// autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static long syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(volatile long val) { char command[256]; sprintf(command, "echo %ld > /proc/sys/net/ipv6/conf/sit0/accept_source_route", val); int ret = system(command); if (ret != 0) { return 0; } return 0; } static long syz_sysconfig_reset__proc_sys_net_ipv6_ip6frag_time() { char command[256]; sprintf(command, "echo 60 > /proc/sys/net/ipv6/ip6frag_time"); int ret = system(command); if (ret != 0) { return 0; } return 0; } static long syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu(volatile long val) { char command[256]; sprintf(command, "echo %ld > /sys/devices/pci0000:00/0000:00:03.0/net/eth0/mtu", val); int ret = system(command); if (ret != 0) { return 0; } return 0; } static long syz_sysconfig_reset__proc_sys_net_ipv6_conf_eth0_accept_untracked_na() { char command[256]; sprintf(command, "echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_untracked_na"); int ret = system(command); if (ret != 0) { return 0; } return 0; } #ifndef __NR_cachestat #define __NR_cachestat 451 #endif #ifndef __NR_close_range #define __NR_close_range 436 #endif #ifndef __NR_epoll_pwait2 #define __NR_epoll_pwait2 441 #endif #ifndef __NR_fsconfig #define __NR_fsconfig 431 #endif #ifndef __NR_fsmount #define __NR_fsmount 432 #endif #ifndef __NR_fspick #define __NR_fspick 433 #endif #ifndef __NR_io_uring_enter #define __NR_io_uring_enter 426 #endif #ifndef __NR_io_uring_register #define __NR_io_uring_register 427 #endif #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif #ifndef __NR_pidfd_getfd #define __NR_pidfd_getfd 438 #endif #ifndef __NR_pwritev2 #define __NR_pwritev2 328 #endif #ifndef __NR_renameat2 #define __NR_renameat2 316 #endif #ifndef __NR_seccomp #define __NR_seccomp 317 #endif static unsigned long long procid; #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \ *(type*)(addr) = \ htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \ (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } struct nlmsg { char* pos; int nesting; struct nlattr* nested[8]; char buf[4096]; }; static void netlink_init(struct nlmsg* nlmsg, int typ, int flags, const void* data, int size) { memset(nlmsg, 0, sizeof(*nlmsg)); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_type = typ; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags; memcpy(hdr + 1, data, size); nlmsg->pos = (char*)(hdr + 1) + NLMSG_ALIGN(size); } static void netlink_attr(struct nlmsg* nlmsg, int typ, const void* data, int size) { struct nlattr* attr = (struct nlattr*)nlmsg->pos; attr->nla_len = sizeof(*attr) + size; attr->nla_type = typ; if (size > 0) memcpy(attr + 1, data, size); nlmsg->pos += NLMSG_ALIGN(attr->nla_len); } static int netlink_send_ext(struct nlmsg* nlmsg, int sock, uint16_t reply_type, int* reply_len, bool dofail) { if (nlmsg->pos > nlmsg->buf + sizeof(nlmsg->buf) || nlmsg->nesting) exit(1); struct nlmsghdr* hdr = (struct nlmsghdr*)nlmsg->buf; hdr->nlmsg_len = nlmsg->pos - nlmsg->buf; struct sockaddr_nl addr; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; ssize_t n = sendto(sock, nlmsg->buf, hdr->nlmsg_len, 0, (struct sockaddr*)&addr, sizeof(addr)); if (n != (ssize_t)hdr->nlmsg_len) { if (dofail) exit(1); return -1; } n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); if (reply_len) *reply_len = 0; if (n < 0) { if (dofail) exit(1); return -1; } if (n < (ssize_t)sizeof(struct nlmsghdr)) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type == NLMSG_DONE) return 0; if (reply_len && hdr->nlmsg_type == reply_type) { *reply_len = n; return 0; } if (n < (ssize_t)(sizeof(struct nlmsghdr) + sizeof(struct nlmsgerr))) { errno = EINVAL; if (dofail) exit(1); return -1; } if (hdr->nlmsg_type != NLMSG_ERROR) { errno = EINVAL; if (dofail) exit(1); return -1; } errno = -((struct nlmsgerr*)(hdr + 1))->error; return -errno; } static int netlink_query_family_id(struct nlmsg* nlmsg, int sock, const char* family_name, bool dofail) { struct genlmsghdr genlhdr; memset(&genlhdr, 0, sizeof(genlhdr)); genlhdr.cmd = CTRL_CMD_GETFAMILY; netlink_init(nlmsg, GENL_ID_CTRL, 0, &genlhdr, sizeof(genlhdr)); netlink_attr(nlmsg, CTRL_ATTR_FAMILY_NAME, family_name, strnlen(family_name, GENL_NAMSIZ - 1) + 1); int n = 0; int err = netlink_send_ext(nlmsg, sock, GENL_ID_CTRL, &n, dofail); if (err < 0) { return -1; } uint16_t id = 0; struct nlattr* attr = (struct nlattr*)(nlmsg->buf + NLMSG_HDRLEN + NLMSG_ALIGN(sizeof(genlhdr))); for (; (char*)attr < nlmsg->buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) { id = *(uint16_t*)(attr + 1); break; } } if (!id) { errno = EINVAL; return -1; } recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0); return id; } const int kInitNetNsFd = 201; static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(volatile long a0, volatile long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { return syscall(__NR_socket, domain, type, proto); } static long syz_genetlink_get_family_id(volatile long name, volatile long sock_arg) { int fd = sock_arg; if (fd < 0) { fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } } struct nlmsg nlmsg_tmp; int ret = netlink_query_family_id(&nlmsg_tmp, fd, (char*)name, false); if ((int)sock_arg < 0) close(fd); if (ret < 0) { return -1; } return ret; } //% This code is derived from puff.{c,h}, found in the zlib development. The //% original files come with the following copyright notice: //% Copyright (C) 2002-2013 Mark Adler, all rights reserved //% version 2.3, 21 Jan 2013 //% This software is provided 'as-is', without any express or implied //% warranty. In no event will the author be held liable for any damages //% arising from the use of this software. //% Permission is granted to anyone to use this software for any purpose, //% including commercial applications, and to alter it and redistribute it //% freely, subject to the following restrictions: //% 1. The origin of this software must not be misrepresented; you must not //% claim that you wrote the original software. If you use this software //% in a product, an acknowledgment in the product documentation would be //% appreciated but is not required. //% 2. Altered source versions must be plainly marked as such, and must not be //% misrepresented as being the original software. //% 3. This notice may not be removed or altered from any source distribution. //% Mark Adler madler@alumni.caltech.edu //% BEGIN CODE DERIVED FROM puff.{c,h} #define MAXBITS 15 #define MAXLCODES 286 #define MAXDCODES 30 #define MAXCODES (MAXLCODES + MAXDCODES) #define FIXLCODES 288 struct puff_state { unsigned char* out; unsigned long outlen; unsigned long outcnt; const unsigned char* in; unsigned long inlen; unsigned long incnt; int bitbuf; int bitcnt; jmp_buf env; }; static int puff_bits(struct puff_state* s, int need) { long val = s->bitbuf; while (s->bitcnt < need) { if (s->incnt == s->inlen) longjmp(s->env, 1); val |= (long)(s->in[s->incnt++]) << s->bitcnt; s->bitcnt += 8; } s->bitbuf = (int)(val >> need); s->bitcnt -= need; return (int)(val & ((1L << need) - 1)); } static int puff_stored(struct puff_state* s) { s->bitbuf = 0; s->bitcnt = 0; if (s->incnt + 4 > s->inlen) return 2; unsigned len = s->in[s->incnt++]; len |= s->in[s->incnt++] << 8; if (s->in[s->incnt++] != (~len & 0xff) || s->in[s->incnt++] != ((~len >> 8) & 0xff)) return -2; if (s->incnt + len > s->inlen) return 2; if (s->outcnt + len > s->outlen) return 1; for (; len--; s->outcnt++, s->incnt++) { if (s->in[s->incnt]) s->out[s->outcnt] = s->in[s->incnt]; } return 0; } struct puff_huffman { short* count; short* symbol; }; static int puff_decode(struct puff_state* s, const struct puff_huffman* h) { int first = 0; int index = 0; int bitbuf = s->bitbuf; int left = s->bitcnt; int code = first = index = 0; int len = 1; short* next = h->count + 1; while (1) { while (left--) { code |= bitbuf & 1; bitbuf >>= 1; int count = *next++; if (code - count < first) { s->bitbuf = bitbuf; s->bitcnt = (s->bitcnt - len) & 7; return h->symbol[index + (code - first)]; } index += count; first += count; first <<= 1; code <<= 1; len++; } left = (MAXBITS + 1) - len; if (left == 0) break; if (s->incnt == s->inlen) longjmp(s->env, 1); bitbuf = s->in[s->incnt++]; if (left > 8) left = 8; } return -10; } static int puff_construct(struct puff_huffman* h, const short* length, int n) { int len; for (len = 0; len <= MAXBITS; len++) h->count[len] = 0; int symbol; for (symbol = 0; symbol < n; symbol++) (h->count[length[symbol]])++; if (h->count[0] == n) return 0; int left = 1; for (len = 1; len <= MAXBITS; len++) { left <<= 1; left -= h->count[len]; if (left < 0) return left; } short offs[MAXBITS + 1]; offs[1] = 0; for (len = 1; len < MAXBITS; len++) offs[len + 1] = offs[len] + h->count[len]; for (symbol = 0; symbol < n; symbol++) if (length[symbol] != 0) h->symbol[offs[length[symbol]]++] = symbol; return left; } static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode, const struct puff_huffman* distcode) { static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258}; static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0}; static const short dists[30] = { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577}; static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13}; int symbol; do { symbol = puff_decode(s, lencode); if (symbol < 0) return symbol; if (symbol < 256) { if (s->outcnt == s->outlen) return 1; if (symbol) s->out[s->outcnt] = symbol; s->outcnt++; } else if (symbol > 256) { symbol -= 257; if (symbol >= 29) return -10; int len = lens[symbol] + puff_bits(s, lext[symbol]); symbol = puff_decode(s, distcode); if (symbol < 0) return symbol; unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]); if (dist > s->outcnt) return -11; if (s->outcnt + len > s->outlen) return 1; while (len--) { if (dist <= s->outcnt && s->out[s->outcnt - dist]) s->out[s->outcnt] = s->out[s->outcnt - dist]; s->outcnt++; } } } while (symbol != 256); return 0; } static int puff_fixed(struct puff_state* s) { static int virgin = 1; static short lencnt[MAXBITS + 1], lensym[FIXLCODES]; static short distcnt[MAXBITS + 1], distsym[MAXDCODES]; static struct puff_huffman lencode, distcode; if (virgin) { lencode.count = lencnt; lencode.symbol = lensym; distcode.count = distcnt; distcode.symbol = distsym; short lengths[FIXLCODES]; int symbol; for (symbol = 0; symbol < 144; symbol++) lengths[symbol] = 8; for (; symbol < 256; symbol++) lengths[symbol] = 9; for (; symbol < 280; symbol++) lengths[symbol] = 7; for (; symbol < FIXLCODES; symbol++) lengths[symbol] = 8; puff_construct(&lencode, lengths, FIXLCODES); for (symbol = 0; symbol < MAXDCODES; symbol++) lengths[symbol] = 5; puff_construct(&distcode, lengths, MAXDCODES); virgin = 0; } return puff_codes(s, &lencode, &distcode); } static int puff_dynamic(struct puff_state* s) { static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; int nlen = puff_bits(s, 5) + 257; int ndist = puff_bits(s, 5) + 1; int ncode = puff_bits(s, 4) + 4; if (nlen > MAXLCODES || ndist > MAXDCODES) return -3; short lengths[MAXCODES]; int index; for (index = 0; index < ncode; index++) lengths[order[index]] = puff_bits(s, 3); for (; index < 19; index++) lengths[order[index]] = 0; short lencnt[MAXBITS + 1], lensym[MAXLCODES]; struct puff_huffman lencode = {lencnt, lensym}; int err = puff_construct(&lencode, lengths, 19); if (err != 0) return -4; index = 0; while (index < nlen + ndist) { int symbol; int len; symbol = puff_decode(s, &lencode); if (symbol < 0) return symbol; if (symbol < 16) lengths[index++] = symbol; else { len = 0; if (symbol == 16) { if (index == 0) return -5; len = lengths[index - 1]; symbol = 3 + puff_bits(s, 2); } else if (symbol == 17) symbol = 3 + puff_bits(s, 3); else symbol = 11 + puff_bits(s, 7); if (index + symbol > nlen + ndist) return -6; while (symbol--) lengths[index++] = len; } } if (lengths[256] == 0) return -9; err = puff_construct(&lencode, lengths, nlen); if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1])) return -7; short distcnt[MAXBITS + 1], distsym[MAXDCODES]; struct puff_huffman distcode = {distcnt, distsym}; err = puff_construct(&distcode, lengths + nlen, ndist); if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1])) return -8; return puff_codes(s, &lencode, &distcode); } static int puff(unsigned char* dest, unsigned long* destlen, const unsigned char* source, unsigned long sourcelen) { struct puff_state s = { .out = dest, .outlen = *destlen, .outcnt = 0, .in = source, .inlen = sourcelen, .incnt = 0, .bitbuf = 0, .bitcnt = 0, }; int err; if (setjmp(s.env) != 0) err = 2; else { int last; do { last = puff_bits(&s, 1); int type = puff_bits(&s, 2); err = type == 0 ? puff_stored(&s) : (type == 1 ? puff_fixed(&s) : (type == 2 ? puff_dynamic(&s) : -1)); if (err != 0) break; } while (!last); } *destlen = s.outcnt; return err; } //% END CODE DERIVED FROM puff.{c,h} #define ZLIB_HEADER_WIDTH 2 static int puff_zlib_to_file(const unsigned char* source, unsigned long sourcelen, int dest_fd) { if (sourcelen < ZLIB_HEADER_WIDTH) return 0; source += ZLIB_HEADER_WIDTH; sourcelen -= ZLIB_HEADER_WIDTH; const unsigned long max_destlen = 132 << 20; void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ, MAP_PRIVATE | MAP_ANON, -1, 0); if (ret == MAP_FAILED) return -1; unsigned char* dest = (unsigned char*)ret; unsigned long destlen = max_destlen; int err = puff(dest, &destlen, source, sourcelen); if (err) { munmap(dest, max_destlen); errno = -err; return -1; } if (write(dest_fd, dest, destlen) != (ssize_t)destlen) { munmap(dest, max_destlen); return -1; } return munmap(dest, max_destlen); } static int setup_loop_device(unsigned char* data, unsigned long size, const char* loopname, int* loopfd_p) { int err = 0, loopfd = -1; int memfd = syscall(__NR_memfd_create, "syzkaller", 0); if (memfd == -1) { err = errno; goto error; } if (puff_zlib_to_file(data, size, memfd)) { err = errno; goto error_close_memfd; } loopfd = open(loopname, O_RDWR); if (loopfd == -1) { err = errno; goto error_close_memfd; } if (ioctl(loopfd, LOOP_SET_FD, memfd)) { if (errno != EBUSY) { err = errno; goto error_close_loop; } ioctl(loopfd, LOOP_CLR_FD, 0); usleep(1000); if (ioctl(loopfd, LOOP_SET_FD, memfd)) { err = errno; goto error_close_loop; } } close(memfd); *loopfd_p = loopfd; return 0; error_close_loop: close(loopfd); error_close_memfd: close(memfd); error: errno = err; return -1; } static void reset_loop_device(const char* loopname) { int loopfd = open(loopname, O_RDWR); if (loopfd == -1) { return; } if (ioctl(loopfd, LOOP_CLR_FD, 0)) { } close(loopfd); } static long syz_mount_image(volatile long fsarg, volatile long dir, volatile long flags, volatile long optsarg, volatile long change_dir, volatile unsigned long size, volatile long image) { unsigned char* data = (unsigned char*)image; int res = -1, err = 0, need_loop_device = !!size; char* mount_opts = (char*)optsarg; char* target = (char*)dir; char* fs = (char*)fsarg; char* source = NULL; char loopname[64]; if (need_loop_device) { int loopfd; memset(loopname, 0, sizeof(loopname)); snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid); if (setup_loop_device(data, size, loopname, &loopfd) == -1) return -1; close(loopfd); source = loopname; } mkdir(target, 0777); char opts[256]; memset(opts, 0, sizeof(opts)); if (strlen(mount_opts) > (sizeof(opts) - 32)) { } strncpy(opts, mount_opts, sizeof(opts) - 32); if (strcmp(fs, "iso9660") == 0) { flags |= MS_RDONLY; } else if (strncmp(fs, "ext", 3) == 0) { bool has_remount_ro = false; char* remount_ro_start = strstr(opts, "errors=remount-ro"); if (remount_ro_start != NULL) { char after = *(remount_ro_start + strlen("errors=remount-ro")); char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1); has_remount_ro = ((before == '\0' || before == ',') && (after == '\0' || after == ',')); } if (strstr(opts, "errors=panic") || !has_remount_ro) strcat(opts, ",errors=continue"); } else if (strcmp(fs, "xfs") == 0) { strcat(opts, ",nouuid"); } res = mount(source, target, fs, flags, opts); if (res == -1) { err = errno; goto error_clear_loop; } res = open(target, O_RDONLY | O_DIRECTORY); if (res == -1) { err = errno; goto error_clear_loop; } if (change_dir) { res = chdir(target); if (res == -1) { err = errno; } } error_clear_loop: if (need_loop_device) reset_loop_device(loopname); errno = err; return res; } uint64_t r[197] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); const char* reason; (void)reason; intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } memcpy((void*)0x200000007f80, "./bus\000", 6); res = syscall( __NR_open, /*file=*/0x200000007f80ul, /*flags=O_SYNC|O_NOCTTY|O_NOATIME|O_DIRECT|O_CREAT|0x2*/ 0x145142ul, /*mode=*/0ul); if (res != -1) r[0] = res; syscall(__NR_ftruncate, /*fd=*/r[0], /*len=*/0x2007ffbul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xb36000ul, /*prot=PROT_WRITE*/ 2ul, /*flags=MAP_STACK|MAP_POPULATE|MAP_FIXED|MAP_SHARED*/ 0x28011ul, /*fd=*/r[0], /*offset=*/0ul); memcpy((void*)0x200000000540, "syztnl1\000\000\000\000\000\000\000\000\000", 16); *(uint64_t*)0x200000000550 = 0x200000002800; memcpy((void*)0x200000002800, "syztnl1\000\000\000\000\000\000\000\000\000", 16); *(uint32_t*)0x200000002810 = 0; *(uint16_t*)0x200000002814 = htobe16(0); *(uint16_t*)0x200000002816 = htobe16(0); *(uint32_t*)0x200000002818 = htobe32(0); *(uint32_t*)0x20000000281c = htobe32(0); STORE_BY_BITMASK(uint8_t, , 0x200000002820, 5, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x200000002820, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x200000002821, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x200000002821, 0, 2, 6); *(uint16_t*)0x200000002822 = htobe16(0x14); *(uint16_t*)0x200000002824 = htobe16(0); *(uint16_t*)0x200000002826 = htobe16(0); *(uint8_t*)0x200000002828 = 0; *(uint8_t*)0x200000002829 = 0; *(uint16_t*)0x20000000282a = htobe16(0); *(uint32_t*)0x20000000282c = htobe32(0xe0000001); *(uint32_t*)0x200000002830 = htobe32(0xe0000001); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x200000002820, 20); *(uint16_t*)0x20000000282a = csum_inet_digest(&csum_1); syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f2, /*arg=*/0x200000000540ul); syscall(__NR_mbind, /*addr=*/0x200000001000ul, /*len=*/0x800000ul, /*mode=*/0ul, /*nodemask=*/0ul, /*maxnode=*/0ul, /*flags=MPOL_MF_MOVE*/ 2ul); *(uint16_t*)0x200000000000 = 1; *(uint64_t*)0x200000000008 = 0x200000000040; *(uint16_t*)0x200000000040 = 6; *(uint8_t*)0x200000000042 = 0x99; *(uint8_t*)0x200000000043 = -1; *(uint32_t*)0x200000000044 = 8; syscall(__NR_seccomp, /*op=*/1ul, /*flags=*/0ul, /*arg=*/0x200000000000ul); memcpy((void*)0x2000000002c0, "./file0\000", 8); syscall(__NR_open, /*file=*/0x2000000002c0ul, /*flags=O_SYNC|O_NONBLOCK|O_CLOEXEC|O_WRONLY*/ 0x181801ul, /*mode=S_IXGRP|S_IWGRP*/ 0x18ul); memcpy((void*)0x2000000000c0, "vfat\000", 5); memcpy((void*)0x200000000300, "./file0\000", 8); memcpy( (void*)0x200000000800, "\x78\x9c\xec\xdc\xcb\x6b\x13\x5f\x14\xc0\xf1\xd3\xf4\x95\xa6\xb4\xc9\xe2" "\xc7\x4f\x14\xa4\x07\xdd\xe8\x66\x68\xa3\x6b\x31\x48\x0b\x62\xc0\x52\x1b" "\xf1\x01\xc2\xb4\x9d\x68\xc8\x98\x94\x4c\xa8\x44\xc4\xea\xca\xad\xf8\x47" "\xb8\x28\x5d\x76\x57\xd0\xfe\x03\xdd\xb8\xd3\x8d\x1b\x77\xdd\x08\x2e\xec" "\x42\x1c\xc9\x3c\xfa\x4c\x69\x69\x9b\x4c\xdb\x7c\x3f\x10\xee\x4d\xee\x3d" "\x33\xf7\x4e\x26\xe1\xdc\x21\x93\xb5\x07\xef\x9f\x17\xf3\x8e\x91\x37\xab" "\x12\x8b\xab\x74\x88\x88\xac\x8b\xa4\x24\x26\xa1\x8e\xa0\x8c\x79\xf5\x1e" "\xd9\xea\x8d\x5c\xed\xff\xf5\xf5\xe2\xbd\x87\x8f\xee\x64\xb2\xd9\xd1\x09" "\xd5\xb1\xcc\xe4\xb5\xb4\xaa\x0e\x0e\x7d\x7a\xf1\xaa\x2f\xe8\xb6\xdc\x2b" "\xab\xa9\x27\x6b\x3f\xd3\x3f\x56\xff\x5f\x3d\xbf\xf6\x77\xf2\x59\xc1\xd1" "\x82\xa3\xa5\x72\x55\x4d\x9d\x2a\x7f\xaf\x9a\x53\xb6\xa5\x33\x05\xa7\x68" "\xa8\x8e\xdb\x96\xe9\x58\x5a\x28\x39\x56\xc5\x6f\x2f\xfb\xed\x79\xbb\x3c" "\x3b\x5b\x53\xb3\x34\x33\x90\x98\xad\x58\x8e\xa3\x66\xa9\xa6\x45\xab\xa6" "\xd5\xb2\x56\x2b\x35\x35\x9f\x9a\x85\x92\x1a\x86\xa1\x03\x09\xc1\x7e\x72" "\x0b\x13\x13\x66\xe6\x90\xc1\xd3\xc7\x3c\x18\x34\x49\xa5\x92\x31\x3b\x45" "\xa4\x6f\x57\x4b\x6e\x21\x92\x01\x01\x00\x80\x48\xed\xcc\xff\x63\xf5\x94" "\xfe\xf8\xf2\xff\xc5\x4b\x2b\xd5\xfe\xfb\x4b\x83\x41\xfe\xbf\xdc\xd3\x28" "\xff\xbf\xfe\xcd\xdf\xd6\xb6\xfc\x3f\x2e\x22\x4d\xcf\xff\x77\x67\x44\xed" "\xe5\x48\xf9\x3f\x4e\x89\x7a\xfe\x9f\x08\x3e\xbf\x9e\xb7\x8f\x17\x87\xbd" "\x0a\xf9\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\xa7\xc1\xba\xeb\x26\x5d\xd7\x4d\x86\x65\xf8\xe8\x15\x91\xb8\x88" "\x84\xcf\xa3\x1e\x27\x9a\x83\xf7\xbf\xbd\x6d\xde\xb8\xd7\x35\x28\x62\xbf" "\x9b\xcb\xcd\xe5\xfc\x32\xe8\xb0\x22\x22\xb6\x58\x32\x2c\x49\xf9\xe3\x9d" "\x0f\x81\x7a\x3d\xbc\x17\x50\xeb\x52\xf2\xd9\x9e\x0f\xe2\xe7\xe7\x72\x9d" "\x5e\x4b\x26\x2f\x05\x2f\x7e\x44\x92\x92\xda\x19\xef\xba\x63\xb7\xb3\xa3" "\x23\xea\xdb\x1e\xdf\x2d\x89\xad\xf1\x69\x49\xca\x7f\x8d\xe3\xd3\x0d\xe3" "\x7b\xe4\xca\xe5\x2d\xf1\x86\x24\xe5\xcb\xb4\x94\xc5\x96\x19\xef\xbc\xde" "\x8c\x7f\x3d\xa2\x7a\xeb\x6e\x76\x47\x7c\x9f\xd7\x0f\x00\x00\x00\x00\x80" "\xb3\xc0\xd0\x0d\x0d\xd7\xef\x86\xb1\x57\xbb\x1f\xbf\xb1\xbe\x6e\x78\x7d" "\xc0\x5f\x5f\x0f\x37\x5c\x9f\x77\xc9\x85\xae\x68\xe7\x0e\x00\x00\x00\x00" "\x40\xbb\x70\x6a\x2f\x8b\xa6\x6d\x5b\x95\x33\x57\x09\x67\x78\xd0\xa8\xf0" "\xb7\x0c\x91\x8c\x39\xdc\xf9\xc9\x38\x74\x07\xa8\xc4\x0e\x35\xd4\x21\x11" "\xb1\xf5\xa8\x7b\x0f\x2f\x1b\xed\xd5\x47\xc6\xa3\x3a\x2c\xe7\x3e\x7c\xfc" "\x7d\x7c\x1b\xbc\xb1\x14\xdf\x67\xa6\x4d\xab\x74\xb7\xf6\x5b\x08\x00\x00" "\x00\x40\x2b\x6c\x26\xfd\xe1\x2b\x37\xa3\x1d\x10\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6d" "\xa8\x15\x7f\x27\x16\xf5\x1c\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x93" "\xe2\x5f\x00\x00\x00\xff\xff\x7b\x91\x12\x85", 695); syz_mount_image(/*fs=*/0x2000000000c0, /*dir=*/0x200000000300, /*flags=*/0, /*opts=*/0x200000000ac0, /*chdir=*/5, /*size=*/0x2b7, /*img=*/0x200000000800); memcpy((void*)0x200000000100, "net_prio.prioidx\000", 17); syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000100ul, /*flags=*/0x275a, /*mode=*/0); syscall(__NR_getsockopt, /*fd=*/-1, /*level=*/0, /*optname=*/0x10, /*optval=*/0ul, /*optlen=*/0ul); memcpy((void*)0x200000000080, "./bus\000", 6); res = syscall(__NR_open, /*file=*/0x200000000080ul, /*flags=O_SYNC|O_NOCTTY|O_NOATIME|O_CREAT|FASYNC|0x2*/ 0x143142ul, /*mode=*/0ul); if (res != -1) r[1] = res; *(uint32_t*)0x200000000140 = 0; syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x40086602, /*arg=*/0x200000000140ul); *(uint64_t*)0x200000000100 = -1; *(uint64_t*)0x200000000108 = -1; syscall(__NR_setrlimit, /*res=RLIMIT_FSIZE*/ 1ul, /*rlim=*/0x200000000100ul); memcpy((void*)0x200000000040, "./bus\000", 6); res = syscall(__NR_creat, /*file=*/0x200000000040ul, /*mode=*/0ul); if (res != -1) r[2] = res; syscall(__NR_lseek, /*fd=*/r[2], /*offset=*/0x7ffffcul, /*whence=*/0ul); syscall(__NR_write, /*fd=*/r[2], /*data=*/0x2000000001c0ul, /*len=*/0xfd14ul); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/2ul, /*proto=*/0); if (res != -1) r[3] = res; *(uint16_t*)0x200000000000 = 0xa; *(uint16_t*)0x200000000002 = htobe16(0xe22); *(uint32_t*)0x200000000004 = htobe32(0); memset((void*)0x200000000008, 0, 16); *(uint32_t*)0x200000000018 = 0; syscall(__NR_bind, /*fd=*/r[3], /*addr=*/0x200000000000ul, /*addrlen=*/0x1cul); *(uint32_t*)0x200000000040 = 0; syscall(__NR_setsockopt, /*fd=*/r[3], /*level=*/0x11, /*optname=*/0x64, /*optval=*/0x200000000040ul, /*optlen=*/4ul); syscall(__NR_ftruncate, /*fd=*/r[1], /*len=*/0x2c451b81ul); memcpy((void*)0x200000000400, "./bus\000", 6); res = syscall(__NR_open, /*file=*/0x200000000400ul, /*flags=O_NOATIME|O_RDWR*/ 0x40002ul, /*mode=*/0ul); if (res != -1) r[4] = res; syscall(__NR_close, /*fd=*/r[2]); syscall(__NR_fallocate, /*fd=*/r[4], /*mode=FALLOC_FL_PUNCH_HOLE|FALLOC_FL_KEEP_SIZE*/ 3ul, /*off=*/0x802000ul, /*len=*/0x4010000bffeul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/2ul, /*proto=*/0x88); if (res != -1) r[5] = res; *(uint32_t*)0x200000000280 = 5; res = syscall(__NR_getsockopt, /*fd=*/r[5], /*level=*/1, /*optname=*/0x11, /*optval=*/0x200000000240ul, /*optlen=*/0x200000000280ul); if (res != -1) r[6] = *(uint32_t*)0x200000000244; *(uint32_t*)0x200000000080 = 0xe8; res = syscall(__NR_getsockopt, /*fd=*/r[5], /*level=*/0, /*optname=*/0x11, /*optval=*/0x200000000140ul, /*optlen=*/0x200000000080ul); if (res != -1) r[7] = *(uint32_t*)0x200000000174; syscall(__NR_setreuid, /*ruid=*/r[7], /*euid=*/r[6]); syscall(__NR_madvise, /*addr=*/0x200000ff9000ul, /*len=*/0xffffffffdf006ffful, /*advice=*/0ul); *(uint32_t*)0x200000000380 = 0x14; syscall(__NR_accept4, /*fd=*/r[0], /*peer=*/0x200000000340ul, /*peerlen=*/0x200000000380ul, /*flags=SOCK_NONBLOCK|0xe407305877c48183*/ 0xe407305877c48983ul); res = -1; res = syz_open_dev(/*dev=*/0xc, /*major=*/4, /*minor=*/1); if (res != -1) r[8] = res; *(uint64_t*)0x2000000021c0 = 0x200000000080; memcpy( (void*)0x200000000080, "\xee\xd6\x07\x05\x97\x03\xf2\xbc\xa1\xa2\xd2\x39\xe7\x9d\x8c\x1e\x95\xb6" "\x44\x99\x85\x74\xf6\x93\x60\x2d\xfc\xb8\x32\xcd\x60\x99\xd0\x3a\x7c\x7e" "\xa1\x05\x36\x1d\x2a\x09\x7a\x90\xcb\x0e\x87\x86\xbd\x0f\xf3\xc8\x4c\x72" "\x30\x40\x9d\x40\x12\x66\x21\x6c\xbe\x55\xe6\x9d\x7d\xa8\x9d\x96\xb7\x9a" "\xf5\x6b\xaa\x96\x46\xf0\x98\x6e\xf7\x46\x9b\xf3\x98\x90\xcb\x92\x41\xed" "\x47\x87\x58\xdc\xc8\xbe\xae\x60\xee\xed\x76\x0e\xd6\x2a\xf7\x8b\xa1\x91" "\xb5\xfd\xb9\xd4\x88\x82\x8f\x56\x2d\x84\x0f\x97\x15\x9f\x22\x4f\x4a\x9b" "\xea\xcb\x76\x15\x10\x18\x07\x26\x04\x6f\xfa\xa3\x1d\x70\xa4\xc5\x36\xe4" "\x81\xdf\xc1\xe0\x8d\xb2\x40\xee\x89\x67\xfc\x1b\x2f\xa7\x46\xa4\xec\x13" "\xdd\x24\xc1\xcf\xa2\x67\x79\x72\x5b\x99\x68\xb5\xc7\x55\x41\x87\xec\x1a" "\xc5\x11\xf5\xe2\x0c\x35\xd5\x6e\x9f\x41\xfb\x6c\xf0\xb0\x39\x7a\xd5\x84" "\xa9\x0b\x99\x68\xae\xbb\x94\x10\x31\x09\x90\x08\x2c\x02\x57\xaa\xc8\x98" "\x2f\x12\x1f\x3a\xa9\xdf\x9c\x22\xfc\xf5\x49\xb8\x4f\x46\x77\x2a\x27\xa5" "\x7e\x24\x86\x62\xbe\x3b\x7a\xe9\x10\x02\x04\xe8\xf7\x5d\xcd\x89\x11\xac" "\xdd\x37\x6b\x38\xb6\x42\xd1\xa9\x15\x11\x89\x4e\xda\x2f\x5f\xa5\xe6\xf7" "\xb2\xd1\x20\xd8\xba\x82\xb6\xa3\x93\x55\xbb\x4d\x13\xf2\x86\x88\xb4\xb0" "\x95\x6d\x7f\x7f\x7f\xb8\xbf\x06\x7a\xf6\x40\xc9\xed\x4a\x1c\x65\x73\xb9" "\x41\xb6\x41\x75\xe8\x7a\xa4\x16\x40\x52\xa9\xd9\x4e\xd8\x1f\x87\xec\x60" "\x69\xb8\x4c\x5a\xae\xf4\x67\xed\xba\xda\xbb\xe8\x45\xa7\xd7\x5a\xf3\x39" "\x99\x89\x9d\xfa\x88\x7c\x67\x00\x7e\x8c\xec\x6e\xad\x9f\x6c\xb3\xd2\xb5" "\x6d\xff\x0f\x3a\x0d\x06\xa7\x2d\x0c\x56\x0e\x31\x8a\xc4\x9c\x2f\xb6\x83" "\xb6\x4a\x51\x2f\x09\xcc\x3d\xc4\xe7\xdf\x6d\x58\xe3\x1b\x81\x63\x7d\x90" "\xe2\xf0\x12\x3f\xd0\x21\x42\x72\x3c\x97\x5e\x89\xb2\x96\x86\x57\x71\xa0" "\x93\x3e\x25\x91\x15\x82\x10\xe7\x93\x14\x32\x25\xf4\x67\x1b\x50\xc0\x2e" "\xfa\xa0\x32\xed\xfe\xf7\x93\x9a\x17\x75\x3f\x72\x43\x88\xa2\xd6\xba\x88" "\x21\xc3\xce\x4c\x40\x7a\xc7\x4d\x35\x1d\x35\x0c\xd2\xb9\x8a\x8a\x63\xdb" "\xb0\x0b\x7c\x68\x59\xb1\x1a\x64\x0e\x34\xa3\x38\x73\x63\x09\xe3\xc0\x80" "\x47\xf1\x80\x4b\x77\xdd\x13\x51\xa1\xfa\x66\xfe\x6b\x80\x59\xf9\xe6\x31" "\xfb\x44\xfa\xf6\xc4\xa2\xbd\xd7\x16\xd9\x3d\x66\x9d\xc1\x4d\xba\xa4\x2e" "\xf1\x28\x67\x1b\xba\x50\xc7\xcf\x25\x84\xea\x93\x0e\x1f\xfc\xb7\x11\x84" "\xe5\xa9\x29\xdb\xf7\xc7\xdb\xc0\x6d\x80\x4e\x6c\x1f\x53\x6a\x3a\x1b\x33" "\x6a\x7a\x55\x39\xa8\x87\x9c\xa4\xea\x3c\xbe\x4e\x25\x47\x22\xf4\x3f\x07" "\x08\x61\xd1\xd0\xdf\x18\xcb\xfc\xe8\x53\x84\x21\x34\x54\x7e\xd3\x7a\xd6" "\xc2\xd7\x57\xf7\x6f\x8a\x29\x94\x3d\x57\x38\xd5\xe7\xaa\xbf\x4c\xad\x6f" "\x5d\xe6\xf5\x3a\x2b\x6f\x33\x6f\x19\xf4\x1e\x14\x42\x31\x08\x32\x14\x62" "\x47\x33\xe3\x6a\xb7\x42\x08\x6d\x9f\x78\x68\x89\xd5\xaf\x36\xc0\xe2\xc6" "\xa7\x31\x14\x81\x58\xd8\xb6\xc6\xdb\x31\x8d\x33\x52\x9d\x98\x81\x5b\x93" "\xca\x9e\xfd\xa1\x46\xf8\xdc\x4e\xc9\xdf\x08\xf4\x32\x53\xf5\x5c\x2d\xcc" "\x48\x0a\x0e\x8b\x85\xc1\x84\xad\x13\xdb\x79\xd4\x01\x79\xad\x4c\x43\xe3" "\x0f\x6f\x8e\xe8\x8e\xa9\xfb\xd5\x22\x8b\x26\xb9\x07\xf4\x6f\xfc\x5c\x2b" "\x59\x4a\xde\x4f\x48\xde\xe4\x56\x1a\xe9\x9c\x7f\xb8\x1f\xd7\x49\xcf\x9a" "\xa3\x6a\x01\xb5\x7b\x77\x0b\x77\x21\xbf\x29\x44\x18\x24\x17\x35\x44\x97" "\x95\x01\x6e\xd0\x59\x7d\x66\xa6\x84\x5a\xf6\x8d\x0d\x44\x23\x2c\x4f\xfb" "\x61\x60\xa4\x57\xde\x63\xab\x8b\xf8\xfe\x5f\x02\xf4\x03\x77\x93\xa3\x59" "\xf0\x79\x9c\x90\x6a\x62\x87\xaa\x00\x00\x4a\xfa\x09\x94\x9e\xa7\x87\xaa" "\x73\xa6\x94\x16\xb3\xb9\xe3\x24\xca\x33\x6b\x35\x19\x7e\x7f\x3f\x8d\x14" "\x19\xb8\x56\x67\x6f\x9e\xf2\xf7\xce\x14\xce\x12\xe2\x3c\x72\xac\xa9\xe1" "\x2f\xba\xf1\x18\x63\xd5\xb9\xd7\x75\x99\x86\xfa\x00\x62\x59\x9f\x8c\x35" "\x16\x4b\x7f\xd7\xe9\xe1\x45\x49\xba\x88\x3a\x24\x4f\xea\xa6\x07\x82\x79" "\xcf\x64\x12\xf1\x3c\xb0\x88\x3f\x62\xba\xf7\xcd\xa4\xb4\x81\xc2\xb0\x88" "\xeb\xd3\x69\xc1\x2a\x24\x33\xa4\x8c\x24\xd3\x13\x31\xa9\x40\x16\x25\x1f" "\x3b\x86\xdd\xe8\x84\xbd\x5a\xa7\xb1\xd5\x4d\xc8\x92\xf6\xeb\x9f\xf8\x47" "\x76\xc3\x81\x84\x78\xb9\x8a\x8b\x9f\xb4\xa9\xbd\x18\xa2\x7e\xcf\x4e\x7d" "\xd9\x95\xcd\xc6\x96\xfb\xfa\x32\x60\xf1\x60\xe5\x90\xe6\xd3\x11\xb4\xba" "\x53\xeb\x11\x1c\xc6\x9c\x1a\x18\x6e\x98\x05\xd8\x0f\xdc\x03\x58\x24\x78" "\xc9\x9a\xef\x40\x29\x4c\xa7\x2b\xf9\x65\xba\x97\x7a\x7f\x6f\xca\x5f\xa8" "\x6a\x11\x0d\xe0\x02\x60\x3f\x2d\x0e\x92\xce\x93\x60\xbd\x83\x3d\xb6\x2c" "\xb8\x54\x7e\x28\x15\xa1\xf5\x4d\xe4\x81\xf7\x45\x88\xf1\x2e\x40\x31\x22" "\x23\xe3\x95\x79\xd5\xe3\xc9\x21\xeb\x4e\x62\xb2\x86\x80\xc6\xc3\x50\xb8" "\x0d\x6a\xa6\x25\x97\xd1\x9d\x3c\x1c\x12\x35\x64\xdb\xfa\x06\x86\xfd\xf8" "\x58\xa1\x0f\x81\xda\x38\x4e\x26\x1c\xed\x07\x8b\xb3\xb2\x26\x9a\xc9\xf6" "\x1c\xa0\x66\xbb\xb2\xbc\x65\xdb\x1f\x4b\xf1\xb4\x45\xca\x57\xdc\x32\x37" "\x4e\x67\xb9\x45\x93\x2f\x7f\x01\x96\x06\x92\x19\xc7\x77\x23\x67\x7d\x13" "\xef\x54\x05\x3b\xd0\x6a\x6b\xf7\x00\x41\x01\xcb\x0d\x1f\xce\x78\xc5\x9e" "\xce\x5e\x3a\x3c\xe4\x61\x5d\x5b\x03\xf2\x79\x7e\xed\x62\x48\xfa\xed\x2a" "\x49\x4c\x2c\xd5\x10\x28\x0f\x4f\x6b\x56\x99\xcc\x2c\xdb\x74\x03\x7a\x20" "\x2f\xf1\x1c\x24\xd9\x61\x09\xb8\x12\xd9\x7a\x2b\xab\x0f\xa0\xea\xed\x5b" "\x29\x21\xdb\xb3\x1b\xb9\x5a\x5f\x63\x4a\xd8\x4d\x23\x06\xa4\x0e\xdc\xaa" "\x3f\x81\xed\xf2\x89\xec\xda\xd9\x2c\x03\x64\x74\x54\xa7\x19\x74\x50\x8b" "\x53\xbc\x28\xf2\x63\x79\xa6\x9b\x4c\x51\xd9\x50\x5e\xac\x0a\x23\x5d\x5c" "\x31\xda\x3f\xa5\xcc\x7d\x74\x7c\xea\x40\xac\x54\xf8\x84\x35\x78\x21\xb6" "\xc3\x3c\xf6\x34\xf0\x16\xd5\x35\xb3\x34\x8a\x3b\x5e\x17\x9e\x6f\x48\x08" "\xfe\x3a\xda\xcb\x30\xf7\xfd\x17\x1a\xa2\x9a\x28\x65\x07\xb5\x16\xda\xbd" "\xea\x2d\xf7\x45\x6e\xbc\x32\xdd\xd8\x39\x1e\x47\x79\xbb\xfc\x65\xd0\x0e" "\xa1\x34\x0e\x27\x54\x43\xa4\x4f\xf1\x74\x85\xeb\xac\xd8\xcf\xdd\xb0\x82" "\xfe\x09\x6f\x7a\x61\x38\xc5\xf3\x5d\x66\x5b\x60\x85\x9d\x8c\x22\x82\x80" "\x17\x30\x9d\xa1\xfa\x5c\x48\xbf\x00\x88\x07\x6e\x46\x52\x15\xe9\x21\x35" "\x3f\xde\xc2\x46\x65\x18\x48\x88\x33\xf7\x94\x3a\x5f\x82\x93\x63\x07\x8d" "\xc9\x05\xbd\xf0\x54\x4f\x36\xd9\xff\x0a\x9e\x87\xec\x74\x71\xa2\x36\x81" "\x31\xa9\xc3\x99\x91\xa5\x72\xfd\xe0\xdc\x9b\x91\x07\x93\x36\x43\xc9\xb8" "\x99\xe0\x21\x18\x61\xfb\xe7\xf2\x64\x81\xfb\x15\x38\xc9\x86\x1d\xf4\xd8" "\xd8\x33\xf7\xa4\x8a\xa2\x1f\xd9\xc4\x62\x58\x9f\x0e\x90\x77\x2b\xe7\x89" "\xcb\x32\xa4\xe3\xaa\x16\xd8\x6a\xa4\x01\x67\xe5\xc4\xa8\xb1\x36\xf7\xe0" "\xbf\x65\xe9\xa1\x3c\xe5\xc0\x2e\xa0\x5c\x9b\xdc\x8b\x50\x48\xbd\x68\x43" "\x98\x84\x30\xe0\xe0\xfb\x06\x95\x22\xe7\xb2\x72\x70\x15\xd6\x3c\x94\x8f" "\xe1\xb8\x03\xe3\xb0\x8d\x6d\x5e\x73\x5f\x1b\xe2\x88\x23\x17\x7a\x08\xae" "\x31\xab\x41\x63\xf0\x9f\xf2\x09\xb8\x54\x05\x02\xb2\x64\xd1\x2b\xdd\x35" "\x6a\x43\x3b\x5f\x2c\x3b\xb0\xc0\xde\xd1\x28\xce\x5d\xed\x14\x76\x23\x7b" "\xb3\xf4\xd5\x58\xc5\xfc\x1e\x7e\x98\x36\x36\xfc\xb2\xe7\xe2\x69\xfb\x26" "\xb1\x78\x3a\x9a\x99\xc8\xbe\xcf\xc2\x14\x1a\x50\x1c\xf0\xfd\xba\xb9\xd1" "\x3d\xef\xb0\x0c\x9b\x3e\x0d\xc1\xf5\x48\x31\x13\x93\x14\xb5\x03\xc5\xa2" "\xc3\x77\xce\xfb\xb2\x95\xe6\x82\x4d\x77\x00\x32\xaa\x2b\x51\xdc\xcc\xea" "\xcd\xeb\x57\x2a\x2c\x25\xf9\xec\x99\x0e\x4b\x83\xaf\xa2\xa4\x06\xa7\x2a" "\x35\xa4\xca\xe6\x17\xf2\x54\x2f\x4a\x3d\x60\xfc\x02\xf6\x29\xfb\xf5\x4c" "\xda\x85\xa8\x4e\x97\xca\x24\x44\x57\x98\x97\xaa\xd3\xb7\x31\x6d\x4e\xe8" "\x00\x2f\x93\xb8\x2b\x13\xcd\xa7\xc5\x3e\xce\x97\xb9\x4a\x7c\xf1\x0f\x1a" "\x4c\x73\xda\x6f\x3a\x89\xbe\x51\x19\x42\x41\x42\x75\x47\xf3\x13\xcc\x47" "\x95\x53\x81\xcb\x74\xa5\xaf\xb7\x35\xa6\xe3\x69\x9f\x36\x43\xfe\xe5\x96" "\x98\x55\x3c\xc3\x58\x63\x1f\x2a\x47\x08\x28\x8d\x86\xe5\x29\xb8\x25\x58" "\xe5\x78\x93\x03\xdb\xc9\xad\x0d\xd7\x7a\x98\x9d\x07\xe1\x63\x8d\x39\xb0" "\x9e\x9e\x47\xf3\x91\x7e\x0f\x5b\x9d\x0e\x48\x61\xbb\x44\x04\x63\xd7\x33" "\x33\x63\x0e\x95\xf5\x1a\xb0\x13\xa6\x96\x17\x95\xfe\x44\x83\x9f\x57\x5a" "\x17\xb8\x0e\x96\x46\xa0\xd3\x80\xe2\xca\x35\x2e\x5c\x7c\x8a\x85\xe0\x78" "\xef\xca\x17\x00\x46\xaf\xa8\x23\xa9\x29\xa1\xf6\x92\x68\xd7\xf1\x8c\xae" "\xe6\x70\xa2\x9c\xb9\xe7\xee\x92\x4d\xf3\x48\xe3\xcb\xdd\x8c\x13\x24\xed" "\xd0\x8f\x07\xf1\x24\x3b\x48\xfa\x55\xab\x30\x3e\x51\x30\x4e\x6e\xdf\xe5" "\xfb\xc3\xb9\xde\x1a\x69\x24\x17\x9c\x9b\x99\x27\x34\xea\x5f\xa2\x71\xc0" "\x99\xfe\xc8\xa5\x24\x76\x72\xa6\xe0\xf5\x51\x69\x1d\xec\xb8\xbe\xc9\xf9" "\x49\x4c\x7a\x26\x19\x50\xd1\xc4\xcb\x24\x0c\xfa\xc0\x5e\x05\x72\x71\x8a" "\x33\xba\x40\x38\xec\x03\xaf\x1c\x68\xb0\x67\xda\x19\xaf\xda\x71\x58\x2c" "\xca\x97\xa8\x01\xb8\x9b\x27\x72\x66\xe2\x91\xe7\x74\x0e\x76\x7b\x91\xe1" "\x0a\x57\xa2\x80\x6a\x6f\xa9\x99\x0c\x51\xb5\x21\xd0\x0a\x47\x33\x38\x47" "\x63\x03\x21\x94\x5d\x1f\x53\x60\x1a\x21\x59\x6c\x28\x14\x13\x63\xcf\xd4" "\xa4\x57\x94\x78\x32\xd7\x54\x5f\xf6\x56\x6e\x10\xc1\xc1\x6d\xa8\xfe\x8a" "\xb4\x0d\x4a\x4a\xfa\x8f\x19\x13\x92\x33\x2a\xcb\x53\x71\xd1\xff\x86\xed" "\x2f\x58\x8a\x62\x01\xa0\x93\xa0\x0f\x86\x86\x84\x98\x14\x93\x60\x28\xae" "\x79\xaf\x9d\xd8\x64\x75\x7b\xb9\xc2\x61\x4a\x9e\x76\xd6\xfa\xe7\xe6\xc0" "\x84\x17\x88\xb7\x15\xaa\x73\xd2\xf0\x1c\x3d\x4b\x0d\xcd\xb3\x8c\x5c\x6b" "\x81\xe6\x0d\x12\xb1\xca\x72\xb6\xc4\x7f\x5f\x3e\xb8\x83\xaf\x96\x4b\x87" "\x7e\xfa\x0c\x5a\xcf\xbd\x7f\x41\x0a\x06\x0c\x56\xa1\x79\x8f\x0c\x40\x7c" "\xb3\x16\xf7\x88\xe3\x0c\xf3\xd6\x9f\x19\x25\x33\xe1\x9a\x81\x8c\x8f\x7a" "\xa9\x90\xa6\xd9\x94\xe2\xad\x77\x56\x38\x8e\xc0\x17\x4c\x1c\x0a\x42\x24" "\x9e\x90\x3f\x32\x35\xfe\xa2\xd6\x5d\x54\x0f\xdc\x1c\x03\xe1\x57\x86\x52" "\x87\x87\xc8\x0c\x61\x94\x76\x36\x41\xcf\x7f\x85\xf5\x49\xea\x70\x6a\xa1" "\xb0\x7e\x4b\x29\x03\x71\x4b\x7f\x17\x64\x20\x2e\x53\x2b\x52\xe7\xaa\x8c" "\x06\x3f\xae\x17\x0e\xa9\x33\x62\xc7\x79\x4f\x32\xcd\x5e\xd3\xcb\x39\xa2" "\xa1\x8a\xcd\xa3\x66\xed\x03\x1a\x11\x4e\x9f\xb4\x7b\xea\xc6\x9b\xf0\x5f" "\x25\x8d\x77\xad\x41\x81\x91\x60\x16\x7c\x5b\x0f\x6d\x34\xf1\xd0\x63\xab" "\x2e\xf3\x19\xfc\xef\x2c\x23\x05\x8f\x85\xcc\x45\x3f\x6e\x40\x54\x7a\x99" "\xbc\xcb\x31\x7a\x4c\x19\xe2\xb3\xd9\x95\x05\xa2\x4e\x77\x3f\x2e\xe1\x0b" "\x88\x44\x3f\x48\x9b\xcb\xa4\x76\xe7\x86\xb4\xdc\xce\x1c\xd8\x19\xe0\x08" "\x06\xd7\x66\xaf\x56\x80\x42\x04\xab\xbf\xb8\xa7\xf8\xe2\xf3\xb3\x99\x52" "\x4a\x06\xea\xcb\x20\xb1\x45\x9c\x8f\x9c\x8a\x15\x74\x23\xc4\xa0\xd1\x8e" "\x56\x09\x79\x59\x61\xa6\xb0\xb8\xac\xd6\x43\xfe\x30\xfd\xdd\x00\x77\x40" "\x14\x5a\xe3\x1b\x08\x55\xbb\x8b\x02\x83\xa4\xe1\x39\x40\xb9\xaf\x0f\x84" "\x27\xf0\x90\x59\xac\x0f\x1e\xe1\x50\x77\x75\xf6\x74\x3d\xeb\xef\x31\xc8" "\x2c\x63\xfa\x8c\x5a\xdb\x08\xf0\x5e\x38\xfc\x37\xb0\x7d\x8a\x2f\x4d\x62" "\xb9\xeb\x47\x48\xb9\xe0\x28\xc7\x66\x7a\xc8\xea\x03\xf6\x4c\xbe\x9f\x9a" "\x3e\x75\xe4\xd5\x7b\x11\xf0\x2c\x72\x02\x4a\x65\xbc\x4f\x14\xfd\x3a\x0e" "\xab\xb3\x9b\x06\x2a\x7c\x68\x54\xa2\x99\xee\xf7\x49\x1b\xf1\x0c\x09\x6c" "\x50\xcf\xa4\xa3\xda\x48\x3f\x42\x93\x92\x05\x38\x3a\xe8\x31\x96\x04\xf7" "\x42\xab\x49\x82\x80\x1f\x0c\x83\xda\xbb\xd9\xda\x48\xe8\x00\xf5\x10\xdf" "\xec\xc2\x24\xf0\xb1\x83\xa8\x01\xdf\x96\xd2\x87\x06\x8f\xca\xad\x6c\xdd" "\xd4\x12\xc7\x96\xa4\x81\xd6\x09\xdb\xfd\x77\xe8\xb2\x96\xdc\xe8\x6f\xf8" "\xef\xa1\x0b\x23\xae\xc2\x61\xc0\x27\x58\x2f\x6a\x77\x0f\xf9\xf0\xf7\xa9" "\x9d\x8b\xa4\x94\x95\xf4\x69\x6c\xd6\xec\xa9\x20\xce\x17\xe0\xf0\xb1\x35" "\x38\x33\x68\x20\xf8\xc0\x1c\x7e\x95\x55\x67\x7a\x94\x5c\xfe\x8c\x5b\x25" "\x8b\xee\xb2\x41\x5c\x58\xdc\xe1\x73\xb3\x45\x8e\x27\x3e\x23\xbf\x6e\xbe" "\x2f\xea\xa2\xe9\x3d\xa4\x24\xb5\x18\x81\xb7\x32\xc4\x73\x56\xbb\x60\xde" "\xa0\x0a\xe1\x24\xe1\x6a\xa0\xa0\x6a\x4f\xeb\x2a\x32\x1e\x91\xd7\x18\x1d" "\x25\x8a\x3e\xe9\x52\xda\xf8\x23\xe5\x18\xc9\x36\x37\xfa\x0e\xfc\xf5\x01" "\x9a\xa4\x9a\x1c\x7f\x38\xd7\x68\xa9\xbb\x7d\xbb\xa3\x7e\x1e\xbe\x90\x3b" "\xf9\xbf\x19\x7e\x6b\xa7\x87\x72\x64\xd8\x5e\xb2\x01\x46\xe5\x10\x50\x1c" "\x7c\x1e\xdb\x48\x7c\xf1\x2b\x1d\x8a\x7f\x39\xb2\x7f\xfd\x7c\xb4\xd8\xf8" "\x09\x2e\xe5\x4a\xcd\xc1\x39\x0b\x17\xea\xe1\x31\x14\x97\x87\xf0\xf5\x85" "\xef\xb6\xe3\xa7\x07\x32\x63\xf2\x95\x5c\x4d\xd6\xb6\xa4\xc9\x79\x1a\x66" "\x94\xa6\xce\x9f\x00\x59\x5e\x9c\x22\xed\xda\x61\x0d\x60\x62\x11\xf5\x62" "\x8a\x87\x16\x2d\x92\xa3\x75\xa7\xcd\x92\x71\x4a\x37\x83\x06\x52\xb9\xcd" "\x1f\xb8\x5d\xeb\x77\xe8\xc4\xf7\xac\x28\xf0\x86\x8a\x7e\x27\x61\xae\xeb" "\x91\xa3\x5a\xb7\x1b\x5a\x55\x7c\x21\x35\x8c\x60\xfb\xd0\xf5\x44\xb2\x60" "\xde\xfb\xc3\xae\xda\x44\x48\x11\xdf\x2f\x08\xc7\x4c\xcf\xad\x45\xc4\x21" "\x71\x42\x95\x4f\xaf\xc4\x2f\x66\xf4\x0d\x4e\xf9\x00\x95\x6e\xad\x58\xee" "\xb8\x7e\x2b\x1a\x74\x7f\x86\x9b\xc7\x1c\x36\xed\x4c\x01\x5a\x59\xb9\x6f" "\xd8\x50\x72\x09\x80\xa7\x8b\x8b\x1b\x63", 2944); *(uint64_t*)0x2000000021c8 = 0xb80; syscall(__NR_writev, /*fd=*/r[8], /*vec=*/0x2000000021c0ul, /*vlen=*/1ul); syscall(__NR_msgget, /*key=*/0x798e2636ul, /*flags=*/9ul); memcpy((void*)0x200000000000, "/dev/sr0\000", 9); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=O_NONBLOCK*/ 0x800, /*mode=*/0); if (res != -1) r[9] = res; res = syscall(__NR_socket, /*domain=AF_NETLINK*/ 0x10ul, /*type=SOCK_RAW*/ 3ul, /*proto=*/0); if (res != -1) r[10] = res; *(uint64_t*)0x200000000000 = 0; *(uint32_t*)0x200000000008 = 0; *(uint64_t*)0x200000000010 = 0x200000000080; *(uint64_t*)0x200000000080 = 0x2000000002c0; memcpy((void*)0x2000000002c0, "\x1c\x00\x00\x00\x31\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a" "\x00\x00\x00\x08\x00\x01", 23); *(uint64_t*)0x200000000088 = 0x1c; *(uint64_t*)0x200000000018 = 1; *(uint64_t*)0x200000000020 = 0; *(uint64_t*)0x200000000028 = 0; *(uint32_t*)0x200000000030 = 0; syscall(__NR_sendmsg, /*fd=*/r[10], /*msg=*/0x200000000000ul, /*f=*/0ul); syscall(__NR_ioctl, /*fd=*/r[9], /*cmd=*/0x1279, /*arg=*/0ul); syscall(__NR_shmget, /*key=*/0ul, /*size=*/0xfffffffffefffffful, /*flags=*/0ul, /*unused=*/0x200000ffc000ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0); if (res != -1) r[11] = res; memcpy((void*)0x2000000060c0, "/dev/sg#\000", 9); res = -1; res = syz_open_dev(/*dev=*/0x2000000060c0, /*id=*/0, /*flags=*/0); if (res != -1) r[12] = res; *(uint8_t*)0x200000000040 = 0; syscall(__NR_prctl, /*option=*/0x3bul, /*mode=*/1ul, /*offset=*/0ul, /*len=*/0ul, /*selector=*/0x200000000040ul); syscall(__NR_recvmsg, /*fd=*/-1, /*msg=*/0ul, /*f=*/0ul, 0); *(uint16_t*)0x200000000000 = 0xa; *(uint16_t*)0x200000000002 = htobe16(0); *(uint32_t*)0x200000000004 = htobe32(0); memset((void*)0x200000000008, 0, 16); *(uint32_t*)0x200000000018 = 0; syscall(__NR_bind, /*fd=*/-1, /*addr=*/0x200000000000ul, /*addrlen=*/0x1cul); memcpy((void*)0x200000000000, "./file0\000", 8); syscall(__NR_mkdirat, /*fd=*/0xffffff9c, /*path=*/0x200000000000ul, /*mode=*/0ul); memcpy((void*)0x200000000180, "./file0\000", 8); res = syscall(__NR_creat, /*file=*/0x200000000180ul, /*mode=*/0ul); if (res != -1) r[13] = res; memcpy((void*)0x200000000000, "./file0\000", 8); memcpy((void*)0x200000000040, "9p\000", 3); memcpy((void*)0x2000000001c0, "trans=fd,", 9); memcpy((void*)0x2000000001c9, "rfdno", 5); *(uint8_t*)0x2000000001ce = 0x3d; sprintf((char*)0x2000000001cf, "0x%016llx", (long long)r[13]); *(uint8_t*)0x2000000001e1 = 0x2c; memcpy((void*)0x2000000001e2, "wfdno", 5); *(uint8_t*)0x2000000001e7 = 0x3d; sprintf((char*)0x2000000001e8, "0x%016llx", (long long)r[13]); *(uint8_t*)0x2000000001fa = 0x2c; *(uint8_t*)0x2000000001fb = 0; syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000000ul, /*type=*/0x200000000040ul, /*flags=*/0ul, /*opts=*/0x2000000001c0ul); memcpy((void*)0x20000001c000, "./file0\000", 8); memcpy((void*)0x200000000b80, "configfs\000", 9); syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x20000001c000ul, /*type=*/0x200000000b80ul, /*flags=*/0ul, /*data=*/0ul); memcpy((void*)0x200000000040, "./file0\000", 8); syscall(__NR_lchown, /*file=*/0x200000000040ul, /*uid=*/0, /*gid=*/-1); res = syscall(__NR_fcntl, /*fd=*/r[12], /*cmd=*/0ul, /*arg=*/r[12]); if (res != -1) r[14] = res; syscall(__NR_ioctl, /*fd=*/r[14], /*cmd=*/0x2282, /*arg=*/0x200000000000ul); *(uint64_t*)0x2000000003c0 = 0x200000000180; memcpy((void*)0x200000000180, "\x39\x00\x00\x00\x13\x00\x03\x47\x00\xbb\x65\xe1\xc3\xe4\xff\xff\x01" "\x00\x00\x00\x01\x00\x00\x00\x56\x00\x00\x00\x25\x00\x00\x00\x19\x00" "\x04\x00\x04\x00\x00\x00\x07\xfd\x17\xe5\xff\xff\x08\x00\x04\x00\x00" "\x00\x00\x00\x00\x00\x00", 57); *(uint64_t*)0x2000000003c8 = 0x39; syscall(__NR_writev, /*fd=*/r[11], /*vec=*/0x2000000003c0ul, /*vlen=*/0x10000000000002a5ul); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0); if (res != -1) r[15] = res; syscall(__NR_fcntl, /*fd=*/-1, /*cmd=*/8ul, /*pid=*/-1); syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10); *(uint16_t*)0x200000000000 = 0xa; *(uint16_t*)0x200000000002 = htobe16(2); *(uint32_t*)0x200000000004 = htobe32(0); memset((void*)0x200000000008, 0, 16); *(uint32_t*)0x200000000018 = 0; syscall(__NR_bind, /*fd=*/r[15], /*addr=*/0x200000000000ul, /*addrlen=*/0x1cul); *(uint16_t*)0x200000b63fe4 = 0xa; *(uint16_t*)0x200000b63fe6 = htobe16(2); *(uint32_t*)0x200000b63fe8 = htobe32(0); *(uint64_t*)0x200000b63fec = htobe64(0); *(uint64_t*)0x200000b63ff4 = htobe64(1); *(uint32_t*)0x200000b63ffc = 0; syscall( __NR_sendto, /*fd=*/r[15], /*buf=*/0ul, /*len=*/0x1eul, /*f=MSG_FASTOPEN|MSG_PROBE|MSG_OOB|MSG_NOSIGNAL|MSG_MORE|MSG_DONTWAIT|0x2000800*/ 0x2200c851ul, /*addr=*/0x200000b63fe4ul, /*addrlen=*/0x1cul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/6); if (res != -1) r[16] = res; *(uint64_t*)0x200000000200 = 0; *(uint32_t*)0x200000000208 = 0; *(uint64_t*)0x200000000210 = 0x2000000001c0; *(uint64_t*)0x2000000001c0 = 0x200000000240; *(uint32_t*)0x200000000240 = 0xb8; *(uint16_t*)0x200000000244 = 0x19; *(uint16_t*)0x200000000246 = 1; *(uint32_t*)0x200000000248 = 0; *(uint32_t*)0x20000000024c = 0; *(uint32_t*)0x200000000250 = htobe32(0x7f000001); memset((void*)0x200000000260, 0, 16); *(uint16_t*)0x200000000270 = htobe16(0); *(uint16_t*)0x200000000272 = htobe16(0); *(uint16_t*)0x200000000274 = htobe16(0); *(uint16_t*)0x200000000276 = htobe16(0); *(uint16_t*)0x200000000278 = 0; *(uint8_t*)0x20000000027a = 0; *(uint8_t*)0x20000000027b = 0; *(uint8_t*)0x20000000027c = 0; *(uint32_t*)0x200000000280 = 0; *(uint32_t*)0x200000000284 = -1; *(uint64_t*)0x200000000288 = 0; *(uint64_t*)0x200000000290 = 0; *(uint64_t*)0x200000000298 = 0; *(uint64_t*)0x2000000002a0 = 0; *(uint64_t*)0x2000000002a8 = 0; *(uint64_t*)0x2000000002b0 = 0; *(uint64_t*)0x2000000002b8 = 0; *(uint64_t*)0x2000000002c0 = 0; *(uint64_t*)0x2000000002c8 = 0; *(uint64_t*)0x2000000002d0 = 0; *(uint64_t*)0x2000000002d8 = 0; *(uint64_t*)0x2000000002e0 = 0; *(uint32_t*)0x2000000002e8 = 0; *(uint32_t*)0x2000000002ec = 0; *(uint8_t*)0x2000000002f0 = 0; *(uint8_t*)0x2000000002f1 = 0; *(uint8_t*)0x2000000002f2 = 0; *(uint8_t*)0x2000000002f3 = 0; *(uint64_t*)0x2000000001c8 = 0xb8; *(uint64_t*)0x200000000218 = 1; *(uint64_t*)0x200000000220 = 0; *(uint64_t*)0x200000000228 = 0; *(uint32_t*)0x200000000230 = 0; syscall(__NR_sendmsg, /*fd=*/r[16], /*msg=*/0x200000000200ul, /*f=*/0ul); memcpy( (void*)0x200000000080, "\x44\xf9\xb1\x08\xb1\xcd\xc8\x85\xc9\xc5\x33\xd2\x1f\x47\x4b\xec\x8b\xfe" "\xf1\xdf\x1e\x2d\xa7\x1e\x57\x8d\xc6\xb9\x1d\x09\xf7\xab\x15\x37\x85\x71" "\xd8\xe2\x75\x46\x09\x00\x11\x00\x6e\x75\x43\x69\x14\xab\x71\x75\x28\xee" "\x4b\x7a\x9b\xea\xf9\x08\xd1\x11\x37\xc1\x19\x03\x06\x4e\x83\xb4\x95\x1f" "\x4d\x43\x3a\x54\x04\x97\x0c\x85\xd9\x2d\x70\x83\xfd\x38\x84\x4c\xbb\x0c" "\x6c\x5e\xb5\x08\xdd\xc2\xdc\x7a\x59\x0a\xa7\x94\x1b\x1e\x9e\xeb\x5a\x68" "\x81\x38\xde\xa0\x9b\x77\x6c\xbf\xa7\x84\xcb\xf5\x50\xbf\x30\x74\xfb\x0d" "\x77\x5d\xa4\xdf\x5a\x3f\x48\xbb\xdf\x45\x2e\xeb\x6b\x92\x3d\xa9\xd0\xe2" "\x5b\x80\xf7\x6a\x87\x36\x64\xb5\x75\x34\x44\xfe\x05\xf3\x3e\x5f\x91\x04" "\x55\x40\x83\x6c\x3c\xd6\xaf\x10\xf0\xcd\x01\x8f\x0c\x6f\x57\xf9\x26\xac" "\x95\x9a\x56\x28\xc4\x50\x88\xfb\xe0\xc8\x7f\xbe\x6c\xbc\xda\x46\x62\xd2" "\xa1\x2f\x6d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 215); syscall(__NR_sendto, /*fd=*/r[15], /*buf=*/0x200000000080ul, /*len=*/0xd7ul, /*f=MSG_FASTOPEN|MSG_OOB|MSG_DONTWAIT|MSG_CONFIRM*/ 0x20000841ul, /*addr=*/0ul, /*addrlen=*/0ul); memcpy((void*)0x200000000000, "vfat\000", 5); memcpy((void*)0x200000000300, "./file0\000", 8); memcpy( (void*)0x200000000800, "\x78\x9c\xec\xdc\xcb\x6b\x13\x5f\x14\xc0\xf1\xd3\xf4\x95\xa6\xb4\xc9\xe2" "\xc7\x4f\x14\xa4\x07\xdd\xe8\x66\x68\xa3\x6b\x31\x48\x0b\x62\xc0\x52\x1b" "\xf1\x01\xc2\xb4\x9d\x68\xc8\x98\x94\x4c\xa8\x44\xc4\xea\xca\xad\xf8\x47" "\xb8\x28\x5d\x76\x57\xd0\xfe\x03\xdd\xb8\xd3\x8d\x1b\x77\xdd\x08\x2e\xec" "\x42\x1c\xc9\x3c\xfa\x4c\x69\x69\x9b\x4c\xdb\x7c\x3f\x10\xee\x4d\xee\x3d" "\x33\xf7\x4e\x26\xe1\xdc\x21\x93\xb5\x07\xef\x9f\x17\xf3\x8e\x91\x37\xab" "\x12\x8b\xab\x74\x88\x88\xac\x8b\xa4\x24\x26\xa1\x8e\xa0\x8c\x79\xf5\x1e" "\xd9\xea\x8d\x5c\xed\xff\xf5\xf5\xe2\xbd\x87\x8f\xee\x64\xb2\xd9\xd1\x09" "\xd5\xb1\xcc\xe4\xb5\xb4\xaa\x0e\x0e\x7d\x7a\xf1\xaa\x2f\xe8\xb6\xdc\x2b" "\xab\xa9\x27\x6b\x3f\xd3\x3f\x56\xff\x5f\x3d\xbf\xf6\x77\xf2\x59\xc1\xd1" "\x82\xa3\xa5\x72\x55\x4d\x9d\x2a\x7f\xaf\x9a\x53\xb6\xa5\x33\x05\xa7\x68" "\xa8\x8e\xdb\x96\xe9\x58\x5a\x28\x39\x56\xc5\x6f\x2f\xfb\xed\x79\xbb\x3c" "\x3b\x5b\x53\xb3\x34\x33\x90\x98\xad\x58\x8e\xa3\x66\xa9\xa6\x45\xab\xa6" "\xd5\xb2\x56\x2b\x35\x35\x9f\x9a\x85\x92\x1a\x86\xa1\x03\x09\xc1\x7e\x72" "\x0b\x13\x13\x66\xe6\x90\xc1\xd3\xc7\x3c\x18\x34\x49\xa5\x92\x31\x3b\x45" "\xa4\x6f\x57\x4b\x6e\x21\x92\x01\x01\x00\x80\x48\xed\xcc\xff\x63\xf5\x94" "\xfe\xf8\xf2\xff\xc5\x4b\x2b\xd5\xfe\xfb\x4b\x83\x41\xfe\xbf\xdc\xd3\x28" "\xff\xbf\xfe\xcd\xdf\xd6\xb6\xfc\x3f\x2e\x22\x4d\xcf\xff\x77\x67\x44\xed" "\xe5\x48\xf9\x3f\x4e\x89\x7a\xfe\x9f\x08\x3e\xbf\x9e\xb7\x8f\x17\x87\xbd" "\x0a\xf9\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\xa7\xc1\xba\xeb\x26\x5d\xd7\x4d\x86\x65\xf8\xe8\x15\x91\xb8\x88" "\x84\xcf\xa3\x1e\x27\x9a\x83\xf7\xbf\xbd\x6d\xde\xb8\xd7\x35\x28\x62\xbf" "\x9b\xcb\xcd\xe5\xfc\x32\xe8\xb0\x22\x22\xb6\x58\x32\x2c\x49\xf9\xe3\x9d" "\x0f\x81\x7a\x3d\xbc\x17\x50\xeb\x52\xf2\xd9\x9e\x0f\xe2\xe7\xe7\x72\x9d" "\x5e\x4b\x26\x2f\x05\x2f\x7e\x44\x92\x92\xda\x19\xef\xba\x63\xb7\xb3\xa3" "\x23\xea\xdb\x1e\xdf\x2d\x89\xad\xf1\x69\x49\xca\x7f\x8d\xe3\xd3\x0d\xe3" "\x7b\xe4\xca\xe5\x2d\xf1\x86\x24\xe5\xcb\xb4\x94\xc5\x96\x19\xef\xbc\xde" "\x8c\x7f\x3d\xa2\x7a\xeb\x6e\x76\x47\x7c\x9f\xd7\x0f\x00\x00\x00\x00\x80" "\xb3\xc0\xd0\x0d\x0d\xd7\xef\x86\xb1\x57\xbb\x1f\xbf\xb1\xbe\x6e\x78\x7d" "\xc0\x5f\x5f\x0f\x37\x5c\x9f\x77\xc9\x85\xae\x68\xe7\x0e\x00\x00\x00\x00" "\x40\xbb\x70\x6a\x2f\x8b\xa6\x6d\x5b\x95\x33\x57\x09\x67\x78\xd0\xa8\xf0" "\xb7\x0c\x91\x8c\x39\xdc\xf9\xc9\x38\x74\x07\xa8\xc4\x0e\x35\xd4\x21\x11" "\xb1\xf5\xa8\x7b\x0f\x2f\x1b\xed\xd5\x47\xc6\xa3\x3a\x2c\xe7\x3e\x7c\xfc" "\x7d\x7c\x1b\xbc\xb1\x14\xdf\x67\xa6\x4d\xab\x74\xb7\xf6\x5b\x08\x00\x00" "\x00\x40\x2b\x6c\x26\xfd\xe1\x2b\x37\xa3\x1d\x10\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6d" "\xa8\x15\x7f\x27\x16\xf5\x1c\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x93" "\xe2\x5f\x00\x00\x00\xff\xff\x7b\x91\x12\x85", 695); syz_mount_image(/*fs=*/0x200000000000, /*dir=*/0x200000000300, /*flags=*/0, /*opts=*/0x200000000ac0, /*chdir=*/0x45, /*size=*/0x2b7, /*img=*/0x200000000800); memcpy((void*)0x200000000000, ".\000", 2); res = syscall(__NR_fspick, /*dfd=*/0xffffff9c, /*path=*/0x200000000000ul, /*flags=*/0ul); if (res != -1) r[17] = res; memcpy((void*)0x2000000006c0, "posixacl\000", 9); syscall(__NR_fsconfig, /*fd=*/r[17], /*cmd=*/0ul, /*key=*/0x2000000006c0ul, /*value=*/0ul, /*aux=*/0ul); res = -1; res = syz_genetlink_get_family_id(/*name=*/0, /*fd=*/-1); if (res != -1) r[18] = res; memcpy((void*)0x200000000000, "./file0\000", 8); res = syscall(__NR_open, /*file=*/0x200000000000ul, /*flags=O_NONBLOCK|O_DIRECT|O_RDWR*/ 0x4802ul, /*mode=*/0ul); if (res != -1) r[19] = res; memcpy( (void*)0x200000000600, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34" "\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb" "\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4" "\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8" "\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d" "\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22\x20\xff\x26\x23\xdf\x49\x50\x13" "\x4b\x9f\xb7\x34\xa5\x2a\xda\xd9\x5f\x13\x1c\xce\x36\x72\xa9\xd7\xd7\xb4" "\x00\xd2\xc6\x28\x10\xb5\xf2\x03\x51\x63\x93\x30\x94\x81\x07\xbf\x8d\x45" "\x34\xa0\x3a\xc3\x89\x45\x5c\x54\xd8\xeb\x4d\x60\x9b\x3e\x85\x8b\x72\x13" "\xb3\x8e\xb0\x1f\x0e\xea\xba\x37\x39\xae\x92\x79\x16\xe2\x8d\xa6\xa7\x9a" "\x3f\xd5\xe3\x2d\x30\xab\x30\xbf\x95\x9d\x45\x96\xe5\xff\xbf\xf6\x78\x9a" "\x65\x0b\x9e\x7d\x24\x8d\x1b\xa8\x68\x01\x23\x36\xa4\xf3\xef\x8f\xab\x07" "\xa8\xf5\xb8\x1b\xb0\xbc\x45\xb2\x17\x45\x38\x31\x5c\xa1\x2b\x7c\x72\x3b" "\x21\x57\x56\x25\x64\xa8\xa1\xf1\x9d\x28\x17\x9f\x8c\x56\x54\x48\xe0\xe9" "\x21\xb8\xc3\xe6\xfc\x4a\xda\xaf\xa8\xb9\x29\xad\x07\x7f\x63\x33\x25\xb6" "\xa6\xf7\x1a\x58\x6c\xab\xc4\x88\x3e\x03\xe1\x93\x15\xf9\x46\xb2\x77\x85" "\x85\x93\xa7\x36\x7e\x23\x22\x02\xfe\x9a\xd6\x56\xc6\x76\x8a\x15\x17\xda" "\x7f\x04\x98\xb4\x8c\xb0\x78\xe9\x29\xfb\x11\xdb\x0c\xc5\x51\xf7\x54\xbf" "\xfc\x48\x59\xdd\x89\xa3\x96\x91\x5c\xc8\x09\xb0\x7d\x44\x85\x73\x09\x84" "\x09\xea\x21\x37\x10\x56\xf6\x7e\xf4\x11\x4e\xc1\x05\x47\xf4\x98\xd2\x45" "\x13\xfe\x59\x43\x08\xbf\x02\x28\x68\xad\x21\xe8\x5b\xba\x81\x19\x42\xfd" "\xc4\x51\x61\xa1\xa8\xa7\xfe\x00\xd5\xc6\xb0\x5e\xd7\x95\x4f\x63\x1b\xbd" "\x12\xa5\xc9\xa5\xcf\xa5\x96\x5e\x05\x95\xde\x60\x8b\x04\xeb\xe0\x2b\x3f" "\xcb\xf3\xb9\xf5\x78\x07\xa1\xa7\xad\x85\x28\x99\x2e\x2e\xc6\x59\x49\xda" "\x2f\x4a\x04\x78\xdf\xd3\xae\x52\x63\x9c\x15\xd8\xae\xaa\x35\x1d\xa6\xd3" "\x93\xb5\x8c\x77\x21\x68\xfa\xe6\x04\xd0\x97\xfe\xf4\xd6\xb9\x36\x0e\xb1" "\x69\xa0\xb0\xee\x70\xcd\xc2\x24\x35\xa0\x03\xe6\x86\x98\xf6\x1b\x3b\x63" "\xb1\xf5\x10\x11\xbc\x8f\x4e\xf9\x44\xc1\xde\x82\x17\x85\xf6\x70\x12\x4a" "\x1c\x6e\xd1\x83\x35\xd6\x34\x12", 512); syscall(__NR_write, /*fd=*/r[19], /*buf=*/0x200000000600ul, /*count=*/0x200ul); memcpy((void*)0x200000001240, "iso9660\000", 8); memcpy((void*)0x200000001280, "./file0\000", 8); *(uint8_t*)0x200000000740 = 0; memcpy( (void*)0x2000000047c0, "\x78\x9c\xec\xdd\x6b\x70\xdc\x57\x7d\xf0\xf1\xdf\x7f\x7d\x53\x1c\x08\x0e" "\x21\x17\x12\xf3\xb0\x71\x12\x48\x42\xe2\x48\x72\x62\xc7\x24\x5c\x14\x69" "\x65\x6f\x22\x69\x85\x56\x0a\x31\xb7\xe0\xc4\xb2\x11\x91\xed\x60\x87\x40" "\xcc\x25\x09\x97\x00\xcf\xc3\xe5\x01\x9e\xa7\xf7\x0b\xb4\x85\xba\xb4\x25" "\xa5\x14\x5a\x66\x3a\x9d\xe9\xbb\xb6\x2f\xfa\x02\x3a\xc3\x8b\xbe\x6e\x3a" "\xd3\x19\x06\xd3\x0b\xbd\x70\x49\xe7\xec\x1e\xc9\x8a\x13\x5b\x4e\x6c\x59" "\xae\xcf\xe7\xe3\x81\x5d\x4b\x67\xf7\x7f\xfe\xc2\xe8\xbb\x67\xb5\xda\x13" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x54\x83\x43\xbd" "\xbd\x7d\x55\x8c\x34\xc7\xa6\xee\xa9\x1f\xdf\xe0\xd0\x44\x6b\xf4\x04\x9f" "\x9f\xbb\xbf\xef\x54\x9d\x7b\xfd\xce\xa2\xc7\x8d\xa8\xd2\x7f\xa2\xa7\x27" "\x2e\xeb\x7e\xe8\xb2\x17\x57\xf3\x9f\x7d\x49\xfa\xef\x0d\x71\x71\xf7\xde" "\x2e\x8e\x9e\x74\xd9\x13\x87\xce\xbf\x64\xdd\x6d\x17\xad\xac\xcd\xdd\xfe" "\x04\x13\x3a\x23\x0e\x3e\x72\xe8\x81\x9d\xb3\xb3\xd3\x07\x96\x7b\x22\xcb" "\x64\x5b\x63\xac\xd9\x6e\x35\x47\x07\xb6\x35\xea\xcd\x76\xab\xbe\x75\xf3" "\xe6\xde\x9b\xb6\x0f\xb7\xeb\xc3\xcd\x91\x46\x7b\x47\x7b\xb2\x31\x5a\x1f" "\x9c\x68\x0c\x4c\xb6\x26\xea\xd7\x0e\x5e\x57\xef\xdb\xba\x75\x53\xbd\xb1" "\x71\x47\x6b\x6a\x6c\xdb\xd0\xc0\x48\x63\xee\x83\x5b\x6e\xec\xef\xed\xdd" "\x5c\xbf\x73\xe3\x78\x63\x60\xa2\xdd\x1a\xbb\xe9\xce\x8d\xed\xc1\xed\xcd" "\x91\x91\xe6\xd8\xb6\xce\x98\xf4\xe9\x34\x66\x4b\xfa\x87\x78\x57\x73\xb2" "\x3e\xd9\x18\x18\xad\xd7\x77\xcf\xcc\x4e\x6f\x5a\x6c\x92\x69\x50\xdf\xc9" "\x0c\xea\x5f\x6c\x50\x7f\x6f\x7f\x7f\x5f\x5f\x7f\x7f\xdf\xe6\x5b\xb6\xde" "\xb2\xa5\xb7\x77\xe5\xb3\x3e\xd0\x7b\x8c\x78\xd6\x88\xe5\xff\x47\xcb\xf2" "\x5a\x92\xef\xe3\xf0\x42\xd4\x72\xff\x63\x24\x9a\x31\x16\x53\x71\x4f\xd4" "\x9f\xf3\xcf\x60\x0c\xc5\x44\xb4\x62\xf4\x38\x9f\xcf\xe6\xfa\x7f\x4d\x75" "\xe2\xe3\x2e\xec\xff\xfa\xee\x87\xd6\x5f\x78\xb4\xff\x17\x45\xa7\xff\x97" "\x76\xef\xed\xd2\xe3\xf5\xff\x38\x73\x39\x73\x7f\x0e\xc6\x23\x71\x28\x1e" "\x88\x9d\x31\x1b\xb3\x31\x1d\x07\x96\x7d\x46\x67\xf6\xcf\xb6\x68\xc4\x58" "\x34\xa3\x1d\xad\x68\xc6\x68\x0c\x74\x3e\x52\xcf\x1f\xa9\xc7\xd6\xd8\x1c" "\x9b\xa3\x37\xee\x8d\xed\x31\x1c\xed\xa8\xc7\x70\x34\x63\x24\x1a\xd1\x8e" "\x1d\xd1\x8e\xc9\x68\x74\xfe\x45\x0d\xc6\x44\x34\x62\x20\x26\xa3\x15\x13" "\x51\x8f\x6b\x63\x30\xae\x8b\x7a\xf4\xc5\xd6\xd8\x1a\x9b\xa2\x1e\x8d\xd8" "\x18\x3b\xa2\x15\x53\x31\x16\xdb\x62\x28\x06\x3a\xf7\xb2\x3b\x66\x3a\x5f" "\xf7\x4d\x27\x98\xe3\xfc\xa0\xbe\x93\x19\xd4\x7f\x82\x41\xdd\x98\xaf\xc8" "\xff\x48\xf5\x9f\x17\x62\x09\xbe\x8b\xc3\x0b\xf3\xf4\x5c\xff\x01\x80\x72" "\xdc\xd1\x18\xd0\x7f\x00\x28\xcc\x58\x7b\xa2\xb7\x5f\xff\x01\xa0\x28\x93" "\xd6\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x70\xba\x55\x51\x8b\xde\x88\xf8\xd6\x9e\x23\xd5\xc2" "\x9d\x29\x7b\x3a\x1b\xfe\x1f\xf7\x66\xab\xab\xce\x2d\x6b\x51\x75\xf7\xf2" "\x8d\x9e\xcd\x9b\xb6\x0c\x0e\xf7\x0d\x0f\xf5\xf6\xf6\xf6\xf6\x6d\x19\xec" "\x3b\x23\xb3\x9f\x77\x61\xb4\xda\x93\x03\xf5\xc1\xfd\x7b\x1f\x3c\x30\x7d" "\xf0\xe0\xf4\xae\xfa\xd4\xbe\x99\xfb\xf7\xef\x9a\x3e\xe9\x7b\x38\xd5\xdb" "\x3f\x4f\xb7\xaf\x7b\x6a\xcd\xf9\x97\xac\xbb\x6d\x6b\xfa\xcb\xf5\x7b\xa6" "\xf7\xcd\x1c\xdc\x3f\xb3\x77\xe7\x9e\x25\x3b\x20\x00\x2c\xb0\x32\x6a\xf1" "\x54\x44\xbc\xf2\xc9\x23\xd5\x95\xb9\xe5\x71\xfd\xd4\xd0\x70\x7d\xe4\xee" "\x7a\x73\xdf\xee\xfd\x0b\xc6\xd6\xe6\xb6\x09\x38\xc5\x56\x2e\xf2\xd8\x62" "\xa9\xad\x3e\xa3\x47\xd3\x76\x00\xce\x42\xab\xa2\x16\xf7\x45\xc4\xe1\x2f" "\x1d\xa9\x36\xa4\xc6\xe7\xc7\x00\xb5\xd7\x74\x36\x06\x5c\xee\xe9\x1d\x57" "\xe7\x79\x87\x2a\x22\xcd\x59\x63\x01\xe0\xf9\x59\x1d\xb5\x68\x45\xc4\xae" "\x0b\xbf\x5e\x5d\x15\x11\x2b\xe2\x1c\x58\xdf\xf7\xa4\xc7\x04\x9d\x93\x98" "\x1a\x1a\xee\x9c\xc8\xec\xcc\xce\x7d\x0f\x45\xe7\x39\x8c\x15\xdd\x51\xeb" "\x8e\xbd\xd1\xdc\x73\x1f\x67\xf9\x63\x89\x75\x11\x6f\x4c\x73\x5d\x6d\xcf" "\x46\x00\x5e\xb8\x35\x51\x8b\x6f\x44\xc4\xde\x97\xf4\xc4\xd5\x9d\x9f\x07" "\x00\x00\xe7\xba\x9e\xa8\x45\xf7\x75\x7f\x47\xaa\x6b\x96\x7b\x32\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x70\x8e\xa8\xa2\x16\x9f\x8b\x88\x43\x3f\x3a\x52\xf5\x2e\xf8\xf8\xa9" "\xed\xff\x7f\x6b\xdf\xcd\x67\x64\xf6\xf3\xec\xff\x0f\x00\xcf\xc3\xca\xa8" "\xc5\x8f\xf3\xfe\xff\x7d\xf6\xff\x3f\xfd\xb4\x1d\x80\xb3\xd0\xaa\xa8\xc5" "\x81\xbc\xff\x7f\xbf\xfd\xff\x01\xa0\x08\xab\xa3\x16\xf7\xe6\xfd\xff\x37" "\xd9\xff\xff\xec\x7f\x2c\x61\xff\x7f\x00\x4e\x83\x35\x51\x8b\xbf\xcc\xfb" "\xff\xdf\x6c\xff\x7f\x00\x28\x42\x4f\xd4\xa2\xfb\xba\xbf\x23\xd5\x2d\xcb" "\x3d\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x38\x47\x9c\x17\xb5\xf8\xc7\x88\xf8\xf3\x77\x3f\xdc" "\xd9\x57\x66\xe1\xbe\xf4\x0b\x77\x98\x79\xf1\x22\xdb\xcd\xa4\x4f\x6f\xcc" "\xd7\x4f\x66\x4f\xbe\xd5\x79\xaf\xc1\x5a\x95\xfe\x9c\xc6\x13\x02\x00\x16" "\xd5\x13\xb5\xb8\xbd\x73\xed\x48\x35\xb0\xdc\x93\x01\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xce\x6a\xb5\xa8\xc5" "\xdf\x46\x44\xf5\xfd\x23\x55\x54\x11\xf1\x58\x44\x3d\xba\x97\xbd\xcb\x3d" "\x39\x00\x60\x69\x54\xb5\xf8\x87\x88\x78\xc5\xdf\x1d\x49\xf5\x8f\xdb\xd7" "\x3d\xb5\xe6\xfc\x4b\xd6\xdd\xb6\x35\x22\x56\xc4\x8a\xce\x43\x82\x6a\xe1" "\xf8\x56\x7b\x72\xa0\x3e\xb8\x7f\xef\x83\x07\xa6\x0f\x1e\x9c\xde\x55\x9f" "\xda\x37\x73\xff\xfe\x5d\xd3\x27\x7b\xb8\x9e\xc1\xa1\x89\xd6\xe8\x52\x9c" "\xc8\x49\x59\xbd\xc4\xf3\x5f\x7d\xca\x33\xec\x49\x8f\xc9\x16\xb8\xbe\x33" "\xe1\xa9\xa1\xe1\xce\xa4\x67\x67\x76\xee\x7b\x28\x7d\xb8\x56\xad\x38\xe5" "\x43\x01\x50\xae\x9e\xa8\xc5\x4f\x3b\xd7\x8e\x54\xd5\x72\x4f\x06\x00\x38" "\x23\x56\x55\xb5\xf8\xfb\x88\xf8\xa7\x37\x1c\x9e\x5f\x77\xae\xec\xae\xf9" "\x57\x76\xff\xd6\x3b\xbf\x1c\xfd\xca\xcb\x8e\xae\x4d\x7b\xf2\x83\x85\xb9" "\xc7\x0c\x73\xcf\x1b\x5c\x74\x82\xeb\xcf\xf9\xf8\xe2\xfa\x3d\xd3\xfb\x66" "\x0e\xee\x9f\xd9\xbb\x73\xcf\x62\x8b\xf0\x9e\x7c\x5c\x2b\x5f\x00\x38\x35" "\x55\x55\x8b\xbf\x8a\x88\x6d\xf7\x5d\xd6\xe9\x6a\x15\x6b\x9f\xfd\x1c\x74" "\x1e\xf7\xc3\x88\xd8\xf2\xf9\x7a\x1e\x17\x6b\xd3\xb8\xb9\x27\xbc\xd7\x74" "\xe2\xde\xb3\x7b\x66\x76\x7a\xe3\xfd\xfb\x67\x77\xa5\xf1\x5f\x88\x88\xbf" "\xfe\xea\xfa\x3c\xbe\xb6\x3a\x8d\xcf\x0f\x2a\x62\xd5\xd1\xf1\xbd\x69\xec" "\x93\x11\xf1\xfd\x6f\xcd\x8d\x8d\xce\xd8\x35\x79\x6c\xcf\xd1\xb1\x7d\x69" "\xec\x96\x88\xd8\xf9\xcd\x67\x8e\xed\xc9\x63\xcf\x3b\x3a\xb6\x3f\x8d\xdd" "\x10\x11\xb3\x5f\x7c\xe6\xd8\xf3\xf2\xd8\xb5\x47\xc7\x6e\x5a\xda\xaf\x32" "\x00\x9c\x5d\xd2\xfa\xff\xb5\x11\xb1\xa9\x7d\x78\xbe\xcd\x27\x5a\xff\xcf" "\xad\xe1\x1f\xcb\x97\x4b\xbd\xfe\x5f\xb5\xe0\x46\x3d\xf9\xb8\xab\x4e\xc3" "\x79\x03\x40\xc9\xd2\x1a\xf9\x6f\xf2\xfa\x7f\xd5\x22\xeb\xff\xef\x46\xc4" "\x93\x3f\x5f\x9f\xc7\x75\xd7\xd2\x6b\xf3\xe7\xcf\x3f\x66\x3d\xbf\x2f\x22" "\x1e\xfe\xde\x33\xc7\x9e\x9f\xc7\xbe\x68\xc1\x7a\xfe\x8c\x9e\x2c\x00\xd0" "\x91\xd6\xff\x4f\x44\xc4\xf7\x7e\x76\x78\xfe\xb9\xfc\xbc\xfe\xcf\xcb\xec" "\xa3\xeb\xff\x8f\xad\x3b\xba\x86\xdf\x95\x2f\x97\x7a\xfd\xbf\xe6\x98\xf5" "\x7f\x3a\xee\xcb\x4f\xc3\x79\x03\x40\xc9\x52\xff\x7f\x12\x11\xdf\x3d\x70" "\x78\xfe\xe7\xed\x27\xd3\xff\xb9\x75\xff\x52\xf7\xbf\xe7\x98\xfe\xa7\xe3" "\x5e\x7e\x1a\xce\x1b\x00\x4a\x96\xfa\xff\x54\x44\x7c\xf3\x03\x87\xe7\x5f" "\x43\x77\x4c\xff\x1f\x9f\x1b\xbb\xb0\xff\xd7\x5e\x95\x6f\x9f\xff\xbe\x54" "\xfd\x3f\xef\x98\xfe\xa7\xe3\x5e\x71\x3a\x4e\x1c\x00\x0a\x96\xfa\xff\xf9" "\x88\xf8\xf6\x86\xc3\xf3\xaf\x8b\x3f\x99\xf5\xff\x99\xea\xff\x5a\xfd\x07" "\x80\xd3\x2e\xf5\xff\xd6\x88\xf8\xec\x91\xc3\xf3\xcf\xe9\x9f\x4c\xff\x2f" "\xcf\xbf\x1d\xb0\xd4\xcf\xff\x9f\x7f\x4c\xff\xd3\x71\xeb\xa7\xe3\xc4\x01" "\xa0\x60\xab\xf2\xeb\xff\xfb\x9e\xfa\xd2\xfc\xeb\xf3\x4f\xa6\xff\xc7\x5a" "\xaa\xfe\xbf\xc8\x9b\x12\x02\xc0\x69\x57\xc5\xc5\x55\xb7\xcc\xab\xe2\x92" "\xce\xb5\xe1\xe6\x48\xc3\xce\x3f\x00\x00\x00\x70\x2e\xe9\xec\xef\x77\xf1" "\xdc\xd3\xfd\xd5\x25\x51\x59\xff\x03\x00\x00\xc0\xb9\xa6\x8a\x4b\xf3\xcf" "\xff\xd7\xc6\x65\xdd\x6b\xbb\x63\x26\x66\x63\x3a\x3c\x09\x00\x00\x00\x00" "\xe7\x88\xce\xcf\xff\x2f\xed\x6e\xe7\x1b\x51\x5d\x16\x95\xf5\x3f\x00\x00" "\x00\x9c\x6b\x3e\xd9\xf9\xfd\xff\xce\xef\x00\x74\xde\xfe\xbf\x27\x0e\x75" "\xde\xae\x67\x65\xad\xf3\xdc\x40\x55\x45\x7b\x7c\x4d\xf5\x17\x3f\x8c\x89" "\x89\x55\xd5\xe3\xe3\xf7\x5c\x5d\xed\x1d\x48\xe3\x06\xf6\xae\xe8\xde\xc1" "\x8a\x63\xef\x71\x72\xf8\xf2\xea\x82\x7c\x27\x9d\x8b\xcd\x2b\xf3\xdf\x06" "\x1b\xeb\xab\x97\x77\x8f\x36\xbf\x85\xdf\x0f\xf2\xc5\xee\xc5\xe6\x51\x9d" "\x86\x09\xc4\xa7\xe3\xf2\xee\x51\x2e\xcf\xfb\x17\xee\x9a\xfb\x4c\xf7\x28" "\x6b\x87\x9b\x23\x8d\x8d\x83\xad\x91\xdb\xfa\x62\x60\xe0\x82\xda\x64\xe3" "\x9e\xc9\xf7\xee\x9b\x79\x7f\x74\x4e\xff\x53\x63\xa3\x17\x54\xb1\x7b\x66" "\x76\x7a\xe3\xfd\xfb\x67\x77\x75\xe6\xd2\xd9\x1c\xe1\xf1\xbd\xf9\x5d\x8a" "\xba\x17\x4f\x3f\x7d\x32\x73\x79\xa8\xf3\x7e\x0b\x9d\xdf\xb9\x78\xce\x33" "\x5e\xd5\xf9\x45\x8c\x7c\xdc\xb5\xdd\xe3\xf6\x2e\x3c\xff\xfc\xbe\x4c\xc7" "\xee\xd4\x7c\xa2\x63\x3e\x11\x57\x74\x8f\x79\x45\x7e\xaf\xc7\xb5\xcf\x3c" "\xff\x9e\x74\xcc\xbe\x8d\xc7\x3b\xfb\x3c\x8b\xbe\xe3\x9e\xf9\xc9\xce\x62" "\x7d\x77\x16\xeb\xbb\xef\x22\x7d\xd5\xb5\xcf\x31\x8b\xfe\xc5\x66\xd1\xbf" "\x70\x16\x2f\xe8\x6b\x71\x12\xb3\xd8\xb4\xd8\x2c\x36\x9d\xe2\x2c\x00\x96" "\xcb\xee\x45\x2a\x54\x3d\x3b\xfc\x2f\xe0\xbb\xdc\x99\xa9\xfb\x13\x71\x65" "\xf7\x28\x57\x76\xdf\x9d\x78\xe5\xe5\xcf\xf1\x1d\xbd\x77\xb1\xef\xe8\xbd" "\xa7\x58\xb7\xaf\xc5\x86\xee\x2c\x36\xcc\x0d\x3e\x5e\x63\xd3\x71\x3f\x73" "\x4c\x55\xbf\x9c\x6e\xf0\xe5\xe3\x1e\xb7\x3d\xd2\x5f\xa5\x2f\xe1\x8a\x87" "\xf6\x3e\x18\x97\x1c\x7c\xe4\xd0\x8d\x9d\x37\x4e\xdc\x33\xbd\xaf\xbf\x7f" "\xd3\xe6\xde\x9b\x7b\x7b\x6f\xe9\x8f\x55\x9d\xd3\xc8\x17\xda\x03\xc0\x73" "\xd8\xd0\x79\xfd\x7f\xe7\x35\x00\xc7\xe9\xff\xa2\x23\xaa\x9b\x17\x59\x55" "\xbf\x74\xfe\x25\x05\x1b\xe3\xfe\xd8\x1f\xb3\xb1\x2b\x6e\xe8\xfc\xb6\x41" "\xe7\x15\x07\xcf\x79\xaf\x6b\x17\xbc\x0c\xe1\x86\x45\x56\xad\x47\xc7\xf6" "\xc5\x0d\x8b\xac\xea\x8e\x8e\xed\x7f\x1e\x63\x37\x9d\xf1\xff\x5d\x00\x60" "\x29\x6d\x58\xa4\xc3\x27\xd3\xff\x1b\x16\x59\x77\x3f\xb3\xe5\x27\x5e\x1d" "\x2f\x6c\x39\x00\xb0\x34\x1a\x13\x3f\xa8\xd6\x4e\x7e\xa2\x9a\x98\x68\x8e" "\xdf\xdb\xb7\x75\x6b\xdf\xc0\xe4\xf6\x46\x7d\xa2\x35\x78\x57\x7d\xa2\x39" "\xb4\xad\x51\x6f\x8e\x4d\x36\x26\x06\xb7\x0f\x8c\x6d\x6b\xd4\xc7\x27\x5a" "\x93\xad\xc1\xd6\x48\xba\x72\x77\x73\xa8\xd1\xae\xb7\xa7\xc6\xc7\x5b\x13" "\x93\xf5\xe1\xd6\x44\x7d\xbc\xd5\x6e\xde\x53\x1f\x6e\x8e\x34\xea\xed\x1d" "\xed\xc9\xc6\x68\xbd\xdd\x18\x1d\x18\x9b\x6c\x3e\xda\x1e\x1f\x69\x0c\xb4" "\x1b\xf5\xc1\xd6\xd8\xe4\xc0\xe0\x64\x7d\xa8\xd9\x1e\xac\x8f\x4f\xdd\x31" "\xd2\x6c\x6f\x6f\x4c\x74\x6e\xdc\x1e\x6f\x0c\x36\x87\x9b\x83\x03\x93\xcd" "\xd6\x58\xbd\xdd\x9a\x9a\x18\x6c\x6c\xac\xd7\xdb\x8d\xc6\x82\x81\xcd\xa1" "\xc6\xd8\x64\x73\xb8\x99\xae\x8e\xd5\xc7\x27\x9a\xa3\x03\x13\x3b\xea\x77" "\xb7\x46\xa6\x46\x1b\xf5\xa1\x46\x7b\x70\xa2\x39\x3e\xd9\xea\xde\xe1\xdc" "\xb1\x9a\x63\xc3\xad\x89\xd1\xce\xdd\x6e\x5c\xee\x2f\x36\x00\x9c\x25\x0e" "\x3e\x72\xe8\x81\x9d\xb3\xb3\xd3\x07\x96\xf0\xca\x72\x9f\x23\x00\xf0\x4c" "\x8b\x54\x7a\xf5\x19\x9f\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\xf0\x2c\x67\xe2\xf7\xff\x5c\x71\xe5\x7f\xde\x95\xa7\x9f\x7e\xfa\xd1\xf4" "\xff\x90\xb3\x65\x3e\x67\xfa\xca\x72\x7f\x67\x02\x96\x5a\x2d\x6a\x71\x24" "\x22\xaa\xef\x1f\xa9\x3a\xef\xcc\xf7\x58\x44\x3d\xba\x97\x36\x00\x06\x80" "\x73\x53\xea\xff\x8f\x72\xff\xaf\xd2\x7f\x00\x28\x42\xea\xff\x3f\xe7\xfe" "\x5f\xad\xff\x00\x50\x84\xd4\xff\x7f\xc9\xfd\xbf\x46\xff\x01\xa0\x08\xa9" "\xff\xff\x9a\xfb\xff\x2a\xfd\x07\x80\x22\xa4\xfe\xff\x5b\xee\xff\xab\xf5" "\x1f\x00\x8a\x90\xfa\xff\xe3\xdc\xff\x6b\xf5\x1f\x00\x8a\x90\xfa\xff\xef" "\xb9\xff\xd7\xe9\x3f\x00\x14\x21\xf5\xff\x3f\x72\xff\xaf\xd7\x7f\x00\x28" "\x42\xea\xff\x7f\xe6\xfe\xbf\x46\xff\x01\xa0\x08\xa9\xff\xff\x95\xfb\x7f" "\x83\xfe\x03\x40\x11\x52\xff\x7f\x92\xfb\x7f\xa3\xfe\x03\x40\x11\x52\xff" "\x7f\x9a\xfb\xbf\x51\xff\x01\xa0\x08\xa9\xff\x3f\xcb\xfd\xbf\x49\xff\x01" "\xa0\x08\xa9\xff\x3f\xcf\xfd\xef\xd5\x7f\x00\x28\x42\xea\xff\xd3\xb9\xff" "\x7d\xfa\x0f\x00\x45\x48\xfd\x8f\xdc\xff\x7e\xfd\x07\x80\x22\xa4\xfe\x57" "\xb9\xff\x9b\xf4\x1f\x00\x8a\x50\xcb\xcf\x00\xa4\xfe\xdf\xac\xff\x00\x50" "\x84\x54\xff\x15\xb9\xff\xb7\xe8\x3f\x00\x14\x21\xf5\x7f\x65\xee\xff\x66" "\xfd\x07\x80\x22\xa4\xfe\xaf\xca\xfd\xdf\xa2\xff\x00\x50\x84\xd4\xff\xd5" "\xb9\xff\xb7\xea\x3f\x00\x14\x21\xf5\x7f\x4d\xee\xff\x56\xfd\x07\x80\x22" "\xa4\xfe\xf7\xe4\xfe\xbf\x56\xff\x01\xa0\x08\xa9\xff\xe7\xe5\xfe\xdf\xa6" "\xff\x00\x50\x84\xd4\xff\xb5\xb9\xff\xb7\xeb\x3f\x00\x14\x21\xf5\xff\xfc" "\xdc\xff\xd7\xe9\x3f\x00\x14\x21\xf5\xff\x45\xb9\xff\xaf\xd7\x7f\x00\x28" "\x42\xea\xff\x8b\x73\xff\xdf\xa0\xff\x00\x50\x84\xd4\xff\x0b\x72\xff\xdf" "\xa8\xff\x00\x50\x84\xd4\xff\x97\xe4\xfe\x0f\xe8\x3f\x00\x14\x21\xf5\x7f" "\x5d\xee\xff\x1d\xfa\x0f\x00\x45\x48\xfd\xbf\x30\xf7\x7f\x50\xff\x01\xa0" "\x08\xa9\xff\x2f\xcd\xfd\x1f\xd2\x7f\x00\x28\x42\xea\xff\x45\xb9\xff\x0d" "\xfd\x07\x80\x22\xa4\xfe\xbf\x2c\xf7\x7f\x58\xff\x01\xa0\x08\xa9\xff\x17" "\xe7\xfe\x6f\xd3\x7f\x00\x28\x42\xea\xff\x25\xb9\xff\xdb\xf5\x1f\x00\x8a" "\x90\xfa\x7f\x69\xee\x7f\x53\xff\x01\xa0\x08\xa9\xff\x97\xe5\xfe\xdf\xa9" "\xff\x00\x50\x84\xd4\xff\x97\xe7\xfe\xdf\xa5\xff\x00\x50\x84\xd4\xff\xcb" "\x73\xff\x47\xf4\x1f\x00\x8a\x90\xfa\x7f\x45\xee\xff\xa8\xfe\x03\x40\x11" "\x52\xff\xd7\xe7\xfe\x8f\xe9\x3f\x00\x14\x21\xf5\xff\x15\xb9\xff\x2d\xfd" "\x07\x80\x22\xa4\xfe\xff\xaf\xdc\xff\x71\xfd\x07\x80\x22\xa4\xfe\xbf\x32" "\xf7\xff\x4d\xfa\x0f\x00\x45\x48\xfd\xaf\xe7\xfe\x4f\xe8\x3f\x00\x14\x21" "\xf5\xff\xca\xdc\xff\xb6\xfe\x03\x40\x11\x52\xff\x37\xe4\xfe\x4f\xea\x3f" "\x00\x14\x21\xf5\xff\xaa\xdc\xff\x29\xfd\x07\x80\x22\xa4\xfe\x5f\x9d\xfb" "\x7f\xb7\xfe\x03\x40\x11\x52\xff\xaf\xc9\xfd\x7f\xb3\xfe\x03\x40\x11\x52" "\xff\x5f\x95\xfb\x7f\x8f\xfe\x03\x40\x11\x52\xff\x5f\x9d\xfb\xbf\x43\xff" "\x01\xa0\x08\xa9\xff\xd7\xe6\xfe\xbf\x45\xff\x01\xa0\x08\xa9\xff\xd7\xe5" "\xfe\xbf\x55\xff\x01\xa0\x08\xa9\xff\xd7\xe7\xfe\xbf\x4d\xff\x01\xa0\x08" "\xa9\xff\xaf\xc9\xfd\x7f\xbb\xfe\x03\x40\x11\x52\xff\x6f\xc8\xfd\x7f\x87" "\xfe\x03\x40\x11\x52\xff\x6f\xcc\xfd\xbf\x57\xff\x01\xa0\x08\xa9\xff\x1b" "\x73\xff\xdf\xa9\xff\x00\x50\x84\xd4\xff\x9b\x72\xff\x77\xea\x3f\x00\x14" "\x21\xf5\xbf\x37\xf7\xff\x3e\xfd\x07\x80\x22\xa4\xfe\xf7\xe5\xfe\xdf\xaf" "\xff\x00\x50\x84\xd4\xff\xfe\xdc\xff\x5d\xfa\x0f\x00\x45\x48\xfd\xdf\x94" "\xfb\x3f\xad\xff\x00\x50\x84\xd4\xff\x9b\x73\xff\x77\xeb\x3f\x00\x14\x21" "\xf5\xff\x96\xdc\xff\x3d\xfa\x0f\x00\x45\x48\xfd\xdf\x1c\x11\xab\x22\xe2" "\x5d\xfa\x0f\x00\x45\x48\xfd\xdf\x92\xd7\xff\x33\xfa\x0f\x00\x45\x48\xfd" "\xbf\x35\xf7\xff\xdd\xfa\x0f\x00\x45\x48\xfd\xdf\x9a\xfb\xff\x80\xfe\x03" "\x40\x11\x52\xff\x5f\x9b\xfb\x3f\xab\xff\x00\x50\x84\xd4\xff\xdb\x72\xff" "\xf7\xea\x3f\x00\x14\x21\xf5\xff\xf6\xdc\xff\x7d\xfa\x0f\x00\x45\x48\xfd" "\x7f\x5d\xee\xff\x7e\xfd\x07\x80\x22\xa4\xfe\xbf\x3e\xf7\xff\x41\xfd\x07" "\x80\x22\xa4\xfe\xbf\x21\xf7\xff\x3d\xfa\x0f\x00\x45\x48\xfd\x7f\x63\xee" "\xff\x01\xfd\x07\x80\x22\xa4\xfe\x0f\xe4\xfe\x1f\xd4\x7f\x00\x28\x42\xea" "\xff\x1d\xb9\xff\x0f\xe9\x3f\x00\x14\x21\xf5\x7f\x30\xf7\xff\xbd\xfa\x0f" "\x00\x45\x48\xfd\x1f\xca\xfd\x7f\x58\xff\x01\xa0\x08\xa9\xff\x8d\xdc\xff" "\xf7\xe9\x3f\x00\x14\x21\xf5\x7f\x38\xf7\xff\xfd\xfa\x0f\x00\x45\x48\xfd" "\xdf\x96\xfb\xff\x88\xfe\x03\x40\x11\x52\xff\xb7\xe7\xfe\x1f\xd2\x7f\x00" "\x28\x42\xea\x7f\x33\xf7\xff\x03\xfa\x0f\x00\x45\x48\xfd\xbf\x33\xf7\xff" "\x83\xfa\x0f\x00\x45\x48\xfd\xbf\x2b\xf7\xff\x43\xfa\x0f\x00\x45\x48\xfd" "\x1f\xc9\xfd\xff\xb0\xfe\x03\x40\x11\x52\xff\x47\x73\xff\x1f\xd5\x7f\x00" "\x28\x42\xea\xff\x58\xee\xff\x63\xfa\x0f\x00\x45\x48\xfd\x6f\xe5\xfe\x3f" "\xae\xff\x00\x50\x84\xd4\xff\xf1\xdc\xff\x8f\xe8\x3f\x00\x14\x21\xf5\xff" "\x4d\xb9\xff\x1f\xd5\x7f\x00\x28\x42\xea\xff\x44\xee\xff\xc7\xf4\x1f\x00" "\x8a\x90\xfa\xdf\xce\xfd\xff\xb8\xfe\x03\x40\x11\x52\xff\x27\x73\xff\x9f" "\xd0\x7f\x00\x28\x42\xea\xff\x54\xee\xff\x27\xf4\x1f\x00\x8a\x90\xfa\x7f" "\x77\xee\xff\x27\xf5\x1f\x00\x8a\x90\xfa\xff\xe6\xdc\xff\x4f\xe9\x3f\x00" "\x14\x21\xf5\xff\x9e\xdc\xff\xff\xad\xff\x00\x50\x84\xd4\xff\x1d\xb9\xff" "\xff\x47\xff\x01\xa0\x08\xa9\xff\x6f\xc9\xfd\xff\xb4\xfe\x03\x40\x11\x52" "\xff\xdf\x9a\xfb\xff\x19\xfd\x07\x80\x22\xa4\xfe\xbf\x2d\xf7\xff\xb3\xfa" "\x0f\x00\x45\x48\xfd\x7f\x7b\xee\xff\xe7\xf4\x1f\x00\x8a\x90\xfa\xff\x8e" "\xdc\xff\xff\xab\xff\x00\x50\x84\xd4\xff\x7b\x73\xff\x3f\xaf\xff\x00\x50" "\x84\xd4\xff\x77\xe6\xfe\x7f\x41\xff\x01\xa0\x08\xa9\xff\x3b\x73\xff\xbf" "\xa8\xff\x00\x50\x84\xd4\xff\xfb\x72\xff\xff\x9f\xfe\x03\x40\x11\x52\xff" "\xef\xcf\xfd\xff\xff\xfa\x0f\x00\x45\x48\xfd\xdf\x95\xfb\xff\x0b\xfa\x0f" "\x00\x45\x48\xfd\x9f\xce\xfd\xff\x45\xfd\x07\x80\x22\xa4\xfe\xef\xce\xfd" "\xff\x25\xfd\x07\x80\x22\xa4\xfe\xef\xc9\xfd\xff\x65\xfd\x07\x80\x22\xa4" "\xfe\xbf\x2b\xf7\xff\x57\xf4\x1f\x00\x8a\x90\xfa\x3f\x93\xfb\xff\xab\xfa" "\x0f\x00\x45\x48\xfd\x7f\x77\xee\xff\xaf\xe9\x3f\x00\x14\x21\xf5\xff\x81" "\xdc\xff\x5f\xd7\x7f\x00\x28\x42\xea\xff\x6c\xee\xff\x6f\xe8\x3f\x00\x14" "\x21\xf5\x7f\x6f\xee\xff\x6f\xea\x3f\x00\x14\x21\xf5\x7f\x5f\xee\xff\x97" "\xf4\x1f\x00\x8a\x90\xfa\xbf\x3f\xf7\xff\xcb\xfa\x0f\x00\x45\x48\xfd\x7f" "\x30\xf7\xff\xb7\xf4\x1f\x00\x8a\x90\xfa\xff\x9e\xdc\xff\xdf\xd6\x7f\x00" "\x28\x42\xea\xff\x81\xdc\xff\xdf\xd1\x7f\x00\x28\x42\xea\xff\xc1\xdc\xff" "\xaf\xe8\x3f\x00\x14\x21\xf5\xff\xa1\xdc\xff\xaf\xea\x3f\x00\x14\x21\xf5" "\xff\xbd\xb9\xff\xbf\xab\xff\x00\x50\x84\xd4\xff\x87\x73\xff\x0f\xeb\x3f" "\x00\x14\x21\xf5\xff\x7d\xb9\xff\xbf\xa7\xff\x00\x50\x84\xd4\xff\xf7\xe7" "\xfe\x7f\x4d\xff\x01\xa0\x08\xa9\xff\x8f\xe4\xfe\xff\xbe\xfe\x03\x40\x11" "\x52\xff\x0f\xe5\xfe\xff\x81\xfe\x03\x40\x11\x52\xff\x3f\x90\xfb\xff\x87" "\xfa\x0f\x00\x45\x48\xfd\xff\x60\xee\xff\xd7\xf5\x1f\x00\x8a\x90\xfa\xff" "\xa1\xdc\xff\x27\xf5\x1f\x00\x8a\x90\xfa\xff\xe1\xdc\xff\x3f\xd2\x7f\x00" "\x28\x42\xea\xff\xa3\xb9\xff\xdf\xd0\x7f\x00\x28\x42\xea\xff\x63\xb9\xff" "\x7f\xac\xff\x00\x50\x84\xd4\xff\xc7\x73\xff\xbf\xa9\xff\x00\x50\x84\xd4" "\xff\x8f\xe4\xfe\xff\x89\xfe\x03\x40\x11\x52\xff\x3f\x9a\xfb\xff\x2d\xfd" "\x07\x80\x22\xa4\xfe\x7f\x2c\xf7\xff\xdb\xfa\x0f\x00\x45\x48\xfd\xff\x78" "\xee\xff\x9f\xea\x3f\x00\x14\x21\xf5\xff\x89\xdc\xff\x3f\xd3\x7f\x00\x28" "\xc2\x7f\x07\x00\x00\xff\xff\x81\x63\x0f\x16", 4709); syz_mount_image(/*fs=*/0x200000001240, /*dir=*/0x200000001280, /*flags=*/0, /*opts=*/0x200000000740, /*chdir=*/1, /*size=*/0x1265, /*img=*/0x2000000047c0); memcpy((void*)0x200000000000, "/dev/rfkill\000", 12); res = syscall( __NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=O_TRUNC|O_CLOEXEC|O_APPEND|O_RDWR*/ 0x80602, /*mode=*/0); if (res != -1) r[20] = res; res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10); if (res != -1) r[21] = res; res = syscall(__NR_epoll_create1, /*flags=*/0ul); if (res != -1) r[22] = res; syscall(__NR_epoll_pwait2, /*epfd=*/r[22], /*events=*/0x200000000000ul, /*maxevents=*/1ul, /*timeout=*/0ul, /*sigmask=*/0ul, /*size=*/0ul); *(uint32_t*)0x200000001100 = 0x20000016; *(uint64_t*)0x200000001104 = 0; syscall(__NR_epoll_ctl, /*epfd=*/r[22], /*op=*/1ul, /*fd=*/r[21], /*ev=*/0x200000001100ul); *(uint32_t*)0x200000000040 = 0; *(uint8_t*)0x200000000044 = 6; *(uint8_t*)0x200000000045 = 3; *(uint8_t*)0x200000000046 = 0; *(uint8_t*)0x200000000047 = 0; syscall(__NR_write, /*fd=*/r[20], /*data=*/0x200000000040ul, /*len=*/8ul); memcpy((void*)0x200000000080, "ext3\000", 5); memcpy((void*)0x200000000480, "./file0\000", 8); memcpy((void*)0x200000000900, "init_itable", 11); *(uint8_t*)0x20000000090b = 0x2c; memcpy((void*)0x20000000090c, "resgid", 6); *(uint8_t*)0x200000000912 = 0x2c; sprintf((char*)0x200000000913, "0x%016llx", (long long)0xee00); *(uint8_t*)0x200000000925 = 0x2c; memcpy((void*)0x200000000926, "bh", 2); *(uint8_t*)0x200000000928 = 0x2c; memcpy((void*)0x200000000929, "noload", 6); *(uint8_t*)0x20000000092f = 0x2c; memcpy((void*)0x200000000930, "errors=remount-ro", 17); *(uint8_t*)0x200000000941 = 0x2c; memcpy((void*)0x200000000942, "usrjquota=", 10); *(uint8_t*)0x20000000094c = 0x2c; *(uint8_t*)0x20000000094d = 0; memcpy( (void*)0x200000000980, "\x78\x9c\xec\xdb\xcd\x6f\x14\x65\x18\x00\xf0\x67\x66\xbb\xe5\xdb\x56\xc4" "\x0f\x10\xb4\x8a\x46\xe2\x47\x4b\xcb\x87\x1c\xbc\x68\x34\xf1\xa0\x89\x89" "\x1e\x30\x9e\xea\xb6\x10\xa4\x50\x43\x6b\x22\xa4\x51\xf4\x80\x47\x43\xa2" "\x67\xe3\xd1\x44\xff\x01\x4f\x7a\x31\xea\xc9\xc4\xab\xde\x0d\x09\x31\xbd" "\x80\x9e\xd6\xcc\xce\x4c\x59\xda\xdd\x42\xe9\xb6\x5b\xd9\xdf\x2f\x99\xf6" "\x7d\x77\xde\xcd\xfb\x3c\x33\xf3\xee\xbe\x33\xb3\x13\x40\xcf\x1a\xca\xfe" "\x24\x11\xdb\x23\xe2\x8f\x88\x18\xc8\xab\x37\x37\x18\xca\xff\x5d\x9f\x9f" "\xab\xfd\x33\x3f\x57\x4b\xa2\x5e\x7f\xf3\xef\xa4\xd1\xee\xda\xfc\x5c\xad" "\x6c\x5a\xbe\x6f\x5b\x5e\xa9\xd7\x8b\xfa\xa6\x16\xfd\x5e\x7a\x27\x62\x7c" "\x6a\x6a\xf2\x5c\x51\x1f\x99\x3d\xf3\xfe\xc8\xcc\xf9\x0b\xcf\x9d\x3a\x33" "\x7e\x72\xf2\xe4\xe4\xd9\xb1\x63\xc7\x0e\x1f\xda\xd7\x7f\x74\xec\x48\x47" "\xf2\xcc\xf2\xba\xb6\xe7\xa3\xe9\xbd\xbb\x5f\x7d\xfb\xf2\xeb\xb5\xe3\x97" "\xdf\xfd\xe5\xdb\x2c\xde\xed\xc5\xfa\xe6\x3c\x3a\x65\x28\xdf\xba\x2d\x3d" "\xd9\xe9\xce\xba\x6c\x47\x53\x39\xe9\xeb\x62\x20\xac\x48\x25\x22\xb2\xdd" "\x55\x6d\x8c\xff\x81\xa8\xc4\x96\x85\x75\x03\xf1\xca\xa7\x5d\x0d\x0e\x58" "\x53\xf5\x7a\xbd\xde\xea\xfb\xb9\x70\xb1\x0e\xdc\xb5\xb2\xb9\x5a\xb7\x63" "\x00\xba\x23\xff\x9a\x2f\xcf\xdc\xe7\x6a\x6b\x71\x1e\xbc\x91\x5d\x7d\x31" "\x3f\x01\xca\xf2\xbe\x5e\x2c\xf9\x9a\xbe\x48\x8b\x36\xd5\x45\xe7\xb7\x9d" "\x34\x14\x11\xc7\x2f\xfe\xfb\x55\xb6\xc4\x1a\x5d\x87\x00\x00\x68\xf6\x43" "\x36\xff\x79\x36\x9f\x77\x94\x4b\xbe\x26\x8d\x07\x9a\xda\xdd\x53\xdc\x43" "\x19\x8c\x88\x7b\x23\x62\x67\x44\xdc\x17\x11\xbb\x22\xe2\xfe\x88\x46\xdb" "\x07\x23\xe2\xa1\x15\xf6\xbf\xf8\x0e\xc9\xd2\xf9\x4f\x7a\xe5\x8e\x12\xbb" "\x4d\xd9\xfc\xef\x85\xe2\xde\xd6\xcd\xf3\xbf\x72\xf6\x17\x83\x95\xa2\xb6" "\xa3\x91\x7f\x35\x39\x71\x6a\x6a\xf2\x60\xb1\x4d\x0e\x44\x75\x53\x56\x1f" "\x5d\xa6\x8f\x1f\x5f\xfe\xfd\xf3\x76\xeb\x9a\xe7\x7f\xd9\x72\xbd\x2f\x22" "\xf2\xb9\xe0\x77\x45\x93\xc3\x5f\x2e\xba\x40\x37\x31\x3e\x3b\xbe\xca\xb4" "\x17\x5c\xfd\x24\x62\x4f\x5f\xab\xfc\x93\x28\x6f\xe3\x64\x67\x07\xbb\x23" "\x62\xcf\x1d\xf6\x71\xea\xe9\x6f\xf6\xb6\x5b\xb7\x24\xff\xf9\xb9\x5a\x39" "\x17\xbe\xa5\x0e\xdc\x67\xaa\x7f\x1d\xf1\x54\xbe\xff\x2f\xc6\xa2\xfc\x4b" "\x49\xdb\xfb\x93\xa3\xcf\x1f\x1d\x3b\x32\xb2\x39\xa6\x26\x0f\x8e\x94\x47" "\xc5\x52\xbf\xfe\x76\xe9\x8d\x76\xfd\xaf\x2a\xff\x0e\xc8\xf6\xff\xd6\x96" "\xc7\xff\x42\xfe\x83\xc9\xe6\x88\x99\xf3\x17\x4e\x37\xee\xd7\xce\xac\xbc" "\x8f\x4b\x7f\x7e\xd6\xf6\x9c\xe6\xd6\xf9\xa7\x57\xfa\x5a\x1c\xff\xfd\xc9" "\x5b\x8d\x72\x7f\xf1\xda\x87\xe3\xb3\xb3\xe7\x46\x23\xfa\x93\xd7\x96\xbe" "\x3e\x76\xe3\xbd\x65\xbd\x6c\x9f\xe5\x7f\x60\x7f\xeb\xf1\xbf\x33\x6e\x6c" "\x89\x87\x23\x22\x3b\x88\xf7\x45\xc4\x23\x11\xf1\x68\x11\xfb\x63\x11\xf1" "\x78\x44\xec\x5f\x26\xff\x9f\x5f\x7a\xe2\xbd\x95\xe7\xbf\xcc\x55\xf9\x0e" "\xca\xf2\x9f\xb8\xd5\xfe\x8f\xe6\xfd\xbf\xf2\x42\xe5\xf4\x4f\xdf\xaf\x3c" "\xff\x52\xb6\xff\x0f\x37\x4a\x07\x8a\x57\x6e\xe7\xf3\xef\x46\x14\x95\x65" "\x63\x5f\xcd\xb6\x03\x00\x00\x80\xff\x8b\xb4\xf1\x1b\xf8\x24\x1d\x5e\x28" "\xa7\xe9\xf0\x70\xfe\x1b\xfe\x5d\xb1\x35\x9d\x9a\x9e\x99\x7d\xe6\xc4\xf4" "\x07\x67\x27\xf2\xdf\xca\x0f\x46\x35\x2d\xaf\x74\x0d\x34\x5d\x0f\x1d\x2d" "\xae\x0d\x97\xf5\xb1\x45\xf5\x43\xc5\x75\xe3\x2f\x2a\x5b\x1a\xf5\xe1\xda" "\xf4\xd4\x44\xb7\x93\x87\x1e\xb7\xad\xcd\xf8\xcf\xfc\x55\xe9\x76\x74\xc0" "\x9a\xf3\xbc\x16\xf4\x2e\xe3\x1f\x7a\x97\xf1\x0f\xbd\xeb\xb6\xc6\x7f\x92" "\xac\x7d\x20\xc0\xba\x6b\x31\xfe\xab\x65\xa1\x3e\xb0\xce\xc1\x00\xeb\xaa" "\xd5\xf7\xff\xc7\x5d\x88\x03\x58\x7f\xce\xff\xa1\x77\x19\xff\xd0\xbb\x8c" "\x7f\xe8\x5d\xc6\x3f\xf4\xa4\xb6\xcf\xc6\xa7\xab\x7a\xe4\xbf\x0b\x85\xec" "\x43\xac\xf5\x13\xfe\x1b\x25\xc2\x0e\x14\xaa\x1b\x23\x8c\xac\x10\xe9\x86" "\x08\xe3\xee\x2f\xf4\xc5\x1a\x77\xb1\xa9\xe5\xaa\x6e\x7f\x32\x01\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x74\xc6\x7f\x01\x00\x00\xff\xff\xf2" "\x8f\xd9\x8a", 1137); syz_mount_image( /*fs=*/0x200000000080, /*dir=*/0x200000000480, /*flags=MS_I_VERSION|MS_SLAVE|MS_PRIVATE|MS_POSIXACL|MS_RELATIME|MS_NOSUID|0xc0400004*/ 0xc0ed0006, /*opts=*/0x200000000900, /*chdir=*/-1, /*size=*/0x471, /*img=*/0x200000000980); memcpy((void*)0x200000000000, "/dev/loop#\000", 11); res = -1; res = syz_open_dev(/*dev=*/0x200000000000, /*id=*/0, /*flags=*/0); if (res != -1) r[23] = res; memcpy((void*)0x2000000000c0, "vfat\000", 5); memcpy((void*)0x2000000001c0, "./file0\000", 8); *(uint16_t*)0x200000000080 = 0; sprintf((char*)0x200000000082, "%023llo", (long long)-1); memcpy( (void*)0x200000000480, "\x78\x9c\xec\xdc\xcf\x4f\x13\x41\x14\xc0\xf1\x47\x29\xa5\x2d\xa1\xed\xc1" "\x68\x34\x31\x4c\xf4\xa2\x97\x0d\x54\xcf\xc6\xc6\x40\x62\x6c\x22\x01\x6a" "\x04\x13\x93\x05\xb6\xda\x74\x6d\x49\xb7\xc1\xd4\x18\xd1\x93\x57\xe3\x1f" "\xe1\x81\x70\xe4\x46\xa2\xfc\x03\x5c\xbc\xe9\xc5\x8b\x37\x2e\x26\x1e\xe4" "\x60\x5c\xb3\xbf\x68\x0b\x05\x4c\xa1\x14\xe1\xfb\x49\xc8\xbe\xee\xcc\x5b" "\x66\x32\x85\xbc\x69\x76\xbb\xf9\xf0\xdd\xb3\x62\xde\xd2\xf2\x7a\x55\x42" "\x51\x25\x3d\x22\x22\x5b\x22\x29\x09\x49\xa0\xc7\x3f\x86\xdc\x38\x22\x8d" "\x5e\xcb\xf5\x81\x9f\x5f\x2e\x4f\x4e\xcf\xdc\xcb\x64\xb3\xa3\x13\x4a\x8d" "\x65\xa6\x6e\xa4\x95\x52\x89\xa1\x8f\xcf\x5f\xc6\xfc\x6e\x6b\xfd\xb2\x91" "\x7a\xbc\xf9\x23\xfd\x7d\xe3\xfc\xc6\xc5\xcd\x3f\x53\x4f\x0b\x96\x2a\x58" "\xaa\x54\xae\x2a\x5d\xcd\x96\xbf\x55\xf5\x59\xd3\x50\xf3\x05\xab\xa8\x29" "\x35\x6e\x1a\xba\x65\xa8\x42\xc9\x32\x2a\x5e\x7b\xd9\x6b\xcf\x9b\xe5\x85" "\x85\x9a\xd2\x4b\xf3\x83\xf1\x85\x8a\x61\x59\x4a\x2f\xd5\x54\xd1\xa8\xa9" "\x6a\x59\x55\x2b\x35\xa5\x3f\xd1\x0b\x25\xa5\x69\x9a\x1a\x8c\x0b\x0e\x92" "\x5b\x9e\x98\xd0\x33\x6d\x26\xcf\x1d\xf1\x60\xd0\x21\x95\x4a\x46\xef\x15" "\x91\xd8\xae\x96\xdc\x72\x57\x06\x04\x00\x00\xba\x6a\x67\xfd\x1f\x72\x4a" "\xfa\xb6\xea\x7f\x49\xb8\xf5\xbf\xd3\xb9\x5e\xff\xaf\x5c\x59\xaf\x0e\x3c" "\x58\x4d\xf8\xf5\xff\x5a\xa4\x55\xfd\x7f\xf3\xab\x77\xad\xa6\xfa\x3f\x2a" "\x22\x1d\xaf\xff\x77\x57\x44\x67\xcb\xa1\xea\x7f\x9c\x0c\x43\x91\x5d\xa7" "\x7a\x9a\x5e\x39\xf5\x7f\xdc\xff\xfb\x75\xbd\x79\xb4\x32\xec\x06\xd4\xff" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc" "\x0f\xb6\x6c\x3b\x69\xdb\x76\x32\x38\x06\x3f\xf5\x47\x08\xfc\xd7\x38\x95" "\xf6\x5a\xff\x7e\x11\x89\x3a\xab\x6f\xb3\xfe\xa7\xd9\xe4\xf4\x8c\x44\xdd" "\x07\xf7\xc2\x09\x11\xf3\xed\x62\x6e\x31\xe7\x1d\xfd\x0e\xeb\x22\x62\x8a" "\x21\xc3\x92\x94\xdf\xee\xfb\xc1\xe7\xc4\xc1\x93\x47\xca\x91\x92\x4f\xe6" "\x92\x9f\xbf\xb4\x98\xeb\x75\x5b\x32\x79\x29\xb8\xf9\x23\x92\x94\xd4\xce" "\x7c\xdb\x1e\xbb\x9b\x1d\x1d\x51\x9e\xe6\xfc\x3e\x89\x37\xe6\xa7\x25\x29" "\xe7\x5a\xe7\xa7\x5b\xe6\x47\xe4\xda\xd5\x86\x7c\x4d\x92\xf2\x79\x4e\xca" "\x62\xca\xbc\xfb\xbe\xae\xe7\xbf\x1a\x51\xea\xce\xfd\xec\x8e\xfc\x98\xdb" "\x0f\x00\x00\x00\x00\x80\xd3\x40\x53\xdb\x5a\xee\xdf\x35\x6d\xaf\x76\x2f" "\x7f\x7b\x7f\xdd\xf2\xf3\x01\x6f\x7f\x3d\xdc\x72\x7f\x1e\x4e\x5e\x0a\x77" "\x77\xee\x00\x00\x00\x00\x00\x9c\x15\x56\xed\x45\x51\x37\x4d\xa3\xb2\x4f" "\x10\x93\x83\xfb\xb4\x1f\x84\xdb\x4b\xef\xdb\xaf\x4f\x6f\xc3\x0c\xff\xf5" "\x82\x11\xf7\x7e\x17\x91\xce\xcd\x74\x9f\x20\xb8\x91\xa2\xa9\x29\xea\x9f" "\x6c\xef\xca\xc1\xfc\x3b\x33\xe6\x90\xb4\x93\x35\xe4\x8c\x47\x1d\xf6\xb7" "\x07\x1f\x1b\xed\xd5\x47\xc6\xbb\xb0\x82\x6e\x70\xe1\xfd\x87\x5f\x47\x77" "\xc1\x5b\xab\xd1\x03\x66\xda\xb1\xa0\xef\x38\xfe\xf7\x00\x00\x00\x00\x38" "\x5e\xf5\xa2\x3f\x38\x73\xbb\xbb\x03\x02\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x0c\x3a\x8e" "\xaf\x13\xeb\xf6\x1c\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x93\xe2\x6f" "\x00\x00\x00\xff\xff\x7f\xe1\x04\x71", 747); syz_mount_image( /*fs=*/0x2000000000c0, /*dir=*/0x2000000001c0, /*flags=MS_I_VERSION|MS_STRICTATIME|MS_NODEV|0x200*/ 0x1800204, /*opts=*/0x200000000080, /*chdir=*/8, /*size=*/0x2eb, /*img=*/0x200000000480); memcpy((void*)0x200000000300, "./bus\000", 6); res = syscall(__NR_creat, /*file=*/0x200000000300ul, /*mode=*/0ul); if (res != -1) r[24] = res; memcpy((void*)0x200000000440, "./bus\000", 6); res = syscall(__NR_open, /*file=*/0x200000000440ul, /*flags=*/0ul, /*mode=*/0ul); if (res != -1) r[25] = res; res = syscall(__NR_dup3, /*oldfd=*/r[25], /*newfd=*/r[24], /*flags=*/0ul); if (res != -1) r[26] = res; res = syscall(__NR_io_setup, /*n=*/6, /*ctx=*/0x200000000240ul); if (res != -1) r[27] = *(uint64_t*)0x200000000240; *(uint64_t*)0x200000000000 = 0x2000000000c0; *(uint64_t*)0x2000000000c0 = 0xf04aef; *(uint32_t*)0x2000000000c8 = 0x3d8; *(uint32_t*)0x2000000000cc = 8; *(uint16_t*)0x2000000000d0 = 0; *(uint16_t*)0x2000000000d2 = 0; *(uint32_t*)0x2000000000d4 = r[26]; *(uint64_t*)0x2000000000d8 = 0; *(uint64_t*)0x2000000000e0 = 0; *(uint64_t*)0x2000000000e8 = 0; *(uint64_t*)0x2000000000f0 = 0; *(uint32_t*)0x2000000000f8 = 0; *(uint32_t*)0x2000000000fc = -1; syscall(__NR_io_submit, /*ctx=*/r[27], /*nr=*/1ul, /*iocbpp=*/0x200000000000ul); *(uint32_t*)0x200000000040 = 0x18; *(uint32_t*)0x200000000044 = 2; *(uint32_t*)0x200000000048 = 0; *(uint32_t*)0x20000000004c = 0; *(uint32_t*)0x200000000050 = 0; *(uint32_t*)0x200000000054 = 0; *(uint32_t*)0x200000000058 = 0; *(uint32_t*)0x20000000005c = 0; syscall(__NR_open_by_handle_at, /*mountdirfd=*/r[23], /*handle=*/0x200000000040ul, /*flags=*/0ul); *(uint64_t*)0x200000000140 = 0x200000000000; *(uint16_t*)0x200000000000 = 0x10; *(uint16_t*)0x200000000002 = 0; *(uint32_t*)0x200000000004 = 0; *(uint32_t*)0x200000000008 = 0x1000000; *(uint32_t*)0x200000000148 = 0xc; *(uint64_t*)0x200000000150 = 0x200000000100; *(uint64_t*)0x200000000100 = 0x2000000009c0; *(uint32_t*)0x2000000009c0 = 0x1ac; *(uint16_t*)0x2000000009c4 = r[18]; *(uint16_t*)0x2000000009c6 = 0; *(uint32_t*)0x2000000009c8 = 0x70bd2a; *(uint32_t*)0x2000000009cc = 0x25dfdbfe; *(uint8_t*)0x2000000009d0 = 0x28; *(uint8_t*)0x2000000009d1 = 0; *(uint16_t*)0x2000000009d2 = 0; *(uint16_t*)0x2000000009d4 = 4; *(uint16_t*)0x2000000009d6 = 0x5f; *(uint16_t*)0x2000000009d8 = 0xa; *(uint16_t*)0x2000000009da = 6; memset((void*)0x2000000009dc, 0, 6); *(uint16_t*)0x2000000009e4 = 0xa; *(uint16_t*)0x2000000009e6 = 6; memset((void*)0x2000000009e8, 80, 6); *(uint16_t*)0x2000000009f0 = 0x29; *(uint16_t*)0x2000000009f2 = 0x2a; *(uint8_t*)0x2000000009f4 = 0x3e; *(uint8_t*)0x2000000009f5 = 1; *(uint8_t*)0x2000000009f6 = 3; *(uint8_t*)0x2000000009f7 = 0x76; *(uint8_t*)0x2000000009f8 = 6; *(uint8_t*)0x2000000009f9 = 0; *(uint8_t*)0x2000000009fa = 4; *(uint16_t*)0x2000000009fb = 0xe; *(uint16_t*)0x2000000009fd = 6; *(uint8_t*)0x2000000009ff = 0x75; *(uint8_t*)0x200000000a00 = 0x18; *(uint16_t*)0x200000000a01 = 1; *(uint16_t*)0x200000000a03 = 0x20; *(uint16_t*)0x200000000a05 = 5; *(uint16_t*)0x200000000a07 = 0x19; memcpy((void*)0x200000000a09, "\x57\xbc\x27\xf7\xb2\x41\x3a\x32\xdc\x18\x82\x61\x20\xa1\xf8\x58", 16); *(uint16_t*)0x200000000a1c = 4; *(uint16_t*)0x200000000a1e = 0x5f; *(uint16_t*)0x200000000a20 = 6; *(uint16_t*)0x200000000a22 = 0x36; *(uint16_t*)0x200000000a24 = 1; *(uint16_t*)0x200000000a28 = 0xa; *(uint16_t*)0x200000000a2a = 6; memcpy((void*)0x200000000a2c, "\x26\x10\x0f\x80\x79\x22", 6); *(uint16_t*)0x200000000a34 = 0x12e; *(uint16_t*)0x200000000a36 = 0x2a; *(uint8_t*)0x200000000a38 = 0x7e; *(uint8_t*)0x200000000a39 = 0x15; STORE_BY_BITMASK(uint8_t, , 0x200000000a3a, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200000000a3a, 5, 1, 7); *(uint8_t*)0x200000000a3b = -1; *(uint8_t*)0x200000000a3c = 0; *(uint8_t*)0x200000000a3d = 8; *(uint8_t*)0x200000000a3e = 2; *(uint8_t*)0x200000000a3f = 0x11; *(uint8_t*)0x200000000a40 = 0; *(uint8_t*)0x200000000a41 = 0; *(uint8_t*)0x200000000a42 = 0; *(uint32_t*)0x200000000a43 = 1; *(uint32_t*)0x200000000a47 = 2; *(uint32_t*)0x200000000a4b = 8; *(uint8_t*)0x200000000a4f = 6; *(uint8_t*)0x200000000a50 = 2; *(uint16_t*)0x200000000a51 = 9; *(uint8_t*)0x200000000a53 = 3; *(uint8_t*)0x200000000a54 = 1; *(uint8_t*)0x200000000a55 = 0x30; *(uint8_t*)0x200000000a56 = 0x37; *(uint8_t*)0x200000000a57 = 0xb7; *(uint8_t*)0x200000000a58 = 0x67; *(uint8_t*)0x200000000a59 = 3; memcpy((void*)0x200000000a5a, "\x60\x0c\x80\xa8\x1d\x63\x77\xce\xf6\x7b\x2a\xd6\xac\x45\x9e\x68", 16); memcpy((void*)0x200000000a6a, "\x6e\xe3\x83\x44\x6e\x80\xbe\xbb\x60\x97\xaa\x4c\xff\xd9\x12\x80\xac" "\x73\x32\x29\x49\xe3\x67\xf6\xdd\x22\x97\xb0\x9e\x70\xd3\x84", 32); memcpy((void*)0x200000000a8a, "\x57\xe8\x43\x7d\x37\xce\x2d\x70\xeb\x05\xdc\x35\x09\xe8\xaa\x26\x9b" "\x29\xc3\x7a\x93\x2b\x21\x3e\xa6\x47\x6b\x12\x29\x4e\x52\xf0", 32); *(uint8_t*)0x200000000aaa = 3; *(uint8_t*)0x200000000aab = 0x23; memcpy( (void*)0x200000000aac, "\x82\xba\xdc\xbf\x55\x17\xa3\x76\x3f\x45\x09\x7a\xbd\x3e\x05\xcb\x6c\x8d" "\x4a\xf4\xe1\xd1\xbe\x32\xb2\xe5\x73\x48\x29\xdd\x28\xf1\x7e\x58\x4a", 35); *(uint8_t*)0x200000000acf = 2; *(uint8_t*)0x200000000ad0 = 0x1e; memcpy((void*)0x200000000ad1, "\xbd\x3d\x9a\x33\x7b\x87\xa1\x13\x61\x87\x12\xaa\xa3\xbe\xe2\x9d\x2a" "\xcc\x5c\xba\xd0\xe6\x0b\xef\x80\x58\x0a\xb2\x92\x12", 30); *(uint8_t*)0x200000000aef = 1; *(uint8_t*)0x200000000af0 = 0x1e; memcpy((void*)0x200000000af1, "\x35\xc1\xfc\x8a\xbf\xce\x88\xd3\x64\xc2\xc0\xbe\x2c\x5e\xb1\xdc\xa7" "\x4c\x2d\x11\xae\x67\xa4\xca\x48\x0e\xac\x33\x0e\xb9", 30); *(uint8_t*)0x200000000b0f = 0x76; *(uint8_t*)0x200000000b10 = 6; *(uint8_t*)0x200000000b11 = 0x81; *(uint8_t*)0x200000000b12 = 0x80; *(uint16_t*)0x200000000b13 = 0x36; *(uint16_t*)0x200000000b15 = 4; *(uint8_t*)0x200000000b17 = 0x3e; *(uint8_t*)0x200000000b18 = 1; *(uint8_t*)0x200000000b19 = 3; *(uint8_t*)0x200000000b1a = 0x83; *(uint8_t*)0x200000000b1b = 0x1f; STORE_BY_BITMASK(uint8_t, , 0x200000000b1c, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200000000b1c, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200000000b1c, 0, 7, 1); *(uint8_t*)0x200000000b1d = 0x80; *(uint8_t*)0x200000000b1e = 0xb; *(uint8_t*)0x200000000b1f = 8; *(uint8_t*)0x200000000b20 = 2; *(uint8_t*)0x200000000b21 = 0x11; *(uint8_t*)0x200000000b22 = 0; *(uint8_t*)0x200000000b23 = 0; *(uint8_t*)0x200000000b24 = 0; *(uint32_t*)0x200000000b25 = 2; *(uint32_t*)0x200000000b29 = 0x800; *(uint32_t*)0x200000000b2d = 7; memset((void*)0x200000000b31, 255, 6); *(uint32_t*)0x200000000b37 = 0x80000000; *(uint8_t*)0x200000000b3b = 0x83; *(uint8_t*)0x200000000b3c = 0x25; STORE_BY_BITMASK(uint8_t, , 0x200000000b3d, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200000000b3d, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200000000b3d, 0, 7, 1); *(uint8_t*)0x200000000b3e = 4; *(uint8_t*)0x200000000b3f = 5; *(uint8_t*)0x200000000b40 = 8; *(uint8_t*)0x200000000b41 = 2; *(uint8_t*)0x200000000b42 = 0x11; *(uint8_t*)0x200000000b43 = 0; *(uint8_t*)0x200000000b44 = 0; *(uint8_t*)0x200000000b45 = 1; *(uint32_t*)0x200000000b46 = 0x8410; *(uint8_t*)0x200000000b4a = 8; *(uint8_t*)0x200000000b4b = 2; *(uint8_t*)0x200000000b4c = 0x11; *(uint8_t*)0x200000000b4d = 0; *(uint8_t*)0x200000000b4e = 0; *(uint8_t*)0x200000000b4f = 0; *(uint32_t*)0x200000000b50 = 0x40; *(uint32_t*)0x200000000b54 = 0x400; memset((void*)0x200000000b58, 255, 6); *(uint32_t*)0x200000000b5e = 0x7d; *(uint16_t*)0x200000000b64 = 6; *(uint16_t*)0x200000000b66 = 0x36; *(uint16_t*)0x200000000b68 = 9; *(uint64_t*)0x200000000108 = 0x1ac; *(uint64_t*)0x200000000158 = 1; *(uint64_t*)0x200000000160 = 0; *(uint64_t*)0x200000000168 = 0; *(uint32_t*)0x200000000170 = 0x4000000; syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0x200000000140ul, /*f=MSG_ZEROCOPY*/ 0x4000000ul); memcpy((void*)0x200000000000, "/proc/sys/net/ipv4/tcp_wmem\000", 28); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=*/1, /*mode=*/0); if (res != -1) r[28] = res; syscall(__NR_fstat, /*fd=*/r[28], /*statbuf=*/0x200000000040ul); memcpy((void*)0x2000000000c0, "./file0\000", 8); res = syscall(__NR_creat, /*file=*/0x2000000000c0ul, /*mode=S_IXGRP*/ 8ul); if (res != -1) r[29] = res; *(uint64_t*)0x200000000100 = 1; syscall(__NR_fcntl, /*fd=*/r[28], /*cmd=*/0x40cul, /*hint=*/0x200000000100ul); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/9); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/9); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/7); syscall(__NR_ioctl, /*fd=*/r[29], /*cmd=*/0x5451, 0); memcpy((void*)0x200000000140, "./file0\000", 8); *(uint64_t*)0x200000000280 = 0; *(uint64_t*)0x200000000400 = 0; syscall(__NR_execve, /*file=*/0x200000000140ul, /*argv=*/0x200000000280ul, /*envp=*/0x200000000400ul); *(uint64_t*)0x200000000540 = 0x200000000440; *(uint16_t*)0x200000000440 = 0x10; *(uint16_t*)0x200000000442 = 0; *(uint32_t*)0x200000000444 = 0; *(uint32_t*)0x200000000448 = 0x8000000; *(uint32_t*)0x200000000548 = 0xc; *(uint64_t*)0x200000000550 = 0x200000000500; *(uint64_t*)0x200000000500 = 0x200000000480; *(uint32_t*)0x200000000480 = 0x60; *(uint8_t*)0x200000000484 = 1; *(uint8_t*)0x200000000485 = 4; *(uint16_t*)0x200000000486 = 0x301; *(uint32_t*)0x200000000488 = 0; *(uint32_t*)0x20000000048c = 0; *(uint8_t*)0x200000000490 = 5; *(uint8_t*)0x200000000491 = 0; *(uint16_t*)0x200000000492 = htobe16(1); *(uint16_t*)0x200000000494 = 8; STORE_BY_BITMASK(uint16_t, , 0x200000000496, 5, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000497, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000497, 0, 7, 1); *(uint32_t*)0x200000000498 = htobe32(4); *(uint16_t*)0x20000000049c = 0xa; *(uint16_t*)0x20000000049e = 2; *(uint32_t*)0x2000000004a0 = htobe32(0xae); *(uint8_t*)0x2000000004a4 = 0; *(uint8_t*)0x2000000004a5 = 0; *(uint16_t*)0x2000000004a8 = 6; STORE_BY_BITMASK(uint16_t, , 0x2000000004aa, 6, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x2000000004ab, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000000004ab, 0, 7, 1); *(uint16_t*)0x2000000004ac = htobe16(6); *(uint16_t*)0x2000000004b0 = 6; STORE_BY_BITMASK(uint16_t, , 0x2000000004b2, 6, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x2000000004b3, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000000004b3, 0, 7, 1); *(uint16_t*)0x2000000004b4 = htobe16(6); *(uint16_t*)0x2000000004b8 = 0xa; *(uint16_t*)0x2000000004ba = 2; *(uint32_t*)0x2000000004bc = htobe32(0x401); *(uint8_t*)0x2000000004c0 = 1; *(uint8_t*)0x2000000004c1 = 0; *(uint16_t*)0x2000000004c4 = 0xa; *(uint16_t*)0x2000000004c6 = 2; *(uint32_t*)0x2000000004c8 = htobe32(0); *(uint8_t*)0x2000000004cc = 2; *(uint8_t*)0x2000000004cd = 0; *(uint16_t*)0x2000000004d0 = 6; STORE_BY_BITMASK(uint16_t, , 0x2000000004d2, 6, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x2000000004d3, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000000004d3, 0, 7, 1); *(uint16_t*)0x2000000004d4 = htobe16(4); *(uint16_t*)0x2000000004d8 = 5; *(uint16_t*)0x2000000004da = 1; *(uint8_t*)0x2000000004dc = 3; *(uint64_t*)0x200000000508 = 0x60; *(uint64_t*)0x200000000558 = 1; *(uint64_t*)0x200000000560 = 0; *(uint64_t*)0x200000000568 = 0; *(uint32_t*)0x200000000570 = 0x200008c0; syscall(__NR_sendmsg, /*fd=*/r[29], /*msg=*/0x200000000540ul, /*f=MSG_PROBE|MSG_NOSIGNAL|MSG_EOR|MSG_CONFIRM*/ 0x4890ul); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/7); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/5); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route( /*val=*/0xffffff01); memcpy((void*)0x200000000580, "/dev/snd/seq\000", 13); syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000580ul, /*flags=O_TRUNC|O_LARGEFILE|O_CREAT|O_CLOEXEC*/ 0x88240, 0); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/2); syscall(__NR_ftruncate, /*fd=*/r[28], /*len=*/1ul); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/3); memcpy((void*)0x2000000005c0, "net/stat\000", 9); res = -1; res = syz_open_procfs(/*pid=*/0, /*file=*/0x2000000005c0); if (res != -1) r[30] = res; res = syscall(__NR_socketpair, /*domain=AF_KCM*/ 0x29ul, /*type=SOCK_CLOEXEC*/ 0x80000ul, /*proto=*/8, /*fds=*/0x200000000600ul); if (res != -1) { r[31] = *(uint32_t*)0x200000000600; r[32] = *(uint32_t*)0x200000000604; } syscall(__NR_ioctl, /*fd=*/r[32], /*cmd=*/0x8905, /*arg=*/0x200000000640ul); *(uint16_t*)0x200000000680 = 1; memcpy((void*)0x200000000682, "./" "file0\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 108); syscall(__NR_bind, /*fd=*/r[30], /*addr=*/0x200000000680ul, /*addrlen=*/0x6eul); syscall(__NR_ioctl, /*fd=*/r[29], /*cmd=*/0x2401, /*flags=*/7ul); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/1); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route( /*val=*/0x7f2da2e6); *(uint32_t*)0x200000000700 = -1; *(uint32_t*)0x200000000704 = 0; *(uint32_t*)0x200000000708 = 0x3cd; *(uint32_t*)0x20000000070c = 0x69e9; *(uint32_t*)0x200000000710 = 0x200; *(uint32_t*)0x200000000714 = 1; *(uint32_t*)0x200000000718 = 1; *(uint32_t*)0x20000000071c = 6; syscall(__NR_ioctl, /*fd=*/r[30], /*cmd=*/0xc02063a0, /*arg=*/0x200000000700ul); *(uint32_t*)0x200000000740 = r[28]; memcpy( (void*)0x200000000748, "\x12\xfc\x2d\x0e\xff\x30\xc3\xe5\xf4\x05\x31\x15\xfe\xef\xcc\x02\x99\x3b" "\x9f\x38\x5b\xe8\x67\xf5\xa6\x2f\x9f\x2a\x3f\xe9\x62\x4e\x0f\xa8\xd7\x7c" "\xd1\x43\x0e\x48\x4b\x1c\x8b\x8d\x72\x83\xe0\x60\x91\x7e\x13\x67\xd1\xc0" "\x75\x70\xfb\x99\x1a\x91\x2b\x9c\x21\xfa\x8d\xa7\x3b\xdf\xeb\x28\x65\x0e" "\xd4\xba\xa1\x08\xa5\x91\xe9\x60\x7f\xa1\xaf\x81\x6e\xa7\x95\x6d\x74\x4b" "\xfc\xb4\x19\x24\x89\x15\x4b\x45\xfe\x75\x91\xce\xa4\x8d\x70\x2c\xa1\x78" "\x36\x29\x82\x8f\xc6\x1d\xa3\xfe\x69\x3f\xb4\x9d\x3b\xc9\x64\x2f\xbe\x11" "\x62\x28\xd5\x2d\x73\xa4\x0b\xe4\x27\x74\x5c\x8a\x16\xb9\x9b\xfb\x84\xfe" "\xc7\x6a\xa3\xc4\x7a\x2d\xbf\xf4\xfd\xfa\x61\x45\x69\x16\x21\xf0\x85\x3a" "\x15\x53\x0b\x43\xf0\x78\xd0\x87\x5b\x4c\x7e\xf0\x31\x61\x89\x80\x08\x14" "\xf2\x82\x57\xde\x67\x1f\xff\xd7\xe7\x6d\x55\x9a\x59\x01\xd4\x47\x41\x82" "\x38\x0f\x9a\x96\x73\x62\xe8\x80\x64\x24\xbd\x6c\x9a\xaf\x52\x8b\x67\xea" "\x06\x6a\x64\x5d\xf8\x84\xda\x65\xa5\x8a\xcc\x17\x1a\xee\x3a\x46\xa9\xd0" "\x8b\x0a\xc6\x08\xc9\xf5\x08\xba\x9b\x33\x9d\x0d\x2a\x02\x9a\xfb\xc8\x2c" "\x1a\xfc\xba\x37\x8c\xea\x75\xfd\x8c\x86\x0a\x17\xd2\x40\xd9\xda\x43\xcb" "\xb4\xd6\xf0\x03\x45\x30\x3a\x81\xe1\x31\x09\x67\xa1\x18\xc8\x3c\xc5\x0d" "\x4c\x15\x90\xca\x4b\x49\x2c\xee\x25\xbf\xcf\xe0\x0e\x2d\x0e\xb0\x47\xa8" "\x44\xf3\x70\x0c\x22\x9e\x9d\xe6\x46\x3c\x67\x9c\x2b\x59\x25\xa7\x64\x5f" "\xde\x6a\xa7\x61\xc3\x7b\x5a\x75\x09\xe1\x12\xe4\xd4\x48\xda\x54\xf3\xee" "\x08\x96\x45\x25\x47\x82\x98\x33\x73\x20\x62\xa3\xc8\xd5\x2c\x05\xc8\x1a" "\x5e\x0b\x8e\xb4\x0f\xa7\xb0\x83\xe3\xff\x28\x29\xe9\xde\x2d\x44\x02\xa1" "\xc4\xe4\xf6\x42\x74\x27\x8f\xb1\x2a\xbe\x5f\x46\x4d\xee\x3c\xb7\x54\x46" "\x14\x97\xae\xf9\xc6\x1b\x42\x1f\x98\xaf\x74\x07\x79\xbf\x13\x83\x5d\x60" "\x2b\x6c\x83\xdf\x4c\xd6\x37\xe4\x2d\x62\xd1\x19\xcb\x66\x0c\x2b\x37\x9b" "\x19\xa3\x10\x90\x90\xad\xaf\x3c\xdd\x78\x6c\x88\x99\x05\x19\xe7\xb4\xaf" "\xb4\xcc\x47\x2d\x61\x95\x9c\xe7\xad\x28\x29\x40\x2a\x33\x05\x4a\x54\xbe" "\xe0\xc8\x39\xbe\xa9\x45\x9b\xea\xc6\x8d\x1e\x19\xdb\x9d\xda\x49\x6c\x94" "\x60\x0d\xcc\x47\x91\xbd\xd0\x6a\xe8\xa2\xb9\x72\xd5\x6c\x5b\xdb\xbd\x72" "\x92\x58\x7e\x18\x4e\x97\x6a\xde\x0d\xbe\x4f\x91\xc8\x76\x82\xb2\xa5\xdf" "\x95\x7e\xc5\xc8\x2c\x1b\x4f\xbd\x5c\x19\xf5\xaa\x66\xc8\xce\x29\xb8\x7f" "\x4c\xb2\xb4\x96\xdf\x12\x73\x9b\xa2\x2d\x3d\x21\x5c\x13\x7c\xd7\x04\x41" "\xf3\x9a\x2c\xa2\x5d\xae\x2c\x3d\x94\x59\x62\x7f\x91\x76\x2c\x2b\x8f\x25" "\x9a\x36\xe8\xc6\xc1\x1e\x1f\x8a\x67\x26\x73\x77\xee\x9f\x88\x2c\xf3\x17" "\x75\x4c\x87\x3f\x83\x40\x61\xd5\xac\x4d\x21\xa7\x98\x24\xe1\x01\x56\xda" "\x84\xb6\xd3\xfd\x9c\x77\x3a\x45\x71\x65\x36\x0d\x5c\x01\xdc\x23\xbe\x94" "\xfb\x6f\x49\xfe\x36\xcd\x9d\x71\xf5\xbf\x2b\xbb\x7b\xfa\x6c\xf8\x26\x79" "\x61\x8e\x2f\x37\x67\xd7\xa2\x06\xa6\xa3\x18\xfc\x7f\xd4\xb7\x48\x88\x57" "\x49\x80\xe2\x36\x92\x3b\xa0\x01\xfa\x2d\x47\xfe\xbd\x48\xc2\x1b\xc7\xb9" "\x15\x46\xc1\xab\x0e\x32\x61\xbb\x7e\xcd\x51\xa1\xad\xcd\xcd\xe4\x8a\x96" "\x40\x83\xe0\x18\x18\xa2\x5f\x35\x3b\x1f\x68\x7f\xf0\xa2\xb1\x1b\x94\xe0" "\x05\x57\xae\x1e\x0b\xfb\xca\x9d\x5f\x01\x17\x6b\x3a\x8b\x69\x00\x61\x79" "\xee\x5f\xa3\x07\x3c\x96\x48\xbf\xff\x36\xe5\x4b\x8b\xe6\x83\x7f\x62\x54" "\x77\x2b\x89\x5e\x07\x2e\x8c\xfb\xd4\xf1\x5a\x6e\xdd\xce\xc6\xe1\xaf\x4c" "\x54\x8d\xf9\xee\xa5\xfd\x08\x80\xf9\xf4\x5f\x16\xd3\x42\x14\x1f\x55\xea" "\xd2\xa4\xb7\x7c\xec\x1a\x63\x85\x1d\x23\x05\x9e\x9c\x2d\xb9\x01\x5e\x42" "\x8c\xa1\xff\xb1\xd7\x71\x03\x7a\xc1\xc5\x27\x09\x18\x44\x8b\xc0\x71\x74" "\x5b\xde\xa7\x98\x25\xf9\xb9\x77\x9d\x66\x84\x3d\x2a\xed\x89\x58\x7e\xf5" "\x21\x97\xdf\x36\x6a\x85\xd3\xeb\x20\xb9\x86\x2f\x52\x8d\x73\xa8\xd7\x15" "\x17\x68\x15\x02\xd2\x91\x57\x55\x80\x3b\xb0\xef\x18\xd5\x7e\x88\x28\x26" "\x32\x90\x5b\x66\xe8\xdc\x64\x3d\x8f\x03\x81\x36\x72\x82\x22\xec\xcb\x27" "\x6d\xea\x82\x21\x2e\x19\xde\x44\xfb\xac\x21\x3d\x68\x70\xae\xec\x07\x8f" "\x96\xc3\x60\xa7\xca\x96\xd3\x93\x31\xc8\xae\x0a\x02\xf7\x66\x27\x36\x7a" "\xc3\xe2\xcc\x52\x61\xf5\x1b\x66\x83\x7a\x56\xee\x1c\x50\x94\x03\x6e\x09" "\x9d\x60\xed\x88\x67\x23\x4f\xd6\x07\x8d\xc1\x47\xe7\xb0\xad\x3c\x82\xdc" "\x8c\x3a\x19\x24\x82\x09\x41\x02\x80\x8c\x79\x3d\xc0\x2d\x63\xe6\xe4\x26" "\x43\x24\x91\x30\x16\x0d\x64\x58\xe9\x07\x54\xb4\x47\x2b\x03\xe8\x84\x2f" "\x1b\xa3\x98\x87\x0e\x17\x0f\xb6\x55\x5c\x43\x5d\x96\x11\xb8\x0e\xc5\xcf" "\x55\x99\x39\xa4\x8d\x5a\x77\xd2\x94\x99\x26\x0c\x8c\x74\x12\xed\x5f\x57" "\x8e\x5e\x88\x31\x05\x65\x77\x3f\x02\x22\x68\xad\xa3\x13\xe2\x1a\x6f\x75" "\xb5\xf1\xd2\x7f\xcd\xe0\xbd\x17\x4e\x68\xd0\x71\xe2\xe5\x66\xd5\xec\x62" "\x47\xfa\x2c\x53\x2e\x1e\xca\xb3\x0f\xdd\xc3\x2d\x5a\x87\x17\xe5\x8b\x1d" "\x7e\x41\xde\x44\x81\x60\x0a\xfa\x65\x15\x53\x5a\xd8\x17\x96\xa8\x06\xd8" "\xef\xe9\xd3\x2f\x56\x2e\xc8\x32\xfc\x56\x9e\xc6\x99\x1b\xae\x17\x56\x9f" "\xc3\x26\xd2\x73\x81\x0a\xac\x39\x5a\x25\x7f\x39\xbb\xfd\xa1\xcd\x6c\x5d" "\x9a\x9b\xc2\xd4\xbd\x99\x88\x44\xf0\xe0\x14\x93\x44\x74\xd1\x9f\x24\x80" "\x9b\xf7\x65\x01\x43\xe4\xa0\xc0\x8f\x0b\x70\x8a\xd1\xbc\x74\x50\x36\x70" "\x0a\x26\x1a\xfe\xea\xd3\x1e\xb8\x36\x5c\xc0\x24\xe0\x23\x56\x8a\x37\xea" "\x68\x97\x50\x6f\x30\xee\xfa\xf9\x19\xfd\x68\xda\x54\xdb\xa5\xef\x4d\x30" "\x7a\xa8\x4f\x0f\xc6\x23\x95\xc3\x24\x2b\xfa\xc5\x21\xbd\xb6\x31\xaf\xe3" "\x0a\x1f\x4e\x81\xfa\x45\xdf\xfe\x03\xae\xfa\xa6\x06\xdb\xcb\xef\x65\xcb" "\xbe\x87\x2d\xe9\xc8\xaa\x2c\x96\xe2\x1c\xa1\x72\x5e\x9e\x34\x2a\x62\x96" "\x24\x25\x31\x16\xd1\xe0\x85\xcc\x60\xd1\xd1\x1d\x16\x58\xa3\x57\xbd\xc6" "\x40\x27\x8b\xd4\x66\x8b\x46\x3b\x28\x44\xb6\x1f\x2f\x67\x8f\x6d\x8c\x2b" "\x8f\xbe\x8c\xc9\x7e\xf1\xb0\xf5\x08\x28\x5a\x96\x02\x6d\x05\x52\x32\xed" "\x15\x39\x12\x14\xf2\xe9\xeb\x07\x6c\x26\x17\xaf\xe1\xbe\xd0\x86\xed\xa2" "\x6c\x34\x22\x46\x30\x12\x9f\xb9\x04\x4d\x32\x72\x32\x3b\x59\xe3\xe6\x1e" "\x13\x17\x19\x52\x33\x39\xb3\x5e\x2e\xd1\xdc\x15\x61\xa8\xe7\xd2\x05\x3c" "\xa5\x0e\x59\xe9\xdd\x32\x45\x29\x71\xdc\x52\x51\x41\x70\x6b\x50\x98\x9b" "\x32\xb9\x24\xe0\x49\xd7\x11\x1e\x38\x65\x3a\xb9\x67\x0b\xda\xbb\xaf\x79" "\x3e\x6f\xd7\x5c\x60\xe9\xde\xd5\xdd\x14\x05\x62\x55\x70\x72\xeb\x0c\xf6" "\x98\xde\xf7\x39\x5e\xe9\x3f\x6e\xd2\x2a\x18\x0e\x01\x92\x22\xb1\xf3\xde" "\xd6\x0a\x5c\x2b\xe0\xa0\x2e\x3c\x61\x91\x61\x0d\x71\xd7\x8c\xf5\x25\x28" "\x1b\x8e\x3f\xe9\xd3\x01\x5f\x49\xc4\x78\x82\x41\x23\x9a\x6b\xb0\x41\x8d" "\xcc\xb2\x6e\x0a\xab\xd0\x45\x38\xa5\xb7\xb0\xf0\x53\x67\xaf\xa4\xde\xe5" "\x4b\x8e\x28\x05\xcc\x70\xbe\x63\xb5\x8e\xea\x0b\x3d\x91\x6a\x66\x83\x96" "\x86\x38\x5f\xef\x50\xdb\xf4\xca\xa1\x93\xbe\x18\x96\x64\x55\x2b\xf0\x95" "\x1f\x7e\xfc\xa8\xa0\x88\x05\xed\x30\x1a\xd0\xce\xda\x6e\x7e\x03\xe1\x0b" "\x7b\x0c\x9d\x47\xb5\x4c\x1b\x4e\x3b\xf3\x78\xaa\x21\x42\x5a\x49\x8b\x12" "\x76\xce\x2d\x0f\x4b\x06\x07\x3e\x1f\x14\xdc\xed\x4f\x9e\xbb\x93\x9d\x1b" "\x5f\x96\x46\xff\x41\x67\xc8\x3a\x15\xef\xf0\xf1\x56\x33\x52\x7a\x46\xdf" "\x9e\xfc\x58\xc1\x91\x65\xa3\xc7\x23\x57\xc8\xca\x1d\x88\x0b\x6b\xdf\xe7" "\x3d\x5d\xf0\xa7\xb1\x3f\x5e\xc0\xae\xc5\x4b\x8d\x28\x6a\x74\xea\xd9\xed" "\x38\x7d\x7b\xa7\x31\xc1\x96\x81\x46\x27\x44\xe0\x52\x07\x42\x13\xf0\x39" "\x30\x56\xb2\x80\x21\xf4\x52\x2c\xbc\x77\xf4\x25\xc8\x81\xb3\x94\x5f\x08" "\xd9\x7a\x2c\x4e\x4d\x9b\x8a\xba\x71\xf5\xba\x68\x32\x84\xa4\x34\xb5\xf3" "\x4b\x17\xf1\xfe\xf3\x4b\x93\x37\x00\xd6\x17\xd8\x02\x08\xf7\xd5\xc1\x79" "\xe0\xbb\x10\xd2\x61\xfb\xf1\x79\xbb\xdc\x54\xb7\x30\x24\x33\x43\x4b\x0e" "\x00\xd2\x62\x76\xb3\xbf\x22\x8e\xfe\x00\x16\x30\xd5\x1c\xdd\xe6\x6f\x28" "\x4a\xc9\xd2\xbd\x93\x83\x9e\xf0\x45\x16\xd8\xca\x38\x4b\xe7\xb9\x69\xf3" "\x89\x7f\xa5\xda\x9a\x99\x90\x9e\x2c\x33\xb3\xec\xff\xf4\x32\x57\x8f\x54" "\x3a\xa2\x4f\xbc\x94\x1f\x14\x30\xfe\x4b\x55\xd9\x7d\x26\xb0\xe6\xd4\x85" "\x19\xea\x8f\x39\x7b\x65\x82\xf5\x63\xaa\xdd\x7e\x4b\x4b\x77\x29\x7e\x44" "\x26\x77\xce\x9f\x38\x97\x0d\xd7\x0a\xd1\x80\xeb\xd7\x82\xca\x6f\xc4\x54" "\x8e\x6b\x11\x7a\x7c\x28\xb6\x52\xe1\xd2\x2e\x84\xe0\x9a\x74\x7c\x88\x83" "\x3d\xca\xb2\x42\xb2\xe7\x72\xa0\x05\xfc\x64\x77\x85\x14\x16\x88\x4a\x24" "\x5a\xcc\xac\xfe\xce\x29\xde\xa7\xbe\x47\x1f\xe0\x1d\x09\xf1\xa9\x5c\x72" "\xf6\x25\x22\x65\xa2\xa7\xc6\xe1\xa6\xee\x2d\x3b\xf0\xdb\x4c\xb4\x34\xf2" "\xdb\x8a\xe2\x40\xa6\xd5\x3e\x33\x2f\x9b\xd3\x78\x15\x5a\x19\x65\x1b\x35" "\xfc\xdc\x40\x9d\x7c\xca\x30\x03\xb3\x23\xb3\xaa\x1a\x60\x59\xea\xc7\xe3" "\xa6\xfe\xc2\xde\xc8\x5e\xc0\x7f\xd6\xe3\x9e\x57\x13\xcd\x80\x4b\xd6\xd7" "\x6d\x69\x51\x7a\xe9\xcd\x13\x55\xf3\x7b\x09\x06\x12\xbd\xe7\x5c\xf1\xd4" "\x08\x06\xa3\x51\x97\x63\x23\xa2\x6c\x5d\xc9\x54\x77\x86\x70\x55\x05\x7d" "\x1a\x5d\x2c\x39\x37\x9c\x2f\x1b\xcb\xfc\x49\xae\x79\x55\xa0\xad\x79\x3e" "\xd0\x4d\xfe\x27\xdd\xd8\x1f\xe8\xf4\x10\xdc\x52\x0d\x70\xa8\x2f\x84\x46" "\xa2\xa8\x61\x5b\xa9\xbd\xe9\x9b\x2b\xb2\x4f\x20\x11\x8a\xf7\x5b\x1f\x12" "\xf7\xbd\x91\x9c\x34\xb0\xc9\x06\xf7\xa0\x25\x24\x73\x71\x67\xbd\x0f\x83" "\xe7\x33\xcf\xdd\x63\x11\x7a\x9f\xff\xed\xa5\xa4\x38\xa9\x30\xb9\x56\x23" "\xfa\xc4\x7d\xcc\x2f\x7e\x8f\x8b\xff\xbc\x7b\xe8\xb6\xcb\x7a\x00\x87\x97" "\xdf\x83\xb7\x44\xf9\xfc\x85\xb9\xb9\x21\xb8\x65\x69\xb5\xbd\x40\x8a\xc4" "\x58\x7c\x4e\xdf\x5d\x70\x5a\x49\x4c\xc7\xcb\xf6\x92\x83\xf6\x82\xbc\xb6" "\x10\x4f\x11\x8b\xe6\x7c\xcd\xa8\x98\x5c\xaa\x9f\x52\x9a\xed\xba\x50\xa7" "\xf6\x78\xc0\x32\x19\x9b\x0f\xc3\xea\x21\x2a\x31\x01\xa3\x09\x1e\xea\x97" "\xbb\x3b\x31\xfa\x9f\xbe\x2d\xf5\x74\xfa\xc6\xcd\xb7\x32\x0f\x5b\x59\x5b" "\xcc\xe4\x6f\x12\xcb\x31\x8e\xd3\xfd\x82\x7d\xfa\x02\x51\xa6\x72\x21\xeb" "\x4f\x6b\xab\xca\x56\x8a\xa8\xe6\xe6\xcc\xea\xb5\xca\xdb\xb5\x04\x75\x32" "\x8a\x34\x97\x1c\x2e\x9d\x07\x11\x37\x88\x3f\xcd\x68\x42\x83\x8d\x64\x18" "\x1d\x87\x55\x4e\x2e\xe7\x31\xe9\x6a\x66\xb6\x5c\x96\xfa\xaa\x2a\x06\x92" "\x4a\x58\xaa\xd7\xd5\x21\x5e\x00\x1d\xe3\xb0\x2a\x05\x22\x28\xa6\xa4\xed" "\x49\x03\xf8\x41\x42\xb9\x90\x0f\x5c\xc3\x1c\xa9\x04\x27\x6a\xfe\x6f\x9b" "\x7b\x18\x7d\xa3\x7f\x79\x34\xac\xc5\xe0\x70\xed\x2c\x2f\xdb\x21\x5c\x58" "\x56\x11\x8b\xb3\x9a\xe5\x53\x65\xd5\xfd\x49\x43\xaf\x26\xf6\xd6\xe7\x1b" "\x7c\x31\x11\xe6\x34\xe5\x0e\x38\x2e\x58\x85\x6f\x16\xef\x6e\x0a\x66\xc4" "\x3c\xf4\x13\x40\xda\x55\x96\x67\xca\x77\x45\x68\xaf\x04\x68\x5c\xa6\x14" "\x99\x18\x35\x0c\xb6\x6b\x30\xf8\xf1\xb7\x11\x49\x76\xf3\x07\xb9\x72\x52" "\x60\x9e\xf5\x57\xc7\xa3\xb8\xda\x97\x0b\x30\x20\x4d\xe5\xe1\x21\xbc\x71" "\xe7\x3f\xab\x73\xf9\xee\x0a\x31\xc7\x44\xd2\x16\xa1\xd1\x16\x21\x39\x25" "\x52\x5e\x7e\x00\x49\x41\x1e\xf0\x1d\xda\x32\xaf\x76\xb9\x9d\x12\x1d\x85" "\x46\xa1\xe9\x9d\x0e\x60\x7f\x7f\x59\xa2\x72\xfc\x7d\x04\x97\x6a\x75\xc2" "\x43\xcc\xfb\xd2\xe1\xd3\x8a\x51\x45\xa4\x5c\x48\xa7\xd8\xc6\xae\x50\x75" "\x9b\x00\x92\x0d\xb2\xca\xab\x73\x94\x9a\x8f\x43\x3e\xe0\xdb\xed\x41\x57" "\xac\x3c\x13\x30\x23\xc4\x57\x1f\x78\x53\xc6\x6c\x7b\x1b\x57\x4b\x83\x29" "\x63\xa3\x4c\x4d\x23\x28\xc7\x44\x41\x4b\x4e\x86\x9b\xb3\x39\xd7\x97\x27" "\xf4\x36\x95\xfe\x7b\x5d\x81\xef\x81\xb8\xea\xe5\xc6\x56\x29\xc7\x00\xf0" "\x04\x64\x6c\x1f\xe6\x97\x99\x56\x87\x10\x5a\x32\x9b\x8a\x12\x55\xa1\x53" "\xcb\x83\xf1\x6f\x94\x87\xa9\x91\x36\x1c\x09\xb6\xb4\x78\xf4\xcf\x80\x73" "\x85\x80\xfb\xc2\x6f\x55\x08\x12\x6b\xc4\xba\xdb\x7a\x63\xa0\xdc\x5f\x2e" "\x72\x16\x37\x47\x2e\x5b\x94\xae\x3b\xae\xe6\xa7\x96\x55\xbc\x15\x17\x4b" "\xe3\x86\xac\x30\x05\xef\x92\xe8\xc6\x3f\x96\x4e\xbd\xe7\x11\x11\x60\x12" "\x1a\x8f\xaf\xc5\xcb\x84\x2c\xc7\xf5\x27\x54\x11\xc9\x09\x07\x07\x90\x3b" "\x6a\x3b\x58\x57\x3f\x1b\x7b\x3b\x14\x20\x98\xa6\x8e\x18\x54\x1c\xc3\x44" "\x33\x37\x11\xe7\x2d\x51\x18\x32\x98\x3b\xea\x1d\x68\xcd\xda\x1e\x9e\x45" "\xa0\xc9\xb1\x51\x1a\xfa\xe9\x00\x0c\x98\xf0\xa5\x71\x12\x32\x2d\xfe\x96" "\x0e\xa3\x3f\x00\xc2\xa2\x02\x78\x15\x3c\xbf\xe4\x67\xca\x79\xcc\xe4\xf4" "\xdb\xcf\x0c\x8f\x93\xc7\xc8\x73\x57\x80\xd3\x02\x5b\x6c\x97\xb8\x63\xac" "\x2b\x1d\x1d\x33\x5d\x3d\xad\x05\x64\x98\x2e\xe4\x41\x85\xbb\xff\x13\xf4" "\x88\x51\x1a\x97\x5d\x3e\x62\x24\x68\x60\x3e\x62\xeb\x81\xa7\xac\x16\xf6" "\x0a\xb0\x1f\xd7\x9d\x13\x1a\xda\x5b\xd7\x9f\x9b\xa6\x1b\x6a\x0a\xc5\x05" "\x08\x25\xfa\xf2\xb9\x13\xf8\x7d\xae\x28\x61\xa2\xa3\x3a\x50\x72\x20\x7f" "\x52\xa9\xd7\xeb\x31\x56\xd5\xb1\x72\x4e\x5b\xfc\x43\xe5\x67\x32\xa6\x41" "\xf2\xa9\x64\x03\x0b\x30\x3c\xfd\xca\x2d\x1f\x9b\x34\x27\x3e\x0a\xc7\x23" "\xb6\xb2\x5d\xef\xe6\xb1\x1f\x05\x50\xb2\x3d\x72\x57\x05\x33\x24\x3b\x75" "\xfd\xbd\x2e\x90\xf9\xe7\x71\x33\x7d\xbd\x54\xdf\x9c\x2f\xaa\x8f\x97\xff" "\xce\xa7\x5b\x3f\x49\xc9\xda\x09\x17\xfc\xe6\x35\xdb\x12\x67\x3b\x8b\x90" "\x8a\x94\xbf\xe0\x6f\x20\xb2\xf7\xb4\x08\xe9\x52\x80\xab\x22\x55\xbd\xa2" "\xec\xe3\xa0\x3f\x39\xa1\x9a\xef\x41\x72\x11\xfc\x3c\x14\xd8\xa0\xfe\x88" "\x02\xd2\x7d\x61\x90\x96\x56\x43\x41\x86\x3c\xfe\xff\x27\x12\x7c\x0d\xb5" "\x73\x35\xac\x6a\x41\xf6\xba\xca\xfe\x51\x5c\xb3\xac\x8a\xbd\xa6\x1f\xe9" "\x99\x2e\x8f\x00\x5a\x51\x49\x38\x96\x09\x31\x87\x8e\x1f\x82\x5c\x21\x41" "\x6f\x9d\xcf\x72\xdb\x3c\xb0\xe0\xad\xaa\x95\x14\xf2\xbb\x42\x06\xe0\x91" "\xa7\x6d\xde\xf2\x62\xf0\x4a\xfe\x0f\xc3\x26\x9e\xbe\x81\x43\xc0\x86\x04" "\x40\x31\xe4\xa6\x2b\x4d\x46\xd3\xf8\xff\x36\x85\xe6\x85\x04\xd4\x1e\xb6" "\x0d\x95\x76\x63\x53\x91\xd4\x1b\x17\xb1\x44\xd0\x9a\xe3\x67\xa2\xee\x4c" "\xde\x4f\x56\x4e\xca\x57\x3b\x61\xeb\xbe\x2c\xff\x9d\xfd\xa3\x35\x47\x03" "\x3c\xcc\xf2\xe6\x43\x66\x2e\x70\x37\xb0\x9f\xb3\xa6\x07\x39\x56\x15\x8a" "\xf7\xfd\x61\x6a\xfd\x2b\x6f\x86\x4b\x94\x48\x4d\x56\x82\x3e\x80\x74\x61" "\x33\x8f\x67\xf8\xfd\xab\x75\x82\x64\x59\xdc\xe8\xd9\x31\xa9\xed\x03\xae" "\x81\xbd\x65\x7f\x76\x19\x75\xc0\x3e\x9a\xfb\x7e\xae\x59\x44\x08\x4f\x91" "\x26\x31\x55\x56\xb8\xb6\x72\xe5\x53\xed\x5f\xb9\x50\xb2\xb9\xcc\x81\xfb" "\xc3\x34\x22\xc1\xb0\xc8\x96\x24\x99\xa7\xc6\x35\x7b\x6e\xd2\x7b\x6e\x91" "\xab\xc5\xb4\x58\xa8\x5b\x1b\xb3\x05\x3b\xcc\xa1\xa1\x84\x13\x73\x5b\x06" "\xfb\x93\x36\x3d\x81\x63\x09\x26\xec\x13\x58\x58\xd2\x20\x84\xab\x58\x18" "\x6c\xa0\x9d\x39\x74\x43\xb9\xff\xde\xcb\xdc\x5f\x63\x77\x42\x5c\x50\x88" "\x2b\x4c\xb1\x8f\x56\xe4\x11\x24\x5a\x51\x3f\x26\x44\x9b\xc3\xe6\x77\xc2" "\x77\x9d\x7d\x84\xbd\x68\x18\x69\x54\x05\xfc\x70\xee\xc9\x4c\x03\xa2\x6f" "\x58\xf8\xc3\x3f\xa8\xc9\x10\xca\xbd\x24\x1c\xad\x08\xc7\x67\x6f\xd2\x5d" "\xba\x6f\x05\x4d\xc9\xd5\x4c\x9c\x60\x79\x01\xf6\x96\x45\x29\x26\x85\xc6" "\x77\x21\x2e\x23\xd1\x35\x48\xba\x5c\x4e\xe7\xfc\xa6\x1f\xa0\xa6\x73\xfb" "\x69\xb7\xc0\x36\xcf\x2a\x51\x25\xc3\xd2\x19\x4e\x6b\x57\x1c\xbb\x31\x00" "\x73\xf4\x08\xa1\x64\x21\xcb\x85\xec\xe9\x6f\x4b\xa4\x28\x04\xc0\x9f\x96" "\x95\x78\xaf\x5f\x5e\xa0\xcd\xe8\xac\x17\x33\x61\x8a\x52\xfd\x76\x5a\xdc" "\x93\x8f\x3c\x8e\x66\x07\x93\xa4\xc7\xe0\x8d\x29\x5e\xe5\x0d\xd4\x24\x63" "\x00\xfc\x2c\x30\xe6\xc7\x21\x19\x53\xc6\x33\x5e\x1a\x4e\x28\x85\x44\x75" "\x5f\x25\x43\x98\x80\xb0\x53\xfb\x9b\xda\x17\xfa\x2f\x52\x62\xb4\xb5\xc4" "\xfd\xbe\xf8\x8d\x62\x41\x5c\xe5\xef\xd5\x2f\x61\xca\x7c\xe7\xd8\x5e\xb9" "\x2c\x8e\x97\xfb\x78\xf1\xca\xff\x60\x4f\xd8\x40\xb1\xca\x5f\xcf\x14\x0d" "\x5b\xcd\x39\x79\x51\x8b\x1d\x1d\x93\xb4\xb5\x84\x12\x27\x00\x2e\x5f\xce" "\x75\x32\x22\x83\x9d\x84\x6f\x4f\x55\x20\x3a\x69\x5c\x67\xf3\x22\x57\xb2" "\x7d\x02\x80\xdf\x54\x9a\xe1\xd6\x8f\x34\x7a\x17\xf3\x2c\x0a\xe5\xdb\xfc" "\x87\x11\xb2\xb9\x0f\x8e\x80\xfa\x7c\xf1\x09\x53\x8d\xff\x43\x6b\x2a\xdc" "\x99\xf9\xb3\x99\x7f\x00\x3e\xa7\xf1\x23\x46\xcb\xd9\x90\xe3\xb5\x31\xa9" "\x66\x8d\x28\xb8\xc0\x62\x00\x76\x5f\x09\x43\x7f\x63\x9b\x25\x26\x45\x83" "\x77\xcf\xff\x0d\x2a\x5f\xab\x60\x55\xcb\x17\x7e\x8f\x56\x99\x76\x92\x7b" "\xe3\x24\xdb\x16\x61\x55\x4b\xc1\xe5\x93\x2c\xa4\x64\xc1\xbc\x4a\x4a\x7e" "\xac\x7b\xfe\x82\xb8\x2f\x3f\x23\xa2\x0e\x45\x72\xee\xb0\x7c\x89\xce\x30" "\x0d\xe5\x6a\x8d\x77\xe5\xe5\x44\x25\xd1\xbd\xcb\xcd\x40\xf7\x01\xb6\x51" "\x08\x2f\xf7\xab\x40\x80\x5f\x01\xea\xfb\x46\xb5\x2c\x6c\x78\xb5\x33\xd8" "\x2b\x5f\xc4\xeb\xbb\x58\x2f\x83\xc5\xc4\x4f\x9a\xc9\x6f\x2b\x0c\x34\x6b" "\xec\x73\xe6\x97\xd5\xe3\x4c\x26\xb8\x8c\x52\xb1\x64\x0f\xf8\x91\xbc\x5f" "\xdf\x24\x4b\x48\x52\x40\xda\xb9\xc3\x9a\x66\x63\x36\x62\xf0\x31\x74\xe5" "\x84\xd4\x3b\x91\xe7\x74\xe3\x51\x23\x74\xec\x64\xfe\x5a\xfe\x16\x49\xd5" "\xe9\x89\xcd\x99\x68\x35\xf8\xff\xe4\x62\x25\xe3\x45\xdc\xb5\x68\x7e\xb9" "\xe4\xd1\xb3\xc8\x20\x81\x3c\xed\x36\x28\x1c\xd7\x1c\xfd\x9e\x7e\x28\xa4" "\xeb\xee\xd7\x16\xaa\x46\x15\xd0\x09\xb4\x52\xfe\xc6\x25\xdd\xa8\x84\xb2" "\x40\xf7\xb0\x8d\x4d\x7e\x5a\xb1\x13\x93\x6d\xd8\xf7\x05\xe7\xc4\x3d\xc4" "\xcf\x33\x03\x86\x0c\x0c\xf2\x51\x20\xc3\x53\x49\x3b\xb2\x6b\x77\xc9\x57" "\xf8\xeb\xa8\x44\x58\x04\x18\x24\xd9\x43\xd2\xaf\x92\x6f\xcc\x14\x2a\x7b" "\x0a\x57\xa8\xd1\x20\x3e\x33\x6f\xfb\x6f\x46\xcc\x8d\x8f\x1b\x0c\xdb\x57" "\xde\xab\xe5\x38\x29\xd8\x87\x4f\x1e\x97\xc4\x88\x03\x84\x9c\x28\x01\x64" "\x13\x5b\x49\x6a\xa0\x1b\x30\xc0\xf6\xa7\x92\x75\x6c\xff\xe1\xf4\xfd\x46" "\x5f\x1a\xcd\x6e\x5f\x6c\x83\x0d\x2b\x0e\x6a\xab\x98\x34\xed\xfb\x63\xc9" "\x36\xfe\x0c\x64\x7d\xde\xa7\xe7\xa0\xff\xa7\x5e\xf7\xb0\x6d\xec\xa2\x48" "\xdf\x85\xfd\xef\x32\xde\x3a\x26\xb0\x4c\x3f\xf6\xc5\xc2\x8f\xd1\x10\x90" "\x2e\x00\xf1\xd9\x5c\x55\xe2\x7a\x0b\x51\xe6\x57\x23\xe7\x29\x13\x6f\x56" "\x31\x8a\x48\x8c\x3b\x7e\xaa\xdc\x93\xd8\x2f\x1e\x77\xfa\xf2\x72\xf1\x57" "\x38\x08\x8a\x4c\xb4\xc8\xba\x45\x59\xf1\x26\x48\xd7\xed\x60\x2a\x8b\xe4" "\xde\x6a\xee\x3c\x4f\x01\xf8\x82\x83\x20\x85\x29\xd8\x85\x08\x89\x75\x36" "\x19\xd1\xb5\x80\xab\xcb\xc3\x4f\xd3\x9f\xa2\xeb\xed\x19\x95\x15\x8a\x00" "\xbf\x84", 4088); syscall(__NR_ioctl, /*fd=*/r[31], /*cmd=*/0x5000940a, /*arg=*/0x200000000740ul); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/3); *(uint64_t*)0x2000000018c0 = 0x200000001740; *(uint16_t*)0x200000001740 = 0x10; *(uint16_t*)0x200000001742 = 0; *(uint32_t*)0x200000001744 = 0; *(uint32_t*)0x200000001748 = 0x2000000; *(uint32_t*)0x2000000018c8 = 0xc; *(uint64_t*)0x2000000018d0 = 0x200000001880; *(uint64_t*)0x200000001880 = 0x200000001780; *(uint32_t*)0x200000001780 = 0xd4; *(uint16_t*)0x200000001784 = 0; *(uint16_t*)0x200000001786 = 2; *(uint32_t*)0x200000001788 = 0x70bd28; *(uint32_t*)0x20000000178c = 0x25dfdbfd; *(uint8_t*)0x200000001790 = 0xf; *(uint8_t*)0x200000001791 = 0; *(uint16_t*)0x200000001792 = 0; *(uint16_t*)0x200000001794 = 0xe; *(uint16_t*)0x200000001796 = 1; memcpy((void*)0x200000001798, "netdevsim\000", 10); *(uint16_t*)0x2000000017a4 = 0xf; *(uint16_t*)0x2000000017a6 = 2; memcpy((void*)0x2000000017a8, "netdevsim", 9); *(uint8_t*)0x2000000017b1 = 0x30; *(uint8_t*)0x2000000017b2 = 0; *(uint16_t*)0x2000000017b4 = 8; *(uint16_t*)0x2000000017b6 = 0xb; *(uint32_t*)0x2000000017b8 = 1; *(uint16_t*)0x2000000017bc = 6; *(uint16_t*)0x2000000017be = 0x11; *(uint16_t*)0x2000000017c0 = 7; *(uint16_t*)0x2000000017c4 = 0xe; *(uint16_t*)0x2000000017c6 = 1; memcpy((void*)0x2000000017c8, "netdevsim\000", 10); *(uint16_t*)0x2000000017d4 = 0xf; *(uint16_t*)0x2000000017d6 = 2; memcpy((void*)0x2000000017d8, "netdevsim", 9); *(uint8_t*)0x2000000017e1 = 0x30; *(uint8_t*)0x2000000017e2 = 0; *(uint16_t*)0x2000000017e4 = 8; *(uint16_t*)0x2000000017e6 = 0xb; *(uint32_t*)0x2000000017e8 = 0; *(uint16_t*)0x2000000017ec = 6; *(uint16_t*)0x2000000017ee = 0x11; *(uint16_t*)0x2000000017f0 = 3; *(uint16_t*)0x2000000017f4 = 0xe; *(uint16_t*)0x2000000017f6 = 1; memcpy((void*)0x2000000017f8, "netdevsim\000", 10); *(uint16_t*)0x200000001804 = 0xf; *(uint16_t*)0x200000001806 = 2; memcpy((void*)0x200000001808, "netdevsim", 9); *(uint8_t*)0x200000001811 = 0x30; *(uint8_t*)0x200000001812 = 0; *(uint16_t*)0x200000001814 = 8; *(uint16_t*)0x200000001816 = 0xb; *(uint32_t*)0x200000001818 = 4; *(uint16_t*)0x20000000181c = 6; *(uint16_t*)0x20000000181e = 0x11; *(uint16_t*)0x200000001820 = 0xdb81; *(uint16_t*)0x200000001824 = 0xe; *(uint16_t*)0x200000001826 = 1; memcpy((void*)0x200000001828, "netdevsim\000", 10); *(uint16_t*)0x200000001834 = 0xf; *(uint16_t*)0x200000001836 = 2; memcpy((void*)0x200000001838, "netdevsim", 9); *(uint8_t*)0x200000001841 = 0x30; *(uint8_t*)0x200000001842 = 0; *(uint16_t*)0x200000001844 = 8; *(uint16_t*)0x200000001846 = 0xb; *(uint32_t*)0x200000001848 = 3; *(uint16_t*)0x20000000184c = 6; *(uint16_t*)0x20000000184e = 0x11; *(uint16_t*)0x200000001850 = 0x14; *(uint64_t*)0x200000001888 = 0xd4; *(uint64_t*)0x2000000018d8 = 1; *(uint64_t*)0x2000000018e0 = 0; *(uint64_t*)0x2000000018e8 = 0; *(uint32_t*)0x2000000018f0 = 0x48004; syscall(__NR_sendmsg, /*fd=*/r[30], /*msg=*/0x2000000018c0ul, /*f=MSG_DONTWAIT*/ 0x40ul); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/9); syz_sysconfig_set__proc_sys_net_ipv6_conf_sit0_accept_source_route(/*val=*/3); syscall( __NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xff5000ul, /*prot=*/0ul, /*flags=MAP_POPULATE|MAP_NORESERVE|MAP_NONBLOCK|MAP_HUGETLB|MAP_FIXED|0x2000000000821*/ 0x200000005c831ul, /*fd=*/-1, /*offset=*/0ul); memcpy((void*)0x2000000001c0, "mounts\000", 7); res = -1; res = syz_open_procfs(/*pid=*/0, /*file=*/0x2000000001c0); if (res != -1) r[33] = res; memcpy((void*)0x200000002b80, "\276\375\031m\373\020\323\316`\261\325-g\245\354v\225\305:O`" "\231\227\233_\037S\341\266\341*" "\267\337\322E\347\\\301\360\225\217W\2229L\321\222=" "o\315\2239\202K\203\335\256\367\242\302\306\230\305\330\251\245|(" "M\2316\241\314\223$\275\3775AwUB\302)\265\356$" "\345\223\016T\231\273\225\336\031\n,\361\236f\256\2531@" "d\350\033h\201h1\033#k6", 116); syscall(__NR_memfd_create, /*name=*/0x200000002b80ul, /*flags=MFD_HUGETLB|MFD_CLOEXEC*/ 5ul); res = -1; res = syz_open_dev(/*dev=*/0xc, /*major=*/4, /*minor=*/1); if (res != -1) r[34] = res; memcpy((void*)0x200000000100, "#! ", 3); memcpy((void*)0x200000000103, "./file0", 7); *(uint8_t*)0x20000000010a = 0xa; memcpy((void*)0x20000000010b, "\xb3\x29\x0d", 3); syscall(__NR_write, /*fd=*/r[34], /*data=*/0x200000000100ul, /*len=*/0xeul); for (int i = 0; i < 64; i++) { syscall(__NR_write, /*fd=*/r[34], /*data=*/0x200000000100ul, /*len=*/0xeul); } *(uint16_t*)0x200000000080 = 4; *(uint64_t*)0x200000000088 = 0x200000000040; *(uint16_t*)0x200000000040 = 1; *(uint8_t*)0x200000000042 = 0xf7; *(uint8_t*)0x200000000043 = 6; *(uint32_t*)0x200000000044 = 9; *(uint16_t*)0x200000000048 = 0x800; *(uint8_t*)0x20000000004a = 7; *(uint8_t*)0x20000000004b = 8; *(uint32_t*)0x20000000004c = 2; *(uint16_t*)0x200000000050 = 0xc2; *(uint8_t*)0x200000000052 = 3; *(uint8_t*)0x200000000053 = 0x40; *(uint32_t*)0x200000000054 = 8; *(uint16_t*)0x200000000058 = 0xdf1; *(uint8_t*)0x20000000005a = 0x40; *(uint8_t*)0x20000000005b = 3; *(uint32_t*)0x20000000005c = 0x3721; res = syscall(__NR_seccomp, /*op=*/1ul, /*flags=SECCOMP_FILTER_FLAG_NEW_LISTENER*/ 8ul, /*arg=*/0x200000000080ul); for (int i = 0; i < 64; i++) { syscall(__NR_seccomp, /*op=*/1ul, /*flags=SECCOMP_FILTER_FLAG_NEW_LISTENER*/ 8ul, /*arg=*/0x200000000080ul); } if (res != -1) r[35] = res; syscall(__NR_dup3, /*oldfd=*/r[35], /*newfd=*/r[33], /*flags=*/0ul); for (int i = 0; i < 64; i++) { syscall(__NR_dup3, /*oldfd=*/r[35], /*newfd=*/r[33], /*flags=*/0ul); } syscall(__NR_sendfile, /*fdout=*/r[35], /*fdin=*/r[35], /*off=*/0ul, /*count=*/0x100000002ul); for (int i = 0; i < 64; i++) { syscall(__NR_sendfile, /*fdout=*/r[35], /*fdin=*/r[35], /*off=*/0ul, /*count=*/0x100000002ul); } syscall(__NR_mprotect, /*addr=*/0x200000000000ul, /*len=*/0x800000ul, /*prot=PROT_SEM|PROT_EXEC*/ 0xcul); syscall(__NR_mremap, /*addr=*/0x200000000000ul, /*len=*/0x600000ul, /*newlen=*/0x600000ul, /*flags=MREMAP_FIXED|MREMAP_MAYMOVE*/ 3ul, /*newaddr=*/0x200000a00000ul); res = -1; res = syz_init_net_socket(/*domain=*/0x10, /*type=*/3, /*proto=*/0x10); if (res != -1) r[36] = res; memcpy((void*)0x200000000000, "NLBL_UNLBL\000", 11); res = -1; res = syz_genetlink_get_family_id(/*name=*/0x200000000000, /*fd=*/r[36]); if (res != -1) r[37] = res; res = -1; res = syz_init_net_socket(/*domain=*/0x10, /*type=*/3, /*proto=*/0x10); if (res != -1) r[38] = res; *(uint64_t*)0x200000000200 = 0; *(uint32_t*)0x200000000208 = 0; *(uint64_t*)0x200000000210 = 0x200000000140; *(uint64_t*)0x200000000140 = 0x2000000000c0; memcpy((void*)0x2000000000c0, "\x44\xdd\x9b\x9b", 4); *(uint16_t*)0x2000000000c4 = r[37]; memcpy((void*)0x2000000000c6, "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x14\x00\x03" "\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x14\x00\x02\x00\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x08\x00\x04\x00\x7f\x00\x00\x01", 62); *(uint64_t*)0x200000000148 = 0x44; *(uint64_t*)0x200000000218 = 1; *(uint64_t*)0x200000000220 = 0; *(uint64_t*)0x200000000228 = 0; *(uint32_t*)0x200000000230 = 0; syscall(__NR_sendmsg, /*fd=*/r[38], /*msg=*/0x200000000200ul, /*f=*/0ul); memcpy((void*)0x200000000000, "/dev/vcsa#\000", 11); res = -1; res = syz_open_dev(/*dev=*/0x200000000000, /*id=*/6, /*flags=*/0); if (res != -1) r[39] = res; *(uint64_t*)0x200000000380 = 0x200000000280; *(uint64_t*)0x200000000388 = 0xed; syscall(__NR_preadv, /*fd=*/r[39], /*vec=*/0x200000000380ul, /*vlen=*/1ul, /*off_low=*/8, /*off_high=*/0); res = syscall(__NR_geteuid); if (res != -1) r[40] = res; res = syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0xb704, /*arg=*/0x200000000040ul); if (res != -1) r[41] = *(uint32_t*)0x200000000040; memcpy((void*)0x200000000180, "vfat\000", 5); memcpy((void*)0x200000000000, "./file0\000", 8); memcpy((void*)0x2000000002c0, "uni_xlate=1", 11); *(uint8_t*)0x2000000002cb = 0x2c; memcpy((void*)0x2000000002cc, "errors=continue", 15); *(uint8_t*)0x2000000002db = 0x2c; memcpy((void*)0x2000000002dc, "utf8=0", 6); *(uint8_t*)0x2000000002e2 = 0x2c; memcpy((void*)0x2000000002e3, "nocase", 6); *(uint8_t*)0x2000000002e9 = 0x2c; memcpy((void*)0x2000000002ea, "nonumtail=0", 11); *(uint8_t*)0x2000000002f5 = 0x2c; memcpy((void*)0x2000000002f6, "utf8=1", 6); *(uint8_t*)0x2000000002fc = 0x2c; memcpy((void*)0x2000000002fd, "uid", 3); *(uint8_t*)0x200000000300 = 0x3d; sprintf((char*)0x200000000301, "0x%016llx", (long long)0); *(uint8_t*)0x200000000313 = 0x2c; memcpy((void*)0x200000000314, "rodir", 5); *(uint8_t*)0x200000000319 = 0x2c; memcpy((void*)0x20000000031a, "nfs", 3); *(uint8_t*)0x20000000031d = 0x2c; memcpy((void*)0x20000000031e, "shortname=lower", 15); *(uint8_t*)0x20000000032d = 0x2c; memcpy((void*)0x20000000032e, "fmask", 5); *(uint8_t*)0x200000000333 = 0x3d; sprintf((char*)0x200000000334, "%023llo", (long long)2); *(uint8_t*)0x20000000034b = 0x2c; memcpy((void*)0x20000000034c, "shortname=win95", 15); *(uint8_t*)0x20000000035b = 0x2c; memcpy((void*)0x20000000035c, "nfs", 3); *(uint8_t*)0x20000000035f = 0x2c; memcpy((void*)0x200000000360, "nonumtail=0", 11); *(uint8_t*)0x20000000036b = 0x2c; memcpy((void*)0x20000000036c, "utf8=0", 6); *(uint8_t*)0x200000000372 = 0x2c; memcpy((void*)0x200000000373, "uni_xlate=1", 11); *(uint8_t*)0x20000000037e = 0x2c; memcpy((void*)0x20000000037f, "nonumtail=0", 11); *(uint8_t*)0x20000000038a = 0x2c; memcpy((void*)0x20000000038b, "obj_type", 8); *(uint8_t*)0x200000000393 = 0x3d; memcpy((void*)0x200000000394, "%,*@(!(:#\254[", 11); *(uint8_t*)0x20000000039f = 0x2c; memcpy((void*)0x2000000003a0, "mask", 4); *(uint8_t*)0x2000000003a4 = 0x3d; memcpy((void*)0x2000000003a5, "MAY_EXEC", 8); *(uint8_t*)0x2000000003ad = 0x2c; memcpy((void*)0x2000000003ae, "uid", 3); *(uint8_t*)0x2000000003b1 = 0x3d; sprintf((char*)0x2000000003b2, "%020llu", (long long)r[40]); *(uint8_t*)0x2000000003c6 = 0x2c; memcpy((void*)0x2000000003c7, "uid<", 4); sprintf((char*)0x2000000003cb, "%020llu", (long long)r[41]); *(uint8_t*)0x2000000003df = 0x2c; memcpy((void*)0x2000000003e0, "dont_appraise", 13); *(uint8_t*)0x2000000003ed = 0x2c; memcpy((void*)0x2000000003ee, "uid>", 4); sprintf((char*)0x2000000003f2, "%020llu", (long long)r[40]); *(uint8_t*)0x200000000406 = 0x2c; memcpy((void*)0x200000000407, "uid<", 4); sprintf((char*)0x20000000040b, "%020llu", (long long)r[41]); *(uint8_t*)0x20000000041f = 0x2c; *(uint8_t*)0x200000000420 = 0; memcpy( (void*)0x200000002300, "\x78\x9c\xec\xdd\x3f\x6b\x23\x47\x14\x00\xf0\xb7\xb2\x2c\x29\x49\x21\x15" "\xa9\x42\x20\x0b\x49\x91\xca\xd8\x6e\xd3\xc8\x04\x1b\x4c\x54\x25\xa8\x48" "\x52\x24\x26\xb6\x21\x58\x22\x60\x83\x21\x7f\x88\xe2\x2a\x6d\x9a\x94\xf9" "\x04\x81\x40\xba\xfb\x12\xd7\xdc\x37\x38\xb8\xf6\xe0\xba\x73\x61\xd8\x63" "\xa5\xdd\x93\xec\x93\x65\xeb\xb0\xec\xfb\xf3\xfb\x35\x1e\xcf\xce\x9b\x79" "\x33\x1e\x6c\x5c\xec\xd3\xf7\x1f\xf6\x0f\x76\xd3\xd8\x3f\xf9\xed\x61\x34" "\x1a\x49\x54\xda\xd1\x8e\xd3\x24\x5a\x51\x89\xd2\x1f\x71\x4e\xfb\xaf\x00" "\x00\x5e\x67\xa7\x59\x16\x4f\xb2\x91\x79\xe2\x92\x88\x68\x2c\x2e\x2d\x00" "\x60\x81\xe6\xfe\xfb\xff\xff\xc2\x53\x02\x00\x16\xec\xab\xaf\xbf\xf9\x62" "\xa3\xd3\xd9\xfc\x32\x4d\x1b\xb1\xd5\xff\xf3\xb8\x9b\xff\x67\x9f\x7f\x1d" "\x3d\xdf\xd8\x8f\x1f\xa3\x17\x7b\xb1\x1a\xcd\x38\x8b\xc8\x9e\x1b\xb5\xb7" "\xb2\x2c\x1b\x54\xd3\x5c\x2b\x3e\xe9\x0f\x8e\xbb\x79\x64\xff\xbb\xfb\xc5" "\xfc\x1b\x8f\x23\x86\xf1\x6b\xd1\x8c\xd6\xb0\xeb\x7c\xfc\x76\x67\x73\x2d" "\x1d\x99\x88\x1f\xe4\x79\xbc\x5b\xac\xdf\xce\xe3\xd7\xa3\x19\xef\x4f\x59" "\x7f\xbb\xb3\xb9\x3e\x25\x3e\xba\xb5\xf8\xf4\xe3\x89\xfc\x57\xa2\x19\x0f" "\x7e\x88\x9f\xa2\x17\xbb\xc3\x24\xc6\xf1\xbf\xaf\xa5\xe9\xe7\xd9\xdf\x4f" "\x7f\xfd\x36\x4f\x2f\x8f\x4f\x06\xc7\xdd\xfa\x70\xdc\x58\xb6\x74\xcb\x3f" "\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\xde\x60\x2b\x45\xed\x9c\x7a\x0c\xeb\xf7\xe4\x5d\x45\xfd\x9d\xa5\xb3\xfc" "\x9b\xe5\x48\x4b\xad\xf3\xf5\x79\x46\xf1\x49\x39\xd1\x85\xfa\x40\x83\x2c" "\xfe\x29\xeb\xeb\xac\xa6\x69\x9a\x15\x03\xc7\xf1\xd5\xf8\xa0\x1a\xd5\xbb" "\xd9\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbc" "\x5a\x8e\x7e\xfe\xe5\x60\xa7\xd7\xdb\x3b\xbc\x91\x46\x59\x0d\xa0\x7c\xad" "\xff\x65\xe7\x69\x4f\xf4\x7c\x14\xb3\x07\xd7\xc7\x6b\x55\x8a\xe6\x8c\x99" "\x63\xa9\x1c\x93\x44\xcc\x4c\x23\xdf\xc4\x0d\x1d\xcb\x55\x8d\x77\x2e\xcb" "\xf9\xdf\xff\xe6\x9d\xb0\x71\xf5\x98\xe5\x59\xe7\x73\x33\x8d\xf2\x76\x1d" "\xec\x24\xd3\xcf\xb0\x1e\x65\x4f\xa3\xbc\x24\xf7\x26\xc7\xd4\xe2\x9a\x6b" "\xd5\x2e\x7b\x94\xcd\x75\xfd\x6a\x53\x1f\x35\xe7\xde\x7b\xed\xbd\x61\x63" "\x30\x63\x4c\x24\xb3\x12\xfb\xec\xd1\xe8\xe4\x8a\x9e\xe4\xe2\x2e\x6a\xc3" "\x53\x9d\x1a\xbe\x5c\x34\x26\xc2\x2f\xdc\x8d\xb9\xee\xf3\x8b\xbf\x2b\x12" "\xd5\x3a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x60\xa1" "\xc6\x2f\xfd\x4e\x79\x78\x32\x33\xb4\x92\xd5\x17\x96\x16\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdc\xaa\xf1\xe7\xff\xcf\xd1\x18\x14" "\xc1\xd7\x18\x5c\x8b\xc3\xa3\x3b\xde\x22\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6f\x81\x67\x01\x00" "\x00\xff\xff\xc3\x51\x62\x02", 673); syz_mount_image( /*fs=*/0x200000000180, /*dir=*/0x200000000000, /*flags=MS_I_VERSION|MS_NOSUID|MS_NOEXEC|MS_DIRSYNC*/ 0x80008a, /*opts=*/0x2000000002c0, /*chdir=*/7, /*size=*/0x2a1, /*img=*/0x200000002300); memcpy((void*)0x200000000000, "./file0\000", 8); syscall(__NR_creat, /*file=*/0x200000000000ul, /*mode=*/0ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/2ul, /*proto=*/0x88); if (res != -1) r[42] = res; *(uint16_t*)0x200000000040 = 1; *(uint64_t*)0x200000000048 = 0x200000000000; *(uint16_t*)0x200000000000 = 6; *(uint8_t*)0x200000000002 = 0; *(uint8_t*)0x200000000003 = 0; *(uint32_t*)0x200000000004 = 0x7fc00100; res = syscall(__NR_seccomp, /*op=*/1ul, /*flags=SECCOMP_FILTER_FLAG_NEW_LISTENER*/ 8ul, /*arg=*/0x200000000040ul); if (res != -1) r[43] = res; syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0xc0182101, /*arg=*/0ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/1ul, /*proto=*/0); if (res != -1) r[44] = res; res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/2ul, /*proto=*/0); if (res != -1) r[45] = res; *(uint32_t*)0x200000000080 = 0xbd9; syscall(__NR_setsockopt, /*fd=*/r[45], /*level=*/1, /*optname=SO_TIMESTAMPING_NEW*/ 0x41, /*optval=*/0x200000000080ul, /*optlen=*/4ul); *(uint32_t*)0x200000000000 = 0x918; syscall(__NR_setsockopt, /*fd=*/r[45], /*level=*/1, /*optname=SO_TIMESTAMPING_OLD*/ 0x25, /*optval=*/0x200000000000ul, /*optlen=*/4ul); *(uint32_t*)0x2000000000c0 = 0; syscall(__NR_getsockopt, /*fd=*/r[44], /*level=*/1, /*optname=*/0x26, /*optval=*/0ul, /*optlen=*/0x2000000000c0ul); res = syscall(__NR_ioctl, /*fd=*/r[43], /*cmd=*/0xc0502100, /*arg=*/0x200000000280ul); if (res != -1) r[46] = *(uint64_t*)0x200000000280; *(uint64_t*)0x200000000240 = r[46]; *(uint64_t*)0x200000000248 = 0; *(uint32_t*)0x200000000250 = 0; *(uint32_t*)0x200000000254 = 0; syscall(__NR_ioctl, /*fd=*/r[43], /*cmd=*/0xc0182101, /*arg=*/0x200000000240ul); res = syscall(__NR_ioctl, /*fd=*/r[43], /*cmd=*/0xc0502100, /*arg=*/0x200000000400ul); if (res != -1) r[47] = *(uint64_t*)0x200000000400; res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0); if (res != -1) r[48] = res; *(uint64_t*)0x200000000140 = r[47]; *(uint32_t*)0x200000000148 = 2; *(uint32_t*)0x20000000014c = r[48]; *(uint32_t*)0x200000000150 = 0; *(uint32_t*)0x200000000154 = 0; syscall(__NR_ioctl, /*fd=*/r[43], /*cmd=*/0x40182103, /*arg=*/0x200000000140ul); *(uint32_t*)0x200000000280 = 5; res = syscall(__NR_getsockopt, /*fd=*/r[42], /*level=*/1, /*optname=*/0x11, /*optval=*/0x200000000240ul, /*optlen=*/0x200000000280ul); if (res != -1) r[49] = *(uint32_t*)0x200000000244; syscall(__NR_setreuid, /*ruid=*/0, /*euid=*/r[49]); memcpy((void*)0x200000000080, "./file0\000", 8); syscall(__NR_utimes, /*filename=*/0x200000000080ul, /*times=*/0ul); memcpy((void*)0x200000000440, "ext4\000", 5); memcpy((void*)0x200000000480, "./file0\000", 8); *(uint8_t*)0x200000000000 = 0; memcpy( (void*)0x200000001900, "\x78\x9c\xec\xdc\x4b\x6f\x1c\x45\x1e\x00\xf0\x7f\xf7\xd8\x79\x6c\xe2\xb5" "\x37\xbb\x0b\xe4\x01\x18\x02\xc2\xe2\x61\xc7\xce\xf3\xc0\x05\x04\x52\x2e" "\x20\x24\x38\x84\xa3\xb1\x9d\x28\xc4\x49\x50\x6c\x24\x12\x59\xc4\x20\x14" "\x8e\x28\x9f\x00\x38\x22\xf1\x09\x38\xc1\x05\xf1\xb8\x80\xb8\x82\xb8\x22" "\xa4\x08\xf9\x92\xc0\x01\x35\xea\x99\x6e\x67\x62\x7b\x9c\x19\x7b\xec\x49" "\x32\xbf\x9f\xd4\x49\x55\x77\x4d\x57\xfd\xbb\xbb\xec\xea\x2a\x8d\x03\xe8" "\x5a\x83\xf9\x3f\x49\xc4\xce\x88\xf8\x39\x22\xfa\x6b\xd9\x5b\x0b\x0c\xd6" "\xfe\xbb\xb1\x30\x37\xf1\xe7\xc2\xdc\x44\x12\x59\xf6\xea\x1f\x49\xb5\xdc" "\xf5\x85\xb9\x89\xb2\x68\xf9\xb9\x1d\x45\x66\x28\x8d\x48\x3f\x48\x62\xef" "\x0a\xf5\xce\x5c\xbc\x74\x66\x7c\x7a\x7a\xea\x42\x91\x1f\x99\x3d\xfb\xd6" "\xc8\xcc\xc5\x4b\xcf\x9c\x3e\x3b\x7e\x6a\xea\xd4\xd4\xb9\xb1\x63\xc7\x0e" "\x1d\xdc\x7e\xf4\xc8\xd8\xe1\xb6\xc4\xd9\x97\xb7\x75\xcf\xbb\xe7\xf7\xed" "\x3e\xfe\xfa\xd5\x97\x26\x4e\x5c\x7d\xe3\xdb\xcf\xf3\xf6\x66\xc5\xf1\xfa" "\x38\x6a\x06\xd6\x5d\xe7\x60\x0c\xde\x7a\x2d\xeb\x3c\xbe\xee\xb3\xdf\x59" "\xfa\xea\xd2\x49\x4f\x07\x1b\x42\x4b\x2a\x11\x91\xdf\xae\xde\x6a\xff\xef" "\x8f\x4a\xdc\xbc\x79\xfd\xf1\xe2\xfb\x1d\x6d\x1c\xb0\xa1\xb2\x2c\xcb\xb6" "\x2e\xdb\x5b\x29\x13\xf3\x19\x70\x0f\x4b\xa2\xd3\x2d\x00\x3a\xa3\xfc\x45" "\x7f\x7d\x21\x7f\x53\x9d\x9b\x58\xfe\x1e\x7c\x6f\xbb\xf6\x5c\xed\x55\x3f" "\x8f\xfb\x46\xb1\xd5\x8e\xf4\x44\x9a\xbf\xc3\x0f\xd4\xde\x8d\xd2\x0d\xaa" "\xff\x7f\x11\x71\x62\xfe\xaf\x8f\xf3\x2d\x56\x9c\x87\x00\x00\x68\xaf\x2f" "\xf3\xf1\xcf\xd3\xb5\x71\x47\xb9\xd5\x8e\xa4\x71\x5f\x5d\xb9\x7f\x17\x6b" "\x43\x03\x11\xf1\x9f\x88\xd8\x15\x11\xff\x2d\xc6\x2f\xff\x8f\xa8\x96\xbd" "\x3f\x22\x1e\x58\x5e\x45\xa3\x25\x90\xaa\xc1\x25\xf9\xe5\xe3\x9f\x1f\xb7" "\xaf\x39\xb8\x26\xe4\xe3\xbf\x67\x8b\xb5\xad\x5b\xc7\x7f\x8b\x23\xbe\x81" "\x4a\x91\xeb\xab\xc6\xdf\x9b\x9c\x3c\x3d\x3d\x75\xa0\xb8\x26\x43\xd1\xbb" "\x35\xcf\x8f\xae\x52\xc7\x57\x2f\xfc\xf4\x51\xa3\x63\x83\x75\xe3\xbf\x7c" "\xcb\xeb\x2f\xc7\x82\x45\x3b\x7e\xef\x59\x32\x41\x37\x39\x3e\x3b\xbe\x9e" "\x98\xeb\x5d\x7b\x2f\x62\x4f\xcf\x4a\xf1\x27\x8b\x2b\x01\xf9\x0d\xdc\x1d" "\x11\x7b\xd6\x70\xfe\xfc\x9a\x9d\x7e\xf2\xb3\x7d\x8d\x8e\xdf\x3e\xfe\x55" "\xb4\x61\x9d\x29\xfb\x34\xe2\x89\xda\xfd\x9f\x8f\x25\xf1\x97\x92\x86\xeb" "\x93\xa3\x47\x8f\x8c\x1d\x1e\xd9\x16\xd3\x53\x07\x46\xca\xa7\x62\xb9\xef" "\x7e\xb8\xf2\x4a\xa3\xfa\xf3\xf8\x5f\xfe\xfe\xe6\x35\x68\x29\xfe\x36\xc8" "\xef\xff\xbf\x56\x7c\xfe\x17\xe3\x1f\x48\xea\xd7\x6b\x67\x5a\xaf\xe3\xca" "\x2f\x1f\x36\x7c\xa7\x59\xeb\xf3\xbf\x25\x79\xad\x9a\xde\x52\xec\x7b\x67" "\x7c\x76\xf6\xc2\x68\xc4\x96\x64\x7e\xf9\xfe\xb1\x9b\x9f\x2d\xf3\x65\xf9" "\x3c\xfe\xa1\xfd\x2b\xf7\xff\x5d\x11\x7f\x7f\x52\x7c\x6e\x6f\x44\xe4\x0f" "\xf1\x83\x11\xf1\x50\x44\x3c\x5c\xb4\xfd\x91\x88\x78\x34\x22\xf6\xaf\x12" "\xff\x37\xcf\x3f\xf6\xe6\xda\xe3\xdf\x58\x79\xfc\x93\x2d\xdd\xff\x8b\x97" "\x92\x32\x71\xa6\xb9\x44\xe5\xcc\xd7\x5f\x34\xaa\xbf\xb9\xfb\x7f\xa8\x9a" "\x1a\x2a\xf6\x4c\x8e\xcf\x6e\xbb\x5d\x5c\xcd\x36\x70\x3d\xd7\x0e\x00\x00" "\x00\xee\x16\x69\x44\xec\x8c\x24\x1d\x5e\x4c\xa7\xe9\xf0\x70\xc4\x8e\xc5" "\x19\x94\x99\xd9\xa7\x4e\x9e\x7f\xfb\xdc\x64\xed\x3b\x02\x03\xd1\x9b\x96" "\x33\x5d\xfd\x75\xf3\xa1\xa3\xc5\xdc\x70\x99\x1f\x5b\x92\x3f\x58\x9d\x37" "\xce\xb2\x2c\xdb\x5e\xcd\x0f\x4f\x9c\x9f\xee\xeb\x70\xec\xd0\xed\x76\x34" "\xe8\xff\xb9\xdf\x2a\x9d\x6e\x1d\xb0\xe1\x5a\x5a\x47\x5b\x75\x39\x17\xb8" "\xdb\xac\x7d\x1d\x3d\x6b\x6b\x3b\x80\xcd\xe7\xfb\xda\xd0\xbd\xf4\x7f\xe8" "\x5e\x4d\xf7\xff\xde\x8d\x6d\x07\xb0\xf9\x56\xea\xff\x97\x23\x6e\x74\xa0" "\x29\xc0\x26\x33\xfe\x87\xee\xa5\xff\x43\xf7\xd2\xff\xa1\x7b\xe9\xff\xd0" "\x95\x9a\xff\x16\x7f\x6b\x89\x5d\xc7\x37\xea\xcc\x77\x46\xe2\xd7\x34\xa2" "\x3d\x27\xac\x6c\x7a\xe3\xb7\x45\x3b\xce\x13\xe9\x6d\xcb\xf4\xb4\xf0\x87" "\x18\x36\x37\x91\xde\x19\xcd\xa8\x25\xb6\x46\x44\xb3\x85\x2f\xb7\xe9\xa9" "\x5b\x25\x91\xd6\xaa\xe8\xf4\x4f\x26\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x80\xf6\xf8\x27\x00\x00\xff\xff\x9b\x66\xe0\xc9", 1166); syz_mount_image(/*fs=*/0x200000000440, /*dir=*/0x200000000480, /*flags=*/0, /*opts=*/0x200000000000, /*chdir=*/1, /*size=*/0x48c, /*img=*/0x200000001900); memcpy((void*)0x200000000040, "./file0\000", 8); syscall(__NR_open, /*file=*/0x200000000040ul, /*flags=*/0ul, /*mode=*/0ul); memcpy((void*)0x200000000140, "/dev/sg#\000", 9); res = -1; res = syz_open_dev(/*dev=*/0x200000000140, /*id=*/0x100000, /*flags=*/0); if (res != -1) r[50] = res; *(uint64_t*)0x200000000000 = 0xb5; syscall(__NR_ioctl, /*fd=*/r[50], /*cmd=FIOASYNC*/ 0x5452, /*v=*/0x200000000000ul); memcpy((void*)0x2000000060c0, "/dev/sg#\000", 9); res = -1; res = syz_open_dev(/*dev=*/0x2000000060c0, /*id=*/0, /*flags=*/0); if (res != -1) r[51] = res; res = syscall(__NR_fcntl, /*fd=*/r[51], /*cmd=*/0ul, /*arg=*/r[51]); if (res != -1) r[52] = res; syscall(__NR_ioctl, /*fd=*/r[52], /*cmd=*/0x2275, /*arg=*/0x200000000000ul); memcpy((void*)0x2000000004c0, "ext4\000", 5); memcpy((void*)0x200000000100, "./file0\000", 8); *(uint8_t*)0x200000000000 = 0; memcpy( (void*)0x200000000a00, "\x78\x9c\xec\xdd\xcf\x6f\x1b\x59\x1d\x00\xf0\xef\x4c\xe2\x26\x4d\xb3\x9b" "\x2c\xec\x01\x10\xb0\x65\x59\x28\xa8\xaa\x93\xb8\xbb\xd1\x6a\x25\xa4\xe5" "\x02\x42\xab\x95\x10\x2b\x4e\x1c\xba\x21\x71\xa2\x28\x76\x1c\xc5\x4e\x69" "\xd2\x1e\xd2\xff\x01\x89\x4a\x9c\xe0\x4f\xe0\x80\xc4\x01\xa9\x27\xee\xdc" "\xe0\xc6\xa5\x1c\x90\x0a\x94\xa2\x06\x89\x83\xd1\x8c\x9d\xe6\x47\xed\xa4" "\xb4\xa9\x67\x15\x7f\x3e\xd2\xeb\xcc\x9b\x71\xe7\xfb\x7d\x4e\xe6\x3d\xfb" "\x45\xf6\x0b\x60\x68\x5d\x8e\x88\xdd\x88\xb8\x10\x11\x9f\x46\xc4\x54\xf7" "\x78\xd2\x2d\xf1\x61\xa7\x64\x8f\x7b\xf2\xe8\xce\xe2\xde\xa3\x3b\x8b\x49" "\xb4\xdb\x9f\xfc\x23\xc9\xcf\x67\xc7\x2e\x1e\xfa\x3f\x99\x4b\xdd\x6b\x8e" "\x47\xc4\x8f\xbe\x1f\xf1\xd3\xe4\xd9\xb8\xcd\xed\x9d\xb5\x85\x5a\xad\xba" "\xd9\xad\xcf\xb4\xea\x1b\x33\xcd\xed\x9d\x6b\xab\xf5\x85\x95\xea\x4a\x75" "\xbd\x52\x99\x9f\x9b\x9f\x7d\xff\xfa\x7b\x95\x33\x6a\x69\x7b\xea\xad\xfa" "\x6f\x1e\x7e\x6f\xf5\xa3\x1f\xff\xfe\x77\x5f\x79\xf0\xc7\xdd\x6f\xdf\xce" "\xd2\x9a\xec\xe6\x9d\xb5\xe3\x8c\x02\x1d\xd1\x69\x7a\x29\x8f\xb3\x6f\x34" "\x22\x3e\x7a\x15\xc1\x0a\x30\xd2\x6d\xcf\x85\xa2\x13\xe1\x85\xa4\x11\xf1" "\xb9\x88\x78\x3b\xbf\xff\xa7\x62\x24\xff\x69\x02\x00\xe7\x59\xbb\x3d\x15" "\xed\xa9\xc3\x75\x00\xe0\xbc\x4b\xf3\x39\xb0\x24\x2d\x77\xe7\x02\x26\x23" "\x4d\xcb\xe5\xce\x1c\xde\x9b\x31\x91\xd6\x1a\xcd\xd6\xd5\xe5\xc6\xd6\xfa" "\x52\x67\xae\x6c\x3a\x4a\xe9\xf2\x6a\xad\x3a\xdb\x9d\x2b\x9c\x8e\x52\x92" "\xd5\xe7\xf2\xfd\x83\x7a\xe5\x58\xfd\x7a\x44\xbc\x11\x11\x3f\x1f\xbb\x98" "\xd7\xcb\x8b\x8d\xda\x52\x91\x2f\x7c\x00\x60\x88\x5d\x3a\x36\xfe\xff\x7b" "\xac\x33\xfe\x03\x00\xe7\xdc\x78\xd1\x09\x00\x00\x03\x67\xfc\x07\x80\xe1" "\x63\xfc\x07\x80\xe1\x63\xfc\x07\x80\xe1\x63\xfc\x07\x80\xe1\xd3\x6f\xfc" "\x6f\xb7\x07\x9c\x08\x00\x30\x30\xc7\xc6\xff\x52\x51\x79\x00\x00\x03\xf1" "\xc3\x8f\x3f\xce\x4a\x7b\xaf\xfb\xfd\xd7\x4b\x37\xb7\xb7\xd6\x1a\x37\xaf" "\x2d\x55\x9b\x6b\xe5\xfa\xd6\x62\x79\xb1\xb1\xb9\x51\x5e\x69\x34\x56\xf2" "\xef\xec\xa9\x9f\x76\xbd\x5a\xa3\xb1\x31\xf7\x6e\x6c\xdd\x9a\x69\x55\x9b" "\xad\x99\xe6\xf6\xce\x8d\x7a\x63\x6b\xbd\x75\x23\xff\x5e\xef\x1b\x55\xaf" "\x2d\x00\xa0\x78\x6f\xbc\x75\xff\xcf\x49\x44\xec\x7e\x70\x31\x2f\x71\x68" "\x2d\x07\x63\x35\x9c\x6f\x69\xd1\x09\x00\x85\x19\x29\x3a\x01\xa0\x30\x56" "\xfb\x82\xe1\xe5\x3d\x3e\xd0\x63\x89\xde\x23\xfa\x7e\x44\xe8\xde\xd9\xe7" "\x02\x0c\xc6\x95\x2f\x9a\xff\x87\x61\x75\xd2\xfc\xff\x77\x06\x98\x07\x30" "\x78\xe6\xff\x61\x78\xbd\xe0\xfc\x7f\xb2\x7b\xd6\x89\x00\x03\xd7\x6e\x27" "\xd6\xfc\x07\x80\x21\x63\x8e\x1f\xf0\xf7\x7f\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8" "\xff\x4d\xe6\x25\x49\xcb\xdd\xb5\xc0\x27\x6f\x5f\x4a\xcb\xe5\x88\xd7\x22" "\x62\x3a\x4a\xed\x58\xad\x55\x67\x23\xe2\xf5\x88\xf8\xd3\x58\x69\x6c\x79" "\xb5\x56\x9d\x2b\x3a\x69\x00\xe0\x25\xa5\x7f\x4b\xba\xeb\x7f\x5d\x99\x7a" "\x67\xf2\xf8\xd9\x0b\xc9\x7f\xc6\xf2\x6d\x44\xfc\xec\x97\x9f\xfc\xe2\xd6" "\x42\xab\xb5\x39\x97\x1d\xff\xe7\xd3\xe3\xad\x7b\xdd\xe3\x95\x22\xf2\x07" "\x00\x4e\xb3\x3f\x4e\xef\x8f\xe3\xfb\x9e\x3c\xba\xb3\xb8\x5f\x06\x99\xcf" "\xc3\xef\x76\x16\x17\xcd\xe2\xee\x75\x4b\xe7\xcc\x68\x8c\xe6\xdb\xf1\x28" "\x45\xc4\xc4\xe3\xa4\x5b\xef\xc8\x5e\xaf\x8c\x9c\x41\xfc\xdd\xbb\x11\xf1" "\x85\x5e\xed\x4f\xf2\xb9\x91\xe9\xee\xca\xa7\xc7\xe3\x67\xb1\x5f\x1b\x68" "\xfc\xf4\x48\xfc\x34\x3f\xd7\xd9\x66\xcf\xc5\xe7\xcf\x20\x17\x18\x36\xf7" "\xb3\xfe\xe7\xc3\x5e\xf7\x5f\x1a\x97\xf3\x6d\xef\xfb\x7f\x3c\xef\xa1\x5e" "\xde\x7e\xff\xb7\xf7\x4c\xff\x97\x3e\xed\xff\x46\xfa\xf4\x7f\x97\x9f\x37" "\xc6\xbb\x7f\xf8\x41\xdf\x73\x77\x23\xbe\x34\xda\x2b\x7e\xf2\x34\x7e\xd2" "\x27\xfe\x3b\xbd\x2e\xd8\xa3\x53\xfe\xcb\x97\xbf\xfa\x76\xbf\xf8\xed\x5f" "\x45\x5c\x89\x9e\xf1\xef\x3f\x3e\x14\x6b\xa6\x55\xdf\x98\x69\x6e\xef\x5c" "\x5b\xad\x2f\xac\x54\x57\xaa\xeb\x95\xca\xfc\xdc\xfc\xec\xfb\xd7\xdf\xab" "\xcc\x2c\xaf\xd6\xaa\xb3\x9d\x7f\x7b\xc6\xf8\xfb\x07\x57\x5f\x3f\xa9\xfd" "\x13\x11\xff\x9a\xe8\x54\x8f\xb4\x7f\xfc\x94\xf6\x7f\xe3\xe8\xa5\xfa\xfe" "\x3a\xfc\xfa\xbf\x9f\xfe\xe4\x6b\x27\xc4\xff\xd6\xd7\x0f\xda\x7f\xf0\xf4" "\xa5\xf1\xe6\x09\xf1\xb3\x31\xf1\x9b\xfd\x02\x1e\xb3\x30\xf1\xdb\xbe\xcb" "\x77\x67\xf1\x97\x7a\x3f\xff\xa7\xfe\xfc\xaf\x3e\x67\xfc\x07\x7f\xdd\x59" "\x7a\xce\x87\x02\x00\x03\xd0\xdc\xde\x59\x5b\xa8\xd5\xaa\x9b\xe7\x73\x27" "\x7b\x7b\x7c\xc2\x63\x4a\x51\x78\x86\x47\x76\x46\x3f\x1b\x69\xd8\x39\xd8" "\x49\x4e\xfa\xfd\x39\xcf\x3b\x45\xf7\x4c\xc0\xab\x76\x70\xd3\x17\x9d\x09" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd0\xcf\x20\x3e\x4e\x54\x74" "\x1b\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x38\xbf\xfe\x17\x00\x00\xff\xff\x86\xb0\xd4" "\xfb", 1261); syz_mount_image(/*fs=*/0x2000000004c0, /*dir=*/0x200000000100, /*flags=*/0, /*opts=*/0x200000000000, /*chdir=*/0x24, /*size=*/0x4ed, /*img=*/0x200000000a00); memcpy((void*)0x200000000080, "cgroup.controllers\000", 19); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000080ul, /*flags=*/0x275a, /*mode=*/0); if (res != -1) r[53] = res; res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/6); if (res != -1) r[54] = res; *(uint64_t*)0x2000000001c0 = 0; *(uint32_t*)0x2000000001c8 = 0; *(uint64_t*)0x2000000001d0 = 0x200000000040; *(uint64_t*)0x200000000040 = 0x2000000000c0; *(uint32_t*)0x2000000000c0 = 0xb8; *(uint16_t*)0x2000000000c4 = 0x19; *(uint16_t*)0x2000000000c6 = 1; *(uint32_t*)0x2000000000c8 = 0; *(uint32_t*)0x2000000000cc = 0; *(uint8_t*)0x2000000000d0 = 0xfc; *(uint8_t*)0x2000000000d1 = 1; memset((void*)0x2000000000d2, 0, 13); *(uint8_t*)0x2000000000df = 0; *(uint8_t*)0x2000000000e0 = 0xfe; *(uint8_t*)0x2000000000e1 = 0x88; memset((void*)0x2000000000e2, 0, 12); *(uint8_t*)0x2000000000ee = 0; *(uint8_t*)0x2000000000ef = 1; *(uint16_t*)0x2000000000f0 = htobe16(0); *(uint16_t*)0x2000000000f2 = htobe16(0); *(uint16_t*)0x2000000000f4 = htobe16(0); *(uint16_t*)0x2000000000f6 = htobe16(0); *(uint16_t*)0x2000000000f8 = 0xa; *(uint8_t*)0x2000000000fa = 0; *(uint8_t*)0x2000000000fb = 0; *(uint8_t*)0x2000000000fc = 0; *(uint32_t*)0x200000000100 = 0; *(uint32_t*)0x200000000104 = -1; *(uint64_t*)0x200000000108 = 0; *(uint64_t*)0x200000000110 = 0; *(uint64_t*)0x200000000118 = 0; *(uint64_t*)0x200000000120 = 0; *(uint64_t*)0x200000000128 = 0; *(uint64_t*)0x200000000130 = 0; *(uint64_t*)0x200000000138 = 0; *(uint64_t*)0x200000000140 = 0; *(uint64_t*)0x200000000148 = 0; *(uint64_t*)0x200000000150 = 0; *(uint64_t*)0x200000000158 = 0; *(uint64_t*)0x200000000160 = 0; *(uint32_t*)0x200000000168 = 0; *(uint32_t*)0x20000000016c = 0x6e6bb9; *(uint8_t*)0x200000000170 = 1; *(uint8_t*)0x200000000171 = 0; *(uint8_t*)0x200000000172 = 0; *(uint8_t*)0x200000000173 = 0; *(uint64_t*)0x200000000048 = 0xb8; *(uint64_t*)0x2000000001d8 = 1; *(uint64_t*)0x2000000001e0 = 0; *(uint64_t*)0x2000000001e8 = 0; *(uint32_t*)0x2000000001f0 = 0; syscall(__NR_sendmsg, /*fd=*/r[54], /*msg=*/0x2000000001c0ul, /*f=*/0ul); memcpy((void*)0x200000000140, "#! ", 3); memcpy((void*)0x200000000143, "./file0", 7); *(uint8_t*)0x20000000014a = 0x20; memcpy((void*)0x20000000014b, "ext4\000", 5); *(uint8_t*)0x200000000150 = 0x20; memcpy((void*)0x200000000151, "cgroup.controllers\000", 19); *(uint8_t*)0x200000000164 = 0x20; memcpy((void*)0x200000000165, "ext4\000", 5); *(uint8_t*)0x20000000016a = 0x20; memset((void*)0x20000000016b, 36, 1); *(uint8_t*)0x20000000016c = 0x20; memset((void*)0x20000000016d, 0, 1); *(uint8_t*)0x20000000016e = 0x20; memcpy((void*)0x20000000016f, "\\^}\332%&!,", 8); *(uint8_t*)0x200000000177 = 0x20; memset((void*)0x200000000178, 0, 1); *(uint8_t*)0x200000000179 = 0x20; memcpy((void*)0x20000000017a, "cgroup.controllers\000", 19); *(uint8_t*)0x20000000018d = 0xa; memcpy( (void*)0x20000000018e, "\x36\x7e\x3a\xa8\xac\x82\xb3\x58\xf8\x0e\x95\xa2\xb5\x36\x01\xf9\x13\x5c" "\xe4\x3c\x22\xc3\xb3\x10\x92\xa2\xd9\x6c\x81\x0e\xae\xdf\xae\xc6\x28\x15" "\xab\xe9\xd4\x07\x61\x41\x1c\x21\x56\xba\x43\xa9\x29\x8d\x4a\xaf\xb0\x9d" "\x25\xa7\xd5\x26\x5c\x41\x75\xc4\x31\x74\xfe\x23\x2b\xfe\xde\x2f\x15\x9a" "\x9a\x29\xef\x31\x81\x6a\x28\x67\x7d\x6e\x95\x55\x61\x96\x3a\x34\xf8\xa6" "\x83\x89\xe2\xc5\x81\xa3\x57\xe4\x53\x92\x9f\x8d\xb7\x72\xb8\xa7\xb0\x90" "\x3a\xb0\x4b\x9d\x4b\xd2\x92\xc7\xc4\xba\x99\xd1\x33\xb3\x66\xe8\x90\x26" "\x07\x42\x9a\x82\x44\x9c\xf5\x34\x98\x94\x55\x36\xdd\xdc\x64\xfd\x73\x92" "\x46\x9b\xf8\xf0\x3c\x5a\x7d\xa9\x05\xa6\x27\x92\x3b\xdf\xf7\x94\xce\xfd" "\x97\x8d\xf5\xc2\xaf\xdb\xd5\x62\x1a\x6e\x53\xa2\x70\x52\xc3\x37\x44\x1c" "\x4c\x08\x60\x6a\x19\xc3\x15\x16\x49\x61\xf7\xe9\x86\x84\x01\x89\xed\xf6" "\xa7\x6d\xee\x04\xbc\x7f\xa8\x92\xdb\x9f\x63\xb6\x13\x7a\x12\xe9\xd4\xfa" "\x23\x2f\xfb\x23\xb5\x12", 222); syscall(__NR_write, /*fd=*/r[53], /*data=*/0x200000000140ul, /*len=*/0x12cul); memcpy((void*)0x200000000280, "\x00\x00\x00\x00\x4c\x90\x02\x00\x00\x00\x00\x00\x03\x00\x01\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x23\x7b\x47\xd2" "\x1d\xff\xb2\x92\xc8\x8b\x82\x20\x00\x00\x40\x00\x00\x00\x00\x00\x2e" "\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 204); syscall(__NR_ioctl, /*fd=*/r[53], /*cmd=*/0xc0c0583b, /*arg=*/0x200000000280ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=SOCK_DGRAM*/ 2ul, /*proto=*/0); if (res != -1) r[55] = res; *(uint32_t*)0x200000356ffc = 0xffffff40; syscall(__NR_setsockopt, /*fd=*/r[55], /*level=*/1, /*optname=SO_REUSEPORT*/ 0xf, /*optval=*/0x200000356ffcul, /*optlen=*/4ul); *(uint16_t*)0x200000000000 = 2; *(uint16_t*)0x200000000002 = htobe16(0x6e24); *(uint32_t*)0x200000000004 = htobe32(0); syscall(__NR_bind, /*fd=*/r[55], /*addr=*/0x200000000000ul, /*addrlen=*/0x10ul); memcpy((void*)0x200000000440, "ext4\000", 5); memcpy((void*)0x200000000480, "./file0\000", 8); *(uint8_t*)0x200000000000 = 0; memcpy( (void*)0x200000000500, "\x78\x9c\xec\xdc\x4d\x6f\x15\x55\x1c\x07\xe0\xdf\x4c\x5b\x08\x2f\x5a\x34" "\xbe\x56\x94\x0a\x2a\x15\xb4\xa5\xa8\xd5\x85\x1b\xf6\x26\x2e\x64\xe7\xaa" "\xa1\x85\x10\x0b\x18\x5a\x13\x21\x2c\x34\xc1\xb8\x91\x85\x89\x71\x69\xe2" "\x07\x30\x91\x9d\x89\x1b\x76\x6e\x59\xf0\x01\x58\x1a\x0c\x31\x2c\xb4\xd1" "\xc4\xd4\xcc\xed\x1d\x7a\x69\x7b\x0b\x85\xd6\x6b\x98\xe7\x49\xe6\xde\x73" "\xe6\x9c\x9b\x73\x66\x4e\xfe\x73\xef\x3d\x73\x32\x01\x1a\x6b\xb8\x7a\x29" "\x92\x9d\x49\xae\x25\x19\x5c\xcc\xde\x59\x61\x78\xf1\xed\xcf\x5b\x17\x8e" "\xcd\xdf\xba\x70\xac\xc8\xc2\xc2\x07\xbf\x17\xad\x7a\xd5\xbe\xba\x6a\xfd" "\xb9\x1d\xd5\x4b\x99\x8c\x94\x49\x79\xb1\xc8\x73\xab\xb4\x3b\x7b\xee\xfc" "\x47\x93\x33\x33\xd3\x67\xdb\xf9\xb1\xb9\x53\x1f\x8f\xcd\x9e\x3b\xff\xfa" "\xc9\x53\x93\x27\xa6\x4f\x4c\x9f\x1e\x9f\x98\x38\x74\x68\xe2\xed\x89\xb7" "\xde\xd9\xb0\x63\x1d\x9a\xfc\xf1\xbb\xdf\x2e\xbd\xff\xf5\xb7\x5f\x7c\x38" "\xb6\x67\xa8\xdc\x5b\xf5\x77\x67\xbb\xac\xf3\x38\x36\xca\x70\x86\xef\x3c" "\x97\x1d\x5e\xd9\xe8\xc6\x7a\xec\xc9\x8e\x74\xd1\xdf\xc3\x8e\xb0\x2e\x7d" "\x49\xaa\xe1\x1a\x68\xc5\xff\x60\xfa\xb2\x34\x78\x83\xf9\xe5\x7a\x4f\x3b" "\x07\x6c\xaa\x85\xca\xd6\xae\xc5\x9f\x2d\x00\x0f\xb1\x22\xbd\xee\x01\xd0" "\x1b\xf5\x17\x7d\xf5\xff\xb7\xde\xfe\xab\xdf\x1e\xf4\xde\xcd\x23\x8b\x7f" "\x00\xeb\xb9\x9d\xf9\xdb\xe3\xdf\x9f\xb2\x5d\x67\x60\xd9\xff\xfb\x8d\x34" "\x9c\xe4\xc2\xf5\xf9\xc1\x6a\xcb\x26\xcd\xc3\x00\x00\x00\x00\x34\xd9\x95" "\x23\x49\x5e\x5b\x6d\xfe\xaf\xcc\x53\x1d\xf5\xaa\xf4\xd3\x49\x9e\x49\xf2" "\x6c\x92\xa1\xa4\xb5\xae\x67\x77\x92\xe7\x93\xbc\x90\x64\x4f\xbd\x9e\x68" "\x1d\x96\xd7\x5f\x39\xff\x53\xde\xb8\xaf\x03\xe3\x9e\xdc\x3c\x92\xbc\x9b" "\x64\x7e\xc5\xfc\x5f\x3d\xfb\x97\x5d\x7d\xed\xdc\x23\x55\x26\x03\xc5\xf1" "\x93\x33\xd3\x87\x92\x3c\x9a\x64\x24\x03\x5b\xab\xfc\xf8\x1a\x6d\x4c\xfe" "\xf0\xc7\x4f\xdd\xca\xaa\xf1\xbf\xf6\x73\xdf\x60\xbd\x55\xed\x57\xef\x4b" "\x35\xca\x1b\xfd\xcb\xee\x4f\x4f\x4d\xce\x4d\x3e\xc8\x31\xb3\xe4\xe6\xe7" "\xc9\x50\xff\x6a\xe3\x5f\xdc\x5e\x09\x54\x24\x79\x31\xc9\xde\xfb\x6c\xe3" "\xe2\xa5\xdd\x97\xbb\x95\xdd\x7d\xfc\xd9\x4c\x0b\xdf\x27\xfb\x57\x8d\xff" "\xa5\x95\x8b\xc5\xda\xeb\x33\xc7\x5a\xd7\x83\xb1\xfa\xaa\xb0\xd2\xd5\x85" "\xe1\xf9\x6e\xed\x1b\xff\xde\xaa\xe2\x7f\xfb\xda\xe3\xbf\xab\xe8\x5c\xaf" "\x3b\xbb\xfe\x36\x2e\x0f\xfc\xf5\x4f\xb7\xb2\xfb\xbd\xfe\x6f\x29\x8e\xb6" "\x3a\xb8\xa5\xbd\xef\xd3\xc9\xb9\xb9\xb3\xe3\xc9\x96\xe2\xbd\x95\xfb\x0f" "\xaf\xbf\xcf\x0f\xab\xfa\x7c\xd4\xe7\xab\x1a\xff\x91\x7d\xab\x7f\xff\x3f" "\xde\xfe\x4c\x75\x42\xf7\x25\x79\x29\xc9\xcb\xed\xb5\xcb\xfb\x5b\xdf\xfd" "\xc9\xab\x49\x0e\x24\x39\xb8\x46\x9b\x5f\x1e\xf8\xea\x4a\xb7\x32\xf1\xdf" "\x5b\xd5\xf8\x4f\xad\x2b\xfe\xd7\x9f\xf8\x7b\xdb\xd1\xab\xdd\xda\xef\xbc" "\xff\x5b\x6d\x55\xfb\xf5\xbd\xe0\x45\x55\xfc\xbf\xd9\xea\xcc\x48\x7b\x8f" "\xdf\x7f\x77\x77\xaf\x03\xd4\xeb\x7e\x02\x00\x00\x00\x00\x00\x00\xb0\x31" "\xca\xd6\x33\xf0\x8a\x72\xf4\x76\xba\x2c\x47\x47\x17\x9f\xe1\xf7\x44\xb6" "\x97\x33\x67\x66\xe7\x0e\x1e\x3f\xf3\xc9\xe9\xa9\xc5\x67\xe5\xed\xca\x40" "\x59\xaf\xf4\x1a\xec\x58\x0f\x3a\xde\x4a\x2f\xe5\x0f\x2f\xcb\xbf\x91\xe4" "\xb1\x24\xdf\xf4\x6d\x6b\xe5\x47\x8f\x9d\x99\x99\xea\xf5\xc1\x43\xc3\xed" "\xe8\x12\xff\x95\x5f\xfb\x7a\xdd\x3b\x60\xd3\x79\x5e\x2b\x34\x97\xf8\x87" "\xe6\x12\xff\xd0\x5c\xe2\x1f\x9a\x4b\xfc\x43\x73\x89\x7f\x68\x2e\xf1\x0f" "\xcd\x25\xfe\xa1\xb9\xc4\x3f\x34\x97\xf8\x87\x46\x7a\x90\xe7\xfa\x49\x48" "\x48\x3c\xac\x89\x5e\x5f\x99\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\x1f\xfe\x0d\x00\x00\xff" "\xff\xbc\xb0\xdc\x06", 1049); syz_mount_image(/*fs=*/0x200000000440, /*dir=*/0x200000000480, /*flags=*/0, /*opts=*/0x200000000000, /*chdir=*/1, /*size=*/0x419, /*img=*/0x200000000500); *(uint32_t*)0x20000001d000 = 0; *(uint32_t*)0x20000001d004 = 0x80; *(uint8_t*)0x20000001d008 = 0; *(uint8_t*)0x20000001d009 = 0; *(uint8_t*)0x20000001d00a = 0; *(uint8_t*)0x20000001d00b = 0; *(uint32_t*)0x20000001d00c = 0; *(uint64_t*)0x20000001d010 = 0x18a; *(uint64_t*)0x20000001d018 = 0; *(uint64_t*)0x20000001d020 = 0; STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 2, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 3, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 5, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 6, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 7, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 8, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 9, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 10, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 11, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 12, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 13, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 14, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 15, 2); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 17, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 18, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 19, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 20, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 21, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 22, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 23, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 24, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 25, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 26, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 27, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 28, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 29, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 30, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 31, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 32, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 33, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 34, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 35, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 36, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 37, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 38, 26); *(uint32_t*)0x20000001d030 = 0; *(uint32_t*)0x20000001d034 = 0; *(uint64_t*)0x20000001d038 = 0; *(uint64_t*)0x20000001d040 = 0; *(uint64_t*)0x20000001d048 = 0; *(uint64_t*)0x20000001d050 = 0; *(uint32_t*)0x20000001d058 = 0; *(uint32_t*)0x20000001d05c = 0; *(uint64_t*)0x20000001d060 = 0; *(uint32_t*)0x20000001d068 = 0; *(uint16_t*)0x20000001d06c = 0; *(uint16_t*)0x20000001d06e = 0; *(uint32_t*)0x20000001d070 = 0; *(uint32_t*)0x20000001d074 = 0; *(uint64_t*)0x20000001d078 = 0; res = syscall(__NR_perf_event_open, /*attr=*/0x20000001d000ul, /*pid=*/0, /*cpu=*/0ul, /*group=*/-1, /*flags=*/0ul); if (res != -1) r[56] = res; *(uint64_t*)0x200000000080 = 0x1ff; syscall(__NR_ioctl, /*fd=*/r[56], /*cmd=FIOASYNC*/ 0x5452, /*v=*/0x200000000080ul); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0); if (res != -1) r[57] = res; *(uint32_t*)0x200000000180 = 7; syscall(__NR_setsockopt, /*fd=*/r[57], /*level=*/6, /*optname=TCP_FASTOPEN_NO_COOKIE*/ 0x22, /*optval=*/0x200000000180ul, /*optlen=*/4ul); syscall(__NR_shutdown, /*fd=*/r[57], /*how=*/0ul); *(uint32_t*)0x200000000140 = 1; syscall(__NR_setsockopt, /*fd=*/r[57], /*level=*/6, /*optname=TCP_FASTOPEN_NO_COOKIE*/ 0x22, /*optval=*/0x200000000140ul, /*optlen=*/4ul); *(uint16_t*)0x200000000040 = 0xa; *(uint16_t*)0x200000000042 = htobe16(0); *(uint32_t*)0x200000000044 = htobe32(0); memset((void*)0x200000000048, 0, 10); memset((void*)0x200000000052, 255, 2); *(uint32_t*)0x200000000054 = htobe32(0x7f000001); *(uint32_t*)0x200000000058 = 0; syscall(__NR_connect, /*fd=*/r[57], /*addr=*/0x200000000040ul, /*addrlen=*/0x1cul); res = syscall(__NR_io_setup, /*n=*/0xa, /*ctx=*/0x200000000080ul); if (res != -1) r[58] = *(uint64_t*)0x200000000080; *(uint64_t*)0x2000000002c0 = 0x200000000000; *(uint64_t*)0x200000000000 = 0x180a; *(uint32_t*)0x200000000008 = 0; *(uint32_t*)0x20000000000c = 0; *(uint16_t*)0x200000000010 = 5; *(uint16_t*)0x200000000012 = 0; *(uint32_t*)0x200000000014 = r[57]; *(uint64_t*)0x200000000018 = 0; *(uint64_t*)0x200000000020 = 0; *(uint64_t*)0x200000000028 = 0; *(uint64_t*)0x200000000030 = 0; *(uint32_t*)0x200000000038 = 0; *(uint32_t*)0x20000000003c = -1; syscall(__NR_io_submit, /*ctx=*/r[58], /*nr=*/1ul, /*iocbpp=*/0x2000000002c0ul); *(uint64_t*)0x200000000680 = 0; *(uint32_t*)0x200000000688 = 0x21; *(uint32_t*)0x20000000068c = 0; *(uint32_t*)0x200000000690 = 0; syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x200000000680ul, /*timerid=*/0x200000000100ul); syscall(__NR_read, /*fd=*/-1, /*data=*/0x200000000040ul, /*len=*/8ul); *(uint64_t*)0x20000006b000 = 0; *(uint64_t*)0x20000006b008 = 8; *(uint64_t*)0x20000006b010 = 0; *(uint64_t*)0x20000006b018 = 9; syscall(__NR_timer_settime, /*timerid=*/0, /*flags=*/0ul, /*new=*/0x20000006b000ul, /*old=*/0ul); res = syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0ul, /*timerid=*/0x200000000200ul); if (res != -1) r[59] = *(uint32_t*)0x200000000200; syscall(__NR_timer_settime, /*timerid=*/r[59], /*flags=*/0ul, /*new=*/0ul, /*old=*/0x200000000600ul); syscall(__NR_dup2, /*oldfd=*/-1, /*newfd=*/-1); res = syscall(__NR_pipe, /*pipefd=*/0x2000000000c0ul); if (res != -1) r[60] = *(uint32_t*)0x2000000000c4; syscall(__NR_write, /*fd=*/r[60], /*data=*/0x200000000000ul, /*len=*/0xfffffeccul); memcpy((void*)0x200000000640, ".\000", 2); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000640ul, /*flags=*/0, /*mode=*/0); if (res != -1) r[61] = res; syscall(__NR_splice, /*fdin=*/r[61], /*offin=*/0ul, /*fdout=*/r[60], /*offout=*/0ul, /*len=*/0x597bul, /*f=*/0ul); res = syscall(__NR_inotify_init1, /*flags=*/0ul); if (res != -1) r[62] = res; memcpy((void*)0x200000001240, "./file0\000", 8); res = syscall(__NR_inotify_add_watch, /*fd=*/r[62], /*file=*/0x200000001240ul, /*mask=IN_MODIFY|IN_DELETE_SELF|IN_DELETE*/ 0x602ul); if (res != -1) r[63] = res; syscall(__NR_inotify_rm_watch, /*fd=*/r[62], /*wd=*/r[63]); *(uint16_t*)0x200000000140 = 0; *(uint16_t*)0x200000000142 = 1; *(uint64_t*)0x200000000148 = 0x3f; *(uint64_t*)0x200000000150 = 5; *(uint32_t*)0x200000000158 = 0; *(uint32_t*)0x20000000015c = 0; memset((void*)0x200000000160, 0, 16); syscall(__NR_ioctl, /*fd=*/r[56], /*cmd=*/0x40305828, /*arg=*/0x200000000140ul); memcpy((void*)0x200000000080, "./file0\000", 8); memcpy((void*)0x200000000200, "trusted.overlay.upper\000", 22); syscall(__NR_setxattr, /*path=*/0x200000000080ul, /*name=*/0x200000000200ul, /*val=*/0x2000000000c0ul, /*size=*/0x7c8ul, /*flags=*/0ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=SOCK_DGRAM*/ 2ul, /*proto=*/0); if (res != -1) r[64] = res; *(uint32_t*)0x200000356ffc = 0xffffff40; syscall(__NR_setsockopt, /*fd=*/r[64], /*level=*/1, /*optname=SO_REUSEPORT*/ 0xf, /*optval=*/0x200000356ffcul, /*optlen=*/4ul); syz_sysconfig_reset__proc_sys_net_ipv6_ip6frag_time(); memcpy((void*)0x200000000140, "./file0\000", 8); syscall(__NR_mkdir, /*path=*/0x200000000140ul, /*mode=*/0ul); memcpy((void*)0x200000000040, "./file0\000", 8); memcpy((void*)0x200000000580, "cgroup2\000", 8); syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000040ul, /*type=*/0x200000000580ul, /*flags=*/0ul, /*data=*/0ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/2ul, /*proto=*/0x88); if (res != -1) r[65] = res; *(uint32_t*)0x200000000280 = 5; res = syscall(__NR_getsockopt, /*fd=*/r[65], /*level=*/1, /*optname=*/0x11, /*optval=*/0x200000000240ul, /*optlen=*/0x200000000280ul); if (res != -1) r[66] = *(uint32_t*)0x200000000244; syscall(__NR_setreuid, /*ruid=*/r[66], /*euid=*/r[66]); memcpy((void*)0x200000000640, "./file0\000", 8); syscall(__NR_chmod, /*file=*/0x200000000640ul, /*mode=*/0ul); *(uint32_t*)0x200000000080 = 1; *(uint32_t*)0x200000000084 = 1; *(uint32_t*)0x200000000088 = 0x18; *(uint32_t*)0x20000000008c = -1; *(uint32_t*)0x200000000090 = 2; memcpy((void*)0x200000000098, "./file0/file0\000", 14); res = syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0xc018937e, /*arg=*/0x200000000080ul); if (res != -1) r[67] = *(uint32_t*)0x20000000008c; *(uint32_t*)0x200000000180 = 0x74; *(uint8_t*)0x200000000184 = 0x29; *(uint16_t*)0x200000000185 = 1; *(uint32_t*)0x200000000187 = 0; *(uint8_t*)0x20000000018b = 0x10; *(uint32_t*)0x20000000018c = 0; *(uint64_t*)0x200000000190 = 1; *(uint64_t*)0x200000000198 = 0; *(uint8_t*)0x2000000001a0 = 3; *(uint16_t*)0x2000000001a1 = 0xd; memcpy((void*)0x2000000001a3, "./file0/file0", 13); *(uint8_t*)0x2000000001b0 = 2; *(uint32_t*)0x2000000001b1 = 1; *(uint64_t*)0x2000000001b5 = 4; *(uint64_t*)0x2000000001bd = 7; *(uint8_t*)0x2000000001c5 = 4; *(uint16_t*)0x2000000001c6 = 7; memcpy((void*)0x2000000001c8, "./file0", 7); *(uint8_t*)0x2000000001cf = 0x20; *(uint32_t*)0x2000000001d0 = 1; *(uint64_t*)0x2000000001d4 = 1; *(uint64_t*)0x2000000001dc = 0x20; *(uint8_t*)0x2000000001e4 = 0x1f; *(uint16_t*)0x2000000001e5 = 0xd; memcpy((void*)0x2000000001e7, "./file0/file0", 13); syscall(__NR_write, /*fd=*/r[67], /*data=*/0x200000000180ul, /*size=*/0x74ul); memcpy((void*)0x200000000000, "./file0/file0\000", 14); syscall(__NR_faccessat, /*dirfd=*/-1, /*pathname=*/0x200000000000ul, /*mode=S_IXGRP|S_IWGRP*/ 0x18ul); memcpy((void*)0x200000000800, "./control\000", 10); res = syscall(__NR_creat, /*file=*/0x200000000800ul, /*mode=*/0ul); if (res != -1) r[68] = res; res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0); if (res != -1) r[69] = res; syscall(__NR_setsockopt, /*fd=*/r[69], /*level=*/0x29, /*optname=IPV6_AUTOFLOWLABEL*/ 0x46, /*optval=*/0ul, /*optlen=*/0ul); *(uint32_t*)0x200000000200 = 1; syscall(__NR_setsockopt, /*fd=*/r[69], /*level=*/6, /*optname=TCP_FASTOPEN_NO_COOKIE*/ 0x22, /*optval=*/0x200000000200ul, /*optlen=*/4ul); memset((void*)0x200000000240, 196, 1); *(uint16_t*)0x200000b63fe4 = 0xa; *(uint16_t*)0x200000b63fe6 = htobe16(0); *(uint32_t*)0x200000b63fe8 = htobe32(0); memset((void*)0x200000b63fec, 0, 16); *(uint32_t*)0x200000b63ffc = 0; syscall(__NR_sendto, /*fd=*/r[69], /*buf=*/0x200000000240ul, /*len=*/1ul, /*f=MSG_FASTOPEN|MSG_OOB|MSG_DONTWAIT|MSG_DONTROUTE|MSG_CONFIRM*/ 0x20000845ul, /*addr=*/0x200000b63fe4ul, /*addrlen=*/0x1cul); *(uint32_t*)0x200000000080 = 0xd; syscall(__NR_setsockopt, /*fd=*/r[68], /*level=*/0, /*opt=*/0xd4, /*val=*/0x200000000080ul, /*len=*/4ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/6); if (res != -1) r[70] = res; syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=NETLINK_FIB_LOOKUP*/ 0xa); syscall(__NR_socket, /*domain=*/0xaul, /*type=SOCK_CLOEXEC|SOCK_DGRAM*/ 0x80002ul, /*proto=*/0); memcpy((void*)0x200000000440, "ext4\000", 5); memcpy((void*)0x200000000480, "./file0\000", 8); *(uint8_t*)0x200000000000 = 0; memcpy( (void*)0x200000000500, "\x78\x9c\xec\xdc\x4d\x6f\x15\x55\x1c\x07\xe0\xdf\x4c\x5b\x08\x2f\x5a\x34" "\xbe\x56\x94\x0a\x2a\x15\xb4\xa5\xa8\xd5\x85\x1b\xf6\x26\x2e\x64\xe7\xaa" "\xa1\x85\x10\x0b\x18\x5a\x13\x21\x2c\x34\xc1\xb8\x91\x85\x89\x71\x69\xe2" "\x07\x30\x91\x9d\x89\x1b\x76\x6e\x59\xf0\x01\x58\x1a\x0c\x31\x2c\xb4\xd1" "\xc4\xd4\xcc\xed\x1d\x7a\x69\x7b\x0b\x85\xd6\x6b\x98\xe7\x49\xe6\xde\x73" "\xe6\x9c\x9b\x73\x66\x4e\xfe\x73\xef\x3d\x73\x32\x01\x1a\x6b\xb8\x7a\x29" "\x92\x9d\x49\xae\x25\x19\x5c\xcc\xde\x59\x61\x78\xf1\xed\xcf\x5b\x17\x8e" "\xcd\xdf\xba\x70\xac\xc8\xc2\xc2\x07\xbf\x17\xad\x7a\xd5\xbe\xba\x6a\xfd" "\xb9\x1d\xd5\x4b\x99\x8c\x94\x49\x79\xb1\xc8\x73\xab\xb4\x3b\x7b\xee\xfc" "\x47\x93\x33\x33\xd3\x67\xdb\xf9\xb1\xb9\x53\x1f\x8f\xcd\x9e\x3b\xff\xfa" "\xc9\x53\x93\x27\xa6\x4f\x4c\x9f\x1e\x9f\x98\x38\x74\x68\xe2\xed\x89\xb7" "\xde\xd9\xb0\x63\x1d\x9a\xfc\xf1\xbb\xdf\x2e\xbd\xff\xf5\xb7\x5f\x7c\x38" "\xb6\x67\xa8\xdc\x5b\xf5\x77\x67\xbb\xac\xf3\x38\x36\xca\x70\x86\xef\x3c" "\x97\x1d\x5e\xd9\xe8\xc6\x7a\xec\xc9\x8e\x74\xd1\xdf\xc3\x8e\xb0\x2e\x7d" "\x49\xaa\xe1\x1a\x68\xc5\xff\x60\xfa\xb2\x34\x78\x83\xf9\xe5\x7a\x4f\x3b" "\x07\x6c\xaa\x85\xca\xd6\xae\xc5\x9f\x2d\x00\x0f\xb1\x22\xbd\xee\x01\xd0" "\x1b\xf5\x17\x7d\xf5\xff\xb7\xde\xfe\xab\xdf\x1e\xf4\xde\xcd\x23\x8b\x7f" "\x00\xeb\xb9\x9d\xf9\xdb\xe3\xdf\x9f\xb2\x5d\x67\x60\xd9\xff\xfb\x8d\x34" "\x9c\xe4\xc2\xf5\xf9\xc1\x6a\xcb\x26\xcd\xc3\x00\x00\x00\x00\x34\xd9\x95" "\x23\x49\x5e\x5b\x6d\xfe\xaf\xcc\x53\x1d\xf5\xaa\xf4\xd3\x49\x9e\x49\xf2" "\x6c\x92\xa1\xa4\xb5\xae\x67\x77\x92\xe7\x93\xbc\x90\x64\x4f\xbd\x9e\x68" "\x1d\x96\xd7\x5f\x39\xff\x53\xde\xb8\xaf\x03\xe3\x9e\xdc\x3c\x92\xbc\x9b" "\x64\x7e\xc5\xfc\x5f\x3d\xfb\x97\x5d\x7d\xed\xdc\x23\x55\x26\x03\xc5\xf1" "\x93\x33\xd3\x87\x92\x3c\x9a\x64\x24\x03\x5b\xab\xfc\xf8\x1a\x6d\x4c\xfe" "\xf0\xc7\x4f\xdd\xca\xaa\xf1\xbf\xf6\x73\xdf\x60\xbd\x55\xed\x57\xef\x4b" "\x35\xca\x1b\xfd\xcb\xee\x4f\x4f\x4d\xce\x4d\x3e\xc8\x31\xb3\xe4\xe6\xe7" "\xc9\x50\xff\x6a\xe3\x5f\xdc\x5e\x09\x54\x24\x79\x31\xc9\xde\xfb\x6c\xe3" "\xe2\xa5\xdd\x97\xbb\x95\xdd\x7d\xfc\xd9\x4c\x0b\xdf\x27\xfb\x57\x8d\xff" "\xa5\x95\x8b\xc5\xda\xeb\x33\xc7\x5a\xd7\x83\xb1\xfa\xaa\xb0\xd2\xd5\x85" "\xe1\xf9\x6e\xed\x1b\xff\xde\xaa\xe2\x7f\xfb\xda\xe3\xbf\xab\xe8\x5c\xaf" "\x3b\xbb\xfe\x36\x2e\x0f\xfc\xf5\x4f\xb7\xb2\xfb\xbd\xfe\x6f\x29\x8e\xb6" "\x3a\xb8\xa5\xbd\xef\xd3\xc9\xb9\xb9\xb3\xe3\xc9\x96\xe2\xbd\x95\xfb\x0f" "\xaf\xbf\xcf\x0f\xab\xfa\x7c\xd4\xe7\xab\x1a\xff\x91\x7d\xab\x7f\xff\x3f" "\xde\xfe\x4c\x75\x42\xf7\x25\x79\x29\xc9\xcb\xed\xb5\xcb\xfb\x5b\xdf\xfd" "\xc9\xab\x49\x0e\x24\x39\xb8\x46\x9b\x5f\x1e\xf8\xea\x4a\xb7\x32\xf1\xdf" "\x5b\xd5\xf8\x4f\xad\x2b\xfe\xd7\x9f\xf8\x7b\xdb\xd1\xab\xdd\xda\xef\xbc" "\xff\x5b\x6d\x55\xfb\xf5\xbd\xe0\x45\x55\xfc\xbf\xd9\xea\xcc\x48\x7b\x8f" "\xdf\x7f\x77\x77\xaf\x03\xd4\xeb\x7e\x02\x00\x00\x00\x00\x00\x00\xb0\x31" "\xca\xd6\x33\xf0\x8a\x72\xf4\x76\xba\x2c\x47\x47\x17\x9f\xe1\xf7\x44\xb6" "\x97\x33\x67\x66\xe7\x0e\x1e\x3f\xf3\xc9\xe9\xa9\xc5\x67\xe5\xed\xca\x40" "\x59\xaf\xf4\x1a\xec\x58\x0f\x3a\xde\x4a\x2f\xe5\x0f\x2f\xcb\xbf\x91\xe4" "\xb1\x24\xdf\xf4\x6d\x6b\xe5\x47\x8f\x9d\x99\x99\xea\xf5\xc1\x43\xc3\xed" "\xe8\x12\xff\x95\x5f\xfb\x7a\xdd\x3b\x60\xd3\x79\x5e\x2b\x34\x97\xf8\x87" "\xe6\x12\xff\xd0\x5c\xe2\x1f\x9a\x4b\xfc\x43\x73\x89\x7f\x68\x2e\xf1\x0f" "\xcd\x25\xfe\xa1\xb9\xc4\x3f\x34\x97\xf8\x87\x46\x7a\x90\xe7\xfa\x49\x48" "\x48\x3c\xac\x89\x5e\x5f\x99\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\x1f\xfe\x0d\x00\x00\xff" "\xff\xbc\xb0\xdc\x06", 1049); syz_mount_image(/*fs=*/0x200000000440, /*dir=*/0x200000000480, /*flags=*/0, /*opts=*/0x200000000000, /*chdir=*/1, /*size=*/0x419, /*img=*/0x200000000500); memcpy((void*)0x200000000040, "./file2\000", 8); res = syscall( __NR_open, /*file=*/0x200000000040ul, /*flags=O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOCTTY|O_LARGEFILE|O_EXCL|0x82002*/ 0x1ab382ul, /*mode=*/0ul); if (res != -1) r[71] = res; syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0xc); syscall(__NR_write, /*fd=*/-1, /*data=*/0x200000000280ul, /*len=*/0xfd14ul); syscall(__NR_write, /*fd=*/-1, /*data=*/0ul, /*size=*/0ul); syscall(__NR_chdir, /*dir=*/0ul); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0ul, /*flags=*/0x275a, /*mode=*/0); if (res != -1) r[72] = res; syscall(__NR_getsockopt, /*fd=*/-1, /*level=*/1, /*optname=*/0x11, /*optval=*/0ul, /*optlen=*/0ul); *(uint32_t*)0x20000001d000 = 0; *(uint32_t*)0x20000001d004 = 0x80; *(uint8_t*)0x20000001d008 = 0; *(uint8_t*)0x20000001d009 = 0; *(uint8_t*)0x20000001d00a = 0; *(uint8_t*)0x20000001d00b = 0; *(uint32_t*)0x20000001d00c = 0; *(uint64_t*)0x20000001d010 = 0; *(uint64_t*)0x20000001d018 = 0; *(uint64_t*)0x20000001d020 = 5; STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 2, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 3, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 5, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 6, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 7, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 8, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 9, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 10, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 11, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 12, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 13, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 14, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 15, 2); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 17, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 18, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 19, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 20, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 21, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 22, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 23, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 24, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 25, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 26, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 27, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 28, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 29, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 30, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 31, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 32, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 33, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 34, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 35, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 36, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 37, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 38, 26); *(uint32_t*)0x20000001d030 = 0; *(uint32_t*)0x20000001d034 = 0; *(uint64_t*)0x20000001d038 = 0; *(uint64_t*)0x20000001d040 = 0; *(uint64_t*)0x20000001d048 = 0; *(uint64_t*)0x20000001d050 = 0; *(uint32_t*)0x20000001d058 = 0; *(uint32_t*)0x20000001d05c = 6; *(uint64_t*)0x20000001d060 = 0; *(uint32_t*)0x20000001d068 = 0; *(uint16_t*)0x20000001d06c = 0; *(uint16_t*)0x20000001d06e = 0; *(uint32_t*)0x20000001d070 = 7; *(uint32_t*)0x20000001d074 = 0; *(uint64_t*)0x20000001d078 = 0; syscall(__NR_perf_event_open, /*attr=*/0x20000001d000ul, /*pid=*/0, /*cpu=*/-1, /*group=*/-1, /*flags=*/0ul); memcpy((void*)0x200000000000, "#! ", 3); *(uint8_t*)0x200000000003 = 0xa; syscall(__NR_write, /*fd=*/r[72], /*data=*/0x200000000000ul, /*len=*/0x208e24bul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xb36000ul, /*prot=*/0ul, /*flags=MAP_FIXED*/ 0x10ul, /*fd=*/r[72], /*offset=*/0ul); syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0ul, /*f=*/0ul); *(uint32_t*)0x2000000000c0 = 0xb; *(uint8_t*)0x2000000000c4 = 0x29; *(uint16_t*)0x2000000000c5 = 3; *(uint32_t*)0x2000000000c7 = 0; syscall(__NR_write, /*fd=*/r[72], /*data=*/0x2000000000c0ul, /*size=*/0xbul); *(uint64_t*)0x200000000240 = 0; syscall(__NR_sendfile, /*fdout=*/r[71], /*fdin=*/r[71], /*off=*/0x200000000240ul, /*count=*/7ul); memcpy((void*)0x200000000040, "./file2\000", 8); res = syscall(__NR_open, /*file=*/0x200000000040ul, /*flags=O_SYNC|O_CREAT|O_CLOEXEC|O_RDWR*/ 0x181042ul, /*mode=*/0ul); if (res != -1) r[73] = res; *(uint32_t*)0x200000000280 = 0x8b; *(uint8_t*)0x200000000284 = 0x29; *(uint16_t*)0x200000000285 = 1; *(uint32_t*)0x200000000287 = 2; *(uint8_t*)0x20000000028b = 1; *(uint32_t*)0x20000000028c = 2; *(uint64_t*)0x200000000290 = 7; *(uint64_t*)0x200000000298 = 0x1ff; *(uint8_t*)0x2000000002a0 = 2; *(uint16_t*)0x2000000002a1 = 9; memcpy((void*)0x2000000002a3, "./control", 9); *(uint8_t*)0x2000000002ac = 0x40; *(uint32_t*)0x2000000002ad = 0; *(uint64_t*)0x2000000002b1 = 1; *(uint64_t*)0x2000000002b9 = 0x49b; *(uint8_t*)0x2000000002c1 = 0x61; *(uint16_t*)0x2000000002c2 = 7; memcpy((void*)0x2000000002c4, "./file0", 7); *(uint8_t*)0x2000000002cb = 8; *(uint32_t*)0x2000000002cc = 2; *(uint64_t*)0x2000000002d0 = 8; *(uint64_t*)0x2000000002d8 = 8; *(uint8_t*)0x2000000002e0 = 0; *(uint16_t*)0x2000000002e1 = 9; memcpy((void*)0x2000000002e3, "./control", 9); *(uint8_t*)0x2000000002ec = 8; *(uint32_t*)0x2000000002ed = 1; *(uint64_t*)0x2000000002f1 = 3; *(uint64_t*)0x2000000002f9 = 4; *(uint8_t*)0x200000000301 = 0x80; *(uint16_t*)0x200000000302 = 7; memcpy((void*)0x200000000304, "./file0", 7); syscall(__NR_write, /*fd=*/r[73], /*data=*/0x200000000280ul, /*size=*/0x8bul); *(uint64_t*)0x200000000240 = 0; syscall(__NR_sendfile, /*fdout=*/r[73], /*fdin=*/r[73], /*off=*/0x200000000240ul, /*count=*/0x7f06ul); *(uint64_t*)0x200000000180 = 0; *(uint32_t*)0x200000000188 = 0; *(uint64_t*)0x200000000190 = 0x200000000000; *(uint64_t*)0x200000000000 = 0x200000000d80; memcpy( (void*)0x200000000d80, "\x50\x00\x13\x1f\x00\x00\x00\x00\x0a\x01\x39\xad\x83\xfa\x15\x38\xd6\x34" "\x00\x00\x00\x00\x00\x00\xe0\x00\x00\x01\x00\x00\x00\x00\xf7\xff\xfe\xd4" "\xff\xff\xff\xff\x02\x00\xab\xcd\x2d\xb9\x90\xb2\xe9\x6f\x00\x00\x00\x00" "\x67\xd9\x00\x01\x01\x00\x00\x84\xe3\xcc\xe4\x18\x81\xff\xff\xff\xff\xe3" "\x00\x00\x00\x00\x00\x72\xdf\x04\xe7\xbb\x0c\x33\x8c\x81\x67\x42\xed\xcc" "\xcc\x0b\xfc\xed\x63\x7d\xcc\xdb\x7e\x3a\xe5\x32\x4c\xaa\x99\x62\xfd\x9d" "\x52\xee\x50\xf9\x52\xbd\x74\x7b\x8a\x29\xa5\x53\x59\xeb\x1e\x51\x8e\xee" "\x8d\xa8\x6e\x65\xe4\x64\x99\x40\xa8\x40\x4f\xb0\x26\xb8\x25\xf5\x63\xca" "\xd0\x4b\x13\xd5\x02\xf7\x53\x0a\xe6\xa7\xf3\xd0\xb0\xd5\x83\x85\x18\x83" "\xbd\xd9\xc0\xd9\x39\xc5\x51\x60\xee\x85\xf8\x4e\xfd\x88\xeb\x5c\xce\xfd" "\x31\x0e\x83\xb4\xa7\xb8\x7f\xf1\x9d\xff\x07\x40\xb0\xaa\x24\x92\x3a\x6b" "\x6d\x1e\xd7\x07\x9e\xcb\xfe\x18\x16\x47\xb9\x75\x43\x3a\x94\x7d\x5d\xc7" "\x20\x23\xd7\x51\xe1\xcd\x83\x6b\xeb\x64\x01\x2f\xa6\x49\x31\x1e\x93", 233); sprintf((char*)0x200000000e69, "%020llu", (long long)r[69]); sprintf((char*)0x200000000e7d, "0x%016llx", (long long)r[70]); memcpy( (void*)0x200000000e8f, "\x0a\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x04\xd2\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\xfc\xff\xff\xff\xff\xff\xff\xff\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x60\x00\x02\x00\x63\x62\x63\x28\x61\x65\x73\x29" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\xc0\x00\x00\x00\x60\x6d\xdc\x76\x8e\x38\xbe\x5f\x49\xab\x9e\x96" "\xac\xa8\x3e\x9d\x06\xf4\x2e\xba\xa3\xc0\xa0\xb2", 264); *(uint64_t*)0x200000000008 = 0x150; *(uint64_t*)0x200000000198 = 1; *(uint64_t*)0x2000000001a0 = 0; *(uint64_t*)0x2000000001a8 = 0; *(uint32_t*)0x2000000001b0 = 0; syscall(__NR_sendmsg, /*fd=*/r[70], /*msg=*/0x200000000180ul, /*f=MSG_FASTOPEN|MSG_DONTROUTE*/ 0x20000004ul); res = syscall(__NR_socket, /*domain=*/0x11ul, /*type=SOCK_DGRAM*/ 2ul, /*proto=*/0x300); if (res != -1) r[74] = res; syscall(__NR_recvfrom, /*fd=*/r[74], /*buf=*/0ul, /*len=*/0ul, /*f=MSG_ERRQUEUE*/ 0x2000ul, /*addr=*/0ul, /*addrlen=*/0ul); syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x5301, 0); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x3f); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x12000); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/2); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/1); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x101); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/8); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x80); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x800000); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x7fffffff); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x7fff); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/8); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/6); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0xffff8000); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/2); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/8); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0xfff); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/4); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/5); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/6); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/4); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x1000); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/8); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/-1); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/7); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x1ff); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x88c); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x3fbb); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0x15); syz_proconfig_set__sys_devices_pci0000_00_0000_00_03_0_net_eth0_mtu( /*val=*/0); memcpy((void*)0x200000000400, "/dev/net/tun\000", 13); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000400ul, /*flags=O_RDWR*/ 2, /*mode=*/0); if (res != -1) r[75] = res; memset((void*)0x200000000280, 0, 16); *(uint16_t*)0x200000000290 = 0x4009; syscall(__NR_ioctl, /*fd=*/r[75], /*cmd=*/0x400454ca, /*arg=*/0x200000000280ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0); if (res != -1) r[76] = res; res = syscall(__NR_dup2, /*oldfd=*/r[75], /*newfd=*/r[76]); if (res != -1) r[77] = res; memcpy((void*)0x200000000300, "\x00\x00\x00\x00\x04\x01\x00\x00\x01\x00\x00\x00\x88\x96", 14); syscall(__NR_write, /*fd=*/r[77], /*buf=*/0x200000000300ul, /*count=*/0xfdeful); memcpy((void*)0x2000000002c0, "./file0\000", 8); syscall(__NR_mkdir, /*path=*/0x2000000002c0ul, /*mode=*/0ul); memcpy((void*)0x200000000140, "./file0\000", 8); memcpy((void*)0x200000000580, "cgroup2\000", 8); syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000140ul, /*type=*/0x200000000580ul, /*flags=*/0ul, /*data=*/0ul); memcpy((void*)0x200000000140, "./file0\000", 8); syscall(__NR_mkdir, /*path=*/0x200000000140ul, /*mode=*/0ul); memcpy((void*)0x200000000000, "./file0\000", 8); memcpy((void*)0x200000000040, "ramfs\000", 6); syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000000ul, /*type=*/0x200000000040ul, /*flags=*/0ul, /*data=*/0ul); memcpy((void*)0x200000000280, "./file0\000", 8); syscall(__NR_chdir, /*dir=*/0x200000000280ul); memcpy((void*)0x200000000080, "./file0\000", 8); memcpy((void*)0x2000000002c0, "./file0\000", 8); syscall(__NR_symlink, /*old=*/0x200000000080ul, /*new=*/0x2000000002c0ul); memcpy((void*)0x200000000180, "ext4\000", 5); memcpy((void*)0x2000000000c0, "./file0\000", 8); memcpy((void*)0x2000000001c0, "dioread_nolock", 14); *(uint8_t*)0x2000000001ce = 0x2c; memcpy((void*)0x2000000001cf, "grpquota", 8); *(uint8_t*)0x2000000001d7 = 0x2c; memcpy((void*)0x2000000001d8, "debug_want_extra_isize", 22); *(uint8_t*)0x2000000001ee = 0x3d; sprintf((char*)0x2000000001ef, "0x%016llx", (long long)0x5c); *(uint8_t*)0x200000000201 = 0x2c; memcpy((void*)0x200000000202, "journal_ioprio", 14); *(uint8_t*)0x200000000210 = 0x3d; sprintf((char*)0x200000000211, "0x%016llx", (long long)5); *(uint8_t*)0x200000000223 = 0x2c; memcpy((void*)0x200000000224, "errors=continue", 15); *(uint8_t*)0x200000000233 = 0x2c; memcpy((void*)0x200000000234, "errors=continue", 15); *(uint8_t*)0x200000000243 = 0x2c; memcpy((void*)0x200000000244, "usrjquota=", 10); *(uint8_t*)0x20000000024e = 0x2c; *(uint8_t*)0x20000000024f = 0; memcpy( (void*)0x200000000d00, "\x78\x9c\xec\xdb\xcf\x6f\x14\x55\x1c\x00\xf0\xef\xcc\xb6\xa0\x08\xb4\x22" "\xfe\x00\x51\xab\x68\x6c\xfc\xd1\xd2\x82\xca\xc1\x8b\x46\x13\x0f\x9a\x98" "\xe8\x01\x8f\xb5\x2d\x04\x59\xa8\xa1\x35\x11\x42\xb4\x1a\x83\x47\x43\xe2" "\xdd\x78\x34\xf1\x2f\xf0\xa4\x17\xa3\x9e\x4c\xbc\xea\xdd\x90\x10\xed\x05" "\xf4\x62\xcd\xcc\xce\x94\xed\x76\xb7\xf4\xc7\x96\x6d\xbb\x9f\x4f\x32\xed" "\x7b\x3b\x6f\xf7\xbd\xef\xbe\x79\x3b\x6f\xe6\xed\x06\xd0\xb5\x06\xb2\x3f" "\x49\xc4\xee\x88\xf8\x3d\x22\xfa\x6a\xd9\xc5\x05\x06\x6a\xff\x6e\xcc\x5d" "\x1a\xff\x67\xee\xd2\x78\x12\xf3\xf3\x6f\xfd\x95\xe4\xe5\xae\xcf\x5d\x1a" "\x2f\x8b\x96\xcf\xbb\xab\xc8\x0c\xa6\x11\xe9\x67\x49\x51\xc9\x62\xd3\x17" "\x2e\x9e\x19\xab\x56\x27\xcf\x17\xf9\xe1\x99\xb3\xef\x0f\x4f\x5f\xb8\xf8" "\xec\xe9\xb3\x63\xa7\x26\x4f\x4d\x9e\x1b\x3d\x7e\xfc\xd8\xd1\x91\x17\x9e" "\x1f\x7d\xae\x2d\x71\x66\x71\x5d\x3f\xf8\xd1\xd4\xa1\x03\xaf\xbd\x73\xe5" "\x8d\xf1\x13\x57\xde\xfd\xf9\xdb\xac\xbd\xbb\x8b\xfd\xf5\x71\xb4\xcb\x40" "\x16\xf8\xdf\xf3\xb9\xc6\x7d\x4f\xb4\xbb\xb2\x0e\xdb\x53\x97\x4e\x7a\x3a" "\xd8\x10\x56\xa5\x12\x11\x59\x77\xf5\xe6\xe3\xbf\x2f\x2a\x71\xb3\xf3\xfa" "\xe2\xd5\x4f\x3b\xda\x38\x60\x43\x65\xe7\xa6\x9d\xad\x77\xcf\x26\xc9\x3c" "\xb0\x6d\x25\xd1\xe9\x16\x00\x9d\x51\x9e\xe8\xb3\xeb\xdf\x72\xbb\x4d\x53" "\x8f\x4d\xe1\xda\x4b\xb5\x0b\xa0\x2c\xee\x1b\xc5\x56\xdb\xd3\x13\x69\x51" "\xa6\xb7\xe1\xfa\xb6\x9d\x06\x22\xe2\xc4\xec\xbf\x5f\x65\x5b\x6c\xd0\x7d" "\x08\x00\x80\x7a\xdf\x67\xf3\x9f\x67\x9a\xcd\xff\xd2\xb8\xaf\xae\xdc\xde" "\x62\x0d\xa5\x3f\x22\xee\x8e\x88\x7d\x11\x71\x4f\x44\xec\x8f\x88\x7b\x23" "\xf2\xb2\xf7\x47\xc4\x03\xab\xac\xbf\x71\x69\x68\xe9\xfc\x27\xbd\xba\xa6" "\xc0\x56\x28\x9b\xff\xbd\x58\xac\x6d\x2d\x9e\xff\x95\xb3\xbf\xe8\xaf\x14" "\xb9\x3d\x79\xfc\xbd\xc9\xc9\xd3\xd5\xc9\x23\xc5\x7b\x32\x18\xbd\x3b\xb3" "\xfc\xc8\x32\x75\xfc\xf0\xca\x6f\x5f\xb4\xda\x57\x3f\xff\xcb\xb6\xac\xfe" "\x72\x2e\x58\xb4\xe3\x6a\x4f\xc3\x0d\xba\x89\xb1\x99\xb1\x7c\x52\xda\x06" "\xd7\x3e\x89\x38\xd8\xd3\x2c\xfe\x64\x61\x25\x20\x89\x88\x03\x11\x71\x70" "\x75\x2f\xbd\xb7\x4c\x9c\x7e\xea\x9b\x43\xad\x0a\xdd\x3a\xfe\x65\xb4\x61" "\x9d\x69\xfe\xeb\x88\x27\x6b\xfd\x3f\x1b\x0d\xf1\x97\x92\xe5\xd7\x27\x87" "\xef\x88\xea\xe4\x91\xe1\xf2\xa8\x58\xea\x97\x5f\x2f\xbf\xd9\xaa\xfe\x75" "\xc5\xdf\x06\x59\xff\xef\x5a\x7c\xfc\x37\x16\xe9\x4f\xea\xd7\x6b\xa7\x57" "\x5f\xc7\xe5\x3f\x3e\x6f\x79\x4d\xb3\xd6\xe3\x7f\x47\xf2\x76\xde\x2f\x3b" "\x8a\xc7\x3e\x1c\x9b\x99\x39\x3f\x12\xb1\x23\x79\x3d\xcf\x2f\x7a\x7c\xf4" "\xe6\x73\xcb\x7c\x59\x3e\x8b\x7f\xf0\x70\xf3\xf1\xbf\xaf\x78\x4e\x56\xcf" "\x83\x11\x91\x1d\xc4\x0f\x45\xc4\xc3\x11\xf1\x48\xd1\xf6\x47\x23\xe2\xb1" "\x88\x38\x5c\x56\xf0\xdf\xd2\x18\x7f\x7a\xf9\xf1\xf7\xd6\x1e\xff\xc6\xca" "\xe2\x9f\x68\xfa\xf9\xb7\x70\xfc\x37\xf4\xff\xea\x13\x95\x33\x3f\x7e\xd7" "\xaa\xfe\x95\xf5\xff\xb1\x3c\x35\x58\x3c\x92\x7f\xfe\xdd\xc2\x4a\x1b\xb8" "\x9e\xf7\x0e\x00\x00\x00\xb6\x8a\x34\xff\x0e\x7c\x92\x0e\x2d\xa4\xd3\x74" "\x68\xa8\xf6\x1d\xfe\xfd\xb1\x2b\xad\x4e\x4d\xcf\x3c\x7d\x72\xea\x83\x73" "\x13\xb5\xef\xca\xf7\x47\x6f\x5a\xde\xe9\xea\xab\xbb\x1f\x3a\x92\xcc\x16" "\xaf\x58\xcb\x8f\xc6\x40\x5f\x7d\xfe\x68\x71\xdf\xf8\xcb\xca\x9d\x79\x7e" "\x68\x7c\xaa\x3a\xd1\xc9\xc0\x81\x7c\x9c\x37\x1b\xff\x99\x3f\x2b\x9d\x6e" "\x1d\xb0\xe1\xfc\x5e\x0b\xba\x57\xe3\xf8\x4f\x3b\xd4\x0e\xe0\xf6\x73\xfe" "\x87\xee\x65\xfc\x43\xf7\x32\xfe\xa1\x7b\x35\x1b\xff\x1f\x37\xe4\xad\x05" "\xc0\xf6\xe4\xfc\x0f\xdd\xcb\xf8\x87\xee\x65\xfc\x43\xf7\x32\xfe\xa1\x2b" "\xad\xe7\x77\xfd\x5b\x2b\x11\xe9\xa6\x68\xc6\xb6\x49\x44\xba\x29\x9a\x21" "\xb1\x31\x89\xc6\xfb\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x5b\xd4\xff\x01\x00\x00\xff\xff\x6c\xca\xeb\xbf", 1092); syz_mount_image( /*fs=*/0x200000000180, /*dir=*/0x2000000000c0, /*flags=MS_I_VERSION|MS_REC|MS_SYNCHRONOUS|MS_RELATIME|MS_NOATIME|0x300*/ 0xa04710, /*opts=*/0x2000000001c0, /*chdir=*/1, /*size=*/0x444, /*img=*/0x200000000d00); syz_open_dev(/*dev=*/0xc, /*major=*/4, /*minor=*/0x15); syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x4b36, 0); memcpy((void*)0x200000000100, "./file0\000", 8); syscall(__NR_mknod, /*file=*/0x200000000100ul, /*mode=*/0ul, /*dev=*/0); *(uint64_t*)0x200000000680 = 0; *(uint32_t*)0x200000000688 = 0x21; *(uint32_t*)0x20000000068c = 0; *(uint32_t*)0x200000000690 = 0; syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x200000000680ul, /*timerid=*/0x200000000100ul); *(uint64_t*)0x20000006b000 = 0; *(uint64_t*)0x20000006b008 = 8; *(uint64_t*)0x20000006b010 = 0; *(uint64_t*)0x20000006b018 = 9; syscall(__NR_timer_settime, /*timerid=*/0, /*flags=*/0ul, /*new=*/0x20000006b000ul, /*old=*/0ul); memcpy((void*)0x200000000000, "127.0.0.1\000", 10); memcpy((void*)0x200000000040, "./file0\000", 8); memcpy((void*)0x200000000080, "9p\000", 3); memcpy((void*)0x200000000240, "trans=tcp,", 10); memcpy((void*)0x20000000024a, "port", 4); *(uint8_t*)0x20000000024e = 0x3d; sprintf((char*)0x20000000024f, "0x%016llx", (long long)0); *(uint8_t*)0x200000000261 = 0x2c; *(uint8_t*)0x200000000262 = 0; syscall(__NR_mount, /*src=*/0x200000000000ul, /*dst=*/0x200000000040ul, /*type=*/0x200000000080ul, /*flags=*/0ul, /*opts=*/0x200000000240ul); memcpy((void*)0x200000000000, "/dev/cdrom\000", 11); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=O_DIRECTORY*/ 0x10000, /*mode=*/0); if (res != -1) r[78] = res; *(uint8_t*)0x200000000080 = 0x2b; *(uint8_t*)0x200000000081 = 0x16; memset((void*)0x200000000082, 0, 6); *(uint8_t*)0x200000000088 = 0xf4; *(uint8_t*)0x200000000089 = 0xb5; memcpy((void*)0x20000000008a, "\x37\xc1\x2e\x88\xb5\x1b\xe5\x76\xc5\xbe\x45\x0a\xec\x35\x2c\x3d\xc4" "\x64\x88\xbc\x0a\x44\xf5\x00\x9f\x46\xde\xff\xaa\x54\x52\x13\x1a\x9f" "\xd8\x91\xaa\x02\x7c\x4e\xaa\xf4\xce\x92\x27\x60\x33\x15\x51\x89\xf0" "\x75\x34\x47\x26\x44\xac\x66\xf4\x67\xea\x55\x98\x0b\x29\x34\x1c\x7a" "\x43\xdd\x76\x19\x3f\xda\xd3\xf5\x9b\x9d\x09\x8b\x5c\xaa\xcb\x6b\x9e" "\x6e\x31\xc2\x65\x76\xf5\x06\x41\x0e\xa5\xce\x0e\x23\xe8\xee\x94\xd3" "\xca\xcd\x21\x6a\x3b\xee\xa4\x3c\x1f\x94\x03\xaf\x2c\xba\xc5\xc8\xf0" "\x70\x93\x7a\xcc\x93\xa1\x11\x63\x59\x35\x07\x2c\x3a\xa6\x78\x1d\x7b" "\x65\x70\xc3\xb0\x9e\xdf\x84\xa5\x5e\x70\x2f\xb7\x07\x71\x73\x37\x12" "\xcf\x15\x90\x9e\x9f\x96\x08\x18\xe2\x89\xb4\x48\xce\x5f\x02\x84\x89" "\x60\x61\xd6\xab\x20\xa5\x92\x31\x93\x48\x81", 181); syscall(__NR_setsockopt, /*fd=*/-1, /*level=*/0x29, /*optname=*/0x37, /*optval=*/0x200000000080ul, /*optlen=*/0xc0ul); memcpy((void*)0x200000000000, "/dev/snd/timer\000", 15); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=*/0, 0); if (res != -1) r[79] = res; syscall( __NR_clock_getres, /*id=CLOCK_PROCESS_CPUTIME_ID|0x4b54da0c41cf7c50*/ 0x4b54da0c41cf7c52ul, /*tp=*/0ul); *(uint32_t*)0x200000000140 = 1; *(uint32_t*)0x200000000144 = 0; *(uint32_t*)0x200000000148 = 0; *(uint32_t*)0x20000000014c = 0; *(uint32_t*)0x200000000150 = 0; memset((void*)0x200000000154, 0, 32); syscall(__NR_ioctl, /*fd=*/r[79], /*cmd=*/0x40345410, /*arg=*/0x200000000140ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/3ul, /*proto=*/2); if (res != -1) r[80] = res; syscall(__NR_getsockopt, /*fd=*/r[80], /*level=*/1, /*optname=*/0, /*optval=*/0ul, /*optlen=*/0ul); memcpy( (void*)0x200000000940, "\0203q}2[\340\232\356\257\003\227\236t\v\"|" "Ma\206\347\300\024\237\271h\261\226\347=I\2060S6\265\250\302\225Je%" "\376G\'\250\345\217\370\322\034\300\373\034\246\253\bi\344^" "\325\375\251\r\2547A\224k\315\t\000\220k\326\005\266&\320\235aA\305\234_" "\324\030,\f\324s\262\231/" "\300\232\362Oc\300c\003gB!\260\270n\001\233T\225\020\206\350$\177\r[" "\371\0161v\261\034\210\v\225uy\265:\342\341\334(\375\005\237B\204O\376@" "\000\000\000\000\000\000\000\000\000\000\000\000\032\240\212\033\003\"&" "\254\312p>\314Z\001\274\030\301\271\351\v\213\234\264Q\324\226EV<>" "\t\000\000\000\304tL\352\365W\275#" "\317\212\320\350\270\354\004\205\f\357\264\204\355\237/" "\324\273\352;-Dp\370\320F\220\370\222Ip6\364\026\350\024\340\222!\222-" "F\342\024D\221\250b\004\335\035\a\334\340\030\205{" "\200Q\366k\226\372Q\237W\vO\360\344O\\\316S\362\336\0049d\006#" "\210\303\337\205O\034\303\255?r\327\016\000\327\203\260\210\234\366Y-" "F\230\335\234~\375\225\303\266lC\252\"Y\365\320\267\334\213\027|" "\351q\242K\354z\204:*\365Y\321\2331}\233\025\324\354\002o\001&" "\252\220w\304\307yn\265\032g\253&?" "\276\313\350v\250\340\244\201sW\254f\0249\322}\357CGa\232$4\214\245!" "p\203\005\226%\002%\253j\n\b\310NC\221}&" "y\323\341\356p\'\305\253\031GsX5\214\n\237h\356;4\261%" "V\340\251\216\3630:\330\030N~G\0239\312\257\353o\035\027\325nAp\327\314(" "A\230 " "\000;]\375;\320\234\031v\034\302]" "\264Dk\205\344\210\2154\200\231\301i\255\2466\223\v\321/" ";6U\344\261\233\247\270\335t8\226\301=W\321\001\333r\311n@" "fw\305\272\234\234}\375\214\333gE@N\307\252\210Z\001:\270\206\207#" "\365\324L->\271\021_\374h)\274\2525\255\267?\2530{" "8\207\346\253\200\272p<\223}" "1K\323\202\2651c\300\366\256\352\233ht\221N\021\002\24557\210&\a!" "\022D\037y\214\336\236`\253\345\234\320\233\214[" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\302" "\365\200\375\004\3544\340\n\252%R\301\273\271:" "\017\274\005\315\243\206\276\257\270S\352\234\006[" "Q\231\003\325J\361\351}*\204\232\337\f\365\356\337H@" "\340\016\000\370\217Q;" "n2I\373\f\262\320\224\t\335\265\252\352\225\310\037\024\343\243\026\245" "\326\375\333\314\336\350q\351\306\265\211\341\304\317\337\\\2750\302~" "\355\000\332\351\307\265}" "\224\260\034\365\327\034\265\033\0168\252\242\261h\265P\002KQ", 737); res = syscall(__NR_memfd_create, /*name=*/0x200000000940ul, /*flags=*/0ul); if (res != -1) r[81] = res; memcpy((void*)0x200000000040, "/dev/loop#\000", 11); res = -1; res = syz_open_dev(/*dev=*/0x200000000040, /*id=*/0, /*flags=*/0); if (res != -1) r[82] = res; syscall(__NR_ioctl, /*fd=*/r[82], /*cmd=*/0x4c06, /*arg=*/r[81]); syscall(__NR_ioctl, /*fd=*/r[79], /*cmd=*/0x54a0, 0); memcpy((void*)0x200000000000, "/dev/snd/timer\000", 15); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=*/0x20, 0); if (res != -1) r[83] = res; *(uint32_t*)0x200000000140 = 1; *(uint32_t*)0x200000000144 = 0; *(uint32_t*)0x200000000148 = 0; *(uint32_t*)0x20000000014c = 0; *(uint32_t*)0x200000000150 = 0; memset((void*)0x200000000154, 0, 32); syscall(__NR_ioctl, /*fd=*/r[83], /*cmd=*/0x40345410, /*arg=*/0x200000000140ul); syscall(__NR_ioctl, /*fd=*/r[83], /*cmd=*/0x54a2, 0); syscall(__NR_ioctl, /*fd=*/r[79], /*cmd=*/0x54a1, 0); *(uint8_t*)0x200000000040 = 0xa; syscall(__NR_ioctl, /*fd=*/r[78], /*cmd=*/0x5390, /*arg=*/0x200000000040ul); *(uint32_t*)0x20000001d000 = 1; *(uint32_t*)0x20000001d004 = 0x80; *(uint8_t*)0x20000001d008 = 0; *(uint8_t*)0x20000001d009 = 0; *(uint8_t*)0x20000001d00a = 0; *(uint8_t*)0x20000001d00b = 0; *(uint32_t*)0x20000001d00c = 0; *(uint64_t*)0x20000001d010 = 0x18a; *(uint64_t*)0x20000001d018 = 0x308; *(uint64_t*)0x20000001d020 = 6; STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 2, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 3, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 5, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 6, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 7, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 8, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 9, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 10, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 11, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 12, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 13, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 14, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 15, 2); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 17, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 18, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 19, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 20, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 21, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 22, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 23, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 24, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 25, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 26, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 27, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 28, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 29, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 30, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 31, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 32, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 33, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 34, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 35, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 36, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 37, 1); STORE_BY_BITMASK(uint64_t, , 0x20000001d028, 0, 38, 26); *(uint32_t*)0x20000001d030 = 0; *(uint32_t*)0x20000001d034 = 0; *(uint64_t*)0x20000001d038 = 3; *(uint64_t*)0x20000001d040 = 0xb535; *(uint64_t*)0x20000001d048 = 0x107100; *(uint64_t*)0x20000001d050 = 2; *(uint32_t*)0x20000001d058 = 0; *(uint32_t*)0x20000001d05c = 0; *(uint64_t*)0x20000001d060 = 0; *(uint32_t*)0x20000001d068 = 0; *(uint16_t*)0x20000001d06c = 0; *(uint16_t*)0x20000001d06e = 0; *(uint32_t*)0x20000001d070 = 0x2c6; *(uint32_t*)0x20000001d074 = 0; *(uint64_t*)0x20000001d078 = 0; syscall(__NR_perf_event_open, /*attr=*/0x20000001d000ul, /*pid=*/0, /*cpu=*/-1, /*group=*/-1, /*flags=*/0ul); memcpy((void*)0x200000000040, "ext4\000", 5); memcpy((void*)0x200000000240, "./file0\000", 8); *(uint8_t*)0x2000000001c0 = 0; memcpy( (void*)0x2000000018c0, "\x78\x9c\xec\xdd\xcb\x6b\x5c\x65\x1b\x00\xf0\xe7\x4c\x6e\x4d\xda\xef\x4b" "\x3e\xf8\x40\xeb\x2a\x20\x68\xa0\x74\x62\x6a\x6c\x15\x5c\x54\x5c\x88\x60" "\xa1\xa0\x6b\xdb\x30\x99\x86\x36\x93\x4c\xc9\x4c\x4a\x13\x02\x6d\x11\xc1" "\x8d\xa0\xc5\x85\xa0\x9b\xee\x04\x2f\x75\xe7\xd6\xcb\x56\xff\x0b\x17\xd2" "\x52\x6c\x1a\x8c\xb8\x90\x91\x33\x99\x69\x27\xcd\x4c\x3a\x69\x6e\x8d\xf9" "\xfd\xe0\xb4\xef\x3b\xe7\x4c\x9e\xf7\x39\x97\xf7\xbc\x33\xe7\x30\x27\x80" "\x7d\x6b\x30\xfd\x27\x13\x71\x38\x22\x3e\x4a\x22\xfa\x6b\xaf\x27\x11\xd1" "\x55\x2d\x75\x46\x9c\x5c\x59\x6e\x79\x71\x21\x97\x4e\x49\x54\x2a\x6f\xff" "\x9e\x54\x97\x59\x5a\x5c\xc8\x45\xc3\x7b\x52\x07\x6b\x95\xa7\x23\xe2\xc7" "\xf7\x23\x8e\x64\xd6\xc6\x2d\xcd\xcd\x4f\x8e\x15\x0a\xf9\x99\x5a\x7d\xb8" "\x3c\x75\x71\xb8\x34\x37\x7f\xf4\xfc\xd4\xd8\x44\x7e\x22\x3f\x7d\x7c\x64" "\x74\xf4\xd8\x89\x97\x4e\x1c\xdf\xba\x5c\xff\xf8\x65\xfe\xd0\xed\x8f\xdf" "\x78\xfe\x9b\x93\x7f\xbd\xf7\xd4\xcd\x0f\x7f\x4a\xe2\x64\x1c\xaa\xcd\x6b" "\xcc\x63\xab\x0c\xc6\x60\x6d\x9d\x74\xa5\xab\x70\x95\xd7\xb7\x3a\xd8\x2e" "\x4b\xd6\x99\x77\x60\x07\xdb\xc1\xc6\xa4\x87\x66\xc7\xca\x51\x1e\x87\xa3" "\x3f\x3a\xaa\xa5\x16\x7a\x77\xb2\x65\x00\xc0\x76\xb9\x12\x11\x15\x00\x60" "\x9f\x49\x9c\xff\x01\x60\x9f\xa9\x7f\x0f\xb0\xb4\xb8\x90\xab\x4f\xeb\x7c" "\x5d\xb0\xce\xc5\x81\xbd\xe9\xce\x6b\x2b\x17\xa8\x96\x6a\xd7\x36\x97\xef" "\xe7\xdf\x59\xbb\x66\x77\xa0\x7a\x1d\xb4\x6f\x29\x59\x95\x7c\x12\x11\x03" "\x5b\x10\x7f\x30\x22\x3e\xff\xee\xdd\xaf\xd2\x29\xb6\xe9\x3a\x24\x40\x33" "\x57\xaf\x45\xc4\xd9\x81\xc1\xb5\xfd\x7f\xb2\xe6\x9e\x85\x8d\x7a\xa1\x8d" "\x65\x06\x1f\xaa\x37\xf4\x7f\xdd\x9b\x0c\x0f\x3c\xc2\xf7\xe9\xf8\xe7\xe5" "\x66\xe3\xbf\xcc\xfd\xf1\x4f\x34\x19\xff\xf4\x34\x39\x76\x1f\xc7\x3a\xc7" "\x7f\x4d\xe6\xd6\x16\x84\x69\x29\x1d\xff\xbd\xda\x70\x6f\xdb\x72\x43\xfe" "\x35\x03\x1d\xb5\xda\x7f\xaa\x63\xbe\xae\xe4\xdc\xf9\x42\x3e\xed\xdb\xfe" "\x1b\x11\x43\xd1\xd5\x93\xd6\x47\xd6\x89\x31\x74\xef\xef\x7b\xad\xe6\x35" "\x8e\xff\xee\x5e\xbf\x90\xf6\x79\xb9\xbb\xd7\x2f\x7c\xf9\x60\x89\xcc\xad" "\xce\x9e\xd5\xef\x19\x1f\x2b\x8f\x6d\x26\xe7\x46\x77\xae\x45\x3c\xd3\xd9" "\x2c\xff\x7a\xff\xbf\x72\x0f\x5b\xb3\xf1\xef\xe9\x36\x63\xbc\xf9\xca\x07" "\x9f\xb5\x9a\x97\xe6\x9f\xe6\x5b\x9f\xd2\xf8\xab\xf3\xdf\x5e\x95\x1b\x11" "\xcf\x35\xdd\xfe\x0f\xee\x68\x4b\xd6\xbd\x3f\x71\xb8\xba\x3b\x0c\xd7\x77" "\x8a\x26\xbe\xfd\xf5\xd3\xbe\x56\xf1\x1b\xb7\x7f\x3a\xa5\xf1\xeb\x9f\x05" "\x76\x42\xba\xfd\xfb\xd6\xcf\x7f\x20\x69\xbc\x5f\xb3\xb4\xf1\x18\x3f\xdf" "\xe8\xff\xa1\xd5\xbc\x47\xe7\xdf\x7c\xff\xef\x4e\xde\xa9\x96\xeb\x83\x84" "\xcb\x63\xe5\xf2\xcc\x48\x44\x77\xf2\xd6\xda\xd7\x8f\x3d\x78\x6f\xbd\x5e" "\x5f\x3e\xcd\x7f\xe8\xd9\xee\xa6\xc7\x7f\xbd\xff\x6b\xb6\xff\xa7\x9f\x09" "\xcf\xb6\x99\x7f\xe7\xed\x6b\x5f\x3f\x7e\xfe\xdb\x2b\xcd\x7f\x7c\x43\xdb" "\x7f\xe3\x85\x9b\xcb\x93\x1d\xad\xe2\xb7\xb7\xfd\x47\xab\xa5\xa1\xda\x2b" "\xed\xf4\x7f\xed\x36\x70\x33\xeb\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xda\x95\x89\x88\x43\x91\x64\xb2" "\xf7\xcb\x99\x4c\x36\xbb\xf2\x0c\xef\xff\x47\x5f\xa6\x50\x2c\x95\x8f\x9c" "\x2b\xce\x4e\x8f\x47\xf5\x59\xd9\x03\xd1\x95\xa9\xff\xd4\x65\x7f\xc3\xef" "\xa1\x8e\xd4\x7e\x0f\xbf\x5e\x3f\xf6\x50\xfd\xc5\x88\xf8\x5f\x44\x7c\xd2" "\xd3\x5b\xad\x67\x73\xc5\xc2\xf8\x6e\x27\x0f\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x35\x07\x5b\x3c\xff\x3f\xf5\x5b\xcf\x6e\xb7\x0e" "\x00\xd8\x36\x07\x76\xbb\x01\x00\xc0\x8e\x73\xfe\x07\x80\xfd\x67\x63\xe7" "\xff\xde\x6d\x6b\x07\x00\xb0\x73\x7c\xfe\x07\x80\xfd\xc7\xf9\x1f\x00\xf6" "\x1f\xe7\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\xb6\xd9\xe9\x53\xa7\xd2\xa9\xf2\xe7\xe2\x42\x2e\xad\x8f\x5f\x9a\x9b\x9d" "\x2c\x5e\x3a\x3a\x9e\x2f\x4d\x66\xa7\x66\x73\xd9\x5c\x71\xe6\x62\x76\xa2" "\x58\x9c\x28\xe4\xb3\xb9\xe2\x54\xcb\x3f\x74\x75\xe5\xbf\x42\xb1\x78\x71" "\x34\xa6\x67\x2f\x0f\x97\xf3\xa5\xf2\x70\x69\x6e\xfe\xcc\x54\x71\x76\xba" "\x7c\xe6\xfc\xd4\xd8\x44\xfe\x4c\xbe\x6b\xc7\x32\x03\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x80\xf6\x95\xe6\xe6\x27\xc7\x0a\x85\xfc\xcc" "\x9e\x29\x54\x2a\x95\x2b\x4f\x40\x33\xfe\x0d\x85\x8e\xda\x4e\xf0\xa4\xb4" "\x67\xcf\x15\x32\x9b\x58\x75\x5f\xec\x76\xe3\x1f\x51\x68\xec\x25\x7a\x77" "\xa7\x73\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd8\x03\xfe\x09\x00\x00" "\xff\xff\xaa\x8a\x25\x14", 1950); syz_mount_image(/*fs=*/0x200000000040, /*dir=*/0x200000000240, /*flags=*/0, /*opts=*/0x2000000001c0, /*chdir=*/1, /*size=*/0x79e, /*img=*/0x2000000018c0); memcpy((void*)0x200000000040, "./bus\000", 6); res = syscall(__NR_creat, /*file=*/0x200000000040ul, /*mode=*/0ul); if (res != -1) r[84] = res; *(uint64_t*)0x200000000600 = 0x200000000380; memset((void*)0x200000000380, 96, 1); *(uint64_t*)0x200000000608 = 1; syscall(__NR_pwritev2, /*fd=*/r[84], /*vec=*/0x200000000600ul, /*vlen=*/1ul, /*off_low=*/0xac04, /*off_high=*/0, /*flags=*/0ul); memcpy((void*)0x200000008140, "./bus\000", 6); res = syscall(__NR_open, /*file=*/0x200000008140ul, /*flags=O_NOFOLLOW|O_NOCTTY|O_NOATIME|O_CREAT|O_RDWR*/ 0x60142ul, /*mode=*/0ul); if (res != -1) r[85] = res; syscall(__NR_fallocate, /*fd=*/r[85], /*mode=FALLOC_FL_COLLAPSE_RANGE*/ 8ul, /*off=*/0ul, /*len=*/0x8000ul); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/2ul, /*proto=*/0x88); if (res != -1) r[86] = res; syscall(__NR_socket, /*domain=*/0xaul, /*type=*/2ul, /*proto=*/0x88); syscall(__NR_ioctl, /*fd=*/r[86], /*cmd=*/0x89f1, /*arg=*/0ul); syscall(__NR_setsockopt, /*fd=*/-1, /*level=*/0, /*optname=*/0x29, /*optval=*/0ul, /*optlen=*/0xfe3bul); memcpy((void*)0x200000000080, "./bus\000", 6); res = syscall(__NR_creat, /*file=*/0x200000000080ul, /*mode=*/0ul); if (res != -1) r[87] = res; memcpy((void*)0x200000000040, "blkio.throttle.io_service_bytes\000", 32); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000040ul, /*flags=*/0x275a, /*mode=*/0); if (res != -1) r[88] = res; syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xb36000ul, /*prot=*/0ul, /*flags=MAP_STACK|MAP_POPULATE|MAP_FIXED|MAP_SHARED*/ 0x28011ul, /*fd=*/r[88], /*offset=*/0ul); res = syscall(__NR_socket, /*domain=AF_INET6|0x200000000000000*/ 0x20000000000000aul, /*type=SOCK_DGRAM*/ 2ul, /*proto=*/0); if (res != -1) r[89] = res; syscall(__NR_ioctl, /*fd=*/r[89], /*cmd=*/0x8916, /*arg=*/0ul); syscall(__NR_close_range, /*fd=*/-1, /*max_fd=*/-1, /*flags=CLOSE_RANGE_UNSHARE*/ 2ul); syscall(__NR_ioperm, /*from=*/0ul, /*num=*/0x800ul, /*on=*/8ul); res = syscall(__NR_socket, /*domain=*/1ul, /*type=SOCK_DGRAM*/ 2ul, /*proto=*/0); if (res != -1) r[90] = res; syscall(__NR_recvmmsg, /*fd=*/r[90], /*mmsg=*/0ul, /*vlen=*/0ul, /*f=*/0ul, /*timeout=*/0ul); syscall(__NR_open_by_handle_at, /*mountdirfd=*/r[87], /*handle=*/0ul, /*flags=*/0ul); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0); if (res != -1) r[91] = res; *(uint32_t*)0x200000000000 = 0xdf; syscall(__NR_setsockopt, /*fd=*/r[91], /*level=*/6, /*optname=TCP_THIN_LINEAR_TIMEOUTS|TCP_CORK*/ 0x13, /*optval=*/0x200000000000ul, /*optlen=*/4ul); syscall(__NR_socketpair, /*domain=*/1ul, /*type=*/1ul, /*proto=*/0, /*fds=*/0x200000000000ul); memcpy((void*)0x2000000000c0, "ext4\000", 5); memcpy((void*)0x200000000040, "./file0\000", 8); memcpy((void*)0x200000001280, "quota", 5); *(uint8_t*)0x200000001285 = 0x2c; memcpy((void*)0x200000001286, "noload", 6); *(uint8_t*)0x20000000128c = 0x2c; memcpy((void*)0x20000000128d, "errors=remount-ro", 17); *(uint8_t*)0x20000000129e = 0x2c; memcpy((void*)0x20000000129f, "init_itable", 11); *(uint8_t*)0x2000000012aa = 0x2c; *(uint8_t*)0x2000000012ab = 0; memcpy( (void*)0x200000001380, "\x78\x9c\xec\xdd\x4d\x6f\x1b\x5b\x19\x00\xe0\x77\x26\x49\xf3\x71\x73\x6f" "\x72\xc5\x5d\x00\x02\x6e\x29\x85\x82\xaa\xda\x89\xdb\x46\xa8\xab\xb2\xe1" "\x43\x55\x25\x44\xc5\x8a\x45\x1b\x12\x37\x8a\x62\xc7\x51\xec\x94\x26\x74" "\x91\xfe\x07\x24\x2a\xb1\x82\x9f\xc0\x02\x89\x05\x52\x57\xec\xd9\xc1\x8e" "\x4d\xbb\x40\x2a\x50\x81\x1a\x24\x16\x46\x33\xb6\xd3\x24\x8d\x93\x94\x36" "\xb6\x6e\xfc\x3c\xd2\x68\xce\x99\x33\xcd\x7b\x4e\xad\x39\xaf\x7b\xdc\xf8" "\x04\x30\xb0\xce\x47\xc4\x76\x44\x9c\x8b\x88\x7b\x11\x31\xd5\xbe\x9e\xb4" "\x8f\xb8\xd9\x3a\xb2\xfb\x5e\xbd\x7c\xb4\xb0\xf3\xf2\xd1\x42\x12\xcd\xe6" "\x9d\x7f\x24\x79\x7b\x76\x2d\xf6\xfc\x99\xcc\x07\xed\x9f\x39\x16\x11\x3f" "\xfa\x5e\xc4\x4f\x93\x37\xe3\xd6\x37\xb7\x56\xe6\x2b\x95\xf2\x7a\xbb\x5e" "\x6c\x54\xd7\x8a\xf5\xcd\xad\x2b\xcb\xd5\xf9\xa5\xf2\x52\x79\xb5\x54\x9a" "\x9b\x9d\x9b\xf9\xf6\xd5\xeb\xa5\xf7\x36\xd6\x4f\xab\xbf\x7d\xf1\xdd\xe5" "\x5b\x3f\xfe\xc3\xef\xbf\xfc\xec\x4f\xdb\xdf\xfa\x79\xd6\xad\xc9\x76\xdb" "\xde\x71\xbc\x4f\xad\xa1\x8f\xec\xc6\xc9\x0c\x47\xc4\xad\xd3\x08\xd6\x07" "\x43\xed\xf1\x9c\xeb\x77\x47\xf8\xbf\xa4\x11\x51\x88\x88\x0b\xf9\xf3\x3f" "\x15\x43\xf9\xab\x09\x00\x9c\x65\xcd\xe6\x54\x34\xa7\xf6\xd6\x01\x80\xb3" "\x2e\xcd\xd7\xc0\x92\xb4\xd0\x5e\x0b\x98\x8c\x34\x2d\x14\x5a\x6b\x78\x9f" "\xc4\x44\x5a\xa9\xd5\x1b\x97\xef\xd7\x36\x56\x17\x5b\x6b\x65\xd3\x31\x92" "\xde\x5f\xae\x94\x67\xda\x6b\x85\xd3\x31\x92\x64\xf5\xd9\xbc\xfc\xba\x5e" "\x3a\x50\xbf\x1a\x11\x1f\x47\xc4\x2f\x46\xc7\xf3\x7a\x61\xa1\x56\x59\xec" "\xe7\x1b\x1f\x00\x18\x60\x1f\x1c\xc8\xff\xff\x1e\x6d\xe5\x7f\x00\xe0\x8c" "\x1b\xeb\x77\x07\x00\x80\x9e\x93\xff\x01\x60\xf0\xc8\xff\x00\x30\x78\xe4" "\x7f\x00\x18\x3c\xf2\x3f\x00\x0c\x1e\xf9\x1f\x00\x06\x8f\xfc\x0f\x00\x03" "\xe5\x87\xb7\x6f\x67\x47\x73\xa7\xfd\xfd\xd7\x8b\x0f\x36\x37\x56\x6a\x0f" "\xae\x2c\x96\xeb\x2b\x85\xea\xc6\x42\x61\xa1\xb6\xbe\x56\x58\xaa\xd5\x96" "\xf2\xef\xec\xa9\x1e\xf7\xf3\x2a\xb5\xda\xda\xec\xb5\xd8\x78\x58\x6c\x94" "\xeb\x8d\x62\x7d\x73\xeb\x6e\xb5\xb6\xb1\xda\xb8\x9b\x7f\xaf\xf7\xdd\xf2" "\x48\x4f\x46\x05\x00\x1c\xe5\xe3\x4f\x9f\xfe\x25\x89\x88\xed\x1b\xe3\xf9" "\x11\x7b\xf6\x72\x90\xab\xe1\x6c\x4b\xfb\xdd\x01\xa0\x6f\x86\xfa\xdd\x01" "\xa0\x6f\x8e\xd9\xed\xeb\x79\xaf\xfa\x01\xf4\x9e\x7f\xe3\xc3\xc0\xfb\xfe" "\x21\x5b\xf4\xee\xb3\xe7\xbf\x08\x8d\xef\x6b\x78\x72\x3a\x1d\x02\x4e\xdf" "\xa5\x2f\x58\xff\x87\x41\x65\xfd\x1f\x06\x97\xf5\x7f\x18\x5c\xc7\xac\xff" "\x03\x67\x58\xb3\x99\xd8\xf3\x1f\x00\x06\x8c\x35\x7e\xe0\x2d\x3e\xff\xdf" "\xcf\xe7\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\xb0\xc9\xfc\x48\xd2\x42\x7b\x2f" "\xf0\xc9\x48\xd3\x42\x21\xe2\xc3\x88\x98\x8e\x91\xe4\xfe\x72\xa5\x3c\x13" "\x11\x1f\x45\xc4\x9f\x47\x47\x46\xb3\xfa\x6c\xbf\x3b\x0d\x00\xbc\xa3\xf4" "\x6f\x49\x7b\xff\xaf\x4b\x53\x17\x27\x0f\xb6\x9e\x4b\xfe\x33\x9a\x9f\x23" "\xe2\x67\xbf\xba\xf3\xcb\x87\xf3\x8d\xc6\xfa\x6c\x76\xfd\x9f\xbb\xd7\x1b" "\x4f\xda\xd7\x4b\xfd\xe8\x3f\x00\x70\x9c\x4e\x9e\xee\xe4\xf1\x8e\x57\x2f" "\x1f\x2d\x74\x8e\x5e\xf6\xe7\xc5\x77\x5a\x9b\x8b\x66\x71\x77\xda\x47\xab" "\x65\x38\x86\xf3\xf3\x58\x8c\x44\xc4\xc4\xbf\x92\x76\xbd\x25\x7b\xbf\x32" "\xf4\x1e\xe2\x6f\x3f\x8e\x88\xcf\x1f\x36\xfe\x24\x5f\x1b\x99\x6e\xef\x7c" "\x7a\x30\x7e\x16\xfb\xc3\x9e\xc6\x4f\xf7\xc5\x4f\xf3\xb6\xd6\x39\xfb\xbb" "\xf8\xdc\xdb\x87\xee\xba\xa5\x2b\x0c\x8a\xa7\xd9\xfc\x73\xf3\xb0\xe7\x2f" "\x8d\xf3\xf9\xf9\xf0\xe7\x7f\x2c\x9f\xa1\xde\x5d\x67\xfe\xdb\x79\x63\xfe" "\x4b\x77\xe7\xbf\xa1\x2e\xf3\xdf\xf9\x93\xc6\xb8\xf6\xc7\x1f\x74\x6d\x7b" "\x1c\xf1\xc5\xe1\xc3\xe2\x27\xbb\xf1\x93\x2e\xf1\x2f\x1e\x19\xb5\xd9\xec" "\x94\xfe\xfa\xa5\xaf\x5c\xe8\x7a\xd7\xaf\x23\x2e\xc5\xe1\xf1\xf7\xc6\x2a" "\x36\xaa\x6b\xc5\xfa\xe6\xd6\x95\xe5\xea\xfc\x52\x79\xa9\xbc\x5a\x2a\xcd" "\xcd\xce\xcd\x8c\x5f\xbd\x5e\x2a\xe6\x6b\xd4\xc5\xce\x4a\xf5\x9b\xfe\x7e" "\xe3\xf2\x47\x47\x8d\x7f\xa2\x4b\xfc\xb1\x63\xc6\xff\xf5\x23\xc7\xff\xda" "\x6f\xfe\x7b\xef\x27\x5f\x3d\x22\xfe\x37\xbf\x76\xf8\xeb\xff\xc9\x11\xf1" "\xb3\x9c\xf8\x8d\x13\xc6\x9f\x9f\xf8\x5d\xd7\xb9\x3e\x8b\xbf\xd8\x65\xfc" "\xfb\x5f\xff\xfd\xf9\x22\xbb\x76\xf9\x84\xf1\x9f\x3d\xdf\x5a\x3c\xe1\xad" "\x00\x40\x0f\xd4\x37\xb7\x56\xe6\x2b\x95\xf2\xfa\xd1\x85\x4e\xee\x3f\xd1" "\xcd\x0a\x0a\x0a\x9f\xf5\x42\x9f\x27\x26\xe0\xd4\xbd\x7e\xe8\xfb\xdd\x13" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\x9b\x5e\xfc\x3a\x51\xbf" "\xc7\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\xc0\xd9\xf5\xbf\x00\x00\x00\xff\xff\xfb\x38" "\xd9\x0f", 1226); syz_mount_image(/*fs=*/0x2000000000c0, /*dir=*/0x200000000040, /*flags=*/0, /*opts=*/0x200000001280, /*chdir=*/1, /*size=*/0x4ca, /*img=*/0x200000001380); memcpy((void*)0x2000000002c0, "./file0\000", 8); syscall(__NR_stat, /*file=*/0x2000000002c0ul, /*statbuf=*/0x2000000001c0ul); memcpy((void*)0x200000000240, "/dev/input/event#\000", 18); res = -1; res = syz_open_dev(/*dev=*/0x200000000240, /*id=*/0, /*flags=*/0); if (res != -1) r[92] = res; syscall(__NR_ioctl, /*fd=*/r[92], /*cmd=*/0x80084505, /*arg=*/0ul); *(uint32_t*)0x200000000000 = 0x6e; res = syscall(__NR_accept4, /*fd=*/-1, /*peer=*/0x200000000100ul, /*peerlen=*/0x200000000000ul, /*flags=SOCK_NONBLOCK*/ 0x800ul); if (res != -1) r[93] = res; *(uint32_t*)0x200000000180 = 0xc; syscall(__NR_getsockopt, /*fd=*/r[93], /*level=*/1, /*optname=*/0x11, /*optval=*/0x200000000080ul, /*optlen=*/0x200000000180ul); memcpy((void*)0x2000000000c0, "ext4\000", 5); memcpy((void*)0x200000000040, "./file0\000", 8); memcpy((void*)0x200000001280, "quota", 5); *(uint8_t*)0x200000001285 = 0x2c; memcpy((void*)0x200000001286, "noload", 6); *(uint8_t*)0x20000000128c = 0x2c; memcpy((void*)0x20000000128d, "errors=remount-ro", 17); *(uint8_t*)0x20000000129e = 0x2c; memcpy((void*)0x20000000129f, "init_itable", 11); *(uint8_t*)0x2000000012aa = 0x2c; *(uint8_t*)0x2000000012ab = 0; memcpy( (void*)0x200000001380, "\x78\x9c\xec\xdd\x4d\x6f\x1b\x5b\x19\x00\xe0\x77\x26\x49\xf3\x71\x73\x6f" "\x72\xc5\x5d\x00\x02\x6e\x29\x85\x82\xaa\xda\x89\xdb\x46\xa8\xab\xb2\xe1" "\x43\x55\x25\x44\xc5\x8a\x45\x1b\x12\x37\x8a\x62\xc7\x51\xec\x94\x26\x74" "\x91\xfe\x07\x24\x2a\xb1\x82\x9f\xc0\x02\x89\x05\x52\x57\xec\xd9\xc1\x8e" "\x4d\xbb\x40\x2a\x50\x81\x1a\x24\x16\x46\x33\xb6\xd3\x24\x8d\x93\x94\x36" "\xb6\x6e\xfc\x3c\xd2\x68\xce\x99\x33\xcd\x7b\x4e\xad\x39\xaf\x7b\xdc\xf8" "\x04\x30\xb0\xce\x47\xc4\x76\x44\x9c\x8b\x88\x7b\x11\x31\xd5\xbe\x9e\xb4" "\x8f\xb8\xd9\x3a\xb2\xfb\x5e\xbd\x7c\xb4\xb0\xf3\xf2\xd1\x42\x12\xcd\xe6" "\x9d\x7f\x24\x79\x7b\x76\x2d\xf6\xfc\x99\xcc\x07\xed\x9f\x39\x16\x11\x3f" "\xfa\x5e\xc4\x4f\x93\x37\xe3\xd6\x37\xb7\x56\xe6\x2b\x95\xf2\x7a\xbb\x5e" "\x6c\x54\xd7\x8a\xf5\xcd\xad\x2b\xcb\xd5\xf9\xa5\xf2\x52\x79\xb5\x54\x9a" "\x9b\x9d\x9b\xf9\xf6\xd5\xeb\xa5\xf7\x36\xd6\x4f\xab\xbf\x7d\xf1\xdd\xe5" "\x5b\x3f\xfe\xc3\xef\xbf\xfc\xec\x4f\xdb\xdf\xfa\x79\xd6\xad\xc9\x76\xdb" "\xde\x71\xbc\x4f\xad\xa1\x8f\xec\xc6\xc9\x0c\x47\xc4\xad\xd3\x08\xd6\x07" "\x43\xed\xf1\x9c\xeb\x77\x47\xf8\xbf\xa4\x11\x51\x88\x88\x0b\xf9\xf3\x3f" "\x15\x43\xf9\xab\x09\x00\x9c\x65\xcd\xe6\x54\x34\xa7\xf6\xd6\x01\x80\xb3" "\x2e\xcd\xd7\xc0\x92\xb4\xd0\x5e\x0b\x98\x8c\x34\x2d\x14\x5a\x6b\x78\x9f" "\xc4\x44\x5a\xa9\xd5\x1b\x97\xef\xd7\x36\x56\x17\x5b\x6b\x65\xd3\x31\x92" "\xde\x5f\xae\x94\x67\xda\x6b\x85\xd3\x31\x92\x64\xf5\xd9\xbc\xfc\xba\x5e" "\x3a\x50\xbf\x1a\x11\x1f\x47\xc4\x2f\x46\xc7\xf3\x7a\x61\xa1\x56\x59\xec" "\xe7\x1b\x1f\x00\x18\x60\x1f\x1c\xc8\xff\xff\x1e\x6d\xe5\x7f\x00\xe0\x8c" "\x1b\xeb\x77\x07\x00\x80\x9e\x93\xff\x01\x60\xf0\xc8\xff\x00\x30\x78\xe4" "\x7f\x00\x18\x3c\xf2\x3f\x00\x0c\x1e\xf9\x1f\x00\x06\x8f\xfc\x0f\x00\x03" "\xe5\x87\xb7\x6f\x67\x47\x73\xa7\xfd\xfd\xd7\x8b\x0f\x36\x37\x56\x6a\x0f" "\xae\x2c\x96\xeb\x2b\x85\xea\xc6\x42\x61\xa1\xb6\xbe\x56\x58\xaa\xd5\x96" "\xf2\xef\xec\xa9\x1e\xf7\xf3\x2a\xb5\xda\xda\xec\xb5\xd8\x78\x58\x6c\x94" "\xeb\x8d\x62\x7d\x73\xeb\x6e\xb5\xb6\xb1\xda\xb8\x9b\x7f\xaf\xf7\xdd\xf2" "\x48\x4f\x46\x05\x00\x1c\xe5\xe3\x4f\x9f\xfe\x25\x89\x88\xed\x1b\xe3\xf9" "\x11\x7b\xf6\x72\x90\xab\xe1\x6c\x4b\xfb\xdd\x01\xa0\x6f\x86\xfa\xdd\x01" "\xa0\x6f\x8e\xd9\xed\xeb\x79\xaf\xfa\x01\xf4\x9e\x7f\xe3\xc3\xc0\xfb\xfe" "\x21\x5b\xf4\xee\xb3\xe7\xbf\x08\x8d\xef\x6b\x78\x72\x3a\x1d\x02\x4e\xdf" "\xa5\x2f\x58\xff\x87\x41\x65\xfd\x1f\x06\x97\xf5\x7f\x18\x5c\xc7\xac\xff" "\x03\x67\x58\xb3\x99\xd8\xf3\x1f\x00\x06\x8c\x35\x7e\xe0\x2d\x3e\xff\xdf" "\xcf\xe7\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\xb0\xc9\xfc\x48\xd2\x42\x7b\x2f" "\xf0\xc9\x48\xd3\x42\x21\xe2\xc3\x88\x98\x8e\x91\xe4\xfe\x72\xa5\x3c\x13" "\x11\x1f\x45\xc4\x9f\x47\x47\x46\xb3\xfa\x6c\xbf\x3b\x0d\x00\xbc\xa3\xf4" "\x6f\x49\x7b\xff\xaf\x4b\x53\x17\x27\x0f\xb6\x9e\x4b\xfe\x33\x9a\x9f\x23" "\xe2\x67\xbf\xba\xf3\xcb\x87\xf3\x8d\xc6\xfa\x6c\x76\xfd\x9f\xbb\xd7\x1b" "\x4f\xda\xd7\x4b\xfd\xe8\x3f\x00\x70\x9c\x4e\x9e\xee\xe4\xf1\x8e\x57\x2f" "\x1f\x2d\x74\x8e\x5e\xf6\xe7\xc5\x77\x5a\x9b\x8b\x66\x71\x77\xda\x47\xab" "\x65\x38\x86\xf3\xf3\x58\x8c\x44\xc4\xc4\xbf\x92\x76\xbd\x25\x7b\xbf\x32" "\xf4\x1e\xe2\x6f\x3f\x8e\x88\xcf\x1f\x36\xfe\x24\x5f\x1b\x99\x6e\xef\x7c" "\x7a\x30\x7e\x16\xfb\xc3\x9e\xc6\x4f\xf7\xc5\x4f\xf3\xb6\xd6\x39\xfb\xbb" "\xf8\xdc\xdb\x87\xee\xba\xa5\x2b\x0c\x8a\xa7\xd9\xfc\x73\xf3\xb0\xe7\x2f" "\x8d\xf3\xf9\xf9\xf0\xe7\x7f\x2c\x9f\xa1\xde\x5d\x67\xfe\xdb\x79\x63\xfe" "\x4b\x77\xe7\xbf\xa1\x2e\xf3\xdf\xf9\x93\xc6\xb8\xf6\xc7\x1f\x74\x6d\x7b" "\x1c\xf1\xc5\xe1\xc3\xe2\x27\xbb\xf1\x93\x2e\xf1\x2f\x1e\x19\xb5\xd9\xec" "\x94\xfe\xfa\xa5\xaf\x5c\xe8\x7a\xd7\xaf\x23\x2e\xc5\xe1\xf1\xf7\xc6\x2a" "\x36\xaa\x6b\xc5\xfa\xe6\xd6\x95\xe5\xea\xfc\x52\x79\xa9\xbc\x5a\x2a\xcd" "\xcd\xce\xcd\x8c\x5f\xbd\x5e\x2a\xe6\x6b\xd4\xc5\xce\x4a\xf5\x9b\xfe\x7e" "\xe3\xf2\x47\x47\x8d\x7f\xa2\x4b\xfc\xb1\x63\xc6\xff\xf5\x23\xc7\xff\xda" "\x6f\xfe\x7b\xef\x27\x5f\x3d\x22\xfe\x37\xbf\x76\xf8\xeb\xff\xc9\x11\xf1" "\xb3\x9c\xf8\x8d\x13\xc6\x9f\x9f\xf8\x5d\xd7\xb9\x3e\x8b\xbf\xd8\x65\xfc" "\xfb\x5f\xff\xfd\xf9\x22\xbb\x76\xf9\x84\xf1\x9f\x3d\xdf\x5a\x3c\xe1\xad" "\x00\x40\x0f\xd4\x37\xb7\x56\xe6\x2b\x95\xf2\xfa\xd1\x85\x4e\xee\x3f\xd1" "\xcd\x0a\x0a\x0a\x9f\xf5\x42\x9f\x27\x26\xe0\xd4\xbd\x7e\xe8\xfb\xdd\x13" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\x9b\x5e\xfc\x3a\x51\xbf" "\xc7\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\xc0\xd9\xf5\xbf\x00\x00\x00\xff\xff\xfb\x38" "\xd9\x0f", 1226); syz_mount_image(/*fs=*/0x2000000000c0, /*dir=*/0x200000000040, /*flags=*/0, /*opts=*/0x200000001280, /*chdir=*/1, /*size=*/0x4ca, /*img=*/0x200000001380); memcpy((void*)0x2000000002c0, "./file0\000", 8); syscall(__NR_stat, /*file=*/0x2000000002c0ul, /*statbuf=*/0x2000000001c0ul); memcpy((void*)0x200000000240, "/dev/input/event#\000", 18); syz_open_dev(/*dev=*/0x200000000240, /*id=*/0, /*flags=*/0); syscall(__NR_ioctl, /*fd=*/r[92], /*cmd=*/0x80084505, /*arg=*/0ul); *(uint32_t*)0x200000000000 = 0x6e; syscall(__NR_accept4, /*fd=*/-1, /*peer=*/0x200000000100ul, /*peerlen=*/0x200000000000ul, /*flags=SOCK_NONBLOCK*/ 0x800ul); *(uint32_t*)0x200000000180 = 0xc; syscall(__NR_getsockopt, /*fd=*/r[93], /*level=*/1, /*optname=*/0x11, /*optval=*/0x200000000080ul, /*optlen=*/0x200000000180ul); memcpy((void*)0x2000000002c0, "/dev/autofs\000", 12); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x2000000002c0ul, /*flags=*/0, /*mode=*/0); if (res != -1) r[94] = res; memcpy((void*)0x200000000780, "ext3\000", 5); memcpy((void*)0x2000000007c0, "./file0\000", 8); memcpy((void*)0x200000000000, "noblock_validity", 16); *(uint8_t*)0x200000000010 = 0x2c; memcpy((void*)0x200000000011, "noblock_validity", 16); *(uint8_t*)0x200000000021 = 0x2c; memcpy((void*)0x200000000022, "dioread_nolock", 14); *(uint8_t*)0x200000000030 = 0x2c; memcpy((void*)0x200000000031, "quota", 5); *(uint8_t*)0x200000000036 = 0x2c; memcpy((void*)0x200000000037, "nogrpid", 7); *(uint8_t*)0x20000000003e = 0x2c; memcpy((void*)0x20000000003f, "nombcache", 9); *(uint8_t*)0x200000000048 = 0x2c; *(uint8_t*)0x200000000049 = 0; memcpy( (void*)0x200000000840, "\x78\x9c\xec\xdd\xcd\x6b\x1c\xe5\x1f\x00\xf0\xef\x6c\x92\xa6\xbf\xb4\x3f" "\x13\x41\xd0\x7a\x0a\x08\x1a\x28\xdd\x98\x1a\x5b\x05\x0f\x15\x0f\x22\x58" "\x28\xe8\xd9\x76\xd9\x6c\x43\xcd\x6e\xb6\x64\x37\xa5\x09\x01\x2d\x22\x78" "\x11\x54\x3c\x08\x7a\xe9\xd9\x97\x7a\xf3\xea\xcb\x55\xff\x0b\x0f\xd2\x52" "\x35\x2d\x56\x3c\x48\x64\x36\xb3\xe9\xb6\xd9\x4d\x37\x6d\x92\x45\xf7\xf3" "\x81\xa7\x7d\x9e\x99\xd9\x3c\xf3\x9d\x67\x66\x9e\x67\x77\x86\x99\x00\xfa" "\xd6\x78\xfa\x4f\x2e\xe2\x50\x44\x7c\x90\x44\x8c\x66\xd3\x93\x88\x18\x6a" "\xe4\x06\x23\x4e\xac\x2f\x77\x6b\x75\xa5\x98\xa6\x24\xd6\xd6\x5e\xfb\x2d" "\x69\x2c\x73\x73\x75\xa5\x18\x2d\x9f\x49\x1d\xc8\x0a\x8f\x45\xc4\xf7\xef" "\x46\x1c\xce\x6d\xae\xb7\xb6\xb4\x3c\x57\x28\x97\x4b\x0b\x59\x79\xb2\x5e" "\x39\x3f\x59\x5b\x5a\x3e\x72\xae\x52\x98\x2d\xcd\x96\xe6\x8f\x4d\x4d\x4f" "\x1f\x3d\xfe\xec\xf1\x63\x3b\x17\xeb\x1f\x3f\x2d\x1f\xbc\xf6\xe1\xcb\x4f" "\x7d\x75\xe2\xaf\x77\x1e\xbd\xf2\xfe\x0f\x49\x9c\x88\x83\xd9\xbc\xd6\x38" "\x76\xca\x78\x8c\x67\xdb\x64\x28\xdd\x84\x77\x78\x69\xa7\x2b\xeb\xb1\xa4" "\xd7\x2b\xc0\x7d\x49\x0f\xcd\x81\xf5\xa3\x3c\x0e\xc5\x68\x0c\x34\x72\x00" "\xc0\x7f\xd9\x5b\x11\xb1\x06\x00\xf4\x99\x44\xff\x0f\x00\x7d\xa6\xf9\x3b" "\xc0\xcd\xd5\x95\x62\x33\xf5\xf6\x17\x89\xbd\x75\xfd\xc5\x88\xd8\xbf\x1e" "\x7f\xf3\xfa\xe6\xfa\x9c\xc1\xec\x9a\xdd\xfe\xc6\x75\xd0\x91\x9b\xc9\x1d" "\x57\x46\x92\x88\x18\xdb\x81\xfa\xc7\x23\xe2\xb3\x6f\xde\xf8\x22\x4d\xb1" "\x4b\xd7\x21\x01\xda\x79\xfb\x52\x44\x9c\x19\x1b\xdf\x7c\xfe\x4f\x36\xdd" "\xb3\xb0\x5d\x4f\x77\xb1\xcc\xf8\x5d\x65\xe7\x3f\xd8\x3b\xdf\xa6\xe3\x9f" "\xe7\xda\x8d\xff\x72\x1b\xe3\x9f\x68\x33\xfe\x19\x6e\x73\xec\xde\x8f\x7b" "\x1f\xff\xb9\xab\x3b\x50\x4d\x47\xe9\xf8\xef\x85\x96\x7b\xdb\x6e\xb5\xc4" "\x9f\x19\x1b\xc8\x4a\xff\x6f\x8c\xf9\x86\x92\xb3\xe7\xca\xa5\xf4\xdc\xf6" "\x50\x44\x4c\xc4\xd0\x70\x5a\x9e\xda\xa2\x8e\x89\x1b\x7f\xdf\xe8\x34\xaf" "\x75\xfc\xf7\xfb\x47\x6f\x7e\x9e\xd6\x9f\xfe\x7f\x7b\x89\xdc\xd5\xc1\xe1" "\x3b\x3f\x33\x53\xa8\x17\x1e\x24\xe6\x56\xd7\x2f\x45\x3c\x3e\xd8\x2e\xfe" "\x64\xa3\xfd\x93\x0e\xe3\xdf\x53\x5d\xd6\xf1\xca\xf3\xef\x7d\xda\x69\x5e" "\x1a\x7f\x1a\x6f\x33\x6d\x8e\x7f\x77\xad\x5d\x8e\x78\xb2\x6d\xfb\xdf\xbe" "\xa3\x2d\xd9\xf2\xfe\xc4\xc9\xc6\xee\x30\xd9\xdc\x29\xda\xf8\xfa\xe7\x4f" "\x46\x3a\xd5\xdf\xda\xfe\x69\x4a\xeb\x6f\x7e\x17\xd8\x0b\x69\xfb\x8f\x6c" "\x1d\xff\x58\xd2\x7a\xbf\x66\x6d\xfb\x75\xfc\x78\x79\xf4\xbb\x4e\xf3\xee" "\x1d\x7f\xfb\xfd\x7f\x5f\xf2\x7a\x23\xbf\x2f\x9b\x76\xb1\x50\xaf\x2f\x4c" "\x45\xec\x4b\x5e\xdd\x3c\xfd\xe8\xed\xcf\x36\xcb\xcd\xe5\xd3\xf8\x27\x9e" "\x68\x7f\xfc\x6f\xb5\xff\xa7\xdf\x09\xcf\x74\x19\xff\xe0\xb5\x5f\xbf\xbc" "\xff\xf8\x77\x57\x1a\xff\xcc\xb6\xda\x7f\xfb\x99\x2b\xb7\xe6\x06\x3a\xd5" "\xdf\x5d\xfb\x4f\x37\x72\x13\xd9\x94\x6e\xce\x7f\xdd\xae\xe0\x83\x6c\x3b" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\xe8\x56\x2e\x22\x0e\x46\x92\xcb\x6f\xe4\x73\xb9\x7c\x7e\xfd\x1d\xde" "\x8f\xc4\x48\xae\x5c\xad\xd5\x0f\x9f\xad\x2e\xce\xcf\x44\xe3\x5d\xd9\x63" "\x31\x94\x6b\x3e\xea\x72\xb4\xe5\x79\xa8\x53\xd9\xf3\xf0\x9b\xe5\xa3\x77" "\x95\x9f\x89\x88\x87\x23\xe2\xe3\xe1\xff\x35\xca\xf9\x62\xb5\x3c\xd3\xeb" "\xe0\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x73\xa0\xc3" "\xfb\xff\x53\xbf\x0c\xf7\x7a\xed\x00\x80\x5d\xb3\xbf\xd7\x2b\x00\x00\xec" "\x39\xfd\x3f\x00\xf4\x1f\xfd\x3f\x00\xf4\x1f\xfd\x3f\x00\xf4\x1f\xfd\x3f" "\x00\xf4\x1f\xfd\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\xbb\xec\xd4\xc9\x93\x69\x5a\xfb\x73\x75\xa5\x98\x96\x67\x2e\x2c" "\x2d\xce\x55\x2f\x1c\x99\x29\xd5\xe6\xf2\x95\xc5\x62\xbe\x58\x5d\x38\x9f" "\x9f\xad\x56\x67\xcb\xa5\x7c\xb1\x5a\xb9\xd7\xdf\x2b\x57\xab\xe7\xa7\x63" "\x7e\xf1\xe2\x64\xbd\x54\xab\x4f\xd6\x96\x96\x4f\x57\xaa\x8b\xf3\xf5\xd3" "\xe7\x2a\x85\xd9\xd2\xe9\xd2\xd0\x9e\x44\x05\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\xdb\x53\x5b\x5a\x9e\x2b\x94\xcb\xa5\x05\x19\x19" "\x19\x99\x8d\x4c\xaf\xcf\x4c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff" "\x0e\xff\x04\x00\x00\xff\xff\x3e\x07\x2a\x2f", 1883); syz_mount_image(/*fs=*/0x200000000780, /*dir=*/0x2000000007c0, /*flags=MS_SYNCHRONOUS*/ 0x10, /*opts=*/0x200000000000, /*chdir=*/1, /*size=*/0x75b, /*img=*/0x200000000840); res = syscall(__NR_socket, /*domain=AF_INET6*/ 0xaul, /*type=SOCK_STREAM*/ 1ul, /*proto=*/0); if (res != -1) r[95] = res; memcpy((void*)0x200000000140, "lo\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16); *(uint64_t*)0x200000000150 = 0x200000000040; *(uint32_t*)0x200000000040 = 0x51; memcpy((void*)0x200000000044, "\x65\xb3\x82\xcd\x76\x1d\x2c\x65\x8d\x52\x70\x7b\x70\x0a\xd1\xba\x5d" "\xe9\xa6\xb9\xf4\x41\xa4\x1d\x4b\xc8\x0f\x1a\xac\xc4\x82\xa0", 32); memcpy((void*)0x200000000064, "\x8d\xec\x25\xde\xfd\x0d\x0f\x66\xb4\x90\x2a\x8e\xce\x5a\x7a\x84\xbb" "\xa7\xed\x0d\x33\xd8\xca\xab\x92\xce\x00\x00\x00\x00\x00\x00", 32); memcpy((void*)0x200000000084, "\xbe\x9a\x04\x00\x10\x00\x80\x00\x00\x00\x00\x68\x3b\xbd\xda\xf2\x86" "\xe1\x5d\xe4\x6c\x14\xa5\xbd\xa9\x88\x8b\x05\xf2\xcf\x52\x65", 32); memcpy((void*)0x2000000000a4, "\xd7\x62\xb8\x94\x06\x00\x00\x00\x00\x00\x00\x00\xd1\x77\x5b\x60\x15" "\x7d\x8d\x13\x0a\x76\x44\x7e\x8b\x95\x18\x3b\x00\x9a\x10\x8c", 32); memcpy((void*)0x2000000000c4, "\xdc\x90\x38\xc4\xe7\xeb\x0b\xb0\xff\x1c\x64\x90\x62\x5f\xa8\xdb\x0f" "\xe9\xcc\xd5\xf4\x0d\x6d\x3f\x3f\x28\xee\x71\x61\xe5\x12\x4f", 32); memcpy((void*)0x2000000000e4, "\xa4\x1b\x16\x74\x00\x00\x00\x00\x00\x00\x00\x00", 12); *(uint32_t*)0x2000000000f0 = 0; *(uint32_t*)0x2000000000f4 = 0; *(uint32_t*)0x2000000000f8 = 0; *(uint32_t*)0x2000000000fc = 0; *(uint32_t*)0x200000000100 = 0; syscall(__NR_ioctl, /*fd=*/r[95], /*cmd=*/0x8946, /*arg=*/0x200000000140ul); *(uint32_t*)0x200000000280 = 1; *(uint32_t*)0x200000000284 = 1; *(uint32_t*)0x200000000288 = 0x52; *(uint32_t*)0x20000000028c = -1; *(uint64_t*)0x200000000290 = 0; memcpy((void*)0x200000000298, "./file0\000", 8); syscall(__NR_ioctl, /*fd=*/r[94], /*cmd=*/0xc018937e, /*arg=*/0x200000000280ul); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0); if (res != -1) r[96] = res; *(uint8_t*)0x200000000100 = 0x11; syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x541c, /*arg=*/0x200000000100ul); *(uint8_t*)0x200000000100 = 0x11; syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x541c, /*arg=*/0x200000000100ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0); if (res != -1) r[97] = res; *(uint64_t*)0x200000000000 = 0; *(uint64_t*)0x200000000008 = 1; *(uint64_t*)0x200000000010 = 0; *(uint64_t*)0x200000000018 = 0; *(uint64_t*)0x200000000020 = 0; *(uint64_t*)0x200000000028 = 0; *(uint64_t*)0x200000000030 = 0x7fffffff; *(uint64_t*)0x200000000038 = 0; *(uint64_t*)0x200000000040 = 0; *(uint64_t*)0x200000000048 = 0; *(uint64_t*)0x200000000050 = 0; *(uint64_t*)0x200000000058 = 0; *(uint64_t*)0x200000000060 = 0; *(uint64_t*)0x200000000068 = 0; *(uint64_t*)0x200000000070 = 0; *(uint64_t*)0x200000000078 = 0; *(uint64_t*)0x200000000080 = 0; *(uint64_t*)0x200000000088 = 0; *(uint64_t*)0x200000000090 = 0; *(uint64_t*)0x200000000098 = 0; *(uint64_t*)0x2000000000a0 = 0; *(uint64_t*)0x2000000000a8 = 0; *(uint64_t*)0x2000000000b0 = 0; *(uint64_t*)0x2000000000b8 = 0; *(uint64_t*)0x2000000000c0 = 0; *(uint64_t*)0x2000000000c8 = 0; syscall(__NR_clock_adjtime, /*id=CLOCK_PROCESS_CPUTIME_ID|0x8*/ 0xaul, /*tx=*/0x200000000000ul); *(uint64_t*)0x200000005400 = 0; *(uint32_t*)0x200000005408 = 0; *(uint64_t*)0x200000005410 = 0x200000000200; *(uint64_t*)0x200000000200 = 0x200000000380; memcpy( (void*)0x200000000380, "\x14\x01\x00\x00\x20\x00\x23\x01\x00\x00\x00\x00\x00\x00\x00\x00\x02\x01" "\x00\x00\xa9\x49\x8f\x68\x3e\x39\x54\x4a\x55\xba\x23\x26\xd2\x6f\xf5\x5a" "\xaa\x1e\x69\xc6\xc5\x49\xe1\x56\xca\xd0\x3d\x7b\x63\xfd\xa7\xce\xd4\x2d" "\x64\x23\x79\x55\x2b\x60\xfb\xb5\xff\xf5\x6e\x24\x00\x34\x96\xfd\x05\xf3" "\x39\xc7\xe2\x5f\x8a\xd5\x60\x6b\x40\xd8\x49\x86\x0b\x3f\xeb\x13\x17\x11" "\x62\xdb\x5e\x86\x34\x77\x9b\x76\x7c\xc5\x60\x73\x54\x43\x40\xa4\x0d\xfc" "\x26\xed\x7f\x45\xed\xc2\x75\x30\x66\x36\x61\x81\x73\x06\x86\xa9\x89\x7c" "\xcd\xcb\xb9\x87\x7f\x1d\xe7\x44\xdb\x11\x83\x43\xbf\x67\xeb\xf8\xa6\x3b" "\xfa\x12\x95\x9f\xb7\xce\xe4\xfb\x72\x23\xce\xb9\xf8\x1c\xf4\xaf\xf2\xe8" "\x63\xe5\xc1\xd5\xde\x03\xcc\x46\xb9\x01\x44\x6a\x7f\x71\x86\x21\xb6\xe7" "\x27\xac\x09\x8f\x4c\x38\x7d\x9d\x43\x22\x88\xa7\xea\x4a\x5a\x46\x65\x21" "\xc5\x8e\xaa\x5e\x6b\x84\x48\x23\x9b\x27\x3c\xe0\x1c\x42\x98\x7a\xd1\x9e" "\x48\x7d\xbb\x57\x76\x53\x1f\xc1\x0d\xe2\xc9\x1f\x42\x2b\xec\xd7\xbc\x13" "\x7f\x98\x0d\xdc\x5f\x1b\xcd\xd5\x8f\xca\xea\x09\xb8\x77\x3b\x0d\x31\x75" "\x33\xe0\x3e\x05\x38\x68\x17\x95\x07\x54\xc4\x32\x4a\xb2\x4c\x04\x77\xee" "\x1b\x85\x34\x7c\xfa\x3c\x8b\xac\x8d\x89\x02\x85\x59\x2d\xf8\x00\x00", 287); *(uint64_t*)0x200000000208 = 0x114; *(uint64_t*)0x200000005418 = 1; *(uint64_t*)0x200000005420 = 0; *(uint64_t*)0x200000005428 = 0; *(uint32_t*)0x200000005430 = 0; syscall(__NR_sendmsg, /*fd=*/r[97], /*msg=*/0x200000005400ul, /*f=*/0ul); *(uint64_t*)0x200000000000 = htobe64(0); *(uint64_t*)0x200000000008 = htobe64(1); *(uint32_t*)0x200000000010 = 0; syscall(__NR_setsockopt, /*fd=*/r[96], /*level=*/0x29, /*optname=*/0x11, /*optval=*/0x200000000000ul, /*optlen=*/0x14ul); memcpy((void*)0x200000000000, "net/protocols\000", 14); syz_open_procfs(/*pid=*/0, /*file=*/0x200000000000); memcpy((void*)0x200000000000, "net/protocols\000", 14); syz_open_procfs(/*pid=*/0, /*file=*/0x200000000000); syscall(__NR_close_range, /*fd=*/-1, /*max_fd=*/-1, /*flags=CLOSE_RANGE_UNSHARE*/ 2ul); memcpy((void*)0x200000000000, "./file0\000", 8); syscall(__NR_creat, /*file=*/0x200000000000ul, /*mode=*/0ul); res = syscall(__NR_inotify_init1, /*flags=*/0ul); if (res != -1) r[98] = res; memcpy((void*)0x200000000000, "/dev/rtc0\000", 10); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=*/0, /*mode=*/0); if (res != -1) r[99] = res; syscall(__NR_ioctl, /*fd=*/r[99], /*cmd=*/0x4008700e, /*arg=*/0ul); memcpy((void*)0x200000001240, "./file0\000", 8); res = syscall(__NR_inotify_add_watch, /*fd=*/r[98], /*file=*/0x200000001240ul, /*mask=IN_MODIFY|IN_DELETE_SELF|IN_DELETE*/ 0x602ul); if (res != -1) r[100] = res; syscall(__NR_inotify_rm_watch, /*fd=*/r[98], /*wd=*/r[100]); res = syscall(__NR_getgid); if (res != -1) r[101] = res; memcpy((void*)0x200000001b40, "ext2\000", 5); memcpy((void*)0x200000000500, "./file0\000", 8); *(uint8_t*)0x200000000580 = 0; memcpy( (void*)0x200000003100, "\x78\x9c\xec\xdd\x4f\x6f\x23\x67\x19\x00\xf0\x67\x9c\xb8\x64\xbb\x59\x92" "\x02\x87\x52\xa9\xa5\xa2\x45\xd9\x0a\xd6\x4e\x1a\xda\x46\x1c\xda\x22\x21" "\x6e\x95\x40\xcb\x7d\x89\x12\x27\x8a\xe2\xc4\x51\xec\xb4\x9b\xa8\x42\xa9" "\xf8\x00\x48\x08\xc1\x4a\x9c\x38\x71\x41\xe2\x03\x20\xa1\xfd\x08\x68\xa5" "\x95\xd8\x3b\x02\x04\x42\xb0\x0b\x07\x0e\xc0\xa0\x19\x4f\xb2\x89\x35\xde" "\x64\xd5\xd8\x5e\x39\xbf\x9f\xf4\x7a\xde\x19\x7b\xe6\x79\x5e\x3b\x1e\xcf" "\x9f\x37\x33\x01\x5c\x5a\xaf\x46\xc4\xfb\x11\x31\x11\x11\x6f\x44\xc4\x4c" "\x31\xbd\x52\x94\x38\xec\x96\xec\x75\x8f\x1e\x7e\xbc\x92\x95\x24\xd2\xf4" "\xe6\xdf\x93\x7c\x9e\x6c\x3c\x22\x92\x93\xcb\xbc\x5a\xcc\x36\xd5\x1d\x94" "\x6a\xef\x1f\x6c\x2e\x37\x9b\x8d\xdd\x62\xbc\xde\xd9\xda\xa9\xb7\xf7\x0f" "\x6e\x6c\x6c\x2d\xaf\x37\xd6\x1b\xdb\x8b\x8b\x0b\x6f\x2f\xbd\xb3\xf4\xd6" "\xd2\xfc\x85\xb4\xf3\x5a\x44\xbc\xfb\xad\x3f\xff\xf4\x47\xbf\xfc\xf6\xbb" "\xbf\xfd\xda\x47\x7f\xb8\xf5\xd7\xeb\x3f\xc8\x92\x9e\x2e\x9e\x2f\xda\x71" "\xe1\x1e\xe4\x8f\xd5\xec\xbd\x38\x36\x19\x11\xbb\x83\x08\x36\x02\x13\x45" "\x7b\xaa\xa3\x4e\x04\x00\x80\x73\xa9\x45\xc4\xe7\x22\xe2\xcb\xf9\xf6\xff" "\x4c\x4c\xe4\x5b\x73\x39\x9b\x74\x00\x00\x00\x30\x26\xd2\xf7\xa6\xe3\x3f" "\x49\x44\x0a\x00\x00\x00\x8c\xad\xf7\xf2\x3e\xb0\x49\xa5\x56\xf4\xf7\x9d" "\x8e\x4a\xa5\x56\xeb\xf6\xe1\xfd\x42\x3c\x5f\x69\xb6\xda\x9d\xaf\xae\xb5" "\xf6\xb6\x57\xbb\x7d\x65\x67\xa3\x5a\x59\xdb\x68\x36\xe6\x8b\xbe\xc2\xb3" "\x51\x4d\xb2\xf1\x85\xbc\xfe\x78\xfc\xcd\x9e\xf1\xc5\x88\x78\x21\x22\x7e" "\x32\x73\x25\x1f\xaf\xad\xb4\x9a\xab\xa3\x3e\xf8\x01\x00\x00\x00\x97\xc4" "\xd5\x9e\xfd\xff\x7f\xcd\x74\xf7\xff\x01\x00\x00\x80\x31\x33\x3b\xea\x04" "\x00\x00\x00\x80\x81\xeb\xb7\xff\x9f\x0c\x39\x0f\x00\x00\x00\x60\x70\x9c" "\xff\x07\x00\x00\x80\xb1\xf6\x9d\x0f\x3e\xc8\x4a\x7a\x74\xff\xeb\xd5\x0f" "\xf7\xf7\x36\x5b\x1f\xde\x58\x6d\xb4\x37\x6b\x5b\x7b\x2b\xb5\x95\xd6\xee" "\x4e\x6d\xbd\xd5\x5a\xcf\xaf\xd9\xb7\x75\xd6\xf2\x9a\xad\xd6\xce\xd7\x63" "\x7b\xef\x76\xbd\xd3\x68\x77\xea\xed\xfd\x83\x5b\x5b\xad\xbd\xed\xce\xad" "\x8d\x53\xb7\xc0\x06\x00\x00\x00\x86\xe8\x85\x2f\xdd\x7d\x90\x44\xc4\xe1" "\x37\xae\xe4\x25\xf3\x5c\xf6\x30\xd1\x67\x06\x7d\x05\x60\x6c\x54\x9e\xe6" "\xc5\x7f\x1a\x5c\x1e\xc0\xf0\xf5\xfb\x99\x07\xc6\xdf\xe4\xa8\x13\x00\x46" "\xe7\x70\xd4\x09\x00\xa3\x76\xea\x52\x1f\x25\x1b\x05\x27\x3b\xef\x9c\x3a" "\x66\xf0\xbb\xc1\xe5\x04\x00\x00\x5c\xac\xb9\x2f\x96\x9f\xff\xcf\x76\x01" "\xaa\xa3\x4e\x0e\x18\xa8\xa7\x3a\xff\x0f\x8c\x15\xe7\xff\xe1\xf2\x7a\xca" "\xf3\xff\xf7\x06\x95\x07\x30\x7c\x55\x5b\x00\x70\xe9\x9d\x75\xab\x8f\xbe" "\x17\xef\x38\xf7\xf9\xff\x34\x3d\x73\x59\x00\x00\xc0\x40\x4d\xe7\x25\xa9" "\xd4\x8a\x73\x81\xd3\x51\xa9\xd4\x6a\x11\xd7\xf2\x7f\xf5\xaf\x26\x6b\x1b" "\xcd\xc6\x7c\x44\x7c\x36\x22\x7e\x3f\x53\xfd\x4c\x36\xbe\x90\xcf\x99\xb8" "\x3d\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x9c\x53\x9a\x26\x91\x02\x00\x00\x00\x63\x2d\xa2\xf2\x97\xa4" "\xb8\xff\xd7\xdc\xcc\xeb\xd3\xbd\xc7\x07\x9e\x4b\xfe\x3d\x93\x0f\x23\xe2" "\xa3\x9f\xdf\xac\xdc\x5e\xee\x74\x76\x17\xb2\xe9\xff\x38\x9e\xde\xb9\x73" "\xf3\x67\xf9\xf4\x37\x47\x71\x04\x03\x00\x00\x00\xe8\x75\xb4\x9f\x7e\xb4" "\x1f\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x17\xe9\xd1\xc3\x8f\x57\x8e\xca\x30\xe3\xfe\xed\x9b\x11\x31" "\x5b\x16\x7f\x32\xa6\xf2\xe1\x54\x54\x23\xe2\xf9\x7f\x26\x31\x79\x62\xbe" "\x24\x22\x26\x2e\x20\xfe\xe1\x27\x11\xf1\x62\x59\xfc\x24\x4b\x2b\x66\x8b" "\x2c\x7a\xe3\x57\x22\xe2\xca\x70\xe2\xbf\x9c\xa6\x69\x69\xfc\xab\x17\x10" "\x1f\x2e\xb3\xbb\xd9\xfa\xe7\xfd\xb2\xef\x5f\x25\x5e\xcd\x87\xe5\xdf\xff" "\xc9\xa2\x7c\x5a\xfd\xd7\x7f\x95\xe3\xf5\xdf\x44\x9f\xf5\xdf\xb5\x73\xc6" "\x78\xe9\xfe\xaf\xeb\x7d\xe3\x7f\x12\xf1\xd2\x64\xf9\xfa\xe7\x28\x7e\xd2" "\x27\xfe\x6b\x65\x0b\x2c\x79\x53\xbe\xff\xbd\x83\x83\x7e\xf1\xd3\x5f\x44" "\xcc\x95\xfe\xfe\x24\xa7\x62\xd5\x3b\x5b\x3b\xf5\xf6\xfe\xc1\x8d\x8d\xad" "\xe5\xf5\xc6\x7a\x63\x7b\x71\x71\xe1\xed\xa5\x77\x96\xde\x5a\x9a\xaf\xaf" "\x6d\x34\x1b\xc5\x63\x69\x8c\x1f\xbf\xfc\x9b\xff\xf5\x4c\xfa\x6f\xda\x95" "\xb7\x3f\xfa\xc4\x9f\x3d\xa3\xfd\xaf\x67\x95\xea\xc9\xc6\xf4\x86\x29\x82" "\xdd\xbf\xfd\xf0\xf3\xdd\x6a\xb5\x67\x11\x79\xfc\xeb\xaf\x95\x7f\xfe\x2f" "\x3e\x21\x7e\xf6\x37\xf1\x95\xe2\x77\x20\x7b\x7e\xee\xa8\x7e\xd8\xad\x9f" "\xf4\xca\xaf\xee\xbd\x52\x9a\x58\x11\x7f\xb5\x4f\xfb\x8f\x3f\xff\xac\x52" "\xd2\xfe\xeb\xfd\x16\xda\xe3\x8d\xef\xfe\xf0\x8f\xe7\x7c\x29\x00\x30\x04" "\xed\xfd\x83\xcd\xe5\x66\xb3\xb1\x3b\xf0\xca\x9d\x34\x4d\x87\x15\x4b\xe5" "\x19\xac\x4c\x3d\x1b\x69\xa8\x9c\x5d\xb9\x88\x23\x5b\x00\x00\xc0\xb3\xe6" "\xf1\x46\xff\xa8\x33\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x80\xcb\xab\xbd\x9f\x4e\x0c\xfa\x72\x62\xbd\x31\x0f\x47\xd3\x54" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x80\x27\xfa\x7f\x00\x00\x00\xff\xff\xa2\xc2\xe3\xbd", 1277); syz_mount_image( /*fs=*/0x200000001b40, /*dir=*/0x200000000500, /*flags=MS_POSIXACL|MS_RELATIME|MS_RDONLY|MS_NOSUID*/ 0x210003, /*opts=*/0x200000000580, /*chdir=*/1, /*size=*/0x4fc, /*img=*/0x200000003100); memcpy((void*)0x200000000040, ".\000", 2); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000040ul, /*flags=*/0, /*mode=*/0); if (res != -1) r[102] = res; syscall(__NR_fdatasync, /*fd=*/r[102]); syscall(__NR_unshare, /*flags=CLONE_NEWIPC*/ 0x8000000ul); syscall(__NR_semget, /*key=*/0ul, /*nsems=*/0x4004ul, /*flags=*/0ul); *(uint32_t*)0x200000000080 = r[101]; *(uint32_t*)0x200000000084 = r[101]; *(uint32_t*)0x200000000088 = r[101]; syscall(__NR_setgroups, /*size=*/3ul, /*list=*/0x200000000080ul); syscall(__NR_semctl, /*semid=*/0, /*semnum=*/0ul, /*cmd=*/0x11ul, /*arg=*/0x200000000000ul); res = syscall(__NR_semget, /*key=*/0ul, /*nsems=*/0x4000000009ul, /*flags=*/0ul); if (res != -1) r[103] = res; *(uint16_t*)0x200000000040 = 4; *(uint16_t*)0x200000000042 = 0xfe01; *(uint16_t*)0x200000000044 = 0; syscall(__NR_semop, /*semid=*/r[103], /*ops=*/0x200000000040ul, /*nops=*/1ul); *(uint16_t*)0x200000000000 = 4; *(uint16_t*)0x200000000002 = 0xab3; *(uint16_t*)0x200000000004 = 0; syscall(__NR_semop, /*semid=*/r[103], /*ops=*/0x200000000000ul, /*nops=*/1ul); memcpy((void*)0x200000000000, "ext4\000", 5); memcpy((void*)0x200000000100, "./file1\000", 8); *(uint8_t*)0x200000000140 = 0; memcpy( (void*)0x200000000d40, "\x78\x9c\xec\xdb\xcb\x6f\x54\x55\x18\x00\xf0\xef\xde\x69\xa9\xbc\x6c\xc5" "\x27\x88\x5a\x45\x63\xe3\xa3\xa5\x05\x95\x05\x1b\x8c\x26\x2e\x34\x31\xd1" "\x05\x2e\x6b\x3b\x10\x64\xa0\x86\xd6\x44\x08\x11\x34\x06\x97\x86\xc4\xbd" "\x71\x69\xe2\x5f\xe0\x4a\x37\x06\x5d\x99\xb8\xd5\xbd\x21\x21\xca\x46\x70" "\x35\xe6\xce\xdc\x3b\x9d\x0e\x33\x6d\x69\xa7\x1d\x61\x7e\xbf\x64\xe0\xdc" "\xd7\x9c\xef\xeb\x39\x67\xee\x99\x7b\x32\x01\xf4\xad\xd1\xec\x9f\x24\x62" "\x47\xc4\x60\xb1\x2f\x69\x3d\x61\xb4\xfe\xdf\x8d\xeb\xe7\x67\x6e\x5e\x3f" "\x3f\x93\x44\xb5\xfa\xce\x5f\x49\xed\xbc\x7f\xae\x9f\x9f\x69\x9c\xfb\x77" "\xb5\x66\x7b\xfe\x26\x63\x69\x44\xfa\x79\xd2\xf2\x86\x75\xf3\x67\xcf\x9d" "\x9c\xae\x54\xca\x67\xf2\xed\x89\x85\x53\x1f\x4e\xcc\x9f\x3d\xf7\xe2\x89" "\x53\xd3\xc7\xcb\xc7\xcb\xa7\xa7\x0e\x1d\x3a\x78\x60\xf2\x95\x97\xa7\x5e" "\xea\x4a\x9e\xc3\x59\xac\x7b\x3e\x99\xdb\xbb\xfb\x8d\xf7\x2e\xbf\x35\x73" "\xf4\xf2\xfb\x3f\x7f\x97\x85\x75\xf8\x42\xfd\xf8\x92\x3c\xba\x64\xf4\xca" "\x68\xbb\xd4\x6b\x9e\xe9\x76\x65\x3d\xb6\xb3\xa9\x9c\x0c\x2c\x96\xab\xb9" "\x5e\xc4\xc4\xca\x4a\x11\x91\x35\x57\x36\xf8\x7f\x8f\xe1\x28\xc5\x62\xe3" "\x0d\xc7\xeb\x9f\xf5\x34\x38\x60\x43\x65\x9f\xcd\x43\x9d\x6e\x52\x11\x17" "\xab\xc0\x5d\x2c\x89\x5e\x47\x00\xf4\x46\x71\xa3\xcf\xbe\xff\x16\xaf\xcd" "\x9a\x7b\xfc\x1f\x5c\x3b\x12\x71\xb3\x54\xcf\xff\x46\xfe\xaa\x1f\x19\x88" "\x34\x3f\x67\xb0\xe5\xfb\x6d\x37\x8d\x46\xc4\xd1\x8b\xff\x7e\x9d\xbd\xa2" "\x78\x0e\xe1\xdb\x32\x00\xb0\x81\x7e\x38\x12\x11\x2f\xb4\x9b\xff\xa5\xf1" "\x50\xd3\x79\xf7\xe6\x6b\x28\x23\x11\x71\x5f\x44\xec\x8a\x88\xfb\x23\xe2" "\x81\x88\x78\x30\xa2\x76\xee\xc3\x11\xf1\xc8\x6d\xd6\x3f\xda\xb2\x7d\xeb" "\xfc\x33\xbd\xba\xa6\xc4\x56\x29\x9b\xff\x1d\xce\xd7\xb6\x96\xce\xff\x8a" "\xd9\x5f\x8c\x94\xf2\xad\x9d\xb5\xfc\x07\x93\x63\x27\x2a\xe5\xfd\xf9\xdf" "\x64\x2c\x06\x87\xb2\xed\xc9\x65\xea\xf8\xf1\xb5\xdf\xbe\xec\x74\xac\x31" "\xff\x1b\x8a\xda\x1c\x30\xab\xbf\x98\x0b\xe6\x71\x5c\x1d\x18\x5a\x7a\xcd" "\xec\xf4\xc2\xf4\x7a\x72\x6e\x76\xed\xd3\x88\x3d\x03\xed\xf2\x4f\x1a\x2b" "\x01\x49\x44\xec\x8e\x88\x3d\x6b\xac\xe3\xc4\x73\xdf\xee\xed\x74\xac\x79" "\xfe\xdb\x3e\xff\x56\x5b\x16\x8b\x03\x6b\x0c\xa8\x49\xf5\x9b\x88\x67\xeb" "\xfd\xfa\x62\xb4\xe4\x5f\x48\x1a\xeb\x93\x69\xbb\xf5\xc9\x89\x7b\xa2\x52" "\xde\x3f\x51\xf4\x8a\x5b\xfd\xf2\xeb\xa5\xb7\x3b\xd5\xbf\x6c\xfe\x23\xeb" "\xcf\x6f\x25\x59\xfb\x6f\x6b\xdb\xff\x1b\x46\x92\xe6\xf5\xda\xf9\xdb\xaf" "\xe3\xd2\x1f\x5f\x74\x4c\x65\xe5\xf6\x6f\xdf\xff\xb7\x24\xef\xd6\xca\x45" "\x6f\xf8\x78\x7a\x61\xe1\xcc\x64\xc4\x96\xe4\xcd\x5b\xf7\x4f\x2d\x5e\x5b" "\x6c\x17\xe7\x67\xf9\x8f\xed\x6b\x3f\xfe\x77\xe5\xd7\x64\xf9\x3f\x1a\x11" "\x59\x27\x7e\x2c\x22\x1e\x8f\x88\x27\xf2\xd8\x9f\x8c\x88\xa7\x22\x62\xdf" "\x32\xf9\x5f\x79\xf5\xe9\x0f\x3a\x1d\xbb\xfd\xfe\x1f\x4b\xf2\x5b\xaf\x2c" "\xff\xd9\xb6\xed\xdf\xe8\xff\x2d\xed\xbf\x4c\xa1\xb8\xa6\xe5\x50\xe9\xe4" "\x4f\xdf\x77\xaa\x7f\x75\xed\x7f\xb0\x56\x1a\xcb\xf7\xac\xe6\xf3\x6f\x85" "\x48\xd7\xd1\x9b\x01\x00\x00\xe0\xce\x93\x46\xc4\x8e\x48\xd2\xf1\x46\x39" "\x4d\xc7\xc7\x23\xb6\xd7\x9e\xed\x6e\x4b\x2b\x73\xf3\x0b\xcf\x1f\x9b\xfb" "\xe8\xf4\x6c\xed\x37\x02\x31\x12\x83\x69\xf1\xa4\x6b\xb8\xe9\x79\xe8\x64" "\xfe\xb8\xaa\xd8\x9e\x6a\xd9\x3e\x90\x3f\x37\xfe\xaa\xb4\x35\x39\x56\xaa" "\x94\xc7\x67\xe6\x2a\xb3\xbd\x4e\x1e\xfa\xdc\xf6\x0e\xe3\x3f\xf3\x67\xa9" "\xd7\xd1\x01\x1b\x6e\x8d\xeb\x68\x5b\xbb\x1d\x07\xb0\xf9\xba\xb0\x8e\x0e" "\xdc\xa1\x96\x1d\xff\x49\xfe\x5a\xf2\x73\x01\xe0\x6e\xe1\xfe\x0f\xfd\xcb" "\xf8\x87\xfe\xd5\x6e\xfc\x5f\xe8\x41\x1c\xc0\xe6\x73\xff\x87\xfe\x65\xfc" "\x43\xff\x6a\x8c\xff\xa1\xde\xc6\x01\x6c\x3e\xf7\x7f\xe8\x4b\xab\xfa\x91" "\xbc\x82\x42\xad\x50\x8a\xc5\x3d\x91\xf6\x3e\x1e\x85\x8d\x2b\xf4\xfa\x93" "\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\x3b\xfe\x0b\x00\x00" "\xff\xff\xa1\xfe\xf3\xac", 1122); syz_mount_image( /*fs=*/0x200000000000, /*dir=*/0x200000000100, /*flags=MS_I_VERSION|MS_SLAVE|MS_PRIVATE|MS_POSIXACL|MS_SYNCHRONOUS|MS_SILENT|0xc0600307*/ 0xc0ed8317, /*opts=*/0x200000000140, /*chdir=*/0xe, /*size=*/0x462, /*img=*/0x200000000d40); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0); if (res != -1) r[104] = res; syscall(__NR_fcntl, /*fd=*/-1, /*cmd=*/8ul, /*pid=*/-1); syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10); *(uint16_t*)0x200000000000 = 0xa; *(uint16_t*)0x200000000002 = htobe16(2); *(uint32_t*)0x200000000004 = htobe32(0); memset((void*)0x200000000008, 0, 16); *(uint32_t*)0x200000000018 = 0; syscall(__NR_bind, /*fd=*/r[104], /*addr=*/0x200000000000ul, /*addrlen=*/0x1cul); *(uint16_t*)0x200000b63fe4 = 0xa; *(uint16_t*)0x200000b63fe6 = htobe16(2); *(uint32_t*)0x200000b63fe8 = htobe32(0); *(uint64_t*)0x200000b63fec = htobe64(0); *(uint64_t*)0x200000b63ff4 = htobe64(1); *(uint32_t*)0x200000b63ffc = 0; syscall( __NR_sendto, /*fd=*/r[104], /*buf=*/0ul, /*len=*/0x1eul, /*f=MSG_FASTOPEN|MSG_PROBE|MSG_OOB|MSG_NOSIGNAL|MSG_MORE|MSG_DONTWAIT|0x2000800*/ 0x2200c851ul, /*addr=*/0x200000b63fe4ul, /*addrlen=*/0x1cul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/6); if (res != -1) r[105] = res; *(uint64_t*)0x200000000200 = 0; *(uint32_t*)0x200000000208 = 0; *(uint64_t*)0x200000000210 = 0x2000000001c0; *(uint64_t*)0x2000000001c0 = 0x200000000240; *(uint32_t*)0x200000000240 = 0xb8; *(uint16_t*)0x200000000244 = 0x19; *(uint16_t*)0x200000000246 = 1; *(uint32_t*)0x200000000248 = 0; *(uint32_t*)0x20000000024c = 0; *(uint32_t*)0x200000000250 = htobe32(0x7f000001); memset((void*)0x200000000260, 0, 16); *(uint16_t*)0x200000000270 = htobe16(0); *(uint16_t*)0x200000000272 = htobe16(0); *(uint16_t*)0x200000000274 = htobe16(0); *(uint16_t*)0x200000000276 = htobe16(0); *(uint16_t*)0x200000000278 = 0; *(uint8_t*)0x20000000027a = 0; *(uint8_t*)0x20000000027b = 0; *(uint8_t*)0x20000000027c = 0; *(uint32_t*)0x200000000280 = 0; *(uint32_t*)0x200000000284 = -1; *(uint64_t*)0x200000000288 = 0; *(uint64_t*)0x200000000290 = 0; *(uint64_t*)0x200000000298 = 0; *(uint64_t*)0x2000000002a0 = 0; *(uint64_t*)0x2000000002a8 = 0; *(uint64_t*)0x2000000002b0 = 0; *(uint64_t*)0x2000000002b8 = 0; *(uint64_t*)0x2000000002c0 = 0; *(uint64_t*)0x2000000002c8 = 0; *(uint64_t*)0x2000000002d0 = 0; *(uint64_t*)0x2000000002d8 = 0; *(uint64_t*)0x2000000002e0 = 0; *(uint32_t*)0x2000000002e8 = 0; *(uint32_t*)0x2000000002ec = 0; *(uint8_t*)0x2000000002f0 = 0; *(uint8_t*)0x2000000002f1 = 0; *(uint8_t*)0x2000000002f2 = 0; *(uint8_t*)0x2000000002f3 = 0; *(uint64_t*)0x2000000001c8 = 0xb8; *(uint64_t*)0x200000000218 = 1; *(uint64_t*)0x200000000220 = 0; *(uint64_t*)0x200000000228 = 0; *(uint32_t*)0x200000000230 = 0; syscall(__NR_sendmsg, /*fd=*/r[105], /*msg=*/0x200000000200ul, /*f=*/0ul); memcpy( (void*)0x200000000080, "\x44\xf9\xb1\x08\xb1\xcd\xc8\x85\xc9\xc5\x33\xd2\x1f\x47\x4b\xec\x8b\xfe" "\xf1\xdf\x1e\x2d\xa7\x1e\x57\x8d\xc6\xb9\x1d\x09\xf7\xab\x15\x37\x85\x71" "\xd8\xe2\x75\x46\x09\x00\x11\x00\x6e\x75\x43\x69\x14\xab\x71\x75\x28\xee" "\x4b\x7a\x9b\xea\xf9\x08\xd1\x11\x37\xc1\x19\x03\x06\x4e\x83\xb4\x95\x1f" "\x4d\x43\x3a\x54\x04\x97\x0c\x85\xd9\x2d\x70\x83\xfd\x38\x84\x4c\xbb\x0c" "\x6c\x5e\xb5\x08\xdd\xc2\xdc\x7a\x59\x0a\xa7\x94\x1b\x1e\x9e\xeb\x5a\x68" "\x81\x38\xde\xa0\x9b\x77\x6c\xbf\xa7\x84\xcb\xf5\x50\xbf\x30\x74\xfb\x0d" "\x77\x5d\xa4\xdf\x5a\x3f\x48\xbb\xdf\x45\x2e\xeb\x6b\x92\x3d\xa9\xd0\xe2" "\x5b\x80\xf7\x6a\x87\x36\x64\xb5\x75\x34\x44\xfe\x05\xf3\x3e\x5f\x91\x04" "\x55\x40\x83\x6c\x3c\xd6\xaf\x10\xf0\xcd\x01\x8f\x0c\x6f\x57\xf9\x26\xac" "\x95\x9a\x56\x28\xc4\x50\x88\xfb\xe0\xc8\x7f\xbe\x6c\xbc\xda\x46\x62\xd2" "\xa1\x2f\x6d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 215); syscall(__NR_sendto, /*fd=*/r[104], /*buf=*/0x200000000080ul, /*len=*/0xd7ul, /*f=MSG_FASTOPEN|MSG_OOB|MSG_DONTWAIT|MSG_CONFIRM*/ 0x20000841ul, /*addr=*/0ul, /*addrlen=*/0ul); res = -1; res = syz_open_dev(/*dev=*/0xc, /*major=*/4, /*minor=*/1); if (res != -1) r[106] = res; *(uint64_t*)0x2000000021c0 = 0x200000000080; memcpy( (void*)0x200000000080, "\xee\xd6\x07\x05\x97\x03\xf2\xbc\xa1\xa2\xd2\x39\xe7\x9d\x8c\x1e\x95\xb6" "\x44\x99\x85\x74\xf6\x93\x60\x2d\xfc\xb8\x32\xcd\x60\x99\xd0\x3a\x7c\x7e" "\xa1\x05\x36\x1d\x2a\x0a\x7a\x90\xcb\x0e\x87\x86\xbd\x0f\xf3\xc8\x4c\x72" "\x30\x40\x9d\x40\x12\x66\x21\x6c\xbe\x55\xe6\x9d\x7d\xa8\x9d\x96\xb7\x9a" "\xf5\x6b\xaa\x96\x46\xf0\x98\x6e\xf7\x46\x9b\xf3\x98\x90\xcb\x92\x41\xed" "\x47\x87\x58\xdc\xc8\xbe\xae\x60\xee\xed\x76\x0e\xd6\x2a\xf7\x8b\xa1\x91" "\xb5\xfd\xb9\xd4\x88\x82\x8f\x56\x2d\x84\x0f\x97\x15\x9f\x22\x4f\x4a\x9b" "\xea\xcb\x76\x15\x10\x18\x07\x26\x04\x6f\xfa\xa3\x1d\x70\xa4\xc5\x36\xe4" "\x81\xdf\xc1\xe0\x8d\xb2\x40\xee\x89\x67\xfc\x1b\x2f\xa7\x46\xa4\xec\x13" "\xdd\x24\xc1\xcf\xa2\x67\x79\x72\x5b\x99\x68\xb5\xc7\x55\x41\x87\xec\x1a" "\xc5\x11\xf5\xe2\x0c\x35\xd5\x6e\x9f\x41\xfb\x6c\xf0\xb0\x39\x7a\xd5\x84" "\xa9\x0b\x99\x68\xae\xbb\x94\x10\x31\x09\x90\x08\x2c\x02\x57\xaa\xc8\x98" "\x2f\x12\x1f\x3a\xa9\xdf\x9c\x22\xfc\xf5\x49\xb8\x4f\x46\x77\x2a\x27\xa5" "\x7e\x24\x86\x62\xbe\x3b\x7a\xe9\x10\x02\x04\xe8\xf7\x5d\xcd\x89\x11\xac" "\xdd\x37\x6b\x38\xb6\x42\xd1\xa9\x15\x11\x89\x4e\xda\x2f\x5f\xa5\xe6\xf7" "\xb2\xd1\x20\xd8\xba\x82\xb6\xa3\x93\x55\xbb\x4d\x13\xf2\x86\x88\xb4\xb0" "\x95\x6d\x7f\x7f\x7f\xb8\xbf\x06\x7a\xf6\x40\xc9\xed\x4a\x1c\x65\x73\xb9" "\x41\xb6\x41\x75\xe8\x7a\xa4\x16\x40\x52\xa9\xd9\x4e\xd8\x1f\x87\xec\x60" "\x69\xb8\x4c\x5a\xae\xf4\x67\xed\xba\xda\xbb\xe8\x45\xa7\xd7\x5a\xf3\x39" "\x99\x89\x9d\xfa\x88\x7c\x67\x00\x7e\x8c\xec\x6e\xad\x9f\x6c\xb3\xd2\xb5" "\x6d\xff\x0f\x3a\x0d\x06\xa7\x2d\x0c\x56\x0e\x31\x8a\xc4\x9c\x2f\xb6\x83" "\xb6\x4a\x51\x2f\x09\xcc\x3d\xc4\xe7\xdf\x6d\x58\xe3\x1b\x81\x63\x7d\x90" "\xe2\xf0\x12\x3f\xd0\x21\x42\x72\x3c\x97\x5e\x89\xb2\x96\x86\x57\x71\xa0" "\x93\x3e\x25\x91\x15\x82\x10\xe7\x93\x14\x32\x25\xf4\x67\x1b\x50\xc0\x2e" "\xfa\xa0\x32\xed\xfe\xf7\x93\x9a\x17\x75\x3f\x72\x43\x88\xa2\xd6\xba\x88" "\x21\xc3\xce\x4c\x40\x7a\xc7\x4d\x35\x1d\x35\x0c\xd2\xb9\x8a\x8a\x63\xdb" "\xb0\x0b\x7c\x68\x59\xb1\x1a\x64\x0e\x34\xa3\x38\x73\x63\x09\xe3\xc0\x80" "\x47\xf1\x80\x4b\x77\xdd\x13\x51\xa1\xfa\x66\xfe\x6b\x80\x59\xf9\xe6\x31" "\xfb\x44\xfa\xf6\xc4\xa2\xbd\xd7\x16\xd9\x3d\x66\x9d\xc1\x4d\xba\xa4\x2e" "\xf1\x28\x67\x1b\xba\x50\xc7\xcf\x25\x84\xea\x93\x0e\x1f\xfc\xb7\x11\x84" "\xe5\xa9\x29\xdb\xf7\xc7\xdb\xc0\x6d\x80\x4e\x6c\x1f\x53\x6a\x3a\x1b\x33" "\x6a\x7a\x55\x39\xa8\x87\x9c\xa4\xea\x3c\xbe\x4e\x25\x47\x22\xf4\x3f\x07" "\x08\x61\xd1\xd0\xdf\x18\xcb\xfc\xe8\x53\x84\x21\x34\x54\x7e\xd3\x7a\xd6" "\xc2\xd7\x57\xf7\x6f\x8a\x29\x94\x3d\x57\x38\xd5\xe7\xaa\xbf\x4c\xad\x6f" "\x5d\xe6\xf5\x3a\x2b\x6f\x33\x6f\x19\xf4\x1e\x14\x42\x31\x08\x32\x14\x62" "\x47\x33\xe3\x6a\xb7\x42\x08\x6d\x9f\x78\x68\x89\xd5\xaf\x36\xc0\xe2\xc6" "\xa7\x31\x14\x81\x58\xd8\xb6\xc6\xdb\x31\x8d\x33\x52\x9d\x98\x81\x5b\x93" "\xca\x9e\xfd\xa1\x46\xf8\xdc\x4e\xc9\xdf\x08\xf4\x32\x53\xf5\x5c\x2d\xcc" "\x48\x0a\x0e\x8b\x85\xc1\x84\xad\x13\xdb\x79\xd4\x01\x79\xad\x4c\x43\xe3" "\x0f\x6f\x8e\xe8\x8e\xa9\xfb\xd5\x22\x8b\x26\xb9\x07\xf4\x6f\xfc\x5c\x2b" "\x59\x4a\xde\x4f\x48\xde\xe4\x56\x1a\xe9\x9c\x7f\xb8\x1f\xd7\x49\xcf\x9a" "\xa3\x6a\x01\xb5\x7b\x77\x0b\x77\x21\xbf\x29\x44\x18\x24\x17\x35\x44\x97" "\x95\x01\x6e\xd0\x59\x7d\x66\xa6\x84\x5a\xf6\x8d\x0d\x44\x23\x2c\x4f\xfb" "\x61\x60\xa4\x57\xde\x63\xab\x8b\xf8\xfe\x5f\x02\xf4\x03\x77\x93\xa3\x59" "\xf0\x79\x9c\x90\x6a\x62\x87\xaa\x00\x00\x4a\xfa\x09\x94\x9e\xa7\x87\xaa" "\x73\xa6\x94\x16\xb3\xb9\xe3\x24\xca\x33\x6b\x35\x19\x7e\x7f\x3f\x8d\x14" "\x19\xb8\x56\x67\x6f\x9e\xf2\xf7\xce\x14\xce\x12\xe2\x3c\x72\xac\xa9\xe1" "\x2f\xba\xf1\x18\x63\xd5\xb9\xd7\x75\x99\x86\xfa\x00\x62\x59\x9f\x8c\x35" "\x16\x4b\x7f\xd7\xe9\xe1\x45\x49\xba\x88\x3a\x24\x4f\xea\xa6\x07\x82\x79" "\xcf\x64\x12\xf1\x3c\xb0\x88\x3f\x62\xba\xf7\xcd\xa4\xb4\x81\xc2\xb0\x88" "\xeb\xd3\x69\xc1\x2a\x24\x33\xa4\x8c\x24\xd3\x13\x31\xa9\x40\x16\x25\x1f" "\x3b\x86\xdd\xe8\x84\xbd\x5a\xa7\xb1\xd5\x4d\xc8\x92\xf6\xeb\x9f\xf8\x47" "\x76\xc3\x81\x84\x78\xb9\x8a\x8b\x9f\xb4\xa9\xbd\x18\xa2\x7e\xcf\x4e\x7d" "\xd9\x95\xcd\xc6\x96\xfb\xfa\x32\x60\xf1\x60\xe5\x90\xe6\xd3\x11\xb4\xba" "\x53\xeb\x11\x1c\xc6\x9c\x1a\x18\x6e\x98\x05\xd8\x0f\xdc\x03\x58\x24\x78" "\xc9\x9a\xef\x40\x29\x4c\xa7\x2b\xf9\x65\xba\x97\x7a\x7f\x6f\xca\x5f\xa8" "\x6a\x11\x0d\xe0\x02\x60\x3f\x2d\x0e\x92\xce\x93\x60\xbd\x83\x3d\xb6\x2c" "\xb8\x54\x7e\x28\x15\xa1\xf5\x4d\xe4\x81\xf7\x45\x88\xf1\x2e\x40\x31\x22" "\x23\xe3\x95\x79\xd5\xe3\xc9\x21\xeb\x4e\x62\xb2\x86\x80\xc6\xc3\x50\xb8" "\x0d\x6a\xa6\x25\x97\xd1\x9d\x3c\x1c\x12\x35\x64\xdb\xfa\x06\x86\xfd\xf8" "\x58\xa1\x0f\x81\xda\x38\x4e\x26\x1c\xed\x07\x8b\xb3\xb2\x26\x9a\xc9\xf6" "\x1c\xa0\x66\xbb\xb2\xbc\x65\xdb\x1f\x4b\xf1\xb4\x45\xca\x57\xdc\x32\x37" "\x4e\x67\xb9\x45\x93\x2f\x7f\x01\x96\x06\x92\x19\xc7\x77\x23\x67\x7d\x13" "\xef\x54\x05\x3b\xd0\x6a\x6b\xf7\x00\x41\x01\xcb\x0d\x1f\xce\x78\xc5\x9e" "\xce\x5e\x3a\x3c\xe4\x61\x5d\x5b\x03\xf2\x79\x7e\xed\x62\x48\xfa\xed\x2a" "\x49\x4c\x2c\xd5\x10\x28\x0f\x4f\x6b\x56\x99\xcc\x2c\xdb\x74\x03\x7a\x20" "\x2f\xf1\x1c\x24\xd9\x61\x09\xb8\x12\xd9\x7a\x2b\xab\x0f\xa0\xea\xed\x5b" "\x29\x21\xdb\xb3\x1b\xb9\x5a\x5f\x63\x4a\xd8\x4d\x23\x06\xa4\x0e\xdc\xaa" "\x3f\x81\xed\xf2\x89\xec\xda\xd9\x2c\x03\x64\x74\x54\xa7\x19\x74\x50\x8b" "\x53\xbc\x28\xf2\x63\x79\xa6\x9b\x4c\x51\xd9\x50\x5e\xac\x0a\x23\x5d\x5c" "\x31\xda\x3f\xa5\xcc\x7d\x74\x7c\xea\x40\xac\x54\xf8\x84\x35\x78\x21\xb6" "\xc3\x3c\xf6\x34\xf0\x16\xd5\x35\xb3\x34\x8a\x3b\x5e\x17\x9e\x6f\x48\x08" "\xfe\x3a\xda\xcb\x30\xf7\xfd\x17\x1a\xa2\x9a\x28\x65\x07\xb5\x16\xda\xbd" "\xea\x2d\xf7\x45\x6e\xbc\x32\xdd\xd8\x39\x1e\x47\x79\xbb\xfc\x65\xd0\x0e" "\xa1\x34\x0e\x27\x54\x43\xa4\x4f\xf1\x74\x85\xeb\xac\xd8\xcf\xdd\xb0\x82" "\xfe\x09\x6f\x7a\x61\x38\xc5\xf3\x5d\x66\x5b\x60\x85\x9d\x8c\x22\x82\x80" "\x17\x30\x9d\xa1\xfa\x5c\x48\xbf\x00\x88\x07\x6e\x46\x52\x15\xe9\x21\x35" "\x3f\xde\xc2\x46\x65\x18\x48\x88\x33\xf7\x94\x3a\x5f\x82\x93\x63\x07\x8d" "\xc9\x05\xbd\xf0\x54\x4f\x36\xd9\xff\x0a\x9e\x87\xec\x74\x71\xa2\x36\x81" "\x31\xa9\xc3\x99\x91\xa5\x72\xfd\xe0\xdc\x9b\x91\x07\x93\x36\x43\xc9\xb8" "\x99\xe0\x21\x18\x61\xfb\xe7\xf2\x64\x81\xfb\x15\x38\xc9\x86\x1d\xf4\xd8" "\xd8\x33\xf7\xa4\x8a\xa2\x1f\xd9\xc4\x62\x58\x9f\x0e\x90\x77\x2b\xe7\x89" "\xcb\x32\xa4\xe3\xaa\x16\xd8\x6a\xa4\x01\x67\xe5\xc4\xa8\xb1\x36\xf7\xe0" "\xbf\x65\xe9\xa1\x3c\xe5\xc0\x2e\xa0\x5c\x9b\xdc\x8b\x50\x48\xbd\x68\x43" "\x98\x84\x30\xe0\xe0\xfb\x06\x95\x22\xe7\xb2\x72\x70\x15\xd6\x3c\x94\x8f" "\xe1\xb8\x03\xe3\xb0\x8d\x6d\x5e\x73\x5f\x1b\xe2\x88\x23\x17\x7a\x08\xae" "\x31\xab\x41\x63\xf0\x9f\xf2\x09\xb8\x54\x05\x02\xb2\x64\xd1\x2b\xdd\x35" "\x6a\x43\x3b\x5f\x2c\x3b\xb0\xc0\xde\xd1\x28\xce\x5d\xed\x14\x76\x23\x7b" "\xb3\xf4\xd5\x58\xc5\xfc\x1e\x7e\x98\x36\x36\xfc\xb2\xe7\xe2\x69\xfb\x26" "\xb1\x78\x3a\x9a\x99\xc8\xbe\xcf\xc2\x14\x1a\x50\x1c\xf0\xfd\xba\xb9\xd1" "\x3d\xef\xb0\x0c\x9b\x3e\x0d\xc1\xf5\x48\x31\x13\x93\x14\xb5\x03\xc5\xa2" "\xc3\x77\xce\xfb\xb2\x95\xe6\x82\x4d\x77\x00\x32\xaa\x2b\x51\xdc\xcc\xea" "\xcd\xeb\x57\x2a\x2c\x25\xf9\xec\x99\x0e\x4b\x83\xaf\xa2\xa4\x06\xa7\x2a" "\x35\xa4\xca\xe6\x17\xf2\x54\x2f\x4a\x3d\x60\xfc\x02\xf6\x29\xfb\xf5\x4c" "\xda\x85\xa8\x4e\x97\xca\x24\x44\x57\x98\x97\xaa\xd3\xb7\x31\x6d\x4e\xe8" "\x00\x2f\x93\xb8\x2b\x13\xcd\xa7\xc5\x3e\xce\x97\xb9\x4a\x7c\xf1\x0f\x1a" "\x4c\x73\xda\x6f\x3a\x89\xbe\x51\x19\x42\x41\x42\x75\x47\xf3\x13\xcc\x47" "\x95\x53\x81\xcb\x74\xa5\xaf\xb7\x35\xa6\xe3\x69\x9f\x36\x43\xfe\xe5\x96" "\x98\x55\x3c\xc3\x58\x63\x1f\x2a\x47\x08\x28\x8d\x86\xe5\x29\xb8\x25\x58" "\xe5\x78\x93\x03\xdb\xc9\xad\x0d\xd7\x7a\x98\x9d\x07\xe1\x63\x8d\x39\xb0" "\x9e\x9e\x47\xf3\x91\x7e\x0f\x5b\x9d\x0e\x48\x61\xbb\x44\x04\x63\xd7\x33" "\x33\x63\x0e\x95\xf5\x1a\xb0\x13\xa6\x96\x17\x95\xfe\x44\x83\x9f\x57\x5a" "\x17\xb8\x0e\x96\x46\xa0\xd3\x80\xe2\xca\x35\x2e\x5c\x7c\x8a\x85\xe0\x78" "\xef\xca\x17\x00\x46\xaf\xa8\x23\xa9\x29\xa1\xf6\x92\x68\xd7\xf1\x8c\xae" "\xe6\x70\xa2\x9c\xb9\xe7\xee\x92\x4d\xf3\x48\xe3\xcb\xdd\x8c\x13\x24\xed" "\xd0\x8f\x07\xf1\x24\x3b\x48\xfa\x55\xab\x30\x3e\x51\x30\x4e\x6e\xdf\xe5" "\xfb\xc3\xb9\xde\x1a\x69\x24\x17\x9c\x9b\x99\x27\x34\xea\x5f\xa2\x71\xc0" "\x99\xfe\xc8\xa5\x24\x76\x72\xa6\xe0\xf5\x51\x69\x1d\xec\xb8\xbe\xc9\xf9" "\x49\x4c\x7a\x26\x19\x50\xd1\xc4\xcb\x24\x0c\xfa\xc0\x5e\x05\x72\x71\x8a" "\x33\xba\x40\x38\xec\x03\xaf\x1c\x68\xb0\x67\xda\x19\xaf\xda\x71\x58\x2c" "\xca\x97\xa8\x01\xb8\x9b\x27\x72\x66\xe2\x91\xe7\x74\x0e\x76\x7b\x91\xe1" "\x0a\x57\xa2\x80\x6a\x6f\xa9\x99\x0c\x51\xb5\x21\xd0\x0a\x47\x33\x38\x47" "\x63\x03\x21\x94\x5d\x1f\x53\x60\x1a\x21\x59\x6c\x28\x14\x13\x63\xcf\xd4" "\xa4\x57\x94\x78\x32\xd7\x54\x5f\xf6\x56\x6e\x10\xc1\xc1\x6d\xa8\xfe\x8a" "\xb4\x0d\x4a\x4a\xfa\x8f\x19\x13\x92\x33\x2a\xcb\x53\x71\xd1\xff\x86\xed" "\x2f\x58\x8a\x62\x01\xa0\x93\xa0\x0f\x86\x86\x84\x98\x14\x93\x60\x28\xae" "\x79\xaf\x9d\xd8\x64\x75\x7b\xb9\xc2\x61\x4a\x9e\x76\xd6\xfa\xe7\xe6\xc0" "\x84\x17\x88\xb7\x15\xaa\x73\xd2\xf0\x1c\x3d\x4b\x0d\xcd\xb3\x8c\x5c\x6b" "\x81\xe6\x0d\x12\xb1\xca\x72\xb6\xc4\x7f\x5f\x3e\xb8\x83\xaf\x96\x4b\x87" "\x7e\xfa\x0c\x5a\xcf\xbd\x7f\x41\x0a\x06\x0c\x56\xa1\x79\x8f\x0c\x40\x7c" "\xb3\x16\xf7\x88\xe3\x0c\xf3\xd6\x9f\x19\x25\x33\xe1\x9a\x81\x8c\x8f\x7a" "\xa9\x90\xa6\xd9\x94\xe2\xad\x77\x56\x38\x8e\xc0\x17\x4c\x1c\x0a\x42\x24" "\x9e\x90\x3f\x32\x35\xfe\xa2\xd6\x5d\x54\x0f\xdc\x1c\x03\xe1\x57\x86\x52" "\x87\x87\xc8\x0c\x61\x94\x76\x36\x41\xcf\x7f\x85\xf5\x49\xea\x70\x6a\xa1" "\xb0\x7e\x4b\x29\x03\x71\x4b\x7f\x17\x64\x20\x2e\x53\x2b\x52\xe7\xaa\x8c" "\x06\x3f\xae\x17\x0e\xa9\x33\x62\xc7\x79\x4f\x32\xcd\x5e\xd3\xcb\x39\xa2" "\xa1\x8a\xcd\xa3\x66\xed\x03\x1a\x11\x4e\x9f\xb4\x7b\xea\xc6\x9b\xf0\x5f" "\x25\x8d\x77\xad\x41\x81\x91\x60\x16\x7c\x5b\x0f\x6d\x34\xf1\xd0\x63\xab" "\x2e\xf3\x19\xfc\xef\x2c\x23\x05\x8f\x85\xcc\x45\x3f\x6e\x40\x54\x7a\x99" "\xbc\xcb\x31\x7a\x4c\x19\xe2\xb3\xd9\x95\x05\xa2\x4e\x77\x3f\x2e\xe1\x0b" "\x88\x44\x3f\x48\x9b\xcb\xa4\x76\xe7\x86\xb4\xdc\xce\x1c\xd8\x19\xe0\x08" "\x06\xd7\x66\xaf\x56\x80\x42\x04\xab\xbf\xb8\xa7\xf8\xe2\xf3\xb3\x99\x52" "\x4a\x06\xea\xcb\x20\xb1\x45\x9c\x8f\x9c\x8a\x15\x74\x23\xc4\xa0\xd1\x8e" "\x56\x09\x79\x59\x61\xa6\xb0\xb8\xac\xd6\x43\xfe\x30\xfd\xdd\x00\x77\x40" "\x14\x5a\xe3\x1b\x08\x55\xbb\x8b\x02\x83\xa4\xe1\x39\x40\xb9\xaf\x0f\x84" "\x27\xf0\x90\x59\xac\x0f\x1e\xe1\x50\x77\x75\xf6\x74\x3d\xeb\xef\x31\xc8" "\x2c\x63\xfa\x8c\x5a\xdb\x08\xf0\x5e\x38\xfc\x37\xb0\x7d\x8a\x2f\x4d\x62" "\xb9\xeb\x47\x48\xb9\xe0\x28\xc7\x66\x7a\xc8\xea\x03\xf6\x4c\xbe\x9f\x9a" "\x3e\x75\xe4\xd5\x7b\x11\xf0\x2c\x72\x02\x4a\x65\xbc\x4f\x14\xfd\x3a\x0e" "\xab\xb3\x9b\x06\x2a\x7c\x68\x54\xa2\x99\xee\xf7\x49\x1b\xf1\x0c\x09\x6c" "\x50\xcf\xa4\xa3\xda\x48\x3f\x42\x93\x92\x05\x38\x3a\xe8\x31\x96\x04\xf7" "\x42\xab\x49\x82\x80\x1f\x0c\x83\xda\xbb\xd9\xda\x48\xe8\x00\xf5\x10\xdf" "\xec\xc2\x24\xf0\xb1\x83\xa8\x01\xdf\x96\xd2\x87\x06\x8f\xca\xad\x6c\xdd" "\xd4\x12\xc7\x96\xa4\x81\xd6\x09\xdb\xfd\x77\xe8\xb2\x96\xdc\xe8\x6f\xf8" "\xef\xa1\x0b\x23\xae\xc2\x61\xc0\x27\x58\x2f\x6a\x77\x0f\xf9\xf0\xf7\xa9" "\x9d\x8b\xa4\x94\x95\xf4\x69\x6c\xd6\xec\xa9\x20\xce\x17\xe0\xf0\xb1\x35" "\x38\x33\x68\x20\xf8\xc0\x1c\x7e\x95\x55\x67\x7a\x94\x5c\xfe\x8c\x5b\x25" "\x8b\xee\xb2\x41\x5c\x58\xdc\xe1\x73\xb3\x45\x8e\x27\x3e\x23\xbf\x6e\xbe" "\x2f\xea\xa2\xe9\x3d\xa4\x24\xb5\x18\x81\xb7\x32\xc4\x73\x56\xbb\x60\xde" "\xa0\x0a\xe1\x24\xe1\x6a\xa0\xa0\x6a\x4f\xeb\x2a\x32\x1e\x91\xd7\x18\x1d" "\x25\x8a\x3e\xe9\x52\xda\xf8\x23\xe5\x18\xc9\x36\x37\xfa\x0e\xfc\xf5\x01" "\x9a\xa4\x9a\x1c\x7f\x38\xd7\x68\xa9\xbb\x7d\xbb\xa3\x7e\x1e\xbe\x90\x3b" "\xf9\xbf\x19\x7e\x6b\xa7\x87\x72\x64\xd8\x5e\xb2\x01\x46\xe5\x10\x50\x1c" "\x7c\x1e\xdb\x48\x7c\xf1\x2b\x1d\x8a\x7f\x39\xb2\x7f\xfd\x7c\xb4\xd8\xf8" "\x09\x2e\xe5\x4a\xcd\xc1\x39\x0b\x17\xea\xe1\x31\x14\x97\x87\xf0\xf5\x85" "\xef\xb6\xe3\xa7\x07\x32\x63\xf2\x95\x5c\x4d\xd6\xb6\xa4\xc9\x79\x1a\x66" "\x94\xa6\xce\x9f\x00\x59\x5e\x9c\x22\xed\xda\x61\x0d\x60\x62\x11\xf5\x62" "\x8a\x87\x16\x2d\x92\xa3\x75\xa7\xcd\x92\x71\x4a\x37\x83\x06\x52\xb9\xcd" "\x1f\xb8\x5d\xeb\x77\xe8\xc4\xf7\xac\x28\xf0\x86\x8a\x7e\x27\x61\xae\xeb" "\x91\xa3\x5a\xb7\x1b\x5a\x55\x7c\x21\x35\x8c\x60\xfb\xd0\xf5\x44\xb2\x60" "\xde\xfb\xc3\xae\xda\x44\x48\x11\xdf\x2f\x08\xc7\x4c\xcf\xad\x45\xc4\x21" "\x71\x42\x95\x4f\xaf\xc4\x2f\x66\xf4\x0d\x4e\xf9\x00\x95\x6e\xad\x58\xee" "\xb8\x7e\x2b\x1a\x74\x7f\x86\x9b\xc7\x1c\x36\xed\x4c\x01\x5a\x59\xb9\x6f" "\xd8\x50\x72\x09\x80\xa7\x8b\x8b\x1b\x63", 2944); *(uint64_t*)0x2000000021c8 = 0xb80; syscall(__NR_writev, /*fd=*/r[106], /*vec=*/0x2000000021c0ul, /*vlen=*/1ul); memcpy((void*)0x200000000000, "/sys/module/snd_hda_core", 24); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*dir=*/0x200000000000ul, /*flags=*/0, /*mode=*/0); if (res != -1) r[107] = res; *(uint64_t*)0x2000000003c0 = 0x200000000300; *(uint64_t*)0x2000000003c8 = 0x87; syscall(__NR_readv, /*fd=*/r[107], /*vec=*/0x2000000003c0ul, /*vlen=*/1ul); memcpy((void*)0x200000000200, "ext4\000", 5); memcpy((void*)0x2000000047c0, "./file0\000", 8); *(uint8_t*)0x200000000580 = 0; memcpy( (void*)0x200000000240, "\x78\x9c\xec\xdd\x4d\x6c\x23\x57\x1d\x00\xf0\xff\xd8\xf1\x36\xdb\xcd\x92" "\x14\x38\x94\x4a\x2d\x2b\x28\xda\xad\x60\xed\xa4\xa1\x6d\xc4\xa1\x5d\x24" "\xc4\xad\x12\xa8\xdc\x97\x28\xf1\x46\xd1\x3a\x71\x14\x3b\xed\x26\xaa\x68" "\x2a\xae\x48\x48\x08\x01\x12\x27\x4e\x5c\x90\x38\x70\x44\x42\x3d\x73\x42" "\x95\x2a\xd1\x3b\x02\x04\x42\x74\x0b\x07\x0e\xc0\xa0\x19\x8f\xb3\x8e\x6b" "\x27\xbb\xc2\x1f\x69\xf2\xfb\x49\xcf\x7e\x6f\xbe\xfe\xef\x25\xf2\x9b\x79" "\x33\xe3\x71\x00\x17\xd6\xb5\x88\xb8\x15\x11\xe5\x88\x78\x2e\x22\xe6\x8b" "\xe9\xa5\x22\xc5\x61\x27\x65\xcb\x7d\x78\xff\xcd\xb5\x2c\x25\x91\xa6\xaf" "\xfd\x3d\xc9\xd7\xc9\xca\x11\x91\xf4\x6e\xf3\x4a\xb6\x4a\xf9\x78\x8c\x7e" "\xad\xfd\x83\xbb\xab\x8d\x46\x7d\xb7\x28\xd7\xda\x5b\x3b\xb5\xd6\xfe\xc1" "\xcd\xcd\xad\xd5\x8d\xfa\x46\x7d\x7b\x79\x79\xe9\xc5\x95\x97\x56\x5e\x58" "\x59\x3c\xb5\x0d\xc9\x07\xa7\xb7\xf3\x6a\x44\xbc\xfc\xb5\x3f\xff\xe8\xfb" "\x3f\xff\xfa\xcb\xbf\xf9\xd2\x1b\x7f\xb8\xfd\xd7\x1b\xdf\xc9\x2a\x3d\x57" "\xcc\x2f\xda\xd1\x63\xe7\x7b\xa7\x6f\xf5\x74\xef\xe7\xaf\x95\x98\xed\x99" "\x36\x13\x11\xbb\xa3\xd8\xf8\x19\x50\x2e\xda\x53\x39\x69\xa1\xcb\x93\xab" "\x0f\x00\x00\x27\xab\x46\xc4\x27\x23\xe2\x73\xf9\xf1\xff\x7c\x94\xf3\xa3" "\xb9\xdc\x89\x87\x74\x00\x00\x00\xc0\xc7\x47\xfa\xca\x5c\xfc\x3b\x89\x48" "\x01\x00\x00\x80\x73\xeb\x95\xfc\x1e\xd8\xa4\x54\x2d\xee\xf7\x9d\x8b\x52" "\xa9\x5a\xed\xdc\xc3\xfb\xe9\x78\xbc\xd4\x68\xb6\xda\x5f\xbc\xd3\xdc\xdb" "\x5e\xef\xdc\x2b\xbb\x10\x95\xd2\x9d\xcd\x46\x7d\xb1\xb8\x57\x78\x21\x2a" "\x49\x56\x5e\xca\xf3\x0f\xca\xcf\xf7\x95\x97\x23\xe2\x89\x88\xf8\xe1\xfc" "\xe5\xbc\x5c\x5d\x6b\x36\xd6\xa7\x7d\xf2\x03\x00\x00\x00\x2e\x88\x2b\x7d" "\xe3\xff\x7f\xce\x77\xc6\xff\x99\xf2\x48\xbe\x01\x0b\x00\x00\x00\x9c\x09" "\x0b\xd3\xae\x00\x00\x00\x00\x30\x76\xc3\xc6\xff\x47\x4f\xf5\x7e\x6c\x72" "\x75\x01\x00\x00\x00\xc6\xe3\x68\xfc\x6f\x9c\x0f\x00\x00\x00\xe7\xd1\x37" "\x5e\x7d\x35\x4b\x69\xf7\xf7\xaf\xd7\x5f\xdf\xdf\xbb\xdb\x7c\xfd\xe6\x7a" "\xbd\x75\xb7\xba\xb5\xb7\x56\x5d\x6b\xee\xee\x54\x37\x9a\xcd\x8d\xfc\x99" "\x7d\x5b\xa7\x6d\xaf\xd1\x6c\xee\x7c\x39\xb6\xf7\xee\xd5\xda\xf5\x56\xbb" "\xd6\xda\x3f\xb8\xbd\xd5\xdc\xdb\x6e\xdf\xde\x3c\xf6\x13\xd8\x00\x00\x00" "\xc0\x04\x3d\xf1\xd9\x77\xde\x4f\x22\xe2\xf0\x2b\x97\xf3\x94\xb9\x94\xbd" "\x94\x87\xac\xe0\x59\x01\x70\x6e\x94\x1e\x65\xe1\x3f\x8d\xaf\x1e\xc0\xe4" "\x0d\xdb\xcd\x03\xe7\xdf\xcc\xa3\xae\x90\x1e\xe5\x74\x1d\xf0\x71\x77\x38" "\xed\x0a\x00\xd3\x96\xf4\x16\x06\x1c\x14\xf4\xde\xbc\x73\xec\x9c\xc1\xef" "\xc6\x57\x27\x00\x00\x60\xb4\xae\x7f\x66\xf0\xf5\xff\x6c\x08\x50\x39\x71" "\xcd\x6b\x13\xaa\x21\x30\x2e\x8f\x74\xfd\x1f\x38\x57\x5c\xc4\x83\x8b\xeb" "\x84\xeb\xff\x8b\x03\x8e\x0d\xde\x1d\x6b\x65\x80\x89\xaa\x38\x02\x80\x0b" "\xaf\xe7\xfa\x7f\x3a\x68\xfe\xd0\x87\x77\x3c\xf4\xf5\xff\x34\x3d\x75\x5b" "\x00\x00\xc0\x58\xcd\xe5\x29\x29\x55\x8b\x6b\x81\x73\x51\x2a\x55\xaf\x45" "\x5c\xcd\xbf\xea\x5f\x49\xee\x6c\x36\xea\x8b\x11\xf1\x89\x88\xf8\xfd\x7c" "\xe5\xb1\xac\xbc\x94\xaf\x99\x1c\xbf\x67\x18\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x2a\x4d\x93\x48\x01" "\x00\x00\x80\x73\x2d\xa2\xf4\x97\xa4\xf8\xfd\xaf\xeb\xf3\xcf\xce\xf5\x9f" "\x1f\xb8\x94\xfc\x6b\x3e\x7f\x8f\x88\x37\x7e\xfa\x5a\xe9\xde\x6a\xbb\xbd" "\xbb\x94\x4d\xff\xa0\x3b\xfd\x56\x44\xfc\x38\x9f\xfe\xfc\x34\xce\x60\x00" "\x00\x00\x00\xfd\xba\xe3\xf4\xee\x38\x1e\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x46\xe9\xc3\xfb\x6f\xae\x75" "\xd3\x24\xe3\xfe\xed\xab\x11\xb1\x70\x14\x3f\x39\x8c\x28\xe2\xcf\xc4\x6c" "\xfe\x3e\x1b\x95\x88\x78\xfc\x1f\x49\xcc\xf4\xac\x97\x44\x44\x79\x04\xf1" "\x0f\xdf\x8e\x88\x27\x7b\xdb\x5f\xc9\x63\x67\x11\x16\xf2\xaa\x75\x6a\xd1" "\x1f\xbf\x14\x11\x97\xc7\x12\xbf\xfb\xf7\xef\xc4\xbf\x14\xb3\x4f\xa7\x69" "\x3a\x30\xfe\x95\x11\xc4\x87\x8b\xec\x9d\xac\xff\xb9\x35\xe8\xf3\x57\x8a" "\x6b\xf9\xfb\xe0\xcf\xff\x4c\x91\xfe\x5f\x7d\xfd\xdf\xb1\xf8\xdd\xfe\xaf" "\x1c\x79\x17\xf8\x91\xfe\xef\xea\x43\xc6\x78\xea\xbd\x5f\xd6\x86\xc6\x7f" "\x3b\xe2\xa9\x99\xc1\xfd\x4f\x37\x7e\xf2\xa0\xfd\x47\x55\x18\xda\xf7\x0d" "\xf8\xa3\x7c\xfb\x5b\x07\x07\xc3\x16\x4f\x7f\x16\x71\x7d\xe0\xfe\x27\x39" "\x5a\x26\xcb\xd5\xda\x5b\x3b\xb5\xd6\xfe\xc1\xcd\xcd\xad\xd5\x8d\xfa\x46" "\x7d\x7b\x79\x79\xe9\xc5\x95\x97\x56\x5e\x58\x59\xac\xdd\xd9\x6c\xd4\x8b" "\xd7\x81\x31\x7e\xf0\xf4\xaf\xff\xdb\x37\xe9\x3f\x69\x47\xde\xfe\x18\x12" "\x7f\xe1\xa3\xed\x3f\x56\xa7\x67\xb3\x4c\xa5\xb7\x31\xfd\x61\x8a\x60\xef" "\xdd\xbb\xff\xa9\x4e\xb6\xd2\xb7\x89\x3c\xfe\x8d\xcf\x0f\xfe\xff\x3f\x79" "\x42\xfc\x6c\xdf\xf7\x85\x62\x3f\x90\xcd\xbf\xde\xcd\x1f\x76\xf2\xbd\x9e" "\xf9\xc5\xbb\xcf\x0c\xac\x58\x11\x7f\xfd\x41\xfb\x7f\x3b\xf0\xff\x3f\x7b" "\x29\x2f\xf7\xb7\xff\xc6\xb0\x8d\xf6\x79\xee\x9b\xdf\xfd\xe3\x43\x2e\x0a" "\x00\x4c\x40\x6b\xff\xe0\xee\x6a\xa3\x51\xdf\x1d\x5d\x26\x7d\x6b\xe0\xac" "\x9f\xa4\x69\x3a\xf2\x58\x32\x53\xcf\xbc\xf5\xb0\x0b\xcf\x8e\x30\xe8\xaf" "\xce\x46\xdb\x27\x9f\x29\x06\x25\x31\xde\x58\xa3\x38\xb3\x05\x00\x00\x9c" "\x35\x0f\x0e\xfa\xa7\x5d\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\xb8\xb8\x5a\xfb\x69\x79\xc4\x0f\x0f\x4b\x22\x89\x63\x53" "\xfa\x63\x1e\x4e\xa7\xa9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x27\xfa\x5f\x00\x00\x00\xff" "\xff\xbe\x67\xde\x15", 1373); syz_mount_image( /*fs=*/0x200000000200, /*dir=*/0x2000000047c0, /*flags=MS_POSIXACL|MS_RELATIME|MS_NOSUID|MS_NOEXEC*/ 0x21000a, /*opts=*/0x200000000580, /*chdir=*/0xfe, /*size=*/0x55d, /*img=*/0x200000000240); *(uint64_t*)0x2000000003c0 = 0x200000000180; memcpy((void*)0x200000000180, "\x39\x00\x00\x00\x13\x00\x03\x47\x00\xbb\x65\xe1\xc3\xe4\xff\xff\x01" "\x00\x00\x00\x01\x00\x00\x00\x56\x00\x00\x00\x25\x00\x00\x00\x19\x00" "\x04\x00\x04\x00\x00\x00\x07\xfd\x17\xe5\xff\xff\x08\x00\x04\x00\x00" "\x00\x00\x00\x00\x00\x00", 57); *(uint64_t*)0x2000000003c8 = 0x39; syscall(__NR_writev, /*fd=*/-1, /*vec=*/0x2000000003c0ul, /*vlen=*/0x10000000000002a5ul); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=SOCK_RAW*/ 3ul, /*proto=*/1); if (res != -1) r[108] = res; res = syscall(__NR_socketpair, /*domain=*/1ul, /*type=SOCK_DGRAM*/ 2ul, /*proto=*/0, /*fds=*/0x2000000000c0ul); if (res != -1) { r[109] = *(uint32_t*)0x2000000000c0; r[110] = *(uint32_t*)0x2000000000c4; } *(uint16_t*)0x200000000180 = 0; *(uint8_t*)0x200000000182 = 0; *(uint32_t*)0x200000000184 = 0; syscall(__NR_connect, /*fd=*/r[109], /*addr=*/0x200000000180ul, /*addrlen=*/0x6eul); syscall(__NR_sendmmsg, /*fd=*/r[110], /*mmsg=*/0x2000000bd000ul, /*vlen=*/0x318ul, /*f=*/0ul); *(uint16_t*)0x2000000017c0 = 0; *(uint8_t*)0x2000000017c2 = 0; *(uint32_t*)0x2000000017c4 = 0; syscall(__NR_connect, /*fd=*/r[110], /*addr=*/0x2000000017c0ul, /*addrlen=*/0x6eul); syscall(__NR_close_range, /*fd=*/r[108], /*max_fd=*/-1, /*flags=*/0ul); memcpy((void*)0x200000000080, "memory.events\000", 14); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000080ul, /*flags=*/0x275a, /*mode=*/0); if (res != -1) r[111] = res; memcpy((void*)0x200000000140, "memory.events\000", 14); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000140ul, /*flags=*/0x7a05, /*mode=*/0x1700); if (res != -1) r[112] = res; sprintf((char*)0x200000000200, "0x%016llx", (long long)0); syscall(__NR_write, /*fd=*/r[112], /*buf=*/0x200000000200ul, /*len=*/0xf000ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xb36000ul, /*prot=PROT_GROWSUP|PROT_SEM|PROT_READ*/ 0x2000009ul, /*flags=MAP_SHARED_VALIDATE|MAP_FIXED*/ 0x13ul, /*fd=*/r[111], /*offset=*/0ul); *(uint64_t*)0x2000000000c0 = 0; *(uint64_t*)0x2000000000c8 = 0; syscall(__NR_cachestat, /*fd=*/r[111], /*cstat_range=*/0x2000000000c0ul, /*cstat=*/0ul, /*flags=*/0ul); memcpy((void*)0x200000007cc0, "ns/pid\000", 7); syz_open_procfs(/*pid=*/-1, /*file=*/0x200000007cc0); syz_init_net_socket(/*domain=*/0x10, /*type=*/3, /*proto=*/0x10); syscall( __NR_io_uring_enter, /*fd=*/-1, /*to_submit=*/0, /*min_complete=*/0, /*flags=IORING_ENTER_REGISTERED_RING|IORING_ENTER_EXT_ARG|IORING_ENTER_SQ_WAIT|IORING_ENTER_SQ_WAKEUP*/ 0x1eul, /*sigmask=*/0ul, /*size=*/0ul); syscall( __NR_io_uring_enter, /*fd=*/-1, /*to_submit=*/0, /*min_complete=*/0, /*flags=IORING_ENTER_REGISTERED_RING|IORING_ENTER_EXT_ARG|IORING_ENTER_SQ_WAIT|IORING_ENTER_SQ_WAKEUP*/ 0x1eul, /*sigmask=*/0ul, /*size=*/0ul); memcpy((void*)0x200000000100, "./file0\000", 8); res = -1; res = syz_mount_image( /*fs=*/0, /*dir=*/0x200000000100, /*flags=MS_SYNCHRONOUS|MS_RELATIME|MS_NOATIME*/ 0x200410, /*opts=*/0, /*chdir=*/1, /*size=*/0, /*img=*/0x200000000000); if (res != -1) r[113] = res; *(uint16_t*)0x200000000140 = 2; *(uint64_t*)0x200000000148 = 0x2000000000c0; *(uint16_t*)0x2000000000c0 = 0x61; *(uint8_t*)0x2000000000c2 = 0; *(uint8_t*)0x2000000000c3 = 0; *(uint32_t*)0x2000000000c4 = 0; *(uint16_t*)0x2000000000c8 = 6; *(uint8_t*)0x2000000000ca = 0; *(uint8_t*)0x2000000000cb = 0; *(uint32_t*)0x2000000000cc = 0; syscall(__NR_seccomp, /*op=*/1ul, /*flags=*/0ul, /*arg=*/0x200000000140ul); *(uint16_t*)0x200000000140 = 2; *(uint64_t*)0x200000000148 = 0x2000000000c0; *(uint16_t*)0x2000000000c0 = 0x61; *(uint8_t*)0x2000000000c2 = 0; *(uint8_t*)0x2000000000c3 = 0; *(uint32_t*)0x2000000000c4 = 0; *(uint16_t*)0x2000000000c8 = 6; *(uint8_t*)0x2000000000ca = 0; *(uint8_t*)0x2000000000cb = 0; *(uint32_t*)0x2000000000cc = 0; syscall(__NR_seccomp, /*op=*/1ul, /*flags=*/0ul, /*arg=*/0x200000000140ul); memcpy((void*)0x200000000080, "./file0\000", 8); memcpy((void*)0x200000000940, "tmpfs\000", 6); syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000080ul, /*type=*/0x200000000940ul, /*flags=*/0ul, /*data=*/0ul); syscall(__NR_pidfd_getfd, /*pidfd=*/-1, /*fd=*/r[113], /*flags=*/0ul); res = syscall(__NR_pidfd_getfd, /*pidfd=*/-1, /*fd=*/r[113], /*flags=*/0ul); if (res != -1) r[114] = res; syscall(__NR_io_uring_register, /*fd=*/-1, /*opcode=*/9ul, /*arg=*/0ul, /*nr_args=*/0ul); res = syscall(__NR_io_uring_register, /*fd=*/-1, /*opcode=*/9ul, /*arg=*/0ul, /*nr_args=*/0ul); if (res != -1) r[115] = res; syscall(__NR_io_uring_register, /*fd=*/r[114], /*opcode=*/0xaul, /*arg=*/0ul, /*nr_args=*/r[115]); memcpy((void*)0x200000000200, "./file0\000", 8); syscall(__NR_chdir, /*dir=*/0x200000000200ul); memcpy((void*)0x200000000640, ".\000", 2); syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000640ul, /*flags=*/0, /*mode=*/0); memcpy((void*)0x200000000640, ".\000", 2); res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000640ul, /*flags=*/0, /*mode=*/0); if (res != -1) r[116] = res; syscall(__NR_getdents64, /*fd=*/r[116], /*ent=*/0ul, /*count=*/0ul); *(uint64_t*)0x200000000000 = 0; *(uint32_t*)0x200000000008 = 0x14; *(uint32_t*)0x20000000000c = 0; *(uint64_t*)0x200000000010 = 0; *(uint64_t*)0x200000000018 = 0; res = syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0x200000000000ul, /*timerid=*/0x200000000200ul); if (res != -1) r[117] = *(uint32_t*)0x200000000200; memcpy((void*)0x2000000000c0, "./file0\000", 8); *(uint64_t*)0x200000000180 = 0; *(uint64_t*)0x200000000280 = 0; syscall(__NR_execve, /*file=*/0x2000000000c0ul, /*argv=*/0x200000000180ul, /*envp=*/0x200000000280ul); *(uint32_t*)0x2000000002c0 = 9; *(uint32_t*)0x2000000002c4 = 0; *(uint32_t*)0x2000000002c8 = 7; *(uint32_t*)0x2000000002cc = 0xffff0001; *(uint32_t*)0x2000000002d0 = 0; *(uint32_t*)0x2000000002d4 = 0x8000; syscall(__NR_ioctl, /*fd=*/r[116], /*cmd=*/0x401845ff, /*arg=*/0x2000000002c0ul); res = syscall(__NR_clock_gettime, /*id=*/0ul, /*tp=*/0x200000000080ul); if (res != -1) { r[118] = *(uint64_t*)0x200000000080; r[119] = *(uint64_t*)0x200000000088; } *(uint64_t*)0x200000000940 = r[118]; *(uint64_t*)0x200000000948 = r[119] + 10000000; *(uint64_t*)0x200000000950 = 0x77359400; *(uint64_t*)0x200000000958 = 0; syscall(__NR_timer_settime, /*timerid=*/r[117], /*flags=TIMER_ABSTIME*/ 1ul, /*new=*/0x200000000940ul, /*old=*/0ul); *(uint64_t*)0x200000000000 = 0x77359400; *(uint64_t*)0x200000000008 = 0; *(uint64_t*)0x200000000010 = 0; *(uint64_t*)0x200000000018 = 0; syscall(__NR_timer_settime, /*timerid=*/r[117], /*flags=TIMER_ABSTIME*/ 1ul, /*new=*/0x200000000000ul, /*old=*/0x200000000040ul); res = syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0xb704, /*arg=*/0x200000000000ul); if (res != -1) r[120] = *(uint32_t*)0x200000000000; memcpy((void*)0x200000000040, "ext4\000", 5); memcpy((void*)0x200000000480, "./file2\000", 8); memcpy((void*)0x2000000000c0, "resuid", 6); *(uint8_t*)0x2000000000c6 = 0x3d; sprintf((char*)0x2000000000c7, "0x%016llx", (long long)r[120]); *(uint8_t*)0x2000000000d9 = 0x2c; *(uint8_t*)0x2000000000da = 0; memcpy( (void*)0x2000000004c0, "\x78\x9c\xec\xdd\xcb\x6f\x54\xd5\x1f\x00\xf0\xef\x9d\x69\x0b\x3f\x1e\xbf" "\x16\xc4\x17\xa0\x54\xd1\xd8\xf8\x68\x69\x41\x65\x61\x42\x34\x92\xb8\xd0" "\xc4\x44\x17\xb8\xac\x6d\x21\x48\xa1\x86\xd6\x44\x08\x91\x62\x0c\x2e\x0d" "\x89\x7b\xe3\xd2\x44\xff\x01\x57\xba\xf1\xb5\x32\x71\xab\x7b\x43\x42\x0c" "\x1b\xd1\x98\x38\xe6\xce\xdc\x0b\x33\xd3\xe9\x6b\x98\x47\xd3\xf9\x7c\x92" "\xdb\x39\xe7\xde\x33\x73\xcf\x77\xce\x3d\x33\xe7\x9e\x7b\x07\x02\xe8\x59" "\xc3\xe9\x9f\x24\x62\x47\x44\xfc\x1a\x11\x83\x95\x6c\x6d\x81\xe1\xca\xc3" "\xad\x9b\x97\xa6\xfe\xba\x79\x69\x2a\x89\x52\xe9\x8d\x3f\x92\x72\xb9\x3f" "\x6f\x5e\x9a\xca\x8b\xe6\xcf\xdb\x9e\x65\x46\x0a\x11\x85\x8f\x92\xd8\xd7" "\x60\xbf\xf3\x17\x2e\x9e\x99\x9c\x9d\x9d\x39\x9f\xe5\xc7\x16\xce\xbe\x3b" "\x36\x7f\xe1\xe2\x33\xa7\xcf\x4e\x9e\x9a\x39\x35\x73\x6e\xe2\xe8\xd1\x23" "\x87\xc7\x9f\x7f\x6e\xe2\xd9\x96\xc4\xb9\x33\xad\xeb\xde\x0f\xe6\xf6\x3f" "\xf8\xca\x5b\xd7\x5e\x9b\x3a\x71\xed\xed\x1f\xbf\x4c\xeb\xbb\x23\xdb\x5e" "\x1d\x47\x93\x92\xfa\x15\xc3\x31\xbc\x74\x65\xe6\xf1\xbb\xdc\xd9\x46\xb3" "\xb3\x2a\x9d\xf4\x75\xb1\x22\xac\x4b\x31\x22\xd2\xe6\xea\x2f\xf7\xff\xc1" "\x28\xc6\x9d\xc6\x1b\x8c\xe3\x1f\x76\xb5\x72\x40\x5b\x95\x4a\xa5\xd2\x96" "\xe5\x37\x2f\x96\x4a\xc5\xac\x14\xb0\xf9\x24\x7a\x37\xf4\xa8\xfc\x8b\x3e" "\x3d\xff\xcd\x97\x0e\x0d\x3d\x36\x84\x1b\x2f\x56\x4e\x80\xd2\xb8\x6f\x65" "\x4b\x65\x4b\x5f\x14\xb2\x32\xfd\x75\xe7\xb7\xad\xb4\x18\x11\x27\x16\xff" "\xfe\x2c\x5d\xa2\x35\xf3\x10\x00\x00\x2b\xfa\x26\x1d\xff\x3c\xdd\x68\xfc" "\x57\x88\xfb\xaa\xca\xfd\x3f\xbb\x36\x34\x14\x11\xbb\x22\x62\x77\x44\xdc" "\x13\x11\x7b\x22\xe2\xde\x88\x72\xd9\xfb\x23\xe2\x81\x75\xee\x7f\xb8\x26" "\x77\xac\xc1\xf8\xa7\x70\xbd\xc9\xd0\xd6\x24\x1d\xff\xbd\x90\x5d\xdb\xaa" "\x1d\xff\xe5\xa3\xbf\x18\x2a\x66\xb9\x9d\xe5\xf8\xfb\x93\x93\xa7\x67\x67" "\x0e\x65\xef\xc9\x48\xf4\x6f\x49\xf3\xe3\x2b\xec\xe3\xdb\x97\x7f\xf9\x64" "\xb9\x6d\xc3\x55\xe3\xbf\x74\x49\xf7\x9f\x8f\x05\xb3\x7a\x5c\xef\xab\x9b" "\xa0\x9b\x9e\x5c\x98\xbc\x9b\x98\xab\xdd\xb8\x52\x9e\xdd\xbb\xbc\x34\xfe" "\x24\xbf\x12\x30\x94\x97\xdd\xdb\xc4\xeb\xa7\xef\xd9\xe9\x27\xbf\xd8\x9f" "\xa6\xff\x69\xb0\xbd\x6f\xd5\xf8\x57\xd0\x82\xeb\x4c\xa5\xcf\x23\x9e\xa8" "\xb4\xff\x62\xd4\xc5\x9f\x4b\x56\xbe\x3e\x39\xb6\x35\x66\x67\x0e\x8d\xe5" "\x47\xc5\x52\x3f\xfd\x7c\xf5\xf5\xe5\xf6\xbf\x7a\xfb\xb7\x57\xda\xfe\xdb" "\x1a\x1e\xff\xb7\xe3\x1f\x4a\xaa\xaf\xd7\xce\xd7\x6d\x5d\x83\xab\xbf\x7d" "\xbc\xec\x39\x4d\xb3\xc7\xff\x40\xf2\x66\xc4\xf1\x88\x81\x6c\xdd\xfb\x93" "\x0b\x0b\xe7\xc7\x23\x06\x92\x57\xcb\xf9\x9a\xf5\x13\x77\x9e\x9b\xe7\xf3" "\xf2\x69\xfc\x23\x07\x1b\xf7\xff\xdd\x71\x27\xd6\x7d\x11\x91\x1e\xc4\x0f" "\x45\xc4\xc3\x11\x71\x20\xab\xfb\x23\x11\xf1\x68\x44\x1c\xac\x8b\xab\x58" "\x79\xb8\x92\xfe\xf9\xe1\xa5\xc7\xde\x69\x3e\xfe\xf6\x4a\xe3\x9f\x6e\xdc" "\xfe\xa5\x7f\x2b\x89\xba\xf6\x5f\x3d\x91\x7e\x56\x56\xaf\x29\x9e\xf9\xee" "\xeb\xe6\xe3\x4f\xdb\xff\x48\x39\x35\x92\xad\x59\xcb\xe7\xdf\xda\x6a\x9a" "\x1f\xcd\x00\x00\x00\xb0\xb9\x15\xca\xf7\xc0\x27\x85\xd1\xdb\xe9\x42\x61" "\x74\xb4\x72\x0f\xff\x9e\xd8\x56\x98\x9d\x9b\x5f\x78\xea\xe4\xdc\x7b\xe7" "\xa6\x2b\xf7\xca\x0f\x45\x7f\x21\x9f\xe9\x1a\xac\x9a\x0f\x1d\xcf\x26\x0a" "\xf3\xfc\x44\x5d\xfe\x70\x36\x6f\xfc\x69\xf1\x7f\xe5\xfc\xe8\xd4\xdc\xec" "\x74\xb7\x83\x87\x1e\xb7\x7d\x99\xfe\x9f\xfa\xbd\xd8\xed\xda\x01\x6d\xe7" "\xf7\x5a\xd0\xbb\xd6\xd6\xff\xfb\xdb\x5e\x0f\xa0\xf3\x56\xed\xff\xc7\x6a" "\xb3\x8b\x6d\xac\x0b\xd0\x59\x4d\x8e\xff\xbf\x6a\x75\x3d\x80\xce\x73\xfe" "\x0f\xbd\xab\x51\xff\xbf\xdc\x85\x7a\x00\x9d\xe7\xfb\x1f\x7a\x57\xc3\xfe" "\xbf\x6b\x47\xe7\x2b\x02\x74\x9c\xef\x7f\xe8\x5d\x79\xff\x5f\xe1\x1f\x02" "\xbd\xfd\x8b\x66\x60\xd3\x58\xcf\xef\xfa\x37\x4d\x22\xbf\x93\xa9\x95\xaf" "\x1c\x8b\x35\x6b\x2e\xc7\x81\x8d\x10\xe9\xc5\x33\x5b\x23\xa2\x2d\xaf\x1c" "\x85\xf5\x3c\xeb\xfb\x5b\x6d\x08\x30\xff\x8f\x06\x36\xc2\xfb\x5c\x49\x0c" "\x44\x44\x8b\x0e\xd1\x6e\x87\xd3\xcd\x4f\x25\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x80\xd6\xf9\x2f\x00\x00\xff\xff\xbf\x00\xde\xd7", 1168); syz_mount_image(/*fs=*/0x200000000040, /*dir=*/0x200000000480, /*flags=MS_STRICTATIME|MS_MANDLOCK*/ 0x1000040, /*opts=*/0x2000000000c0, /*chdir=*/0, /*size=*/0x490, /*img=*/0x2000000004c0); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=SOCK_CLOEXEC|SOCK_DGRAM*/ 0x80002ul, /*proto=*/0); if (res != -1) r[121] = res; memcpy((void*)0x200000000440, "ext4\000", 5); memcpy((void*)0x200000000480, "./file0\000", 8); *(uint8_t*)0x200000000000 = 0; memcpy( (void*)0x200000000500, "\x78\x9c\xec\xdc\x4d\x6f\x15\x55\x1c\x07\xe0\xdf\x4c\x5b\x08\x2f\x5a\x34" "\xbe\x56\x94\x0a\x2a\x15\xb4\xa5\xa8\xd5\x85\x1b\xf6\x26\x2e\x64\xe7\xaa" "\xa1\x85\x10\x0b\x18\x5a\x13\x21\x2c\x34\xc1\xb8\x91\x85\x89\x71\x69\xe2" "\x07\x30\x91\x9d\x89\x1b\x76\x6e\x59\xf0\x01\x58\x1a\x0c\x31\x2c\xb4\xd1" "\xc4\xd4\xcc\xed\x1d\x7a\x69\x7b\x0b\x85\xd6\x6b\x98\xe7\x49\xe6\xde\x73" "\xe6\x9c\x9b\x73\x66\x4e\xfe\x73\xef\x3d\x73\x32\x01\x1a\x6b\xb8\x7a\x29" "\x92\x9d\x49\xae\x25\x19\x5c\xcc\xde\x59\x61\x78\xf1\xed\xcf\x5b\x17\x8e" "\xcd\xdf\xba\x70\xac\xc8\xc2\xc2\x07\xbf\x17\xad\x7a\xd5\xbe\xba\x6a\xfd" "\xb9\x1d\xd5\x4b\x99\x8c\x94\x49\x79\xb1\xc8\x73\xab\xb4\x3b\x7b\xee\xfc" "\x47\x93\x33\x33\xd3\x67\xdb\xf9\xb1\xb9\x53\x1f\x8f\xcd\x9e\x3b\xff\xfa" "\xc9\x53\x93\x27\xa6\x4f\x4c\x9f\x1e\x9f\x98\x38\x74\x68\xe2\xed\x89\xb7" "\xde\xd9\xb0\x63\x1d\x9a\xfc\xf1\xbb\xdf\x2e\xbd\xff\xf5\xb7\x5f\x7c\x38" "\xb6\x67\xa8\xdc\x5b\xf5\x77\x67\xbb\xac\xf3\x38\x36\xca\x70\x86\xef\x3c" "\x97\x1d\x5e\xd9\xe8\xc6\x7a\xec\xc9\x8e\x74\xd1\xdf\xc3\x8e\xb0\x2e\x7d" "\x49\xaa\xe1\x1a\x68\xc5\xff\x60\xfa\xb2\x34\x78\x83\xf9\xe5\x7a\x4f\x3b" "\x07\x6c\xaa\x85\xca\xd6\xae\xc5\x9f\x2d\x00\x0f\xb1\x22\xbd\xee\x01\xd0" "\x1b\xf5\x17\x7d\xf5\xff\xb7\xde\xfe\xab\xdf\x1e\xf4\xde\xcd\x23\x8b\x7f" "\x00\xeb\xb9\x9d\xf9\xdb\xe3\xdf\x9f\xb2\x5d\x67\x60\xd9\xff\xfb\x8d\x34" "\x9c\xe4\xc2\xf5\xf9\xc1\x6a\xcb\x26\xcd\xc3\x00\x00\x00\x00\x34\xd9\x95" "\x23\x49\x5e\x5b\x6d\xfe\xaf\xcc\x53\x1d\xf5\xaa\xf4\xd3\x49\x9e\x49\xf2" "\x6c\x92\xa1\xa4\xb5\xae\x67\x77\x92\xe7\x93\xbc\x90\x64\x4f\xbd\x9e\x68" "\x1d\x96\xd7\x5f\x39\xff\x53\xde\xb8\xaf\x03\xe3\x9e\xdc\x3c\x92\xbc\x9b" "\x64\x7e\xc5\xfc\x5f\x3d\xfb\x97\x5d\x7d\xed\xdc\x23\x55\x26\x03\xc5\xf1" "\x93\x33\xd3\x87\x92\x3c\x9a\x64\x24\x03\x5b\xab\xfc\xf8\x1a\x6d\x4c\xfe" "\xf0\xc7\x4f\xdd\xca\xaa\xf1\xbf\xf6\x73\xdf\x60\xbd\x55\xed\x57\xef\x4b" "\x35\xca\x1b\xfd\xcb\xee\x4f\x4f\x4d\xce\x4d\x3e\xc8\x31\xb3\xe4\xe6\xe7" "\xc9\x50\xff\x6a\xe3\x5f\xdc\x5e\x09\x54\x24\x79\x31\xc9\xde\xfb\x6c\xe3" "\xe2\xa5\xdd\x97\xbb\x95\xdd\x7d\xfc\xd9\x4c\x0b\xdf\x27\xfb\x57\x8d\xff" "\xa5\x95\x8b\xc5\xda\xeb\x33\xc7\x5a\xd7\x83\xb1\xfa\xaa\xb0\xd2\xd5\x85" "\xe1\xf9\x6e\xed\x1b\xff\xde\xaa\xe2\x7f\xfb\xda\xe3\xbf\xab\xe8\x5c\xaf" "\x3b\xbb\xfe\x36\x2e\x0f\xfc\xf5\x4f\xb7\xb2\xfb\xbd\xfe\x6f\x29\x8e\xb6" "\x3a\xb8\xa5\xbd\xef\xd3\xc9\xb9\xb9\xb3\xe3\xc9\x96\xe2\xbd\x95\xfb\x0f" "\xaf\xbf\xcf\x0f\xab\xfa\x7c\xd4\xe7\xab\x1a\xff\x91\x7d\xab\x7f\xff\x3f" "\xde\xfe\x4c\x75\x42\xf7\x25\x79\x29\xc9\xcb\xed\xb5\xcb\xfb\x5b\xdf\xfd" "\xc9\xab\x49\x0e\x24\x39\xb8\x46\x9b\x5f\x1e\xf8\xea\x4a\xb7\x32\xf1\xdf" "\x5b\xd5\xf8\x4f\xad\x2b\xfe\xd7\x9f\xf8\x7b\xdb\xd1\xab\xdd\xda\xef\xbc" "\xff\x5b\x6d\x55\xfb\xf5\xbd\xe0\x45\x55\xfc\xbf\xd9\xea\xcc\x48\x7b\x8f" "\xdf\x7f\x77\x77\xaf\x03\xd4\xeb\x7e\x02\x00\x00\x00\x00\x00\x00\xb0\x31" "\xca\xd6\x33\xf0\x8a\x72\xf4\x76\xba\x2c\x47\x47\x17\x9f\xe1\xf7\x44\xb6" "\x97\x33\x67\x66\xe7\x0e\x1e\x3f\xf3\xc9\xe9\xa9\xc5\x67\xe5\xed\xca\x40" "\x59\xaf\xf4\x1a\xec\x58\x0f\x3a\xde\x4a\x2f\xe5\x0f\x2f\xcb\xbf\x91\xe4" "\xb1\x24\xdf\xf4\x6d\x6b\xe5\x47\x8f\x9d\x99\x99\xea\xf5\xc1\x43\xc3\xed" "\xe8\x12\xff\x95\x5f\xfb\x7a\xdd\x3b\x60\xd3\x79\x5e\x2b\x34\x97\xf8\x87" "\xe6\x12\xff\xd0\x5c\xe2\x1f\x9a\x4b\xfc\x43\x73\x89\x7f\x68\x2e\xf1\x0f" "\xcd\x25\xfe\xa1\xb9\xc4\x3f\x34\x97\xf8\x87\x46\x7a\x90\xe7\xfa\x49\x48" "\x48\x3c\xac\x89\x5e\x5f\x99\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\x1f\xfe\x0d\x00\x00\xff" "\xff\xbc\xb0\xdc\x06", 1049); syz_mount_image(/*fs=*/0x200000000440, /*dir=*/0x200000000480, /*flags=*/0, /*opts=*/0x200000000000, /*chdir=*/1, /*size=*/0x419, /*img=*/0x200000000500); memcpy((void*)0x200000000000, "lo\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16); res = syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x8933, /*arg=*/0x200000000000ul); if (res != -1) r[122] = *(uint32_t*)0x200000000010; *(uint16_t*)0x200000000580 = 0x11; *(uint16_t*)0x200000000582 = htobe16(7); *(uint32_t*)0x200000000584 = r[122]; *(uint16_t*)0x200000000588 = 1; *(uint8_t*)0x20000000058a = 0; *(uint8_t*)0x20000000058b = 6; memset((void*)0x20000000058c, 255, 6); memset((void*)0x200000000592, 0, 2); syscall(__NR_bind, /*fd=*/-1, /*addr=*/0x200000000580ul, /*addrlen=*/0x14ul); memcpy((void*)0x200000000180, "team0\000\000\000\000\000\000\000\000\000\000\000", 16); res = syscall(__NR_ioctl, /*fd=*/r[121], /*cmd=*/0x8933, /*arg=*/0x200000000180ul); if (res != -1) r[123] = *(uint32_t*)0x200000000190; memcpy((void*)0x2000000001c0, "team0\000\000\000\000\000\000\000\000\000\000\000", 16); res = syscall(__NR_ioctl, /*fd=*/r[121], /*cmd=*/0x8933, /*arg=*/0x2000000001c0ul); if (res != -1) r[124] = *(uint32_t*)0x2000000001d0; *(uint32_t*)0x200000000280 = 0x14; res = syscall(__NR_getsockname, /*fd=*/-1, /*addr=*/0x200000000200ul, /*addrlen=*/0x200000000280ul); if (res != -1) r[125] = *(uint32_t*)0x200000000204; res = syscall(__NR_socket, /*domain=*/0xaul, /*type=SOCK_RAW*/ 3ul, /*proto=*/3); if (res != -1) r[126] = res; memcpy((void*)0x200000000300, "lo\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16); res = syscall(__NR_ioctl, /*fd=*/r[126], /*cmd=*/0x8933, /*arg=*/0x200000000300ul); if (res != -1) r[127] = *(uint32_t*)0x200000000310; res = syscall(__NR_socket, /*domain=*/0x11ul, /*type=SOCK_RAW*/ 3ul, /*proto=*/0x300); if (res != -1) r[128] = res; memcpy((void*)0x200000000000, "\xb3\xa2\xea\x52\x22\x30\x0a\xed\xdd\xc6\x56\xc6\x68\xb7", 14); *(uint16_t*)0x200000000100 = 0x11; *(uint16_t*)0x200000000102 = htobe16(0); *(uint32_t*)0x200000000104 = r[127]; *(uint16_t*)0x200000000108 = 1; *(uint8_t*)0x20000000010a = 0; *(uint8_t*)0x20000000010b = 6; memset((void*)0x20000000010c, 170, 5); *(uint8_t*)0x200000000111 = 0; memset((void*)0x200000000112, 0, 2); syscall(__NR_sendto, /*fd=*/r[128], /*buf=*/0x200000000000ul, /*len=*/0xeul, /*f=*/0ul, /*addr=*/0x200000000100ul, /*addrlen=*/0x14ul); memcpy((void*)0x2000000002c0, "batadv_slave_1\000\000", 16); res = syscall(__NR_ioctl, /*fd=*/r[121], /*cmd=*/0x8933, /*arg=*/0x2000000002c0ul); if (res != -1) r[129] = *(uint32_t*)0x2000000002d0; memcpy((void*)0x200000000380, "ip_vti0\000\000\000\000\000\000\000\000\000", 16); *(uint64_t*)0x200000000390 = 0x200000000300; memcpy((void*)0x200000000300, "tunl0\000\000\000\000\000\000\000\000\000\000\000", 16); *(uint32_t*)0x200000000310 = 0; *(uint16_t*)0x200000000314 = htobe16(0x10); *(uint16_t*)0x200000000316 = htobe16(0x20); *(uint32_t*)0x200000000318 = htobe32(0x3f); *(uint32_t*)0x20000000031c = htobe32(9); STORE_BY_BITMASK(uint8_t, , 0x200000000320, 0xa, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x200000000320, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x200000000321, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x200000000321, 0x1f, 2, 6); *(uint16_t*)0x200000000322 = htobe16(0x28); *(uint16_t*)0x200000000324 = htobe16(0x67); *(uint16_t*)0x200000000326 = htobe16(0); *(uint8_t*)0x200000000328 = 0x97; *(uint8_t*)0x200000000329 = 0x29; *(uint16_t*)0x20000000032a = htobe16(0); *(uint8_t*)0x20000000032c = 0xac; *(uint8_t*)0x20000000032d = 0x14; *(uint8_t*)0x20000000032e = 0x14; *(uint8_t*)0x20000000032f = 0xbb; *(uint32_t*)0x200000000330 = htobe32(-1); *(uint8_t*)0x200000000334 = 1; *(uint8_t*)0x200000000335 = 0x89; *(uint8_t*)0x200000000336 = 0xf; *(uint8_t*)0x200000000337 = 0x8d; *(uint8_t*)0x200000000338 = 0xac; *(uint8_t*)0x200000000339 = 0x1e; *(uint8_t*)0x20000000033a = 0; *(uint8_t*)0x20000000033b = 1; *(uint32_t*)0x20000000033c = htobe32(0); *(uint32_t*)0x200000000340 = htobe32(0xa010102); *(uint8_t*)0x200000000344 = 0; struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x200000000320, 40); *(uint16_t*)0x20000000032a = csum_inet_digest(&csum_2); res = syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f2, /*arg=*/0x200000000380ul); if (res != -1) r[130] = *(uint32_t*)0x200000000310; memcpy((void*)0x2000000003c0, "gre0\000\000\000\000\000\000\000\000\000\000\000\000", 16); *(uint64_t*)0x2000000003d0 = 0x200000000940; memcpy((void*)0x200000000940, "syztnl0\000\000\000\000\000\000\000\000\000", 16); *(uint32_t*)0x200000000950 = 0; *(uint16_t*)0x200000000954 = htobe16(0x40); *(uint16_t*)0x200000000956 = htobe16(0x700); *(uint32_t*)0x200000000958 = htobe32(0xfffffffc); *(uint32_t*)0x20000000095c = htobe32(2); STORE_BY_BITMASK(uint8_t, , 0x200000000960, 0x33, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x200000000960, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x200000000961, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x200000000961, 0x39, 2, 6); *(uint16_t*)0x200000000962 = htobe16(0xcc); *(uint16_t*)0x200000000964 = htobe16(0x68); *(uint16_t*)0x200000000966 = htobe16(0); *(uint8_t*)0x200000000968 = 2; *(uint8_t*)0x200000000969 = 4; *(uint16_t*)0x20000000096a = htobe16(0); *(uint32_t*)0x20000000096c = htobe32(0x64010100); *(uint32_t*)0x200000000970 = htobe32(0xe0000001); *(uint8_t*)0x200000000974 = 0x44; *(uint8_t*)0x200000000975 = 0xc; *(uint8_t*)0x200000000976 = 0x35; STORE_BY_BITMASK(uint8_t, , 0x200000000977, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x200000000977, 0, 4, 4); *(uint32_t*)0x200000000978 = htobe32(0); *(uint32_t*)0x20000000097c = htobe32(5); *(uint8_t*)0x200000000980 = 0x86; *(uint8_t*)0x200000000981 = 0x57; *(uint32_t*)0x200000000982 = htobe32(1); *(uint8_t*)0x200000000986 = 2; *(uint8_t*)0x200000000987 = 0xf; memcpy((void*)0x200000000988, "\xfe\x77\x00\xef\x32\x59\x1e\x53\xb0\x21\x09\xab\xee", 13); *(uint8_t*)0x200000000995 = 0; *(uint8_t*)0x200000000996 = 9; memcpy((void*)0x200000000997, "\x7c\xa1\xad\xe9\x86\x92\x94", 7); *(uint8_t*)0x20000000099e = 1; *(uint8_t*)0x20000000099f = 0xb; memcpy((void*)0x2000000009a0, "\x45\x8c\x95\x02\xd2\x28\x5d\x7f\xc9", 9); *(uint8_t*)0x2000000009a9 = 6; *(uint8_t*)0x2000000009aa = 0xc; memcpy((void*)0x2000000009ab, "\xe2\x5c\x80\x66\x82\x2c\x6b\xd7\x3b\x6c", 10); *(uint8_t*)0x2000000009b5 = 0; *(uint8_t*)0x2000000009b6 = 0x12; memcpy((void*)0x2000000009b7, "\x45\x8b\xba\xbf\xac\xe4\x82\xde\xf7\x8d\xe6\xd1\x61\x05\xd8\xc2", 16); *(uint8_t*)0x2000000009c7 = 1; *(uint8_t*)0x2000000009c8 = 4; memcpy((void*)0x2000000009c9, "\xea\xef", 2); *(uint8_t*)0x2000000009cb = 6; *(uint8_t*)0x2000000009cc = 0xc; memcpy((void*)0x2000000009cd, "\xbc\xe9\x07\x69\xc9\xcd\x77\x85\xe1\xe7", 10); *(uint8_t*)0x2000000009d7 = 0x86; *(uint8_t*)0x2000000009d8 = 0x55; *(uint32_t*)0x2000000009d9 = htobe32(-1); *(uint8_t*)0x2000000009dd = 1; *(uint8_t*)0x2000000009de = 2; *(uint8_t*)0x2000000009df = 7; *(uint8_t*)0x2000000009e0 = 0xc; memcpy((void*)0x2000000009e1, "\x2b\x2a\x01\xdf\x96\xc5\x3c\x8f\x29\x90", 10); *(uint8_t*)0x2000000009eb = 2; *(uint8_t*)0x2000000009ec = 0x10; memcpy((void*)0x2000000009ed, "\x6d\xc1\x2a\xa5\x18\xc0\x1b\xd0\x8b\x4f\xee\xed\x4e\xe9", 14); *(uint8_t*)0x2000000009fb = 5; *(uint8_t*)0x2000000009fc = 0x11; memcpy((void*)0x2000000009fd, "\xdc\x23\x28\xb2\xf2\xe3\xee\xd4\xda\xc3\x10\xae\xa5\xfd\x1a", 15); *(uint8_t*)0x200000000a0c = 6; *(uint8_t*)0x200000000a0d = 0x10; memcpy((void*)0x200000000a0e, "\x5b\xc1\xdd\x8e\x4a\x48\xbe\xd8\x4e\x98\x8f\xf3\x6f\xa8", 14); *(uint8_t*)0x200000000a1c = 7; *(uint8_t*)0x200000000a1d = 0x10; memcpy((void*)0x200000000a1e, "\xa4\x47\xe7\x28\x12\xe8\x71\x7a\x96\xf2\xea\x4a\xfe\x24", 14); struct csum_inet csum_3; csum_inet_init(&csum_3); csum_inet_update(&csum_3, (const uint8_t*)0x200000000960, 204); *(uint16_t*)0x20000000096a = csum_inet_digest(&csum_3); res = syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f0, /*arg=*/0x2000000003c0ul); if (res != -1) r[131] = *(uint32_t*)0x200000000950; res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0); if (res != -1) r[132] = res; memcpy((void*)0x200000001b40, "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16); res = syscall(__NR_ioctl, /*fd=*/r[132], /*cmd=*/0x8933, /*arg=*/0x200000001b40ul); if (res != -1) r[133] = *(uint32_t*)0x200000001b50; *(uint64_t*)0x200000000380 = 0; *(uint32_t*)0x200000000388 = 0; *(uint64_t*)0x200000000390 = 0x200000000340; *(uint64_t*)0x200000000340 = 0x200000001b80; *(uint32_t*)0x200000001b80 = 0xec4; *(uint16_t*)0x200000001b84 = 0x64; *(uint16_t*)0x200000001b86 = 1; *(uint32_t*)0x200000001b88 = 0; *(uint32_t*)0x200000001b8c = 0; *(uint8_t*)0x200000001b90 = 0; *(uint8_t*)0x200000001b91 = 0; *(uint16_t*)0x200000001b92 = 0; *(uint32_t*)0x200000001b94 = r[133]; *(uint16_t*)0x200000001b98 = 0; *(uint16_t*)0x200000001b9a = 0; *(uint16_t*)0x200000001b9c = 0; *(uint16_t*)0x200000001b9e = 4; *(uint16_t*)0x200000001ba0 = 0; *(uint16_t*)0x200000001ba2 = 0; *(uint16_t*)0x200000001ba4 = 0xc; *(uint16_t*)0x200000001ba6 = 1; memcpy((void*)0x200000001ba8, "tcindex\000", 8); *(uint16_t*)0x200000001bb0 = 0x24; *(uint16_t*)0x200000001bb2 = 2; *(uint16_t*)0x200000001bb4 = 8; *(uint16_t*)0x200000001bb6 = 3; *(uint32_t*)0x200000001bb8 = 0; *(uint16_t*)0x200000001bbc = 8; *(uint16_t*)0x200000001bbe = 1; *(uint32_t*)0x200000001bc0 = 0; *(uint16_t*)0x200000001bc4 = 8; *(uint16_t*)0x200000001bc6 = 5; *(uint16_t*)0x200000001bc8 = 0; *(uint16_t*)0x200000001bca = 0; *(uint16_t*)0x200000001bcc = 8; *(uint16_t*)0x200000001bce = 1; *(uint32_t*)0x200000001bd0 = 0; *(uint16_t*)0x200000001bd4 = 0xa; *(uint16_t*)0x200000001bd6 = 1; memcpy((void*)0x200000001bd8, "rsvp6\000", 6); *(uint16_t*)0x200000001be0 = 0xe64; *(uint16_t*)0x200000001be2 = 2; *(uint16_t*)0x200000001be4 = 0xe60; *(uint16_t*)0x200000001be6 = 6; *(uint16_t*)0x200000001be8 = 0x124; STORE_BY_BITMASK(uint16_t, , 0x200000001bea, 0, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000001beb, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000001beb, 0, 7, 1); *(uint16_t*)0x200000001bec = 8; *(uint16_t*)0x200000001bee = 1; memcpy((void*)0x200000001bf0, "nat\000", 4); *(uint16_t*)0x200000001bf4 = 0x54; STORE_BY_BITMASK(uint16_t, , 0x200000001bf6, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000001bf7, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000001bf7, 1, 7, 1); *(uint16_t*)0x200000001bf8 = 0x28; *(uint16_t*)0x200000001bfa = 1; *(uint32_t*)0x200000001bfc = 0; *(uint32_t*)0x200000001c00 = 0; *(uint32_t*)0x200000001c04 = 0; *(uint32_t*)0x200000001c08 = 0; *(uint32_t*)0x200000001c0c = 0; *(uint8_t*)0x200000001c10 = 0xac; *(uint8_t*)0x200000001c11 = 0x14; *(uint8_t*)0x200000001c12 = 0x14; *(uint8_t*)0x200000001c13 = 0xaa; *(uint32_t*)0x200000001c14 = htobe32(0xe0000001); *(uint32_t*)0x200000001c18 = htobe32(0); *(uint32_t*)0x200000001c1c = 0; *(uint16_t*)0x200000001c20 = 0x28; *(uint16_t*)0x200000001c22 = 1; *(uint32_t*)0x200000001c24 = 0; *(uint32_t*)0x200000001c28 = 0; *(uint32_t*)0x200000001c2c = 0; *(uint32_t*)0x200000001c30 = 0; *(uint32_t*)0x200000001c34 = 0; *(uint32_t*)0x200000001c38 = htobe32(0); *(uint32_t*)0x200000001c3c = htobe32(-1); *(uint32_t*)0x200000001c40 = htobe32(0); *(uint32_t*)0x200000001c44 = 0; *(uint16_t*)0x200000001c48 = 0xa9; *(uint16_t*)0x200000001c4a = 6; memcpy((void*)0x200000001c4c, "\x7f\x55\xdb\xe4\xf0\x61\x52\x21\xd8\x96\xfe\x3e\xfa\x06\x3c\x44\xe9" "\x1e\xd3\x68\x14\x75\xce\xc0\xa7\x42\x2b\x98\xa3\xd4\xcd\x1d\xdc\x31" "\x9a\x99\xc1\x5c\x37\xb5\x70\xed\xbc\xb5\x3f\x30\x49\xf3\x39\x53\x17" "\xc7\x8b\xef\x16\x3d\xcb\x2b\x4c\x62\xfd\x86\x6d\x04\xf2\xd8\xd4\xf1" "\x97\xb0\xbf\x2f\x1c\xee\xf3\xa5\xb1\xf7\x2a\x04\x7b\xe6\x82\xb7\x52" "\x71\xb9\x32\xbd\xaa\xfb\x03\x87\xb3\xce\x7b\x9f\x55\xae\xa4\x9d\x9c" "\xba\xf5\x6c\x29\xf1\x8a\x3d\x85\x9b\xc4\x4e\xda\x6d\x73\xc5\x51\x9c" "\x7a\x56\x25\x46\x53\xf8\xd8\x91\x5e\x58\x18\xac\x43\x2e\x25\xe1\x88" "\x8f\xf1\x36\x91\xd1\x95\x65\xd4\xdc\x99\x0c\x4e\x4c\xdb\x2b\x58\x0c" "\xac\xcf\xdc\x71\x2b\x24\x2e\x62\x19\xd8\xc5\x83", 165); *(uint16_t*)0x200000001cf4 = 0xc; *(uint16_t*)0x200000001cf6 = 7; *(uint32_t*)0x200000001cf8 = 0; *(uint32_t*)0x200000001cfc = 0; *(uint16_t*)0x200000001d00 = 0xc; *(uint16_t*)0x200000001d02 = 8; *(uint32_t*)0x200000001d04 = 0; *(uint32_t*)0x200000001d08 = 0; *(uint16_t*)0x200000001d0c = 0x190; STORE_BY_BITMASK(uint16_t, , 0x200000001d0e, 0, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000001d0f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000001d0f, 0, 7, 1); *(uint16_t*)0x200000001d10 = 9; *(uint16_t*)0x200000001d12 = 1; memcpy((void*)0x200000001d14, "gact\000", 5); *(uint16_t*)0x200000001d1c = 0x64; STORE_BY_BITMASK(uint16_t, , 0x200000001d1e, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000001d1f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000001d1f, 1, 7, 1); *(uint16_t*)0x200000001d20 = 0x18; *(uint16_t*)0x200000001d22 = 2; *(uint32_t*)0x200000001d24 = 0; *(uint32_t*)0x200000001d28 = 0; *(uint32_t*)0x200000001d2c = 0; *(uint32_t*)0x200000001d30 = 0; *(uint32_t*)0x200000001d34 = 0; *(uint16_t*)0x200000001d38 = 0x18; *(uint16_t*)0x200000001d3a = 2; *(uint32_t*)0x200000001d3c = 0; *(uint32_t*)0x200000001d40 = 0; *(uint32_t*)0x200000001d44 = 0; *(uint32_t*)0x200000001d48 = 0; *(uint32_t*)0x200000001d4c = 0; *(uint16_t*)0x200000001d50 = 0x18; *(uint16_t*)0x200000001d52 = 2; *(uint32_t*)0x200000001d54 = 0; *(uint32_t*)0x200000001d58 = 0; *(uint32_t*)0x200000001d5c = 0; *(uint32_t*)0x200000001d60 = 0; *(uint32_t*)0x200000001d64 = 0; *(uint16_t*)0x200000001d68 = 0x18; *(uint16_t*)0x200000001d6a = 2; *(uint32_t*)0x200000001d6c = 0; *(uint32_t*)0x200000001d70 = 0; *(uint32_t*)0x200000001d74 = 0; *(uint32_t*)0x200000001d78 = 0; *(uint32_t*)0x200000001d7c = 0; *(uint16_t*)0x200000001d80 = 0x101; *(uint16_t*)0x200000001d82 = 6; memcpy((void*)0x200000001d84, "\x9f\xcf\x28\x83\xff\xf3\x70\x4c\xca\xa4\x9c\x8f\xc8\x6e\xf5\xd7\x08" "\x03\xbc\x93\xf6\xf9\x13\xd0\x43\xff\xd1\x2c\xb9\x87\xc6\xc7\xa8\x28" "\x81\x27\xd1\x5b\x8c\xe7\x9b\x75\x6e\x56\x2a\xf0\x83\x81\x82\x7b\xd0" "\x1e\xc5\x07\x89\xbd\x26\x4c\x1c\x39\x64\xf9\x62\x7a\x8f\x9f\x6c\x3b" "\xbf\x31\x50\x2d\xc5\x78\x1d\xfe\x7b\x3d\x7f\xd7\xb6\xc9\x6b\xbb\xb4" "\xe0\x4f\x39\xa6\xa2\xb0\x5c\xc4\x98\x8d\x5a\x5a\x6d\xed\x70\x1d\xbc" "\xbd\x08\x96\xdd\xb2\x16\xcc\x26\x87\x5e\xc7\x4a\xfa\xab\xe4\x88\x74" "\xdd\x09\x06\xb5\x80\xfc\x92\x38\xc2\x01\xe8\x27\x39\x74\x6d\xe3\xbd" "\x36\x82\xc5\x79\x1c\x3c\xc5\xe8\x97\x5c\xc7\x68\xb4\x18\xd3\xb6\x3f" "\x23\x56\x3c\x24\x3e\x9e\x55\x4e\xa4\x65\x2f\xd7\x93\x47\x78\xca\x69" "\x9b\xcb\x17\xe7\x66\x22\x5a\xef\xde\xbf\x20\x7d\xb5\xb5\xa1\xbe\x5b" "\x92\xbd\x99\x08\x0a\x95\xb4\x73\x35\x9f\x62\xb0\x78\xd8\x7d\xb1\xa2" "\x5d\x33\xaf\x09\x70\xee\x94\x41\xca\x08\x99\x7d\xdc\x80\xd4\xcb\x87" "\x58\xd4\x7d\x16\xdd\x63\x2f\x0e\x1a\x28\x7e\x2a\x8e\x2e\x33\x64\x2c" "\x1b\xe0\x1f\x7e\xe9\xfd\xe1\xc0\x9e\xbe\x67\x8a\x95\x31\x20", 253); *(uint16_t*)0x200000001e84 = 0xc; *(uint16_t*)0x200000001e86 = 7; *(uint32_t*)0x200000001e88 = 0; *(uint32_t*)0x200000001e8c = 0; *(uint16_t*)0x200000001e90 = 0xc; *(uint16_t*)0x200000001e92 = 8; *(uint32_t*)0x200000001e94 = 0; *(uint32_t*)0x200000001e98 = 0; *(uint16_t*)0x200000001e9c = 0xac; STORE_BY_BITMASK(uint16_t, , 0x200000001e9e, 0, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000001e9f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000001e9f, 0, 7, 1); *(uint16_t*)0x200000001ea0 = 8; *(uint16_t*)0x200000001ea2 = 1; memcpy((void*)0x200000001ea4, "nat\000", 4); *(uint16_t*)0x200000001ea8 = 0x54; STORE_BY_BITMASK(uint16_t, , 0x200000001eaa, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000001eab, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000001eab, 1, 7, 1); *(uint16_t*)0x200000001eac = 0x28; *(uint16_t*)0x200000001eae = 1; *(uint32_t*)0x200000001eb0 = 0; *(uint32_t*)0x200000001eb4 = 0; *(uint32_t*)0x200000001eb8 = 0; *(uint32_t*)0x200000001ebc = 0; *(uint32_t*)0x200000001ec0 = 0; *(uint32_t*)0x200000001ec4 = htobe32(0xe0000001); *(uint8_t*)0x200000001ec8 = 0xac; *(uint8_t*)0x200000001ec9 = 0x14; *(uint8_t*)0x200000001eca = 0x14; *(uint8_t*)0x200000001ecb = 0xbb; *(uint32_t*)0x200000001ecc = htobe32(0); *(uint32_t*)0x200000001ed0 = 0; *(uint16_t*)0x200000001ed4 = 0x28; *(uint16_t*)0x200000001ed6 = 1; *(uint32_t*)0x200000001ed8 = 0; *(uint32_t*)0x200000001edc = 0; *(uint32_t*)0x200000001ee0 = 0; *(uint32_t*)0x200000001ee4 = 0; *(uint32_t*)0x200000001ee8 = 0; *(uint32_t*)0x200000001eec = htobe32(0xe0000001); *(uint8_t*)0x200000001ef0 = 0xac; *(uint8_t*)0x200000001ef1 = 0x14; *(uint8_t*)0x200000001ef2 = 0x14; *(uint8_t*)0x200000001ef3 = 0; *(uint32_t*)0x200000001ef4 = htobe32(0); *(uint32_t*)0x200000001ef8 = 0; *(uint16_t*)0x200000001efc = 0x31; *(uint16_t*)0x200000001efe = 6; memcpy((void*)0x200000001f00, "\x72\xad\x1f\x5d\xa6\x46\x30\x4a\xed\x9d\xf0\xef\x31\x30\x4a\x92\xc8" "\xc6\x16\xee\x53\xeb\xf1\x3e\x60\x2e\xff\x93\x15\x5d\xe0\x7b\x07\xaa" "\x33\x77\xf0\xf7\x8a\x47\xd6\x0b\xbc\x8d\x94", 45); *(uint16_t*)0x200000001f30 = 0xc; *(uint16_t*)0x200000001f32 = 7; *(uint32_t*)0x200000001f34 = 0; *(uint32_t*)0x200000001f38 = 0; *(uint16_t*)0x200000001f3c = 0xc; *(uint16_t*)0x200000001f3e = 8; *(uint32_t*)0x200000001f40 = 0; *(uint32_t*)0x200000001f44 = 0; *(uint16_t*)0x200000001f48 = 0x130; STORE_BY_BITMASK(uint16_t, , 0x200000001f4a, 0, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000001f4b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000001f4b, 0, 7, 1); *(uint16_t*)0x200000001f4c = 0xb; *(uint16_t*)0x200000001f4e = 1; memcpy((void*)0x200000001f50, "mirred\000", 7); *(uint16_t*)0x200000001f58 = 0xc4; STORE_BY_BITMASK(uint16_t, , 0x200000001f5a, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000001f5b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000001f5b, 1, 7, 1); *(uint16_t*)0x200000001f5c = 0x20; *(uint16_t*)0x200000001f5e = 2; *(uint32_t*)0x200000001f60 = 0; *(uint32_t*)0x200000001f64 = 0; *(uint32_t*)0x200000001f68 = 0; *(uint32_t*)0x200000001f6c = 0; *(uint32_t*)0x200000001f70 = 0; *(uint32_t*)0x200000001f74 = 0; *(uint32_t*)0x200000001f78 = 0; *(uint16_t*)0x200000001f7c = 0x20; *(uint16_t*)0x200000001f7e = 2; *(uint32_t*)0x200000001f80 = 0; *(uint32_t*)0x200000001f84 = 0; *(uint32_t*)0x200000001f88 = 0; *(uint32_t*)0x200000001f8c = 0; *(uint32_t*)0x200000001f90 = 0; *(uint32_t*)0x200000001f94 = 0; *(uint32_t*)0x200000001f98 = 0; *(uint16_t*)0x200000001f9c = 0x20; *(uint16_t*)0x200000001f9e = 2; *(uint32_t*)0x200000001fa0 = 0; *(uint32_t*)0x200000001fa4 = 0; *(uint32_t*)0x200000001fa8 = 0; *(uint32_t*)0x200000001fac = 0; *(uint32_t*)0x200000001fb0 = 0; *(uint32_t*)0x200000001fb4 = 0; *(uint32_t*)0x200000001fb8 = 0; *(uint16_t*)0x200000001fbc = 0x20; *(uint16_t*)0x200000001fbe = 2; *(uint32_t*)0x200000001fc0 = 0; *(uint32_t*)0x200000001fc4 = 0; *(uint32_t*)0x200000001fc8 = 0; *(uint32_t*)0x200000001fcc = 0; *(uint32_t*)0x200000001fd0 = 0; *(uint32_t*)0x200000001fd4 = 0; *(uint32_t*)0x200000001fd8 = 0; *(uint16_t*)0x200000001fdc = 0x20; *(uint16_t*)0x200000001fde = 2; *(uint32_t*)0x200000001fe0 = 0; *(uint32_t*)0x200000001fe4 = 0; *(uint32_t*)0x200000001fe8 = 0; *(uint32_t*)0x200000001fec = 0; *(uint32_t*)0x200000001ff0 = 0; *(uint32_t*)0x200000001ff4 = 0; *(uint32_t*)0x200000001ff8 = 0; *(uint16_t*)0x200000001ffc = 0x20; *(uint16_t*)0x200000001ffe = 2; *(uint32_t*)0x200000002000 = 0; *(uint32_t*)0x200000002004 = 0; *(uint32_t*)0x200000002008 = 0; *(uint32_t*)0x20000000200c = 5; *(uint32_t*)0x200000002010 = 0; *(uint32_t*)0x200000002014 = 0; *(uint32_t*)0x200000002018 = 0; *(uint16_t*)0x20000000201c = 0x41; *(uint16_t*)0x20000000201e = 6; memcpy((void*)0x200000002020, "\x0d\x75\x58\xfa\x48\x39\x43\x00\x9c\xc3\xd0\x54\x1d\x5d\x1b\x78\x98" "\xe6\x29\xd0\xe4\xb3\x04\xb3\x96\x90\x40\xef\x8d\xfd\xc5\x5e\x79\xa8" "\x72\xfc\xa1\xc2\x8b\xf2\x38\x16\x04\xad\xa9\x2f\x70\x65\x6d\x4c\x89" "\x4d\x2c\xce\x1a\xe9\x3d\x61\x66\x43\x13", 61); *(uint16_t*)0x200000002060 = 0xc; *(uint16_t*)0x200000002062 = 7; *(uint32_t*)0x200000002064 = 0; *(uint32_t*)0x200000002068 = 0; *(uint16_t*)0x20000000206c = 0xc; *(uint16_t*)0x20000000206e = 8; *(uint32_t*)0x200000002070 = 0; *(uint32_t*)0x200000002074 = 0; *(uint16_t*)0x200000002078 = 0x9cc; STORE_BY_BITMASK(uint16_t, , 0x20000000207a, 0, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20000000207b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000000207b, 0, 7, 1); *(uint16_t*)0x20000000207c = 0xb; *(uint16_t*)0x20000000207e = 1; memcpy((void*)0x200000002080, "skbmod\000", 7); *(uint16_t*)0x200000002088 = 4; STORE_BY_BITMASK(uint16_t, , 0x20000000208a, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20000000208b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000000208b, 1, 7, 1); *(uint16_t*)0x20000000208c = 0x99d; *(uint16_t*)0x20000000208e = 6; memcpy( (void*)0x200000002090, "\x91\x44\x10\xc3\x14\x2f\x4b\x77\x1a\x94\x34\xcc\x0f\x95\xe7\x04\x01\xb8" "\x48\xb6\x22\xff\x33\x17\x89\x14\x27\x49\x2c\x39\x12\xa8\x31\x5a\xce\xdc" "\xfb\x38\xe3\x96\x1c\x96\x20\x11\x76\xf4\x3b\x00\x35\xc0\x65\xf0\x1b\x1f" "\x4f\x3f\x06\x1f\xe8\x29\xa0\xdf\xbb\x01\x4a\xcd\xd4\x3c\x0d\x31\x51\x01" "\xf0\x89\x7d\xfe\x91\x57\x4a\xcf\x5b\x86\xe0\x96\x12\x4c\x50\x65\x0f\xce" "\x68\x28\x0c\x58\xd5\x6e\xc8\x50\x7a\xf5\x95\xd9\x8c\xa6\xf4\x48\x97\xbb" "\x7c\x58\xe9\x44\x62\x91\x23\xd9\x6f\x22\xac\x0b\xd6\x6d\x1b\x95\x2c\xdf" "\x47\x5b\x84\xb2\xa7\xab\x6f\xa7\xbc\xec\x0e\x72\x45\x55\x90\x2a\x25\x49" "\x2c\xd4\x08\x47\x97\x15\x0c\x5e\xf3\x05\x15\x45\x62\x1a\x78\xab\xd9\xff" "\x86\xc8\x82\x05\xe6\xdf\x41\x33\x76\x8e\x82\x71\xc6\x34\x35\x51\x52\x93" "\xcd\xdd\x75\xe0\x96\xe9\x28\x67\x2d\x99\xc6\x30\xb2\x85\xc3\x9e\xc1\xf0" "\xc5\x6e\x66\xb6\x7e\xb4\x38\x26\x72\xc8\xde\x49\x56\x98\x16\x4c\x19\xde" "\x6d\x2a\xcb\x8c\xdb\xa3\x40\x6d\xb2\x48\x68\xba\xe0\xfc\x93\xa1\xa6\x79" "\x85\xc0\x40\x96\x8c\x05\x92\x36\x1e\x5e\xcc\x0d\xde\xda\x42\x2e\x37\x66" "\x12\x75\x58\xcd\x30\xbc\xf6\xc5\xd7\xd2\x33\x39\xc2\x28\xdf\x7f\xb1\xe4" "\x5b\x5d\x29\xfc\x28\x1f\x9a\x1f\xad\x68\xc7\x9d\x11\x10\xe6\x16\x84\x21" "\x90\x56\x59\x8f\xbd\xb3\x55\xb3\x36\x97\xda\x47\xb0\x00\x02\x58\x4c\x72" "\x5f\xf7\x53\x86\x50\x3e\xbd\x9b\x1a\xb4\x52\x17\x3f\x31\xc9\x0d\xac\x89" "\x24\x20\x7d\xc1\xe6\xb5\x66\xdf\x35\x52\x89\x9e\x85\xb1\xa7\xa3\x31\x3b" "\x54\x26\x81\xf0\xae\x5d\x10\x03\x66\xdb\x60\xa9\x85\xc5\x09\x3d\x18\xcc" "\x32\x6a\x44\xd8\x70\x4f\xc8\x02\xc9\xf7\x2c\x54\x33\xe5\xc5\xd7\xd9\x68" "\xce\x9c\xc6\x4d\x43\x17\xe0\x8d\x96\x53\xd5\xc3\x37\x8e\x94\xd0\x0e\x68" "\x3c\xd0\x49\x9a\x28\x15\x8c\x62\x0c\x79\x0d\xfe\x93\x01\x47\x10\x0a\x60" "\x6f\x70\x44\x38\xe3\xc2\x8f\x9d\xad\x21\x8e\x57\x93\x77\x0a\xb2\x79\xd6" "\xe1\xee\x0c\xdc\xbd\x0e\x58\x5e\xb0\x17\x36\x20\x6e\x68\x48\xa8\x75\xb7" "\xd3\x8f\x36\xe4\x00\xba\x7a\xee\x0e\x68\x74\xa3\xf2\xc1\x78\xec\xc8\xc3" "\x3b\x85\xc1\x1a\x8b\xc4\xd1\xf6\x4d\x1f\x4f\x42\xad\x92\x4e\x0a\x2e\xa6" "\x8c\x09\x6b\x6a\xf0\x29\x05\x84\x16\x3c\x0f\x74\xd4\x5b\xf2\xf7\x01\x41" "\x4a\xd5\xe9\xeb\x2d\x8c\x1f\xd9\x32\x60\x51\x08\x9c\x2e\x74\x22\xed\x2b" "\x14\xab\x97\x26\x0a\x7b\xb0\xb0\xa4\x14\x18\xe9\x79\x8d\xa6\x69\x0f\x0d" "\x41\xd6\xfe\x41\xbe\x78\xef\x09\x97\x6e\xb1\x9d\xbc\xd7\xdb\x0a\xbc\x49" "\x3e\x35\x73\xe3\x89\x14\xba\x11\x56\x84\x90\x41\xed\x39\x56\x82\x7c\x07" "\x9e\xc8\xf7\x8b\xb1\x01\xf0\xea\xa0\x62\xe4\x2e\x14\x7c\xbb\xe0\xc4\xbc" "\xd0\x4a\x21\x72\x56\x7b\x75\x2c\xaa\x45\x5d\x55\x47\x1a\xe2\x95\x74\xbc" "\xd2\x7c\xb3\x6f\xba\xb6\xbc\xbe\xf2\xf7\x08\x67\x93\xa8\x60\xa7\xc5\x3d" "\x55\xa1\xe0\x5a\xb4\x70\x12\x83\xf8\xfa\x5d\x98\xd4\x27\x8d\x17\x7b\xe2" "\x6d\xfa\x7a\x45\x91\x01\x4d\x78\xd7\x46\x7e\xb1\x72\x25\x02\x3e\xae\x7d" "\xfa\xaf\x48\xf8\xd1\x93\x68\xfc\x51\x9a\x94\x5e\x7b\xfe\x87\x10\x00\xd8" "\x67\x55\x30\xca\xf7\x25\xcf\xf6\x0f\xdf\x02\xbd\xef\xf7\x7f\xa0\xcf\xe0" "\x20\x41\x26\x5b\xe3\xa1\xb5\x49\xb4\x4d\xa6\x48\xd2\xb2\x78\x57\xac\xab" "\x39\x98\x90\x43\xb1\xe3\xf0\xd6\x28\x96\x84\x3b\x47\xbc\xfe\x76\x73\x1f" "\x97\x38\x6b\xf8\x71\xcf\x8d\xd1\x19\x62\x21\x73\x68\x7c\x17\xb6\xd9\xe5" "\x1f\x3a\x05\x80\x0e\x81\xaf\x53\x43\x7d\x2f\xef\x3c\x96\x3d\x56\x60\xd9" "\xd6\x42\x74\xc0\x63\x6b\x5c\xf4\xc0\x55\x2b\x85\xf4\x1f\xe5\x11\x0e\x0b" "\x0c\x15\x93\x42\x44\x5e\x56\xbd\x00\x74\x4f\x65\x05\xde\x57\xdf\x44\x25" "\x1e\x47\x33\xb4\x9e\xdd\x8b\x14\x10\x05\x56\xb0\x4c\x1e\xc8\x87\x64\xb7" "\xad\xfc\xb6\xf0\x7e\xdc\x9e\x6a\x10\x4e\xb2\xfc\xfd\x16\x01\x2d\xd0\xe2" "\x88\x0e\x3e\xbd\x27\xc3\x98\x90\xdb\x33\x18\xd7\xc9\xf7\xa3\x6c\x49\xeb" "\x9c\xba\x81\xa7\x1d\x54\xab\x18\xa4\x54\xab\x5b\x29\xb9\xb3\x71\x16\x0a" "\xb5\x0e\xdb\x80\xe5\x7a\x0c\xcb\xc6\xa3\xd5\x77\x19\x98\xbe\xed\x38\x1d" "\x5b\x1a\xf1\x8c\x39\xba\xa2\x64\x70\x15\xdb\x44\x6c\xbd\x8f\x28\xae\xdd" "\x56\x39\x7d\x88\xaf\xcd\x5c\xd0\x33\x17\x85\x83\xcf\xa3\xd2\xf0\xe6\xe9" "\xf3\x15\x5c\x30\x02\xd1\x96\x56\x44\x10\x9f\x82\xd6\xe8\x84\xfd\xee\x36" "\x6d\x10\xdc\xce\x30\x90\x74\x7d\xea\xd8\x34\x27\xac\x35\x28\x33\xd0\xf0" "\xef\x98\xe2\xea\x39\x53\xb0\x17\x86\x7b\x21\x8e\xb6\x74\xe4\x98\xff\xbc" "\x6f\x8d\x38\xcf\xec\x66\x07\xe9\x72\x84\xa6\x37\xfe\xc1\x0b\x91\x56\x26" "\x8b\x00\x82\xa4\xb1\x78\xf6\x05\xd1\xd4\xe1\x24\xc3\x90\xe4\xad\xb5\xfa" "\x79\x68\x82\xcd\x5b\x94\xd7\xa2\xf9\xba\x05\xbc\x53\x10\xdd\x48\x72\xfb" "\x65\xb9\x37\x87\x59\xaa\xe0\xd2\xd4\xa4\x9c\x36\x0d\xfe\x15\x2a\x03\xe6" "\xcc\x89\xf9\x1a\x7e\x07\xe5\x36\x1f\xcf\xa9\xc9\x38\x8a\xea\xc6\xf8\xe2" "\xa3\x16\x1b\x6b\x66\x83\xf6\x4c\x6f\xd9\x1e\x3e\xac\xe2\xb9\xb8\x88\xb8" "\xb0\x69\x3c\xc4\x39\xc5\x65\x52\x38\x91\x61\x12\x8f\xfd\xd1\xe7\x01\x2e" "\xb9\xf0\xbc\xbb\x6e\x8f\xc5\xc4\xf1\x0d\xb3\xc8\x5e\x2d\x83\x60\x1d\xae" "\xe7\xfa\x9c\x40\xcf\x9a\x90\x96\xe2\x52\x82\xb3\x62\xed\x31\x27\xfa\x71" "\xe9\x06\x14\x4c\x7d\x8c\x1d\xa1\x52\xe8\xd6\x83\xec\x13\xac\x8c\x7c\x48" "\x01\xf2\x2f\xb2\x9f\x81\xcd\x26\xf4\xf8\xe7\xec\x1d\x79\x0d\x63\x48\x40" "\x29\x9e\xc7\xf6\x9b\x62\xb6\xc3\x49\x18\xb1\xf7\xd4\x56\xce\xf0\x15\x28" "\x6c\x5c\x16\x9d\x5a\xb9\x85\x49\xec\x79\xec\xb9\xcc\x72\xff\x89\x58\x3f" "\xb4\xab\xf4\x5f\x07\xe4\x36\xc4\x38\xd5\x25\xb0\x16\x89\xc9\x8d\x8f\xdc" "\xa4\xe2\x73\xe8\x92\x3f\x82\x0d\x7a\x3d\x2e\x02\x5d\x8f\x88\x31\xba\x75" "\x9a\x4d\x34\x46\xd3\xb7\x81\x5f\x8b\x09\x27\x20\x01\xa1\xe7\x46\xba\xdc" "\x24\xbf\x23\xdd\x9b\x16\x02\x2d\x77\x7d\x15\xd1\xac\x48\x79\xf3\x5b\xdc" "\xd2\x84\xf1\x88\x48\x85\x8b\x4b\x8b\x57\x42\xc8\x9a\x25\xfe\x7a\x6c\xc1" "\xea\x28\x45\x19\x07\xdd\xcf\x2c\x5d\x59\x29\x80\x50\xd5\xcf\x9d\x42\xc7" "\x0e\xf3\xbc\xf5\x1f\x7e\x55\xc6\xc4\xe3\xac\x93\xef\x41\x01\xa3\x83\x5c" "\x96\x85\xb3\xbc\x78\x3c\xdf\xce\x00\x0d\x02\x48\xbf\x3e\x78\xb2\x63\xc8" "\x3a\x38\x0b\xf3\xe7\x6b\xb3\x76\x5b\xa3\xa9\x99\x6a\x38\x55\x03\xbd\x35" "\x53\x5e\x23\x7a\x45\xe8\x41\x62\xae\xab\xd6\x00\x19\xbf\xde\xf2\x6f\xc7" "\xbf\x74\x6b\xe8\x6e\xec\xa6\xd5\x78\xe8\x76\x27\x77\xa0\xfa\x96\xa1\xd0" "\x04\x86\x85\xf9\x0c\x6a\xfd\xca\xaa\xe5\x28\xb6\xa0\x83\x7f\xa3\x04\x2b" "\x69\x1b\xb3\x12\x40\xe1\xae\x9c\x98\xce\x54\xc4\xdb\x70\xfb\x5b\x37\x34" "\x27\xe1\xd1\x04\xd2\xe0\xce\x65\x59\x5a\x30\x92\x04\x4d\xb2\x55\xfe\xec" "\x45\xc1\x41\x10\xb1\xc2\xf9\x83\x72\x39\xbb\x02\x83\xa2\xc8\xa7\xf2\xe4" "\x04\x64\x0b\x7b\x4e\xc9\xd7\x20\x7d\xf4\xb2\x70\xf2\x80\xca\x07\x15\x03" "\x48\x32\x41\x15\xf7\x4e\x2c\xfe\xfc\x11\x36\x29\x1b\x84\x3b\xdb\x17\x37" "\xfe\x17\x46\xcd\x65\xba\xca\xa3\x5a\x53\x50\x72\xf3\x1a\x35\x5e\xd1\xe9" "\x18\x50\x33\x68\xcf\xc3\x60\x71\xff\x87\x2a\x65\xb3\x83\xe1\x89\x17\xaa" "\x83\xd0\x59\xbc\x5c\x25\xaf\xf5\xba\xb3\x7f\x5b\x47\x32\x61\x7c\x0f\x37" "\xcd\x1c\xd8\x70\xa3\x67\xa7\xbe\x52\xb4\xc5\x5d\x15\x99\x0e\x88\xa5\xbb" "\x03\x49\xb0\x80\x77\x63\x2c\x1e\x3f\x61\x57\x1b\x0a\x38\x93\x71\xe5\xb2" "\x1c\x79\x61\x67\x59\x94\xe0\x3c\xcd\xc3\x7b\xb5\x08\x7b\xb1\x41\x0c\xd4" "\x46\x3b\x6b\x33\xf2\x10\xb0\x3b\x7c\x91\xbe\xce\x9e\x0e\x53\xa1\xc0\xaf" "\xae\x9e\x08\x27\x03\xbf\xb0\x52\xe7\x56\x8d\xb1\x91\xa2\x8a\x13\xd9\x5d" "\xf9\x55\xfd\xde\x43\x14\xb1\xa7\x77\x90\x9b\x71\xca\x19\x3d\x93\x0c\x60" "\x19\x98\x1d\x73\x60\xa4\x38\xb8\x4d\xb7\x82\x33\x9e\xd8\x1f\xdc\x47\xb9" "\x68\x69\x7e\xa1\xac\x14\x25\xcf\xde\x80\x84\x9a\xfd\x0d\xb4\x98\x2b\x69" "\xea\xfd\xf9\x18\xee\x84\xcd\x31\x0d\x51\xc5\x77\x08\x18\x8c\xa1\x8e\x81" "\xf0\x8f\x82\x27\x14\xc3\xc3\x14\xaf\x2b\xab\x6d\xaa\xa4\x09\x98\xee\x45" "\x34\x10\x85\x56\x4d\xe1\xfe\x3b\xdd\x84\xad\xfa\x3d\xb4\x63\x21\x33\x6a" "\x89\xe2\x2a\x3d\x2b\x29\x02\x15\xc8\x3a\x62\x45\x52\x5f\xc8\xe3\x7a\xd7" "\x3e\xce\xfb\x47\x30\xf8\xc5\x39\x11\x99\x94\x70\x7c\xbc\xce\x0a\xb8\x8f" "\x18\x57\x33\x04\xc9\x20\x22\x9b\x35\x60\xfb\x57\xc6\xde\x11\xa8\xe2\xe9" "\x6d\x4d\x6f\xbc\xa5\x7e\x6d\x73\xae\x78\x82\x4a\x90\x23\x3e\xba\x1a\xf4" "\xbc\x91\x45\x48\x5a\x06\x73\x01\xf6\x30\xef\x0d\x2a\x60\xab\x4a\xdf\xe2" "\x3f\x26\x1b\x8f\x53\xd7\xa0\x79\x04\x13\x64\xf9\x3d\x7b\xda\x2d\x16\x2e" "\x88\xe8\xe0\x93\xf7\x77\x38\x06\xdd\x5a\x2f\x29\xa0\x4d\x39\xfa\x03\xfa" "\xc7\x97\x1f\xd2\x93\xae\xfb\x8c\x36\xae\xb5\xe8\x52\xa8\xf6\xe4\x28\x5a" "\x7f\x90\xdb\x0c\xf8\x31\xa8\x53\x94\x80\xf0\x29\x1d\x9b\xa5\x4d\x97\xa9" "\x91\x2f\x24\xbe\x39\xaa\x71\x32\x56\xb2\x4a\xfa\xec\x31\xf6\x7d\xd6\xb6" "\xcf\xeb\x2f\x19\xa6\x1f\xbc\x1f\xe2\xb1\x6b\xb1\x80\xbc\x6b\xa9\xcc\x06" "\x48\xfb\x30\xc4\x0c\x27\x3a\x17\x4d\x7a\xd3\x9c\xb6\xd7\xf8\x20\x88\xfa" "\x80\x6c\xcc\x99\xa8\xcf\x19\x07\x43\xac\x23\x7d\x18\x84\xec\x73\x00\xfb" "\x8d\x34\x56\x68\x77\xf8\x4e\x8c\x63\xbe\xaa\x51\xfc\xaf\xf3\x30\x9e\x15" "\x02\xec\x0f\xde\xf5\xae\x0c\xed\x65\x7e\xde\xe1\xaf\x16\x15\xf0\xc6\xa3" "\x03\xe1\x07\x21\xb1\x7e\x01\x07\x99\xfd\x70\xff\x6f\x89\x26\x23\x64\x9a" "\xc3\x48\x3d\x98\x28\x2b\xda\x34\x45\x77\x8f\x0f\x85\xda\x32\xbd\xcc\x80" "\xcc\xb1\x13\x8a\x90\xee\x07\x4d\xc2\xea\x43\x27\x45\xff\xbc\xd1\x59\x5f" "\x72\xba\x0a\xeb\x41\x21\x2c\x97\xff\x37\x7a\xc4\x7b\xcb\x7d\xd2\x39\x36" "\x09\x47\xf2\xb9\xa2\x7b\x72\x75\x8a\xaf\xdd\x0e\x68\xee\x24\x71\x2d\x10" "\x05\xaa\x86\x9a\x7a\x6b\x02\x47\xf2\xd6\xd7\xd6\xfd\x7d\x4a\x71\xe4\xa9" "\xf0\x76\xa0\x87\x6f\x0a\xf9\xab\xfa\x1a\x8f\xf4\x04\xb2\xf9\xf9\x0a\x96" "\x1f\xb3\xef\x81\x4b\x9f\x2e\xda\xe0\x5d\x09\x46\xe5\x83\x05\x2b\x19\x99" "\x4b\xd0\x19\xd1\x44\xa1\x69\x0d\xca\xb6\xdc\x3a\x3c\xf4\x73\xcd\x1c\x1d" "\xb1\xc4\xc7\xd1\x90\x7b\xd9\x43\xe3\x05\xa4\x3b\x65\x67\x74\x4e\x99\x50" "\x11\xb6\xf2\x9d\xaf\xaa\xcf\xae\x9b\x6d\x61\xee\x85\xb1\xec\xeb\xef\x5d" "\xba\x7c\x41\xc4\x8d\xee\x92\xab\x35\x8d\xb8\x0e\x29\x81\x3b\xbe\xfe\xfb" "\xe0\x39\x4d\x67\xc2\x5a\x4b\x3a\x71\xa3\x1a\x1d\x09\x1d\xd3\x16\x63\x30" "\x88\xb1\xa2\x04\xc5\xf2\xd9\x41\x12\x8c\x1f\x6f\x1f\xc4\xea\x19\x23\x53" "\xd4\xd6\xce\x50\xa3\x92\x12\x94\x86\x2c\xca\xad\x37\x47\x4b\x2d\xb7\xc1" "\x05\xeb\x73\xe2\x61\x8b\xbb\xaf\x8c\xb6\x9f\xc4\x67\x5b\xfc\x68\xa2\x14" "\xa7\x31\xcc\xd1\x99\x02\x10\x30\x44\x66\xd6\xd4\xf8\x7f\x9e\x08\x01\x46" "\x80\x90\x94\x7c\xdd\xbe\xf8\x3a\x93\x10\xe5\xb1\x2f\x77\x37\xcb\x55\x0a" "\xb3\x57\x9b\x4f\x3e\xb7\xe5\x7f\xd5\x90\xb9\x32\xa2\x03\xa7\xa5\x08\xa8" "\xfb\x3b\x4b\xd1\x81\x55\xfe\xf4\xdb\x3a\x58\x04\x87\x1b\xdc\x63\x35\x54" "\x69\xf3\x4a\x16\x43\x1a\x0a\xf6\x27\xd1\x51\xaa\x66\xf0\x2d\x30\x81\x14" "\x92\x06\x45\x25\xd6\x9b\xde\x36\xe8\x0a\x53\xdd\x03\xfd\x41\x73\x6e\x9e" "\x77\x77\x09\xce\x2c\x72\xcc\xdc\xc3", 2457); *(uint16_t*)0x200000002a2c = 0xc; *(uint16_t*)0x200000002a2e = 7; *(uint32_t*)0x200000002a30 = 0; *(uint32_t*)0x200000002a34 = 0; *(uint16_t*)0x200000002a38 = 0xc; *(uint16_t*)0x200000002a3a = 8; *(uint32_t*)0x200000002a3c = 0; *(uint32_t*)0x200000002a40 = 0; *(uint64_t*)0x200000000348 = 0xec4; *(uint64_t*)0x200000000398 = 1; *(uint64_t*)0x2000000003a0 = 0; *(uint64_t*)0x2000000003a8 = 0; *(uint32_t*)0x2000000003b0 = 0; syscall(__NR_sendmsg, /*fd=*/r[132], /*msg=*/0x200000000380ul, /*f=*/0ul); memcpy((void*)0x200000000140, "batadv_slave_0\000\000", 16); res = syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x8933, /*arg=*/0x200000000140ul); if (res != -1) r[134] = *(uint32_t*)0x200000000150; memcpy((void*)0x2000000001c0, "syztnl0\000\000\000\000\000\000\000\000\000", 16); *(uint64_t*)0x2000000001d0 = 0x200000000180; memcpy((void*)0x200000000180, "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16); *(uint32_t*)0x200000000190 = r[134]; *(uint16_t*)0x200000000194 = htobe16(0x700); *(uint16_t*)0x200000000196 = htobe16(0x40); *(uint32_t*)0x200000000198 = htobe32(0x808b); *(uint32_t*)0x20000000019c = htobe32(0); STORE_BY_BITMASK(uint8_t, , 0x2000000001a0, 6, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000001a0, 4, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000001a1, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x2000000001a1, 0xa, 2, 6); *(uint16_t*)0x2000000001a2 = htobe16(0x18); *(uint16_t*)0x2000000001a4 = htobe16(0x64); *(uint16_t*)0x2000000001a6 = htobe16(0); *(uint8_t*)0x2000000001a8 = 0x33; *(uint8_t*)0x2000000001a9 = 0x29; *(uint16_t*)0x2000000001aa = htobe16(0); *(uint32_t*)0x2000000001ac = htobe32(0); *(uint32_t*)0x2000000001b0 = htobe32(0); *(uint8_t*)0x2000000001b4 = 0x86; *(uint8_t*)0x2000000001b5 = 2; struct csum_inet csum_4; csum_inet_init(&csum_4); csum_inet_update(&csum_4, (const uint8_t*)0x2000000001a0, 24); *(uint16_t*)0x2000000001aa = csum_inet_digest(&csum_4); syscall(__NR_ioctl, /*fd=*/-1, /*cmd=*/0x89f8, /*arg=*/0x2000000001c0ul); memcpy((void*)0x200000000400, "team0\000\000\000\000\000\000\000\000\000\000\000", 16); res = syscall(__NR_ioctl, /*fd=*/r[121], /*cmd=*/0x8933, /*arg=*/0x200000000400ul); if (res != -1) r[135] = *(uint32_t*)0x200000000410; *(uint64_t*)0x200000000c40 = 0x200000000080; *(uint16_t*)0x200000000080 = 0x10; *(uint16_t*)0x200000000082 = 0; *(uint32_t*)0x200000000084 = 0; *(uint32_t*)0x200000000088 = 0x2000000; *(uint32_t*)0x200000000c48 = 0xc; *(uint64_t*)0x200000000c50 = 0x2000000004c0; *(uint64_t*)0x2000000004c0 = 0x200000000a40; *(uint32_t*)0x200000000a40 = 0x1cc; *(uint16_t*)0x200000000a44 = 0; *(uint16_t*)0x200000000a46 = 0x400; *(uint32_t*)0x200000000a48 = 0x70bd2b; *(uint32_t*)0x200000000a4c = 0x25dfdbfd; *(uint8_t*)0x200000000a50 = 0xb; *(uint8_t*)0x200000000a51 = 0; *(uint16_t*)0x200000000a52 = 0; *(uint16_t*)0x200000000a54 = 0x18; STORE_BY_BITMASK(uint16_t, , 0x200000000a56, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000a57, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000a57, 1, 7, 1); *(uint16_t*)0x200000000a58 = 0x14; *(uint16_t*)0x200000000a5a = 2; memcpy((void*)0x200000000a5c, "team_slave_0\000\000\000\000", 16); *(uint16_t*)0x200000000a6c = 0xc; STORE_BY_BITMASK(uint16_t, , 0x200000000a6e, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000a6f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000a6f, 1, 7, 1); *(uint16_t*)0x200000000a70 = 8; *(uint16_t*)0x200000000a72 = 1; *(uint32_t*)0x200000000a74 = 0; *(uint16_t*)0x200000000a78 = 0x48; STORE_BY_BITMASK(uint16_t, , 0x200000000a7a, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000a7b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000a7b, 1, 7, 1); *(uint16_t*)0x200000000a7c = 0x14; *(uint16_t*)0x200000000a7e = 2; memcpy((void*)0x200000000a80, "lo\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 16); *(uint16_t*)0x200000000a90 = 0x14; *(uint16_t*)0x200000000a92 = 2; memset((void*)0x200000000a94, 0, 16); *(uint16_t*)0x200000000aa4 = 8; *(uint16_t*)0x200000000aa6 = 3; *(uint32_t*)0x200000000aa8 = 2; *(uint16_t*)0x200000000aac = 0x14; *(uint16_t*)0x200000000aae = 2; memcpy((void*)0x200000000ab0, "nicvf0\000\000\000\000\000\000\000\000\000\000", 16); *(uint16_t*)0x200000000ac0 = 0xc; STORE_BY_BITMASK(uint16_t, , 0x200000000ac2, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000ac3, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000ac3, 1, 7, 1); *(uint16_t*)0x200000000ac4 = 8; *(uint16_t*)0x200000000ac6 = 1; *(uint32_t*)0x200000000ac8 = r[122]; *(uint16_t*)0x200000000acc = 0xc; STORE_BY_BITMASK(uint16_t, , 0x200000000ace, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000acf, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000acf, 1, 7, 1); *(uint16_t*)0x200000000ad0 = 8; *(uint16_t*)0x200000000ad2 = 1; *(uint32_t*)0x200000000ad4 = r[123]; *(uint16_t*)0x200000000ad8 = 0x30; STORE_BY_BITMASK(uint16_t, , 0x200000000ada, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000adb, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000adb, 1, 7, 1); *(uint16_t*)0x200000000adc = 8; *(uint16_t*)0x200000000ade = 1; *(uint32_t*)0x200000000ae0 = r[124]; *(uint16_t*)0x200000000ae4 = 8; *(uint16_t*)0x200000000ae6 = 1; *(uint32_t*)0x200000000ae8 = 0; *(uint16_t*)0x200000000aec = 0x14; *(uint16_t*)0x200000000aee = 2; memcpy((void*)0x200000000af0, "veth0_to_team\000\000\000", 16); *(uint16_t*)0x200000000b00 = 8; *(uint16_t*)0x200000000b02 = 1; *(uint32_t*)0x200000000b04 = r[125]; *(uint16_t*)0x200000000b08 = 0x60; STORE_BY_BITMASK(uint16_t, , 0x200000000b0a, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000b0b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000b0b, 1, 7, 1); *(uint16_t*)0x200000000b0c = 8; *(uint16_t*)0x200000000b0e = 1; *(uint32_t*)0x200000000b10 = r[127]; *(uint16_t*)0x200000000b14 = 8; *(uint16_t*)0x200000000b16 = 1; *(uint32_t*)0x200000000b18 = r[129]; *(uint16_t*)0x200000000b1c = 8; *(uint16_t*)0x200000000b1e = 3; *(uint32_t*)0x200000000b20 = 2; *(uint16_t*)0x200000000b24 = 8; *(uint16_t*)0x200000000b26 = 1; *(uint32_t*)0x200000000b28 = r[130]; *(uint16_t*)0x200000000b2c = 8; *(uint16_t*)0x200000000b2e = 1; *(uint32_t*)0x200000000b30 = r[131]; *(uint16_t*)0x200000000b34 = 8; *(uint16_t*)0x200000000b36 = 3; *(uint32_t*)0x200000000b38 = 1; *(uint16_t*)0x200000000b3c = 0x14; *(uint16_t*)0x200000000b3e = 2; memcpy((void*)0x200000000b40, "veth1_vlan\000\000\000\000\000\000", 16); *(uint16_t*)0x200000000b50 = 8; *(uint16_t*)0x200000000b52 = 1; *(uint32_t*)0x200000000b54 = r[133]; *(uint16_t*)0x200000000b58 = 8; *(uint16_t*)0x200000000b5a = 3; *(uint32_t*)0x200000000b5c = 0; *(uint16_t*)0x200000000b60 = 8; *(uint16_t*)0x200000000b62 = 3; *(uint32_t*)0x200000000b64 = 1; *(uint16_t*)0x200000000b68 = 0x64; STORE_BY_BITMASK(uint16_t, , 0x200000000b6a, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000b6b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000b6b, 1, 7, 1); *(uint16_t*)0x200000000b6c = 8; *(uint16_t*)0x200000000b6e = 3; *(uint32_t*)0x200000000b70 = 0; *(uint16_t*)0x200000000b74 = 8; *(uint16_t*)0x200000000b76 = 3; *(uint32_t*)0x200000000b78 = 1; *(uint16_t*)0x200000000b7c = 8; *(uint16_t*)0x200000000b7e = 3; *(uint32_t*)0x200000000b80 = 0; *(uint16_t*)0x200000000b84 = 8; *(uint16_t*)0x200000000b86 = 1; *(uint32_t*)0x200000000b88 = r[134]; *(uint16_t*)0x200000000b8c = 0x14; *(uint16_t*)0x200000000b8e = 2; memcpy((void*)0x200000000b90, "team_slave_0\000\000\000\000", 16); *(uint16_t*)0x200000000ba0 = 8; *(uint16_t*)0x200000000ba2 = 3; *(uint32_t*)0x200000000ba4 = 5; *(uint16_t*)0x200000000ba8 = 8; *(uint16_t*)0x200000000baa = 3; *(uint32_t*)0x200000000bac = 0; *(uint16_t*)0x200000000bb0 = 8; *(uint16_t*)0x200000000bb2 = 1; *(uint32_t*)0x200000000bb4 = r[135]; *(uint16_t*)0x200000000bb8 = 0x14; *(uint16_t*)0x200000000bba = 2; memcpy((void*)0x200000000bbc, "veth1_macvtap\000\000\000", 16); *(uint16_t*)0x200000000bcc = 0x34; STORE_BY_BITMASK(uint16_t, , 0x200000000bce, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000bcf, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000bcf, 1, 7, 1); *(uint16_t*)0x200000000bd0 = 0x14; *(uint16_t*)0x200000000bd2 = 2; memcpy((void*)0x200000000bd4, "veth0\000\000\000\000\000\000\000\000\000\000\000", 16); *(uint16_t*)0x200000000be4 = 0x14; *(uint16_t*)0x200000000be6 = 2; memcpy((void*)0x200000000be8, "batadv0\000\000\000\000\000\000\000\000\000", 16); *(uint16_t*)0x200000000bf8 = 8; *(uint16_t*)0x200000000bfa = 3; *(uint32_t*)0x200000000bfc = 1; *(uint16_t*)0x200000000c00 = 0xc; STORE_BY_BITMASK(uint16_t, , 0x200000000c02, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000c03, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000c03, 1, 7, 1); *(uint16_t*)0x200000000c04 = 8; *(uint16_t*)0x200000000c06 = 3; *(uint32_t*)0x200000000c08 = 1; *(uint64_t*)0x2000000004c8 = 0x1cc; *(uint64_t*)0x200000000c58 = 1; *(uint64_t*)0x200000000c60 = 0; *(uint64_t*)0x200000000c68 = 0; *(uint32_t*)0x200000000c70 = 4; syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0x200000000c40ul, /*f=MSG_ZEROCOPY*/ 0x4000000ul); memcpy((void*)0x200000000040, "./file2\000", 8); res = syscall( __NR_open, /*file=*/0x200000000040ul, /*flags=O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOCTTY|O_LARGEFILE|O_EXCL|0x82002*/ 0x1ab382ul, /*mode=*/0ul); if (res != -1) r[136] = res; syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0xc); syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0xc); syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0ul, /*f=*/0ul); *(uint32_t*)0x200000000100 = 0; *(uint8_t*)0x200000000104 = 0x29; *(uint16_t*)0x200000000105 = 0; *(uint32_t*)0x200000000107 = 0; syscall(__NR_write, /*fd=*/r[136], /*data=*/0x200000000100ul, /*size=*/0xbful); *(uint64_t*)0x200000000240 = 0; syscall(__NR_sendfile, /*fdout=*/r[136], /*fdin=*/r[136], /*off=*/0x200000000240ul, /*count=*/0x7f06ul); memcpy((void*)0x200000000040, "./file2\000", 8); res = syscall(__NR_open, /*file=*/0x200000000040ul, /*flags=O_SYNC|O_CREAT|O_CLOEXEC|O_RDWR*/ 0x181042ul, /*mode=*/0ul); if (res != -1) r[137] = res; *(uint32_t*)0x200000000100 = 0; *(uint8_t*)0x200000000104 = 0x29; *(uint16_t*)0x200000000105 = 0; *(uint32_t*)0x200000000107 = 0; syscall(__NR_write, /*fd=*/r[137], /*data=*/0x200000000100ul, /*size=*/0xbful); *(uint64_t*)0x200000000240 = 0; syscall(__NR_sendfile, /*fdout=*/r[137], /*fdin=*/r[137], /*off=*/0x200000000240ul, /*count=*/0x7f06ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=SOCK_RAW*/ 3ul, /*proto=*/0x71); if (res != -1) r[138] = res; *(uint32_t*)0x200000000080 = 4; syscall(__NR_setsockopt, /*fd=*/r[138], /*level=*/0, /*optname=IP_CHECKSUM*/ 0x17, /*optval=*/0x200000000080ul, /*optlen=*/4ul); *(uint32_t*)0x200000000100 = 0x10000; syscall(__NR_setsockopt, /*fd=*/r[138], /*level=*/0, /*optname=IP_CHECKSUM*/ 0x17, /*optval=*/0x200000000100ul, /*optlen=*/4ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=NETLINK_INET_DIAG*/ 4); if (res != -1) r[139] = res; memcpy((void*)0x2000000000c0, "TIPCv2\000", 7); res = -1; res = syz_genetlink_get_family_id(/*name=*/0x2000000000c0, /*fd=*/r[139]); if (res != -1) r[140] = res; res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10); if (res != -1) r[141] = res; memcpy((void*)0x200000000280, "ethtool\000", 8); res = -1; res = syz_genetlink_get_family_id(/*name=*/0x200000000280, /*fd=*/r[139]); if (res != -1) r[142] = res; *(uint64_t*)0x200000000340 = 0x200000000240; *(uint16_t*)0x200000000240 = 0x10; *(uint16_t*)0x200000000242 = 0; *(uint32_t*)0x200000000244 = 0; *(uint32_t*)0x200000000248 = 0x80000000; *(uint32_t*)0x200000000348 = 0xc; *(uint64_t*)0x200000000350 = 0x200000000300; *(uint64_t*)0x200000000300 = 0x2000000002c0; *(uint32_t*)0x2000000002c0 = 0x1c; *(uint16_t*)0x2000000002c4 = r[142]; *(uint16_t*)0x2000000002c6 = 0x800; *(uint32_t*)0x2000000002c8 = 0x70bd25; *(uint32_t*)0x2000000002cc = 0x25dfdbfb; *(uint8_t*)0x2000000002d0 = 3; *(uint8_t*)0x2000000002d1 = 0; *(uint16_t*)0x2000000002d2 = 0; *(uint16_t*)0x2000000002d4 = 5; *(uint16_t*)0x2000000002d6 = 5; *(uint8_t*)0x2000000002d8 = 3; *(uint64_t*)0x200000000308 = 0x1c; *(uint64_t*)0x200000000358 = 1; *(uint64_t*)0x200000000360 = 0; *(uint64_t*)0x200000000368 = 0; *(uint32_t*)0x200000000370 = 0; syscall(__NR_sendmsg, /*fd=*/r[141], /*msg=*/0x200000000340ul, /*f=MSG_DONTROUTE*/ 4ul); memcpy((void*)0x200000000000, "./file0\000", 8); syscall(__NR_mkdirat, /*fd=*/0xffffff9c, /*path=*/0x200000000000ul, /*mode=*/0ul); res = syscall(__NR_pipe2, /*pipefd=*/0x200000000240ul, /*flags=*/0ul); if (res != -1) { r[143] = *(uint32_t*)0x200000000240; r[144] = *(uint32_t*)0x200000000244; } memcpy((void*)0x2000000002c0, "\x15\x00\x00\x00\x65\xff\xff\x01\x80\x00\x00\x08\x00\x39\x50\x32\x30" "\x30\x30", 19); syscall(__NR_write, /*fd=*/r[144], /*data=*/0x2000000002c0ul, /*size=*/0x15ul); res = syscall(__NR_dup, /*oldfd=*/r[144]); if (res != -1) r[145] = res; res = syscall(__NR_socket, /*domain=*/2ul, /*type=SOCK_STREAM|0x4000000000000000*/ 0x4000000000000001ul, /*proto=*/0); if (res != -1) r[146] = res; *(uint16_t*)0x200000000080 = 2; *(uint16_t*)0x200000000082 = htobe16(0x4e23); *(uint32_t*)0x200000000084 = htobe32(0xe0000001); syscall(__NR_bind, /*fd=*/r[146], /*addr=*/0x200000000080ul, /*addrlen=*/0x10ul); *(uint16_t*)0x200000e68000 = 2; *(uint16_t*)0x200000e68002 = htobe16(0x4e23); *(uint32_t*)0x200000e68004 = htobe32(0); syscall(__NR_sendto, /*fd=*/r[146], /*buf=*/0ul, /*len=*/0ul, /*f=MSG_FASTOPEN|MSG_PROBE|MSG_OOB|MSG_EOR|MSG_DONTROUTE|0x728*/ 0x200007bdul, /*addr=*/0x200000e68000ul, /*addrlen=*/0x10ul); *(uint32_t*)0x2000000001c0 = 0xa; syscall(__NR_setsockopt, /*fd=*/r[146], /*level=*/1, /*optname=SO_KEEPALIVE*/ 9, /*optval=*/0x2000000001c0ul, /*optlen=*/0x44ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/6); if (res != -1) r[147] = res; *(uint64_t*)0x200000000180 = 0; *(uint32_t*)0x200000000188 = 0; *(uint64_t*)0x200000000190 = 0x200000000340; *(uint64_t*)0x200000000340 = 0x200000000d80; *(uint32_t*)0x200000000d80 = 0x140; *(uint16_t*)0x200000000d84 = 0x10; *(uint16_t*)0x200000000d86 = 0x713; *(uint32_t*)0x200000000d88 = 0; *(uint32_t*)0x200000000d8c = 0; *(uint8_t*)0x200000000d90 = 0xfe; *(uint8_t*)0x200000000d91 = 0x88; memset((void*)0x200000000d92, 0, 12); *(uint8_t*)0x200000000d9e = 0; *(uint8_t*)0x200000000d9f = 1; *(uint8_t*)0x200000000da0 = -1; *(uint8_t*)0x200000000da1 = 1; memset((void*)0x200000000da2, 0, 13); *(uint8_t*)0x200000000daf = 1; *(uint16_t*)0x200000000db0 = htobe16(0); *(uint16_t*)0x200000000db2 = htobe16(0); *(uint16_t*)0x200000000db4 = htobe16(0); *(uint16_t*)0x200000000db6 = htobe16(0); *(uint16_t*)0x200000000db8 = 0; *(uint8_t*)0x200000000dba = 0; *(uint8_t*)0x200000000dbb = 0; *(uint8_t*)0x200000000dbc = 0; *(uint32_t*)0x200000000dc0 = 0; *(uint32_t*)0x200000000dc4 = 0; *(uint32_t*)0x200000000dc8 = htobe32(0); *(uint32_t*)0x200000000dd8 = htobe32(0); *(uint8_t*)0x200000000ddc = 0x32; *(uint8_t*)0x200000000de0 = 0xfc; *(uint8_t*)0x200000000de1 = 2; memset((void*)0x200000000de2, 0, 13); *(uint8_t*)0x200000000def = 0; *(uint64_t*)0x200000000df0 = 0; *(uint64_t*)0x200000000df8 = 0; *(uint64_t*)0x200000000e00 = 0; *(uint64_t*)0x200000000e08 = 0; *(uint64_t*)0x200000000e10 = 0; *(uint64_t*)0x200000000e18 = 0; *(uint64_t*)0x200000000e20 = 0; *(uint64_t*)0x200000000e28 = 0; *(uint64_t*)0x200000000e30 = 0; *(uint64_t*)0x200000000e38 = 0; *(uint64_t*)0x200000000e40 = 0; *(uint64_t*)0x200000000e48 = 0; *(uint32_t*)0x200000000e50 = 0; *(uint32_t*)0x200000000e54 = 0; *(uint32_t*)0x200000000e58 = 0; *(uint32_t*)0x200000000e5c = 0; *(uint32_t*)0x200000000e60 = 0; *(uint16_t*)0x200000000e64 = 0xa; *(uint8_t*)0x200000000e66 = 0; *(uint8_t*)0x200000000e67 = 0; *(uint8_t*)0x200000000e68 = 0; *(uint16_t*)0x200000000e70 = 0x48; *(uint16_t*)0x200000000e72 = 2; memcpy((void*)0x200000000e74, "ecb(cipher_null)" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000", 64); *(uint32_t*)0x200000000eb4 = 0; *(uint16_t*)0x200000000eb8 = 8; *(uint16_t*)0x200000000eba = 0xc; *(uint32_t*)0x200000000ebc = 0; *(uint64_t*)0x200000000348 = 0x140; *(uint64_t*)0x200000000198 = 1; *(uint64_t*)0x2000000001a0 = 0; *(uint64_t*)0x2000000001a8 = 0; *(uint32_t*)0x2000000001b0 = 0; syscall(__NR_sendmsg, /*fd=*/r[147], /*msg=*/0x200000000180ul, /*f=*/0ul); memcpy((void*)0x200000000340, "\x53\x00\x00\x00\x07\x00\x00\x46\x00\x9c\xe6\xe7\xe6\x76", 14); syscall(__NR_write, /*fd=*/r[145], /*data=*/0x200000000340ul, /*size=*/0x53ul); memcpy((void*)0x200000000000, "./file0\000", 8); memcpy((void*)0x200000000180, "9p\000", 3); memcpy((void*)0x200000000080, "trans=fd,", 9); memcpy((void*)0x200000000089, "rfdno", 5); *(uint8_t*)0x20000000008e = 0x3d; sprintf((char*)0x20000000008f, "0x%016llx", (long long)r[143]); *(uint8_t*)0x2000000000a1 = 0x2c; memcpy((void*)0x2000000000a2, "wfdno", 5); *(uint8_t*)0x2000000000a7 = 0x3d; sprintf((char*)0x2000000000a8, "0x%016llx", (long long)r[145]); *(uint8_t*)0x2000000000ba = 0x2c; *(uint8_t*)0x2000000000bb = 0x6b; syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x200000000000ul, /*type=*/0x200000000180ul, /*flags=*/0ul, /*opts=*/0x200000000080ul); *(uint64_t*)0x200000000200 = 0x200000000000; *(uint16_t*)0x200000000000 = 0x10; *(uint16_t*)0x200000000002 = 0; *(uint32_t*)0x200000000004 = 0; *(uint32_t*)0x200000000008 = 0x4000000; *(uint32_t*)0x200000000208 = 0xc; *(uint64_t*)0x200000000210 = 0x2000000001c0; *(uint64_t*)0x2000000001c0 = 0x200000000140; *(uint32_t*)0x200000000140 = 0x58; *(uint16_t*)0x200000000144 = r[140]; *(uint16_t*)0x200000000146 = 0x100; *(uint32_t*)0x200000000148 = 0x70bd2a; *(uint32_t*)0x20000000014c = 0x25dfdbfe; *(uint8_t*)0x200000000150 = 0x15; *(uint8_t*)0x200000000151 = 0; *(uint16_t*)0x200000000152 = 0; *(uint16_t*)0x200000000154 = 0x2c; STORE_BY_BITMASK(uint16_t, , 0x200000000156, 7, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000157, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000157, 1, 7, 1); *(uint16_t*)0x200000000158 = 0xc; *(uint16_t*)0x20000000015a = 3; *(uint64_t*)0x20000000015c = 0x14c; *(uint16_t*)0x200000000164 = 0xc; *(uint16_t*)0x200000000166 = 4; *(uint64_t*)0x200000000168 = 9; *(uint16_t*)0x200000000170 = 8; *(uint16_t*)0x200000000172 = 1; *(uint32_t*)0x200000000174 = -1; *(uint16_t*)0x200000000178 = 8; *(uint16_t*)0x20000000017a = 1; *(uint32_t*)0x20000000017c = 5; *(uint16_t*)0x200000000180 = 4; STORE_BY_BITMASK(uint16_t, , 0x200000000182, 7, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000183, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000183, 1, 7, 1); *(uint16_t*)0x200000000184 = 0x14; STORE_BY_BITMASK(uint16_t, , 0x200000000186, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000187, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000187, 1, 7, 1); *(uint16_t*)0x200000000188 = 0x10; *(uint16_t*)0x20000000018a = 1; memcpy((void*)0x20000000018c, "eth", 3); *(uint8_t*)0x20000000018f = 0x3a; memcpy((void*)0x200000000190, "macsec0\000", 8); *(uint64_t*)0x2000000001c8 = 0x58; *(uint64_t*)0x200000000218 = 1; *(uint64_t*)0x200000000220 = 0; *(uint64_t*)0x200000000228 = 0; *(uint32_t*)0x200000000230 = 0x10; syscall(__NR_sendmsg, /*fd=*/r[139], /*msg=*/0x200000000200ul, /*f=MSG_DONTWAIT*/ 0x40ul); *(uint64_t*)0x200000009900 = 0; *(uint32_t*)0x200000009908 = 0; *(uint64_t*)0x200000009910 = 0x200000009800; *(uint64_t*)0x200000009800 = 0x200000000040; *(uint32_t*)0x200000000040 = 0x10; *(uint16_t*)0x200000000044 = 0x15; *(uint16_t*)0x200000000046 = 1; *(uint32_t*)0x200000000048 = 0; *(uint32_t*)0x20000000004c = 0; *(uint64_t*)0x200000009808 = 0x10; *(uint64_t*)0x200000009918 = 1; *(uint64_t*)0x200000009920 = 0; *(uint64_t*)0x200000009928 = 0; *(uint32_t*)0x200000009930 = 0; syscall(__NR_sendmsg, /*fd=*/r[139], /*msg=*/0x200000009900ul, /*f=*/0ul); memcpy((void*)0x200000000400, "/dev/net/tun\000", 13); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000400ul, /*flags=O_RDWR*/ 2, /*mode=*/0); if (res != -1) r[148] = res; memset((void*)0x200000000280, 0, 16); *(uint16_t*)0x200000000290 = 0x4009; syscall(__NR_ioctl, /*fd=*/r[148], /*cmd=*/0x400454ca, /*arg=*/0x200000000280ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0); if (res != -1) r[149] = res; res = syscall(__NR_dup2, /*oldfd=*/r[148], /*newfd=*/r[149]); if (res != -1) r[150] = res; memcpy((void*)0x200000000300, "\x00\x00\x00\x00\x10\x01\x00\x00\x01\x00\x00\x00\x88\x96", 14); syscall(__NR_write, /*fd=*/r[150], /*buf=*/0x200000000300ul, /*count=*/0xfdeful); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0); if (res != -1) r[151] = res; *(uint64_t*)0x200000000040 = 0; *(uint32_t*)0x200000000048 = 0; *(uint64_t*)0x200000000050 = 0x200000000000; *(uint64_t*)0x200000000000 = 0x200000000080; *(uint32_t*)0x200000000080 = 0x24; *(uint16_t*)0x200000000084 = 0x19; *(uint16_t*)0x200000000086 = 0x515; *(uint32_t*)0x200000000088 = 0; *(uint32_t*)0x20000000008c = 0; *(uint8_t*)0x200000000090 = 2; *(uint8_t*)0x200000000091 = 0; *(uint16_t*)0x200000000092 = 0; *(uint16_t*)0x200000000094 = 8; STORE_BY_BITMASK(uint16_t, , 0x200000000096, 0, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000097, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000097, 0, 7, 1); *(uint32_t*)0x200000000098 = 0; *(uint16_t*)0x20000000009c = 8; STORE_BY_BITMASK(uint16_t, , 0x20000000009e, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20000000009f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000000009f, 0, 7, 1); *(uint32_t*)0x2000000000a0 = 0; *(uint64_t*)0x200000000008 = 0x24; *(uint64_t*)0x200000000058 = 1; *(uint64_t*)0x200000000060 = 0; *(uint64_t*)0x200000000068 = 0; *(uint32_t*)0x200000000070 = 0; syscall(__NR_sendmsg, /*fd=*/r[151], /*msg=*/0x200000000040ul, /*f=*/0ul); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/2ul, /*proto=*/0x88); if (res != -1) r[152] = res; *(uint32_t*)0x200000000080 = 0x2d; syscall(__NR_getsockopt, /*fd=*/r[152], /*level=*/0x29, /*optname=*/0x41, /*optval=*/0ul, /*optlen=*/0x200000000080ul); memcpy((void*)0x200000000400, "./file1\000", 8); syscall(__NR_mkdir, /*path=*/0x200000000400ul, /*mode=*/0ul); memcpy((void*)0x2000000001c0, "\023\023w\305\3745\324\024T\325\324\035)\255\032`)" "Y\201F\346\276\026nA\255\r\275@T\003<\2373\273\332\202$" "\242\363\327r\347cnH\263<\277p\203r\350\361\271\223>" "\305\022wC\276\"\006 \236\360-\371\313\362\366\350\200\3238/\000", 78); syscall(__NR_mkdir, /*path=*/0x2000000001c0ul, /*mode=*/0ul); memcpy((void*)0x200000000040, "./file1\000", 8); memcpy((void*)0x200000000240, "system.posix_acl_default\000", 25); *(uint32_t*)0x200000000640 = 2; *(uint16_t*)0x200000000644 = 1; *(uint16_t*)0x200000000646 = 0; *(uint32_t*)0x200000000648 = 0; *(uint16_t*)0x20000000064c = 4; *(uint16_t*)0x20000000064e = 0; *(uint32_t*)0x200000000650 = 0; *(uint16_t*)0x200000000654 = 0x10; *(uint16_t*)0x200000000656 = 0; *(uint32_t*)0x200000000658 = 0; *(uint16_t*)0x20000000065c = 0x20; *(uint16_t*)0x20000000065e = 0; *(uint32_t*)0x200000000660 = 0; syscall(__NR_lsetxattr, /*path=*/0x200000000040ul, /*name=*/0x200000000240ul, /*val=*/0x200000000640ul, /*size=*/0x24ul, /*flags=*/0ul); memcpy((void*)0x200000000480, ".\000", 2); res = syscall(__NR_open, /*file=*/0x200000000480ul, /*flags=*/0ul, /*mode=*/0ul); if (res != -1) r[153] = res; memcpy((void*)0x200000000140, "\023\023w\305\3745\324\024T\325\324\035)\255\032`)" "Y\201F\346\276\026nA\255\r\275@T\003<\2373\273\332\202$" "\242\363\327r\347cnH\263<\277p\203r\350\361\271\223>" "\305\022wC\276\"\006 \236\360-\371\313\362\366\350\200\3238/\000", 78); memcpy((void*)0x2000000002c0, "./file1\000", 8); syscall(__NR_renameat2, /*oldfd=*/r[153], /*old=*/0x200000000140ul, /*newfd=*/r[153], /*new=*/0x2000000002c0ul, /*flags=*/0ul); memcpy((void*)0x200000000180, "vfat\000", 5); memcpy((void*)0x200000000000, "./file0\000", 8); memcpy( (void*)0x2000000004c0, "\x75\x6e\x69\x5f\x78\x6c\x61\x74\x65\x3d\x31\x2c\x65\x72\x72\x6f\x72\x73" "\x3d\x63\x6f\x6e\x74\x69\x6e\x0f\x65\x2c\x73\x68\x6f\x72\x74\x6e\x61\x6d" "\x65\x3d\x6d\x69\x78\x65\x64\x2c\x6e\x6f\x63\x61\x73\x65\x5b\xda\x2c\x6e" "\x6f\x6e\x75\x6d\x74\x61\x69\x6c\x3d\x30\x2c\x75\x74\x66\x38\x3d\x31\x2c" "\x75\x69\x64\x3d\xda\x39\xb7\x99\xbd\xb5\xb1\x0c\xa5\xc4\x06\x0f\x23\xf4" "\x0c\xbe\x89\xe8\x26\x78\x47\x46\x25\x13\xfa\x54\x68\x9f\x6c\xa9\xa0\xdd" "\x82\x0c\x29\xbb\xdc\x8b\x59\x65\x44\x6f\x2b\x12\xab\xc5\x14\x69\x0d\x29" "\x9c\x5d\x9f\x6a\x23\xb5\x68\x81\x9c\xe6\x6f\xfa\x6d\x98\xd6\xca\x55\xe3" "\x96\x1e\xdd\xe4\x0f\x8b\xca\x2d\xab\x2a\x48\x22\xcb\x44\x74\xad\x5a\xb5" "\x38\xb5\xb6\x80\x9d\x82\x60\x84\x7d\x62\xf1\x05\x00\x00\x00\x48\xae\x6e" "\x1c\xbf\x37\x63\x9b\x44\x66\x1e\xf9\x37\x42\xf1\x7a\x1b\x99\x8b\x40\xe2" "\x05\xf5\x77\x15\x10\xdd\x2f\x3a\x59\xf3\xbb\x29\x90\x83\x76\x2e\x28\x53" "\xc7\x05\x6a\x9a\x5b\xb6\xe2\x37\xe9\x4a\x25\x61\xa2\x5b\xdc\x03\x57\xce" "\x7a\x25\x57\x01\x14\xbb\x42", 241); sprintf((char*)0x2000000005b1, "0x%016llx", (long long)0); memcpy((void*)0x2000000005c3, ",rodir,nfs,shortname=lower,fmask=00000000000000000000002,shortname=" "win95,nfs,nonumtail=0,utf8=0,uni_xlate=1,nonumtail=0,\000", 121); memcpy( (void*)0x200000002300, "\x78\x9c\xec\xdd\x3f\x6b\x23\x47\x14\x00\xf0\xb7\xb2\x2c\x29\x49\x21\x15" "\xa9\x42\x20\x0b\x49\x91\xca\xd8\x6e\xd3\xc8\x04\x1b\x4c\x54\x25\xa8\x48" "\x52\x24\x26\xb6\x21\x58\x22\x60\x83\x21\x7f\x88\xe2\x2a\x6d\x9a\x94\xf9" "\x04\x81\x40\xba\xfb\x12\xd7\xdc\x37\x38\xb8\xf6\xe0\xba\x73\x61\xd8\x63" "\xa5\xdd\x93\xec\x93\x65\xeb\xb0\xec\xfb\xf3\xfb\x35\x1e\xcf\xce\x9b\x79" "\x33\x1e\x6c\x5c\xec\xd3\xf7\x1f\xf6\x0f\x76\xd3\xd8\x3f\xf9\xed\x61\x34" "\x1a\x49\x54\xda\xd1\x8e\xd3\x24\x5a\x51\x89\xd2\x1f\x71\x4e\xfb\xaf\x00" "\x00\x5e\x67\xa7\x59\x16\x4f\xb2\x91\x79\xe2\x92\x88\x68\x2c\x2e\x2d\x00" "\x60\x81\xe6\xfe\xfb\xff\xff\xc2\x53\x02\x00\x16\xec\xab\xaf\xbf\xf9\x62" "\xa3\xd3\xd9\xfc\x32\x4d\x1b\xb1\xd5\xff\xf3\xb8\x9b\xff\x67\x9f\x7f\x1d" "\x3d\xdf\xd8\x8f\x1f\xa3\x17\x7b\xb1\x1a\xcd\x38\x8b\xc8\x9e\x1b\xb5\xb7" "\xb2\x2c\x1b\x54\xd3\x5c\x2b\x3e\xe9\x0f\x8e\xbb\x79\x64\xff\xbb\xfb\xc5" "\xfc\x1b\x8f\x23\x86\xf1\x6b\xd1\x8c\xd6\xb0\xeb\x7c\xfc\x76\x67\x73\x2d" "\x1d\x99\x88\x1f\xe4\x79\xbc\x5b\xac\xdf\xce\xe3\xd7\xa3\x19\xef\x4f\x59" "\x7f\xbb\xb3\xb9\x3e\x25\x3e\xba\xb5\xf8\xf4\xe3\x89\xfc\x57\xa2\x19\x0f" "\x7e\x88\x9f\xa2\x17\xbb\xc3\x24\xc6\xf1\xbf\xaf\xa5\xe9\xe7\xd9\xdf\x4f" "\x7f\xfd\x36\x4f\x2f\x8f\x4f\x06\xc7\xdd\xfa\x70\xdc\x58\xb6\x74\xcb\x3f" "\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\xde\x60\x2b\x45\xed\x9c\x7a\x0c\xeb\xf7\xe4\x5d\x45\xfd\x9d\xa5\xb3\xfc" "\x9b\xe5\x48\x4b\xad\xf3\xf5\x79\x46\xf1\x49\x39\xd1\x85\xfa\x40\x83\x2c" "\xfe\x29\xeb\xeb\xac\xa6\x69\x9a\x15\x03\xc7\xf1\xd5\xf8\xa0\x1a\xd5\xbb" "\xd9\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbc" "\x5a\x8e\x7e\xfe\xe5\x60\xa7\xd7\xdb\x3b\xbc\x91\x46\x59\x0d\xa0\x7c\xad" "\xff\x65\xe7\x69\x4f\xf4\x7c\x14\xb3\x07\xd7\xc7\x6b\x55\x8a\xe6\x8c\x99" "\x63\xa9\x1c\x93\x44\xcc\x4c\x23\xdf\xc4\x0d\x1d\xcb\x55\x8d\x77\x2e\xcb" "\xf9\xdf\xff\xe6\x9d\xb0\x71\xf5\x98\xe5\x59\xe7\x73\x33\x8d\xf2\x76\x1d" "\xec\x24\xd3\xcf\xb0\x1e\x65\x4f\xa3\xbc\x24\xf7\x26\xc7\xd4\xe2\x9a\x6b" "\xd5\x2e\x7b\x94\xcd\x75\xfd\x6a\x53\x1f\x35\xe7\xde\x7b\xed\xbd\x61\x63" "\x30\x63\x4c\x24\xb3\x12\xfb\xec\xd1\xe8\xe4\x8a\x9e\xe4\xe2\x2e\x6a\xc3" "\x53\x9d\x1a\xbe\x5c\x34\x26\xc2\x2f\xdc\x8d\xb9\xee\xf3\x8b\xbf\x2b\x12" "\xd5\x3a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x60\xa1" "\xc6\x2f\xfd\x4e\x79\x78\x32\x33\xb4\x92\xd5\x17\x96\x16\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdc\xaa\xf1\xe7\xff\xcf\xd1\x18\x14" "\xc1\xd7\x18\x5c\x8b\xc3\xa3\x3b\xde\x22\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6f\x81\x67\x01\x00" "\x00\xff\xff\xc3\x51\x62\x02", 673); syz_mount_image( /*fs=*/0x200000000180, /*dir=*/0x200000000000, /*flags=MS_I_VERSION|MS_NOSUID|MS_NOEXEC|MS_DIRSYNC*/ 0x80008a, /*opts=*/0x2000000004c0, /*chdir=*/7, /*size=*/0x2a1, /*img=*/0x200000002300); memcpy((void*)0x200000000000, "./file0\000", 8); syscall(__NR_creat, /*file=*/0x200000000000ul, /*mode=*/0ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/2ul, /*proto=*/0x88); if (res != -1) r[154] = res; *(uint32_t*)0x200000000280 = 5; res = syscall(__NR_getsockopt, /*fd=*/r[154], /*level=*/1, /*optname=*/0x11, /*optval=*/0x200000000240ul, /*optlen=*/0x200000000280ul); if (res != -1) r[155] = *(uint32_t*)0x200000000244; syscall(__NR_setreuid, /*ruid=*/0, /*euid=*/r[155]); memcpy((void*)0x200000000080, "./file0\000", 8); syscall(__NR_utimes, /*filename=*/0x200000000080ul, /*times=*/0ul); memcpy((void*)0x200000000000, "vfat\000", 5); memcpy((void*)0x200000000300, "./file0\000", 8); memcpy( (void*)0x200000000800, "\x78\x9c\xec\xdc\xcb\x6b\x13\x5f\x14\xc0\xf1\xd3\xf4\x95\xa6\xb4\xc9\xe2" "\xc7\x4f\x14\xa4\x07\xdd\xe8\x66\x68\xa3\x6b\x31\x48\x0b\x62\xc0\x52\x1b" "\xf1\x01\xc2\xb4\x9d\x68\xc8\x98\x94\x4c\xa8\x44\xc4\xea\xca\xad\xf8\x47" "\xb8\x28\x5d\x76\x57\xd0\xfe\x03\xdd\xb8\xd3\x8d\x1b\x77\xdd\x08\x2e\xec" "\x42\x1c\xc9\x3c\xfa\x4c\x69\x69\x9b\x4c\xdb\x7c\x3f\x10\xee\x4d\xee\x3d" "\x33\xf7\x4e\x26\xe1\xdc\x21\x93\xb5\x07\xef\x9f\x17\xf3\x8e\x91\x37\xab" "\x12\x8b\xab\x74\x88\x88\xac\x8b\xa4\x24\x26\xa1\x8e\xa0\x8c\x79\xf5\x1e" "\xd9\xea\x8d\x5c\xed\xff\xf5\xf5\xe2\xbd\x87\x8f\xee\x64\xb2\xd9\xd1\x09" "\xd5\xb1\xcc\xe4\xb5\xb4\xaa\x0e\x0e\x7d\x7a\xf1\xaa\x2f\xe8\xb6\xdc\x2b" "\xab\xa9\x27\x6b\x3f\xd3\x3f\x56\xff\x5f\x3d\xbf\xf6\x77\xf2\x59\xc1\xd1" "\x82\xa3\xa5\x72\x55\x4d\x9d\x2a\x7f\xaf\x9a\x53\xb6\xa5\x33\x05\xa7\x68" "\xa8\x8e\xdb\x96\xe9\x58\x5a\x28\x39\x56\xc5\x6f\x2f\xfb\xed\x79\xbb\x3c" "\x3b\x5b\x53\xb3\x34\x33\x90\x98\xad\x58\x8e\xa3\x66\xa9\xa6\x45\xab\xa6" "\xd5\xb2\x56\x2b\x35\x35\x9f\x9a\x85\x92\x1a\x86\xa1\x03\x09\xc1\x7e\x72" "\x0b\x13\x13\x66\xe6\x90\xc1\xd3\xc7\x3c\x18\x34\x49\xa5\x92\x31\x3b\x45" "\xa4\x6f\x57\x4b\x6e\x21\x92\x01\x01\x00\x80\x48\xed\xcc\xff\x63\xf5\x94" "\xfe\xf8\xf2\xff\xc5\x4b\x2b\xd5\xfe\xfb\x4b\x83\x41\xfe\xbf\xdc\xd3\x28" "\xff\xbf\xfe\xcd\xdf\xd6\xb6\xfc\x3f\x2e\x22\x4d\xcf\xff\x77\x67\x44\xed" "\xe5\x48\xf9\x3f\x4e\x89\x7a\xfe\x9f\x08\x3e\xbf\x9e\xb7\x8f\x17\x87\xbd" "\x0a\xf9\x3f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\xa7\xc1\xba\xeb\x26\x5d\xd7\x4d\x86\x65\xf8\xe8\x15\x91\xb8\x88" "\x84\xcf\xa3\x1e\x27\x9a\x83\xf7\xbf\xbd\x6d\xde\xb8\xd7\x35\x28\x62\xbf" "\x9b\xcb\xcd\xe5\xfc\x32\xe8\xb0\x22\x22\xb6\x58\x32\x2c\x49\xf9\xe3\x9d" "\x0f\x81\x7a\x3d\xbc\x17\x50\xeb\x52\xf2\xd9\x9e\x0f\xe2\xe7\xe7\x72\x9d" "\x5e\x4b\x26\x2f\x05\x2f\x7e\x44\x92\x92\xda\x19\xef\xba\x63\xb7\xb3\xa3" "\x23\xea\xdb\x1e\xdf\x2d\x89\xad\xf1\x69\x49\xca\x7f\x8d\xe3\xd3\x0d\xe3" "\x7b\xe4\xca\xe5\x2d\xf1\x86\x24\xe5\xcb\xb4\x94\xc5\x96\x19\xef\xbc\xde" "\x8c\x7f\x3d\xa2\x7a\xeb\x6e\x76\x47\x7c\x9f\xd7\x0f\x00\x00\x00\x00\x80" "\xb3\xc0\xd0\x0d\x0d\xd7\xef\x86\xb1\x57\xbb\x1f\xbf\xb1\xbe\x6e\x78\x7d" "\xc0\x5f\x5f\x0f\x37\x5c\x9f\x77\xc9\x85\xae\x68\xe7\x0e\x00\x00\x00\x00" "\x40\xbb\x70\x6a\x2f\x8b\xa6\x6d\x5b\x95\x33\x57\x09\x67\x78\xd0\xa8\xf0" "\xb7\x0c\x91\x8c\x39\xdc\xf9\xc9\x38\x74\x07\xa8\xc4\x0e\x35\xd4\x21\x11" "\xb1\xf5\xa8\x7b\x0f\x2f\x1b\xed\xd5\x47\xc6\xa3\x3a\x2c\xe7\x3e\x7c\xfc" "\x7d\x7c\x1b\xbc\xb1\x14\xdf\x67\xa6\x4d\xab\x74\xb7\xf6\x5b\x08\x00\x00" "\x00\x40\x2b\x6c\x26\xfd\xe1\x2b\x37\xa3\x1d\x10\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6d" "\xa8\x15\x7f\x27\x16\xf5\x1c\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x93" "\xe2\x5f\x00\x00\x00\xff\xff\x7b\x91\x12\x85", 695); syz_mount_image(/*fs=*/0x200000000000, /*dir=*/0x200000000300, /*flags=*/0, /*opts=*/0x200000000ac0, /*chdir=*/0x45, /*size=*/0x2b7, /*img=*/0x200000000800); memcpy((void*)0x200000000000, ".\000", 2); res = syscall(__NR_fspick, /*dfd=*/0xffffff9c, /*path=*/0x200000000000ul, /*flags=*/0ul); if (res != -1) r[156] = res; memcpy((void*)0x2000000006c0, "posixacl\000", 9); syscall(__NR_fsconfig, /*fd=*/r[156], /*cmd=*/0ul, /*key=*/0x2000000006c0ul, /*value=*/0ul, /*aux=*/0ul); res = -1; res = syz_genetlink_get_family_id(/*name=*/0, /*fd=*/-1); for (int i = 0; i < 32; i++) { syz_genetlink_get_family_id(/*name=*/0, /*fd=*/-1); } if (res != -1) r[157] = res; memcpy((void*)0x200000000000, "./file0\000", 8); res = syscall(__NR_open, /*file=*/0x200000000000ul, /*flags=O_NONBLOCK|O_DIRECT|O_RDWR*/ 0x4802ul, /*mode=*/0ul); for (int i = 0; i < 32; i++) { syscall(__NR_open, /*file=*/0x200000000000ul, /*flags=O_NONBLOCK|O_DIRECT|O_RDWR*/ 0x4802ul, /*mode=*/0ul); } if (res != -1) r[158] = res; memcpy( (void*)0x200000000600, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34" "\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb" "\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4" "\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8" "\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d" "\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22\x20\xff\x26\x23\xdf\x49\x50\x13" "\x4b\x9f\xb7\x34\xa5\x2a\xda\xd9\x5f\x13\x1c\xce\x36\x72\xa9\xd7\xd7\xb4" "\x00\xd2\xc6\x28\x10\xb5\xf2\x03\x51\x63\x93\x30\x94\x81\x07\xbf\x8d\x45" "\x34\xa0\x3a\xc3\x89\x45\x5c\x54\xd8\xeb\x4d\x60\x9b\x3e\x85\x8b\x72\x13" "\xb3\x8e\xb0\x1f\x0e\xea\xba\x37\x39\xae\x92\x79\x16\xe2\x8d\xa6\xa7\x9a" "\x3f\xd5\xe3\x2d\x30\xab\x30\xbf\x95\x9d\x45\x96\xe5\xff\xbf\xf6\x78\x9a" "\x65\x0b\x9e\x7d\x24\x8d\x1b\xa8\x68\x01\x23\x36\xa4\xf3\xef\x8f\xab\x07" "\xa8\xf5\xb8\x1b\xb0\xbc\x45\xb2\x17\x45\x38\x31\x5c\xa1\x2b\x7c\x72\x3b" "\x21\x57\x56\x25\x64\xa8\xa1\xf1\x9d\x28\x17\x9f\x8c\x56\x54\x48\xe0\xe9" "\x21\xb8\xc3\xe6\xfc\x4a\xda\xaf\xa8\xb9\x29\xad\x07\x7f\x63\x33\x25\xb6" "\xa6\xf7\x1a\x58\x6c\xab\xc4\x88\x3e\x03\xe1\x93\x15\xf9\x46\xb2\x77\x85" "\x85\x93\xa7\x36\x7e\x23\x22\x02\xfe\x9a\xd6\x56\xc6\x76\x8a\x15\x17\xda" "\x7f\x04\x98\xb4\x8c\xb0\x78\xe9\x29\xfb\x11\xdb\x0c\xc5\x51\xf7\x54\xbf" "\xfc\x48\x59\xdd\x89\xa3\x96\x91\x5c\xc8\x09\xb0\x7d\x44\x85\x73\x09\x84" "\x09\xea\x21\x37\x10\x56\xf6\x7e\xf4\x11\x4e\xc1\x05\x47\xf4\x98\xd2\x45" "\x13\xfe\x59\x43\x08\xbf\x02\x28\x68\xad\x21\xe8\x5b\xba\x81\x19\x42\xfd" "\xc4\x51\x61\xa1\xa8\xa7\xfe\x00\xd5\xc6\xb0\x5e\xd7\x95\x4f\x63\x1b\xbd" "\x12\xa5\xc9\xa5\xcf\xa5\x96\x5e\x05\x95\xde\x60\x8b\x04\xeb\xe0\x2b\x3f" "\xcb\xf3\xb9\xf5\x78\x07\xa1\xa7\xad\x85\x28\x99\x2e\x2e\xc6\x59\x49\xda" "\x2f\x4a\x04\x78\xdf\xd3\xae\x52\x63\x9c\x15\xd8\xae\xaa\x35\x1d\xa6\xd3" "\x93\xb5\x8c\x77\x21\x68\xfa\xe6\x04\xd0\x97\xfe\xf4\xd6\xb9\x36\x0e\xb1" "\x69\xa0\xb0\xee\x70\xcd\xc2\x24\x35\xa0\x03\xe6\x86\x98\xf6\x1b\x3b\x63" "\xb1\xf5\x10\x11\xbc\x8f\x4e\xf9\x44\xc1\xde\x82\x17\x85\xf6\x70\x12\x4a" "\x1c\x6e\xd1\x83\x35\xd6\x34\x12", 512); syscall(__NR_write, /*fd=*/r[158], /*buf=*/0x200000000600ul, /*count=*/0x200ul); for (int i = 0; i < 32; i++) { syscall(__NR_write, /*fd=*/r[158], /*buf=*/0x200000000600ul, /*count=*/0x200ul); } memcpy((void*)0x200000001240, "iso9660\000", 8); memcpy((void*)0x200000001280, "./file0\000", 8); *(uint8_t*)0x200000000740 = 0; memcpy( (void*)0x2000000047c0, "\x78\x9c\xec\xdd\x6b\x70\xdc\x57\x7d\xf0\xf1\xdf\x7f\x7d\x53\x1c\x08\x0e" "\x21\x17\x12\xf3\xb0\x71\x12\x48\x42\xe2\x48\x72\x62\xc7\x24\x5c\x14\x69" "\x65\x6f\x22\x69\x85\x56\x0a\x31\xb7\xe0\xc4\xb2\x11\x91\xed\x60\x87\x40" "\xcc\x25\x09\x97\x00\xcf\xc3\xe5\x01\x9e\xa7\xf7\x0b\xb4\x85\xba\xb4\x25" "\xa5\x14\x5a\x66\x3a\x9d\xe9\xbb\xb6\x2f\xfa\x02\x3a\xc3\x8b\xbe\x6e\x3a" "\xd3\x19\x06\xd3\x0b\xbd\x70\x49\xe7\xec\x1e\xc9\x8a\x13\x5b\x4e\x6c\x59" "\xae\xcf\xe7\xe3\x81\x5d\x4b\x67\xf7\x7f\xfe\xc2\xe8\xbb\x67\xb5\xda\x13" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x54\x83\x43\xbd" "\xbd\x7d\x55\x8c\x34\xc7\xa6\xee\xa9\x1f\xdf\xe0\xd0\x44\x6b\xf4\x04\x9f" "\x9f\xbb\xbf\xef\x54\x9d\x7b\xfd\xce\xa2\xc7\x8d\xa8\xd2\x7f\xa2\xa7\x27" "\x2e\xeb\x7e\xe8\xb2\x17\x57\xf3\x9f\x7d\x49\xfa\xef\x0d\x71\x71\xf7\xde" "\x2e\x8e\x9e\x74\xd9\x13\x87\xce\xbf\x64\xdd\x6d\x17\xad\xac\xcd\xdd\xfe" "\x04\x13\x3a\x23\x0e\x3e\x72\xe8\x81\x9d\xb3\xb3\xd3\x07\x96\x7b\x22\xcb" "\x64\x5b\x63\xac\xd9\x6e\x35\x47\x07\xb6\x35\xea\xcd\x76\xab\xbe\x75\xf3" "\xe6\xde\x9b\xb6\x0f\xb7\xeb\xc3\xcd\x91\x46\x7b\x47\x7b\xb2\x31\x5a\x1f" "\x9c\x68\x0c\x4c\xb6\x26\xea\xd7\x0e\x5e\x57\xef\xdb\xba\x75\x53\xbd\xb1" "\x71\x47\x6b\x6a\x6c\xdb\xd0\xc0\x48\x63\xee\x83\x5b\x6e\xec\xef\xed\xdd" "\x5c\xbf\x73\xe3\x78\x63\x60\xa2\xdd\x1a\xbb\xe9\xce\x8d\xed\xc1\xed\xcd" "\x91\x91\xe6\xd8\xb6\xce\x98\xf4\xe9\x34\x66\x4b\xfa\x87\x78\x57\x73\xb2" "\x3e\xd9\x18\x18\xad\xd7\x77\xcf\xcc\x4e\x6f\x5a\x6c\x92\x69\x50\xdf\xc9" "\x0c\xea\x5f\x6c\x50\x7f\x6f\x7f\x7f\x5f\x5f\x7f\x7f\xdf\xe6\x5b\xb6\xde" "\xb2\xa5\xb7\x77\xe5\xb3\x3e\xd0\x7b\x8c\x78\xd6\x88\xe5\xff\x47\xcb\xf2" "\x5a\x92\xef\xe3\xf0\x42\xd4\x72\xff\x63\x24\x9a\x31\x16\x53\x71\x4f\xd4" "\x9f\xf3\xcf\x60\x0c\xc5\x44\xb4\x62\xf4\x38\x9f\xcf\xe6\xfa\x7f\x4d\x75" "\xe2\xe3\x2e\xec\xff\xfa\xee\x87\xd6\x5f\x78\xb4\xff\x17\x45\xa7\xff\x97" "\x76\xef\xed\xd2\xe3\xf5\xff\x38\x73\x39\x73\x7f\x0e\xc6\x23\x71\x28\x1e" "\x88\x9d\x31\x1b\xb3\x31\x1d\x07\x96\x7d\x46\x67\xf6\xcf\xb6\x68\xc4\x58" "\x34\xa3\x1d\xad\x68\xc6\x68\x0c\x74\x3e\x52\xcf\x1f\xa9\xc7\xd6\xd8\x1c" "\x9b\xa3\x37\xee\x8d\xed\x31\x1c\xed\xa8\xc7\x70\x34\x63\x24\x1a\xd1\x8e" "\x1d\xd1\x8e\xc9\x68\x74\xfe\x45\x0d\xc6\x44\x34\x62\x20\x26\xa3\x15\x13" "\x51\x8f\x6b\x63\x30\xae\x8b\x7a\xf4\xc5\xd6\xd8\x1a\x9b\xa2\x1e\x8d\xd8" "\x18\x3b\xa2\x15\x53\x31\x16\xdb\x62\x28\x06\x3a\xf7\xb2\x3b\x66\x3a\x5f" "\xf7\x4d\x27\x98\xe3\xfc\xa0\xbe\x93\x19\xd4\x7f\x82\x41\xdd\x98\xaf\xc8" "\xff\x48\xf5\x9f\x17\x62\x09\xbe\x8b\xc3\x0b\xf3\xf4\x5c\xff\x01\x80\x72" "\xdc\xd1\x18\xd0\x7f\x00\x28\xcc\x58\x7b\xa2\xb7\x5f\xff\x01\xa0\x28\x93" "\xd6\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x70\xba\x55\x51\x8b\xde\x88\xf8\xd6\x9e\x23\xd5\xc2" "\x9d\x29\x7b\x3a\x1b\xfe\x1f\xf7\x66\xab\xab\xce\x2d\x6b\x51\x75\xf7\xf2" "\x8d\x9e\xcd\x9b\xb6\x0c\x0e\xf7\x0d\x0f\xf5\xf6\xf6\xf6\xf6\x6d\x19\xec" "\x3b\x23\xb3\x9f\x77\x61\xb4\xda\x93\x03\xf5\xc1\xfd\x7b\x1f\x3c\x30\x7d" "\xf0\xe0\xf4\xae\xfa\xd4\xbe\x99\xfb\xf7\xef\x9a\x3e\xe9\x7b\x38\xd5\xdb" "\x3f\x4f\xb7\xaf\x7b\x6a\xcd\xf9\x97\xac\xbb\x6d\x6b\xfa\xcb\xf5\x7b\xa6" "\xf7\xcd\x1c\xdc\x3f\xb3\x77\xe7\x9e\x25\x3b\x20\x00\x2c\xb0\x32\x6a\xf1" "\x54\x44\xbc\xf2\xc9\x23\xd5\x95\xb9\xe5\x71\xfd\xd4\xd0\x70\x7d\xe4\xee" "\x7a\x73\xdf\xee\xfd\x0b\xc6\xd6\xe6\xb6\x09\x38\xc5\x56\x2e\xf2\xd8\x62" "\xa9\xad\x3e\xa3\x47\xd3\x76\x00\xce\x42\xab\xa2\x16\xf7\x45\xc4\xe1\x2f" "\x1d\xa9\x36\xa4\xc6\xe7\xc7\x00\xb5\xd7\x74\x36\x06\x5c\xee\xe9\x1d\x57" "\xe7\x79\x87\x2a\x22\xcd\x59\x63\x01\xe0\xf9\x59\x1d\xb5\x68\x45\xc4\xae" "\x0b\xbf\x5e\x5d\x15\x11\x2b\xe2\x1c\x58\xdf\xf7\xa4\xc7\x04\x9d\x93\x98" "\x1a\x1a\xee\x9c\xc8\xec\xcc\xce\x7d\x0f\x45\xe7\x39\x8c\x15\xdd\x51\xeb" "\x8e\xbd\xd1\xdc\x73\x1f\x67\xf9\x63\x89\x75\x11\x6f\x4c\x73\x5d\x6d\xcf" "\x46\x00\x5e\xb8\x35\x51\x8b\x6f\x44\xc4\xde\x97\xf4\xc4\xd5\x9d\x9f\x07" "\x00\x00\xe7\xba\x9e\xa8\x45\xf7\x75\x7f\x47\xaa\x6b\x96\x7b\x32\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x70\x8e\xa8\xa2\x16\x9f\x8b\x88\x43\x3f\x3a\x52\xf5\x2e\xf8\xf8\xa9" "\xed\xff\x7f\x6b\xdf\xcd\x67\x64\xf6\xf3\xec\xff\x0f\x00\xcf\xc3\xca\xa8" "\xc5\x8f\xf3\xfe\xff\x7d\xf6\xff\x3f\xfd\xb4\x1d\x80\xb3\xd0\xaa\xa8\xc5" "\x81\xbc\xff\x7f\xbf\xfd\xff\x01\xa0\x08\xab\xa3\x16\xf7\xe6\xfd\xff\x37" "\xd9\xff\xff\xec\x7f\x2c\x61\xff\x7f\x00\x4e\x83\x35\x51\x8b\xbf\xcc\xfb" "\xff\xdf\x6c\xff\x7f\x00\x28\x42\x4f\xd4\xa2\xfb\xba\xbf\x23\xd5\x2d\xcb" "\x3d\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x38\x47\x9c\x17\xb5\xf8\xc7\x88\xf8\xf3\x77\x3f\xdc" "\xd9\x57\x66\xe1\xbe\xf4\x0b\x77\x98\x79\xf1\x22\xdb\xcd\xa4\x4f\x6f\xcc" "\xd7\x4f\x66\x4f\xbe\xd5\x79\xaf\xc1\x5a\x95\xfe\x9c\xc6\x13\x02\x00\x16" "\xd5\x13\xb5\xb8\xbd\x73\xed\x48\x35\xb0\xdc\x93\x01\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xce\x6a\xb5\xa8\xc5" "\xdf\x46\x44\xf5\xfd\x23\x55\x54\x11\xf1\x58\x44\x3d\xba\x97\xbd\xcb\x3d" "\x39\x00\x60\x69\x54\xb5\xf8\x87\x88\x78\xc5\xdf\x1d\x49\xf5\x8f\xdb\xd7" "\x3d\xb5\xe6\xfc\x4b\xd6\xdd\xb6\x35\x22\x56\xc4\x8a\xce\x43\x82\x6a\xe1" "\xf8\x56\x7b\x72\xa0\x3e\xb8\x7f\xef\x83\x07\xa6\x0f\x1e\x9c\xde\x55\x9f" "\xda\x37\x73\xff\xfe\x5d\xd3\x27\x7b\xb8\x9e\xc1\xa1\x89\xd6\xe8\x52\x9c" "\xc8\x49\x59\xbd\xc4\xf3\x5f\x7d\xca\x33\xec\x49\x8f\xc9\x16\xb8\xbe\x33" "\xe1\xa9\xa1\xe1\xce\xa4\x67\x67\x76\xee\x7b\x28\x7d\xb8\x56\xad\x38\xe5" "\x43\x01\x50\xae\x9e\xa8\xc5\x4f\x3b\xd7\x8e\x54\xd5\x72\x4f\x06\x00\x38" "\x23\x56\x55\xb5\xf8\xfb\x88\xf8\xa7\x37\x1c\x9e\x5f\x77\xae\xec\xae\xf9" "\x57\x76\xff\xd6\x3b\xbf\x1c\xfd\xca\xcb\x8e\xae\x4d\x7b\xf2\x83\x85\xb9" "\xc7\x0c\x73\xcf\x1b\x5c\x74\x82\xeb\xcf\xf9\xf8\xe2\xfa\x3d\xd3\xfb\x66" "\x0e\xee\x9f\xd9\xbb\x73\xcf\x62\x8b\xf0\x9e\x7c\x5c\x2b\x5f\x00\x38\x35" "\x55\x55\x8b\xbf\x8a\x88\x6d\xf7\x5d\xd6\xe9\x6a\x15\x6b\x9f\xfd\x1c\x74" "\x1e\xf7\xc3\x88\xd8\xf2\xf9\x7a\x1e\x17\x6b\xd3\xb8\xb9\x27\xbc\xd7\x74" "\xe2\xde\xb3\x7b\x66\x76\x7a\xe3\xfd\xfb\x67\x77\xa5\xf1\x5f\x88\x88\xbf" "\xfe\xea\xfa\x3c\xbe\xb6\x3a\x8d\xcf\x0f\x2a\x62\xd5\xd1\xf1\xbd\x69\xec" "\x93\x11\xf1\xfd\x6f\xcd\x8d\x8d\xce\xd8\x35\x79\x6c\xcf\xd1\xb1\x7d\x69" "\xec\x96\x88\xd8\xf9\xcd\x67\x8e\xed\xc9\x63\xcf\x3b\x3a\xb6\x3f\x8d\xdd" "\x10\x11\xb3\x5f\x7c\xe6\xd8\xf3\xf2\xd8\xb5\x47\xc7\x6e\x5a\xda\xaf\x32" "\x00\x9c\x5d\xd2\xfa\xff\xb5\x11\xb1\xa9\x7d\x78\xbe\xcd\x27\x5a\xff\xcf" "\xad\xe1\x1f\xcb\x97\x4b\xbd\xfe\x5f\xb5\xe0\x46\x3d\xf9\xb8\xab\x4e\xc3" "\x79\x03\x40\xc9\xd2\x1a\xf9\x6f\xf2\xfa\x7f\xd5\x22\xeb\xff\xef\x46\xc4" "\x93\x3f\x5f\x9f\xc7\x75\xd7\xd2\x6b\xf3\xe7\xcf\x3f\x66\x3d\xbf\x2f\x22" "\x1e\xfe\xde\x33\xc7\x9e\x9f\xc7\xbe\x68\xc1\x7a\xfe\x8c\x9e\x2c\x00\xd0" "\x91\xd6\xff\x4f\x44\xc4\xf7\x7e\x76\x78\xfe\xb9\xfc\xbc\xfe\xcf\xcb\xec" "\xa3\xeb\xff\x8f\xad\x3b\xba\x86\xdf\x95\x2f\x97\x7a\xfd\xbf\xe6\x98\xf5" "\x7f\x3a\xee\xcb\x4f\xc3\x79\x03\x40\xc9\x52\xff\x7f\x12\x11\xdf\x3d\x70" "\x78\xfe\xe7\xed\x27\xd3\xff\xb9\x75\xff\x52\xf7\xbf\xe7\x98\xfe\xa7\xe3" "\x5e\x7e\x1a\xce\x1b\x00\x4a\x96\xfa\xff\x54\x44\x7c\xf3\x03\x87\xe7\x5f" "\x43\x77\x4c\xff\x1f\x9f\x1b\xbb\xb0\xff\xd7\x5e\x95\x6f\x9f\xff\xbe\x54" "\xfd\x3f\xef\x98\xfe\xa7\xe3\x5e\x71\x3a\x4e\x1c\x00\x0a\x96\xfa\xff\xf9" "\x88\xf8\xf6\x86\xc3\xf3\xaf\x8b\x3f\x99\xf5\xff\x99\xea\xff\x5a\xfd\x07" "\x80\xd3\x2e\xf5\xff\xd6\x88\xf8\xec\x91\xc3\xf3\xcf\xe9\x9f\x4c\xff\x2f" "\xcf\xbf\x1d\xb0\xd4\xcf\xff\x9f\x7f\x4c\xff\xd3\x71\xeb\xa7\xe3\xc4\x01" "\xa0\x60\xab\xf2\xeb\xff\xfb\x9e\xfa\xd2\xfc\xeb\xf3\x4f\xa6\xff\xc7\x5a" "\xaa\xfe\xbf\xc8\x9b\x12\x02\xc0\x69\x57\xc5\xc5\x55\xb7\xcc\xab\xe2\x92" "\xce\xb5\xe1\xe6\x48\xc3\xce\x3f\x00\x00\x00\x70\x2e\xe9\xec\xef\x77\xf1" "\xdc\xd3\xfd\xd5\x25\x51\x59\xff\x03\x00\x00\xc0\xb9\xa6\x8a\x4b\xf3\xcf" "\xff\xd7\xc6\x65\xdd\x6b\xbb\x63\x26\x66\x63\x3a\x3c\x09\x00\x00\x00\x00" "\xe7\x88\xce\xcf\xff\x2f\xed\x6e\xe7\x1b\x51\x5d\x16\x95\xf5\x3f\x00\x00" "\x00\x9c\x6b\x3e\xd9\xf9\xfd\xff\xce\xef\x00\x74\xde\xfe\xbf\x27\x0e\x75" "\xde\xae\x67\x65\xad\xf3\xdc\x40\x55\x45\x7b\x7c\x4d\xf5\x17\x3f\x8c\x89" "\x89\x55\xd5\xe3\xe3\xf7\x5c\x5d\xed\x1d\x48\xe3\x06\xf6\xae\xe8\xde\xc1" "\x8a\x63\xef\x71\x72\xf8\xf2\xea\x82\x7c\x27\x9d\x8b\xcd\x2b\xf3\xdf\x06" "\x1b\xeb\xab\x97\x77\x8f\x36\xbf\x85\xdf\x0f\xf2\xc5\xee\xc5\xe6\x51\x9d" "\x86\x09\xc4\xa7\xe3\xf2\xee\x51\x2e\xcf\xfb\x17\xee\x9a\xfb\x4c\xf7\x28" "\x6b\x87\x9b\x23\x8d\x8d\x83\xad\x91\xdb\xfa\x62\x60\xe0\x82\xda\x64\xe3" "\x9e\xc9\xf7\xee\x9b\x79\x7f\x74\x4e\xff\x53\x63\xa3\x17\x54\xb1\x7b\x66" "\x76\x7a\xe3\xfd\xfb\x67\x77\x75\xe6\xd2\xd9\x1c\xe1\xf1\xbd\xf9\x5d\x8a" "\xba\x17\x4f\x3f\x7d\x32\x73\x79\xa8\xf3\x7e\x0b\x9d\xdf\xb9\x78\xce\x33" "\x5e\xd5\xf9\x45\x8c\x7c\xdc\xb5\xdd\xe3\xf6\x2e\x3c\xff\xfc\xbe\x4c\xc7" "\xee\xd4\x7c\xa2\x63\x3e\x11\x57\x74\x8f\x79\x45\x7e\xaf\xc7\xb5\xcf\x3c" "\xff\x9e\x74\xcc\xbe\x8d\xc7\x3b\xfb\x3c\x8b\xbe\xe3\x9e\xf9\xc9\xce\x62" "\x7d\x77\x16\xeb\xbb\xef\x22\x7d\xd5\xb5\xcf\x31\x8b\xfe\xc5\x66\xd1\xbf" "\x70\x16\x2f\xe8\x6b\x71\x12\xb3\xd8\xb4\xd8\x2c\x36\x9d\xe2\x2c\x00\x96" "\xcb\xee\x45\x2a\x54\x3d\x3b\xfc\x2f\xe0\xbb\xdc\x99\xa9\xfb\x13\x71\x65" "\xf7\x28\x57\x76\xdf\x9d\x78\xe5\xe5\xcf\xf1\x1d\xbd\x77\xb1\xef\xe8\xbd" "\xa7\x58\xb7\xaf\xc5\x86\xee\x2c\x36\xcc\x0d\x3e\x5e\x63\xd3\x71\x3f\x73" "\x4c\x55\xbf\x9c\x6e\xf0\xe5\xe3\x1e\xb7\x3d\xd2\x5f\xa5\x2f\xe1\x8a\x87" "\xf6\x3e\x18\x97\x1c\x7c\xe4\xd0\x8d\x9d\x37\x4e\xdc\x33\xbd\xaf\xbf\x7f" "\xd3\xe6\xde\x9b\x7b\x7b\x6f\xe9\x8f\x55\x9d\xd3\xc8\x17\xda\x03\xc0\x73" "\xd8\xd0\x79\xfd\x7f\xe7\x35\x00\xc7\xe9\xff\xa2\x23\xaa\x9b\x17\x59\x55" "\xbf\x74\xfe\x25\x05\x1b\xe3\xfe\xd8\x1f\xb3\xb1\x2b\x6e\xe8\xfc\xb6\x41" "\xe7\x15\x07\xcf\x79\xaf\x6b\x17\xbc\x0c\xe1\x86\x45\x56\xad\x47\xc7\xf6" "\xc5\x0d\x8b\xac\xea\x8e\x8e\xed\x7f\x1e\x63\x37\x9d\xf1\xff\x5d\x00\x60" "\x29\x6d\x58\xa4\xc3\x27\xd3\xff\x1b\x16\x59\x77\x3f\xb3\xe5\x27\x5e\x1d" "\x2f\x6c\x39\x00\xb0\x34\x1a\x13\x3f\xa8\xd6\x4e\x7e\xa2\x9a\x98\x68\x8e" "\xdf\xdb\xb7\x75\x6b\xdf\xc0\xe4\xf6\x46\x7d\xa2\x35\x78\x57\x7d\xa2\x39" "\xb4\xad\x51\x6f\x8e\x4d\x36\x26\x06\xb7\x0f\x8c\x6d\x6b\xd4\xc7\x27\x5a" "\x93\xad\xc1\xd6\x48\xba\x72\x77\x73\xa8\xd1\xae\xb7\xa7\xc6\xc7\x5b\x13" "\x93\xf5\xe1\xd6\x44\x7d\xbc\xd5\x6e\xde\x53\x1f\x6e\x8e\x34\xea\xed\x1d" "\xed\xc9\xc6\x68\xbd\xdd\x18\x1d\x18\x9b\x6c\x3e\xda\x1e\x1f\x69\x0c\xb4" "\x1b\xf5\xc1\xd6\xd8\xe4\xc0\xe0\x64\x7d\xa8\xd9\x1e\xac\x8f\x4f\xdd\x31" "\xd2\x6c\x6f\x6f\x4c\x74\x6e\xdc\x1e\x6f\x0c\x36\x87\x9b\x83\x03\x93\xcd" "\xd6\x58\xbd\xdd\x9a\x9a\x18\x6c\x6c\xac\xd7\xdb\x8d\xc6\x82\x81\xcd\xa1" "\xc6\xd8\x64\x73\xb8\x99\xae\x8e\xd5\xc7\x27\x9a\xa3\x03\x13\x3b\xea\x77" "\xb7\x46\xa6\x46\x1b\xf5\xa1\x46\x7b\x70\xa2\x39\x3e\xd9\xea\xde\xe1\xdc" "\xb1\x9a\x63\xc3\xad\x89\xd1\xce\xdd\x6e\x5c\xee\x2f\x36\x00\x9c\x25\x0e" "\x3e\x72\xe8\x81\x9d\xb3\xb3\xd3\x07\x96\xf0\xca\x72\x9f\x23\x00\xf0\x4c" "\x8b\x54\x7a\xf5\x19\x9f\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\xf0\x2c\x67\xe2\xf7\xff\x5c\x71\xe5\x7f\xde\x95\xa7\x9f\x7e\xfa\xd1\xf4" "\xff\x90\xb3\x65\x3e\x67\xfa\xca\x72\x7f\x67\x02\x96\x5a\x2d\x6a\x71\x24" "\x22\xaa\xef\x1f\xa9\x3a\xef\xcc\xf7\x58\x44\x3d\xba\x97\x36\x00\x06\x80" "\x73\x53\xea\xff\x8f\x72\xff\xaf\xd2\x7f\x00\x28\x42\xea\xff\x3f\xe7\xfe" "\x5f\xad\xff\x00\x50\x84\xd4\xff\x7f\xc9\xfd\xbf\x46\xff\x01\xa0\x08\xa9" "\xff\xff\x9a\xfb\xff\x2a\xfd\x07\x80\x22\xa4\xfe\xff\x5b\xee\xff\xab\xf5" "\x1f\x00\x8a\x90\xfa\xff\xe3\xdc\xff\x6b\xf5\x1f\x00\x8a\x90\xfa\xff\xef" "\xb9\xff\xd7\xe9\x3f\x00\x14\x21\xf5\xff\x3f\x72\xff\xaf\xd7\x7f\x00\x28" "\x42\xea\xff\x7f\xe6\xfe\xbf\x46\xff\x01\xa0\x08\xa9\xff\xff\x95\xfb\x7f" "\x83\xfe\x03\x40\x11\x52\xff\x7f\x92\xfb\x7f\xa3\xfe\x03\x40\x11\x52\xff" "\x7f\x9a\xfb\xbf\x51\xff\x01\xa0\x08\xa9\xff\x3f\xcb\xfd\xbf\x49\xff\x01" "\xa0\x08\xa9\xff\x3f\xcf\xfd\xef\xd5\x7f\x00\x28\x42\xea\xff\xd3\xb9\xff" "\x7d\xfa\x0f\x00\x45\x48\xfd\x8f\xdc\xff\x7e\xfd\x07\x80\x22\xa4\xfe\x57" "\xb9\xff\x9b\xf4\x1f\x00\x8a\x50\xcb\xcf\x00\xa4\xfe\xdf\xac\xff\x00\x50" "\x84\x54\xff\x15\xb9\xff\xb7\xe8\x3f\x00\x14\x21\xf5\x7f\x65\xee\xff\x66" "\xfd\x07\x80\x22\xa4\xfe\xaf\xca\xfd\xdf\xa2\xff\x00\x50\x84\xd4\xff\xd5" "\xb9\xff\xb7\xea\x3f\x00\x14\x21\xf5\x7f\x4d\xee\xff\x56\xfd\x07\x80\x22" "\xa4\xfe\xf7\xe4\xfe\xbf\x56\xff\x01\xa0\x08\xa9\xff\xe7\xe5\xfe\xdf\xa6" "\xff\x00\x50\x84\xd4\xff\xb5\xb9\xff\xb7\xeb\x3f\x00\x14\x21\xf5\xff\xfc" "\xdc\xff\xd7\xe9\x3f\x00\x14\x21\xf5\xff\x45\xb9\xff\xaf\xd7\x7f\x00\x28" "\x42\xea\xff\x8b\x73\xff\xdf\xa0\xff\x00\x50\x84\xd4\xff\x0b\x72\xff\xdf" "\xa8\xff\x00\x50\x84\xd4\xff\x97\xe4\xfe\x0f\xe8\x3f\x00\x14\x21\xf5\x7f" "\x5d\xee\xff\x1d\xfa\x0f\x00\x45\x48\xfd\xbf\x30\xf7\x7f\x50\xff\x01\xa0" "\x08\xa9\xff\x2f\xcd\xfd\x1f\xd2\x7f\x00\x28\x42\xea\xff\x45\xb9\xff\x0d" "\xfd\x07\x80\x22\xa4\xfe\xbf\x2c\xf7\x7f\x58\xff\x01\xa0\x08\xa9\xff\x17" "\xe7\xfe\x6f\xd3\x7f\x00\x28\x42\xea\xff\x25\xb9\xff\xdb\xf5\x1f\x00\x8a" "\x90\xfa\x7f\x69\xee\x7f\x53\xff\x01\xa0\x08\xa9\xff\x97\xe5\xfe\xdf\xa9" "\xff\x00\x50\x84\xd4\xff\x97\xe7\xfe\xdf\xa5\xff\x00\x50\x84\xd4\xff\xcb" "\x73\xff\x47\xf4\x1f\x00\x8a\x90\xfa\x7f\x45\xee\xff\xa8\xfe\x03\x40\x11" "\x52\xff\xd7\xe7\xfe\x8f\xe9\x3f\x00\x14\x21\xf5\xff\x15\xb9\xff\x2d\xfd" "\x07\x80\x22\xa4\xfe\xff\xaf\xdc\xff\x71\xfd\x07\x80\x22\xa4\xfe\xbf\x32" "\xf7\xff\x4d\xfa\x0f\x00\x45\x48\xfd\xaf\xe7\xfe\x4f\xe8\x3f\x00\x14\x21" "\xf5\xff\xca\xdc\xff\xb6\xfe\x03\x40\x11\x52\xff\x37\xe4\xfe\x4f\xea\x3f" "\x00\x14\x21\xf5\xff\xaa\xdc\xff\x29\xfd\x07\x80\x22\xa4\xfe\x5f\x9d\xfb" "\x7f\xb7\xfe\x03\x40\x11\x52\xff\xaf\xc9\xfd\x7f\xb3\xfe\x03\x40\x11\x52" "\xff\x5f\x95\xfb\x7f\x8f\xfe\x03\x40\x11\x52\xff\x5f\x9d\xfb\xbf\x43\xff" "\x01\xa0\x08\xa9\xff\xd7\xe6\xfe\xbf\x45\xff\x01\xa0\x08\xa9\xff\xd7\xe5" "\xfe\xbf\x55\xff\x01\xa0\x08\xa9\xff\xd7\xe7\xfe\xbf\x4d\xff\x01\xa0\x08" "\xa9\xff\xaf\xc9\xfd\x7f\xbb\xfe\x03\x40\x11\x52\xff\x6f\xc8\xfd\x7f\x87" "\xfe\x03\x40\x11\x52\xff\x6f\xcc\xfd\xbf\x57\xff\x01\xa0\x08\xa9\xff\x1b" "\x73\xff\xdf\xa9\xff\x00\x50\x84\xd4\xff\x9b\x72\xff\x77\xea\x3f\x00\x14" "\x21\xf5\xbf\x37\xf7\xff\x3e\xfd\x07\x80\x22\xa4\xfe\xf7\xe5\xfe\xdf\xaf" "\xff\x00\x50\x84\xd4\xff\xfe\xdc\xff\x5d\xfa\x0f\x00\x45\x48\xfd\xdf\x94" "\xfb\x3f\xad\xff\x00\x50\x84\xd4\xff\x9b\x73\xff\x77\xeb\x3f\x00\x14\x21" "\xf5\xff\x96\xdc\xff\x3d\xfa\x0f\x00\x45\x48\xfd\xdf\x1c\x11\xab\x22\xe2" "\x5d\xfa\x0f\x00\x45\x48\xfd\xdf\x92\xd7\xff\x33\xfa\x0f\x00\x45\x48\xfd" "\xbf\x35\xf7\xff\xdd\xfa\x0f\x00\x45\x48\xfd\xdf\x9a\xfb\xff\x80\xfe\x03" "\x40\x11\x52\xff\x5f\x9b\xfb\x3f\xab\xff\x00\x50\x84\xd4\xff\xdb\x72\xff" "\xf7\xea\x3f\x00\x14\x21\xf5\xff\xf6\xdc\xff\x7d\xfa\x0f\x00\x45\x48\xfd" "\x7f\x5d\xee\xff\x7e\xfd\x07\x80\x22\xa4\xfe\xbf\x3e\xf7\xff\x41\xfd\x07" "\x80\x22\xa4\xfe\xbf\x21\xf7\xff\x3d\xfa\x0f\x00\x45\x48\xfd\x7f\x63\xee" "\xff\x01\xfd\x07\x80\x22\xa4\xfe\x0f\xe4\xfe\x1f\xd4\x7f\x00\x28\x42\xea" "\xff\x1d\xb9\xff\x0f\xe9\x3f\x00\x14\x21\xf5\x7f\x30\xf7\xff\xbd\xfa\x0f" "\x00\x45\x48\xfd\x1f\xca\xfd\x7f\x58\xff\x01\xa0\x08\xa9\xff\x8d\xdc\xff" "\xf7\xe9\x3f\x00\x14\x21\xf5\x7f\x38\xf7\xff\xfd\xfa\x0f\x00\x45\x48\xfd" "\xdf\x96\xfb\xff\x88\xfe\x03\x40\x11\x52\xff\xb7\xe7\xfe\x1f\xd2\x7f\x00" "\x28\x42\xea\x7f\x33\xf7\xff\x03\xfa\x0f\x00\x45\x48\xfd\xbf\x33\xf7\xff" "\x83\xfa\x0f\x00\x45\x48\xfd\xbf\x2b\xf7\xff\x43\xfa\x0f\x00\x45\x48\xfd" "\x1f\xc9\xfd\xff\xb0\xfe\x03\x40\x11\x52\xff\x47\x73\xff\x1f\xd5\x7f\x00" "\x28\x42\xea\xff\x58\xee\xff\x63\xfa\x0f\x00\x45\x48\xfd\x6f\xe5\xfe\x3f" "\xae\xff\x00\x50\x84\xd4\xff\xf1\xdc\xff\x8f\xe8\x3f\x00\x14\x21\xf5\xff" "\x4d\xb9\xff\x1f\xd5\x7f\x00\x28\x42\xea\xff\x44\xee\xff\xc7\xf4\x1f\x00" "\x8a\x90\xfa\xdf\xce\xfd\xff\xb8\xfe\x03\x40\x11\x52\xff\x27\x73\xff\x9f" "\xd0\x7f\x00\x28\x42\xea\xff\x54\xee\xff\x27\xf4\x1f\x00\x8a\x90\xfa\x7f" "\x77\xee\xff\x27\xf5\x1f\x00\x8a\x90\xfa\xff\xe6\xdc\xff\x4f\xe9\x3f\x00" "\x14\x21\xf5\xff\x9e\xdc\xff\xff\xad\xff\x00\x50\x84\xd4\xff\x1d\xb9\xff" "\xff\x47\xff\x01\xa0\x08\xa9\xff\x6f\xc9\xfd\xff\xb4\xfe\x03\x40\x11\x52" "\xff\xdf\x9a\xfb\xff\x19\xfd\x07\x80\x22\xa4\xfe\xbf\x2d\xf7\xff\xb3\xfa" "\x0f\x00\x45\x48\xfd\x7f\x7b\xee\xff\xe7\xf4\x1f\x00\x8a\x90\xfa\xff\x8e" "\xdc\xff\xff\xab\xff\x00\x50\x84\xd4\xff\x7b\x73\xff\x3f\xaf\xff\x00\x50" "\x84\xd4\xff\x77\xe6\xfe\x7f\x41\xff\x01\xa0\x08\xa9\xff\x3b\x73\xff\xbf" "\xa8\xff\x00\x50\x84\xd4\xff\xfb\x72\xff\xff\x9f\xfe\x03\x40\x11\x52\xff" "\xef\xcf\xfd\xff\xff\xfa\x0f\x00\x45\x48\xfd\xdf\x95\xfb\xff\x0b\xfa\x0f" "\x00\x45\x48\xfd\x9f\xce\xfd\xff\x45\xfd\x07\x80\x22\xa4\xfe\xef\xce\xfd" "\xff\x25\xfd\x07\x80\x22\xa4\xfe\xef\xc9\xfd\xff\x65\xfd\x07\x80\x22\xa4" "\xfe\xbf\x2b\xf7\xff\x57\xf4\x1f\x00\x8a\x90\xfa\x3f\x93\xfb\xff\xab\xfa" "\x0f\x00\x45\x48\xfd\x7f\x77\xee\xff\xaf\xe9\x3f\x00\x14\x21\xf5\xff\x81" "\xdc\xff\x5f\xd7\x7f\x00\x28\x42\xea\xff\x6c\xee\xff\x6f\xe8\x3f\x00\x14" "\x21\xf5\x7f\x6f\xee\xff\x6f\xea\x3f\x00\x14\x21\xf5\x7f\x5f\xee\xff\x97" "\xf4\x1f\x00\x8a\x90\xfa\xbf\x3f\xf7\xff\xcb\xfa\x0f\x00\x45\x48\xfd\x7f" "\x30\xf7\xff\xb7\xf4\x1f\x00\x8a\x90\xfa\xff\x9e\xdc\xff\xdf\xd6\x7f\x00" "\x28\x42\xea\xff\x81\xdc\xff\xdf\xd1\x7f\x00\x28\x42\xea\xff\xc1\xdc\xff" "\xaf\xe8\x3f\x00\x14\x21\xf5\xff\xa1\xdc\xff\xaf\xea\x3f\x00\x14\x21\xf5" "\xff\xbd\xb9\xff\xbf\xab\xff\x00\x50\x84\xd4\xff\x87\x73\xff\x0f\xeb\x3f" "\x00\x14\x21\xf5\xff\x7d\xb9\xff\xbf\xa7\xff\x00\x50\x84\xd4\xff\xf7\xe7" "\xfe\x7f\x4d\xff\x01\xa0\x08\xa9\xff\x8f\xe4\xfe\xff\xbe\xfe\x03\x40\x11" "\x52\xff\x0f\xe5\xfe\xff\x81\xfe\x03\x40\x11\x52\xff\x3f\x90\xfb\xff\x87" "\xfa\x0f\x00\x45\x48\xfd\xff\x60\xee\xff\xd7\xf5\x1f\x00\x8a\x90\xfa\xff" "\xa1\xdc\xff\x27\xf5\x1f\x00\x8a\x90\xfa\xff\xe1\xdc\xff\x3f\xd2\x7f\x00" "\x28\x42\xea\xff\xa3\xb9\xff\xdf\xd0\x7f\x00\x28\x42\xea\xff\x63\xb9\xff" "\x7f\xac\xff\x00\x50\x84\xd4\xff\xc7\x73\xff\xbf\xa9\xff\x00\x50\x84\xd4" "\xff\x8f\xe4\xfe\xff\x89\xfe\x03\x40\x11\x52\xff\x3f\x9a\xfb\xff\x2d\xfd" "\x07\x80\x22\xa4\xfe\x7f\x2c\xf7\xff\xdb\xfa\x0f\x00\x45\x48\xfd\xff\x78" "\xee\xff\x9f\xea\x3f\x00\x14\x21\xf5\xff\x89\xdc\xff\x3f\xd3\x7f\x00\x28" "\xc2\x7f\x07\x00\x00\xff\xff\x81\x63\x0f\x16", 4709); syz_mount_image(/*fs=*/0x200000001240, /*dir=*/0x200000001280, /*flags=*/0, /*opts=*/0x200000000740, /*chdir=*/1, /*size=*/0x1265, /*img=*/0x2000000047c0); for (int i = 0; i < 32; i++) { syz_mount_image(/*fs=*/0x200000001240, /*dir=*/0x200000001280, /*flags=*/0, /*opts=*/0x200000000740, /*chdir=*/1, /*size=*/0x1265, /*img=*/0x2000000047c0); } memcpy((void*)0x200000000000, "/dev/rfkill\000", 12); res = syscall( __NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=O_TRUNC|O_CLOEXEC|O_APPEND|O_RDWR*/ 0x80602, /*mode=*/0); if (res != -1) r[159] = res; res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10); if (res != -1) r[160] = res; res = syscall(__NR_epoll_create1, /*flags=*/0ul); if (res != -1) r[161] = res; syscall(__NR_epoll_pwait2, /*epfd=*/r[161], /*events=*/0x200000000000ul, /*maxevents=*/1ul, /*timeout=*/0ul, /*sigmask=*/0ul, /*size=*/0ul); *(uint32_t*)0x200000001100 = 0x20000016; *(uint64_t*)0x200000001104 = 0; syscall(__NR_epoll_ctl, /*epfd=*/r[161], /*op=*/1ul, /*fd=*/r[160], /*ev=*/0x200000001100ul); *(uint32_t*)0x200000000040 = 0; *(uint8_t*)0x200000000044 = 6; *(uint8_t*)0x200000000045 = 3; *(uint8_t*)0x200000000046 = 0; *(uint8_t*)0x200000000047 = 0; syscall(__NR_write, /*fd=*/r[159], /*data=*/0x200000000040ul, /*len=*/8ul); memcpy((void*)0x200000000080, "ext3\000", 5); memcpy((void*)0x200000000480, "./file0\000", 8); memcpy((void*)0x200000000900, "init_itable", 11); *(uint8_t*)0x20000000090b = 0x2c; memcpy((void*)0x20000000090c, "resgid", 6); *(uint8_t*)0x200000000912 = 0x2c; sprintf((char*)0x200000000913, "0x%016llx", (long long)0xee00); *(uint8_t*)0x200000000925 = 0x2c; memcpy((void*)0x200000000926, "bh", 2); *(uint8_t*)0x200000000928 = 0x2c; memcpy((void*)0x200000000929, "noload", 6); *(uint8_t*)0x20000000092f = 0x2c; memcpy((void*)0x200000000930, "errors=remount-ro", 17); *(uint8_t*)0x200000000941 = 0x2c; memcpy((void*)0x200000000942, "usrjquota=", 10); *(uint8_t*)0x20000000094c = 0x2c; *(uint8_t*)0x20000000094d = 0; memcpy( (void*)0x200000000980, "\x78\x9c\xec\xdb\xcd\x6f\x14\x65\x18\x00\xf0\x67\x66\xbb\xe5\xdb\x56\xc4" "\x0f\x10\xb4\x8a\x46\xe2\x47\x4b\xcb\x87\x1c\xbc\x68\x34\xf1\xa0\x89\x89" "\x1e\x30\x9e\xea\xb6\x10\xa4\x50\x43\x6b\x22\xa4\x51\xf4\x80\x47\x43\xa2" "\x67\xe3\xd1\x44\xff\x01\x4f\x7a\x31\xea\xc9\xc4\xab\xde\x0d\x09\x31\xbd" "\x80\x9e\xd6\xcc\xce\x4c\x59\xda\xdd\x42\xe9\xb6\x5b\xd9\xdf\x2f\x99\xf6" "\x7d\x77\xde\xcd\xfb\x3c\x33\xf3\xee\xbe\x33\xb3\x13\x40\xcf\x1a\xca\xfe" "\x24\x11\xdb\x23\xe2\x8f\x88\x18\xc8\xab\x37\x37\x18\xca\xff\x5d\x9f\x9f" "\xab\xfd\x33\x3f\x57\x4b\xa2\x5e\x7f\xf3\xef\xa4\xd1\xee\xda\xfc\x5c\xad" "\x6c\x5a\xbe\x6f\x5b\x5e\xa9\xd7\x8b\xfa\xa6\x16\xfd\x5e\x7a\x27\x62\x7c" "\x6a\x6a\xf2\x5c\x51\x1f\x99\x3d\xf3\xfe\xc8\xcc\xf9\x0b\xcf\x9d\x3a\x33" "\x7e\x72\xf2\xe4\xe4\xd9\xb1\x63\xc7\x0e\x1f\xda\xd7\x7f\x74\xec\x48\x47" "\xf2\xcc\xf2\xba\xb6\xe7\xa3\xe9\xbd\xbb\x5f\x7d\xfb\xf2\xeb\xb5\xe3\x97" "\xdf\xfd\xe5\xdb\x2c\xde\xed\xc5\xfa\xe6\x3c\x3a\x65\x28\xdf\xba\x2d\x3d" "\xd9\xe9\xce\xba\x6c\x47\x53\x39\xe9\xeb\x62\x20\xac\x48\x25\x22\xb2\xdd" "\x55\x6d\x8c\xff\x81\xa8\xc4\x96\x85\x75\x03\xf1\xca\xa7\x5d\x0d\x0e\x58" "\x53\xf5\x7a\xbd\xde\xea\xfb\xb9\x70\xb1\x0e\xdc\xb5\xb2\xb9\x5a\xb7\x63" "\x00\xba\x23\xff\x9a\x2f\xcf\xdc\xe7\x6a\x6b\x71\x1e\xbc\x91\x5d\x7d\x31" "\x3f\x01\xca\xf2\xbe\x5e\x2c\xf9\x9a\xbe\x48\x8b\x36\xd5\x45\xe7\xb7\x9d" "\x34\x14\x11\xc7\x2f\xfe\xfb\x55\xb6\xc4\x1a\x5d\x87\x00\x00\x68\xf6\x43" "\x36\xff\x79\x36\x9f\x77\x94\x4b\xbe\x26\x8d\x07\x9a\xda\xdd\x53\xdc\x43" "\x19\x8c\x88\x7b\x23\x62\x67\x44\xdc\x17\x11\xbb\x22\xe2\xfe\x88\x46\xdb" "\x07\x23\xe2\xa1\x15\xf6\xbf\xf8\x0e\xc9\xd2\xf9\x4f\x7a\xe5\x8e\x12\xbb" "\x4d\xd9\xfc\xef\x85\xe2\xde\xd6\xcd\xf3\xbf\x72\xf6\x17\x83\x95\xa2\xb6" "\xa3\x91\x7f\x35\x39\x71\x6a\x6a\xf2\x60\xb1\x4d\x0e\x44\x75\x53\x56\x1f" "\x5d\xa6\x8f\x1f\x5f\xfe\xfd\xf3\x76\xeb\x9a\xe7\x7f\xd9\x72\xbd\x2f\x22" "\xf2\xb9\xe0\x77\x45\x93\xc3\x5f\x2e\xba\x40\x37\x31\x3e\x3b\xbe\xca\xb4" "\x17\x5c\xfd\x24\x62\x4f\x5f\xab\xfc\x93\x28\x6f\xe3\x64\x67\x07\xbb\x23" "\x62\xcf\x1d\xf6\x71\xea\xe9\x6f\xf6\xb6\x5b\xb7\x24\xff\xf9\xb9\x5a\x39" "\x17\xbe\xa5\x0e\xdc\x67\xaa\x7f\x1d\xf1\x54\xbe\xff\x2f\xc6\xa2\xfc\x4b" "\x49\xdb\xfb\x93\xa3\xcf\x1f\x1d\x3b\x32\xb2\x39\xa6\x26\x0f\x8e\x94\x47" "\xc5\x52\xbf\xfe\x76\xe9\x8d\x76\xfd\xaf\x2a\xff\x0e\xc8\xf6\xff\xd6\x96" "\xc7\xff\x42\xfe\x83\xc9\xe6\x88\x99\xf3\x17\x4e\x37\xee\xd7\xce\xac\xbc" "\x8f\x4b\x7f\x7e\xd6\xf6\x9c\xe6\xd6\xf9\xa7\x57\xfa\x5a\x1c\xff\xfd\xc9" "\x5b\x8d\x72\x7f\xf1\xda\x87\xe3\xb3\xb3\xe7\x46\x23\xfa\x93\xd7\x96\xbe" "\x3e\x76\xe3\xbd\x65\xbd\x6c\x9f\xe5\x7f\x60\x7f\xeb\xf1\xbf\x33\x6e\x6c" "\x89\x87\x23\x22\x3b\x88\xf7\x45\xc4\x23\x11\xf1\x68\x11\xfb\x63\x11\xf1" "\x78\x44\xec\x5f\x26\xff\x9f\x5f\x7a\xe2\xbd\x95\xe7\xbf\xcc\x55\xf9\x0e" "\xca\xf2\x9f\xb8\xd5\xfe\x8f\xe6\xfd\xbf\xf2\x42\xe5\xf4\x4f\xdf\xaf\x3c" "\xff\x52\xb6\xff\x0f\x37\x4a\x07\x8a\x57\x6e\xe7\xf3\xef\x46\x14\x95\x65" "\x63\x5f\xcd\xb6\x03\x00\x00\x80\xff\x8b\xb4\xf1\x1b\xf8\x24\x1d\x5e\x28" "\xa7\xe9\xf0\x70\xfe\x1b\xfe\x5d\xb1\x35\x9d\x9a\x9e\x99\x7d\xe6\xc4\xf4" "\x07\x67\x27\xf2\xdf\xca\x0f\x46\x35\x2d\xaf\x74\x0d\x34\x5d\x0f\x1d\x2d" "\xae\x0d\x97\xf5\xb1\x45\xf5\x43\xc5\x75\xe3\x2f\x2a\x5b\x1a\xf5\xe1\xda" "\xf4\xd4\x44\xb7\x93\x87\x1e\xb7\xad\xcd\xf8\xcf\xfc\x55\xe9\x76\x74\xc0" "\x9a\xf3\xbc\x16\xf4\x2e\xe3\x1f\x7a\x97\xf1\x0f\xbd\xeb\xb6\xc6\x7f\x92" "\xac\x7d\x20\xc0\xba\x6b\x31\xfe\xab\x65\xa1\x3e\xb0\xce\xc1\x00\xeb\xaa" "\xd5\xf7\xff\xc7\x5d\x88\x03\x58\x7f\xce\xff\xa1\x77\x19\xff\xd0\xbb\x8c" "\x7f\xe8\x5d\xc6\x3f\xf4\xa4\xb6\xcf\xc6\xa7\xab\x7a\xe4\xbf\x0b\x85\xec" "\x43\xac\xf5\x13\xfe\x1b\x25\xc2\x0e\x14\xaa\x1b\x23\x8c\xac\x10\xe9\x86" "\x08\xe3\xee\x2f\xf4\xc5\x1a\x77\xb1\xa9\xe5\xaa\x6e\x7f\x32\x01\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x74\xc6\x7f\x01\x00\x00\xff\xff\xf2" "\x8f\xd9\x8a", 1137); syz_mount_image( /*fs=*/0x200000000080, /*dir=*/0x200000000480, /*flags=MS_I_VERSION|MS_SLAVE|MS_PRIVATE|MS_POSIXACL|MS_RELATIME|MS_NOSUID|0xc0400004*/ 0xc0ed0006, /*opts=*/0x200000000900, /*chdir=*/-1, /*size=*/0x471, /*img=*/0x200000000980); memcpy((void*)0x200000000000, "/dev/loop#\000", 11); res = -1; res = syz_open_dev(/*dev=*/0x200000000000, /*id=*/0, /*flags=*/0); if (res != -1) r[162] = res; memcpy((void*)0x2000000000c0, "vfat\000", 5); memcpy((void*)0x2000000001c0, "./file0\000", 8); *(uint16_t*)0x200000000080 = 0; sprintf((char*)0x200000000082, "%023llo", (long long)-1); memcpy( (void*)0x200000000480, "\x78\x9c\xec\xdc\xcf\x4f\x13\x41\x14\xc0\xf1\x47\x29\xa5\x2d\xa1\xed\xc1" "\x68\x34\x31\x4c\xf4\xa2\x97\x0d\x54\xcf\xc6\xc6\x40\x62\x6c\x22\x01\x6a" "\x04\x13\x93\x05\xb6\xda\x74\x6d\x49\xb7\xc1\xd4\x18\xd1\x93\x57\xe3\x1f" "\xe1\x81\x70\xe4\x46\xa2\xfc\x03\x5c\xbc\xe9\xc5\x8b\x37\x2e\x26\x1e\xe4" "\x60\x5c\xb3\xbf\x68\x0b\x05\x4c\xa1\x14\xe1\xfb\x49\xc8\xbe\xee\xcc\x5b" "\x66\x32\x85\xbc\x69\x76\xbb\xf9\xf0\xdd\xb3\x62\xde\xd2\xf2\x7a\x55\x42" "\x51\x25\x3d\x22\x22\x5b\x22\x29\x09\x49\xa0\xc7\x3f\x86\xdc\x38\x22\x8d" "\x5e\xcb\xf5\x81\x9f\x5f\x2e\x4f\x4e\xcf\xdc\xcb\x64\xb3\xa3\x13\x4a\x8d" "\x65\xa6\x6e\xa4\x95\x52\x89\xa1\x8f\xcf\x5f\xc6\xfc\x6e\x6b\xfd\xb2\x91" "\x7a\xbc\xf9\x23\xfd\x7d\xe3\xfc\xc6\xc5\xcd\x3f\x53\x4f\x0b\x96\x2a\x58" "\xaa\x54\xae\x2a\x5d\xcd\x96\xbf\x55\xf5\x59\xd3\x50\xf3\x05\xab\xa8\x29" "\x35\x6e\x1a\xba\x65\xa8\x42\xc9\x32\x2a\x5e\x7b\xd9\x6b\xcf\x9b\xe5\x85" "\x85\x9a\xd2\x4b\xf3\x83\xf1\x85\x8a\x61\x59\x4a\x2f\xd5\x54\xd1\xa8\xa9" "\x6a\x59\x55\x2b\x35\xa5\x3f\xd1\x0b\x25\xa5\x69\x9a\x1a\x8c\x0b\x0e\x92" "\x5b\x9e\x98\xd0\x33\x6d\x26\xcf\x1d\xf1\x60\xd0\x21\x95\x4a\x46\xef\x15" "\x91\xd8\xae\x96\xdc\x72\x57\x06\x04\x00\x00\xba\x6a\x67\xfd\x1f\x72\x4a" "\xfa\xb6\xea\x7f\x49\xb8\xf5\xbf\xd3\xb9\x5e\xff\xaf\x5c\x59\xaf\x0e\x3c" "\x58\x4d\xf8\xf5\xff\x5a\xa4\x55\xfd\x7f\xf3\xab\x77\xad\xa6\xfa\x3f\x2a" "\x22\x1d\xaf\xff\x77\x57\x44\x67\xcb\xa1\xea\x7f\x9c\x0c\x43\x91\x5d\xa7" "\x7a\x9a\x5e\x39\xf5\x7f\xdc\xff\xfb\x75\xbd\x79\xb4\x32\xec\x06\xd4\xff" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc" "\x0f\xb6\x6c\x3b\x69\xdb\x76\x32\x38\x06\x3f\xf5\x47\x08\xfc\xd7\x38\x95" "\xf6\x5a\xff\x7e\x11\x89\x3a\xab\x6f\xb3\xfe\xa7\xd9\xe4\xf4\x8c\x44\xdd" "\x07\xf7\xc2\x09\x11\xf3\xed\x62\x6e\x31\xe7\x1d\xfd\x0e\xeb\x22\x62\x8a" "\x21\xc3\x92\x94\xdf\xee\xfb\xc1\xe7\xc4\xc1\x93\x47\xca\x91\x92\x4f\xe6" "\x92\x9f\xbf\xb4\x98\xeb\x75\x5b\x32\x79\x29\xb8\xf9\x23\x92\x94\xd4\xce" "\x7c\xdb\x1e\xbb\x9b\x1d\x1d\x51\x9e\xe6\xfc\x3e\x89\x37\xe6\xa7\x25\x29" "\xe7\x5a\xe7\xa7\x5b\xe6\x47\xe4\xda\xd5\x86\x7c\x4d\x92\xf2\x79\x4e\xca" "\x62\xca\xbc\xfb\xbe\xae\xe7\xbf\x1a\x51\xea\xce\xfd\xec\x8e\xfc\x98\xdb" "\x0f\x00\x00\x00\x00\x80\xd3\x40\x53\xdb\x5a\xee\xdf\x35\x6d\xaf\x76\x2f" "\x7f\x7b\x7f\xdd\xf2\xf3\x01\x6f\x7f\x3d\xdc\x72\x7f\x1e\x4e\x5e\x0a\x77" "\x77\xee\x00\x00\x00\x00\x00\x9c\x15\x56\xed\x45\x51\x37\x4d\xa3\xb2\x4f" "\x10\x93\x83\xfb\xb4\x1f\x84\xdb\x4b\xef\xdb\xaf\x4f\x6f\xc3\x0c\xff\xf5" "\x82\x11\xf7\x7e\x17\x91\xce\xcd\x74\x9f\x20\xb8\x91\xa2\xa9\x29\xea\x9f" "\x6c\xef\xca\xc1\xfc\x3b\x33\xe6\x90\xb4\x93\x35\xe4\x8c\x47\x1d\xf6\xb7" "\x07\x1f\x1b\xed\xd5\x47\xc6\xbb\xb0\x82\x6e\x70\xe1\xfd\x87\x5f\x47\x77" "\xc1\x5b\xab\xd1\x03\x66\xda\xb1\xa0\xef\x38\xfe\xf7\x00\x00\x00\x00\x38" "\x5e\xf5\xa2\x3f\x38\x73\xbb\xbb\x03\x02\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x0c\x3a\x8e" "\xaf\x13\xeb\xf6\x1c\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x93\xe2\x6f" "\x00\x00\x00\xff\xff\x7f\xe1\x04\x71", 747); syz_mount_image( /*fs=*/0x2000000000c0, /*dir=*/0x2000000001c0, /*flags=MS_I_VERSION|MS_STRICTATIME|MS_NODEV|0x200*/ 0x1800204, /*opts=*/0x200000000080, /*chdir=*/8, /*size=*/0x2eb, /*img=*/0x200000000480); for (int i = 0; i < 32; i++) { syz_mount_image( /*fs=*/0x2000000000c0, /*dir=*/0x2000000001c0, /*flags=MS_I_VERSION|MS_STRICTATIME|MS_NODEV|0x200*/ 0x1800204, /*opts=*/0x200000000080, /*chdir=*/8, /*size=*/0x2eb, /*img=*/0x200000000480); } memcpy((void*)0x200000000300, "./bus\000", 6); res = syscall(__NR_creat, /*file=*/0x200000000300ul, /*mode=*/0ul); for (int i = 0; i < 32; i++) { syscall(__NR_creat, /*file=*/0x200000000300ul, /*mode=*/0ul); } if (res != -1) r[163] = res; memcpy((void*)0x200000000440, "./bus\000", 6); res = syscall(__NR_open, /*file=*/0x200000000440ul, /*flags=*/0ul, /*mode=*/0ul); if (res != -1) r[164] = res; res = syscall(__NR_dup3, /*oldfd=*/r[164], /*newfd=*/r[163], /*flags=*/0ul); if (res != -1) r[165] = res; res = syscall(__NR_io_setup, /*n=*/6, /*ctx=*/0x200000000240ul); if (res != -1) r[166] = *(uint64_t*)0x200000000240; *(uint64_t*)0x200000000000 = 0x2000000000c0; *(uint64_t*)0x2000000000c0 = 0xf04aef; *(uint32_t*)0x2000000000c8 = 0x3d8; *(uint32_t*)0x2000000000cc = 8; *(uint16_t*)0x2000000000d0 = 0; *(uint16_t*)0x2000000000d2 = 0; *(uint32_t*)0x2000000000d4 = r[165]; *(uint64_t*)0x2000000000d8 = 0; *(uint64_t*)0x2000000000e0 = 0; *(uint64_t*)0x2000000000e8 = 0; *(uint64_t*)0x2000000000f0 = 0; *(uint32_t*)0x2000000000f8 = 0; *(uint32_t*)0x2000000000fc = -1; syscall(__NR_io_submit, /*ctx=*/r[166], /*nr=*/1ul, /*iocbpp=*/0x200000000000ul); *(uint32_t*)0x200000000040 = 0x18; *(uint32_t*)0x200000000044 = 2; *(uint32_t*)0x200000000048 = 0; *(uint32_t*)0x20000000004c = 0; *(uint32_t*)0x200000000050 = 0; *(uint32_t*)0x200000000054 = 0; *(uint32_t*)0x200000000058 = 0; *(uint32_t*)0x20000000005c = 0; syscall(__NR_open_by_handle_at, /*mountdirfd=*/r[162], /*handle=*/0x200000000040ul, /*flags=*/0ul); *(uint64_t*)0x200000000140 = 0x200000000000; *(uint16_t*)0x200000000000 = 0x10; *(uint16_t*)0x200000000002 = 0; *(uint32_t*)0x200000000004 = 0; *(uint32_t*)0x200000000008 = 0x1000000; *(uint32_t*)0x200000000148 = 0xc; *(uint64_t*)0x200000000150 = 0x200000000100; *(uint64_t*)0x200000000100 = 0x2000000009c0; *(uint32_t*)0x2000000009c0 = 0x1ac; *(uint16_t*)0x2000000009c4 = r[157]; *(uint16_t*)0x2000000009c6 = 0; *(uint32_t*)0x2000000009c8 = 0x70bd2a; *(uint32_t*)0x2000000009cc = 0x25dfdbfe; *(uint8_t*)0x2000000009d0 = 0x28; *(uint8_t*)0x2000000009d1 = 0; *(uint16_t*)0x2000000009d2 = 0; *(uint16_t*)0x2000000009d4 = 4; *(uint16_t*)0x2000000009d6 = 0x5f; *(uint16_t*)0x2000000009d8 = 0xa; *(uint16_t*)0x2000000009da = 6; memset((void*)0x2000000009dc, 0, 6); *(uint16_t*)0x2000000009e4 = 0xa; *(uint16_t*)0x2000000009e6 = 6; memset((void*)0x2000000009e8, 80, 6); *(uint16_t*)0x2000000009f0 = 0x29; *(uint16_t*)0x2000000009f2 = 0x2a; *(uint8_t*)0x2000000009f4 = 0x3e; *(uint8_t*)0x2000000009f5 = 1; *(uint8_t*)0x2000000009f6 = 3; *(uint8_t*)0x2000000009f7 = 0x76; *(uint8_t*)0x2000000009f8 = 6; *(uint8_t*)0x2000000009f9 = 0; *(uint8_t*)0x2000000009fa = 4; *(uint16_t*)0x2000000009fb = 0xe; *(uint16_t*)0x2000000009fd = 6; *(uint8_t*)0x2000000009ff = 0x75; *(uint8_t*)0x200000000a00 = 0x18; *(uint16_t*)0x200000000a01 = 1; *(uint16_t*)0x200000000a03 = 0x20; *(uint16_t*)0x200000000a05 = 5; *(uint16_t*)0x200000000a07 = 0x19; memcpy((void*)0x200000000a09, "\x57\xbc\x27\xf7\xb2\x41\x3a\x32\xdc\x18\x82\x61\x20\xa1\xf8\x58", 16); *(uint16_t*)0x200000000a1c = 4; *(uint16_t*)0x200000000a1e = 0x5f; *(uint16_t*)0x200000000a20 = 6; *(uint16_t*)0x200000000a22 = 0x36; *(uint16_t*)0x200000000a24 = 1; *(uint16_t*)0x200000000a28 = 0xa; *(uint16_t*)0x200000000a2a = 6; memcpy((void*)0x200000000a2c, "\x26\x10\x0f\x80\x79\x22", 6); *(uint16_t*)0x200000000a34 = 0x12e; *(uint16_t*)0x200000000a36 = 0x2a; *(uint8_t*)0x200000000a38 = 0x7e; *(uint8_t*)0x200000000a39 = 0x15; STORE_BY_BITMASK(uint8_t, , 0x200000000a3a, 0, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200000000a3a, 5, 1, 7); *(uint8_t*)0x200000000a3b = -1; *(uint8_t*)0x200000000a3c = 0; *(uint8_t*)0x200000000a3d = 8; *(uint8_t*)0x200000000a3e = 2; *(uint8_t*)0x200000000a3f = 0x11; *(uint8_t*)0x200000000a40 = 0; *(uint8_t*)0x200000000a41 = 0; *(uint8_t*)0x200000000a42 = 0; *(uint32_t*)0x200000000a43 = 1; *(uint32_t*)0x200000000a47 = 2; *(uint32_t*)0x200000000a4b = 8; *(uint8_t*)0x200000000a4f = 6; *(uint8_t*)0x200000000a50 = 2; *(uint16_t*)0x200000000a51 = 9; *(uint8_t*)0x200000000a53 = 3; *(uint8_t*)0x200000000a54 = 1; *(uint8_t*)0x200000000a55 = 0x30; *(uint8_t*)0x200000000a56 = 0x37; *(uint8_t*)0x200000000a57 = 0xb7; *(uint8_t*)0x200000000a58 = 0x67; *(uint8_t*)0x200000000a59 = 3; memcpy((void*)0x200000000a5a, "\x60\x0c\x80\xa8\x1d\x63\x77\xce\xf6\x7b\x2a\xd6\xac\x45\x9e\x68", 16); memcpy((void*)0x200000000a6a, "\x6e\xe3\x83\x44\x6e\x80\xbe\xbb\x60\x97\xaa\x4c\xff\xd9\x12\x80\xac" "\x73\x32\x29\x49\xe3\x67\xf6\xdd\x22\x97\xb0\x9e\x70\xd3\x84", 32); memcpy((void*)0x200000000a8a, "\x57\xe8\x43\x7d\x37\xce\x2d\x70\xeb\x05\xdc\x35\x09\xe8\xaa\x26\x9b" "\x29\xc3\x7a\x93\x2b\x21\x3e\xa6\x47\x6b\x12\x29\x4e\x52\xf0", 32); *(uint8_t*)0x200000000aaa = 3; *(uint8_t*)0x200000000aab = 0x23; memcpy( (void*)0x200000000aac, "\x82\xba\xdc\xbf\x55\x17\xa3\x76\x3f\x45\x09\x7a\xbd\x3e\x05\xcb\x6c\x8d" "\x4a\xf4\xe1\xd1\xbe\x32\xb2\xe5\x73\x48\x29\xdd\x28\xf1\x7e\x58\x4a", 35); *(uint8_t*)0x200000000acf = 2; *(uint8_t*)0x200000000ad0 = 0x1e; memcpy((void*)0x200000000ad1, "\xbd\x3d\x9a\x33\x7b\x87\xa1\x13\x61\x87\x12\xaa\xa3\xbe\xe2\x9d\x2a" "\xcc\x5c\xba\xd0\xe6\x0b\xef\x80\x58\x0a\xb2\x92\x12", 30); *(uint8_t*)0x200000000aef = 1; *(uint8_t*)0x200000000af0 = 0x1e; memcpy((void*)0x200000000af1, "\x35\xc1\xfc\x8a\xbf\xce\x88\xd3\x64\xc2\xc0\xbe\x2c\x5e\xb1\xdc\xa7" "\x4c\x2d\x11\xae\x67\xa4\xca\x48\x0e\xac\x33\x0e\xb9", 30); *(uint8_t*)0x200000000b0f = 0x76; *(uint8_t*)0x200000000b10 = 6; *(uint8_t*)0x200000000b11 = 0x81; *(uint8_t*)0x200000000b12 = 0x80; *(uint16_t*)0x200000000b13 = 0x36; *(uint16_t*)0x200000000b15 = 4; *(uint8_t*)0x200000000b17 = 0x3e; *(uint8_t*)0x200000000b18 = 1; *(uint8_t*)0x200000000b19 = 3; *(uint8_t*)0x200000000b1a = 0x83; *(uint8_t*)0x200000000b1b = 0x1f; STORE_BY_BITMASK(uint8_t, , 0x200000000b1c, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200000000b1c, 0, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200000000b1c, 0, 7, 1); *(uint8_t*)0x200000000b1d = 0x80; *(uint8_t*)0x200000000b1e = 0xb; *(uint8_t*)0x200000000b1f = 8; *(uint8_t*)0x200000000b20 = 2; *(uint8_t*)0x200000000b21 = 0x11; *(uint8_t*)0x200000000b22 = 0; *(uint8_t*)0x200000000b23 = 0; *(uint8_t*)0x200000000b24 = 0; *(uint32_t*)0x200000000b25 = 2; *(uint32_t*)0x200000000b29 = 0x800; *(uint32_t*)0x200000000b2d = 7; memset((void*)0x200000000b31, 255, 6); *(uint32_t*)0x200000000b37 = 0x80000000; *(uint8_t*)0x200000000b3b = 0x83; *(uint8_t*)0x200000000b3c = 0x25; STORE_BY_BITMASK(uint8_t, , 0x200000000b3d, 0, 0, 6); STORE_BY_BITMASK(uint8_t, , 0x200000000b3d, 1, 6, 1); STORE_BY_BITMASK(uint8_t, , 0x200000000b3d, 0, 7, 1); *(uint8_t*)0x200000000b3e = 4; *(uint8_t*)0x200000000b3f = 5; *(uint8_t*)0x200000000b40 = 8; *(uint8_t*)0x200000000b41 = 2; *(uint8_t*)0x200000000b42 = 0x11; *(uint8_t*)0x200000000b43 = 0; *(uint8_t*)0x200000000b44 = 0; *(uint8_t*)0x200000000b45 = 1; *(uint32_t*)0x200000000b46 = 0x8410; *(uint8_t*)0x200000000b4a = 8; *(uint8_t*)0x200000000b4b = 2; *(uint8_t*)0x200000000b4c = 0x11; *(uint8_t*)0x200000000b4d = 0; *(uint8_t*)0x200000000b4e = 0; *(uint8_t*)0x200000000b4f = 0; *(uint32_t*)0x200000000b50 = 0x40; *(uint32_t*)0x200000000b54 = 0x400; memset((void*)0x200000000b58, 255, 6); *(uint32_t*)0x200000000b5e = 0x7d; *(uint16_t*)0x200000000b64 = 6; *(uint16_t*)0x200000000b66 = 0x36; *(uint16_t*)0x200000000b68 = 9; *(uint64_t*)0x200000000108 = 0x1ac; *(uint64_t*)0x200000000158 = 1; *(uint64_t*)0x200000000160 = 0; *(uint64_t*)0x200000000168 = 0; *(uint32_t*)0x200000000170 = 0x4000000; syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0x200000000140ul, /*f=MSG_ZEROCOPY*/ 0x4000000ul); memcpy( (void*)0x200000000000, "prodM\260\352\a\006\276\256n/" "\3164\267\301\357\272!" "\235\rSt\2424\t\000\000\000\000\000\000\000\377\377\020\004\000\000\035z" "\3205\342e,\261\204\352\221^%A\345\236\023TdT\306^p\260#" "R\004\006\256\353A;" "Y\353\217\354\264\371\027\267\004\302\300\306\264\v\377\374\210\220\253C" "\002\000\3604\003\210\2569\'>R^P{Vr!" "\342W\3072\352\267Wp\3036\226\377Z\\A@\000\000\000\311\363Y\270\211#" "\241\261)Dk\353\241\t\000{u[\275\235\364\277\\\316\002P\362MY\005^" "\377j\234\024\267\266v\035*1>\000 " "\000\000\000\000\024C?]\214\264Y\317\200\205\326\0036\310~" "\250\f\000\000\265U\354\3406\355\344\333\337\a\320lg\023\371\213:s>" "\327s\357\263\237#\025)\371\3410\307\26262<" "k\250\210\001\000fhD\347\266\027\200\225\250\036\t\2601KB\313\000\036" "\177E\177\002\000\000\000y<" "nGR\224\231\270\211\233\217\325\346\002\265C\255\"u\364>-" "\000\000\000\000\310X\332Nz\016u\217\001\000\000\000\000\000\000\335\377" "\377\377\000\000\000\000\000\000\000\000\000\303\247/" "\017\233`\245\230\201a\356v\000\000\000\000\a\000\000m2\362\330," "\027\370\216\256\310\255\355<\"\216\n\235\2613\215\357\226\322M\"8=" "tg\337U\320q\225/" "f\354\334\243\341[\300\252\357z\311\364[R\3036b\242]" "\355\350\260\372\"\242\3227)\325yQ\377}5\224\210\241\334\241g\340q\305:" "\344\337\200\263,\271\262\334\201\2376\017\204WY\277SY`" "\270\a\031\261\0058\244\303\273\370aB:\204\002?" "\000\000\000\000\000\000\000\000\000\000\000\000\000\363o-" "GU\260\000F\263o(aI[\326\237G\256I\203\223\214C\300#\340q\320Ex|" "\333\250\026\376>:\t0\375\212\307\204\265\307M-" "0A\360\224\363\314\215\2733\\\"\2102\263\2504\254\000\335}\016\301 " "\353Ft\306\314\f}1X#" "\344\341\224i\316\241\377\225\200\264T\234\001\363\034LB\224m(" "m\f\274\353Y\240\367\360\235\020\275\206\033y\346\337\300\305\271\271" "\277\337~9\nC\351\305\016\332\234(\233\"\307\227\374\b\331\302T\247*}]" "\310\263 .\233\211\017\370$\335>lU\023EG\2731] " "\332\031\305\233\025\225\304\374w\273\222\221\304\246\2207XK\374\027]" "\372\377\'\357\222\034\270\037K\262o " "\321\275\262\021+\243R\357gi\016(\343?Q\302\275W\005\354\263=@\003\306^" "\242\025%\260\'D#\266Q\217\202?S>\000P\234E\222{" "d\346\234j1\207\263\001\336\350\211\304s\267\024~}" "\252\214\303\225BAE\362.\217#;" "a\224\"\321U\377\350v\323\204d\364\0234\246XI\345h\252\025\232\367Z\343%" "\210p\220\273\235t\243\341\r\215\224\"\031\213\027)" "\352\325\027\353\344\033\017BZ1\276\356\372\034\371\246\021\224\006\\P:" "\257\316x\302\202\232\026\374\241\371q\022\343\032\334\267\022\273a\b" "\273\355\262\321W\342\213\2158}\020W\275\2460A\303\003\372\2110~#" "\bQ\313)\366]\236\024\322\352\202\250\267ZG\025r\361n 1\215 " "\301\257\031\\\221\023\0338\341\303\244\v\224\277J\265\336\225\202\000]" "B|\342[%\343\360\004\272\355\333\365\177\235\376>\366m$M&\177q]" "\344\366\202\303\000\261zg}\231E\244\031\351\0324a\3275D-k\204\246\022+" "\353k\241\376k\211\357\030\301)" "6\2465\342D\276\341\337q\33568\3637g\2539m\347\335O\v?\340\276}" "\251U\307{\323\026W\273\345\322\223\376\244\235\r$\3511c8`\206\274)" "\3429\303}\271P\325F\306\022\214_" "x\250\372\265K\003\205\223k\341\216\037)\"." "\314\'\v\246\033j\\\n\3518yA\330T\205\200A\313o\231\231\353)" "r\032\316\030(\0305LL\274OeO\'\342\206&\344\342\347~" "\222\242\262\033\303\000\205\316\2557\207\240\374c\365\370\257\v," "q\324\030\275M\032\336\210*" "L\005m6\354H\320T\270m\333\b\246\002\373\023\254\221\212\215\224\223\215" "=\261\204\234\233\345\307\246\311Q\301eUc\314\0300^" "\000\000\000\000\000\000\000\000\000\000\000\000K", 1147); res = syscall(__NR_memfd_create, /*name=*/0x200000000000ul, /*flags=MFD_HUGETLB|MFD_ALLOW_SEALING*/ 6ul); if (res != -1) r[167] = res; syscall(__NR_lseek, /*fd=*/r[167], /*offset=*/0ul, /*whence=SEEK_CUR*/ 1ul); memcpy((void*)0x200000000140, "/dev/sg#\000", 9); res = -1; res = syz_open_dev(/*dev=*/0x200000000140, /*id=*/0, /*flags=*/0); if (res != -1) r[168] = res; *(uint64_t*)0x200000000000 = 0xb5; syscall(__NR_ioctl, /*fd=*/r[168], /*cmd=FIOASYNC*/ 0x5452, /*v=*/0x200000000000ul); res = syscall(__NR_socket, /*domain=*/0xaul, /*type=SOCK_RAW*/ 3ul, /*proto=*/5); if (res != -1) r[169] = res; *(uint32_t*)0x200000000440 = 0xc; res = syscall(__NR_getsockopt, /*fd=*/r[169], /*level=*/1, /*optname=*/0x11, /*optval=*/0x2000000001c0ul, /*optlen=*/0x200000000440ul); if (res != -1) r[170] = *(uint32_t*)0x2000000001c8; syscall(__NR_setregid, /*rgid=*/0xee00, /*egid=*/0); syscall(__NR_setregid, /*rgid=*/r[170], /*egid=*/0); for (int i = 0; i < 64; i++) { syscall(__NR_setregid, /*rgid=*/r[170], /*egid=*/0); } res = syscall(__NR_semget, /*key=*/0ul, /*nsems=*/0x4000000009ul, /*flags=*/0ul); for (int i = 0; i < 64; i++) { syscall(__NR_semget, /*key=*/0ul, /*nsems=*/0x4000000009ul, /*flags=*/0ul); } if (res != -1) r[171] = res; *(uint16_t*)0x2000000000c0 = 0; *(uint16_t*)0x2000000000c2 = 0x949c; *(uint16_t*)0x2000000000c4 = 0; *(uint16_t*)0x2000000000c6 = 0; *(uint16_t*)0x2000000000c8 = 0; *(uint16_t*)0x2000000000ca = 0; syscall(__NR_semop, /*semid=*/r[171], /*ops=*/0x2000000000c0ul, /*nops=*/2ul); syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0ul, /*timerid=*/0ul); for (int i = 0; i < 64; i++) { syscall(__NR_timer_create, /*id=*/0ul, /*ev=*/0ul, /*timerid=*/0ul); } memcpy((void*)0x2000000000c0, "ext4\000", 5); memcpy((void*)0x200000000040, "./file0\000", 8); memcpy((void*)0x200000000100, "quota", 5); *(uint8_t*)0x200000000105 = 0x2c; memcpy((void*)0x200000000106, "nodelalloc", 10); *(uint8_t*)0x200000000110 = 0x2c; memcpy((void*)0x200000000111, "errors=remount-ro", 17); *(uint8_t*)0x200000000122 = 0x2c; memcpy((void*)0x200000000123, "grpid", 5); *(uint8_t*)0x200000000128 = 0x2c; *(uint8_t*)0x200000000129 = 0; memcpy( (void*)0x200000000a00, "\x78\x9c\xec\xdd\x4f\x6f\x54\x5f\x19\x00\xe0\xf7\xde\xb6\xf4\xcf\xaf\xd0" "\x12\x59\xa8\x51\x41\x44\xd1\x10\x66\xda\x01\x1a\xc3\x0a\x37\x1a\x43\x48" "\x8c\xc4\x95\x0b\xa8\xed\xd0\x34\x9d\xe9\x34\x9d\x29\xd2\xca\xa2\x7c\x07" "\x13\x49\x5c\xe9\x47\x70\x61\xe2\xc2\x84\x95\x7b\x77\xba\x73\x03\x0b\x13" "\x54\xa2\xa1\x26\x2e\xc6\xdc\x3b\xd3\xd2\x96\x4e\x5b\x84\xce\xc4\xce\xf3" "\x24\x27\xf7\x9e\x7b\x86\x79\xcf\x61\x72\xcf\x3b\x3d\xd3\xce\x09\xa0\x6f" "\x5d\x8a\x88\xcd\x88\x38\x13\x11\x0f\x23\x62\xa2\x7d\x3d\x69\x97\xb8\xd3" "\x2a\xd9\xe3\xde\xbe\x79\x3a\xb7\xf5\xe6\xe9\x5c\x12\xcd\xe6\xfd\xbf\x27" "\x79\x7b\x76\x2d\x76\xfd\x9b\xcc\x67\xed\xe7\x1c\x89\x88\x1f\x7e\x2f\xe2" "\x27\xc9\xfb\x71\xeb\xeb\x1b\x4b\xb3\x95\x4a\x79\xb5\x5d\x2f\x36\xaa\x2b" "\xc5\xfa\xfa\xc6\xf5\xc5\xea\xec\x42\x79\xa1\xbc\x5c\x2a\xcd\x4c\xcf\x4c" "\x7d\xfb\xc6\xad\xd2\x27\x1b\xeb\xc5\xea\x6f\x5e\x7f\x77\xf1\xee\x8f\x7e" "\xff\xbb\x2f\xbf\xfc\xe3\xe6\xb7\x7e\x96\x75\x6b\xbc\xdd\xb6\x7b\x1c\x9f" "\x52\x6b\xe8\x43\x3b\x71\x32\x83\x11\x71\xf7\x24\x82\xf5\xc0\x40\x7b\x3c" "\x67\x7a\xdd\x11\xfe\x27\x69\x44\x14\x22\xe2\x72\x7e\xff\x4f\xc4\x40\xfe" "\x6a\x02\x00\xa7\x59\xb3\x39\x11\xcd\x89\xdd\x75\x00\xe0\xb4\x4b\xf3\x35" "\xb0\x24\x2d\xb4\xd7\x02\xc6\x23\x4d\x0b\x85\xd6\x1a\xde\x85\x18\x4b\x2b" "\xb5\x7a\xe3\xda\xa3\xda\xda\xf2\x7c\x6b\xad\x6c\x32\x86\xd2\x47\x8b\x95" "\xf2\x54\x7b\xad\x70\x32\x86\x92\xac\x3e\x9d\x9f\xbf\xab\x97\xf6\xd5\x6f" "\x44\xc4\xf9\x88\xf8\xf9\xf0\x68\x5e\x2f\xcc\xd5\x2a\xf3\xbd\x7c\xe3\x03" "\x00\x7d\xec\xb3\x7d\xf9\xff\x5f\xc3\xad\xfc\x0f\x00\x9c\x72\x23\xbd\xee" "\x00\x00\xd0\x75\xf2\x3f\x00\xf4\x1f\xf9\x1f\x00\xfa\x8f\xfc\x0f\x00\xfd" "\x47\xfe\x07\x80\xfe\x23\xff\x03\x40\xff\x91\xff\x01\xa0\xaf\xfc\xe0\xde" "\xbd\xac\x34\xb7\xda\xdf\x7f\x3d\xff\x78\x7d\x6d\xa9\xf6\xf8\xfa\x7c\xb9" "\xbe\x54\xa8\xae\xcd\x15\xe6\x6a\xab\x2b\x85\x85\x5a\x6d\x21\xff\xce\x9e" "\xea\x51\xcf\x57\xa9\xd5\x56\xa6\x6f\xc6\xda\x93\x62\xa3\x5c\x6f\x14\xeb" "\xeb\x1b\x0f\xaa\xb5\xb5\xe5\xc6\x83\xfc\x7b\xbd\x1f\x94\x87\xba\x32\x2a" "\x00\xe0\x30\xe7\x2f\xbe\xf8\x73\x12\x11\x9b\xb7\x47\xf3\x12\xbb\xf6\x72" "\x90\xab\xe1\x74\x4b\x7b\xdd\x01\xa0\x67\x06\x7a\xdd\x01\xa0\x67\x8e\xd8" "\xed\xeb\x55\xb7\xfa\x01\x74\x9f\x9f\xf1\x81\x03\xb6\xe8\xdd\x63\xd7\xaf" "\x08\x8d\xee\x69\x78\x7e\x32\xfd\x01\x4e\xde\xd5\x2f\x58\xff\x87\x7e\x65" "\xfd\x1f\xfa\x97\xf5\x7f\xe8\x5f\x47\xac\xff\x03\xa7\x58\xb3\x99\xd8\xf3" "\x1f\x00\xfa\x8c\x35\x7e\xe0\x03\x3e\xff\xdf\xcb\xe7\xff\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\xf4\xb1\xf1\xbc\x24\x69\xa1\xbd\x17\xf8\x78\xa4\x69\xa1\x10\x71" "\x36\x22\x26\x63\x28\x79\xb4\x58\x29\x4f\x45\xc4\xb9\x88\xf8\xd3\xf0\xd0" "\x70\x56\x9f\xee\x75\xa7\x01\x80\x8f\x94\xfe\x35\x69\xef\xff\x75\x75\xe2" "\xca\xf8\xfe\xd6\x33\xc9\xbf\x87\xf3\x63\x44\xfc\xf4\x97\xf7\x7f\xf1\x64" "\xb6\xd1\x58\x9d\xce\xae\xff\x63\xe7\x7a\xe3\x79\xfb\x7a\xa9\x17\xfd\x07" "\x00\x8e\xb2\x9d\xa7\xb7\xf3\xf8\xb6\xb7\x6f\x9e\xce\x6d\x97\x6e\xf6\xe7" "\xf5\x77\x5a\x9b\x8b\x66\x71\xb7\xda\xa5\xd5\x32\x18\x83\xf9\x71\x24\x86" "\x22\x62\xec\x9f\x49\xbb\xde\x92\xbd\x5f\x19\xf8\x04\xf1\x37\x9f\x45\xc4" "\xe7\x0f\x1a\x7f\x92\xaf\x8d\x4c\xb6\x77\x3e\xdd\x1f\x3f\x8b\x7d\xb6\xab" "\xf1\xd3\x3d\xf1\xd3\xbc\xad\x75\xcc\xfe\x2f\x3e\xf7\xe1\xa1\x3b\x6e\xe9" "\x0a\xfd\xe2\x45\x36\xff\xdc\x39\xe8\xfe\x4b\xe3\x52\x7e\x3c\xf8\xfe\x1f" "\xc9\x67\xa8\x8f\xb7\x3d\xff\x6d\xbd\x37\xff\xa5\x3b\xf3\xdf\x40\x87\xf9" "\xef\xd2\x71\x63\xdc\xfc\xc3\xf7\x3b\xb6\x3d\x8b\xf8\xe2\xe0\x41\xf1\x93" "\x9d\xf8\x49\x87\xf8\x57\x8e\x19\xff\x2f\x5f\xfa\xca\xe5\x4e\x6d\xcd\x5f" "\x45\x5c\x8d\x83\xe3\xef\x8e\x55\x6c\x54\x57\x8a\xf5\xf5\x8d\xeb\x8b\xd5" "\xd9\x85\xf2\x42\x79\xb9\x54\x9a\x99\x9e\x99\x1a\xbd\x71\xab\x54\xcc\xd7" "\xa8\x8b\xdb\x2b\xd5\xef\xfb\xdb\xed\x6b\xe7\x0e\x1b\xff\x58\x87\xf8\x23" "\x47\x8c\xff\xeb\xc7\x1c\xff\xaf\xff\xf3\xf0\xc7\x5f\x3d\x24\xfe\x37\xbf" "\x76\xf0\xeb\x7f\xe1\x90\xf8\x59\x4e\xfc\xc6\x31\xe3\xcf\x8e\xfd\xb6\xe3" "\x5c\x9f\xc5\x9f\xef\x30\xfe\xbd\xaf\xff\xde\x7c\x91\x5d\xbb\x76\xcc\xf8" "\x2f\x5f\x6d\xcc\x1f\xf3\xa1\x00\x40\x17\xd4\xd7\x37\x96\x66\x2b\x95\xf2" "\xea\xe1\x27\xdb\xb9\xff\x58\x0f\x76\xe2\xc4\xc9\xff\xfb\x49\x8f\x27\x26" "\xe0\xc4\xbd\xbb\xe9\x7b\xdd\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\xa0\x93\x6e\xfc\x39\x51\xaf\xc7\x08\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xe9\xf5" "\xdf\x00\x00\x00\xff\xff\xff\x96\xd6\xc9", 1216); syz_mount_image(/*fs=*/0x2000000000c0, /*dir=*/0x200000000040, /*flags=*/0, /*opts=*/0x200000000100, /*chdir=*/1, /*size=*/0x4c0, /*img=*/0x200000000a00); for (int i = 0; i < 64; i++) { syz_mount_image(/*fs=*/0x2000000000c0, /*dir=*/0x200000000040, /*flags=*/0, /*opts=*/0x200000000100, /*chdir=*/1, /*size=*/0x4c0, /*img=*/0x200000000a00); } res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0xc); if (res != -1) r[172] = res; *(uint64_t*)0x200000000300 = 0; *(uint32_t*)0x200000000308 = 0; *(uint64_t*)0x200000000310 = 0x2000000000c0; *(uint64_t*)0x2000000000c0 = 0x200000000200; *(uint32_t*)0x200000000200 = 0x68; *(uint8_t*)0x200000000204 = 0; *(uint8_t*)0x200000000205 = 1; *(uint16_t*)0x200000000206 = 0x401; *(uint32_t*)0x200000000208 = 0; *(uint32_t*)0x20000000020c = 0; *(uint8_t*)0x200000000210 = 2; *(uint8_t*)0x200000000211 = 0; *(uint16_t*)0x200000000212 = htobe16(0); *(uint16_t*)0x200000000214 = 0x24; STORE_BY_BITMASK(uint16_t, , 0x200000000216, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000217, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000217, 1, 7, 1); *(uint16_t*)0x200000000218 = 0x14; STORE_BY_BITMASK(uint16_t, , 0x20000000021a, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20000000021b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000000021b, 1, 7, 1); *(uint16_t*)0x20000000021c = 8; *(uint16_t*)0x20000000021e = 1; *(uint8_t*)0x200000000220 = 0xac; *(uint8_t*)0x200000000221 = 0x14; *(uint8_t*)0x200000000222 = 0x14; *(uint8_t*)0x200000000223 = 0; *(uint16_t*)0x200000000224 = 8; *(uint16_t*)0x200000000226 = 2; *(uint8_t*)0x200000000228 = 0xac; *(uint8_t*)0x200000000229 = 0x14; *(uint8_t*)0x20000000022a = 0x14; *(uint8_t*)0x20000000022b = 0xbb; *(uint16_t*)0x20000000022c = 0xc; STORE_BY_BITMASK(uint16_t, , 0x20000000022e, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20000000022f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000000022f, 1, 7, 1); *(uint16_t*)0x200000000230 = 5; *(uint16_t*)0x200000000232 = 1; *(uint8_t*)0x200000000234 = 0; *(uint16_t*)0x200000000238 = 0x24; STORE_BY_BITMASK(uint16_t, , 0x20000000023a, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20000000023b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000000023b, 1, 7, 1); *(uint16_t*)0x20000000023c = 0x14; STORE_BY_BITMASK(uint16_t, , 0x20000000023e, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20000000023f, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000000023f, 1, 7, 1); *(uint16_t*)0x200000000240 = 8; *(uint16_t*)0x200000000242 = 1; *(uint8_t*)0x200000000244 = 0xac; *(uint8_t*)0x200000000245 = 0x14; *(uint8_t*)0x200000000246 = 0x14; *(uint8_t*)0x200000000247 = 0xaa; *(uint16_t*)0x200000000248 = 8; *(uint16_t*)0x20000000024a = 2; *(uint8_t*)0x20000000024c = 0xac; *(uint8_t*)0x20000000024d = 0x14; *(uint8_t*)0x20000000024e = 0x14; *(uint8_t*)0x20000000024f = 0; *(uint16_t*)0x200000000250 = 0xc; STORE_BY_BITMASK(uint16_t, , 0x200000000252, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000253, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000253, 1, 7, 1); *(uint16_t*)0x200000000254 = 5; *(uint16_t*)0x200000000256 = 1; *(uint8_t*)0x200000000258 = 0; *(uint16_t*)0x20000000025c = 8; STORE_BY_BITMASK(uint16_t, , 0x20000000025e, 7, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20000000025f, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000000025f, 0, 7, 1); *(uint32_t*)0x200000000260 = htobe32(0); *(uint16_t*)0x200000000264 = 4; STORE_BY_BITMASK(uint16_t, , 0x200000000266, 0xf, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000267, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000267, 1, 7, 1); *(uint64_t*)0x2000000000c8 = 0x68; *(uint64_t*)0x200000000318 = 1; *(uint64_t*)0x200000000320 = 0; *(uint64_t*)0x200000000328 = 0; *(uint32_t*)0x200000000330 = 0; syscall(__NR_sendmsg, /*fd=*/r[172], /*msg=*/0x200000000300ul, /*f=*/0ul); memcpy((void*)0x200000000040, "./bus\000", 6); syscall( __NR_open, /*file=*/0x200000000040ul, /*flags=O_NOFOLLOW|O_NOCTTY|O_NOATIME|O_CREAT|O_CLOEXEC|0x2*/ 0xe0142ul, /*mode=*/0ul); for (int i = 0; i < 32; i++) { syscall( __NR_open, /*file=*/0x200000000040ul, /*flags=O_NOFOLLOW|O_NOCTTY|O_NOATIME|O_CREAT|O_CLOEXEC|0x2*/ 0xe0142ul, /*mode=*/0ul); } memcpy((void*)0x200000000000, ".\000", 2); res = syscall(__NR_fspick, /*dfd=*/0xffffff9c, /*path=*/0x200000000000ul, /*flags=*/0ul); for (int i = 0; i < 32; i++) { syscall(__NR_fspick, /*dfd=*/0xffffff9c, /*path=*/0x200000000000ul, /*flags=*/0ul); } if (res != -1) r[173] = res; memcpy((void*)0x200000000080, "ro\000", 3); syscall(__NR_fsconfig, /*fd=*/r[173], /*cmd=*/0ul, /*key=*/0x200000000080ul, /*value=*/0ul, /*aux=*/0ul); for (int i = 0; i < 32; i++) { syscall(__NR_fsconfig, /*fd=*/r[173], /*cmd=*/0ul, /*key=*/0x200000000080ul, /*value=*/0ul, /*aux=*/0ul); } syscall(__NR_fsconfig, /*fd=*/r[173], /*cmd=*/7ul, /*key=*/0ul, /*value=*/0ul, /*aux=*/0ul); for (int i = 0; i < 32; i++) { syscall(__NR_fsconfig, /*fd=*/r[173], /*cmd=*/7ul, /*key=*/0ul, /*value=*/0ul, /*aux=*/0ul); } syscall(__NR_semctl, /*semid=*/r[171], /*semnum=*/0ul, /*cmd=*/0ul, 0); for (int i = 0; i < 64; i++) { syscall(__NR_semctl, /*semid=*/r[171], /*semnum=*/0ul, /*cmd=*/0ul, 0); } syz_sysconfig_reset__proc_sys_net_ipv6_conf_eth0_accept_untracked_na(); for (int i = 0; i < 64; i++) { syz_sysconfig_reset__proc_sys_net_ipv6_conf_eth0_accept_untracked_na(); } memcpy((void*)0x200000007f80, "./bus\000", 6); res = syscall(__NR_open, /*file=*/0x200000007f80ul, /*flags=O_SYNC|O_NOCTTY|O_NOATIME|O_EXCL|O_CREAT|0x2*/ 0x1411c2ul, /*mode=S_IWOTH|S_IROTH|S_IXGRP|S_IWUSR*/ 0x8eul); if (res != -1) r[174] = res; syscall(__NR_ftruncate, /*fd=*/r[174], /*len=*/0x2007ffbul); syscall(__NR_sendfile, /*fdout=*/-1, /*fdin=*/-1, /*off=*/0ul, /*count=*/4ul); res = syscall(__NR_eventfd2, /*initval=*/0x800, /*flags=EFD_NONBLOCK|EFD_CLOEXEC*/ 0x80800ul); if (res != -1) r[175] = res; syscall(__NR_sendfile, /*fdout=*/-1, /*fdin=*/r[175], /*off=*/0ul, /*count=*/6ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xb36000ul, /*prot=PROT_WRITE*/ 2ul, /*flags=MAP_STACK|MAP_POPULATE|MAP_FIXED|MAP_SHARED*/ 0x28011ul, /*fd=*/r[174], /*offset=*/0ul); syscall(__NR_mbind, /*addr=*/0x200000001000ul, /*len=*/0x800000ul, /*mode=*/0ul, /*nodemask=*/0ul, /*maxnode=*/0ul, /*flags=MPOL_MF_MOVE*/ 2ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10); if (res != -1) r[176] = res; memcpy((void*)0x200000000040, "nl80211\000", 8); syz_genetlink_get_family_id(/*name=*/0x200000000040, /*fd=*/-1); syscall(__NR_fsmount, /*fs_fd=*/-1, /*flags=*/0ul, /*attr_flags=*/0x10ul); syscall(__NR_ioctl, /*fd=*/r[176], /*cmd=*/0x8933, /*arg=*/0ul); syscall(__NR_sendmsg, /*fd=*/-1, /*msg=*/0ul, /*f=*/0ul); memcpy((void*)0x200000000000, "task\000", 5); res = -1; res = syz_open_procfs(/*pid=*/0, /*file=*/0x200000000000); if (res != -1) r[177] = res; syscall(__NR_getdents64, /*fd=*/r[177], /*ent=*/0ul, /*count=*/0ul); res = syscall(__NR_socketpair, /*domain=*/1ul, /*type=SOCK_STREAM*/ 1ul, /*proto=*/0, /*fds=*/0x200000000180ul); if (res != -1) r[178] = *(uint32_t*)0x200000000184; memcpy((void*)0x200000000100, "sit0\000\000\000\000\000\000\000\000\000\000\000\000", 16); *(uint64_t*)0x200000000110 = 0x200000000040; *(uint32_t*)0x200000000040 = 0x1e; *(uint32_t*)0x200000000044 = 0; *(uint32_t*)0x200000000048 = 0; *(uint16_t*)0x20000000004c = 0; *(uint8_t*)0x20000000004e = 0; *(uint8_t*)0x20000000004f = 0; *(uint8_t*)0x200000000050 = 0; *(uint8_t*)0x200000000051 = 0; *(uint8_t*)0x200000000052 = 0; *(uint8_t*)0x200000000053 = 0; *(uint32_t*)0x200000000054 = 0; *(uint32_t*)0x200000000058 = 0; *(uint16_t*)0x20000000005c = 0; *(uint8_t*)0x20000000005e = 0; *(uint8_t*)0x20000000005f = 0; *(uint32_t*)0x200000000060 = 0; *(uint32_t*)0x200000000064 = 0; *(uint32_t*)0x200000000068 = 0; syscall(__NR_ioctl, /*fd=*/r[178], /*cmd=*/0x8946, /*arg=*/0x200000000100ul); memcpy((void*)0x200000000000, "/dev/vcsa#\000", 11); res = -1; res = syz_open_dev(/*dev=*/0x200000000000, /*id=*/6, /*flags=*/0); if (res != -1) r[179] = res; *(uint64_t*)0x200000000380 = 0x200000000280; *(uint64_t*)0x200000000388 = 0xe6; syscall(__NR_preadv, /*fd=*/r[179], /*vec=*/0x200000000380ul, /*vlen=*/1ul, /*off_low=*/8, /*off_high=*/0); memcpy((void*)0x200000000040, "./file0\000", 8); syscall(__NR_open, /*file=*/0x200000000040ul, /*flags=O_NOFOLLOW|O_NOCTTY|O_NOATIME|O_RDWR*/ 0x60102ul, /*mode=S_IRUSR*/ 0x100ul); memcpy((void*)0x200000000040, "ext4\000", 5); memcpy((void*)0x200000000500, "./file0\000", 8); memcpy((void*)0x2000000001c0, "noblock_validity", 16); *(uint8_t*)0x2000000001d0 = 0x2c; memcpy((void*)0x2000000001d1, "max_dir_size_kb", 15); *(uint8_t*)0x2000000001e0 = 0x3d; sprintf((char*)0x2000000001e1, "0x%016llx", (long long)0xb); *(uint8_t*)0x2000000001f3 = 0x2c; memcpy((void*)0x2000000001f4, "lazytime", 8); *(uint8_t*)0x2000000001fc = 0x2c; memcpy((void*)0x2000000001fd, "norecovery", 10); *(uint8_t*)0x200000000207 = 0x2c; memcpy((void*)0x200000000208, "journal_dev", 11); *(uint8_t*)0x200000000213 = 0x3d; sprintf((char*)0x200000000214, "0x%016llx", (long long)0x4d40); *(uint8_t*)0x200000000226 = 0x2c; memcpy((void*)0x200000000227, "noauto_da_alloc", 15); *(uint8_t*)0x200000000236 = 0x2c; memcpy((void*)0x200000000237, "nogrpid", 7); *(uint8_t*)0x20000000023e = 0x2c; memcpy((void*)0x20000000023f, "noload", 6); *(uint8_t*)0x200000000245 = 0x2c; memcpy((void*)0x200000000246, "resgid", 6); *(uint8_t*)0x20000000024c = 0x3d; sprintf((char*)0x20000000024d, "0x%016llx", (long long)0); *(uint8_t*)0x20000000025f = 0x32; *(uint8_t*)0x200000000260 = 0; memcpy( (void*)0x200000000540, "\x78\x9c\xec\xdd\x5d\x6b\x1c\x5d\x1d\x00\xf0\xff\x4c\xb2\x8f\x7d\xc9\x63" "\xf2\xf8\x02\xb5\x60\x5b\x6d\x25\x2d\xda\xdd\xa4\xb1\x6d\xf0\xa2\x2f\x20" "\xde\x15\x94\x7a\x5f\x63\xb2\x09\x21\x9b\x6c\xc8\x6e\xda\x26\x14\x9b\xe2" "\x07\x10\x44\x54\xf0\xca\x2b\x6f\x04\x3f\x80\x20\xfd\x08\x22\x14\xec\xbd" "\xa8\x28\xa2\xad\x5e\x78\xa1\x1d\xd9\x37\x93\xc6\xdd\x64\xab\x9b\x5d\x9f" "\xec\xef\x07\xb3\x73\x66\xce\xce\xfe\xff\x87\x65\xcf\xcc\x99\x19\x76\x02" "\x18\x5a\x17\x22\xe2\x4e\x44\xbc\xc9\xb2\xec\x4a\x44\x8c\x37\xd7\xa7\xcd" "\x69\x67\xb1\xf6\xd2\x78\xdf\xeb\x57\x4f\xe6\x6b\x53\x12\x59\x76\xff\xcf" "\x49\x24\xcd\x75\xad\xcf\x3a\x9f\x65\x59\x6d\x7e\xba\xb1\x49\x44\x8c\xd6" "\x37\xfc\x66\xf2\x9f\x71\x2b\x5b\xdb\x2b\x73\xa5\x52\x71\xa3\xb9\x5c\xa8" "\xae\xae\x17\x2a\x5b\xdb\x57\x97\x57\xe7\x96\x8a\x4b\xc5\xb5\x99\x99\xe9" "\x1b\xb3\x37\x67\xaf\xcf\x4e\xf5\xa4\x9d\xb5\x9c\x6e\x7d\xf9\xf7\xdf\xff" "\xce\x4f\xbe\x72\xeb\x17\x5f\x78\xf4\x9b\x07\x7f\xbc\xfc\xad\x5a\x5a\x9f" "\x6c\xd6\xef\x6d\x47\x2f\x35\x9a\x9e\x8b\x13\x7b\xd6\x8d\x46\xc4\xc6\x51" "\x04\x1b\x80\x91\xe6\x3c\x37\xe0\x3c\x00\x00\xe8\x4e\xed\x18\xff\x63\x11" "\xf1\xd9\x88\xb8\x12\xe3\x31\x52\x3f\x3a\x05\x00\x00\x00\x8e\x93\xec\xf6" "\x58\xfc\x23\x89\xc8\x00\x00\x00\x80\x63\x2b\x8d\x88\xb1\x48\xd2\x7c\xf3" "\x5e\x80\xb1\x48\xd3\x7c\xbe\x71\xbf\xec\x27\xe2\x54\x5a\x2a\x57\xaa\x9f" "\x5f\x2c\x6f\xae\x2d\xd4\xea\x22\x26\x22\x97\x2e\x2e\x97\x8a\x53\xcd\x7b" "\x85\x27\x22\x97\xd4\x96\xa7\xeb\xe5\xdd\xe5\x6b\xfb\x96\x67\x22\xe2\x83" "\x88\xf8\xde\xf8\xc9\xfa\x72\x7e\xbe\x5c\x5a\x18\xf4\xc9\x0f\x00\x00\x00" "\x18\x12\xa7\xf7\x8d\xff\xff\x36\xde\x18\xff\x03\x00\x00\x00\xc7\xcc\xc4" "\xa0\x13\x00\x00\x00\x00\x8e\x9c\xf1\x3f\x00\x00\x00\x1c\x7f\xc6\xff\x00" "\x00\x00\x70\xac\x7d\xf5\xde\xbd\xda\x94\xb5\x9e\x7f\xbd\xf0\x70\x6b\x73" "\xa5\xfc\xf0\xea\x42\xb1\xb2\x92\x5f\xdd\x9c\xcf\xcf\x97\x37\xd6\xf3\x4b" "\xe5\xf2\x52\xfd\x3f\xfb\x56\x0f\xfb\xbc\x52\xb9\xbc\xfe\xc5\x58\xdb\x7c" "\x5c\xa8\x16\x2b\xd5\x42\x65\x6b\xfb\xc1\x6a\x79\x73\xad\xfa\x60\xf9\xad" "\x47\x60\x03\x00\x00\x00\x7d\xf4\xc1\xf9\xe7\x2f\x93\x88\xd8\xf9\xd2\xc9" "\xfa\x04\x0c\x8f\xd1\x77\x79\xf3\xef\x8e\x2e\x0f\xa0\xff\x46\x06\x9d\x00" "\x30\x30\xef\xb4\xff\x07\x8e\x95\xdc\xa0\x13\x00\x06\x2e\x39\xa4\xbe\xe3" "\xcd\x3b\xbf\xec\x7d\x2e\x00\x00\xc0\xd1\x98\xfc\xd4\xf3\x97\xb7\xf7\x5d" "\xff\x7f\xaf\x59\x77\xf0\xb9\x81\x9d\xb4\x0f\xe9\x01\x47\xc8\xf9\x3f\x18" "\x5e\x07\x5e\xff\xcf\xb2\xec\x69\xff\x52\x01\xfa\xcc\xf5\x7f\x18\x5e\xb9" "\x18\x09\x03\x79\x18\x6e\x87\x5d\xff\xbf\xdb\xa9\xa2\xeb\xeb\xff\x59\xf6" "\x4e\x09\x01\x00\x00\x3d\x37\x56\x9f\x92\x34\x1f\x51\x3f\x0f\x30\x16\x69" "\x9a\xcf\x47\xbc\x5f\x7f\x2c\x40\x2e\x59\x5c\x2e\x15\xa7\x22\xe2\xa3\x11" "\xf1\xeb\xf1\xdc\x47\x6a\xcb\xd3\xf5\x2d\x93\x43\xc7\x0c\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x43\x96" "\x25\x91\x01\x00\x00\x00\xc7\x5a\x44\xfa\x87\xa4\xf9\xfc\xaf\xc9\xf1\x4b" "\x63\xfb\xcf\x0f\xbc\x97\xfc\x7d\xbc\x3e\x8f\x88\x47\x3f\xba\xff\x83\xc7" "\x73\xd5\xea\xc6\x74\x6d\xfd\x5f\xfe\xbd\xbe\xfa\xc3\xe6\xfa\x6b\x83\x38" "\x83\x01\x00\x00\x00\xec\xd7\x1a\xa7\xb7\xc6\xf1\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd0\x4b\xaf\x5f\x3d" "\x99\x6f\x4d\xfd\x8c\xfb\xa7\xbb\x11\x31\xb1\x1b\x7f\xb7\x66\x34\x4e\xd4" "\xe7\x27\x22\x17\x11\xa7\xfe\x9a\xc4\xe8\x9e\xed\x92\x88\x18\xe9\x41\xfc" "\x9d\x67\x11\x71\xa6\x5d\xfb\x93\x5a\x5a\x31\xd1\xcc\xa2\x5d\xfc\x93\x03" "\x8c\x9f\x46\xc4\xe9\x1e\xc4\x87\x61\xf6\xbc\xd6\xff\xdc\x69\xf7\xfb\x4b" "\xe3\x42\x7d\xde\xfe\xf7\x77\xa3\xde\x43\xfd\xef\xf6\xf7\x7f\x7b\xe3\xb7" "\xfa\xbf\x91\x0e\xfd\xcf\xfb\x5d\xc6\x38\xfb\xe2\x67\x85\x8e\xf1\x9f\x45" "\x9c\x1d\x6d\xdf\xff\xb4\xe2\x27\x1d\xe2\x5f\xec\x32\xfe\x37\xbe\xbe\xbd" "\xdd\xa9\x2e\xfb\x71\xc4\x64\xdb\xfd\x4f\xf2\x56\xac\x42\x75\x75\xbd\x50" "\xd9\xda\xbe\xba\xbc\x3a\xb7\x54\x5c\x2a\xae\xcd\xcc\x4c\xdf\x98\xbd\x39" "\x7b\x7d\x76\xaa\xb0\xb8\x5c\x2a\x36\x5f\xdb\xc6\xf8\xee\xa7\x7f\xfe\xe6" "\xa0\xf6\x9f\xea\x10\x7f\xe2\x90\xf6\x5f\xea\xb2\xfd\xff\x7c\xf1\xf8\xd5" "\xc7\x1b\xc5\x5c\xbb\xf8\x97\x2f\xb6\xff\xfe\xcf\x74\x88\x9f\x36\xf7\x7d" "\x9f\x6b\x96\x6b\xf5\x93\xad\xf2\x4e\xa3\xbc\xd7\xb9\x9f\xfe\xea\xdc\x41" "\xed\x5f\xe8\xd0\xfe\xc3\xbe\xff\xcb\x5d\xb6\xff\xca\xd7\xbe\xfd\xdb\x2e" "\xdf\x0a\x00\xf4\x41\x65\x6b\x7b\x65\xae\x54\x2a\x6e\x28\xfc\xb7\x85\xda" "\x61\x51\x9f\x83\xa6\xf1\x7f\xd2\xf6\x0f\x79\xe1\x69\xdf\x62\x7d\x66\xa7" "\xf1\x7b\x1b\x78\x93\xbb\x2e\x0c\xba\x67\x02\x00\x00\x7a\x6d\xf7\xa0\x7f" "\xd0\x99\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0" "\xf0\xea\xc7\xdf\x89\xed\x8f\xb9\xb3\x5b\xcc\x92\x3e\xb7\x17\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\xa0\x93\x7f\x05\x00\x00\xff\xff\xfa\xda\xd9\x8d", 1255); syz_mount_image(/*fs=*/0x200000000040, /*dir=*/0x200000000500, /*flags=MS_SYNCHRONOUS|MS_SILENT|MS_MANDLOCK*/ 0x8050, /*opts=*/0x2000000001c0, /*chdir=*/1, /*size=*/0x4e5, /*img=*/0x200000000540); memcpy((void*)0x200000000140, "./file0\000", 8); res = syscall(__NR_creat, /*file=*/0x200000000140ul, /*mode=*/0ul); if (res != -1) r[180] = res; res = syscall(__NR_socketpair, /*domain=*/1ul, /*type=SOCK_SEQPACKET*/ 5ul, /*proto=*/0, /*fds=*/0x2000000001c0ul); if (res != -1) { r[181] = *(uint32_t*)0x2000000001c0; r[182] = *(uint32_t*)0x2000000001c4; } syscall(__NR_close, /*fd=*/r[180]); syscall(__NR_fcntl, /*fd=*/r[181], /*cmd=*/0ul, /*arg=*/r[182]); syscall(__NR_lseek, /*fd=*/-1, /*offset=*/0x49ul, /*whence=*/0ul); syscall(__NR_getdents64, /*fd=*/-1, /*ent=*/0ul, /*count=*/0ul); memcpy((void*)0x200000000000, "/dev/cdrom\000", 11); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=O_DIRECTORY*/ 0x10000, /*mode=*/0); if (res != -1) r[183] = res; *(uint8_t*)0x200000000080 = 0x2b; *(uint8_t*)0x200000000081 = 0x16; memset((void*)0x200000000082, 0, 6); *(uint8_t*)0x200000000088 = 0xf4; *(uint8_t*)0x200000000089 = 0xb5; memcpy((void*)0x20000000008a, "\x37\xc1\x2e\x88\xb5\x1b\xe5\x76\xc5\xbe\x45\x0a\xec\x35\x2c\x3d\xc4" "\x64\x88\xbc\x0a\x44\xf5\x00\x9f\x46\xde\xff\xaa\x54\x52\x13\x1a\x9f" "\xd8\x91\xaa\x02\x7c\x4e\xaa\xf4\xce\x92\x27\x60\x33\x15\x51\x89\xf0" "\x75\x34\x47\x26\x44\xac\x66\xf4\x67\xea\x55\x98\x0b\x29\x34\x1c\x7a" "\x43\xdd\x76\x19\x3f\xda\xd3\xf5\x9b\x9d\x09\x8b\x5c\xaa\xcb\x6b\x9e" "\x6e\x31\xc2\x65\x76\xf5\x06\x41\x0e\xa5\xce\x0e\x23\xe8\xee\x94\xd3" "\xca\xcd\x21\x6a\x3b\xee\xa4\x3c\x1f\x94\x03\xaf\x2c\xba\xc5\xc8\xf0" "\x70\x93\x7a\xcc\x93\xa1\x11\x63\x59\x35\x07\x2c\x3a\xa6\x78\x1d\x7b" "\x65\x70\xc3\xb0\x9e\xdf\x84\xa5\x5e\x70\x2f\xb7\x07\x71\x73\x37\x12" "\xcf\x15\x90\x9e\x9f\x96\x08\x18\xe2\x89\xb4\x48\xce\x5f\x02\x84\x89" "\x60\x61\xd6\xab\x20\xa5\x92\x31\x93\x48\x81", 181); syscall(__NR_setsockopt, /*fd=*/-1, /*level=*/0x29, /*optname=*/0x37, /*optval=*/0x200000000080ul, /*optlen=*/0xc0ul); memcpy((void*)0x200000000000, "/dev/snd/timer\000", 15); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=*/0, 0); if (res != -1) r[184] = res; syscall( __NR_clock_getres, /*id=CLOCK_PROCESS_CPUTIME_ID|0x4b54da0c41cf7c50*/ 0x4b54da0c41cf7c52ul, /*tp=*/0ul); *(uint32_t*)0x200000000140 = 1; *(uint32_t*)0x200000000144 = 0; *(uint32_t*)0x200000000148 = 0; *(uint32_t*)0x20000000014c = 0; *(uint32_t*)0x200000000150 = 0; memset((void*)0x200000000154, 0, 32); syscall(__NR_ioctl, /*fd=*/r[184], /*cmd=*/0x40345410, /*arg=*/0x200000000140ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/3ul, /*proto=*/2); if (res != -1) r[185] = res; syscall(__NR_getsockopt, /*fd=*/r[185], /*level=*/1, /*optname=*/0, /*optval=*/0ul, /*optlen=*/0ul); memcpy( (void*)0x200000000940, "\0203q}2[\340\232\356\257\003\227\236t\v\"|" "Ma\206\347\300\024\237\271h\261\226\347=I\2060S6\265\250\302\225Je%" "\376G\'\250\345\217\370\322\034\300\373\034\246\253\bi\344^" "\325\375\251\r\2547A\224k\315\t\000\220k\326\005\266&\320\235aA\305\234_" "\324\030,\f\324s\262\231/" "\300\232\362Oc\300c\003gB!\260\270n\001\233T\225\020\206\350$\177\r[" "\371\0161v\261\034\210\v\225uy\265:\342\341\334(\375\005\237B\204O\376@" "\000\000\000\000\000\000\000\000\000\000\000\000\032\240\212\033\003\"&" "\254\312p>\314Z\001\274\030\301\271\351\v\213\234\264Q\324\226EV<>" "\t\000\000\000\304tL\352\365W\275#" "\317\212\320\350\270\354\004\205\f\357\264\204\355\237/" "\324\273\352;-Dp\370\320F\220\370\222Ip6\364\026\350\024\340\222!\222-" "F\342\024D\221\250b\004\335\035\a\334\340\030\205{" "\200Q\366k\226\372Q\237W\vO\360\344O\\\316S\362\336\0049d\006#" "\210\303\337\205O\034\303\255?r\327\016\000\327\203\260\210\234\366Y-" "F\230\335\234~\375\225\303\266lC\252\"Y\365\320\267\334\213\027|" "\351q\242K\354z\204:*\365Y\321\2331}\233\025\324\354\002o\001&" "\252\220w\304\307yn\265\032g\253&?" "\276\313\350v\250\340\244\201sW\254f\0249\322}\357CGa\232$4\214\245!" "p\203\005\226%\002%\253j\n\b\310NC\221}&" "y\323\341\356p\'\305\253\031GsX5\214\n\237h\356;4\261%" "V\340\251\216\3630:\330\030N~G\0239\312\257\353o\035\027\325nAp\327\314(" "A\230 " "\000;]\375;\320\234\031v\034\302]" "\264Dk\205\344\210\2154\200\231\301i\255\2466\223\v\321/" ";6U\344\261\233\247\270\335t8\226\301=W\321\001\333r\311n@" "fw\305\272\234\234}\375\214\333gE@N\307\252\210Z\001:\270\206\207#" "\365\324L->\271\021_\374h)\274\2525\255\267?\2530{" "8\207\346\253\200\272p<\223}" "1K\323\202\2651c\300\366\256\352\233ht\221N\021\002\24557\210&\a!" "\022D\037y\214\336\236`\253\345\234\320\233\214[" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\302" "\365\200\375\004\3544\340\n\252%R\301\273\271:" "\017\274\005\315\243\206\276\257\270S\352\234\006[" "Q\231\003\325J\361\351}*\204\232\337\f\365\356\337H@" "\340\016\000\370\217Q;" "n2I\373\f\262\320\224\t\335\265\252\352\225\310\037\024\343\243\026\245" "\326\375\333\314\336\350q\351\306\265\211\341\304\317\337\\\2750\302~" "\355\000\332\351\307\265}" "\224\260\034\365\327\034\265\033\0168\252\242\261h\265P\002KQ", 737); res = syscall(__NR_memfd_create, /*name=*/0x200000000940ul, /*flags=*/0ul); if (res != -1) r[186] = res; memcpy((void*)0x200000000040, "/dev/loop#\000", 11); res = -1; res = syz_open_dev(/*dev=*/0x200000000040, /*id=*/0, /*flags=*/0); if (res != -1) r[187] = res; syscall(__NR_ioctl, /*fd=*/r[187], /*cmd=*/0x4c06, /*arg=*/r[186]); syscall(__NR_ioctl, /*fd=*/r[184], /*cmd=*/0x54a0, 0); memcpy((void*)0x200000000000, "/dev/snd/timer\000", 15); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=*/0x20, 0); if (res != -1) r[188] = res; *(uint32_t*)0x200000000140 = 1; *(uint32_t*)0x200000000144 = 0; *(uint32_t*)0x200000000148 = 0; *(uint32_t*)0x20000000014c = 0; *(uint32_t*)0x200000000150 = 0; memset((void*)0x200000000154, 0, 32); syscall(__NR_ioctl, /*fd=*/r[188], /*cmd=*/0x40345410, /*arg=*/0x200000000140ul); syscall(__NR_ioctl, /*fd=*/r[188], /*cmd=*/0x54a2, 0); syscall(__NR_ioctl, /*fd=*/r[184], /*cmd=*/0x54a1, 0); *(uint8_t*)0x200000000040 = 0xa; syscall(__NR_ioctl, /*fd=*/r[183], /*cmd=*/0x5390, /*arg=*/0x200000000040ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0xc); if (res != -1) r[189] = res; *(uint64_t*)0x200000000280 = 0; *(uint32_t*)0x200000000288 = 0; *(uint64_t*)0x200000000290 = 0x200000000240; *(uint64_t*)0x200000000240 = 0x200000000000; *(uint32_t*)0x200000000000 = 0x50; *(uint8_t*)0x200000000004 = 1; *(uint8_t*)0x200000000005 = 2; *(uint16_t*)0x200000000006 = 0x101; *(uint32_t*)0x200000000008 = 0; *(uint32_t*)0x20000000000c = 0; *(uint8_t*)0x200000000010 = 2; *(uint8_t*)0x200000000011 = 0; *(uint16_t*)0x200000000012 = htobe16(0); *(uint16_t*)0x200000000014 = 0x3c; STORE_BY_BITMASK(uint16_t, , 0x200000000016, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000017, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000017, 1, 7, 1); *(uint16_t*)0x200000000018 = 0xc; STORE_BY_BITMASK(uint16_t, , 0x20000000001a, 2, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x20000000001b, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000000001b, 1, 7, 1); *(uint16_t*)0x20000000001c = 5; *(uint16_t*)0x20000000001e = 1; *(uint8_t*)0x200000000020 = 0; *(uint16_t*)0x200000000024 = 0x2c; STORE_BY_BITMASK(uint16_t, , 0x200000000026, 1, 0, 14); STORE_BY_BITMASK(uint16_t, , 0x200000000027, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x200000000027, 1, 7, 1); *(uint16_t*)0x200000000028 = 0x14; *(uint16_t*)0x20000000002a = 3; *(uint8_t*)0x20000000002c = -1; *(uint8_t*)0x20000000002d = 2; memset((void*)0x20000000002e, 0, 13); *(uint8_t*)0x20000000003b = 1; *(uint16_t*)0x20000000003c = 0x14; *(uint16_t*)0x20000000003e = 4; memset((void*)0x200000000040, 0, 10); memset((void*)0x20000000004a, 255, 2); *(uint32_t*)0x20000000004c = htobe32(0xe0000001); *(uint64_t*)0x200000000248 = 0x50; *(uint64_t*)0x200000000298 = 1; *(uint64_t*)0x2000000002a0 = 0; *(uint64_t*)0x2000000002a8 = 0; *(uint32_t*)0x2000000002b0 = 0; syscall(__NR_sendmsg, /*fd=*/r[189], /*msg=*/0x200000000280ul, /*f=*/0ul); res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0); if (res != -1) r[190] = res; *(uint64_t*)0x2000000009c0 = 0; *(uint32_t*)0x2000000009c8 = 0; *(uint64_t*)0x2000000009d0 = 0x200000000940; *(uint64_t*)0x200000000940 = 0x200000000080; memcpy((void*)0x200000000080, "\x1c\x00\x00\x00\xb8\xb0\xd6\x10\xb3\x7b\x4e\xcf\xe3\x76\x00\x0b\x0f" "\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x80\xa3\x9d\x2a\x73\x6c" "\x00\x00\x02", 37); *(uint64_t*)0x200000000948 = 0x1c; *(uint64_t*)0x2000000009d8 = 1; *(uint64_t*)0x2000000009e0 = 0; *(uint64_t*)0x2000000009e8 = 0; *(uint32_t*)0x2000000009f0 = 0; syscall(__NR_sendmsg, /*fd=*/r[190], /*msg=*/0x2000000009c0ul, /*f=*/0ul); memcpy((void*)0x200000000000, "/dev/cdrom\000", 11); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=O_DIRECTORY*/ 0x10000, /*mode=*/0); if (res != -1) r[191] = res; *(uint8_t*)0x200000000080 = 0x2b; *(uint8_t*)0x200000000081 = 0x16; memset((void*)0x200000000082, 0, 6); *(uint8_t*)0x200000000088 = 0xf4; *(uint8_t*)0x200000000089 = 0xb5; memcpy((void*)0x20000000008a, "\x37\xc1\x2e\x88\xb5\x1b\xe5\x76\xc5\xbe\x45\x0a\xec\x35\x2c\x3d\xc4" "\x64\x88\xbc\x0a\x44\xf5\x00\x9f\x46\xde\xff\xaa\x54\x52\x13\x1a\x9f" "\xd8\x91\xaa\x02\x7c\x4e\xaa\xf4\xce\x92\x27\x60\x33\x15\x51\x89\xf0" "\x75\x34\x47\x26\x44\xac\x66\xf4\x67\xea\x55\x98\x0b\x29\x34\x1c\x7a" "\x43\xdd\x76\x19\x3f\xda\xd3\xf5\x9b\x9d\x09\x8b\x5c\xaa\xcb\x6b\x9e" "\x6e\x31\xc2\x65\x76\xf5\x06\x41\x0e\xa5\xce\x0e\x23\xe8\xee\x94\xd3" "\xca\xcd\x21\x6a\x3b\xee\xa4\x3c\x1f\x94\x03\xaf\x2c\xba\xc5\xc8\xf0" "\x70\x93\x7a\xcc\x93\xa1\x11\x63\x59\x35\x07\x2c\x3a\xa6\x78\x1d\x7b" "\x65\x70\xc3\xb0\x9e\xdf\x84\xa5\x5e\x70\x2f\xb7\x07\x71\x73\x37\x12" "\xcf\x15\x90\x9e\x9f\x96\x08\x18\xe2\x89\xb4\x48\xce\x5f\x02\x84\x89" "\x60\x61\xd6\xab\x20\xa5\x92\x31\x93\x48\x81", 181); syscall(__NR_setsockopt, /*fd=*/-1, /*level=*/0x29, /*optname=*/0x37, /*optval=*/0x200000000080ul, /*optlen=*/0xc0ul); memcpy((void*)0x200000000000, "/dev/snd/timer\000", 15); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=*/0, 0); if (res != -1) r[192] = res; syscall( __NR_clock_getres, /*id=CLOCK_PROCESS_CPUTIME_ID|0x4b54da0c41cf7c50*/ 0x4b54da0c41cf7c52ul, /*tp=*/0ul); *(uint32_t*)0x200000000140 = 1; *(uint32_t*)0x200000000144 = 0; *(uint32_t*)0x200000000148 = 0; *(uint32_t*)0x20000000014c = 0; *(uint32_t*)0x200000000150 = 0; memset((void*)0x200000000154, 0, 32); syscall(__NR_ioctl, /*fd=*/r[192], /*cmd=*/0x40345410, /*arg=*/0x200000000140ul); res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/3ul, /*proto=*/2); if (res != -1) r[193] = res; syscall(__NR_getsockopt, /*fd=*/r[193], /*level=*/1, /*optname=*/0, /*optval=*/0ul, /*optlen=*/0ul); memcpy( (void*)0x200000000940, "\0203q}2[\340\232\356\257\003\227\236t\v\"|" "Ma\206\347\300\024\237\271h\261\226\347=I\2060S6\265\250\302\225Je%" "\376G\'\250\345\217\370\322\034\300\373\034\246\253\bi\344^" "\325\375\251\r\2547A\224k\315\t\000\220k\326\005\266&\320\235aA\305\234_" "\324\030,\f\324s\262\231/" "\300\232\362Oc\300c\003gB!\260\270n\001\233T\225\020\206\350$\177\r[" "\371\0161v\261\034\210\v\225uy\265:\342\341\334(\375\005\237B\204O\376@" "\000\000\000\000\000\000\000\000\000\000\000\000\032\240\212\033\003\"&" "\254\312p>\314Z\001\274\030\301\271\351\v\213\234\264Q\324\226EV<>" "\t\000\000\000\304tL\352\365W\275#" "\317\212\320\350\270\354\004\205\f\357\264\204\355\237/" "\324\273\352;-Dp\370\320F\220\370\222Ip6\364\026\350\024\340\222!\222-" "F\342\024D\221\250b\004\335\035\a\334\340\030\205{" "\200Q\366k\226\372Q\237W\vO\360\344O\\\316S\362\336\0049d\006#" "\210\303\337\205O\034\303\255?r\327\016\000\327\203\260\210\234\366Y-" "F\230\335\234~\375\225\303\266lC\252\"Y\365\320\267\334\213\027|" "\351q\242K\354z\204:*\365Y\321\2331}\233\025\324\354\002o\001&" "\252\220w\304\307yn\265\032g\253&?" "\276\313\350v\250\340\244\201sW\254f\0249\322}\357CGa\232$4\214\245!" "p\203\005\226%\002%\253j\n\b\310NC\221}&" "y\323\341\356p\'\305\253\031GsX5\214\n\237h\356;4\261%" "V\340\251\216\3630:\330\030N~G\0239\312\257\353o\035\027\325nAp\327\314(" "A\230 " "\000;]\375;\320\234\031v\034\302]" "\264Dk\205\344\210\2154\200\231\301i\255\2466\223\v\321/" ";6U\344\261\233\247\270\335t8\226\301=W\321\001\333r\311n@" "fw\305\272\234\234}\375\214\333gE@N\307\252\210Z\001:\270\206\207#" "\365\324L->\271\021_\374h)\274\2525\255\267?\2530{" "8\207\346\253\200\272p<\223}" "1K\323\202\2651c\300\366\256\352\233ht\221N\021\002\24557\210&\a!" "\022D\037y\214\336\236`\253\345\234\320\233\214[" "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\302" "\365\200\375\004\3544\340\n\252%R\301\273\271:" "\017\274\005\315\243\206\276\257\270S\352\234\006[" "Q\231\003\325J\361\351}*\204\232\337\f\365\356\337H@" "\340\016\000\370\217Q;" "n2I\373\f\262\320\224\t\335\265\252\352\225\310\037\024\343\243\026\245" "\326\375\333\314\336\350q\351\306\265\211\341\304\317\337\\\2750\302~" "\355\000\332\351\307\265}" "\224\260\034\365\327\034\265\033\0168\252\242\261h\265P\002KQ", 737); res = syscall(__NR_memfd_create, /*name=*/0x200000000940ul, /*flags=*/0ul); if (res != -1) r[194] = res; memcpy((void*)0x200000000040, "/dev/loop#\000", 11); res = -1; res = syz_open_dev(/*dev=*/0x200000000040, /*id=*/0, /*flags=*/0); if (res != -1) r[195] = res; syscall(__NR_ioctl, /*fd=*/r[195], /*cmd=*/0x4c06, /*arg=*/r[194]); syscall(__NR_ioctl, /*fd=*/r[192], /*cmd=*/0x54a0, 0); memcpy((void*)0x200000000000, "/dev/snd/timer\000", 15); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul, /*flags=*/0x20, 0); if (res != -1) r[196] = res; *(uint32_t*)0x200000000140 = 1; *(uint32_t*)0x200000000144 = 0; *(uint32_t*)0x200000000148 = 0; *(uint32_t*)0x20000000014c = 0; *(uint32_t*)0x200000000150 = 0; memset((void*)0x200000000154, 0, 32); syscall(__NR_ioctl, /*fd=*/r[196], /*cmd=*/0x40345410, /*arg=*/0x200000000140ul); syscall(__NR_ioctl, /*fd=*/r[196], /*cmd=*/0x54a2, 0); syscall(__NR_ioctl, /*fd=*/r[192], /*cmd=*/0x54a1, 0); *(uint8_t*)0x200000000040 = 0xa; syscall(__NR_ioctl, /*fd=*/r[191], /*cmd=*/0x5390, /*arg=*/0x200000000040ul); return 0; }