4\x7e\x1a\xb1\x90\x73\x43\x69\xf8\x2e\x75\xd9\x5e\x5a"
- "\x4a\xc3\x56\x7a\xa5\xfd\xbf\xf7\xb7\x17\xe8\xaf\x85\xc3\x61\xfc\x78\x94"
- "\x66\x40\x6c\x18\xa4\x94\x76\x34\x54\x0e\x9b\xc5\x73\x87\xee\x62\x04\xc6"
- "\x2c\xca\xf4\x8f\x66\x1b\xfa\x24\x26\x97\x3b\xf8\x2c\xc1\x01\xd8\x9d\x3d"
- "\x09\x98\x1e\xea\x6d\x0a\xe7\x9e\xce\x6f\x63\xfe\xaf\x10\x9c\xb0\xef\x59"
- "\xad\x23\xe5\x3b\x3a\x6d\xe4\x90\x2e\x4a\x28\x12\xac\x86\x95\x83\xed\x26"
- "\x79\x39\x1c\x38\x0a\x92\xc2\x2c\xbd\x25\xa7\xd2\xb0\xde\xb3\xcc\x99\x88"
- "\x56\x90\x93\x87\xa0\xb3\x19\xe4\xfb\xf5\xcf\x3c\x08\xfb\x5e\x4e\xcc\xaf"
- "\x2b\x80\x2a\x99\x81\x36\x0f\x85\xa7\x0e\xb8\x11\xf5\x6b\x05\xf2\x94\x43"
- "\x84\x4d\x19\xf8\x7b\xfd\x21\xe5\xdf\xd5\xd2\x6b\x54\xbf\x91\x39\xf1\xfe"
- "\xf1\xa2\x78\x7c\x5d\x93\x45\xcd\x2a\x35\xde\x40\xc4\x4c\x35\xf0\xc8\xab"
- "\x93\xa9\xc9\x6a\x5e\xb7\xe9\x64\xb7\x20\xfc\x82\xd3\xbc\x87\x05\x24\x22"
- "\x6f\x44\x67\x0d\xb0\x4f\xaa\xbd\x88\x3d\x83\xa9\xa1\xd3\x79\xe5\xb2\x0a"
- "\xbe\xae\x75\xce\x42\x01\x52\xc2\x8f\x38\xd5\x44\x2b\x50\xd0\x79\xf4\xe4"
- "\x88\x34\xd5\x44\x0c\x26\xe2\x72\x92\x69\x0a\x79\xd5\xee\x38\x5b\x44\x69"
- "\x1e\xf3\x98\x3e\x38\x52\x24\x80\x17\x8c\x51\xda\xb9\xc9\x49\x68\x78\xea"
- "\x66\xf7\x97\x6b\xc7\x26\x64\x4d\xa7\x5a\xee\xdb\x85\x9e\x27\xc0\xb8\xba"
- "\xca\xb6\x4b\x46\xe8\x57\xaa\xe0\x02\x1c\x8d\xdc\x68\x92\xd6\x4f\x27\x6b"
- "\x11\x66\xef\x34\xdc\xd5\xf3\xe4\xaa\xee\x43\x16\x61\x6b\x70\x8c\x25\xbf"
- "\xba\x8d\xa6\x7c\xb2\xaf\x1c\xa5\x4c\x8a\xbe\x5d\xc8\x73\x03\x94\x44\x34"
- "\x7a\xcb\x17\x1f\x5e\x5b\x84\xa3\x4c\x48\x26\x1b\x5d\xca\x0a\x3c\xbf\x34"
- "\x85\x73\xbe\x39\x97\xce\x14\x66\x2b\x3d\x69\xd7\xbe\xb6\xf0\x57\xa4\x18"
- "\x82\x19\xfd\x12\x33\x78\x2d\xba\x06\x6d\x01\x64\xaa\x95\xa4\xaa\xbb\xee"
- "\x02\x3b\x2f\xa0\x33\xa5\xf1\xf8\xd2\x8b\x77\xb5\xad\x50\x33\xd9\x58\x93"
- "\xd8\x7d\x5d\xe5\xca\x9e\x75\xbd\x8c\x37\x49\x6c\xba\xd2\x89\x1a\xe4\x2c"
- "\xa1\xf3\xea\xdd\xc8\x6d\x94\xf0\xe0\x06\x4b\x6c\xfc\xe7\x0f\x75\xe2\x89"
- "\x67\x2c\xe0\x25\xae\xe3\x5f\x7d\x28\xab\xce\x52\xcb\xf0\x75\xaf\x21\x19"
- "\x86\xb8\xaf\x2c\x82\x78\x16\x7a\x3c\x16\x0b\x76\xdf\xde\x9b\x48\x77\x8e"
- "\x9c\x6a\x1b\x5f\xe8\x74\xbf\x72\x52\xa5\x8a\x49\xf0\xc9\x9f\x82\xe1\xbc"
- "\x64\x89\x00\xb3\x03\xd9\x89\xdf\xa7\x4e\xb4\xe7\xe5\xc7\xe2\x42\xe5\xfe"
- "\x28\x0e\xd4\xe1\x4a\xd5\x67\x9a\xb5\x98\x9c\x8b\xc1\x6a\xd1\xb3\xa5\x88"
- "\x46\xee\x89\x3a\x65\x1e\x1b\xc8\xcf\x11\x9c\x3d\xe0\xff\x1c\xa2\xd1\xe8"
- "\xab\x9e\x13\xeb\x45\x84\x66\xfc\x89\xd9\x83\x9e\x64\xc4\x9a\x43\xe6\x2a"
- "\x88\x13\xe9\x42\x22\xe7\xf3\x7d\xc2\x07\xae\x1e\x7c\xdb\x21\x06\xcc\x14"
- "\x0a\x3f\x70\x4a\x00\xea\xe6\xab\xde\x92\x7e\xab\xe5\x08\x20\x1f\xee\xa8"
- "\x92\x03\x2c\x32\xe2\x00\xcf\xe3\x1f\xe5\xa0\xc5\xdd\x8c\x5b\xca\xe3\xaf"
- "\xd1\x35\x69\xda\x81\x5a\xfe\x0a\x55\x03\xc9\x2f\x03\x95\xa1\xb2\x46\x57"
- "\x73\x9e\x3c\xa8\xb0\x39\x0a\x5f\x39\x2f\x92\xa4\xab\x0b\xfc\xc9\x80\x12"
- "\xb4\xa2\x8d\xd0\xaa\x92\x9e\xe3\xb6\x8e\xa8\xc1\xe4\x25\xd9\x93\x8c\x6e"
- "\x47\x3c\x23\x06\xc8\x85\xf7\x77\x24\x0a\x41\x79\x5e\xc2\xa5\xd7\x0b\x94"
- "\xad\xa6\x58\x5f\x18\x92\xaf\x79\x4c\x47\xbc\x79\x8f\xa2\xfd\x8f\x6f\xaf"
- "\x29\xfb\x6e\x62\x22\xaf\x62\xb7\xdf\xbe\xcc\xf4\x5b\xf9\xd2\xf6\x8a\xf7"
- "\xe6\x31\x9e\x2e\xc6\x68\x3d\x77\xe4\x1b\x6c\xd0\x5a\x8f\xc3\xf8\xd6\x17"
- "\x45\x98\x73\x7b\x40\xee\xca\x3d\x33\x51\xac\x44\xa3\x7b\xec\x68\x45\xfd"
- "\x16\x26\x8a\x8e\xbf\xde\xf3\xc7\x26\xbf\xcf\x70\xfa\x48\x91\xae\x32\x41"
- "\xfa\xcf\x63\xe0\x2f\xd1\x63\x1d\x91\xef\x9f\xd9\xba\x0b\xd0\x28\x78\x81"
- "\x03\x50\x46\xce\x2b\x0c\xe4\x07\xf2\x95\xad\x82\x1c\x5b\xeb\x56\xcd\x5f"
- "\xa4\x24\xaa\x3b\xd7\xe9\x2f\x70\xd5\x36\x76\x7e\xbe\x0c\xd2\x3a\x08\xa7"
- "\x69\xc9\x9c\x1a\x7d\xf4\xbb\xf7\xd5\x2c\xd8\x07\x71\xcd\x12\x15\x1a\x5a"
- "\x59\xf1\x95\x21\xcc\xc2\x24\xba\xb3\x2f\x13\x57\x7d\xe5\xa3\x7c\x74\xe7"
- "\x46\x53\xf6\x39\x5e\x1a\x0d\x68\x9e\xf6\xa4\xd7\xa0\x6b\x7c\x29\xd3\x43"
- "\x22\x8d\x8f\xd3\x51\xf6\xb6\xea\xec\xd4\x5a\x7c\x6f\xda\x95\xf3\xca\x7d"
- "\x88\x39\x3b\x1d\x8d\x80\xbf\x11\xa5\x7a\xeb\x5f\xee\x4d\x31\x51\x88\xae"
- "\x79\x9c\xb7\x01\x2c\x4b\x2e\x73\x06\xa1\x78\xfa\xc3\x23\x8d\xfc\x44\x38"
- "\xef\x10\x11\x93\x85\x49\x21\x26\x4f\x02\xb3\xe4\x3e\xc7\xec\x1d\xfb\x3d"
- "\xa5\x1f\xfa\xd8\xe3\xc2\x37\xd6\x48\xa0\xd0\xf0\x60\x3e\x93\x8d\xb4\x31"
- "\x08\x9c\x6a\x2f\x69\x6f\xc7\xcc\x45\x07\x61\x9a\xac\xcf\x30\x8a\x9a\x06"
- "\x9c\x7b\xef\xb9\xbc\x16\xe3\x74\xb8\x71\x51\x3c\xaf\x45\x4e\xb7\x75\x8d"
- "\x97\x4b\xd5\xd1\xd0\xbd\xe7\xfa\xc1\x53\x58\x17\x7d\x4e\x37\x8e\x59\xb5"
- "\xd6\xd9\xee\xf6\x2c\xd5\xfb\xbb\xc5\x02\x3d\x08\x48\x37\x9d\xda\x6e\x3f"
- "\x92\x92\xbf\x22\x7a\x31\x32\xfb\xc1\xd8\xcd\xb3\x08\x26\x91\x6a\x38\x52"
- "\xa1\x8e\xfb\x3f\x66\x51\x45\x0b\xeb\x80\x4f\x6a\x23\x4a\xed\x37\xba\xd4"
- "\xca\x8d\xd1\xf7\xca\x35\x85\xc7\xb2\xcf\xf3\xb6\xf3\xdb\x08\xbe\xbf\xd6"
- "\x13\x92\x86\x11\x17\x51\x02\x62\xbc\x9e\x3a\xbb\x2b\x01\x15\x46\xae\x5c"
- "\xeb\x82\xf4\x0e\x89\x31\xad\x8e\x2c\xf6\x6e\x58\xb7\x5a\x45\x06\x20\x08"
- "\x9b\x8f\xb0\x16\x64\x92\x77\x3f\x1a\x2a\x0b\x70\xdf\x50\x76\xb3\x56\xc1"
- "\xad\x39\x40\xac\x66\x12\x71\xb6\xba\x51\x2d\xd3\xfe\xe2\x90\x58\x1c\xb8"
- "\xda\xbe\xfb\x4a\x41\xe9\x3c\x0a\x5c\xe1\x18\x71\x8f\xf6\x9f\x5f\x98\x32"
- "\x3c\x6e\x5a\x57\x2e\x36\xad\x11\x53\x4e\x93\xf4\x49\x0b\xfe\xef\x55\x6f"
- "\xfc\x14\x1b\x0e\xf6\xb2\x59\x62\xd6\x7d\xf0\x32\xb1\x85\x19\xa7\xa1\x6e"
- "\x77\xfa\x48\xfb\x22\xc4\x08\xe7\x58\xd9\x89\x8e\xf7\x44\x8f\x9d\xe7\x43"
- "\xc6\xbf\x90\x42\xcb\xfc\xd4\x14\x7b\xc3\x96\xc6\x19\x16\x3c\x39\xa0\xdb"
- "\x1d\x38\xea\x52\x09\x97\x7a\xa1\x3b\xbc\x08\x45\xdf\x98\x79\xd2\x4c\x16"
- "\x3c\x6d\x05\xbb\x56\x17\x4b\x2f\x7f\x8d\xd1\xcc\xe8\x05\xbe\xd6\xae\x50"
- "\x20\x08\x2e\x22\x21\xaa\x70\xbb\x78\xf9\x4b\x35\xb2\x66\x04\xb6\x9a\xbf"
- "\x8a\xd0\xf7\x72\x50\x8b\x16\xd6\x2a\x04\xf1\x4c\xcf\xb4\xe5\xa6\x54\x58"
- "\xd2\x76\xca\x86\xaa\x68\x10\xc1\xe1\x08\x04\xc1\x97\x94\x03\x97\xc5\x2d"
- "\x25\x84\x12\xfe\xdf\x7e\x3b\x6e\xb0\x71\x30\xf7\xcd\x0a\xdd\x7d\x69\xc8"
- "\x9d\xb2\x9d\x3a\x51\x55\x81\x12\x99\x93\x11\xee\xdf\x35\x8a\x8e\xe1\x44"
- "\x17\x12\x79\x7c\x71\x94\xe7\x44\x3c\x7d\xb6\xa4\x78\x71\xa8\xfe\x29\x71"
- "\x12\x04\x10\x8d\x24\x5e\x98\x81\xed\x63\x95\xe8\x89\xaf\x95\x8a\x8b\x4e"
- "\x9c\x86\x32\x83\x6f\xb7\x2a\x25\x1f\x44\xf0\xc3\xf9\x97\x9c\x9b\xfd\x0d"
- "\x4d\xd8\xaf\xb0\xea\xd4\x51\xb2\xb7\x4e\x1f\x76\x3b\x71\x62\x24\x18\x6b"
- "\x21\xbd\xec\xef\x9d\x6d\xaf\xab\x1c\x50\x8e\xc7\x36\xd9\x48\x40\x45\x5d"
- "\x09\x62\xd8\x9b\x0a\xc0\xe6\x97\x1e\xd5\x8b\xa9\xc1\x12\xbf\x41\x58\x6b"
- "\x9e\x58\x59\x64\xce\xa2\x78\x92\x9f\x9d\xda\x22\x56\x11\xc8\x33\x62\x1c"
- "\x1d\xa6\x55\x6c\x3a\x7c\xa1\xb9\x4a\x05\x66\x03\x72\x0f\x62\xd1\x17\x69"
- "\x85\xce\x4f\x23\xda\x62\x4d\xcd\xbb\x07\x9d\x80\xf5\xf7\x56\xf1\x2c\xff"
- "\x1c\x6d\x3c\x8c\x6f\xb9\x9f\x95\xde\x38\x4c\x7b\xca\x77\xec\xe3\xde\xa1"
- "\x98\xe5\x26\x69\xa8\xff\x13\x81\xe9\x03\x48\x2d\x2a\x53\xd1\x1c\x96\x6e"
- "\x26\x61\x8c\xd0\xd7\x58\x0c\xfd\x5a\x47\x60\xc4\x0b\x8e\xc7\xbf\x6d\xa1"
- "\xbc\x37\xcc\x8b\xe7\x1b\xc3\x59\xad\x5e\x78\x56\x96\x9b\x0d\x6d\x66\xd3"
- "\x54\xad\x28\xe6\xd8\x6a\x15\x5c\xcd\x73\xfd\x09\x27\x06\xd1\xbb\x00\x09"
- "\x53\x65\x83\x63\xb5\xda\x42\x9a\x8c\x1f\xed\x07\xd3\xa3\x80\x9e\x57\x05"
- "\xbf\x14\x40\xd9\xeb\x47\x30\x7a\xba\x79\xae\x75\xd0\x58\x33\x74\xb0\x0f"
- "\x4f\x6e\x7c\xfd\x85\x5f\xf7\x47\xa8\x85\xb8\xa7\x37\x60\x75\x5b\xa7\x5f"
- "\xbf\x11\x16\x4f\x55\x26\x3a\x62\x92\x33\xe3\xde\x1a\x04\x56\x7f\xa8\xb4"
- "\xec\x00\x6f\x09\x76\xea\x6c\x16\xd6\x67\xf8\x65\xab\x0a\xf9\x2f\x7f\xec"
- "\x56\xc5\xf9\x4e\xb3\x5a\x47\x55\xc8\xf4\xb2\x3c\x59\x2a\x57\xe6\xef\xad"
- "\xd2\xbc\x9d\x23\x8d\xe3\x0c\xea\x10\x5d\x4a\x74\x97\x39\xe3\x01\xbf\x26"
- "\x54\xca\x22\x59\xaa\x86\x37\xcd\x85\x08\xea\xbc\x55\xb5\xe0\x52\x5c\x09"
- "\x1d\x9e\x27\x79\x87\x6d\xdd\xc9\x72\x40\x19\xe2\x37\xa2\x72\xcc\x67\x91"
- "\x07\xc4\x7b\xd8\x1d\xe2\x18\x24\x6e\x4c\xbc\x10\x77\x9a\x94\x10\x06\x4c"
- "\xa3\x85\x61\xf3\xeb\x2d\xbf\x21\x3e\xb9\x3c\x80\xa7\xc4\x75\x13\x72\x0f"
- "\xa7\xe6\x89\xf0\xbe\xb0\xf8\xa0\x43\xa2\x1e\xd0\x47\x0f\xec\xbb\x95\x9c"
- "\x19\x6a\x82\xa1\x24\x22\x96\xf1\x6f\x49\x37\xfa\x22\x7d\xfd\xf5\xe1\xd1"
- "\x57\xe8\x43\xf8\xf4\xd5\xd1\xc7\xb3\x3c\x2c\xfa\x75\xb5\xc3\x9b\x57\x64"
- "\x85\xb1\x03\xd3\x3b\xfa\xb3\xc0\x70\xd4\x33\x7b\xc3\x1d\x12\x55\x29\xf2"
- "\x65\x71\xc4\xcb\x5e\xce\x98\x68\x41\x46\x50\x27\xde\x77\xd8\xca\x15\xd0"
- "\x29\x6e\xdb\xea\x19\x31\x25\xbb\xfb\x15\x21\x0e\xd1\x81\xeb\x9a\xde\xdd"
- "\xdc\xc1\xd1\x31\x77\x80\xbf\x1d\xf4\xfa\xde\x6e\xb3\xde\x2c\x49\x5e\x55"
- "\xda\xe2\xce\x70\x83\x46\x47\x23\x30\x17\xdf\xfc\xfb\x80\x91\xb8\x3e\xa8"
- "\xd5\x2a\xc6\x86\x93\x81\xf7\x55\x1f\xf7\xa4\xb7\xac\x10\x77\x25\x87\x6b"
- "\xc4\x67\x30\x93\x43\xb0\xf2\x2b\xcc\xf0\x53\xf2\x66\xc4\x41\x69\xb8\x7c"
- "\x45\x88\x2e\xbf\x1f\x32\x0b\x16\x93\xa1\x74\x9c\xab\xe7\xfa\xc9\xbd\x52"
- "\xb9\xea\x4b\x73\x0e\x12\x1c\xa3\x1e\xd4\x69\x83\x16\x38\x94\x05\x65\xcb"
- "\x27\xad\xbb\xd4\xed\x46\xf0\xc2\xde\x40\xee\x8a\xab\x3a\xa0\x24\x91\x0f"
- "\x3a",
- 3637);
- *(uint64_t*)0x200000000418 = 0xe35;
- *(uint64_t*)0x200000001dd8 = 2;
- *(uint64_t*)0x200000001de0 = 0;
- *(uint64_t*)0x200000001de8 = 0;
- *(uint32_t*)0x200000001df0 = 0;
- *(uint32_t*)0x200000001df8 = 0;
- *(uint64_t*)0x200000001e00 = 0;
- *(uint32_t*)0x200000001e08 = 0;
- *(uint64_t*)0x200000001e10 = 0x200000000700;
- *(uint64_t*)0x200000000700 = 0x200000000500;
- memset((void*)0x200000000500, 91, 1);
- *(uint64_t*)0x200000000708 = 1;
- *(uint64_t*)0x200000001e18 = 1;
- *(uint64_t*)0x200000001e20 = 0;
- *(uint64_t*)0x200000001e28 = 0;
- *(uint32_t*)0x200000001e30 = 0;
- *(uint32_t*)0x200000001e38 = 0;
- syscall(__NR_sendmmsg, /*fd=*/r[73], /*mmsg=*/0x200000001d80ul, /*vlen=*/3ul,
- /*f=*/0ul);
- memcpy((void*)0x200000000000, "/dev/snd/timer\000", 15);
- res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
- /*file=*/0x200000000000ul, /*flags=*/0, 0);
- if (res != -1)
- r[74] = res;
- res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
- if (res != -1)
- r[75] = res;
- memcpy((void*)0x200000000040, "ethtool\000", 8);
- res = -1;
- res = syz_genetlink_get_family_id(/*name=*/0x200000000040, /*fd=*/-1);
- if (res != -1)
- r[76] = res;
- *(uint64_t*)0x200000000340 = 0;
- *(uint32_t*)0x200000000348 = 0;
- *(uint64_t*)0x200000000350 = 0x200000000300;
- *(uint64_t*)0x200000000300 = 0x200000000080;
- *(uint32_t*)0x200000000080 = 0x28;
- *(uint16_t*)0x200000000084 = r[76];
- *(uint16_t*)0x200000000086 = 1;
- *(uint32_t*)0x200000000088 = 0;
- *(uint32_t*)0x20000000008c = 0;
- *(uint8_t*)0x200000000090 = 1;
- *(uint8_t*)0x200000000091 = 0;
- *(uint16_t*)0x200000000092 = 0;
- *(uint16_t*)0x200000000094 = 4;
- STORE_BY_BITMASK(uint16_t, , 0x200000000096, 1, 0, 14);
- STORE_BY_BITMASK(uint16_t, , 0x200000000097, 0, 6, 1);
- STORE_BY_BITMASK(uint16_t, , 0x200000000097, 1, 7, 1);
- *(uint16_t*)0x200000000098 = 0x10;
- STORE_BY_BITMASK(uint16_t, , 0x20000000009a, 2, 0, 14);
- STORE_BY_BITMASK(uint16_t, , 0x20000000009b, 0, 6, 1);
- STORE_BY_BITMASK(uint16_t, , 0x20000000009b, 1, 7, 1);
- *(uint16_t*)0x20000000009c = 0xc;
- STORE_BY_BITMASK(uint16_t, , 0x20000000009e, 1, 0, 14);
- STORE_BY_BITMASK(uint16_t, , 0x20000000009f, 0, 6, 1);
- STORE_BY_BITMASK(uint16_t, , 0x20000000009f, 1, 7, 1);
- *(uint16_t*)0x2000000000a0 = 8;
- *(uint16_t*)0x2000000000a2 = 1;
- *(uint32_t*)0x2000000000a4 = 0x3c25443f;
- *(uint64_t*)0x200000000308 = 0x28;
- *(uint64_t*)0x200000000358 = 1;
- *(uint64_t*)0x200000000360 = 0;
- *(uint64_t*)0x200000000368 = 0;
- *(uint32_t*)0x200000000370 = 0;
- syscall(__NR_sendmsg, /*fd=*/r[75], /*msg=*/0x200000000340ul, /*f=*/0ul);
- res = syscall(__NR_epoll_create1, /*flags=*/0ul);
- if (res != -1)
- r[77] = res;
- memcpy((void*)0x200000000200, "/dev/autofs\000", 12);
- res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
- /*file=*/0x200000000200ul, /*flags=*/0, /*mode=*/0);
- if (res != -1)
- r[78] = res;
- res = syscall(__NR_fcntl, /*fd=*/r[78], /*cmd=*/0ul, /*arg=*/r[77]);
- if (res != -1)
- r[79] = res;
- res = syscall(__NR_epoll_create1, /*flags=*/0ul);
- if (res != -1)
- r[80] = res;
- syz_sysconfig_set__proc_sys_vm_vfs_cache_pressure(/*val=*/0x80000000);
- syscall(__NR_setsockopt, /*fd=*/-1, /*level=*/0x10e, /*opt=*/1, /*arg=*/0ul,
- /*arglen=*/0ul);
- res = -1;
- res = syz_open_dev(/*dev=*/0xc, /*major=*/4, /*minor=*/1);
- if (res != -1)
- r[81] = res;
- memcpy((void*)0x200000000000,
- "\x1b\x5b\x33\x07\x38\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x6d",
- 25);
- syscall(__NR_write, /*fd=*/r[81], /*data=*/0x200000000000ul, /*len=*/0x78ul);
- syscall(__NR_connect, /*fd=*/r[79], /*addr=*/0ul, /*addrlen=*/0ul);
- syscall(__NR_epoll_ctl, /*epfd=*/r[80], /*op=*/1ul, /*fd=*/r[73], /*ev=*/0ul);
- *(uint32_t*)0x200000000140 = 1;
- syscall(__NR_ioctl, /*fd=*/r[74], /*cmd=*/0x40045402,
- /*arg=*/0x200000000140ul);
- *(uint32_t*)0x200000000080 = 1;
- *(uint32_t*)0x200000000084 = 0;
- *(uint32_t*)0x200000000088 = 0;
- *(uint32_t*)0x20000000008c = 0;
- *(uint32_t*)0x200000000090 = 0;
- memset((void*)0x200000000094, 0, 32);
- syscall(__NR_ioctl, /*fd=*/r[74], /*cmd=*/0x40345410,
- /*arg=*/0x200000000080ul);
- *(uint32_t*)0x200000000440 = 0;
- *(uint32_t*)0x200000000444 = 0x20000006;
- *(uint32_t*)0x200000000448 = 0;
- *(uint32_t*)0x20000000044c = 0;
- *(uint32_t*)0x200000000450 = 0;
- memset((void*)0x200000000454, 0, 60);
- syscall(__NR_ioctl, /*fd=*/r[74], /*cmd=*/0x40505412,
- /*arg=*/0x200000000440ul);
- syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x54a2, 0);
- *(uint64_t*)0x200000003140 = 0x200000001400;
- *(uint32_t*)0x200000003148 = 0x80;
- *(uint64_t*)0x200000003150 = 0;
- *(uint64_t*)0x200000003158 = 0;
- *(uint64_t*)0x200000003160 = 0;
- *(uint64_t*)0x200000003168 = 0;
- *(uint32_t*)0x200000003170 = 0;
- *(uint32_t*)0x200000003178 = 0;
- syscall(__NR_recvmmsg, /*fd=*/-1, /*mmsg=*/0x200000003140ul, /*vlen=*/1ul,
- /*f=*/0ul, /*timeout=*/0ul);
- memcpy((void*)0x200000000680, "net/ptype\000", 10);
- res = -1;
- res = syz_open_procfs(/*pid=*/0, /*file=*/0x200000000680);
- if (res != -1)
- r[82] = res;
- syscall(__NR_preadv, /*fd=*/r[82], /*vec=*/0x2000000017c0ul, /*vlen=*/0x231ul,
- /*off_low=*/0x7a00, /*off_high=*/0);
- memcpy((void*)0x200000000000, "./bus\000", 6);
- syscall(__NR_creat, /*file=*/0x200000000000ul, /*mode=*/0ul);
- *(uint32_t*)0x200000000200 = 9;
- *(uint32_t*)0x200000000204 = 0x80;
- *(uint8_t*)0x200000000208 = 0;
- *(uint8_t*)0x200000000209 = 5;
- *(uint8_t*)0x20000000020a = 0;
- *(uint8_t*)0x20000000020b = 0;
- *(uint32_t*)0x20000000020c = 0;
- *(uint64_t*)0x200000000210 = 0;
- *(uint64_t*)0x200000000218 = 0x80810;
- *(uint64_t*)0x200000000220 = 0;
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 0, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 1, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 2, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 3, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 4, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 5, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 6, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 7, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 8, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 9, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 10, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 11, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 12, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 13, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 14, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 15, 2);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 17, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 18, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 19, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 20, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 21, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 22, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 23, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 24, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 25, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 26, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 27, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 28, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 29, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 30, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 31, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 32, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 33, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 34, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 35, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 36, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 37, 1);
- STORE_BY_BITMASK(uint64_t, , 0x200000000228, 0, 38, 26);
- *(uint32_t*)0x200000000230 = 0;
- *(uint32_t*)0x200000000234 = 0;
- *(uint64_t*)0x200000000238 = 0x200000000000;
- *(uint64_t*)0x200000000240 = 0;
- *(uint64_t*)0x200000000248 = 0;
- *(uint64_t*)0x200000000250 = 0;
- *(uint32_t*)0x200000000258 = 0;
- *(uint32_t*)0x20000000025c = 0;
- *(uint64_t*)0x200000000260 = 0;
- *(uint32_t*)0x200000000268 = 3;
- *(uint16_t*)0x20000000026c = 0;
- *(uint16_t*)0x20000000026e = 0;
- *(uint32_t*)0x200000000270 = 0;
- *(uint32_t*)0x200000000274 = 0;
- *(uint64_t*)0x200000000278 = 0;
- syscall(__NR_perf_event_open, /*attr=*/0x200000000200ul, /*pid=*/0,
- /*cpu=*/0x20000000ul, /*group=*/-1,
- /*flags=PERF_FLAG_FD_CLOEXEC|PERF_FLAG_FD_NO_GROUP*/ 9ul);
- memcpy((void*)0x200000000080, "./bus\000", 6);
- syscall(__NR_open, /*file=*/0x200000000080ul, /*flags=*/0ul, /*mode=*/0ul);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
