// https://syzkaller.appspot.com/bug?id=3eb7759c9c4664db9bc85471366839d286500f12 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1) #define BITMASK_LEN_OFF(type, bf_off, bf_len) \ (type)(BITMASK_LEN(type, (bf_len)) << (bf_off)) #define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len) \ if ((bf_off) == 0 && (bf_len) == 0) { \ *(type*)(addr) = (type)(val); \ } else { \ type new_val = *(type*)(addr); \ new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len)); \ new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off); \ *(type*)(addr) = new_val; \ } static long syz_open_dev(long a0, long a1, long a2) { if (a0 == 0xc || a0 == 0xb) { char buf[128]; sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2); return open(buf, O_RDWR, 0); } else { char buf[1024]; char* hash; strncpy(buf, (char*)a0, sizeof(buf) - 1); buf[sizeof(buf) - 1] = 0; while ((hash = strchr(buf, '#'))) { *hash = '0' + (char)(a1 % 10); a1 /= 10; } return open(buf, a2, 0); } } static long syz_open_procfs(long a0, long a1) { char buf[128]; memset(buf, 0, sizeof(buf)); if (a0 == 0) { snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1); } else if (a0 == -1) { snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1); } else { snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1); } int fd = open(buf, O_RDWR); if (fd == -1) fd = open(buf, O_RDONLY); return fd; } static long syz_genetlink_get_family_id(long name) { char buf[512] = {0}; struct nlmsghdr* hdr = (struct nlmsghdr*)buf; struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr); struct nlattr* attr = (struct nlattr*)(genlhdr + 1); hdr->nlmsg_len = sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ; hdr->nlmsg_type = GENL_ID_CTRL; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genlhdr->cmd = CTRL_CMD_GETFAMILY; attr->nla_type = CTRL_ATTR_FAMILY_NAME; attr->nla_len = sizeof(*attr) + GENL_NAMSIZ; strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ); struct iovec iov = {hdr, hdr->nlmsg_len}; struct sockaddr_nl addr = {0}; addr.nl_family = AF_NETLINK; int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC); if (fd == -1) { return -1; } struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0}; if (sendmsg(fd, &msg, 0) == -1) { close(fd); return -1; } ssize_t n = recv(fd, buf, sizeof(buf), 0); close(fd); if (n <= 0) { return -1; } if (hdr->nlmsg_type != GENL_ID_CTRL) { return -1; } for (; (char*)attr < buf + n; attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) { if (attr->nla_type == CTRL_ATTR_FAMILY_ID) return *(uint16_t*)(attr + 1); } return -1; } #ifndef __NR_bpf #define __NR_bpf 321 #endif #ifndef __NR_memfd_create #define __NR_memfd_create 319 #endif uint64_t r[140] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}; int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; syscall(__NR_waitid, 2, 0, 0x20000000, 0xa100000c, 0x20000080); *(uint32_t*)0x20000140 = 0x10; res = syscall(__NR_accept, -1, 0x20000040, 0x20000140); if (res != -1) r[0] = res; memcpy((void*)0x20000380, "\x6e\x61\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x200003a0 = 0x1b; *(uint32_t*)0x200003a4 = 5; *(uint32_t*)0x200003a8 = 0x4b0; *(uint32_t*)0x200003ac = 0x2d8; *(uint32_t*)0x200003b0 = 0x190; *(uint32_t*)0x200003b4 = 0xd0; *(uint32_t*)0x200003b8 = 0xd0; *(uint32_t*)0x200003bc = 0x2d8; *(uint32_t*)0x200003c0 = 0x418; *(uint32_t*)0x200003c4 = 0x418; *(uint32_t*)0x200003c8 = 0x418; *(uint32_t*)0x200003cc = 0x418; *(uint32_t*)0x200003d0 = 0x418; *(uint32_t*)0x200003d4 = 5; *(uint64_t*)0x200003d8 = 0x20000180; *(uint32_t*)0x200003e0 = htobe32(-1); *(uint32_t*)0x200003e4 = htobe32(0); *(uint32_t*)0x200003e8 = htobe32(-1); *(uint32_t*)0x200003ec = htobe32(0xff000000); memcpy((void*)0x200003f0, "\x69\x70\x5f\x76\x74\x69\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); memcpy((void*)0x20000400, "\x62\x63\x73\x66\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x2000041c = 0; *(uint8_t*)0x2000043a = -1; *(uint16_t*)0x2000044a = 0xff; *(uint8_t*)0x2000044c = 3; *(uint8_t*)0x2000044d = 0x24; *(uint32_t*)0x20000458 = 0; *(uint16_t*)0x2000045c = 0x98; *(uint16_t*)0x2000045e = 0xd0; *(uint32_t*)0x20000460 = 0; *(uint64_t*)0x20000468 = 0; *(uint64_t*)0x20000470 = 0; *(uint16_t*)0x20000478 = 0x38; memcpy((void*)0x2000047a, "\x52\x45\x44\x49\x52\x45\x43\x54\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000497 = 0; *(uint32_t*)0x20000498 = 1; *(uint32_t*)0x2000049c = 8; *(uint32_t*)0x200004a0 = htobe32(0xe0000002); *(uint32_t*)0x200004a4 = htobe32(3); *(uint16_t*)0x200004a8 = htobe16(0x65); *(uint16_t*)0x200004aa = 3; *(uint8_t*)0x200004b0 = 0xac; *(uint8_t*)0x200004b1 = 0x14; *(uint8_t*)0x200004b2 = 0x14; *(uint8_t*)0x200004b3 = 0x15; *(uint32_t*)0x200004b4 = htobe32(0xe0000001); *(uint32_t*)0x200004b8 = htobe32(0xff0000ff); *(uint32_t*)0x200004bc = htobe32(0); memcpy((void*)0x200004c0, "\x62\x6f\x6e\x64\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); memcpy((void*)0x200004d0, "\x79\x61\x6d\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x200004ec = 0; *(uint8_t*)0x2000050a = 0; *(uint16_t*)0x2000051a = 0x29; *(uint8_t*)0x2000051c = 2; *(uint8_t*)0x2000051d = 2; *(uint32_t*)0x20000528 = 0; *(uint16_t*)0x2000052c = 0x98; *(uint16_t*)0x2000052e = 0xc0; *(uint32_t*)0x20000530 = 0; *(uint64_t*)0x20000538 = 0; *(uint64_t*)0x20000540 = 0; *(uint16_t*)0x20000548 = 0x28; memcpy((void*)0x2000054a, "\x4e\x46\x51\x55\x45\x55\x45\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000567 = 3; *(uint16_t*)0x20000568 = 2; *(uint16_t*)0x2000056a = 5; *(uint16_t*)0x2000056c = 1; *(uint8_t*)0x20000570 = 0; *(uint8_t*)0x20000571 = 0; *(uint8_t*)0x20000572 = 0; *(uint8_t*)0x20000573 = 0; *(uint8_t*)0x20000574 = 0; *(uint8_t*)0x20000575 = 0; *(uint8_t*)0x20000576 = 0; *(uint8_t*)0x20000577 = 0; *(uint8_t*)0x20000578 = 0; *(uint8_t*)0x20000579 = 0; *(uint8_t*)0x2000057a = 0; *(uint8_t*)0x2000057b = 0; *(uint8_t*)0x2000057c = 0; *(uint8_t*)0x2000057d = 0; *(uint8_t*)0x2000057e = 0; *(uint8_t*)0x2000057f = 0; *(uint8_t*)0x20000580 = 0; *(uint8_t*)0x20000581 = 0; *(uint8_t*)0x20000582 = 0; *(uint8_t*)0x20000583 = 0; *(uint8_t*)0x20000584 = 0; *(uint8_t*)0x20000585 = 0; *(uint8_t*)0x20000586 = 0; *(uint8_t*)0x20000587 = 0; *(uint8_t*)0x20000588 = 0; *(uint8_t*)0x20000589 = 0; *(uint8_t*)0x2000058a = 0; *(uint8_t*)0x2000058b = 0; *(uint8_t*)0x2000058c = 0; *(uint8_t*)0x2000058d = 0; *(uint8_t*)0x2000058e = 0; *(uint8_t*)0x2000058f = 0; *(uint8_t*)0x20000590 = 0; *(uint8_t*)0x20000591 = 0; *(uint8_t*)0x20000592 = 0; *(uint8_t*)0x20000593 = 0; *(uint8_t*)0x20000594 = 0; *(uint8_t*)0x20000595 = 0; *(uint8_t*)0x20000596 = 0; *(uint8_t*)0x20000597 = 0; *(uint8_t*)0x20000598 = 0; *(uint8_t*)0x20000599 = 0; *(uint8_t*)0x2000059a = 0; *(uint8_t*)0x2000059b = 0; *(uint8_t*)0x2000059c = 0; *(uint8_t*)0x2000059d = 0; *(uint8_t*)0x2000059e = 0; *(uint8_t*)0x2000059f = 0; *(uint8_t*)0x200005a0 = 0; *(uint8_t*)0x200005a1 = 0; *(uint8_t*)0x200005a2 = 0; *(uint8_t*)0x200005a3 = 0; *(uint8_t*)0x200005a4 = 0; *(uint8_t*)0x200005a5 = 0; *(uint8_t*)0x200005a6 = 0; *(uint8_t*)0x200005a7 = 0; *(uint8_t*)0x200005a8 = 0; *(uint8_t*)0x200005a9 = 0; *(uint8_t*)0x200005aa = 0; *(uint8_t*)0x200005ab = 0; *(uint8_t*)0x200005ac = 0; *(uint8_t*)0x200005ad = 0; *(uint8_t*)0x200005ae = 0; *(uint8_t*)0x200005af = 0; *(uint8_t*)0x200005b0 = 0; *(uint8_t*)0x200005b1 = 0; *(uint8_t*)0x200005b2 = 0; *(uint8_t*)0x200005b3 = 0; *(uint8_t*)0x200005b4 = 0; *(uint8_t*)0x200005b5 = 0; *(uint8_t*)0x200005b6 = 0; *(uint8_t*)0x200005b7 = 0; *(uint8_t*)0x200005b8 = 0; *(uint8_t*)0x200005b9 = 0; *(uint8_t*)0x200005ba = 0; *(uint8_t*)0x200005bb = 0; *(uint8_t*)0x200005bc = 0; *(uint8_t*)0x200005bd = 0; *(uint8_t*)0x200005be = 0; *(uint8_t*)0x200005bf = 0; *(uint8_t*)0x200005c0 = 0; *(uint8_t*)0x200005c1 = 0; *(uint8_t*)0x200005c2 = 0; *(uint8_t*)0x200005c3 = 0; *(uint32_t*)0x200005e8 = 0; *(uint16_t*)0x200005ec = 0x110; *(uint16_t*)0x200005ee = 0x148; *(uint32_t*)0x200005f0 = 0; *(uint64_t*)0x200005f8 = 0; *(uint64_t*)0x20000600 = 0; *(uint16_t*)0x20000608 = 0x28; memcpy((void*)0x2000060a, "\x69\x63\x6d\x70\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000627 = 0; *(uint8_t*)0x20000628 = 0xf; *(uint8_t*)0x20000629 = 2; *(uint8_t*)0x2000062a = 0; *(uint8_t*)0x2000062b = 0; *(uint16_t*)0x20000630 = 0x50; memcpy((void*)0x20000632, "\x6f\x73\x66\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2000064f = 0; memcpy((void*)0x20000650, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20000670 = 1; *(uint32_t*)0x20000674 = 1; *(uint32_t*)0x20000678 = 0; *(uint32_t*)0x2000067c = 0; *(uint16_t*)0x20000680 = 0x38; memcpy((void*)0x20000682, "\x52\x45\x44\x49\x52\x45\x43\x54\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2000069f = 0; *(uint32_t*)0x200006a0 = 1; *(uint32_t*)0x200006a4 = 0xd; *(uint8_t*)0x200006a8 = 0xac; *(uint8_t*)0x200006a9 = 0x14; *(uint8_t*)0x200006aa = 0x14; *(uint8_t*)0x200006ab = 0xbb; *(uint32_t*)0x200006ac = htobe32(0xe0000002); *(uint16_t*)0x200006b0 = htobe16(0x65); *(uint16_t*)0x200006b2 = htobe16(0x4e20); *(uint32_t*)0x200006b8 = htobe32(-1); *(uint32_t*)0x200006bc = htobe32(0xe0000001); *(uint32_t*)0x200006c0 = htobe32(0xff); *(uint32_t*)0x200006c4 = htobe32(0xff); memcpy((void*)0x200006c8, "\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x31\x00\x00\x00\x00\x00\x00", 16); memcpy((void*)0x200006d8, "\x62\x6f\x6e\x64\x5f\x73\x6c\x61\x76\x65\x5f\x30\x00\x00\x00\x00", 16); *(uint8_t*)0x200006f4 = 0; *(uint8_t*)0x20000712 = -1; *(uint16_t*)0x20000722 = 0x16; *(uint8_t*)0x20000724 = 3; *(uint8_t*)0x20000725 = 0x10; *(uint32_t*)0x20000730 = 0; *(uint16_t*)0x20000734 = 0x108; *(uint16_t*)0x20000736 = 0x140; *(uint32_t*)0x20000738 = 0; *(uint64_t*)0x20000740 = 0; *(uint64_t*)0x20000748 = 0; *(uint16_t*)0x20000750 = 0x20; memcpy((void*)0x20000752, "\x73\x6f\x63\x6b\x65\x74\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2000076f = 0; *(uint16_t*)0x20000770 = 0x50; memcpy((void*)0x20000772, "\x6f\x73\x66\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2000078f = 0; memcpy((void*)0x20000790, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x200007b0 = 0xa628; *(uint32_t*)0x200007b4 = 8; *(uint32_t*)0x200007b8 = 2; *(uint32_t*)0x200007bc = 2; *(uint16_t*)0x200007c0 = 0x38; memcpy((void*)0x200007c2, "\x4e\x45\x54\x4d\x41\x50\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200007df = 0; *(uint32_t*)0x200007e0 = 1; *(uint32_t*)0x200007e4 = 9; *(uint32_t*)0x200007e8 = htobe32(0x7f000001); *(uint32_t*)0x200007ec = htobe32(3); *(uint16_t*)0x200007f0 = htobe16(0x4e20); *(uint16_t*)0x200007f2 = 0x1000; *(uint8_t*)0x200007f8 = 0; *(uint8_t*)0x200007f9 = 0; *(uint8_t*)0x200007fa = 0; *(uint8_t*)0x200007fb = 0; *(uint8_t*)0x200007fc = 0; *(uint8_t*)0x200007fd = 0; *(uint8_t*)0x200007fe = 0; *(uint8_t*)0x200007ff = 0; *(uint8_t*)0x20000800 = 0; *(uint8_t*)0x20000801 = 0; *(uint8_t*)0x20000802 = 0; *(uint8_t*)0x20000803 = 0; *(uint8_t*)0x20000804 = 0; *(uint8_t*)0x20000805 = 0; *(uint8_t*)0x20000806 = 0; *(uint8_t*)0x20000807 = 0; *(uint8_t*)0x20000808 = 0; *(uint8_t*)0x20000809 = 0; *(uint8_t*)0x2000080a = 0; *(uint8_t*)0x2000080b = 0; *(uint8_t*)0x2000080c = 0; *(uint8_t*)0x2000080d = 0; *(uint8_t*)0x2000080e = 0; *(uint8_t*)0x2000080f = 0; *(uint8_t*)0x20000810 = 0; *(uint8_t*)0x20000811 = 0; *(uint8_t*)0x20000812 = 0; *(uint8_t*)0x20000813 = 0; *(uint8_t*)0x20000814 = 0; *(uint8_t*)0x20000815 = 0; *(uint8_t*)0x20000816 = 0; *(uint8_t*)0x20000817 = 0; *(uint8_t*)0x20000818 = 0; *(uint8_t*)0x20000819 = 0; *(uint8_t*)0x2000081a = 0; *(uint8_t*)0x2000081b = 0; *(uint8_t*)0x2000081c = 0; *(uint8_t*)0x2000081d = 0; *(uint8_t*)0x2000081e = 0; *(uint8_t*)0x2000081f = 0; *(uint8_t*)0x20000820 = 0; *(uint8_t*)0x20000821 = 0; *(uint8_t*)0x20000822 = 0; *(uint8_t*)0x20000823 = 0; *(uint8_t*)0x20000824 = 0; *(uint8_t*)0x20000825 = 0; *(uint8_t*)0x20000826 = 0; *(uint8_t*)0x20000827 = 0; *(uint8_t*)0x20000828 = 0; *(uint8_t*)0x20000829 = 0; *(uint8_t*)0x2000082a = 0; *(uint8_t*)0x2000082b = 0; *(uint8_t*)0x2000082c = 0; *(uint8_t*)0x2000082d = 0; *(uint8_t*)0x2000082e = 0; *(uint8_t*)0x2000082f = 0; *(uint8_t*)0x20000830 = 0; *(uint8_t*)0x20000831 = 0; *(uint8_t*)0x20000832 = 0; *(uint8_t*)0x20000833 = 0; *(uint8_t*)0x20000834 = 0; *(uint8_t*)0x20000835 = 0; *(uint8_t*)0x20000836 = 0; *(uint8_t*)0x20000837 = 0; *(uint8_t*)0x20000838 = 0; *(uint8_t*)0x20000839 = 0; *(uint8_t*)0x2000083a = 0; *(uint8_t*)0x2000083b = 0; *(uint8_t*)0x2000083c = 0; *(uint8_t*)0x2000083d = 0; *(uint8_t*)0x2000083e = 0; *(uint8_t*)0x2000083f = 0; *(uint8_t*)0x20000840 = 0; *(uint8_t*)0x20000841 = 0; *(uint8_t*)0x20000842 = 0; *(uint8_t*)0x20000843 = 0; *(uint8_t*)0x20000844 = 0; *(uint8_t*)0x20000845 = 0; *(uint8_t*)0x20000846 = 0; *(uint8_t*)0x20000847 = 0; *(uint8_t*)0x20000848 = 0; *(uint8_t*)0x20000849 = 0; *(uint8_t*)0x2000084a = 0; *(uint8_t*)0x2000084b = 0; *(uint32_t*)0x2000084c = 0; *(uint16_t*)0x20000850 = 0x70; *(uint16_t*)0x20000852 = 0x98; *(uint32_t*)0x20000854 = 0; *(uint64_t*)0x20000858 = 0; *(uint64_t*)0x20000860 = 0; *(uint16_t*)0x20000868 = 0x28; memcpy((void*)0x2000086a, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000887 = 0; *(uint32_t*)0x20000888 = 0xfffffffe; syscall(__NR_setsockopt, r[0], 0, 0x40, 0x20000380, 0x510); res = syscall(__NR_socket, 0x10, 3, 0); if (res != -1) r[1] = res; memcpy((void*)0x20000080, "\x76\x65\x74\x68\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint32_t*)0x20000090 = 0; res = syscall(__NR_ioctl, r[1], 0x8933, 0x20000080); if (res != -1) r[2] = *(uint32_t*)0x20000090; res = syscall(__NR_socketpair, 1, 3, 0, 0x20000000); if (res != -1) r[3] = *(uint32_t*)0x20000004; syscall(__NR_ioctl, r[3], 0x8912, 0x400200); memcpy((void*)0x200000c0, "/dev/hwrng", 11); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200000c0, 0x100, 0); if (res != -1) r[4] = res; memcpy((void*)0x200002c0, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80); *(uint16_t*)0x20000310 = 9; *(uint16_t*)0x20000312 = 0; *(uint16_t*)0x20000314 = 6; *(uint16_t*)0x20000316 = -1; *(uint32_t*)0x20000318 = 0x29; *(uint32_t*)0x2000031c = 8; *(uint32_t*)0x20000320 = 7; *(uint32_t*)0x20000324 = 0x42ae; *(uint32_t*)0x20000328 = 0x8ca4; *(uint32_t*)0x2000032c = 8; *(uint32_t*)0x20000330 = 9; *(uint32_t*)0x20000334 = 0x10000; *(uint32_t*)0x20000338 = 5; *(uint32_t*)0x2000033c = 6; *(uint32_t*)0x20000340 = 0xfff; *(uint32_t*)0x20000344 = 4; *(uint32_t*)0x20000348 = 8; *(uint32_t*)0x2000034c = 0x81; *(uint32_t*)0x20000350 = 0; *(uint32_t*)0x20000354 = 0x7ff; *(uint32_t*)0x20000358 = 4; *(uint32_t*)0x2000035c = 1; *(uint32_t*)0x20000360 = 4; *(uint32_t*)0x20000364 = 6; *(uint32_t*)0x20000368 = 0xc68; *(uint32_t*)0x2000036c = 8; *(uint32_t*)0x20000370 = 3; *(uint32_t*)0x20000374 = 0x80; *(uint32_t*)0x20000378 = 0xb54; *(uint32_t*)0x2000037c = 8; *(uint32_t*)0x20000380 = 7; *(uint32_t*)0x20000384 = 0xffff0001; *(uint32_t*)0x20000388 = 1; *(uint32_t*)0x2000038c = 5; *(uint32_t*)0x20000390 = 0; *(uint32_t*)0x20000394 = 0x3f; *(uint32_t*)0x20000398 = 2; *(uint32_t*)0x2000039c = 0xfff; *(uint32_t*)0x200003a0 = 5; *(uint32_t*)0x200003a4 = 0x400; *(uint32_t*)0x200003a8 = 0; *(uint32_t*)0x200003ac = 3; *(uint32_t*)0x200003b0 = 9; *(uint32_t*)0x200003b4 = 1; *(uint32_t*)0x200003b8 = 8; *(uint32_t*)0x200003bc = 5; *(uint32_t*)0x200003c0 = 5; *(uint32_t*)0x200003c4 = 8; *(uint32_t*)0x200003c8 = 0x7fff; *(uint32_t*)0x200003cc = 0x68; *(uint32_t*)0x200003d0 = 1; *(uint32_t*)0x200003d4 = 2; *(uint32_t*)0x200003d8 = 1; *(uint32_t*)0x200003dc = 0xffff; *(uint32_t*)0x200003e0 = 0x7d; *(uint32_t*)0x200003e4 = 0x8001; *(uint32_t*)0x200003e8 = 0x6002d2b5; *(uint32_t*)0x200003ec = 0; *(uint32_t*)0x200003f0 = 3; *(uint32_t*)0x200003f4 = 0xea; *(uint32_t*)0x200003f8 = 0; *(uint32_t*)0x200003fc = 4; *(uint32_t*)0x20000400 = 3; *(uint32_t*)0x20000404 = 0x82df; *(uint32_t*)0x20000408 = 0xffff19a0; *(uint32_t*)0x2000040c = 0xff; *(uint32_t*)0x20000410 = 0x3ff; *(uint32_t*)0x20000414 = 0x1000; *(uint32_t*)0x20000418 = 0x7fffffff; *(uint32_t*)0x2000041c = 7; *(uint32_t*)0x20000420 = 0; *(uint32_t*)0x20000424 = 0; *(uint32_t*)0x20000428 = 7; *(uint32_t*)0x2000042c = 1; *(uint32_t*)0x20000430 = 1; *(uint32_t*)0x20000434 = 2; *(uint32_t*)0x20000438 = 6; *(uint32_t*)0x2000043c = 7; *(uint32_t*)0x20000440 = 0xa2; *(uint32_t*)0x20000444 = 0xb12; *(uint32_t*)0x20000448 = 0x80; *(uint32_t*)0x2000044c = 0x80000001; *(uint32_t*)0x20000450 = 2; *(uint32_t*)0x20000454 = 8; *(uint32_t*)0x20000458 = 7; *(uint32_t*)0x2000045c = 3; *(uint32_t*)0x20000460 = 9; *(uint32_t*)0x20000464 = 1; *(uint32_t*)0x20000468 = 0x51; *(uint32_t*)0x2000046c = 0x43; *(uint32_t*)0x20000470 = 1; *(uint32_t*)0x20000474 = 0x7fffffff; *(uint32_t*)0x20000478 = 2; *(uint32_t*)0x2000047c = 0x7fff; *(uint32_t*)0x20000480 = 8; *(uint32_t*)0x20000484 = 8; *(uint32_t*)0x20000488 = 2; *(uint32_t*)0x2000048c = 9; *(uint32_t*)0x20000490 = 2; *(uint32_t*)0x20000494 = 0x800; *(uint32_t*)0x20000498 = 8; *(uint32_t*)0x2000049c = 4; *(uint32_t*)0x200004a0 = 0x7ff; *(uint32_t*)0x200004a4 = 0; *(uint32_t*)0x200004a8 = 7; *(uint32_t*)0x200004ac = 5; *(uint32_t*)0x200004b0 = 1; *(uint32_t*)0x200004b4 = 4; *(uint32_t*)0x200004b8 = 3; *(uint32_t*)0x200004bc = 0xfffffff7; *(uint32_t*)0x200004c0 = 0; *(uint32_t*)0x200004c4 = 8; *(uint32_t*)0x200004c8 = 0x1000; *(uint32_t*)0x200004cc = 2; *(uint32_t*)0x200004d0 = 0x1f17; *(uint32_t*)0x200004d4 = 5; *(uint32_t*)0x200004d8 = 8; *(uint32_t*)0x200004dc = 0xd715; *(uint32_t*)0x200004e0 = 1; *(uint32_t*)0x200004e4 = 0; *(uint32_t*)0x200004e8 = -1; *(uint32_t*)0x200004ec = 3; *(uint32_t*)0x200004f0 = 0xe022; *(uint32_t*)0x200004f4 = 2; *(uint32_t*)0x200004f8 = 0x80000001; *(uint32_t*)0x200004fc = 4; *(uint32_t*)0x20000500 = 8; *(uint32_t*)0x20000504 = 0x80; *(uint32_t*)0x20000508 = 0; *(uint32_t*)0x2000050c = 7; *(uint32_t*)0x20000510 = 0xee66; *(uint32_t*)0x20000514 = 0x406; *(uint32_t*)0x20000518 = 6; *(uint32_t*)0x2000051c = 0x17; *(uint32_t*)0x20000520 = 0; *(uint32_t*)0x20000524 = 0x3f; *(uint32_t*)0x20000528 = 8; *(uint32_t*)0x2000052c = 0x1ff; *(uint32_t*)0x20000530 = 0x7e; *(uint32_t*)0x20000534 = 1; *(uint32_t*)0x20000538 = 0x80000001; *(uint32_t*)0x2000053c = 2; *(uint32_t*)0x20000540 = 0x81; *(uint32_t*)0x20000544 = 4; *(uint32_t*)0x20000548 = 6; *(uint32_t*)0x2000054c = 2; *(uint32_t*)0x20000550 = 0; *(uint32_t*)0x20000554 = 4; *(uint32_t*)0x20000558 = 0xbe9; *(uint32_t*)0x2000055c = 0xda; *(uint32_t*)0x20000560 = 0x7fffffff; *(uint32_t*)0x20000564 = 0xea81; *(uint32_t*)0x20000568 = -1; *(uint32_t*)0x2000056c = 0xff; *(uint32_t*)0x20000570 = 0x2000; *(uint32_t*)0x20000574 = 3; *(uint32_t*)0x20000578 = 1; *(uint32_t*)0x2000057c = 5; *(uint32_t*)0x20000580 = 0; *(uint32_t*)0x20000584 = 8; *(uint32_t*)0x20000588 = 0x884; *(uint32_t*)0x2000058c = 0x29; *(uint32_t*)0x20000590 = 0x426b; *(uint32_t*)0x20000594 = 0; *(uint32_t*)0x20000598 = 0xdb; *(uint32_t*)0x2000059c = 2; *(uint32_t*)0x200005a0 = 6; *(uint32_t*)0x200005a4 = 0x36; *(uint32_t*)0x200005a8 = 0xfffffffe; *(uint32_t*)0x200005ac = 0xffffffb6; *(uint32_t*)0x200005b0 = 0x56ba; *(uint32_t*)0x200005b4 = 0x800; *(uint32_t*)0x200005b8 = 2; *(uint32_t*)0x200005bc = 0x1000; *(uint32_t*)0x200005c0 = 0x3ef0; *(uint32_t*)0x200005c4 = 5; *(uint32_t*)0x200005c8 = 0x10001; *(uint32_t*)0x200005cc = 0x96ef; *(uint32_t*)0x200005d0 = 0x11f; *(uint32_t*)0x200005d4 = 6; *(uint32_t*)0x200005d8 = 0xfffffc01; *(uint32_t*)0x200005dc = 2; *(uint32_t*)0x200005e0 = 0x7d0; *(uint32_t*)0x200005e4 = 0x80000001; *(uint32_t*)0x200005e8 = 0x1000; *(uint32_t*)0x200005ec = 0xe9; *(uint32_t*)0x200005f0 = 1; *(uint32_t*)0x200005f4 = 8; *(uint32_t*)0x200005f8 = 8; *(uint32_t*)0x200005fc = 0xfc0; *(uint32_t*)0x20000600 = 0xfff; *(uint32_t*)0x20000604 = 4; *(uint32_t*)0x20000608 = 0x81; *(uint32_t*)0x2000060c = 2; *(uint32_t*)0x20000610 = 0xc; *(uint32_t*)0x20000614 = 0xf4; *(uint32_t*)0x20000618 = 0xfffffcff; *(uint32_t*)0x2000061c = 0x3ff; *(uint32_t*)0x20000620 = 5; *(uint32_t*)0x20000624 = 6; *(uint32_t*)0x20000628 = 0x90; *(uint32_t*)0x2000062c = 1; *(uint32_t*)0x20000630 = 2; *(uint32_t*)0x20000634 = 0x1b; *(uint32_t*)0x20000638 = 0xb09; *(uint32_t*)0x2000063c = 5; *(uint32_t*)0x20000640 = 4; *(uint32_t*)0x20000644 = 0x10000; *(uint32_t*)0x20000648 = 7; *(uint32_t*)0x2000064c = 8; *(uint32_t*)0x20000650 = 6; *(uint32_t*)0x20000654 = 4; *(uint32_t*)0x20000658 = 4; *(uint32_t*)0x2000065c = 0x200; *(uint32_t*)0x20000660 = 2; *(uint32_t*)0x20000664 = 6; *(uint32_t*)0x20000668 = 3; *(uint32_t*)0x2000066c = 0xaa; *(uint32_t*)0x20000670 = 0x81; *(uint32_t*)0x20000674 = 3; *(uint32_t*)0x20000678 = 7; *(uint32_t*)0x2000067c = 0xf1; *(uint32_t*)0x20000680 = 0x7fff; *(uint32_t*)0x20000684 = 0x1000; *(uint32_t*)0x20000688 = 7; *(uint32_t*)0x2000068c = 0; *(uint32_t*)0x20000690 = 0xea; *(uint32_t*)0x20000694 = 8; *(uint32_t*)0x20000698 = 1; *(uint32_t*)0x2000069c = 0; *(uint32_t*)0x200006a0 = 0xf58; *(uint32_t*)0x200006a4 = 2; *(uint32_t*)0x200006a8 = 0x7f; *(uint32_t*)0x200006ac = 0x2ae; *(uint32_t*)0x200006b0 = 0; *(uint32_t*)0x200006b4 = 3; *(uint32_t*)0x200006b8 = 8; *(uint32_t*)0x200006bc = 0x100; *(uint32_t*)0x200006c0 = 0x81; *(uint32_t*)0x200006c4 = 1; *(uint32_t*)0x200006c8 = 0; *(uint32_t*)0x200006cc = 0xfffffff9; *(uint32_t*)0x200006d0 = 9; *(uint32_t*)0x200006d4 = 1; *(uint32_t*)0x200006d8 = 0x147; *(uint32_t*)0x200006dc = 0x80; *(uint32_t*)0x200006e0 = 6; *(uint32_t*)0x200006e4 = 4; *(uint32_t*)0x200006e8 = 3; *(uint32_t*)0x200006ec = 2; *(uint32_t*)0x200006f0 = 3; *(uint32_t*)0x200006f4 = 0; *(uint32_t*)0x200006f8 = 4; *(uint32_t*)0x200006fc = 0x92; *(uint32_t*)0x20000700 = 8; *(uint32_t*)0x20000704 = 0x7f; *(uint32_t*)0x20000708 = 6; *(uint32_t*)0x2000070c = 3; *(uint32_t*)0x20000710 = 5; *(uint32_t*)0x20000714 = 0x2225e528; *(uint32_t*)0x20000718 = 9; syscall(__NR_write, r[4], 0x200002c0, 0x45c); *(uint64_t*)0x20000280 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0; *(uint32_t*)0x20000288 = 0xc; *(uint64_t*)0x20000290 = 0x20000240; *(uint64_t*)0x20000240 = 0x200001c0; *(uint32_t*)0x200001c0 = r[2]; *(uint64_t*)0x20000248 = 3; *(uint64_t*)0x20000298 = 1; *(uint64_t*)0x200002a0 = 0; *(uint64_t*)0x200002a8 = 0; *(uint32_t*)0x200002b0 = 0; syscall(__NR_sendmsg, r[1], 0x20000280, 0); res = syscall(__NR_socket, 2, 0xb, 6); if (res != -1) r[5] = res; memcpy((void*)0x200000c0, "/dev/input/mice", 16); res = syz_open_dev(0x200000c0, 0, 0); if (res != -1) r[6] = res; *(uint16_t*)0x20000180 = 5; memcpy((void*)0x20000182, "\x6e\xac\x21\x5f\x1d\x01\x64\x5a\x91\x6e\x26\xf4\xbe\x17\xa0\x0f\x57" "\x37\x60\x76\x3a\xf8\x4f\x66\xf5\xfa\x88\x68\x69\x1e\x20\x68\x6e\x0b" "\xa1\x23\x03\x9c\xf4\x12\x1d\xfd\xc3\x1b\x7e\xa0\xb1\x6f\xdc\x78\x42" "\xe7\xd8\xc4\xd8\x98\x7f\x9c\x26\x29\xed\x00\xf5\xdf\xb5\xdb\x9c\xc9" "\xdb\xfa\x7b\x9e\x6e\x1b\x84\x11\xcc\x5a\x1e\xf5\xd7\xf9\x90\x50\x34" "\x9f\xad\x29\x49\xf5\xdc\x11\xf2\xf0\x88\xf2\x41\x52\x2b\x86\x9f\xff" "\x82\x24\xc4\xb3\x27\x8b\xbc\xc9\xa7\xb9\x8e\x04\xbd\x31\x5b\x8e\x96" "\x7e\xb2\xb3\x03\x7b\x23\x53", 126); syscall(__NR_bind, r[6], 0x20000180, 0x80); memcpy((void*)0x20000140, "\x69\x70\x5f\x76\x74\x69\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); syscall(__NR_setsockopt, r[5], 1, 0x19, 0x20000140, 0x10); res = syscall(__NR_fcntl, r[5], 0, r[6]); if (res != -1) r[7] = res; *(uint64_t*)0x20000540 = 0x20000000; *(uint16_t*)0x20000000 = 0; memcpy((void*)0x20000002, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x05\xb4" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00", 108); *(uint32_t*)0x20000548 = 0x6e; *(uint64_t*)0x20000550 = 0x20000100; *(uint64_t*)0x20000558 = 0; *(uint64_t*)0x20000560 = 0x20000480; *(uint64_t*)0x20000568 = 0; *(uint32_t*)0x20000570 = 0; syscall(__NR_sendmmsg, r[7], 0x20000540, 0x49249f6, 0); *(uint32_t*)0x200001c0 = 0x40; syscall(__NR_getsockopt, -1, 0, 0x480, 0x20000180, 0x200001c0); *(uint32_t*)0x20000040 = 0x80; syscall(__NR_accept4, -1, 0x20000380, 0x20000040, 0x80800); syscall(__NR_keyctl, 0x12); *(uint32_t*)0x20000140 = 0x14; syscall(__NR_accept4, -1, 0x20000100, 0x20000140, 0x80000); *(uint32_t*)0x20000080 = 0; *(uint16_t*)0x20000084 = 0x18; *(uint16_t*)0x20000086 = 0xfa00; *(uint64_t*)0x20000088 = 1; *(uint64_t*)0x20000090 = 0x20000340; *(uint16_t*)0x20000098 = 4; *(uint8_t*)0x2000009a = 0xd; *(uint8_t*)0x2000009b = 0; *(uint8_t*)0x2000009c = 0; *(uint8_t*)0x2000009d = 0; *(uint8_t*)0x2000009e = 0; *(uint8_t*)0x2000009f = 0; syscall(__NR_write, 0xffffff9c, 0x20000080, 0x20); memcpy((void*)0x20000240, "IPVS", 5); res = syz_genetlink_get_family_id(0x20000240); if (res != -1) r[8] = res; *(uint64_t*)0x20000300 = 0x20000200; *(uint16_t*)0x20000200 = 0x10; *(uint16_t*)0x20000202 = 0; *(uint32_t*)0x20000204 = 0; *(uint32_t*)0x20000208 = 0x80; *(uint32_t*)0x20000308 = 0xc; *(uint64_t*)0x20000310 = 0x200002c0; *(uint64_t*)0x200002c0 = 0x20000280; *(uint32_t*)0x20000280 = 0x24; *(uint16_t*)0x20000284 = r[8]; *(uint16_t*)0x20000286 = 4; *(uint32_t*)0x20000288 = 0x70bd28; *(uint32_t*)0x2000028c = 0x25dfdbff; *(uint8_t*)0x20000290 = 5; *(uint8_t*)0x20000291 = 0; *(uint16_t*)0x20000292 = 0; *(uint16_t*)0x20000294 = 8; *(uint16_t*)0x20000296 = 6; *(uint32_t*)0x20000298 = 0; *(uint16_t*)0x2000029c = 8; *(uint16_t*)0x2000029e = 5; *(uint32_t*)0x200002a0 = 9; *(uint64_t*)0x200002c8 = 0x24; *(uint64_t*)0x20000318 = 1; *(uint64_t*)0x20000320 = 0; *(uint64_t*)0x20000328 = 0; *(uint32_t*)0x20000330 = 0x4000000; syscall(__NR_sendmsg, -1, 0x20000300, 0x40); syscall(__NR_syslog, 0xb, 0x20001340, 0xff52); memcpy((void*)0x20000080, "./file0", 8); res = syscall(__NR_creat, 0x20000080, 0); if (res != -1) r[9] = res; memcpy((void*)0x20000040, "./file0", 8); syscall(__NR_mknodat, r[9], 0x20000040, 0, 0); memcpy((void*)0x20000100, "./file0", 8); memcpy((void*)0x20000000, "./file0", 8); syscall(__NR_mount, 0x20000100, 0x20000000, 0x20000040, 0, 0x200001c0); memcpy((void*)0x200000c0, "./file0", 8); syscall(__NR_mknodat, r[9], 0x200000c0, 0x8000, 9); res = syscall(__NR_socket, 0xa, 3, 0x10); if (res != -1) r[10] = res; *(uint32_t*)0x20000ff0 = 0; *(uint32_t*)0x20000ff4 = 0; *(uint32_t*)0x20000ff8 = 0; *(uint32_t*)0x20000ffc = 0; syscall(__NR_setsockopt, r[10], 0x29, 6, 0x20000ff0, 0xfffffffffffffffb); *(uint64_t*)0x20000000 = 0; *(uint32_t*)0x20000008 = 0x1b; *(uint32_t*)0x2000000c = 2; *(uint32_t*)0x20000010 = -1; res = syscall(__NR_timer_create, 3, 0x20000000, 0x20000040); if (res != -1) r[11] = *(uint32_t*)0x20000040; syscall(__NR_timer_getoverrun, r[11]); res = syscall(__NR_socket, 0xa, 0xb, 0); if (res != -1) r[12] = res; syscall(__NR_ioctl, r[12], 0x100008912, 0x20000100); res = syscall(__NR_socket, 0x40000000015, 5, 0); if (res != -1) r[13] = res; *(uint16_t*)0x20000000 = 2; *(uint16_t*)0x20000002 = htobe16(0x100); *(uint32_t*)0x20000004 = htobe32(0xeb16); *(uint8_t*)0x20000008 = 0; *(uint8_t*)0x20000009 = 0; *(uint8_t*)0x2000000a = 0; *(uint8_t*)0x2000000b = 0; *(uint8_t*)0x2000000c = 0; *(uint8_t*)0x2000000d = 0; *(uint8_t*)0x2000000e = 0; *(uint8_t*)0x2000000f = 0; syscall(__NR_bind, r[13], 0x20000000, 0x10); syscall(__NR_keyctl, 3, 0); memcpy((void*)0x20000180, "\x76\x65\x74\x68\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint32_t*)0x20000190 = 0; syscall(__NR_ioctl, r[12], 0x8933, 0x20000180); *(uint32_t*)0x20000040 = 0xe8; syscall(__NR_getsockopt, r[13], 0, 0x11, 0x200001c0, 0x20000040); memcpy((void*)0x20000040, "/dev/adsp#", 11); res = syz_open_dev(0x20000040, 8, 0); if (res != -1) r[14] = res; *(uint32_t*)0x200001c0 = 0x18; *(uint8_t*)0x200001c4 = 0xd; *(uint16_t*)0x200001c5 = 2; *(uint8_t*)0x200001c7 = 0x40; *(uint32_t*)0x200001c8 = 2; *(uint64_t*)0x200001cc = 2; *(uint32_t*)0x200001d4 = 0x81; syscall(__NR_write, r[14], 0x200001c0, 0x18); *(uint32_t*)0x20000080 = 0xd; *(uint32_t*)0x20000084 = 0x64; *(uint32_t*)0x20000088 = 0x20; *(uint32_t*)0x2000008c = 7; *(uint32_t*)0x20000090 = 8; *(uint32_t*)0x20000094 = r[14]; *(uint32_t*)0x20000098 = 0xffff0f82; *(uint8_t*)0x2000009c = 0; *(uint8_t*)0x2000009d = 0; *(uint8_t*)0x2000009e = 0; *(uint8_t*)0x2000009f = 0; *(uint8_t*)0x200000a0 = 0; *(uint8_t*)0x200000a1 = 0; *(uint8_t*)0x200000a2 = 0; *(uint8_t*)0x200000a3 = 0; *(uint8_t*)0x200000a4 = 0; *(uint8_t*)0x200000a5 = 0; *(uint8_t*)0x200000a6 = 0; *(uint8_t*)0x200000a7 = 0; *(uint8_t*)0x200000a8 = 0; *(uint8_t*)0x200000a9 = 0; *(uint8_t*)0x200000aa = 0; *(uint8_t*)0x200000ab = 0; syscall(__NR_bpf, 0, 0x20000080, 0x2c); syscall(__NR_write, r[14], 0x20000200, 1); *(uint32_t*)0x20000000 = 6; *(uint32_t*)0x20000004 = 4; *(uint32_t*)0x20000008 = 0x77800000; *(uint32_t*)0x2000000c = 3; *(uint32_t*)0x20000010 = 0; *(uint32_t*)0x20000014 = -1; *(uint32_t*)0x20000018 = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; syscall(__NR_bpf, 0, 0x20000000, 0x2c); *(uint32_t*)0x20000140 = 0; *(uint16_t*)0x20000144 = 0x18; *(uint16_t*)0x20000146 = 0xfa00; *(uint64_t*)0x20000148 = 1; *(uint64_t*)0x20000150 = 0x20000100; *(uint16_t*)0x20000158 = 0x13f; *(uint8_t*)0x2000015a = 2; *(uint8_t*)0x2000015b = 0; *(uint8_t*)0x2000015c = 0; *(uint8_t*)0x2000015d = 0; *(uint8_t*)0x2000015e = 0; *(uint8_t*)0x2000015f = 0; res = syscall(__NR_write, r[14], 0x20000140, 0x20); if (res != -1) r[15] = *(uint32_t*)0x20000100; syscall(__NR_ioctl, r[14], 0); *(uint32_t*)0x20000180 = 0x10; *(uint16_t*)0x20000184 = 0x30; *(uint16_t*)0x20000186 = 0xfa00; *(uint64_t*)0x20000188 = 0x200000c0; *(uint64_t*)0x20000190 = 4; *(uint16_t*)0x20000198 = 0xa; *(uint16_t*)0x2000019a = htobe16(0x4e24); *(uint32_t*)0x2000019c = 0x7ff; *(uint64_t*)0x200001a0 = htobe64(0); *(uint64_t*)0x200001a8 = htobe64(1); *(uint32_t*)0x200001b0 = 3; *(uint32_t*)0x200001b4 = r[15]; syscall(__NR_write, r[14], 0x20000180, 0x38); memcpy((void*)0x20000000, "sched", 6); res = syz_open_procfs(0, 0x20000000); if (res != -1) r[16] = res; syscall(__NR_fcntl, r[16], 4, 0x6800); syscall(__NR_pread64, r[16], 0x20003c00, 0xffffff4b, 0); syscall(__NR_unshare, 0x20400); res = syscall(__NR_socket, 0x2c, 3, 0); if (res != -1) r[17] = res; *(uint32_t*)0x20000000 = 8; syscall(__NR_setsockopt, r[17], 0x11b, 3, 0x20000000, 0x25); memcpy((void*)0x20000040, "", 1); res = syscall(__NR_memfd_create, 0x20000040, 0); if (res != -1) r[18] = res; *(uint32_t*)0x20000080 = 8; syscall(__NR_ioctl, r[18], 0x400454d4, 0x20000080); *(uint32_t*)0x20000240 = 0x1000000; syscall(__NR_setsockopt, r[17], 0x11b, 3, 0x20000240, 4); res = syscall(__NR_socket, 0x10, 3, 0); if (res != -1) r[19] = res; memcpy((void*)0x20000080, "\x00\x08\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00", 16); *(uint32_t*)0x20000090 = 0; res = syscall(__NR_ioctl, r[19], 0x8933, 0x20000080); if (res != -1) r[20] = *(uint32_t*)0x20000090; memcpy((void*)0x20000040, "\x76\x6c\x61\x6e\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint16_t*)0x20000050 = 0x4000; syscall(__NR_ioctl, r[19], 0x8914, 0x20000040); *(uint64_t*)0x20000240 = 0x20000000; *(uint16_t*)0x20000000 = 0x10; *(uint16_t*)0x20000002 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x20000008 = 0; *(uint32_t*)0x20000248 = 0xc; *(uint64_t*)0x20000250 = 0x20000200; *(uint64_t*)0x20000200 = 0x20000180; *(uint32_t*)0x20000180 = 0x28; *(uint16_t*)0x20000184 = 0x1c; *(uint16_t*)0x20000186 = 0xf07; *(uint32_t*)0x20000188 = 0; *(uint32_t*)0x2000018c = 0; *(uint8_t*)0x20000190 = 7; *(uint8_t*)0x20000191 = 0; *(uint16_t*)0x20000192 = 0; *(uint32_t*)0x20000194 = r[20]; *(uint16_t*)0x20000198 = 0xc602; *(uint8_t*)0x2000019a = 0x4a; *(uint8_t*)0x2000019b = 0; *(uint16_t*)0x2000019c = 0xa; *(uint16_t*)0x2000019e = 2; *(uint8_t*)0x200001a0 = 0xaa; *(uint8_t*)0x200001a1 = 0xaa; *(uint8_t*)0x200001a2 = 0xaa; *(uint8_t*)0x200001a3 = 0xaa; *(uint8_t*)0x200001a4 = 0xaa; *(uint8_t*)0x200001a5 = 0xaa; *(uint64_t*)0x20000208 = 0x28; *(uint64_t*)0x20000258 = 1; *(uint64_t*)0x20000260 = 0; *(uint64_t*)0x20000268 = 0; *(uint32_t*)0x20000270 = 0; syscall(__NR_sendmsg, r[19], 0x20000240, 0); res = syscall(__NR_socket, 0xa, 0x1000000000002, 0); if (res != -1) r[21] = res; syscall(__NR_ioctl, r[21], 0x8912, 0x20000080); res = syscall(__NR_socket, 0x40000000015, 5, 0); if (res != -1) r[22] = res; *(uint32_t*)0x200007c0 = 2; syscall(__NR_setsockopt, r[22], 0x114, 8, 0x200007c0, 4); *(uint32_t*)0x206dbffc = 0; syscall(__NR_setsockopt, r[22], 1, 8, 0x206dbffc, 4); *(uint16_t*)0x20000840 = 2; *(uint16_t*)0x20000842 = htobe16(0x4e20); *(uint32_t*)0x20000844 = htobe32(0x7f000001); *(uint8_t*)0x20000848 = 0; *(uint8_t*)0x20000849 = 0; *(uint8_t*)0x2000084a = 0; *(uint8_t*)0x2000084b = 0; *(uint8_t*)0x2000084c = 0; *(uint8_t*)0x2000084d = 0; *(uint8_t*)0x2000084e = 0; *(uint8_t*)0x2000084f = 0; syscall(__NR_bind, r[22], 0x20000840, 0x10); *(uint64_t*)0x20000900 = 6; syscall(__NR_ioctl, r[22], 0x5421, 0x20000900); *(uint32_t*)0x20000080 = 1; syscall(__NR_setsockopt, r[22], 0x114, 6, 0x20000080, 4); *(uint16_t*)0x2069affb = 2; *(uint16_t*)0x2069affd = htobe16(0x4e20); *(uint32_t*)0x2069afff = htobe32(0x7f000001); *(uint8_t*)0x2069b003 = 0; *(uint8_t*)0x2069b004 = 0; *(uint8_t*)0x2069b005 = 0; *(uint8_t*)0x2069b006 = 0; *(uint8_t*)0x2069b007 = 0; *(uint8_t*)0x2069b008 = 0; *(uint8_t*)0x2069b009 = 0; *(uint8_t*)0x2069b00a = 0; syscall(__NR_sendto, r[22], 0x20000a00, 0, 0, 0x2069affb, 0x10); *(uint16_t*)0x202b4000 = 2; *(uint16_t*)0x202b4002 = htobe16(0x4e20); *(uint32_t*)0x202b4004 = htobe32(0x7f000001); *(uint8_t*)0x202b4008 = 0; *(uint8_t*)0x202b4009 = 0; *(uint8_t*)0x202b400a = 0; *(uint8_t*)0x202b400b = 0; *(uint8_t*)0x202b400c = 0; *(uint8_t*)0x202b400d = 0; *(uint8_t*)0x202b400e = 0; *(uint8_t*)0x202b400f = 0; syscall(__NR_sendto, r[22], 0x204b3fff, 0, 0, 0x202b4000, 0x10); syscall(__NR_recvmmsg, r[22], 0x20007340, 0, 0x40, 0); res = syscall(__NR_clock_gettime, 0, 0x20000040); if (res != -1) r[23] = *(uint64_t*)0x20000040; *(uint64_t*)0x20000140 = r[23]; *(uint64_t*)0x20000148 = 0; syscall(__NR_recvmmsg, r[22], 0x20003480, 0x3ac, 0, 0x20000140); syscall(__NR_write, -1, 0x20000000, 0); *(uint32_t*)0x200000c0 = 0x30; syscall(__NR_setsockopt, -1, 0x12, 3, 0x200000c0, 4); res = syscall(__NR_socket, 0xa, 2, 0); if (res != -1) r[24] = res; memcpy((void*)0x20000000, "security.capability", 20); memcpy((void*)0x20000040, "poly(305", 9); syscall(__NR_fsetxattr, r[24], 0x20000000, 0x20000040, 9, 2); res = syscall(__NR_socket, 0xa, 0x1000000000002, 0); if (res != -1) r[25] = res; syscall(__NR_ioctl, r[25], 0x8912, 0x20000280); *(uint32_t*)0x20000100 = 0; *(uint32_t*)0x20000104 = 0; *(uint32_t*)0x20000108 = 0; *(uint64_t*)0x20000180 = 0x20000140; memcpy((void*)0x20000140, "\x70\x6f\x6c\x79\x28\x33\x30\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64); *(uint64_t*)0x20000188 = 0; *(uint32_t*)0x20000190 = 0; *(uint32_t*)0x20000194 = 0; *(uint32_t*)0x20000198 = 0; *(uint32_t*)0x2000019c = 0; *(uint32_t*)0x200001a0 = 0; *(uint32_t*)0x200001a4 = 0; *(uint32_t*)0x200001a8 = 0; *(uint32_t*)0x200001ac = 0; *(uint32_t*)0x200001b0 = 0; syscall(__NR_keyctl, 0x17, 0x20000100, 0x20a53ffb, 5, 0x20000180); res = syscall(__NR_socketpair, 1, 5, 0, 0x20000000); if (res != -1) { r[26] = *(uint32_t*)0x20000000; r[27] = *(uint32_t*)0x20000004; } *(uint64_t*)0x20000380 = 0x20000100; *(uint16_t*)0x20000100 = 0; memcpy((void*)0x20000102, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00", 108); *(uint32_t*)0x20000388 = 0x6e; *(uint64_t*)0x20000390 = 0x20000540; *(uint64_t*)0x20000398 = 0; *(uint64_t*)0x200003a0 = 0x200003c0; *(uint64_t*)0x200003a8 = 0; *(uint32_t*)0x200003b0 = 0; syscall(__NR_sendmsg, -1, 0x20000380, 0); *(uint64_t*)0x200000c0 = 0x20000240; *(uint16_t*)0x20000240 = 0x10; *(uint16_t*)0x20000242 = 0xf50c; *(uint32_t*)0x20000244 = 0; *(uint32_t*)0x20000248 = 0; *(uint32_t*)0x200000c8 = 4; *(uint64_t*)0x200000d0 = 0x20000100; *(uint64_t*)0x20000100 = 0x20001400; *(uint32_t*)0x20001400 = 0x14; *(uint16_t*)0x20001404 = 0; *(uint16_t*)0x20001406 = 0; *(uint32_t*)0x20001408 = 0; *(uint32_t*)0x2000140c = 0; *(uint8_t*)0x20001410 = 0; *(uint8_t*)0x20001411 = 0; *(uint16_t*)0x20001412 = 0; *(uint64_t*)0x20000108 = 0x14; *(uint64_t*)0x200000d8 = 1; *(uint64_t*)0x200000e0 = 0; *(uint64_t*)0x200000e8 = 0; *(uint32_t*)0x200000f0 = 0; syscall(__NR_sendmsg, -1, 0x200000c0, 0); memcpy((void*)0x200001c0, "/dev/input/mice", 16); res = syz_open_dev(0x200001c0, 0, 0x100); if (res != -1) r[28] = res; *(uint32_t*)0x20002900 = 0x14; syscall(__NR_accept, r[28], 0x200028c0, 0x20002900); syscall(__NR_sendmmsg, r[26], 0x20000040, 0x324fad809d5a9cf, 0); memcpy((void*)0x20000040, "\x74\x65\x61\x6d\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); syscall(__NR_ioctl, r[26], 0x89a0, 0x20000040); *(uint64_t*)0x20002600 = 0; *(uint32_t*)0x20002608 = 0; *(uint64_t*)0x20002610 = 0x20000840; *(uint64_t*)0x20000840 = 0x20000280; *(uint64_t*)0x20000848 = 0x7d; *(uint64_t*)0x20000850 = 0x20000400; *(uint64_t*)0x20000858 = 0x8d; *(uint64_t*)0x20000860 = 0x200004c0; *(uint64_t*)0x20000868 = 0x89; *(uint64_t*)0x20000870 = 0x20000200; *(uint64_t*)0x20000878 = 0xd; *(uint64_t*)0x20000880 = 0x20000300; *(uint64_t*)0x20000888 = 0x6b; *(uint64_t*)0x20000890 = 0x20000580; *(uint64_t*)0x20000898 = 4; *(uint64_t*)0x200008a0 = 0x200005c0; *(uint64_t*)0x200008a8 = 0xdf; *(uint64_t*)0x200008b0 = 0x200006c0; *(uint64_t*)0x200008b8 = 0xd7; *(uint64_t*)0x200008c0 = 0x200007c0; *(uint64_t*)0x200008c8 = 0x72; *(uint64_t*)0x20002618 = 9; *(uint64_t*)0x20002620 = 0; *(uint64_t*)0x20002628 = 0; *(uint32_t*)0x20002630 = 0; *(uint32_t*)0x20002638 = 3; *(uint64_t*)0x20002640 = 0x20000900; *(uint32_t*)0x20002648 = 0x80; *(uint64_t*)0x20002650 = 0x20000ac0; *(uint64_t*)0x20000ac0 = 0x20000980; *(uint64_t*)0x20000ac8 = 0x81; *(uint64_t*)0x20000ad0 = 0x20000a40; *(uint64_t*)0x20000ad8 = 0x7c; *(uint64_t*)0x20002658 = 2; *(uint64_t*)0x20002660 = 0; *(uint64_t*)0x20002668 = 0; *(uint32_t*)0x20002670 = 0x3f; *(uint32_t*)0x20002678 = 0x7fff; *(uint64_t*)0x20002680 = 0x20000b00; *(uint32_t*)0x20002688 = 0x80; *(uint64_t*)0x20002690 = 0x20000e00; *(uint64_t*)0x20000e00 = 0x20000b80; *(uint64_t*)0x20000e08 = 0x4c; *(uint64_t*)0x20000e10 = 0x20000c00; *(uint64_t*)0x20000e18 = 0xba; *(uint64_t*)0x20000e20 = 0x20000cc0; *(uint64_t*)0x20000e28 = 0xd2; *(uint64_t*)0x20000e30 = 0x20000dc0; *(uint64_t*)0x20000e38 = 0x3e; *(uint64_t*)0x20002698 = 4; *(uint64_t*)0x200026a0 = 0x20000e40; *(uint64_t*)0x200026a8 = 0x26; *(uint32_t*)0x200026b0 = 0x7fff; *(uint32_t*)0x200026b8 = 3; *(uint64_t*)0x200026c0 = 0x20000e80; *(uint32_t*)0x200026c8 = 0x80; *(uint64_t*)0x200026d0 = 0x20000f40; *(uint64_t*)0x20000f40 = 0x20000f00; *(uint64_t*)0x20000f48 = 0xb; *(uint64_t*)0x200026d8 = 1; *(uint64_t*)0x200026e0 = 0x20000f80; *(uint64_t*)0x200026e8 = 0xc6; *(uint32_t*)0x200026f0 = 7; *(uint32_t*)0x200026f8 = 0x200; *(uint64_t*)0x20002700 = 0x20001080; *(uint32_t*)0x20002708 = 0x80; *(uint64_t*)0x20002710 = 0x20002580; *(uint64_t*)0x20002580 = 0x20001100; *(uint64_t*)0x20002588 = 0xd3; *(uint64_t*)0x20002590 = 0x20001200; *(uint64_t*)0x20002598 = 0x5e; *(uint64_t*)0x200025a0 = 0x20001440; *(uint64_t*)0x200025a8 = 0x1000; *(uint64_t*)0x200025b0 = 0x20001280; *(uint64_t*)0x200025b8 = 0xac; *(uint64_t*)0x200025c0 = 0x20002440; *(uint64_t*)0x200025c8 = 0xd3; *(uint64_t*)0x200025d0 = 0x20001340; *(uint64_t*)0x200025d8 = 0xa5; *(uint64_t*)0x200025e0 = 0x20002540; *(uint64_t*)0x200025e8 = 0x32; *(uint64_t*)0x20002718 = 7; *(uint64_t*)0x20002720 = 0; *(uint64_t*)0x20002728 = 0; *(uint32_t*)0x20002730 = 3; *(uint32_t*)0x20002738 = 6; res = syscall(__NR_recvmmsg, r[26], 0x20002600, 5, 0x100, 0); if (res != -1) r[29] = *(uint32_t*)0x20000e8a; memcpy((void*)0x20002780, "team", 5); res = syz_genetlink_get_family_id(0x20002780); if (res != -1) r[30] = res; memcpy((void*)0x20000180, "/dev/dsp#", 10); res = syz_open_dev(0x20000180, 0xffff, 1); if (res != -1) r[31] = res; syscall(__NR_ioctl, r[31], 0x5425, 0); *(uint32_t*)0x20002800 = 0x14; res = syscall(__NR_accept, 0xffffff9c, 0x200027c0, 0x20002800); if (res != -1) r[32] = *(uint32_t*)0x200027c4; *(uint32_t*)0x20002880 = 0x14; res = syscall(__NR_accept4, r[27], 0x20002840, 0x20002880, 0x800); if (res != -1) r[33] = *(uint32_t*)0x20002844; memcpy((void*)0x20002ac0, "\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x30\x00\x00\x00\x00\x00\x00", 16); *(uint32_t*)0x20002ad0 = 0; res = syscall(__NR_ioctl, r[27], 0x8933, 0x20002ac0); if (res != -1) r[34] = *(uint32_t*)0x20002ad0; *(uint32_t*)0x20002c00 = 0xe8; res = syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20002b00, 0x20002c00); if (res != -1) r[35] = *(uint32_t*)0x20002b30; *(uint32_t*)0x20002c80 = 0x14; res = syscall(__NR_accept4, 0xffffff9c, 0x20002c40, 0x20002c80, 0x800); if (res != -1) r[36] = *(uint32_t*)0x20002c44; *(uint32_t*)0x20002d00 = 0xc; res = syscall(__NR_getsockopt, -1, 0, 0x23, 0x20002cc0, 0x20002d00); if (res != -1) r[37] = *(uint32_t*)0x20002cc8; memcpy((void*)0x20000080, "net/fib_triestat", 17); res = syz_open_procfs(0, 0x20000080); if (res != -1) r[38] = res; syscall(__NR_ioctl, r[38], 0x5441, 0x7e); *(uint64_t*)0x20003040 = 0x20002740; *(uint16_t*)0x20002740 = 0x10; *(uint16_t*)0x20002742 = 0; *(uint32_t*)0x20002744 = 0; *(uint32_t*)0x20002748 = 0x200; *(uint32_t*)0x20003048 = 0xc; *(uint64_t*)0x20003050 = 0x20003000; *(uint64_t*)0x20003000 = 0x20002d40; *(uint32_t*)0x20002d40 = 0x288; *(uint16_t*)0x20002d44 = r[30]; *(uint16_t*)0x20002d46 = 0x208; *(uint32_t*)0x20002d48 = 0x70bd27; *(uint32_t*)0x20002d4c = 0x25dfdbfe; *(uint8_t*)0x20002d50 = 1; *(uint8_t*)0x20002d51 = 0; *(uint16_t*)0x20002d52 = 0; *(uint16_t*)0x20002d54 = 8; *(uint16_t*)0x20002d56 = 1; *(uint32_t*)0x20002d58 = r[32]; *(uint16_t*)0x20002d5c = 0x26c; *(uint16_t*)0x20002d5e = 2; *(uint16_t*)0x20002d60 = 0x4c; *(uint16_t*)0x20002d62 = 1; *(uint16_t*)0x20002d64 = 0x24; *(uint16_t*)0x20002d66 = 1; memcpy((void*)0x20002d68, "\x6c\x62\x5f\x74\x78\x5f\x6d\x65\x74\x68\x6f\x64" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002d88 = 8; *(uint16_t*)0x20002d8a = 3; *(uint8_t*)0x20002d8c = 5; *(uint16_t*)0x20002d90 = 0x1c; *(uint16_t*)0x20002d92 = 4; memcpy((void*)0x20002d94, "hash_to_port_mapping", 21); *(uint16_t*)0x20002dac = 0x38; *(uint16_t*)0x20002dae = 1; *(uint16_t*)0x20002db0 = 0x24; *(uint16_t*)0x20002db2 = 1; memcpy((void*)0x20002db4, "\x6e\x6f\x74\x69\x66\x79\x5f\x70\x65\x65\x72\x73" "\x5f\x63\x6f\x75\x6e\x74\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002dd4 = 8; *(uint16_t*)0x20002dd6 = 3; *(uint8_t*)0x20002dd8 = 3; *(uint16_t*)0x20002ddc = 8; *(uint16_t*)0x20002dde = 4; *(uint32_t*)0x20002de0 = 0x71d; *(uint16_t*)0x20002de4 = 0x40; *(uint16_t*)0x20002de6 = 1; *(uint16_t*)0x20002de8 = 0x24; *(uint16_t*)0x20002dea = 1; memcpy((void*)0x20002dec, "\x6c\x62\x5f\x70\x6f\x72\x74\x5f\x73\x74\x61\x74" "\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002e0c = 8; *(uint16_t*)0x20002e0e = 3; *(uint8_t*)0x20002e10 = 0xb; *(uint16_t*)0x20002e14 = 8; *(uint16_t*)0x20002e16 = 4; *(uint32_t*)0x20002e18 = 0; *(uint16_t*)0x20002e1c = 8; *(uint16_t*)0x20002e1e = 6; *(uint32_t*)0x20002e20 = r[33]; *(uint16_t*)0x20002e24 = 0x40; *(uint16_t*)0x20002e26 = 1; *(uint16_t*)0x20002e28 = 0x24; *(uint16_t*)0x20002e2a = 1; memcpy((void*)0x20002e2c, "\x6c\x62\x5f\x70\x6f\x72\x74\x5f\x73\x74\x61\x74" "\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002e4c = 8; *(uint16_t*)0x20002e4e = 3; *(uint8_t*)0x20002e50 = 0xb; *(uint16_t*)0x20002e54 = 8; *(uint16_t*)0x20002e56 = 4; *(uint32_t*)0x20002e58 = 0x8c; *(uint16_t*)0x20002e5c = 8; *(uint16_t*)0x20002e5e = 6; *(uint32_t*)0x20002e60 = r[34]; *(uint16_t*)0x20002e64 = 0x3c; *(uint16_t*)0x20002e66 = 1; *(uint16_t*)0x20002e68 = 0x24; *(uint16_t*)0x20002e6a = 1; memcpy((void*)0x20002e6c, "\x65\x6e\x61\x62\x6c\x65\x64\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002e8c = 8; *(uint16_t*)0x20002e8e = 3; *(uint8_t*)0x20002e90 = 6; *(uint16_t*)0x20002e94 = 4; *(uint16_t*)0x20002e96 = 4; *(uint16_t*)0x20002e98 = 8; *(uint16_t*)0x20002e9a = 6; *(uint32_t*)0x20002e9c = r[35]; *(uint16_t*)0x20002ea0 = 0x38; *(uint16_t*)0x20002ea2 = 1; *(uint16_t*)0x20002ea4 = 0x24; *(uint16_t*)0x20002ea6 = 1; memcpy((void*)0x20002ea8, "\x6d\x63\x61\x73\x74\x5f\x72\x65\x6a\x6f\x69\x6e" "\x5f\x63\x6f\x75\x6e\x74\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002ec8 = 8; *(uint16_t*)0x20002eca = 3; *(uint8_t*)0x20002ecc = 3; *(uint16_t*)0x20002ed0 = 8; *(uint16_t*)0x20002ed2 = 4; *(uint32_t*)0x20002ed4 = 8; *(uint16_t*)0x20002ed8 = 0x3c; *(uint16_t*)0x20002eda = 1; *(uint16_t*)0x20002edc = 0x24; *(uint16_t*)0x20002ede = 1; memcpy((void*)0x20002ee0, "\x6c\x62\x5f\x74\x78\x5f\x6d\x65\x74\x68\x6f\x64" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002f00 = 8; *(uint16_t*)0x20002f02 = 3; *(uint8_t*)0x20002f04 = 5; *(uint16_t*)0x20002f08 = 0xc; *(uint16_t*)0x20002f0a = 4; memcpy((void*)0x20002f0c, "hash", 5); *(uint16_t*)0x20002f14 = 0x3c; *(uint16_t*)0x20002f16 = 1; *(uint16_t*)0x20002f18 = 0x24; *(uint16_t*)0x20002f1a = 1; memcpy((void*)0x20002f1c, "\x75\x73\x65\x72\x5f\x6c\x69\x6e\x6b\x75\x70\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002f3c = 8; *(uint16_t*)0x20002f3e = 3; *(uint8_t*)0x20002f40 = 6; *(uint16_t*)0x20002f44 = 4; *(uint16_t*)0x20002f46 = 4; *(uint16_t*)0x20002f48 = 8; *(uint16_t*)0x20002f4a = 6; *(uint32_t*)0x20002f4c = r[36]; *(uint16_t*)0x20002f50 = 0x38; *(uint16_t*)0x20002f52 = 1; *(uint16_t*)0x20002f54 = 0x24; *(uint16_t*)0x20002f56 = 1; memcpy((void*)0x20002f58, "\x6c\x62\x5f\x73\x74\x61\x74\x73\x5f\x72\x65\x66" "\x72\x65\x73\x68\x5f\x69\x6e\x74\x65\x72\x76\x61" "\x6c\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002f78 = 8; *(uint16_t*)0x20002f7a = 3; *(uint8_t*)0x20002f7c = 3; *(uint16_t*)0x20002f80 = 8; *(uint16_t*)0x20002f82 = 4; *(uint32_t*)0x20002f84 = 8; *(uint16_t*)0x20002f88 = 0x40; *(uint16_t*)0x20002f8a = 1; *(uint16_t*)0x20002f8c = 0x24; *(uint16_t*)0x20002f8e = 1; memcpy((void*)0x20002f90, "\x6c\x62\x5f\x70\x6f\x72\x74\x5f\x73\x74\x61\x74" "\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002fb0 = 8; *(uint16_t*)0x20002fb2 = 3; *(uint8_t*)0x20002fb4 = 0xb; *(uint16_t*)0x20002fb8 = 8; *(uint16_t*)0x20002fba = 4; *(uint32_t*)0x20002fbc = 8; *(uint16_t*)0x20002fc0 = 8; *(uint16_t*)0x20002fc2 = 6; *(uint32_t*)0x20002fc4 = r[37]; *(uint64_t*)0x20003008 = 0x288; *(uint64_t*)0x20003058 = 1; *(uint64_t*)0x20003060 = 0; *(uint64_t*)0x20003068 = 0; *(uint32_t*)0x20003070 = 0x20004004; syscall(__NR_sendmsg, r[29], 0x20003040, 0x24000040); res = syscall(__NR_socket, 0xa, 0x1000000000002, 0); if (res != -1) r[39] = res; syscall(__NR_ioctl, r[39], 0x8912, 0x20000040); memcpy((void*)0x20000000, "/dev/audio", 11); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x406180, 0); if (res != -1) r[40] = res; *(uint16_t*)0x20000080 = 1; *(uint16_t*)0x20000082 = 9; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 0; *(uint8_t*)0x20000086 = 0; *(uint8_t*)0x20000087 = 0; *(uint8_t*)0x20000088 = 0; *(uint8_t*)0x20000089 = 0; *(uint8_t*)0x2000008a = 1; *(uint8_t*)0x2000008b = 0x80; *(uint8_t*)0x2000008c = 0xc2; *(uint8_t*)0x2000008d = 0; *(uint8_t*)0x2000008e = 0; *(uint8_t*)0x2000008f = 3; *(uint8_t*)0x20000090 = -1; *(uint8_t*)0x20000091 = -1; *(uint8_t*)0x20000092 = -1; *(uint8_t*)0x20000093 = -1; *(uint8_t*)0x20000094 = -1; *(uint8_t*)0x20000095 = -1; *(uint8_t*)0x20000096 = 0; *(uint8_t*)0x20000097 = 0; *(uint8_t*)0x20000098 = 0; *(uint8_t*)0x20000099 = 0; *(uint8_t*)0x2000009a = 0; *(uint8_t*)0x2000009b = 0; *(uint8_t*)0x2000009c = 0xaa; *(uint8_t*)0x2000009d = 0xaa; *(uint8_t*)0x2000009e = 0xaa; *(uint8_t*)0x2000009f = 0xaa; *(uint8_t*)0x200000a0 = 0xaa; *(uint8_t*)0x200000a1 = 0xbb; *(uint8_t*)0x200000a2 = 0xaa; *(uint8_t*)0x200000a3 = 0xaa; *(uint8_t*)0x200000a4 = 0xaa; *(uint8_t*)0x200000a5 = 0xaa; *(uint8_t*)0x200000a6 = 0xaa; *(uint8_t*)0x200000a7 = 0xbb; *(uint8_t*)0x200000a8 = 0xaa; *(uint8_t*)0x200000a9 = 0xaa; *(uint8_t*)0x200000aa = 0xaa; *(uint8_t*)0x200000ab = 0xaa; *(uint8_t*)0x200000ac = 0xaa; *(uint8_t*)0x200000ad = 0xe; *(uint8_t*)0x200000ae = 0xaa; *(uint8_t*)0x200000af = 0xaa; *(uint8_t*)0x200000b0 = 0xaa; *(uint8_t*)0x200000b1 = 0xaa; *(uint8_t*)0x200000b2 = 0xaa; *(uint8_t*)0x200000b3 = 0xf; *(uint8_t*)0x200000b4 = 0xaa; *(uint8_t*)0x200000b5 = 0xaa; *(uint8_t*)0x200000b6 = 0xaa; *(uint8_t*)0x200000b7 = 0xaa; *(uint8_t*)0x200000b8 = 0xaa; *(uint8_t*)0x200000b9 = 0xaa; syscall(__NR_ioctl, r[40], 0x400454d1, 0x20000080); *(uint32_t*)0x20000040 = 0x8000; syscall(__NR_setsockopt, -1, 0x11b, 2, 0x20000040, 4); syscall(__NR_mmap, 0x20ffe000, 0x100000, 2, 0x52, -1, 0); syscall(__NR_socket, 0x11, 3, 0x300); res = syscall(__NR_gettid); if (res != -1) r[41] = res; memcpy((void*)0x20000040, "net/sco", 8); syz_open_procfs(r[41], 0x20000040); syscall(__NR_socket, 0x11, 2, 0x300); res = syscall(__NR_socket, 0x10, 2, 0); if (res != -1) r[42] = res; syscall(__NR_socket, 0x11, 3, 0x300); memcpy((void*)0x20000140, "net/ptype", 10); res = syz_open_procfs(0, 0x20000140); if (res != -1) r[43] = res; *(uint64_t*)0x20000000 = 0; syscall(__NR_sendfile, r[42], r[43], 0x20000000, 0x80000003); res = syscall(__NR_socket, 0xa, 0x1000000000002, 0); if (res != -1) r[44] = res; syscall(__NR_ioctl, r[44], 0x8912, 0x20000280); res = syscall(__NR_socket, 2, 2, 0); if (res != -1) r[45] = res; syscall(__NR_ioctl, r[45], 0x541b, 0x20000000); *(uint32_t*)0x200000c0 = 3; syscall(__NR_setsockopt, r[45], 0, 0xa, 0x200000c0, 4); *(uint16_t*)0x20fd9ff0 = 2; *(uint16_t*)0x20fd9ff2 = htobe16(0x4e20); *(uint32_t*)0x20fd9ff4 = htobe32(0); *(uint8_t*)0x20fd9ff8 = 0; *(uint8_t*)0x20fd9ff9 = 0; *(uint8_t*)0x20fd9ffa = 0; *(uint8_t*)0x20fd9ffb = 0; *(uint8_t*)0x20fd9ffc = 0; *(uint8_t*)0x20fd9ffd = 0; *(uint8_t*)0x20fd9ffe = 0; *(uint8_t*)0x20fd9fff = 0; syscall(__NR_sendto, r[45], 0x20865000, 0xffe4, 0, 0x20fd9ff0, 0x10); *(uint16_t*)0x20000040 = 2; *(uint16_t*)0x20000042 = htobe16(0x4e23); *(uint8_t*)0x20000044 = 0xac; *(uint8_t*)0x20000045 = 0x14; *(uint8_t*)0x20000046 = 0x14; *(uint8_t*)0x20000047 = 0x12; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 0; *(uint8_t*)0x2000004c = 0; *(uint8_t*)0x2000004d = 0; *(uint8_t*)0x2000004e = 0; *(uint8_t*)0x2000004f = 0; syscall(__NR_bind, r[45], 0x20000040, 0x10); res = syscall(__NR_socket, 0xa, 1, 0x83); if (res != -1) r[46] = res; *(uint16_t*)0x20ef8cfd = 0xa; *(uint16_t*)0x20ef8cff = htobe16(0x4e23); *(uint32_t*)0x20ef8d01 = 0; *(uint64_t*)0x20ef8d05 = htobe64(0); *(uint64_t*)0x20ef8d0d = htobe64(1); *(uint32_t*)0x20ef8d15 = 0; syscall(__NR_bind, r[46], 0x20ef8cfd, 0x1c); memcpy((void*)0x200003c0, "/dev/admmidi#", 14); res = syz_open_dev(0x200003c0, 0x7f, 0x400400); if (res != -1) r[47] = res; memcpy((void*)0x20000440, "IPVS", 5); res = syz_genetlink_get_family_id(0x20000440); if (res != -1) r[48] = res; *(uint64_t*)0x20000540 = 0x20000400; *(uint16_t*)0x20000400 = 0x10; *(uint16_t*)0x20000402 = 0; *(uint32_t*)0x20000404 = 0; *(uint32_t*)0x20000408 = 0x200000; *(uint32_t*)0x20000548 = 0xc; *(uint64_t*)0x20000550 = 0x20000500; *(uint64_t*)0x20000500 = 0x20000480; *(uint32_t*)0x20000480 = 0x70; *(uint16_t*)0x20000484 = r[48]; *(uint16_t*)0x20000486 = 0x200; *(uint32_t*)0x20000488 = 0x70bd26; *(uint32_t*)0x2000048c = 0x25dfdbfe; *(uint8_t*)0x20000490 = 9; *(uint8_t*)0x20000491 = 0; *(uint16_t*)0x20000492 = 0; *(uint16_t*)0x20000494 = 8; *(uint16_t*)0x20000496 = 6; *(uint32_t*)0x20000498 = 6; *(uint16_t*)0x2000049c = 8; *(uint16_t*)0x2000049e = 4; *(uint32_t*)0x200004a0 = 0xdd5; *(uint16_t*)0x200004a4 = 0x4c; *(uint16_t*)0x200004a6 = 1; *(uint16_t*)0x200004a8 = 8; *(uint16_t*)0x200004aa = 9; *(uint32_t*)0x200004ac = 0x1b; *(uint16_t*)0x200004b0 = 0xc; *(uint16_t*)0x200004b2 = 6; memcpy((void*)0x200004b4, "none", 5); *(uint16_t*)0x200004bc = 8; *(uint16_t*)0x200004be = 2; *(uint16_t*)0x200004c0 = 0xa7; *(uint16_t*)0x200004c4 = 0xc; *(uint16_t*)0x200004c6 = 7; *(uint32_t*)0x200004c8 = 0x3c; *(uint32_t*)0x200004cc = 0x20; *(uint16_t*)0x200004d0 = 8; *(uint16_t*)0x200004d2 = 2; *(uint16_t*)0x200004d4 = 0; *(uint16_t*)0x200004d8 = 8; *(uint16_t*)0x200004da = 2; *(uint16_t*)0x200004dc = 0xff; *(uint16_t*)0x200004e0 = 8; *(uint16_t*)0x200004e2 = 2; *(uint16_t*)0x200004e4 = 0x5f; *(uint16_t*)0x200004e8 = 8; *(uint16_t*)0x200004ea = 6; memcpy((void*)0x200004ec, "lc", 3); *(uint64_t*)0x20000508 = 0x70; *(uint64_t*)0x20000558 = 1; *(uint64_t*)0x20000560 = 0; *(uint64_t*)0x20000568 = 0; *(uint32_t*)0x20000570 = 0x80; syscall(__NR_sendmsg, r[47], 0x20000540, 0xc000); syscall(__NR_listen, r[46], 0xffffff7b); res = syscall(__NR_socket, 0xa, 1, 0x84); if (res != -1) r[49] = res; *(uint16_t*)0x2005ffe4 = 0xa; *(uint16_t*)0x2005ffe6 = htobe16(0x4e23); *(uint32_t*)0x2005ffe8 = 0; *(uint64_t*)0x2005ffec = htobe64(0); *(uint64_t*)0x2005fff4 = htobe64(1); *(uint32_t*)0x2005fffc = 0; syscall(__NR_sendto, r[49], 0x20000240, 0, 0, 0x2005ffe4, 0x1c); *(uint32_t*)0x200001c0 = 0; *(uint32_t*)0x200001c4 = 0; *(uint32_t*)0x20000200 = 8; res = syscall(__NR_getsockopt, r[49], 0x84, 0x11, 0x200001c0, 0x20000200); if (res != -1) r[50] = *(uint32_t*)0x200001c0; *(uint32_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 8; *(uint32_t*)0x20000288 = 3; *(uint16_t*)0x2000028c = 0; *(uint16_t*)0x2000028e = 0x401; *(uint16_t*)0x20000290 = 0x97d7; *(uint16_t*)0x20000292 = 1; *(uint32_t*)0x20000294 = 2; *(uint32_t*)0x20000298 = r[50]; *(uint16_t*)0x2000029c = 2; *(uint16_t*)0x2000029e = htobe16(0x4e24); *(uint32_t*)0x200002a0 = htobe32(0xe0000002); *(uint8_t*)0x200002a4 = 0; *(uint8_t*)0x200002a5 = 0; *(uint8_t*)0x200002a6 = 0; *(uint8_t*)0x200002a7 = 0; *(uint8_t*)0x200002a8 = 0; *(uint8_t*)0x200002a9 = 0; *(uint8_t*)0x200002aa = 0; *(uint8_t*)0x200002ab = 0; *(uint32_t*)0x2000031c = 0x5e; *(uint32_t*)0x20000320 = -1; *(uint32_t*)0x20000324 = 0x8001; *(uint32_t*)0x20000328 = 1; *(uint32_t*)0x2000032c = 0x2e980000; *(uint32_t*)0x20000340 = 0xb0; syscall(__NR_getsockopt, r[46], 0x84, 0xe, 0x20000280, 0x20000340); *(uint32_t*)0x20000380 = 0; syscall(__NR_setsockopt, r[49], 0x84, 0x78, 0x20000380, 4); memcpy((void*)0x20000000, "/dev/dsp", 9); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x20000480003, 0); if (res != -1) r[51] = res; *(uint32_t*)0x20000080 = 4; syscall(__NR_getsockopt, r[51], 6, 0x14, 0x20000040, 0x20000080); *(uint16_t*)0x20000100 = 0; *(uint16_t*)0x20000102 = 0; *(uint32_t*)0x20000104 = 0; *(uint32_t*)0x20000108 = 0; *(uint32_t*)0x2000010c = 0; *(uint32_t*)0x20000180 = 0x10; syscall(__NR_getsockopt, r[49], 0x84, 0x22, 0x20000100, 0x20000180); res = syscall(__NR_epoll_create1, 0); if (res != -1) r[52] = res; *(uint64_t*)0x20000100 = 0; syscall(__NR_epoll_pwait, r[52], 0x20000000, 1, 0x9ce, 0x20000100, 8); *(uint32_t*)0x2001d000 = 2; *(uint32_t*)0x2001d004 = 0x70; *(uint8_t*)0x2001d008 = 0; *(uint8_t*)0x2001d009 = 1; *(uint8_t*)0x2001d00a = 0; *(uint8_t*)0x2001d00b = 0; *(uint32_t*)0x2001d00c = 0; *(uint64_t*)0x2001d010 = 0; *(uint64_t*)0x2001d018 = 0; *(uint64_t*)0x2001d020 = 0; STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 0, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 1, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 2, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 3, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 4, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, -1, 5, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 6, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 7, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 8, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 9, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 10, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 11, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 12, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 13, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 14, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 15, 2); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 17, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 18, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 19, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 20, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 21, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 22, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 23, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 24, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 25, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 26, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 27, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 28, 1); STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 29, 35); *(uint32_t*)0x2001d030 = 0; *(uint32_t*)0x2001d034 = 0; *(uint64_t*)0x2001d038 = 0; *(uint64_t*)0x2001d040 = 0; *(uint64_t*)0x2001d048 = 0; *(uint64_t*)0x2001d050 = 0; *(uint32_t*)0x2001d058 = 0; *(uint32_t*)0x2001d05c = 0; *(uint64_t*)0x2001d060 = 0; *(uint32_t*)0x2001d068 = 0; *(uint16_t*)0x2001d06c = 0; *(uint16_t*)0x2001d06e = 0; res = syscall(__NR_perf_event_open, 0x2001d000, 0, 0, -1, 0); if (res != -1) r[53] = res; *(uint32_t*)0x200000c0 = 0xc0000010; *(uint64_t*)0x200000c4 = 0; syscall(__NR_epoll_ctl, r[52], 1, r[53], 0x200000c0); *(uint32_t*)0x20000040 = 4; *(uint64_t*)0x20000044 = 0; syscall(__NR_epoll_ctl, r[52], 1, r[53], 0x20000040); *(uint32_t*)0x20000180 = 2; *(uint32_t*)0x20000184 = 0x70; *(uint8_t*)0x20000188 = 0xe5; *(uint8_t*)0x20000189 = 0; *(uint8_t*)0x2000018a = 0; *(uint8_t*)0x2000018b = 0; *(uint32_t*)0x2000018c = 0; *(uint64_t*)0x20000190 = 0; *(uint64_t*)0x20000198 = 0; *(uint64_t*)0x200001a0 = 0; STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 0, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 1, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 2, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 3, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 4, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 5, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 6, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 7, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 8, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 9, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 10, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 11, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 12, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 13, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 14, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 15, 2); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 17, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 18, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 19, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 20, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 21, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 22, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 23, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 24, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 25, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 26, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 27, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 28, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 29, 35); *(uint32_t*)0x200001b0 = 0; *(uint32_t*)0x200001b4 = 0; *(uint64_t*)0x200001b8 = 0x20000000; *(uint64_t*)0x200001c0 = 0; *(uint64_t*)0x200001c8 = 0; *(uint64_t*)0x200001d0 = 0; *(uint32_t*)0x200001d8 = 0; *(uint32_t*)0x200001dc = 0; *(uint64_t*)0x200001e0 = 0; *(uint32_t*)0x200001e8 = 0; *(uint16_t*)0x200001ec = 0; *(uint16_t*)0x200001ee = 0; syscall(__NR_perf_event_open, 0x20000180, 0, 0, -1, 0); memcpy((void*)0x20000080, "/dev/sg#", 9); res = syz_open_dev(0x20000080, 0, 0x80000000002); if (res != -1) r[54] = res; syscall(__NR_write, r[54], 0x20000300, 0xf6); res = syscall(__NR_socket, 0xa, 1, 0); if (res != -1) r[55] = res; *(uint8_t*)0x20000080 = 0xfe; *(uint8_t*)0x20000081 = 0x80; *(uint8_t*)0x20000082 = 0; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 0; *(uint8_t*)0x20000086 = 0; *(uint8_t*)0x20000087 = 0; *(uint8_t*)0x20000088 = 0; *(uint8_t*)0x20000089 = 0; *(uint8_t*)0x2000008a = 0; *(uint8_t*)0x2000008b = 0; *(uint8_t*)0x2000008c = 0; *(uint8_t*)0x2000008d = 0; *(uint8_t*)0x2000008e = 0; *(uint8_t*)0x2000008f = 0x15; *(uint32_t*)0x20000090 = 0; syscall(__NR_setsockopt, r[55], 0x29, 0x1b, 0x20000080, 0x14); memcpy((void*)0x200000c0, "/dev/vcs#", 10); res = syz_open_dev(0x200000c0, 0, 0); if (res != -1) r[56] = res; *(uint64_t*)0x20000240 = 0; *(uint64_t*)0x20000248 = 0; syscall(__NR_setsockopt, r[56], 0x28, 6, 0x20000240, 0x10); *(uint8_t*)0x20000280 = 7; *(uint8_t*)0x20000281 = 0xf7; syscall(__NR_setsockopt, r[56], 0x112, 4, 0x20000280, 2); *(uint8_t*)0x20000200 = 0xfe; *(uint8_t*)0x20000201 = 0x80; *(uint8_t*)0x20000202 = 0; *(uint8_t*)0x20000203 = 0; *(uint8_t*)0x20000204 = 0; *(uint8_t*)0x20000205 = 0; *(uint8_t*)0x20000206 = 0; *(uint8_t*)0x20000207 = 0; *(uint8_t*)0x20000208 = 0; *(uint8_t*)0x20000209 = 0; *(uint8_t*)0x2000020a = 0; *(uint8_t*)0x2000020b = 0; *(uint8_t*)0x2000020c = 0; *(uint8_t*)0x2000020d = 0; *(uint8_t*)0x2000020e = 0; *(uint8_t*)0x2000020f = 0; *(uint32_t*)0x20000210 = 0; syscall(__NR_setsockopt, r[55], 0x29, 0x1b, 0x20000200, 0x14); memcpy((void*)0x20000000, "/dev/sequencer2", 16); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 1, 0); if (res != -1) r[57] = res; *(uint32_t*)0x20000040 = 0xb5; syscall(__NR_getsockopt, r[57], 0x10e, 0xb, 0x20000140, 0x20000040); *(uint64_t*)0x20000380 = 5; syscall(__NR_setsockopt, r[56], 0x28, 1, 0x20000380, 8); *(uint8_t*)0x20000100 = 0xfe; *(uint8_t*)0x20000101 = 0x80; *(uint8_t*)0x20000102 = 0; *(uint8_t*)0x20000103 = 0; *(uint8_t*)0x20000104 = 0; *(uint8_t*)0x20000105 = 0; *(uint8_t*)0x20000106 = 0; *(uint8_t*)0x20000107 = 0; *(uint8_t*)0x20000108 = 0; *(uint8_t*)0x20000109 = 0; *(uint8_t*)0x2000010a = 0; *(uint8_t*)0x2000010b = 0; *(uint8_t*)0x2000010c = 0; *(uint8_t*)0x2000010d = 0; *(uint8_t*)0x2000010e = 0; *(uint8_t*)0x2000010f = 0xd; *(uint32_t*)0x20000110 = 0; syscall(__NR_setsockopt, r[55], 0x29, 0x1b, 0x20000100, 0xf0); *(uint8_t*)0x20000800 = 0xfe; *(uint8_t*)0x20000801 = 0x80; *(uint8_t*)0x20000802 = 0; *(uint8_t*)0x20000803 = 0; *(uint8_t*)0x20000804 = 0; *(uint8_t*)0x20000805 = 0; *(uint8_t*)0x20000806 = 0; *(uint8_t*)0x20000807 = 0; *(uint8_t*)0x20000808 = 0; *(uint8_t*)0x20000809 = 0; *(uint8_t*)0x2000080a = 0; *(uint8_t*)0x2000080b = 0; *(uint8_t*)0x2000080c = 0; *(uint8_t*)0x2000080d = 0; *(uint8_t*)0x2000080e = 0; *(uint8_t*)0x2000080f = 0xbb; *(uint32_t*)0x20000810 = 0; syscall(__NR_setsockopt, r[55], 0x29, 0x1c, 0x20000800, 0x14); *(uint32_t*)0x20000340 = 0xc; syscall(__NR_getpeername, r[56], 0x20000300, 0x20000340); syscall(__NR_socketpair, 1, 0x27, 0, 0x20000040); *(uint32_t*)0x20000200 = 0x41424344; *(uint32_t*)0x20000204 = 0x41424344; *(uint32_t*)0x200002c0 = 0; *(uint32_t*)0x200002c4 = 0; *(uint32_t*)0x200002c8 = 0; *(uint32_t*)0x200002cc = 0; *(uint32_t*)0x200002d0 = 0; *(uint32_t*)0x200002d4 = 0; memcpy((void*)0x20000000, "/dev/snd/pcmC#D#c", 18); res = syz_open_dev(0x20000000, 1, 2); if (res != -1) r[58] = res; syscall(__NR_ioctl, r[58], 0x125f, 0); syscall(__NR_ioctl, -1, 0x8912, 0x400200); res = syscall(__NR_socketpair, 1, 1, 0, 0x20000140); if (res != -1) r[59] = *(uint32_t*)0x20000140; res = syscall(__NR_socketpair, 1, 5, 0, 0x20616ff8); if (res != -1) { r[60] = *(uint32_t*)0x20616ff8; r[61] = *(uint32_t*)0x20616ffc; } *(uint64_t*)0x200003c0 = 0x20000000; *(uint16_t*)0x20000000 = 0; *(uint8_t*)0x20000002 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x200003c8 = 0x6e; *(uint64_t*)0x200003d0 = 0x20000340; *(uint64_t*)0x200003d8 = 0; *(uint64_t*)0x200003e0 = 0x20000380; *(uint64_t*)0x20000380 = 0x18; *(uint32_t*)0x20000388 = 1; *(uint32_t*)0x2000038c = 1; *(uint32_t*)0x20000390 = r[60]; *(uint64_t*)0x200003e8 = 0x18; *(uint32_t*)0x200003f0 = 0; syscall(__NR_sendmsg, r[61], 0x200003c0, 0); syscall(__NR_close, r[60]); syscall(__NR_close, r[59]); *(uint32_t*)0x20000140 = 2; *(uint32_t*)0x20000144 = 0x70; *(uint8_t*)0x20000148 = 0x16; *(uint8_t*)0x20000149 = 0; *(uint8_t*)0x2000014a = 0; *(uint8_t*)0x2000014b = 0; *(uint32_t*)0x2000014c = 0; *(uint64_t*)0x20000150 = 0; *(uint64_t*)0x20000158 = 0; *(uint64_t*)0x20000160 = 0; STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1); STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35); *(uint32_t*)0x20000170 = 0; *(uint32_t*)0x20000174 = 0; *(uint64_t*)0x20000178 = 0x20000000; *(uint64_t*)0x20000180 = 0; *(uint64_t*)0x20000188 = 0; *(uint64_t*)0x20000190 = 0; *(uint32_t*)0x20000198 = 0; *(uint32_t*)0x2000019c = 0; *(uint64_t*)0x200001a0 = 0; *(uint32_t*)0x200001a8 = 0; *(uint16_t*)0x200001ac = 0; *(uint16_t*)0x200001ae = 0; syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0); res = syscall(__NR_socketpair, 1, 3, 0, 0x20000000); if (res != -1) r[62] = *(uint32_t*)0x20000004; syscall(__NR_ioctl, r[62], 0x8912, 0x400200); *(uint64_t*)0x200000c0 = 0; *(uint64_t*)0x200000c8 = 0; *(uint64_t*)0x200000d0 = 0; *(uint64_t*)0x200000d8 = 0; syscall(__NR_setitimer, 3, 0x200000c0, 0); memcpy((void*)0x20000100, "keyring", 8); *(uint8_t*)0x200001c0 = 0x73; *(uint8_t*)0x200001c1 = 0x79; *(uint8_t*)0x200001c2 = 0x7a; *(uint8_t*)0x200001c3 = 0x21; *(uint8_t*)0x200001c4 = 0; res = syscall(__NR_add_key, 0x20000100, 0x200001c0, 0, 0, 0xfffffffc); if (res != -1) r[63] = res; memcpy((void*)0x20000040, "keyring", 8); *(uint8_t*)0x20000080 = 0x73; *(uint8_t*)0x20000081 = 0x79; *(uint8_t*)0x20000082 = 0x7a; *(uint8_t*)0x20000083 = 0x20; *(uint8_t*)0x20000084 = 0; syscall(__NR_add_key, 0x20000040, 0x20000080, 0, 0, r[63]); memcpy((void*)0x20000200, "/dev/sequencer2", 16); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000200, 0x2000, 0); if (res != -1) r[64] = res; syscall(__NR_ioctl, r[64], 0x80605414, 0x20000240); syscall(__NR_setsockopt, r[64], 0, 0x11, 0x20000300, 0); res = syscall(__NR_socket, 0xa, 0x1000000000002, 0); if (res != -1) r[65] = res; syscall(__NR_ioctl, r[65], 0x8912, 0x20000180); res = syscall(__NR_socket, 0xa, 0x200000005, 0x84); if (res != -1) r[66] = res; memcpy((void*)0x20000000, "/dev/admmidi#", 14); res = syz_open_dev(0x20000000, 0xfffffffffffffeaf, 0x18000); if (res != -1) r[67] = res; *(uint32_t*)0x20000c80 = 0x14; res = syscall(__NR_getpeername, r[67], 0x20000c40, 0x20000c80); if (res != -1) r[68] = *(uint32_t*)0x20000c44; *(uint8_t*)0x20000cc0 = 0; *(uint8_t*)0x20000cc1 = 0; *(uint8_t*)0x20000cc2 = 0; *(uint8_t*)0x20000cc3 = 0; *(uint8_t*)0x20000cc4 = 0; *(uint8_t*)0x20000cc5 = 0; *(uint8_t*)0x20000cc6 = 0; *(uint8_t*)0x20000cc7 = 0; *(uint8_t*)0x20000cc8 = 0; *(uint8_t*)0x20000cc9 = 0; *(uint8_t*)0x20000cca = 0; *(uint8_t*)0x20000ccb = 0; *(uint8_t*)0x20000ccc = 0; *(uint8_t*)0x20000ccd = 0; *(uint8_t*)0x20000cce = 0; *(uint8_t*)0x20000ccf = 0; *(uint64_t*)0x20000cd0 = htobe64(0); *(uint64_t*)0x20000cd8 = htobe64(1); *(uint8_t*)0x20000ce0 = -1; *(uint8_t*)0x20000ce1 = 2; *(uint8_t*)0x20000ce2 = 0; *(uint8_t*)0x20000ce3 = 0; *(uint8_t*)0x20000ce4 = 0; *(uint8_t*)0x20000ce5 = 0; *(uint8_t*)0x20000ce6 = 0; *(uint8_t*)0x20000ce7 = 0; *(uint8_t*)0x20000ce8 = 0; *(uint8_t*)0x20000ce9 = 0; *(uint8_t*)0x20000cea = 0; *(uint8_t*)0x20000ceb = 0; *(uint8_t*)0x20000cec = 0; *(uint8_t*)0x20000ced = 0; *(uint8_t*)0x20000cee = 0; *(uint8_t*)0x20000cef = 1; *(uint32_t*)0x20000cf0 = 0x7fff; *(uint16_t*)0x20000cf4 = 0xb3; *(uint16_t*)0x20000cf6 = 5; *(uint32_t*)0x20000cf8 = 0; *(uint64_t*)0x20000d00 = 0x80; *(uint32_t*)0x20000d08 = 0x200080; *(uint32_t*)0x20000d0c = r[68]; syscall(__NR_ioctl, r[65], 0x890c, 0x20000cc0); *(uint16_t*)0x209e7fe4 = 0xa; *(uint16_t*)0x209e7fe6 = htobe16(3); *(uint32_t*)0x209e7fe8 = 0; *(uint8_t*)0x209e7fec = 0; *(uint8_t*)0x209e7fed = 0; *(uint8_t*)0x209e7fee = 0; *(uint8_t*)0x209e7fef = 0; *(uint8_t*)0x209e7ff0 = 0; *(uint8_t*)0x209e7ff1 = 0; *(uint8_t*)0x209e7ff2 = 0; *(uint8_t*)0x209e7ff3 = 0; *(uint8_t*)0x209e7ff4 = 0; *(uint8_t*)0x209e7ff5 = 0; *(uint8_t*)0x209e7ff6 = 0; *(uint8_t*)0x209e7ff7 = 0; *(uint8_t*)0x209e7ff8 = 0; *(uint8_t*)0x209e7ff9 = 0; *(uint8_t*)0x209e7ffa = 0; *(uint8_t*)0x209e7ffb = 0; *(uint32_t*)0x209e7ffc = 0; syscall(__NR_bind, r[66], 0x209e7fe4, 0x1c); syscall(__NR_listen, r[66], 2); res = syscall(__NR_socket, 2, 1, 0x84); if (res != -1) r[69] = res; *(uint32_t*)0x20000040 = 6; syscall(__NR_ioctl, r[67], 0x400454d8, 0x20000040); *(uint16_t*)0x200001c0 = 2; *(uint16_t*)0x200001c2 = htobe16(3); *(uint32_t*)0x200001c4 = htobe32(0x7f000001); *(uint8_t*)0x200001c8 = 0; *(uint8_t*)0x200001c9 = 0; *(uint8_t*)0x200001ca = 0; *(uint8_t*)0x200001cb = 0; *(uint8_t*)0x200001cc = 0; *(uint8_t*)0x200001cd = 0; *(uint8_t*)0x200001ce = 0; *(uint8_t*)0x200001cf = 0; syscall(__NR_connect, r[69], 0x200001c0, 0x10); res = syscall(__NR_fcntl, 0xffffff9c, 0x406, 0xffffff9c); if (res != -1) r[70] = res; memcpy((void*)0x20000040, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80); *(uint16_t*)0x20000090 = 3; *(uint16_t*)0x20000092 = 3; *(uint16_t*)0x20000094 = 0; *(uint16_t*)0x20000096 = 0xfe86; *(uint32_t*)0x20000098 = 0x1e; *(uint32_t*)0x2000009c = 9; *(uint32_t*)0x200000a0 = 8; *(uint32_t*)0x200000a4 = 0x101; *(uint32_t*)0x200000a8 = 0xfffff801; *(uint32_t*)0x200000ac = 2; *(uint32_t*)0x200000b0 = -1; *(uint32_t*)0x200000b4 = 0xfffffff8; *(uint32_t*)0x200000b8 = 8; *(uint32_t*)0x200000bc = 4; *(uint32_t*)0x200000c0 = 0xfffffff7; *(uint32_t*)0x200000c4 = 2; *(uint32_t*)0x200000c8 = 0xa88; *(uint32_t*)0x200000cc = 0x9c41; *(uint32_t*)0x200000d0 = 7; *(uint32_t*)0x200000d4 = 1; *(uint32_t*)0x200000d8 = 9; *(uint32_t*)0x200000dc = 3; *(uint32_t*)0x200000e0 = 0; *(uint32_t*)0x200000e4 = 2; *(uint32_t*)0x200000e8 = 0xfff; *(uint32_t*)0x200000ec = 3; *(uint32_t*)0x200000f0 = 0; *(uint32_t*)0x200000f4 = 0x101; *(uint32_t*)0x200000f8 = 4; *(uint32_t*)0x200000fc = 0x7fffffff; *(uint32_t*)0x20000100 = 0x7fffffff; *(uint32_t*)0x20000104 = 4; *(uint32_t*)0x20000108 = 0x7f; *(uint32_t*)0x2000010c = 0x754a01cb; *(uint32_t*)0x20000110 = 1; *(uint32_t*)0x20000114 = 0x40000000; *(uint32_t*)0x20000118 = 1; *(uint32_t*)0x2000011c = 0x80000001; *(uint32_t*)0x20000120 = 9; *(uint32_t*)0x20000124 = 0xfffff001; *(uint32_t*)0x20000128 = -1; *(uint32_t*)0x2000012c = 8; *(uint32_t*)0x20000130 = 0; *(uint32_t*)0x20000134 = 0x7f; *(uint32_t*)0x20000138 = 0x3ff; *(uint32_t*)0x2000013c = 0; *(uint32_t*)0x20000140 = 0; *(uint32_t*)0x20000144 = -1; *(uint32_t*)0x20000148 = 0x200; *(uint32_t*)0x2000014c = 0xfffff801; *(uint32_t*)0x20000150 = 0; *(uint32_t*)0x20000154 = 5; *(uint32_t*)0x20000158 = 2; *(uint32_t*)0x2000015c = 0; *(uint32_t*)0x20000160 = 0x401; *(uint32_t*)0x20000164 = 0x10001; *(uint32_t*)0x20000168 = 5; *(uint32_t*)0x2000016c = 9; *(uint32_t*)0x20000170 = 0xa3; *(uint32_t*)0x20000174 = 5; *(uint32_t*)0x20000178 = 0x93caa13; *(uint32_t*)0x2000017c = 6; *(uint32_t*)0x20000180 = 0x2a; *(uint32_t*)0x20000184 = 0x65ea; *(uint32_t*)0x20000188 = 0; *(uint32_t*)0x2000018c = 0; *(uint32_t*)0x20000190 = 7; *(uint32_t*)0x20000194 = 5; *(uint32_t*)0x20000198 = 4; *(uint32_t*)0x2000019c = 0xfff; *(uint32_t*)0x200001a0 = 0; *(uint32_t*)0x200001a4 = 5; *(uint32_t*)0x200001a8 = 7; *(uint32_t*)0x200001ac = 0; *(uint32_t*)0x200001b0 = 8; *(uint32_t*)0x200001b4 = 9; *(uint32_t*)0x200001b8 = 0; *(uint32_t*)0x200001bc = 1; *(uint32_t*)0x200001c0 = 6; *(uint32_t*)0x200001c4 = 2; *(uint32_t*)0x200001c8 = 8; *(uint32_t*)0x200001cc = 7; *(uint32_t*)0x200001d0 = 0; *(uint32_t*)0x200001d4 = 0x7fffffff; *(uint32_t*)0x200001d8 = 0; *(uint32_t*)0x200001dc = 0x88; *(uint32_t*)0x200001e0 = 7; *(uint32_t*)0x200001e4 = 0x81; *(uint32_t*)0x200001e8 = 4; *(uint32_t*)0x200001ec = 0x520e; *(uint32_t*)0x200001f0 = 9; *(uint32_t*)0x200001f4 = 4; *(uint32_t*)0x200001f8 = 0x401; *(uint32_t*)0x200001fc = 0xc; *(uint32_t*)0x20000200 = 0; *(uint32_t*)0x20000204 = 0; *(uint32_t*)0x20000208 = 0xa7; *(uint32_t*)0x2000020c = 9; *(uint32_t*)0x20000210 = 0x1ff; *(uint32_t*)0x20000214 = 0xff800000; *(uint32_t*)0x20000218 = 0x6f06; *(uint32_t*)0x2000021c = -1; *(uint32_t*)0x20000220 = 1; *(uint32_t*)0x20000224 = 8; *(uint32_t*)0x20000228 = 8; *(uint32_t*)0x2000022c = 0; *(uint32_t*)0x20000230 = 0; *(uint32_t*)0x20000234 = 5; *(uint32_t*)0x20000238 = 6; *(uint32_t*)0x2000023c = 0; *(uint32_t*)0x20000240 = 0x401; *(uint32_t*)0x20000244 = -1; *(uint32_t*)0x20000248 = 2; *(uint32_t*)0x2000024c = 4; *(uint32_t*)0x20000250 = 0x1601; *(uint32_t*)0x20000254 = 9; *(uint32_t*)0x20000258 = 0x10000; *(uint32_t*)0x2000025c = 1; *(uint32_t*)0x20000260 = 9; *(uint32_t*)0x20000264 = 4; *(uint32_t*)0x20000268 = 3; *(uint32_t*)0x2000026c = 3; *(uint32_t*)0x20000270 = 7; *(uint32_t*)0x20000274 = 2; *(uint32_t*)0x20000278 = 0xffffbf88; *(uint32_t*)0x2000027c = 9; *(uint32_t*)0x20000280 = 8; *(uint32_t*)0x20000284 = 0xffffff00; *(uint32_t*)0x20000288 = 7; *(uint32_t*)0x2000028c = 4; *(uint32_t*)0x20000290 = 3; *(uint32_t*)0x20000294 = 0xff; *(uint32_t*)0x20000298 = 0x10000; *(uint32_t*)0x2000029c = 7; *(uint32_t*)0x200002a0 = 0; *(uint32_t*)0x200002a4 = 4; *(uint32_t*)0x200002a8 = 2; *(uint32_t*)0x200002ac = 0x33; *(uint32_t*)0x200002b0 = 0xfff; *(uint32_t*)0x200002b4 = 0; *(uint32_t*)0x200002b8 = 0x241edbb2; *(uint32_t*)0x200002bc = 2; *(uint32_t*)0x200002c0 = 0x56; *(uint32_t*)0x200002c4 = 0x6c7c; *(uint32_t*)0x200002c8 = 0x7c; *(uint32_t*)0x200002cc = 1; *(uint32_t*)0x200002d0 = 1; *(uint32_t*)0x200002d4 = 6; *(uint32_t*)0x200002d8 = 6; *(uint32_t*)0x200002dc = 4; *(uint32_t*)0x200002e0 = 5; *(uint32_t*)0x200002e4 = 1; *(uint32_t*)0x200002e8 = 5; *(uint32_t*)0x200002ec = 6; *(uint32_t*)0x200002f0 = 7; *(uint32_t*)0x200002f4 = 5; *(uint32_t*)0x200002f8 = 0x400; *(uint32_t*)0x200002fc = 0x7ff; *(uint32_t*)0x20000300 = 0x891; *(uint32_t*)0x20000304 = 0x20; *(uint32_t*)0x20000308 = 4; *(uint32_t*)0x2000030c = 0xfffffe01; *(uint32_t*)0x20000310 = 0x7f; *(uint32_t*)0x20000314 = 5; *(uint32_t*)0x20000318 = 2; *(uint32_t*)0x2000031c = 0xc00000; *(uint32_t*)0x20000320 = 0xffff; *(uint32_t*)0x20000324 = 3; *(uint32_t*)0x20000328 = 1; *(uint32_t*)0x2000032c = 8; *(uint32_t*)0x20000330 = 0x7fff; *(uint32_t*)0x20000334 = 3; *(uint32_t*)0x20000338 = 0x101; *(uint32_t*)0x2000033c = 0x1f; *(uint32_t*)0x20000340 = 0xff; *(uint32_t*)0x20000344 = 5; *(uint32_t*)0x20000348 = 0xfffffff9; *(uint32_t*)0x2000034c = 0x800; *(uint32_t*)0x20000350 = 8; *(uint32_t*)0x20000354 = 0x56; *(uint32_t*)0x20000358 = 7; *(uint32_t*)0x2000035c = 0; *(uint32_t*)0x20000360 = 8; *(uint32_t*)0x20000364 = 2; *(uint32_t*)0x20000368 = -1; *(uint32_t*)0x2000036c = 2; *(uint32_t*)0x20000370 = 0xf1; *(uint32_t*)0x20000374 = 5; *(uint32_t*)0x20000378 = 0xe834; *(uint32_t*)0x2000037c = 6; *(uint32_t*)0x20000380 = 3; *(uint32_t*)0x20000384 = 0xfffffffc; *(uint32_t*)0x20000388 = 5; *(uint32_t*)0x2000038c = 9; *(uint32_t*)0x20000390 = 5; *(uint32_t*)0x20000394 = 3; *(uint32_t*)0x20000398 = 8; *(uint32_t*)0x2000039c = 0; *(uint32_t*)0x200003a0 = 9; *(uint32_t*)0x200003a4 = 4; *(uint32_t*)0x200003a8 = 0x1ff; *(uint32_t*)0x200003ac = 0xff; *(uint32_t*)0x200003b0 = 5; *(uint32_t*)0x200003b4 = 6; *(uint32_t*)0x200003b8 = 3; *(uint32_t*)0x200003bc = 0xff; *(uint32_t*)0x200003c0 = 3; *(uint32_t*)0x200003c4 = 0x10000; *(uint32_t*)0x200003c8 = 2; *(uint32_t*)0x200003cc = 0x80000000; *(uint32_t*)0x200003d0 = 9; *(uint32_t*)0x200003d4 = 0x5c; *(uint32_t*)0x200003d8 = 0xf41b; *(uint32_t*)0x200003dc = 8; *(uint32_t*)0x200003e0 = 0x4000000; *(uint32_t*)0x200003e4 = 2; *(uint32_t*)0x200003e8 = 0x515; *(uint32_t*)0x200003ec = 0x100; *(uint32_t*)0x200003f0 = 0x800; *(uint32_t*)0x200003f4 = 0xd5; *(uint32_t*)0x200003f8 = 5; *(uint32_t*)0x200003fc = 4; *(uint32_t*)0x20000400 = 0xfffff3b1; *(uint32_t*)0x20000404 = 2; *(uint32_t*)0x20000408 = 0; *(uint32_t*)0x2000040c = 0; *(uint32_t*)0x20000410 = 0xfffffffc; *(uint32_t*)0x20000414 = 0xfffffffa; *(uint32_t*)0x20000418 = 0xff; *(uint32_t*)0x2000041c = 5; *(uint32_t*)0x20000420 = 7; *(uint32_t*)0x20000424 = 0xfffff800; *(uint32_t*)0x20000428 = 0xad; *(uint32_t*)0x2000042c = 3; *(uint32_t*)0x20000430 = 3; *(uint32_t*)0x20000434 = 9; *(uint32_t*)0x20000438 = 0x400; *(uint32_t*)0x2000043c = 8; *(uint32_t*)0x20000440 = 1; *(uint32_t*)0x20000444 = 0x100; *(uint32_t*)0x20000448 = 0x1ff; *(uint32_t*)0x2000044c = 6; *(uint32_t*)0x20000450 = 0xfffffff7; *(uint32_t*)0x20000454 = 2; *(uint32_t*)0x20000458 = 0x80000001; *(uint32_t*)0x2000045c = 0x100; *(uint32_t*)0x20000460 = 1; *(uint32_t*)0x20000464 = -1; *(uint32_t*)0x20000468 = 0x9f; *(uint32_t*)0x2000046c = 0xffff; *(uint32_t*)0x20000470 = 7; *(uint32_t*)0x20000474 = 0x401; *(uint32_t*)0x20000478 = 0x100; *(uint32_t*)0x2000047c = 0x7b4e; *(uint32_t*)0x20000480 = 8; *(uint32_t*)0x20000484 = 5; *(uint32_t*)0x20000488 = 7; *(uint32_t*)0x2000048c = 6; *(uint32_t*)0x20000490 = 0; *(uint32_t*)0x20000494 = 1; *(uint32_t*)0x20000498 = 0xfffffff7; syscall(__NR_write, r[70], 0x20000040, 0x45c); res = syscall(__NR_socket, 0xa, 3, 2); if (res != -1) r[71] = res; *(uint16_t*)0x20000780 = 0xa; *(uint16_t*)0x20000782 = htobe16(0); *(uint32_t*)0x20000784 = 0; *(uint8_t*)0x20000788 = 0xfe; *(uint8_t*)0x20000789 = 0x80; *(uint8_t*)0x2000078a = 0; *(uint8_t*)0x2000078b = 0; *(uint8_t*)0x2000078c = 0; *(uint8_t*)0x2000078d = 0; *(uint8_t*)0x2000078e = 0; *(uint8_t*)0x2000078f = 0; *(uint8_t*)0x20000790 = 0; *(uint8_t*)0x20000791 = 0; *(uint8_t*)0x20000792 = 0; *(uint8_t*)0x20000793 = 0; *(uint8_t*)0x20000794 = 0; *(uint8_t*)0x20000795 = 0; *(uint8_t*)0x20000796 = 0; *(uint8_t*)0x20000797 = 0; *(uint32_t*)0x20000798 = 8; syscall(__NR_connect, r[71], 0x20000780, 0x1c); *(uint16_t*)0x20000000 = 0xa; *(uint16_t*)0x20000002 = htobe16(0); *(uint32_t*)0x20000004 = 0; *(uint8_t*)0x20000008 = 0; *(uint8_t*)0x20000009 = 0; *(uint8_t*)0x2000000a = 0; *(uint8_t*)0x2000000b = 0; *(uint8_t*)0x2000000c = 0; *(uint8_t*)0x2000000d = 0; *(uint8_t*)0x2000000e = 0; *(uint8_t*)0x2000000f = 0; *(uint8_t*)0x20000010 = 0; *(uint8_t*)0x20000011 = 0; *(uint8_t*)0x20000012 = -1; *(uint8_t*)0x20000013 = -1; *(uint32_t*)0x20000014 = htobe32(0x7f000001); *(uint32_t*)0x20000018 = 0; syscall(__NR_connect, r[71], 0x20000000, 0x1c); res = syscall(__NR_socket, 2, 1, 0); if (res != -1) r[72] = res; memcpy((void*)0x200000c0, "\x6c\x6f\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint16_t*)0x200000d0 = 0x101; syscall(__NR_ioctl, r[72], 0x8914, 0x200000c0); *(uint32_t*)0x20000040 = htobe32(0xe0000002); *(uint8_t*)0x20000044 = 0xac; *(uint8_t*)0x20000045 = 0x14; *(uint8_t*)0x20000046 = 0x14; *(uint8_t*)0x20000047 = 0xbb; *(uint8_t*)0x20000048 = 0xac; *(uint8_t*)0x20000049 = 0x14; *(uint8_t*)0x2000004a = 0x14; *(uint8_t*)0x2000004b = 0xbb; syscall(__NR_setsockopt, r[72], 0, 0x27, 0x20000040, 0xc); syscall(__NR_listen, r[72], 0x40); *(uint32_t*)0x20000180 = 2; *(uint32_t*)0x20000184 = 0x70; *(uint8_t*)0x20000188 = 0xe5; *(uint8_t*)0x20000189 = 0; *(uint8_t*)0x2000018a = 0; *(uint8_t*)0x2000018b = 0; *(uint32_t*)0x2000018c = 0; *(uint64_t*)0x20000190 = 0; *(uint64_t*)0x20000198 = 0; *(uint64_t*)0x200001a0 = 0; STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 0, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 1, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 2, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 3, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 4, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 5, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 6, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 7, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 8, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 9, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 10, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 11, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 12, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 13, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 14, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 15, 2); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 17, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 18, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 19, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 20, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 21, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 22, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 23, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 24, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 25, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 26, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 27, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 28, 1); STORE_BY_BITMASK(uint64_t, 0x200001a8, 0, 29, 35); *(uint32_t*)0x200001b0 = 0; *(uint32_t*)0x200001b4 = 0; *(uint64_t*)0x200001b8 = 0x20000000; *(uint64_t*)0x200001c0 = 0; *(uint64_t*)0x200001c8 = 0; *(uint64_t*)0x200001d0 = 0; *(uint32_t*)0x200001d8 = 0; *(uint32_t*)0x200001dc = 0; *(uint64_t*)0x200001e0 = 0; *(uint32_t*)0x200001e8 = 0; *(uint16_t*)0x200001ec = 0; *(uint16_t*)0x200001ee = 0; syscall(__NR_perf_event_open, 0x20000180, 0, 0, -1, 0); memcpy((void*)0x20000080, "/dev/sg#", 9); res = syz_open_dev(0x20000080, 0, 0x80000000002); if (res != -1) r[73] = res; syscall(__NR_write, r[73], 0x20000300, 0xf6); memcpy((void*)0x20000180, "memory.events", 14); res = syscall(__NR_openat, 0xffffff9c, 0x20000180, 0x26e1, 0); if (res != -1) r[74] = res; res = syscall(__NR_socket, 0xa, 0x1000000000002, 0); if (res != -1) r[75] = res; syscall(__NR_ioctl, r[75], 0x8912, 0x20000080); *(uint64_t*)0x20001500 = 0x20000040; *(uint64_t*)0x20001508 = 0; syscall(__NR_pwritev, r[74], 0x20001500, 1, 0); memcpy((void*)0x20000040, "/dev/snd/controlC#", 19); res = syz_open_dev(0x20000040, 0x20, 0); if (res != -1) r[76] = res; *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 0; *(uint32_t*)0x20000088 = 0; *(uint32_t*)0x2000008c = 0; memcpy((void*)0x20000090, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 44); *(uint32_t*)0x200000bc = 0; *(uint32_t*)0x200000c0 = 0; *(uint32_t*)0x200000c4 = 0; *(uint32_t*)0x200000c8 = 0; *(uint32_t*)0x200000cc = 0; *(uint32_t*)0x200000d0 = 0; *(uint32_t*)0x200000d4 = 0; memcpy((void*)0x200000d8, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64); *(uint64_t*)0x20000118 = 0x20000000; *(uint32_t*)0x20000120 = 0; *(uint8_t*)0x20000124 = 0; *(uint8_t*)0x20000125 = 0; *(uint8_t*)0x20000126 = 0; *(uint8_t*)0x20000127 = 0; *(uint8_t*)0x20000128 = 0; *(uint8_t*)0x20000129 = 0; *(uint8_t*)0x2000012a = 0; *(uint8_t*)0x2000012b = 0; *(uint8_t*)0x2000012c = 0; *(uint8_t*)0x2000012d = 0; *(uint8_t*)0x2000012e = 0; *(uint8_t*)0x2000012f = 0; *(uint8_t*)0x20000130 = 0; *(uint8_t*)0x20000131 = 0; *(uint8_t*)0x20000132 = 0; *(uint8_t*)0x20000133 = 0; *(uint8_t*)0x20000134 = 0; *(uint8_t*)0x20000135 = 0; *(uint8_t*)0x20000136 = 0; *(uint8_t*)0x20000137 = 0; *(uint8_t*)0x20000138 = 0; *(uint8_t*)0x20000139 = 0; *(uint8_t*)0x2000013a = 0; *(uint8_t*)0x2000013b = 0; *(uint8_t*)0x2000013c = 0; *(uint8_t*)0x2000013d = 0; *(uint8_t*)0x2000013e = 0; *(uint8_t*)0x2000013f = 0; *(uint8_t*)0x20000140 = 0; *(uint8_t*)0x20000141 = 0; *(uint8_t*)0x20000142 = 0; *(uint8_t*)0x20000143 = 0; *(uint8_t*)0x20000144 = 0; *(uint8_t*)0x20000145 = 0; *(uint8_t*)0x20000146 = 0; *(uint8_t*)0x20000147 = 0; *(uint8_t*)0x20000148 = 0; *(uint8_t*)0x20000149 = 0; *(uint8_t*)0x2000014a = 0; *(uint8_t*)0x2000014b = 0; *(uint8_t*)0x2000014c = 0; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; *(uint16_t*)0x20000150 = 0; *(uint16_t*)0x20000152 = 0; *(uint16_t*)0x20000154 = 0; *(uint16_t*)0x20000156 = 0; syscall(__NR_ioctl, r[76], 0xc0405519, 0x20000080); res = syscall(__NR_socket, 0x1d, 3, 1); if (res != -1) r[77] = res; res = syscall(__NR_dup, r[77]); if (res != -1) r[78] = res; *(uint32_t*)0x20000100 = 0xa6; *(uint8_t*)0x20000104 = 0x7d; *(uint16_t*)0x20000105 = 0; *(uint16_t*)0x20000107 = 0; *(uint16_t*)0x20000109 = 0x48; *(uint16_t*)0x2000010b = 0; *(uint32_t*)0x2000010d = 0; *(uint8_t*)0x20000111 = 0; *(uint32_t*)0x20000112 = 0; *(uint64_t*)0x20000116 = 0; *(uint32_t*)0x2000011e = 0; *(uint32_t*)0x20000122 = 0; *(uint32_t*)0x20000126 = 0; *(uint64_t*)0x2000012a = 0; *(uint16_t*)0x20000132 = 7; memcpy((void*)0x20000134, "wlan0{x", 7); *(uint16_t*)0x2000013b = 0; *(uint16_t*)0x2000013d = 1; memcpy((void*)0x2000013f, "-", 1); *(uint16_t*)0x20000140 = 0xd; memcpy((void*)0x20000142, "#GPL&ppp1self", 13); *(uint16_t*)0x2000014f = 0x49; memcpy((void*)0x20000151, "em1systemvmnet0$-}&user}.{user']em0system][" "vboxnet1vmnet1)GPLeth1keyring@", 73); *(uint32_t*)0x2000019a = 0; *(uint32_t*)0x2000019e = 0; *(uint32_t*)0x200001a2 = 0; syscall(__NR_write, r[78], 0x20000100, 0xa6); res = syscall(__NR_socket, 0x1d, 3, 1); if (res != -1) r[79] = res; syscall(__NR_setsockopt, r[79], 0x65, 1, 0x20000080, 0x32f); *(uint64_t*)0x20001380 = 0x20000000; *(uint64_t*)0x20001388 = 0x94; syscall(__NR_preadv, -1, 0x20001380, 1, 0); memcpy((void*)0x20000200, "net/ip6_mr_vif", 15); res = syz_open_procfs(0, 0x20000200); if (res != -1) r[80] = res; res = syscall(__NR_socketpair, 1, 5, 0, 0x200001c0); if (res != -1) r[81] = *(uint32_t*)0x200001c0; syscall(__NR_ioctl, r[81], 0x8912, 0x400200); syscall(__NR_preadv, r[80], 0x20000480, 0x1000000000000245, 0x10400003); syscall(__NR_dup3, -1, -1, 0); res = syscall(__NR_socket, 0x10, 3, 0); if (res != -1) r[82] = res; *(uint64_t*)0x20000100 = 0; *(uint32_t*)0x20000108 = 0; *(uint64_t*)0x20000110 = 0x20000000; *(uint64_t*)0x20000000 = 0x20000040; *(uint64_t*)0x20000008 = 0; *(uint64_t*)0x20000118 = 1; *(uint64_t*)0x20000120 = 0; *(uint64_t*)0x20000128 = 0; *(uint32_t*)0x20000130 = 0; syscall(__NR_sendmsg, r[82], 0x20000100, 0); memcpy((void*)0x20000000, "/proc/self/net/pfkey", 21); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x208000, 0); if (res != -1) r[83] = res; res = syscall(__NR_ioctl, -1, 0x4c82); if (res != -1) r[84] = res; syscall(__NR_ioctl, r[83], 0x4c81, r[84]); syscall(__NR_fcntl, r[83], 0x400, 2); memcpy((void*)0x20000080, "IPVS", 5); res = syz_genetlink_get_family_id(0x20000080); if (res != -1) r[85] = res; *(uint64_t*)0x20000200 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x111; *(uint32_t*)0x20000208 = 0xc; *(uint64_t*)0x20000210 = 0x200001c0; *(uint64_t*)0x200001c0 = 0x200000c0; *(uint32_t*)0x200000c0 = 0xc8; *(uint16_t*)0x200000c4 = r[85]; *(uint16_t*)0x200000c6 = 0xff11; *(uint32_t*)0x200000c8 = 0x70bd2d; *(uint32_t*)0x200000cc = 0x25dfdbfb; *(uint8_t*)0x200000d0 = 0x10; *(uint8_t*)0x200000d1 = 0; *(uint16_t*)0x200000d2 = 0; *(uint16_t*)0x200000d4 = 0x54; *(uint16_t*)0x200000d6 = 1; *(uint16_t*)0x200000d8 = 8; *(uint16_t*)0x200000da = 0xb; memcpy((void*)0x200000dc, "sip", 4); *(uint16_t*)0x200000e0 = 8; *(uint16_t*)0x200000e2 = 1; *(uint16_t*)0x200000e4 = 0xa; *(uint16_t*)0x200000e8 = 0xc; *(uint16_t*)0x200000ea = 7; *(uint32_t*)0x200000ec = 0x13; *(uint32_t*)0x200000f0 = 2; *(uint16_t*)0x200000f4 = 8; *(uint16_t*)0x200000f6 = 4; *(uint16_t*)0x200000f8 = htobe16(0x4e22); *(uint16_t*)0x200000fc = 8; *(uint16_t*)0x200000fe = 1; *(uint16_t*)0x20000100 = 2; *(uint16_t*)0x20000104 = 8; *(uint16_t*)0x20000106 = 4; *(uint16_t*)0x20000108 = htobe16(0x4e22); *(uint16_t*)0x2000010c = 0x14; *(uint16_t*)0x2000010e = 3; *(uint32_t*)0x20000110 = htobe32(0x7f000001); *(uint16_t*)0x20000120 = 8; *(uint16_t*)0x20000122 = 0xb; memcpy((void*)0x20000124, "sip", 4); *(uint16_t*)0x20000128 = 8; *(uint16_t*)0x2000012a = 6; *(uint32_t*)0x2000012c = 0x1000; *(uint16_t*)0x20000130 = 8; *(uint16_t*)0x20000132 = 4; *(uint32_t*)0x20000134 = 4; *(uint16_t*)0x20000138 = 0x40; *(uint16_t*)0x2000013a = 2; *(uint16_t*)0x2000013c = 8; *(uint16_t*)0x2000013e = 2; *(uint16_t*)0x20000140 = htobe16(0x4e20); *(uint16_t*)0x20000144 = 0x14; *(uint16_t*)0x20000146 = 1; *(uint8_t*)0x20000148 = -1; *(uint8_t*)0x20000149 = 2; *(uint8_t*)0x2000014a = 0; *(uint8_t*)0x2000014b = 0; *(uint8_t*)0x2000014c = 0; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; *(uint8_t*)0x20000150 = 0; *(uint8_t*)0x20000151 = 0; *(uint8_t*)0x20000152 = 0; *(uint8_t*)0x20000153 = 0; *(uint8_t*)0x20000154 = 0; *(uint8_t*)0x20000155 = 0; *(uint8_t*)0x20000156 = 0; *(uint8_t*)0x20000157 = 1; *(uint16_t*)0x20000158 = 8; *(uint16_t*)0x2000015a = 0xb; *(uint16_t*)0x2000015c = 0xa; *(uint16_t*)0x20000160 = 8; *(uint16_t*)0x20000162 = 8; *(uint32_t*)0x20000164 = 0x3d; *(uint16_t*)0x20000168 = 8; *(uint16_t*)0x2000016a = 3; *(uint16_t*)0x2000016c = 3; *(uint16_t*)0x20000170 = 8; *(uint16_t*)0x20000172 = 0xb; *(uint16_t*)0x20000174 = 2; *(uint16_t*)0x20000178 = 8; *(uint16_t*)0x2000017a = 6; *(uint32_t*)0x2000017c = 2; *(uint16_t*)0x20000180 = 8; *(uint16_t*)0x20000182 = 5; *(uint32_t*)0x20000184 = 4; *(uint64_t*)0x200001c8 = 0xc8; *(uint64_t*)0x20000218 = 1; *(uint64_t*)0x20000220 = 0; *(uint64_t*)0x20000228 = 0; *(uint32_t*)0x20000230 = 0x800; syscall(__NR_sendmsg, r[83], 0x20000200, 0x20000000); memcpy((void*)0x20000240, "IPVS", 5); syz_genetlink_get_family_id(0x20000240); *(uint32_t*)0x200003c0 = 0xe8; res = syscall(__NR_getsockopt, r[83], 0, 0x10, 0x200002c0, 0x200003c0); if (res != -1) r[86] = *(uint32_t*)0x200002f0; *(uint16_t*)0x20000400 = 0x2c; *(uint16_t*)0x20000402 = 1; *(uint32_t*)0x20000404 = r[86]; *(uint32_t*)0x20000408 = 0x14; *(uint32_t*)0x2000040c = r[83]; syscall(__NR_bind, r[83], 0x20000400, 0x10); *(uint16_t*)0x20000440 = 0x1d; *(uint32_t*)0x20000444 = r[86]; *(uint32_t*)0x20000448 = 0; *(uint32_t*)0x2000044c = 0; syscall(__NR_bind, r[83], 0x20000440, 0x10); memcpy((void*)0x20000480, "./file0", 8); syscall(__NR_mknod, 0x20000480, 0x20, 0x701); res = syscall(__NR_getpid); if (res != -1) r[87] = res; *(uint32_t*)0x200004c0 = 0x19980330; *(uint32_t*)0x200004c4 = r[87]; *(uint32_t*)0x20000500 = 0; *(uint32_t*)0x20000504 = 0xa2; *(uint32_t*)0x20000508 = 3; *(uint32_t*)0x2000050c = 0x81; *(uint32_t*)0x20000510 = 0x100020; *(uint32_t*)0x20000514 = 0x80000000; syscall(__NR_capset, 0x200004c0, 0x20000500); syscall(__NR_rt_sigreturn); syscall(__NR_getdents, r[83], 0x20000540, 0xdd); *(uint16_t*)0x20000640 = 9; *(uint64_t*)0x20000680 = 2; syscall(__NR_getsockopt, r[83], 0x112, 0xb, 0x20000640, 0x20000680); res = syscall(__NR_epoll_create, 0xa6); if (res != -1) r[88] = res; syscall(__NR_setsockopt, r[83], 6, 0xf, 0x200006c0, 0); memcpy((void*)0x200007c0, "./file0", 8); memcpy((void*)0x20000800, "./file0", 8); syscall(__NR_rename, 0x200007c0, 0x20000800); syscall(__NR_ioctl, r[83], 0x7003); memcpy((void*)0x20000840, "./file0", 8); memcpy((void*)0x20000880, "osx.", 4); memcpy((void*)0x20000884, "keyring^", 9); syscall(__NR_lgetxattr, 0x20000840, 0x20000880, 0x200008c0, 0x59); *(uint32_t*)0x20000940 = 0x50; *(uint32_t*)0x20000944 = 0; *(uint64_t*)0x20000948 = 5; *(uint32_t*)0x20000950 = 7; *(uint32_t*)0x20000954 = 0x1b; *(uint32_t*)0x20000958 = 0xffffff5e; *(uint32_t*)0x2000095c = 0x208004; *(uint16_t*)0x20000960 = 0x800; *(uint16_t*)0x20000962 = 0xda8; *(uint32_t*)0x20000964 = 0x7fffffff; *(uint32_t*)0x20000968 = 2; *(uint32_t*)0x2000096c = 0; *(uint32_t*)0x20000970 = 0; *(uint32_t*)0x20000974 = 0; *(uint32_t*)0x20000978 = 0; *(uint32_t*)0x2000097c = 0; *(uint32_t*)0x20000980 = 0; *(uint32_t*)0x20000984 = 0; *(uint32_t*)0x20000988 = 0; *(uint32_t*)0x2000098c = 0; syscall(__NR_write, r[83], 0x20000940, 0x50); *(uint32_t*)0x200009c0 = 0; syscall(__NR_accept4, r[83], 0, 0x200009c0, 0); *(uint64_t*)0x20000a40 = 0x20000a00; memcpy((void*)0x20000a00, "./file0", 8); *(uint32_t*)0x20000a48 = 0; *(uint32_t*)0x20000a4c = 8; syscall(__NR_bpf, 7, 0x20000a40, 0x10); *(uint64_t*)0x20000a80 = 0x52; syscall(__NR_ioctl, r[88], 0x1264, 0x20000a80); syscall(__NR_getpgid, r[87]); *(uint32_t*)0x20000c40 = 0; *(uint32_t*)0x20000c44 = 4; *(uint32_t*)0x20000c80 = 8; res = syscall(__NR_getsockopt, r[83], 0x84, 0x7b, 0x20000c40, 0x20000c80); if (res != -1) r[89] = *(uint32_t*)0x20000c40; *(uint32_t*)0x20000d40 = 0; *(uint32_t*)0x20000d44 = 0; *(uint32_t*)0x20000d80 = 8; res = syscall(__NR_getsockopt, r[83], 0x84, 0x75, 0x20000d40, 0x20000d80); if (res != -1) r[90] = *(uint32_t*)0x20000d40; *(uint16_t*)0x20001880 = 0x5e; *(uint16_t*)0x20001882 = 0x200; *(uint32_t*)0x20001884 = 6; *(uint32_t*)0x20001888 = 7; *(uint32_t*)0x2000188c = 0; *(uint32_t*)0x200018c0 = 0x10; res = syscall(__NR_getsockopt, -1, 0x84, 0x22, 0x20001880, 0x200018c0); if (res != -1) r[91] = *(uint32_t*)0x2000188c; *(uint32_t*)0x20001980 = 0; *(uint32_t*)0x20001984 = 0x80; *(uint64_t*)0x20001988 = 0x20001900; *(uint16_t*)0x20001900 = 0xa; *(uint16_t*)0x20001902 = htobe16(0x4e24); *(uint32_t*)0x20001904 = 0x200; *(uint8_t*)0x20001908 = 0xfe; *(uint8_t*)0x20001909 = 0x80; *(uint8_t*)0x2000190a = 0; *(uint8_t*)0x2000190b = 0; *(uint8_t*)0x2000190c = 0; *(uint8_t*)0x2000190d = 0; *(uint8_t*)0x2000190e = 0; *(uint8_t*)0x2000190f = 0; *(uint8_t*)0x20001910 = 0; *(uint8_t*)0x20001911 = 0; *(uint8_t*)0x20001912 = 0; *(uint8_t*)0x20001913 = 0; *(uint8_t*)0x20001914 = 0; *(uint8_t*)0x20001915 = 0; *(uint8_t*)0x20001916 = 0; *(uint8_t*)0x20001917 = 0xbb; *(uint32_t*)0x20001918 = 2; *(uint16_t*)0x2000191c = 0xa; *(uint16_t*)0x2000191e = htobe16(0x4e21); *(uint32_t*)0x20001920 = 9; *(uint8_t*)0x20001924 = 0; *(uint8_t*)0x20001925 = 0; *(uint8_t*)0x20001926 = 0; *(uint8_t*)0x20001927 = 0; *(uint8_t*)0x20001928 = 0; *(uint8_t*)0x20001929 = 0; *(uint8_t*)0x2000192a = 0; *(uint8_t*)0x2000192b = 0; *(uint8_t*)0x2000192c = 0; *(uint8_t*)0x2000192d = 0; *(uint8_t*)0x2000192e = -1; *(uint8_t*)0x2000192f = -1; *(uint8_t*)0x20001930 = 0xac; *(uint8_t*)0x20001931 = 0x14; *(uint8_t*)0x20001932 = 0x14; *(uint8_t*)0x20001933 = 0x21; *(uint32_t*)0x20001934 = 0; *(uint16_t*)0x20001938 = 0xa; *(uint16_t*)0x2000193a = htobe16(0x4e22); *(uint32_t*)0x2000193c = 0x93b7; *(uint8_t*)0x20001940 = -1; *(uint8_t*)0x20001941 = 1; *(uint8_t*)0x20001942 = 0; *(uint8_t*)0x20001943 = 0; *(uint8_t*)0x20001944 = 0; *(uint8_t*)0x20001945 = 0; *(uint8_t*)0x20001946 = 0; *(uint8_t*)0x20001947 = 0; *(uint8_t*)0x20001948 = 0; *(uint8_t*)0x20001949 = 0; *(uint8_t*)0x2000194a = 0; *(uint8_t*)0x2000194b = 0; *(uint8_t*)0x2000194c = 0; *(uint8_t*)0x2000194d = 0; *(uint8_t*)0x2000194e = 0; *(uint8_t*)0x2000194f = 1; *(uint32_t*)0x20001950 = 0x401; *(uint16_t*)0x20001954 = 2; *(uint16_t*)0x20001956 = htobe16(0x4e22); *(uint32_t*)0x20001958 = htobe32(-1); *(uint8_t*)0x2000195c = 0; *(uint8_t*)0x2000195d = 0; *(uint8_t*)0x2000195e = 0; *(uint8_t*)0x2000195f = 0; *(uint8_t*)0x20001960 = 0; *(uint8_t*)0x20001961 = 0; *(uint8_t*)0x20001962 = 0; *(uint8_t*)0x20001963 = 0; *(uint16_t*)0x20001964 = 0xa; *(uint16_t*)0x20001966 = htobe16(0x4e23); *(uint32_t*)0x20001968 = 0x8001; *(uint8_t*)0x2000196c = 0; *(uint8_t*)0x2000196d = 0; *(uint8_t*)0x2000196e = 0; *(uint8_t*)0x2000196f = 0; *(uint8_t*)0x20001970 = 0; *(uint8_t*)0x20001971 = 0; *(uint8_t*)0x20001972 = 0; *(uint8_t*)0x20001973 = 0; *(uint8_t*)0x20001974 = 0; *(uint8_t*)0x20001975 = 0; *(uint8_t*)0x20001976 = 0; *(uint8_t*)0x20001977 = 0; *(uint8_t*)0x20001978 = 0; *(uint8_t*)0x20001979 = 0; *(uint8_t*)0x2000197a = 0; *(uint8_t*)0x2000197b = 0; *(uint32_t*)0x2000197c = 0xd266; *(uint32_t*)0x200019c0 = 0x10; res = syscall(__NR_getsockopt, r[83], 0x84, 0x6f, 0x20001980, 0x200019c0); if (res != -1) r[92] = *(uint32_t*)0x20001980; *(uint64_t*)0x20001ac0 = 0x20000ac0; *(uint16_t*)0x20000ac0 = 2; *(uint16_t*)0x20000ac2 = htobe16(0x4e21); *(uint8_t*)0x20000ac4 = 0xac; *(uint8_t*)0x20000ac5 = 0x14; *(uint8_t*)0x20000ac6 = 0x14; *(uint8_t*)0x20000ac7 = 0xaa; *(uint8_t*)0x20000ac8 = 0; *(uint8_t*)0x20000ac9 = 0; *(uint8_t*)0x20000aca = 0; *(uint8_t*)0x20000acb = 0; *(uint8_t*)0x20000acc = 0; *(uint8_t*)0x20000acd = 0; *(uint8_t*)0x20000ace = 0; *(uint8_t*)0x20000acf = 0; *(uint32_t*)0x20001ac8 = 0x10; *(uint64_t*)0x20001ad0 = 0x20000c00; *(uint64_t*)0x20000c00 = 0x20000b00; *(uint64_t*)0x20000c08 = 0; *(uint64_t*)0x20001ad8 = 1; *(uint64_t*)0x20001ae0 = 0x20000dc0; *(uint64_t*)0x20000dc0 = 0x20; *(uint32_t*)0x20000dc8 = 0x84; *(uint32_t*)0x20000dcc = 2; *(uint16_t*)0x20000dd0 = 0xfffe; *(uint16_t*)0x20000dd2 = 0; *(uint32_t*)0x20000dd4 = 7; *(uint32_t*)0x20000dd8 = 0; *(uint32_t*)0x20000ddc = r[89]; *(uint64_t*)0x20000de0 = 0x20; *(uint32_t*)0x20000de8 = 0x84; *(uint32_t*)0x20000dec = 8; *(uint8_t*)0x20000df0 = -1; *(uint8_t*)0x20000df1 = 1; *(uint8_t*)0x20000df2 = 0; *(uint8_t*)0x20000df3 = 0; *(uint8_t*)0x20000df4 = 0; *(uint8_t*)0x20000df5 = 0; *(uint8_t*)0x20000df6 = 0; *(uint8_t*)0x20000df7 = 0; *(uint8_t*)0x20000df8 = 0; *(uint8_t*)0x20000df9 = 0; *(uint8_t*)0x20000dfa = 0; *(uint8_t*)0x20000dfb = 0; *(uint8_t*)0x20000dfc = 0; *(uint8_t*)0x20000dfd = 0; *(uint8_t*)0x20000dfe = 0; *(uint8_t*)0x20000dff = 1; *(uint64_t*)0x20000e00 = 0x18; *(uint32_t*)0x20000e08 = 0x84; *(uint32_t*)0x20000e0c = 7; *(uint32_t*)0x20000e10 = htobe32(0x7f000001); *(uint64_t*)0x20000e18 = 0x20; *(uint32_t*)0x20000e20 = 0x84; *(uint32_t*)0x20000e24 = 8; *(uint8_t*)0x20000e28 = 0; *(uint8_t*)0x20000e29 = 0; *(uint8_t*)0x20000e2a = 0; *(uint8_t*)0x20000e2b = 0; *(uint8_t*)0x20000e2c = 0; *(uint8_t*)0x20000e2d = 0; *(uint8_t*)0x20000e2e = 0; *(uint8_t*)0x20000e2f = 0; *(uint8_t*)0x20000e30 = 0; *(uint8_t*)0x20000e31 = 0; *(uint8_t*)0x20000e32 = -1; *(uint8_t*)0x20000e33 = -1; *(uint8_t*)0x20000e34 = 0xac; *(uint8_t*)0x20000e35 = 0x14; *(uint8_t*)0x20000e36 = 0x14; *(uint8_t*)0x20000e37 = 0xc; *(uint64_t*)0x20000e38 = 0x18; *(uint32_t*)0x20000e40 = 0x84; *(uint32_t*)0x20000e44 = 7; *(uint8_t*)0x20000e48 = 0xac; *(uint8_t*)0x20000e49 = 0x14; *(uint8_t*)0x20000e4a = 0x14; *(uint8_t*)0x20000e4b = 0xaa; *(uint64_t*)0x20000e50 = 0x30; *(uint32_t*)0x20000e58 = 0x84; *(uint32_t*)0x20000e5c = 1; *(uint16_t*)0x20000e60 = 6; *(uint16_t*)0x20000e62 = 4; *(uint16_t*)0x20000e64 = 1; *(uint32_t*)0x20000e68 = 8; *(uint32_t*)0x20000e6c = 6; *(uint32_t*)0x20000e70 = 4; *(uint32_t*)0x20000e74 = 5; *(uint32_t*)0x20000e78 = 0xb5; *(uint32_t*)0x20000e7c = 0; *(uint64_t*)0x20000e80 = 0x18; *(uint32_t*)0x20000e88 = 0x84; *(uint32_t*)0x20000e8c = 5; *(uint16_t*)0x20000e90 = 0x20; *(uint32_t*)0x20000e94 = 5; *(uint64_t*)0x20000e98 = 0x30; *(uint32_t*)0x20000ea0 = 0x84; *(uint32_t*)0x20000ea4 = 1; *(uint16_t*)0x20000ea8 = 0xe16f; *(uint16_t*)0x20000eaa = 8; *(uint16_t*)0x20000eac = 0x8000; *(uint32_t*)0x20000eb0 = 5; *(uint32_t*)0x20000eb4 = 1; *(uint32_t*)0x20000eb8 = 0; *(uint32_t*)0x20000ebc = 0xa8; *(uint32_t*)0x20000ec0 = 2; *(uint32_t*)0x20000ec4 = r[90]; *(uint64_t*)0x20001ae8 = 0x108; *(uint32_t*)0x20001af0 = 0x4800; *(uint64_t*)0x20001af8 = 0x20000f00; *(uint16_t*)0x20000f00 = 0xa; *(uint16_t*)0x20000f02 = htobe16(0x4e24); *(uint32_t*)0x20000f04 = 0xfffffffa; *(uint8_t*)0x20000f08 = -1; *(uint8_t*)0x20000f09 = 1; *(uint8_t*)0x20000f0a = 0; *(uint8_t*)0x20000f0b = 0; *(uint8_t*)0x20000f0c = 0; *(uint8_t*)0x20000f0d = 0; *(uint8_t*)0x20000f0e = 0; *(uint8_t*)0x20000f0f = 0; *(uint8_t*)0x20000f10 = 0; *(uint8_t*)0x20000f11 = 0; *(uint8_t*)0x20000f12 = 0; *(uint8_t*)0x20000f13 = 0; *(uint8_t*)0x20000f14 = 0; *(uint8_t*)0x20000f15 = 0; *(uint8_t*)0x20000f16 = 0; *(uint8_t*)0x20000f17 = 1; *(uint32_t*)0x20000f18 = 6; *(uint32_t*)0x20001b00 = 0x1c; *(uint64_t*)0x20001b08 = 0x200011c0; *(uint64_t*)0x200011c0 = 0x20000f40; *(uint64_t*)0x200011c8 = 0; *(uint64_t*)0x200011d0 = 0x20001040; *(uint64_t*)0x200011d8 = 0; *(uint64_t*)0x200011e0 = 0x20001100; *(uint64_t*)0x200011e8 = 0; *(uint64_t*)0x200011f0 = 0x20001140; *(uint64_t*)0x200011f8 = 0; *(uint64_t*)0x20001b10 = 4; *(uint64_t*)0x20001b18 = 0x20001200; *(uint64_t*)0x20001200 = 0x18; *(uint32_t*)0x20001208 = 0x84; *(uint32_t*)0x2000120c = 0; *(uint16_t*)0x20001210 = 0xfffe; *(uint16_t*)0x20001212 = 4; *(uint16_t*)0x20001214 = 1; *(uint16_t*)0x20001216 = 0; *(uint64_t*)0x20001b20 = 0x18; *(uint32_t*)0x20001b28 = 0x80; *(uint64_t*)0x20001b30 = 0x20001240; *(uint16_t*)0x20001240 = 2; *(uint16_t*)0x20001242 = htobe16(0x4e22); *(uint32_t*)0x20001244 = htobe32(-1); *(uint8_t*)0x20001248 = 0; *(uint8_t*)0x20001249 = 0; *(uint8_t*)0x2000124a = 0; *(uint8_t*)0x2000124b = 0; *(uint8_t*)0x2000124c = 0; *(uint8_t*)0x2000124d = 0; *(uint8_t*)0x2000124e = 0; *(uint8_t*)0x2000124f = 0; *(uint32_t*)0x20001b38 = 0x10; *(uint64_t*)0x20001b40 = 0x20001740; *(uint64_t*)0x20001740 = 0x20001280; *(uint64_t*)0x20001748 = 0; *(uint64_t*)0x20001750 = 0x20001300; *(uint64_t*)0x20001758 = 0; *(uint64_t*)0x20001760 = 0x200013c0; *(uint64_t*)0x20001768 = 0; *(uint64_t*)0x20001770 = 0x200014c0; *(uint64_t*)0x20001778 = 0; *(uint64_t*)0x20001780 = 0x20001580; *(uint64_t*)0x20001788 = 0; *(uint64_t*)0x20001790 = 0x20001600; *(uint64_t*)0x20001798 = 0; *(uint64_t*)0x200017a0 = 0x20001700; *(uint64_t*)0x200017a8 = 0; *(uint64_t*)0x20001b48 = 7; *(uint64_t*)0x20001b50 = 0x20001a00; *(uint64_t*)0x20001a00 = 0x18; *(uint32_t*)0x20001a08 = 0x84; *(uint32_t*)0x20001a0c = 6; *(uint16_t*)0x20001a10 = -1; *(uint64_t*)0x20001a18 = 0x30; *(uint32_t*)0x20001a20 = 0x84; *(uint32_t*)0x20001a24 = 1; *(uint16_t*)0x20001a28 = 7; *(uint16_t*)0x20001a2a = 0x752; *(uint16_t*)0x20001a2c = 8; *(uint32_t*)0x20001a30 = 0x1f; *(uint32_t*)0x20001a34 = 7; *(uint32_t*)0x20001a38 = 9; *(uint32_t*)0x20001a3c = 4; *(uint32_t*)0x20001a40 = 0x7ff; *(uint32_t*)0x20001a44 = 0; *(uint64_t*)0x20001a48 = 0x18; *(uint32_t*)0x20001a50 = 0x84; *(uint32_t*)0x20001a54 = 5; *(uint16_t*)0x20001a58 = 0; *(uint32_t*)0x20001a5c = 0x50; *(uint64_t*)0x20001a60 = 0x30; *(uint32_t*)0x20001a68 = 0x84; *(uint32_t*)0x20001a6c = 1; *(uint16_t*)0x20001a70 = 2; *(uint16_t*)0x20001a72 = 0; *(uint16_t*)0x20001a74 = 0x8004; *(uint32_t*)0x20001a78 = 9; *(uint32_t*)0x20001a7c = 0x849; *(uint32_t*)0x20001a80 = 0x81; *(uint32_t*)0x20001a84 = 9; *(uint32_t*)0x20001a88 = 0xfffffe00; *(uint32_t*)0x20001a8c = r[91]; *(uint64_t*)0x20001a90 = 0x20; *(uint32_t*)0x20001a98 = 0x84; *(uint32_t*)0x20001a9c = 2; *(uint16_t*)0x20001aa0 = 5; *(uint16_t*)0x20001aa2 = 0x203; *(uint32_t*)0x20001aa4 = 1; *(uint32_t*)0x20001aa8 = 0x80; *(uint32_t*)0x20001aac = r[92]; *(uint64_t*)0x20001b58 = 0xb0; *(uint32_t*)0x20001b60 = 1; syscall(__NR_sendmmsg, r[83], 0x20001ac0, 3, 0x800); *(uint32_t*)0x20000040 = 0x10; res = syscall(__NR_accept, 0xffffff9c, 0x20000000, 0x20000040); if (res != -1) r[93] = res; *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 0x80000000; *(uint16_t*)0x20000088 = 0x30; *(uint32_t*)0x200000c0 = 0xc; res = syscall(__NR_getsockopt, -1, 0x84, 0x72, 0x20000080, 0x200000c0); if (res != -1) r[94] = *(uint32_t*)0x20000080; *(uint32_t*)0x20000100 = r[94]; *(uint32_t*)0x20000104 = 0x8000; *(uint32_t*)0x20000140 = 8; res = syscall(__NR_getsockopt, r[93], 0x84, 0x66, 0x20000100, 0x20000140); if (res != -1) r[95] = *(uint32_t*)0x20000100; memcpy((void*)0x20000180, "/dev/md0", 9); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000180, 0x101000, 0); if (res != -1) r[96] = res; syscall(__NR_ioctl, r[96], 0x127e, 0x200001c0); memcpy((void*)0x20000200, "/dev/ppp", 9); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000200, 0x4000, 0); if (res != -1) r[97] = res; *(uint64_t*)0x20000240 = 0x20ffd000; *(uint64_t*)0x20000248 = 0x1000; *(uint64_t*)0x20000250 = 3; *(uint64_t*)0x20000258 = 0; syscall(__NR_ioctl, r[97], 0xc020aa00, 0x20000240); syscall(__NR_ioctl, r[96], 0x127e, 0x20000280); *(uint32_t*)0x200002c0 = 0x8000; syscall(__NR_ioctl, r[97], 0xc0045516, 0x200002c0); memcpy((void*)0x20000300, "/dev/sequencer2", 16); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000300, 0x40000, 0); if (res != -1) r[98] = res; *(uint16_t*)0x20000340 = 0; *(uint16_t*)0x20000342 = 7; *(uint64_t*)0x20000348 = 1; *(uint64_t*)0x20000350 = 6; *(uint32_t*)0x20000358 = 0; *(uint32_t*)0x2000035c = 0; *(uint32_t*)0x20000360 = 0; *(uint32_t*)0x20000364 = 0; *(uint32_t*)0x20000368 = 0; *(uint32_t*)0x2000036c = 0; syscall(__NR_ioctl, r[98], 0x40305828, 0x20000340); *(uint32_t*)0x20000380 = 0xffff0001; *(uint32_t*)0x20000384 = 0x1000; *(uint32_t*)0x20000388 = 0x1000; STORE_BY_BITMASK(uint32_t, 0x2000038c, 6, 0, 1); STORE_BY_BITMASK(uint32_t, 0x2000038c, 0xff0, 1, 2); STORE_BY_BITMASK(uint32_t, 0x2000038c, 9, 3, 1); STORE_BY_BITMASK(uint32_t, 0x2000038c, 3, 4, 1); STORE_BY_BITMASK(uint32_t, 0x2000038c, 4, 5, 1); STORE_BY_BITMASK(uint32_t, 0x2000038c, 0x80000000, 6, 1); STORE_BY_BITMASK(uint32_t, 0x2000038c, 0x81, 7, 1); syscall(__NR_get_thread_area, 0x20000380); *(uint32_t*)0x200003c0 = r[95]; *(uint32_t*)0x200003c4 = 7; *(uint32_t*)0x200003c8 = 0xef44; *(uint32_t*)0x200003cc = 0xfffffe00; *(uint32_t*)0x20000400 = 0x10; syscall(__NR_getsockopt, r[93], 0x84, 0, 0x200003c0, 0x20000400); res = syscall(__NR_gettid); if (res != -1) r[99] = res; *(uint32_t*)0x20000440 = r[99]; syscall(__NR_ioctl, r[98], 0x5410, 0x20000440); syscall(__NR_socket, 2, 3, 1); memcpy((void*)0x20000480, "/dev/audio#", 12); res = syz_open_dev(0x20000480, 4, 0x400000); if (res != -1) r[100] = res; *(uint32_t*)0x20000500 = 4; syscall(__NR_getsockopt, r[93], 0, 0xe, 0x200004c0, 0x20000500); *(uint32_t*)0x20000540 = 3; *(uint32_t*)0x20000544 = 1; *(uint32_t*)0x20000548 = 2; *(uint32_t*)0x2000054c = 0; *(uint32_t*)0x20000550 = -1; *(uint32_t*)0x20000554 = 0; *(uint32_t*)0x20000558 = 0x80000001; *(uint8_t*)0x2000055c = 0; *(uint8_t*)0x2000055d = 0; *(uint8_t*)0x2000055e = 0; *(uint8_t*)0x2000055f = 0; *(uint8_t*)0x20000560 = 0; *(uint8_t*)0x20000561 = 0; *(uint8_t*)0x20000562 = 0; *(uint8_t*)0x20000563 = 0; *(uint8_t*)0x20000564 = 0; *(uint8_t*)0x20000565 = 0; *(uint8_t*)0x20000566 = 0; *(uint8_t*)0x20000567 = 0; *(uint8_t*)0x20000568 = 0; *(uint8_t*)0x20000569 = 0; *(uint8_t*)0x2000056a = 0; *(uint8_t*)0x2000056b = 0; *(uint8_t*)0x2000056c = 0; *(uint8_t*)0x2000056d = 0; *(uint8_t*)0x2000056e = 0; *(uint8_t*)0x2000056f = 0; *(uint8_t*)0x20000570 = 0; *(uint8_t*)0x20000571 = 0; *(uint8_t*)0x20000572 = 0; *(uint8_t*)0x20000573 = 0; *(uint8_t*)0x20000574 = 0; *(uint8_t*)0x20000575 = 0; *(uint8_t*)0x20000576 = 0; *(uint8_t*)0x20000577 = 0; *(uint8_t*)0x20000578 = 0; *(uint8_t*)0x20000579 = 0; *(uint8_t*)0x2000057a = 0; *(uint8_t*)0x2000057b = 0; *(uint8_t*)0x2000057c = 0; *(uint8_t*)0x2000057d = 0; *(uint8_t*)0x2000057e = 0; *(uint8_t*)0x2000057f = 0; *(uint8_t*)0x20000580 = 0; *(uint8_t*)0x20000581 = 0; *(uint8_t*)0x20000582 = 0; *(uint8_t*)0x20000583 = 0; *(uint8_t*)0x20000584 = 0; *(uint8_t*)0x20000585 = 0; *(uint8_t*)0x20000586 = 0; *(uint8_t*)0x20000587 = 0; *(uint8_t*)0x20000588 = 0; *(uint8_t*)0x20000589 = 0; *(uint8_t*)0x2000058a = 0; *(uint8_t*)0x2000058b = 0; *(uint8_t*)0x2000058c = 0; *(uint8_t*)0x2000058d = 0; *(uint8_t*)0x2000058e = 0; *(uint8_t*)0x2000058f = 0; *(uint8_t*)0x20000590 = 0; *(uint8_t*)0x20000591 = 0; *(uint8_t*)0x20000592 = 0; *(uint8_t*)0x20000593 = 0; *(uint8_t*)0x20000594 = 0; *(uint8_t*)0x20000595 = 0; *(uint8_t*)0x20000596 = 0; *(uint8_t*)0x20000597 = 0; *(uint8_t*)0x20000598 = 0; *(uint8_t*)0x20000599 = 0; *(uint8_t*)0x2000059a = 0; *(uint8_t*)0x2000059b = 0; syscall(__NR_ioctl, r[100], 0x40605346, 0x20000540); *(uint32_t*)0x200006c0 = 0xea; syscall(__NR_getsockopt, r[98], 0x21, 0xce, 0x200005c0, 0x200006c0); *(uint16_t*)0x20000700 = 0x1000; *(uint16_t*)0x20000702 = 0xa9; *(uint16_t*)0x20000704 = 0x513; syscall(__NR_ioctl, r[100], 0x5603, 0x20000700); *(uint32_t*)0x20000740 = 0x3f; *(uint64_t*)0x20000780 = 4; syscall(__NR_getsockopt, r[98], 0x112, 0xa, 0x20000740, 0x20000780); syscall(__NR_fdatasync, r[97]); syscall(__NR_ioctl, r[100], 0x80081272, 0x200007c0); syscall(__NR_pause); *(uint32_t*)0x20000800 = r[94]; *(uint16_t*)0x20000804 = 0x9b42; *(uint32_t*)0x20000840 = 8; syscall(__NR_getsockopt, r[97], 0x84, 0x18, 0x20000800, 0x20000840); memcpy((void*)0x200008c0, "/dev/null", 10); syscall(__NR_openat, 0xffffffffffffff9c, 0x200008c0, 0xa00, 0); *(uint32_t*)0x20000900 = 0x14; *(uint8_t*)0x20000904 = 0x11; *(uint16_t*)0x20000905 = 2; *(uint8_t*)0x20000907 = 0; *(uint32_t*)0x20000908 = 2; *(uint64_t*)0x2000090c = 3; syscall(__NR_write, r[97], 0x20000900, 0x14); memcpy((void*)0x20000940, "\x73\x79\x7a\x5f\x74\x75\x6e\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint16_t*)0x20000950 = 2; *(uint16_t*)0x20000952 = htobe16(0x4e22); *(uint8_t*)0x20000954 = 0xac; *(uint8_t*)0x20000955 = 0x14; *(uint8_t*)0x20000956 = 0x14; *(uint8_t*)0x20000957 = 0xbb; *(uint8_t*)0x20000958 = 0; *(uint8_t*)0x20000959 = 0; *(uint8_t*)0x2000095a = 0; *(uint8_t*)0x2000095b = 0; *(uint8_t*)0x2000095c = 0; *(uint8_t*)0x2000095d = 0; *(uint8_t*)0x2000095e = 0; *(uint8_t*)0x2000095f = 0; syscall(__NR_ioctl, r[97], 0x8916, 0x20000940); syscall(__NR_madvise, 0x20ffc000, 0x1000, 0x17); res = syscall(__NR_dup2, -1, 0xffffff9c); if (res != -1) r[101] = res; syscall(__NR_ioctl, r[101], 0x4b35, 0x100000001); *(uint64_t*)0x20000000 = 0x20ffb000; *(uint64_t*)0x20000008 = 0x2000; *(uint64_t*)0x20000010 = 3; *(uint64_t*)0x20000018 = 0; syscall(__NR_ioctl, r[101], 0xc020aa00, 0x20000000); syscall(__NR_ioctl, r[101], 0x5405, 0x20000040); res = syscall(__NR_eventfd2, 0x397, 0x80800); if (res != -1) r[102] = res; *(uint16_t*)0x200000c0 = 2; *(uint16_t*)0x200000c2 = 5; *(uint16_t*)0x200000c4 = 0x401; *(uint16_t*)0x200000c6 = 3; syscall(__NR_ioctl, r[101], 0x5414, 0x200000c0); memcpy((void*)0x20000100, "\x6c\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint16_t*)0x20000110 = 0x10; syscall(__NR_ioctl, r[101], 0x400454ca, 0x20000100); res = syscall(__NR_fcntl, r[101], 0x406, r[102]); if (res != -1) r[103] = res; *(uint32_t*)0x20000140 = 3; *(uint32_t*)0x20000144 = 7; syscall(__NR_ioctl, r[103], 0x4008af13, 0x20000140); syscall(__NR_ioctl, r[101], 0x80045301, 0x20000180); *(uint32_t*)0x20000240 = 0x79; syscall(__NR_getsockopt, r[101], 1, 0x3f, 0x200001c0, 0x20000240); *(uint16_t*)0x20000300 = 0xa; *(uint64_t*)0x20000308 = 0x20000280; *(uint16_t*)0x20000280 = 3; *(uint8_t*)0x20000282 = 0; *(uint8_t*)0x20000283 = -1; *(uint32_t*)0x20000284 = 0x7ff; *(uint16_t*)0x20000288 = 8; *(uint8_t*)0x2000028a = 0x68; *(uint8_t*)0x2000028b = 0x92; *(uint32_t*)0x2000028c = 8; *(uint16_t*)0x20000290 = 4; *(uint8_t*)0x20000292 = 1; *(uint8_t*)0x20000293 = 3; *(uint32_t*)0x20000294 = 5; *(uint16_t*)0x20000298 = 9; *(uint8_t*)0x2000029a = -1; *(uint8_t*)0x2000029b = 0x81; *(uint32_t*)0x2000029c = 0x800; *(uint16_t*)0x200002a0 = 1; *(uint8_t*)0x200002a2 = 3; *(uint8_t*)0x200002a3 = 8; *(uint32_t*)0x200002a4 = 8; *(uint16_t*)0x200002a8 = 5; *(uint8_t*)0x200002aa = 0x1f; *(uint8_t*)0x200002ab = 0xa1; *(uint32_t*)0x200002ac = 0; *(uint16_t*)0x200002b0 = 0x2c40; *(uint8_t*)0x200002b2 = 7; *(uint8_t*)0x200002b3 = 1; *(uint32_t*)0x200002b4 = 6; *(uint16_t*)0x200002b8 = 8; *(uint8_t*)0x200002ba = 8; *(uint8_t*)0x200002bb = 5; *(uint32_t*)0x200002bc = 0x7fffffff; *(uint16_t*)0x200002c0 = 6; *(uint8_t*)0x200002c2 = 0x81; *(uint8_t*)0x200002c3 = -1; *(uint32_t*)0x200002c4 = 0x3ff; *(uint16_t*)0x200002c8 = 0x945e; *(uint8_t*)0x200002ca = 0xa7; *(uint8_t*)0x200002cb = 2; *(uint32_t*)0x200002cc = 5; syscall(__NR_setsockopt, r[103], 1, 0x1a, 0x20000300, 0x10); *(uint64_t*)0x200005c0 = 0; *(uint32_t*)0x200005c8 = 0; *(uint64_t*)0x200005d0 = 0x20000480; *(uint64_t*)0x20000480 = 0x20000340; *(uint64_t*)0x20000488 = 0x6c; *(uint64_t*)0x20000490 = 0x200003c0; *(uint64_t*)0x20000498 = 0x99; *(uint64_t*)0x200005d8 = 2; *(uint64_t*)0x200005e0 = 0x200004c0; *(uint64_t*)0x200005e8 = 0xfc; *(uint32_t*)0x200005f0 = 1; *(uint32_t*)0x200005f8 = 7; *(uint64_t*)0x20000600 = 0x77359400; *(uint64_t*)0x20000608 = 0; syscall(__NR_recvmmsg, r[103], 0x200005c0, 1, 0x2000, 0x20000600); *(uint16_t*)0x20000640 = 0x18; *(uint32_t*)0x20000642 = 0; *(uint16_t*)0x20000646 = 1; *(uint8_t*)0x20000648 = 0; *(uint8_t*)0x20000649 = 0; *(uint8_t*)0x2000064a = 0; *(uint8_t*)0x2000064b = 0; *(uint8_t*)0x2000064c = 0; *(uint8_t*)0x2000064d = 0; memcpy((void*)0x2000064e, "\x62\x6f\x6e\x64\x5f\x73\x6c\x61\x76\x65\x5f\x31\x00\x00\x00\x00", 16); syscall(__NR_bind, r[103], 0x20000640, 0x80); syscall(__NR_madvise, 0x20ffd000, 0x3000, 0xd); memcpy((void*)0x20000700, "\x73\x65\x63\x75\x72\x69\x74\x79\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20000720 = 0xe; *(uint32_t*)0x20000724 = 4; *(uint32_t*)0x20000728 = 0x420; *(uint32_t*)0x2000072c = 0xf8; *(uint32_t*)0x20000730 = 0x258; *(uint32_t*)0x20000734 = 0xf8; *(uint32_t*)0x20000738 = 0xf8; *(uint32_t*)0x2000073c = 0xf8; *(uint32_t*)0x20000740 = 0x388; *(uint32_t*)0x20000744 = 0x388; *(uint32_t*)0x20000748 = 0x388; *(uint32_t*)0x2000074c = 0x388; *(uint32_t*)0x20000750 = 0x388; *(uint32_t*)0x20000754 = 4; *(uint64_t*)0x20000758 = 0x200006c0; *(uint8_t*)0x20000760 = 0; *(uint8_t*)0x20000761 = 0; *(uint8_t*)0x20000762 = 0; *(uint8_t*)0x20000763 = 0; *(uint8_t*)0x20000764 = 0; *(uint8_t*)0x20000765 = 0; *(uint8_t*)0x20000766 = 0; *(uint8_t*)0x20000767 = 0; *(uint8_t*)0x20000768 = 0; *(uint8_t*)0x20000769 = 0; *(uint8_t*)0x2000076a = 0; *(uint8_t*)0x2000076b = 0; *(uint8_t*)0x2000076c = 0; *(uint8_t*)0x2000076d = 0; *(uint8_t*)0x2000076e = 0; *(uint8_t*)0x2000076f = 0; *(uint8_t*)0x20000770 = 0; *(uint8_t*)0x20000771 = 0; *(uint8_t*)0x20000772 = 0; *(uint8_t*)0x20000773 = 0; *(uint8_t*)0x20000774 = 0; *(uint8_t*)0x20000775 = 0; *(uint8_t*)0x20000776 = 0; *(uint8_t*)0x20000777 = 0; *(uint8_t*)0x20000778 = 0; *(uint8_t*)0x20000779 = 0; *(uint8_t*)0x2000077a = 0; *(uint8_t*)0x2000077b = 0; *(uint8_t*)0x2000077c = 0; *(uint8_t*)0x2000077d = 0; *(uint8_t*)0x2000077e = 0; *(uint8_t*)0x2000077f = 0; *(uint8_t*)0x20000780 = 0; *(uint8_t*)0x20000781 = 0; *(uint8_t*)0x20000782 = 0; *(uint8_t*)0x20000783 = 0; *(uint8_t*)0x20000784 = 0; *(uint8_t*)0x20000785 = 0; *(uint8_t*)0x20000786 = 0; *(uint8_t*)0x20000787 = 0; *(uint8_t*)0x20000788 = 0; *(uint8_t*)0x20000789 = 0; *(uint8_t*)0x2000078a = 0; *(uint8_t*)0x2000078b = 0; *(uint8_t*)0x2000078c = 0; *(uint8_t*)0x2000078d = 0; *(uint8_t*)0x2000078e = 0; *(uint8_t*)0x2000078f = 0; *(uint8_t*)0x20000790 = 0; *(uint8_t*)0x20000791 = 0; *(uint8_t*)0x20000792 = 0; *(uint8_t*)0x20000793 = 0; *(uint8_t*)0x20000794 = 0; *(uint8_t*)0x20000795 = 0; *(uint8_t*)0x20000796 = 0; *(uint8_t*)0x20000797 = 0; *(uint8_t*)0x20000798 = 0; *(uint8_t*)0x20000799 = 0; *(uint8_t*)0x2000079a = 0; *(uint8_t*)0x2000079b = 0; *(uint8_t*)0x2000079c = 0; *(uint8_t*)0x2000079d = 0; *(uint8_t*)0x2000079e = 0; *(uint8_t*)0x2000079f = 0; *(uint8_t*)0x200007a0 = 0; *(uint8_t*)0x200007a1 = 0; *(uint8_t*)0x200007a2 = 0; *(uint8_t*)0x200007a3 = 0; *(uint8_t*)0x200007a4 = 0; *(uint8_t*)0x200007a5 = 0; *(uint8_t*)0x200007a6 = 0; *(uint8_t*)0x200007a7 = 0; *(uint8_t*)0x200007a8 = 0; *(uint8_t*)0x200007a9 = 0; *(uint8_t*)0x200007aa = 0; *(uint8_t*)0x200007ab = 0; *(uint8_t*)0x200007ac = 0; *(uint8_t*)0x200007ad = 0; *(uint8_t*)0x200007ae = 0; *(uint8_t*)0x200007af = 0; *(uint8_t*)0x200007b0 = 0; *(uint8_t*)0x200007b1 = 0; *(uint8_t*)0x200007b2 = 0; *(uint8_t*)0x200007b3 = 0; *(uint32_t*)0x200007d8 = 0; *(uint16_t*)0x200007dc = 0x98; *(uint16_t*)0x200007de = 0xf8; *(uint32_t*)0x200007e0 = 0; *(uint64_t*)0x200007e8 = 0; *(uint64_t*)0x200007f0 = 0; *(uint16_t*)0x200007f8 = 0x60; memcpy((void*)0x200007fa, "\x43\x4c\x55\x53\x54\x45\x52\x49\x50\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000817 = 0; *(uint32_t*)0x20000818 = 1; *(uint8_t*)0x2000081c = -1; *(uint8_t*)0x2000081d = -1; *(uint8_t*)0x2000081e = -1; *(uint8_t*)0x2000081f = -1; *(uint8_t*)0x20000820 = -1; *(uint8_t*)0x20000821 = -1; *(uint16_t*)0x20000822 = 1; *(uint16_t*)0x20000824 = 2; *(uint16_t*)0x20000826 = 0x2e; *(uint16_t*)0x20000828 = 0x40; *(uint16_t*)0x2000082a = 0x34; *(uint16_t*)0x2000082c = 2; *(uint16_t*)0x2000082e = 0x40; *(uint16_t*)0x20000830 = 0x2d; *(uint16_t*)0x20000832 = 0x31; *(uint16_t*)0x20000834 = 0xa; *(uint16_t*)0x20000836 = 0x1f; *(uint16_t*)0x20000838 = 6; *(uint16_t*)0x2000083a = 0x14; *(uint16_t*)0x2000083c = 0x26; *(uint16_t*)0x2000083e = 0x26; *(uint16_t*)0x20000840 = 0x1b; *(uint16_t*)0x20000842 = 6; *(uint16_t*)0x20000844 = 0x2d; *(uint32_t*)0x20000848 = 0; *(uint32_t*)0x2000084c = 0x10001; *(uint64_t*)0x20000850 = 0xc2c; *(uint32_t*)0x20000858 = htobe32(0xe0000002); *(uint8_t*)0x2000085c = 0xac; *(uint8_t*)0x2000085d = 0x14; *(uint8_t*)0x2000085e = 0x14; *(uint8_t*)0x2000085f = 0xbb; *(uint32_t*)0x20000860 = htobe32(-1); *(uint32_t*)0x20000864 = htobe32(0xff); memcpy((void*)0x20000868, "veth0_to_bridge", 16); memcpy((void*)0x20000878, "\x74\x65\x61\x6d\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20000894 = -1; *(uint8_t*)0x200008b2 = 0; *(uint16_t*)0x200008c2 = 8; *(uint8_t*)0x200008c4 = 3; *(uint8_t*)0x200008c5 = 0x2c; *(uint32_t*)0x200008d0 = 0; *(uint16_t*)0x200008d4 = 0x100; *(uint16_t*)0x200008d6 = 0x160; *(uint32_t*)0x200008d8 = 0; *(uint64_t*)0x200008e0 = 0; *(uint64_t*)0x200008e8 = 0; *(uint16_t*)0x200008f0 = 0x28; memcpy((void*)0x200008f2, "\x74\x74\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2000090f = 0; *(uint8_t*)0x20000910 = 3; *(uint8_t*)0x20000911 = 7; *(uint16_t*)0x20000918 = 0x40; memcpy((void*)0x2000091a, "\x73\x65\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000937 = 0; *(uint16_t*)0x20000938 = 3; *(uint32_t*)0x2000093c = 0; *(uint32_t*)0x20000940 = 2; *(uint32_t*)0x20000944 = 0; *(uint32_t*)0x20000948 = 3; *(uint32_t*)0x2000094c = 1; *(uint32_t*)0x20000950 = 9; *(uint8_t*)0x20000954 = 0x95; *(uint8_t*)0x20000955 = 1; *(uint16_t*)0x20000956 = 0xfb; *(uint16_t*)0x20000958 = 0x60; memcpy((void*)0x2000095a, "\x43\x4c\x55\x53\x54\x45\x52\x49\x50\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000977 = 0; *(uint32_t*)0x20000978 = 0; *(uint8_t*)0x2000097c = -1; *(uint8_t*)0x2000097d = -1; *(uint8_t*)0x2000097e = -1; *(uint8_t*)0x2000097f = -1; *(uint8_t*)0x20000980 = -1; *(uint8_t*)0x20000981 = -1; *(uint16_t*)0x20000982 = 0; *(uint16_t*)0x20000984 = 3; *(uint16_t*)0x20000986 = 0x33; *(uint16_t*)0x20000988 = 0x11; *(uint16_t*)0x2000098a = 6; *(uint16_t*)0x2000098c = 0x26; *(uint16_t*)0x2000098e = 0xe; *(uint16_t*)0x20000990 = 1; *(uint16_t*)0x20000992 = 0xb; *(uint16_t*)0x20000994 = 0x14; *(uint16_t*)0x20000996 = 0x18; *(uint16_t*)0x20000998 = 8; *(uint16_t*)0x2000099a = 4; *(uint16_t*)0x2000099c = 5; *(uint16_t*)0x2000099e = 0x3c; *(uint16_t*)0x200009a0 = 0x25; *(uint16_t*)0x200009a2 = 5; *(uint16_t*)0x200009a4 = 0x16; *(uint32_t*)0x200009a8 = 2; *(uint32_t*)0x200009ac = 7; *(uint64_t*)0x200009b0 = 9; *(uint32_t*)0x200009b8 = htobe32(0xe0000001); *(uint32_t*)0x200009bc = htobe32(0x40); *(uint32_t*)0x200009c0 = htobe32(0xffffff00); *(uint32_t*)0x200009c4 = htobe32(0); memcpy((void*)0x200009c8, "\x69\x70\x36\x74\x6e\x6c\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); memcpy((void*)0x200009d8, "\x69\x70\x36\x74\x6e\x6c\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x200009f4 = -1; *(uint8_t*)0x20000a12 = -1; *(uint16_t*)0x20000a22 = 0x32; *(uint8_t*)0x20000a24 = 1; *(uint8_t*)0x20000a25 = 1; *(uint32_t*)0x20000a30 = 0; *(uint16_t*)0x20000a34 = 0xf0; *(uint16_t*)0x20000a36 = 0x130; *(uint32_t*)0x20000a38 = 0; *(uint64_t*)0x20000a40 = 0; *(uint64_t*)0x20000a48 = 0; *(uint16_t*)0x20000a50 = 0x30; memcpy((void*)0x20000a52, "\x61\x64\x64\x72\x74\x79\x70\x65\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000a6f = 0; *(uint16_t*)0x20000a70 = 1; *(uint16_t*)0x20000a72 = 0x21; *(uint32_t*)0x20000a74 = 0; *(uint32_t*)0x20000a78 = 1; *(uint16_t*)0x20000a80 = 0x28; memcpy((void*)0x20000a82, "\x74\x74\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000a9f = 0; *(uint8_t*)0x20000aa0 = 3; *(uint8_t*)0x20000aa1 = 0x3d; *(uint16_t*)0x20000aa8 = 0x40; memcpy((void*)0x20000aaa, "\x52\x41\x54\x45\x45\x53\x54\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000ac7 = 0; memcpy((void*)0x20000ac8, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20000ad8 = 8; *(uint8_t*)0x20000ad9 = 0; *(uint64_t*)0x20000ae0 = 0x364; *(uint8_t*)0x20000ae8 = 0; *(uint8_t*)0x20000ae9 = 0; *(uint8_t*)0x20000aea = 0; *(uint8_t*)0x20000aeb = 0; *(uint8_t*)0x20000aec = 0; *(uint8_t*)0x20000aed = 0; *(uint8_t*)0x20000aee = 0; *(uint8_t*)0x20000aef = 0; *(uint8_t*)0x20000af0 = 0; *(uint8_t*)0x20000af1 = 0; *(uint8_t*)0x20000af2 = 0; *(uint8_t*)0x20000af3 = 0; *(uint8_t*)0x20000af4 = 0; *(uint8_t*)0x20000af5 = 0; *(uint8_t*)0x20000af6 = 0; *(uint8_t*)0x20000af7 = 0; *(uint8_t*)0x20000af8 = 0; *(uint8_t*)0x20000af9 = 0; *(uint8_t*)0x20000afa = 0; *(uint8_t*)0x20000afb = 0; *(uint8_t*)0x20000afc = 0; *(uint8_t*)0x20000afd = 0; *(uint8_t*)0x20000afe = 0; *(uint8_t*)0x20000aff = 0; *(uint8_t*)0x20000b00 = 0; *(uint8_t*)0x20000b01 = 0; *(uint8_t*)0x20000b02 = 0; *(uint8_t*)0x20000b03 = 0; *(uint8_t*)0x20000b04 = 0; *(uint8_t*)0x20000b05 = 0; *(uint8_t*)0x20000b06 = 0; *(uint8_t*)0x20000b07 = 0; *(uint8_t*)0x20000b08 = 0; *(uint8_t*)0x20000b09 = 0; *(uint8_t*)0x20000b0a = 0; *(uint8_t*)0x20000b0b = 0; *(uint8_t*)0x20000b0c = 0; *(uint8_t*)0x20000b0d = 0; *(uint8_t*)0x20000b0e = 0; *(uint8_t*)0x20000b0f = 0; *(uint8_t*)0x20000b10 = 0; *(uint8_t*)0x20000b11 = 0; *(uint8_t*)0x20000b12 = 0; *(uint8_t*)0x20000b13 = 0; *(uint8_t*)0x20000b14 = 0; *(uint8_t*)0x20000b15 = 0; *(uint8_t*)0x20000b16 = 0; *(uint8_t*)0x20000b17 = 0; *(uint8_t*)0x20000b18 = 0; *(uint8_t*)0x20000b19 = 0; *(uint8_t*)0x20000b1a = 0; *(uint8_t*)0x20000b1b = 0; *(uint8_t*)0x20000b1c = 0; *(uint8_t*)0x20000b1d = 0; *(uint8_t*)0x20000b1e = 0; *(uint8_t*)0x20000b1f = 0; *(uint8_t*)0x20000b20 = 0; *(uint8_t*)0x20000b21 = 0; *(uint8_t*)0x20000b22 = 0; *(uint8_t*)0x20000b23 = 0; *(uint8_t*)0x20000b24 = 0; *(uint8_t*)0x20000b25 = 0; *(uint8_t*)0x20000b26 = 0; *(uint8_t*)0x20000b27 = 0; *(uint8_t*)0x20000b28 = 0; *(uint8_t*)0x20000b29 = 0; *(uint8_t*)0x20000b2a = 0; *(uint8_t*)0x20000b2b = 0; *(uint8_t*)0x20000b2c = 0; *(uint8_t*)0x20000b2d = 0; *(uint8_t*)0x20000b2e = 0; *(uint8_t*)0x20000b2f = 0; *(uint8_t*)0x20000b30 = 0; *(uint8_t*)0x20000b31 = 0; *(uint8_t*)0x20000b32 = 0; *(uint8_t*)0x20000b33 = 0; *(uint8_t*)0x20000b34 = 0; *(uint8_t*)0x20000b35 = 0; *(uint8_t*)0x20000b36 = 0; *(uint8_t*)0x20000b37 = 0; *(uint8_t*)0x20000b38 = 0; *(uint8_t*)0x20000b39 = 0; *(uint8_t*)0x20000b3a = 0; *(uint8_t*)0x20000b3b = 0; *(uint32_t*)0x20000b3c = 0; *(uint16_t*)0x20000b40 = 0x70; *(uint16_t*)0x20000b42 = 0x98; *(uint32_t*)0x20000b44 = 0; *(uint64_t*)0x20000b48 = 0; *(uint64_t*)0x20000b50 = 0; *(uint16_t*)0x20000b58 = 0x28; memcpy((void*)0x20000b5a, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000b77 = 0; *(uint32_t*)0x20000b78 = 0xfffffffe; syscall(__NR_setsockopt, r[101], 0, 0x40, 0x20000700, 0x480); *(uint32_t*)0x20000b80 = 8; syscall(__NR_setsockopt, r[103], 0x84, 0x14, 0x20000b80, 4); syscall(__NR_ioctl, r[101], 0x5386, 0x20000bc0); *(uint32_t*)0x20000c00 = 0; *(uint16_t*)0x20000c08 = 0xa; *(uint16_t*)0x20000c0a = htobe16(0x4e24); *(uint32_t*)0x20000c0c = 0xa2b3; *(uint8_t*)0x20000c10 = 0xfe; *(uint8_t*)0x20000c11 = 0x80; *(uint8_t*)0x20000c12 = 0; *(uint8_t*)0x20000c13 = 0; *(uint8_t*)0x20000c14 = 0; *(uint8_t*)0x20000c15 = 0; *(uint8_t*)0x20000c16 = 0; *(uint8_t*)0x20000c17 = 0; *(uint8_t*)0x20000c18 = 0; *(uint8_t*)0x20000c19 = 0; *(uint8_t*)0x20000c1a = 0; *(uint8_t*)0x20000c1b = 0; *(uint8_t*)0x20000c1c = 0; *(uint8_t*)0x20000c1d = 0; *(uint8_t*)0x20000c1e = 0; *(uint8_t*)0x20000c1f = 0xaa; *(uint32_t*)0x20000c20 = 0xfffffeff; *(uint16_t*)0x20000c88 = 5; *(uint16_t*)0x20000c8a = 0xfff; *(uint32_t*)0x20000cc0 = 0x90; res = syscall(__NR_getsockopt, r[103], 0x84, 0x1f, 0x20000c00, 0x20000cc0); if (res != -1) r[104] = *(uint32_t*)0x20000c00; *(uint32_t*)0x20000d00 = r[104]; *(uint32_t*)0x20000d04 = 1; *(uint32_t*)0x20000d08 = 1; *(uint32_t*)0x20000d0c = 8; syscall(__NR_setsockopt, r[103], 0x84, 0, 0x20000d00, 0x10); *(uint8_t*)0x20000d40 = 1; *(uint8_t*)0x20000d41 = 6; *(uint8_t*)0x20000d42 = 9; *(uint8_t*)0x20000d43 = 0; *(uint8_t*)0x20000d44 = 0; *(uint8_t*)0x20000d45 = 0; *(uint8_t*)0x20000d46 = 0; *(uint8_t*)0x20000d47 = 0; *(uint8_t*)0x20000d48 = 0; *(uint8_t*)0x20000d49 = 0; *(uint8_t*)0x20000d4a = 0; *(uint8_t*)0x20000d4b = 0; *(uint8_t*)0x20000d4c = 0; *(uint8_t*)0x20000d4d = 0; *(uint8_t*)0x20000d4e = 0; *(uint8_t*)0x20000d4f = 0; syscall(__NR_ioctl, r[101], 0xc0105303, 0x20000d40); syscall(__NR_ioctl, r[101], 0x4b35, 0xfffffffffffffffb); memcpy((void*)0x20000d80, "\xb0\xd4\x97\x8a\xcb\x94\xab\x7f\xfc\xbb\xe0\xee\x7d\xe7\x09\x52\xe5" "\xf9\x4e\x9d\xf4\xc8\x11\x3e\x36\x4c\xa4\x6a\x8c\x1c\x85\xfe\x4a\x0b" "\x2c\x75\x8d\x97\xec\xe2\x29\x35\xa2\x5e\x9f\xfb\xe3\x03\x14\x1b\x96" "\x92\xfb\x4a\xb9\xa8\x1c\xcd\x4a\xd2\x45\x3a\x79\x53\x82\x8e\x3a\x89" "\x46\x92\x2e\x47\x8e\x5a\x77\x7e\x16\x57\xa6\xe7\xda\x86\xfa\x48\x73" "\x24\x01\x0b\x4c\xdd\xe2\x1e\x58\xb4\x62\x3b\x5f\x23\xf9\x02\xcb\x4f" "\xdc\xeb\x76\x94\x1c\xed\x76\xdd\xe5\x2d\x66\x7a\xca\x21\x10\x72\x29" "\x2a\xc1\xae\x17\x3c\xbf\xe2\x79\x4d\x69\x41\xc8\x11\xa2\x93\x92\x69" "\x1b\x13\x04\xf6\xc0\xc3\x26\x77\xae\xcd\x7f\xd5\x50\x32\x51\x07\x3f" "\x6f\x00\x45\xc1\x54\x43\xb4\xed\x19\xbe\x3b\x3e\xd2\xcd\xaf\xcd\xea" "\xd2\xa5\x20\x82\xa8\x6b\x81\x7f\xb7\x4a\xed\xf1\x83\xde\x73\x0f\x7f" "\xd5\xa0\x48\x7f\x39\x2f\x30\xa3\xf7\xc3\xd7\x14\x12\xc7\x73\x13\x7e" "\x3a\x43\xed\x1c\x3f\xb9\x60\xc2\xa9\x86\xa2\x03\x10\x81\xf1\x4a\xdb" "\x38\x1b\x59\x24\x99\x92\x6f\x09\x2c\xbc\x40\xf9\x41\x6a\x13\xf1\xa8" "\x6f\xff\xa6\x84\x02\x0d\xc2\x24\xf1\x4d\xef\x0b\x0d\x11\x16\xed\xfd" "\x76", 256); syscall(__NR_ioctl, r[103], 0x41009432, 0x20000d80); syscall(__NR_ioctl, r[103], 0x5450); *(uint32_t*)0x20000e80 = 9; *(uint32_t*)0x20000e84 = 4; *(uint32_t*)0x20000e88 = 1; *(uint64_t*)0x20000e90 = 0; *(uint64_t*)0x20000e98 = 0x1c9c380; *(uint32_t*)0x20000ea0 = 0x10001; *(uint32_t*)0x20000ea4 = 0x65c; *(uint8_t*)0x20000ea8 = 0; *(uint8_t*)0x20000ea9 = 0; *(uint8_t*)0x20000eaa = 0; *(uint8_t*)0x20000eab = 0; *(uint8_t*)0x20000eac = 0; *(uint8_t*)0x20000ead = 0; *(uint8_t*)0x20000eae = 0; *(uint8_t*)0x20000eaf = 0; *(uint8_t*)0x20000eb0 = 0; *(uint8_t*)0x20000eb1 = 0; *(uint8_t*)0x20000eb2 = 0; *(uint8_t*)0x20000eb3 = 0; *(uint8_t*)0x20000eb4 = 0; *(uint8_t*)0x20000eb5 = 0; *(uint8_t*)0x20000eb6 = 0; *(uint8_t*)0x20000eb7 = 0; *(uint8_t*)0x20000eb8 = 0; *(uint8_t*)0x20000eb9 = 0; *(uint8_t*)0x20000eba = 0; *(uint8_t*)0x20000ebb = 0; *(uint8_t*)0x20000ebc = 0; *(uint8_t*)0x20000ebd = 0; *(uint8_t*)0x20000ebe = 0; *(uint8_t*)0x20000ebf = 0; *(uint8_t*)0x20000ec0 = 0; *(uint8_t*)0x20000ec1 = 0; *(uint8_t*)0x20000ec2 = 0; *(uint8_t*)0x20000ec3 = 0; *(uint8_t*)0x20000ec4 = 0; *(uint8_t*)0x20000ec5 = 0; *(uint8_t*)0x20000ec6 = 0; *(uint8_t*)0x20000ec7 = 0; *(uint8_t*)0x20000ec8 = 0; *(uint8_t*)0x20000ec9 = 0; *(uint8_t*)0x20000eca = 0; *(uint8_t*)0x20000ecb = 0; *(uint8_t*)0x20000ecc = 0; *(uint8_t*)0x20000ecd = 0; *(uint8_t*)0x20000ece = 0; *(uint8_t*)0x20000ecf = 0; *(uint8_t*)0x20000ed0 = 0; *(uint8_t*)0x20000ed1 = 0; *(uint8_t*)0x20000ed2 = 0; *(uint8_t*)0x20000ed3 = 0; *(uint8_t*)0x20000ed4 = 0; *(uint8_t*)0x20000ed5 = 0; *(uint8_t*)0x20000ed6 = 0; *(uint8_t*)0x20000ed7 = 0; *(uint8_t*)0x20000ed8 = 0; *(uint8_t*)0x20000ed9 = 0; *(uint8_t*)0x20000eda = 0; *(uint8_t*)0x20000edb = 0; *(uint8_t*)0x20000edc = 0; *(uint8_t*)0x20000edd = 0; *(uint8_t*)0x20000ede = 0; *(uint8_t*)0x20000edf = 0; *(uint8_t*)0x20000ee0 = 0; *(uint8_t*)0x20000ee1 = 0; *(uint8_t*)0x20000ee2 = 0; *(uint8_t*)0x20000ee3 = 0; *(uint8_t*)0x20000ee4 = 0; *(uint8_t*)0x20000ee5 = 0; *(uint8_t*)0x20000ee6 = 0; *(uint8_t*)0x20000ee7 = 0; syscall(__NR_ioctl, r[103], 0x402c5342, 0x20000e80); *(uint32_t*)0x20000f80 = 0x68; syscall(__NR_getsockopt, r[101], 0, 0x483, 0x20000f00, 0x20000f80); *(uint32_t*)0x20000fc0 = 4; syscall(__NR_ioctl, r[101], 0x5206, 0x20000fc0); memcpy((void*)0x20001000, "/dev/vcs#", 10); syz_open_dev(0x20001000, 0xfffffffffffffff9, 0x2000); memcpy((void*)0x20000000, "/dev/input/mice", 16); res = syz_open_dev(0x20000000, 0, 0x88502); if (res != -1) r[105] = res; *(uint32_t*)0x20000040 = 0x18; *(uint32_t*)0x20000044 = 0xfffffff5; *(uint64_t*)0x20000048 = 2; *(uint64_t*)0x20000050 = 6; syscall(__NR_write, r[105], 0x20000040, 0x18); res = syscall(__NR_getpgid, -1); if (res != -1) r[106] = res; syscall(__NR_ptrace, 0x4217, r[106]); syscall(__NR_fcntl, r[105], 0x10, 0x20000080); *(uint32_t*)0x200000c0 = 0x18; *(uint32_t*)0x200000c4 = 0; *(uint64_t*)0x200000c8 = 2; *(uint64_t*)0x200000d0 = 9; syscall(__NR_write, r[105], 0x200000c0, 0x18); *(uint32_t*)0x20000100 = 3; *(uint32_t*)0x20000104 = 3; *(uint32_t*)0x20000108 = 1; *(uint32_t*)0x2000010c = 3; *(uint32_t*)0x20000110 = 0xff; *(uint64_t*)0x20000118 = 2; *(uint64_t*)0x20000120 = 1; *(uint64_t*)0x20000128 = 0; *(uint8_t*)0x20000130 = 0; *(uint8_t*)0x20000131 = 0; *(uint8_t*)0x20000132 = 0; *(uint8_t*)0x20000133 = 0; *(uint8_t*)0x20000134 = 0; *(uint8_t*)0x20000135 = 0; *(uint8_t*)0x20000136 = 0; *(uint8_t*)0x20000137 = 0; *(uint8_t*)0x20000138 = 0; *(uint8_t*)0x20000139 = 0; *(uint8_t*)0x2000013a = 0; *(uint8_t*)0x2000013b = 0; *(uint8_t*)0x2000013c = 0; *(uint8_t*)0x2000013d = 0; *(uint8_t*)0x2000013e = 0; *(uint8_t*)0x2000013f = 0; *(uint8_t*)0x20000140 = 0; *(uint8_t*)0x20000141 = 0; *(uint8_t*)0x20000142 = 0; *(uint8_t*)0x20000143 = 0; *(uint8_t*)0x20000144 = 0; *(uint8_t*)0x20000145 = 0; *(uint8_t*)0x20000146 = 0; *(uint8_t*)0x20000147 = 0; *(uint8_t*)0x20000148 = 0; *(uint8_t*)0x20000149 = 0; *(uint8_t*)0x2000014a = 0; *(uint8_t*)0x2000014b = 0; *(uint8_t*)0x2000014c = 0; *(uint8_t*)0x2000014d = 0; *(uint8_t*)0x2000014e = 0; *(uint8_t*)0x2000014f = 0; syscall(__NR_ioctl, r[105], 0xc0505405, 0x20000100); *(uint32_t*)0x20000180 = 0; *(uint32_t*)0x20000184 = 0x81; *(uint32_t*)0x20000188 = 4; *(uint16_t*)0x2000018c = 8; *(uint16_t*)0x2000018e = 4; *(uint16_t*)0x20000190 = 8; *(uint16_t*)0x20000192 = 9; *(uint32_t*)0x20000194 = 0xffff; *(uint32_t*)0x20000198 = 0; *(uint16_t*)0x2000019c = 2; *(uint16_t*)0x2000019e = htobe16(0x4e22); *(uint32_t*)0x200001a0 = htobe32(-1); *(uint8_t*)0x200001a4 = 0; *(uint8_t*)0x200001a5 = 0; *(uint8_t*)0x200001a6 = 0; *(uint8_t*)0x200001a7 = 0; *(uint8_t*)0x200001a8 = 0; *(uint8_t*)0x200001a9 = 0; *(uint8_t*)0x200001aa = 0; *(uint8_t*)0x200001ab = 0; *(uint32_t*)0x2000021c = 8; *(uint32_t*)0x20000220 = 5; *(uint32_t*)0x20000224 = 0xfffffffc; *(uint32_t*)0x20000228 = 6; *(uint32_t*)0x2000022c = -1; *(uint32_t*)0x20000240 = 0xb0; res = syscall(__NR_getsockopt, r[105], 0x84, 0xe, 0x20000180, 0x20000240); if (res != -1) { r[107] = *(uint32_t*)0x20000180; r[108] = *(uint32_t*)0x20000198; } *(uint32_t*)0x20000280 = r[108]; *(uint16_t*)0x20000284 = 5; *(uint16_t*)0x20000286 = 4; *(uint32_t*)0x20000288 = 0xe85; *(uint32_t*)0x2000028c = 6; *(uint32_t*)0x20000290 = 0x6844; *(uint32_t*)0x200002c0 = 0x14; res = syscall(__NR_getsockopt, r[105], 0x84, 1, 0x20000280, 0x200002c0); if (res != -1) r[109] = *(uint32_t*)0x20000280; *(uint8_t*)0x20000440 = 0; *(uint8_t*)0x20000441 = 0; *(uint8_t*)0x20000442 = 0; *(uint8_t*)0x20000443 = 0; *(uint8_t*)0x20000444 = 0; *(uint8_t*)0x20000445 = 0; *(uint8_t*)0x20000446 = 0; *(uint8_t*)0x20000447 = 0; *(uint8_t*)0x20000448 = 0; *(uint8_t*)0x20000449 = 0; *(uint8_t*)0x2000044a = 0; *(uint8_t*)0x2000044b = 0; *(uint8_t*)0x2000044c = 0; *(uint8_t*)0x2000044d = 0; *(uint8_t*)0x2000044e = 0; *(uint8_t*)0x2000044f = 0; *(uint8_t*)0x20000450 = 0xfe; *(uint8_t*)0x20000451 = 0x80; *(uint8_t*)0x20000452 = 0; *(uint8_t*)0x20000453 = 0; *(uint8_t*)0x20000454 = 0; *(uint8_t*)0x20000455 = 0; *(uint8_t*)0x20000456 = 0; *(uint8_t*)0x20000457 = 0; *(uint8_t*)0x20000458 = 0; *(uint8_t*)0x20000459 = 0; *(uint8_t*)0x2000045a = 0; *(uint8_t*)0x2000045b = 0; *(uint8_t*)0x2000045c = 0; *(uint8_t*)0x2000045d = 0; *(uint8_t*)0x2000045e = 0; *(uint8_t*)0x2000045f = 0xaa; *(uint8_t*)0x20000460 = -1; *(uint8_t*)0x20000461 = 1; *(uint8_t*)0x20000462 = 0; *(uint8_t*)0x20000463 = 0; *(uint8_t*)0x20000464 = 0; *(uint8_t*)0x20000465 = 0; *(uint8_t*)0x20000466 = 0; *(uint8_t*)0x20000467 = 0; *(uint8_t*)0x20000468 = 0; *(uint8_t*)0x20000469 = 0; *(uint8_t*)0x2000046a = 0; *(uint8_t*)0x2000046b = 0; *(uint8_t*)0x2000046c = 0; *(uint8_t*)0x2000046d = 0; *(uint8_t*)0x2000046e = 0; *(uint8_t*)0x2000046f = 1; *(uint32_t*)0x20000470 = 0xafc; *(uint16_t*)0x20000474 = 1; *(uint16_t*)0x20000476 = 1; *(uint32_t*)0x20000478 = 0x400; *(uint64_t*)0x20000480 = 2; *(uint32_t*)0x20000488 = 0x80110000; *(uint32_t*)0x2000048c = 0; syscall(__NR_ioctl, r[105], 0x890b, 0x20000440); *(uint32_t*)0x200004c0 = 0x1b; *(uint32_t*)0x200004c4 = 0x80; *(uint32_t*)0x200004c8 = 0xc6e2; *(uint32_t*)0x200004cc = 0x80000001; syscall(__NR_rt_sigqueueinfo, r[106], 0x3c, 0x200004c0); memcpy((void*)0x20000500, "keyring", 8); *(uint8_t*)0x20000540 = 0x73; *(uint8_t*)0x20000541 = 0x79; *(uint8_t*)0x20000542 = 0x7a; *(uint8_t*)0x20000543 = 0x21; *(uint8_t*)0x20000544 = 0; res = syscall(__NR_add_key, 0x20000500, 0x20000540, 0, 0, 0xfffffffe); if (res != -1) r[110] = res; memcpy((void*)0x20000580, "dns_resolver", 13); *(uint8_t*)0x200005c0 = 0x73; *(uint8_t*)0x200005c1 = 0x79; *(uint8_t*)0x200005c2 = 0x7a; *(uint8_t*)0x200005c3 = 0x21; *(uint8_t*)0x200005c4 = 0; res = syscall(__NR_add_key, 0x20000580, 0x200005c0, 0x20000600, 0, 0xfffffff8); if (res != -1) r[111] = res; syscall(__NR_keyctl, 8, r[110], r[111]); *(uint32_t*)0x20000700 = 4; syscall(__NR_getsockopt, r[105], 0x84, 8, 0x200006c0, 0x20000700); *(uint32_t*)0x20000840 = 0xe8; syscall(__NR_getsockopt, r[105], 0x29, 0x22, 0x20000740, 0x20000840); syscall(__NR_sysfs, 2, 2, 0x20000880); syscall(__NR_ioctl, r[105], 0x541b, 0x20000900); *(uint32_t*)0x20000940 = 1; *(uint32_t*)0x20000944 = r[106]; syscall(__NR_fcntl, r[105], 0xf, 0x20000940); *(uint16_t*)0x20000980 = 0xa; *(uint16_t*)0x20000982 = htobe16(0x4e23); *(uint32_t*)0x20000984 = 0x10000; *(uint8_t*)0x20000988 = 0xfe; *(uint8_t*)0x20000989 = 0x80; *(uint8_t*)0x2000098a = 0; *(uint8_t*)0x2000098b = 0; *(uint8_t*)0x2000098c = 0; *(uint8_t*)0x2000098d = 0; *(uint8_t*)0x2000098e = 0; *(uint8_t*)0x2000098f = 0; *(uint8_t*)0x20000990 = 0; *(uint8_t*)0x20000991 = 0; *(uint8_t*)0x20000992 = 0; *(uint8_t*)0x20000993 = 0; *(uint8_t*)0x20000994 = 0; *(uint8_t*)0x20000995 = 0; *(uint8_t*)0x20000996 = 0; *(uint8_t*)0x20000997 = 0xaa; *(uint32_t*)0x20000998 = 1; *(uint16_t*)0x2000099c = 0xa; *(uint16_t*)0x2000099e = htobe16(0x4e22); *(uint32_t*)0x200009a0 = 7; *(uint8_t*)0x200009a4 = 0xfe; *(uint8_t*)0x200009a5 = 0x80; *(uint8_t*)0x200009a6 = 0; *(uint8_t*)0x200009a7 = 0; *(uint8_t*)0x200009a8 = 0; *(uint8_t*)0x200009a9 = 0; *(uint8_t*)0x200009aa = 0; *(uint8_t*)0x200009ab = 0; *(uint8_t*)0x200009ac = 0; *(uint8_t*)0x200009ad = 0; *(uint8_t*)0x200009ae = 0; *(uint8_t*)0x200009af = 0; *(uint8_t*)0x200009b0 = 0; *(uint8_t*)0x200009b1 = 0; *(uint8_t*)0x200009b2 = 0; *(uint8_t*)0x200009b3 = 0xaa; *(uint32_t*)0x200009b4 = 7; *(uint16_t*)0x200009b8 = 9; *(uint32_t*)0x200009bc = 8; *(uint32_t*)0x200009c0 = 0x7fff; *(uint32_t*)0x200009c4 = 1; *(uint32_t*)0x200009c8 = 0x401; *(uint32_t*)0x200009cc = 5; *(uint32_t*)0x200009d0 = 1; *(uint32_t*)0x200009d4 = 0x800; *(uint32_t*)0x200009d8 = 6; syscall(__NR_setsockopt, r[105], 0x29, 0xd2, 0x20000980, 0x5c); memcpy((void*)0x20000a80, "./file0", 8); syscall(__NR_readlinkat, r[105], 0x20000a80, 0x20000ac0, 0x45); syscall(__NR_ioctl, r[105], 0x80084503, 0x20000b40); syscall(__NR_sysfs, 2, 5, 0x20000c40); *(uint32_t*)0x20000c80 = r[109]; *(uint16_t*)0x20000c88 = 0xa; *(uint16_t*)0x20000c8a = htobe16(0x4e20); *(uint32_t*)0x20000c8c = 2; *(uint8_t*)0x20000c90 = -1; *(uint8_t*)0x20000c91 = 1; *(uint8_t*)0x20000c92 = 0; *(uint8_t*)0x20000c93 = 0; *(uint8_t*)0x20000c94 = 0; *(uint8_t*)0x20000c95 = 0; *(uint8_t*)0x20000c96 = 0; *(uint8_t*)0x20000c97 = 0; *(uint8_t*)0x20000c98 = 0; *(uint8_t*)0x20000c99 = 0; *(uint8_t*)0x20000c9a = 0; *(uint8_t*)0x20000c9b = 0; *(uint8_t*)0x20000c9c = 0; *(uint8_t*)0x20000c9d = 0; *(uint8_t*)0x20000c9e = 0; *(uint8_t*)0x20000c9f = 1; *(uint32_t*)0x20000ca0 = 9; *(uint16_t*)0x20000d08 = 2; *(uint16_t*)0x20000d0a = 2; syscall(__NR_setsockopt, r[105], 0x84, 0x1f, 0x20000c80, 0x90); *(uint32_t*)0x20000d40 = 0x31; *(uint32_t*)0x20000d44 = 3; *(uint64_t*)0x20000d48 = 0; *(uint64_t*)0x20000d50 = 4; *(uint32_t*)0x20000d58 = 0x10; *(uint32_t*)0x20000d5c = 0; memcpy((void*)0x20000d60, "/dev/input/mice", 16); *(uint8_t*)0x20000d70 = 0; syscall(__NR_write, r[105], 0x20000d40, 0x31); *(uint16_t*)0x20000d80 = 0x28; *(uint16_t*)0x20000d82 = 0; *(uint32_t*)0x20000d84 = -1; *(uint32_t*)0x20000d88 = 1; *(uint32_t*)0x20000d8c = 0; syscall(__NR_connect, r[105], 0x20000d80, 0x10); *(uint32_t*)0x20000dc0 = r[107]; *(uint16_t*)0x20000dc8 = 0xa; *(uint16_t*)0x20000dca = htobe16(0x4e22); *(uint32_t*)0x20000dcc = 0; *(uint8_t*)0x20000dd0 = 0xfe; *(uint8_t*)0x20000dd1 = 0x80; *(uint8_t*)0x20000dd2 = 0; *(uint8_t*)0x20000dd3 = 0; *(uint8_t*)0x20000dd4 = 0; *(uint8_t*)0x20000dd5 = 0; *(uint8_t*)0x20000dd6 = 0; *(uint8_t*)0x20000dd7 = 0; *(uint8_t*)0x20000dd8 = 0; *(uint8_t*)0x20000dd9 = 0; *(uint8_t*)0x20000dda = 0; *(uint8_t*)0x20000ddb = 0; *(uint8_t*)0x20000ddc = 0; *(uint8_t*)0x20000ddd = 0; *(uint8_t*)0x20000dde = 0; *(uint8_t*)0x20000ddf = 0xbb; *(uint32_t*)0x20000de0 = 7; *(uint64_t*)0x20000e48 = 0; *(uint64_t*)0x20000e50 = 1; *(uint64_t*)0x20000e58 = 0x80000000; *(uint64_t*)0x20000e60 = 3; *(uint64_t*)0x20000e68 = 5; *(uint64_t*)0x20000e70 = 0xafc8; *(uint64_t*)0x20000e78 = 0xdd; *(uint64_t*)0x20000e80 = 9; *(uint64_t*)0x20000e88 = 5; *(uint64_t*)0x20000e90 = 0x10000; *(uint64_t*)0x20000e98 = 3; *(uint64_t*)0x20000ea0 = 4; *(uint64_t*)0x20000ea8 = 5; *(uint64_t*)0x20000eb0 = 0; *(uint64_t*)0x20000eb8 = 0x14d0; *(uint32_t*)0x20000ec0 = 0x100; syscall(__NR_getsockopt, r[105], 0x84, 0x70, 0x20000dc0, 0x20000ec0); *(uint32_t*)0x20000f00 = r[108]; *(uint32_t*)0x20000f04 = 0x8e; *(uint32_t*)0x20000f40 = 8; syscall(__NR_getsockopt, r[105], 0x84, 0x76, 0x20000f00, 0x20000f40); res = syscall(__NR_dup2, 0xffffff9c, -1); if (res != -1) r[112] = res; *(uint32_t*)0x20000040 = 0; *(uint16_t*)0x20000044 = 0x18; *(uint16_t*)0x20000046 = 0xfa00; *(uint64_t*)0x20000048 = 4; *(uint64_t*)0x20000050 = 0x20000000; *(uint16_t*)0x20000058 = 0x111; *(uint8_t*)0x2000005a = 0xf; *(uint8_t*)0x2000005b = 0; *(uint8_t*)0x2000005c = 0; *(uint8_t*)0x2000005d = 0; *(uint8_t*)0x2000005e = 0; *(uint8_t*)0x2000005f = 0; res = syscall(__NR_write, -1, 0x20000040, 0x20); if (res != -1) r[113] = *(uint32_t*)0x20000000; *(uint32_t*)0x20000080 = 3; *(uint16_t*)0x20000084 = 0x40; *(uint16_t*)0x20000086 = 0xfa00; *(uint16_t*)0x20000088 = 0xa; *(uint16_t*)0x2000008a = htobe16(0x4e21); *(uint32_t*)0x2000008c = 2; *(uint8_t*)0x20000090 = -1; *(uint8_t*)0x20000091 = 1; *(uint8_t*)0x20000092 = 0; *(uint8_t*)0x20000093 = 0; *(uint8_t*)0x20000094 = 0; *(uint8_t*)0x20000095 = 0; *(uint8_t*)0x20000096 = 0; *(uint8_t*)0x20000097 = 0; *(uint8_t*)0x20000098 = 0; *(uint8_t*)0x20000099 = 0; *(uint8_t*)0x2000009a = 0; *(uint8_t*)0x2000009b = 0; *(uint8_t*)0x2000009c = 0; *(uint8_t*)0x2000009d = 0; *(uint8_t*)0x2000009e = 0; *(uint8_t*)0x2000009f = 1; *(uint32_t*)0x200000a0 = 2; *(uint16_t*)0x200000a4 = 0xa; *(uint16_t*)0x200000a6 = htobe16(0x4e24); *(uint32_t*)0x200000a8 = 0xffff3515; *(uint8_t*)0x200000ac = 0xfe; *(uint8_t*)0x200000ad = 0x80; *(uint8_t*)0x200000ae = 0; *(uint8_t*)0x200000af = 0; *(uint8_t*)0x200000b0 = 0; *(uint8_t*)0x200000b1 = 0; *(uint8_t*)0x200000b2 = 0; *(uint8_t*)0x200000b3 = 0; *(uint8_t*)0x200000b4 = 0; *(uint8_t*)0x200000b5 = 0; *(uint8_t*)0x200000b6 = 0; *(uint8_t*)0x200000b7 = 0; *(uint8_t*)0x200000b8 = 0; *(uint8_t*)0x200000b9 = 0; *(uint8_t*)0x200000ba = 0; *(uint8_t*)0x200000bb = 0xbb; *(uint32_t*)0x200000bc = 0x101; *(uint32_t*)0x200000c0 = r[113]; *(uint32_t*)0x200000c4 = 0x29; syscall(__NR_write, r[112], 0x20000080, 0x48); *(uint32_t*)0x20000100 = 0x8000; *(uint32_t*)0x20000104 = 4; *(uint32_t*)0x20000108 = 0x7fff; *(uint32_t*)0x2000010c = 0x80000001; syscall(__NR_setsockopt, r[112], 0x10e, 7, 0x20000100, 0x10); syscall(__NR_ioctl, r[112], 0xc0a85322, 0x20000140); syscall(__NR_ioctl, r[112], 0x80404525, 0x20000200); *(uint16_t*)0x20000280 = 2; *(uint16_t*)0x20000282 = htobe16(0x4e23); *(uint8_t*)0x20000284 = 0xac; *(uint8_t*)0x20000285 = 0x14; *(uint8_t*)0x20000286 = 0x14; *(uint8_t*)0x20000287 = 0xbb; *(uint8_t*)0x20000288 = 0; *(uint8_t*)0x20000289 = 0; *(uint8_t*)0x2000028a = 0; *(uint8_t*)0x2000028b = 0; *(uint8_t*)0x2000028c = 0; *(uint8_t*)0x2000028d = 0; *(uint8_t*)0x2000028e = 0; *(uint8_t*)0x2000028f = 0; *(uint16_t*)0x20000290 = 0x307; *(uint8_t*)0x20000292 = -1; *(uint8_t*)0x20000293 = -1; *(uint8_t*)0x20000294 = -1; *(uint8_t*)0x20000295 = -1; *(uint8_t*)0x20000296 = -1; *(uint8_t*)0x20000297 = -1; *(uint32_t*)0x200002a0 = 8; *(uint16_t*)0x200002a4 = 2; *(uint16_t*)0x200002a6 = htobe16(0x4e22); *(uint32_t*)0x200002a8 = htobe32(0xe0000001); *(uint8_t*)0x200002ac = 0; *(uint8_t*)0x200002ad = 0; *(uint8_t*)0x200002ae = 0; *(uint8_t*)0x200002af = 0; *(uint8_t*)0x200002b0 = 0; *(uint8_t*)0x200002b1 = 0; *(uint8_t*)0x200002b2 = 0; *(uint8_t*)0x200002b3 = 0; memcpy((void*)0x200002b4, "\x76\x65\x74\x68\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); syscall(__NR_ioctl, r[112], 0x8954, 0x20000280); memcpy((void*)0x20000300, "/dev/audio", 11); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000300, 0, 0); if (res != -1) r[114] = res; memcpy((void*)0x20000380, "IPVS", 5); res = syz_genetlink_get_family_id(0x20000380); if (res != -1) r[115] = res; *(uint64_t*)0x20000480 = 0x20000340; *(uint16_t*)0x20000340 = 0x10; *(uint16_t*)0x20000342 = 0; *(uint32_t*)0x20000344 = 0; *(uint32_t*)0x20000348 = 2; *(uint32_t*)0x20000488 = 0xc; *(uint64_t*)0x20000490 = 0x20000440; *(uint64_t*)0x20000440 = 0x200003c0; *(uint32_t*)0x200003c0 = 0x68; *(uint16_t*)0x200003c4 = r[115]; *(uint16_t*)0x200003c6 = 0x701; *(uint32_t*)0x200003c8 = 0x70bd26; *(uint32_t*)0x200003cc = 0x25dfdbfd; *(uint8_t*)0x200003d0 = 0x10; *(uint8_t*)0x200003d1 = 0; *(uint16_t*)0x200003d2 = 0; *(uint16_t*)0x200003d4 = 0x24; *(uint16_t*)0x200003d6 = 1; *(uint16_t*)0x200003d8 = 8; *(uint16_t*)0x200003da = 4; *(uint16_t*)0x200003dc = htobe16(0x4e23); *(uint16_t*)0x200003e0 = 8; *(uint16_t*)0x200003e2 = 2; *(uint16_t*)0x200003e4 = 0x3b; *(uint16_t*)0x200003e8 = 8; *(uint16_t*)0x200003ea = 5; *(uint32_t*)0x200003ec = 0; *(uint16_t*)0x200003f0 = 8; *(uint16_t*)0x200003f2 = 1; *(uint16_t*)0x200003f4 = 2; *(uint16_t*)0x200003f8 = 0x24; *(uint16_t*)0x200003fa = 2; *(uint16_t*)0x200003fc = 8; *(uint16_t*)0x200003fe = 4; *(uint32_t*)0x20000400 = 8; *(uint16_t*)0x20000404 = 8; *(uint16_t*)0x20000406 = 6; *(uint32_t*)0x20000408 = 3; *(uint16_t*)0x2000040c = 8; *(uint16_t*)0x2000040e = 6; *(uint32_t*)0x20000410 = 3; *(uint16_t*)0x20000414 = 8; *(uint16_t*)0x20000416 = 5; *(uint32_t*)0x20000418 = 8; *(uint16_t*)0x2000041c = 0xc; *(uint16_t*)0x2000041e = 3; *(uint16_t*)0x20000420 = 8; *(uint16_t*)0x20000422 = 1; *(uint32_t*)0x20000424 = 0; *(uint64_t*)0x20000448 = 0x68; *(uint64_t*)0x20000498 = 1; *(uint64_t*)0x200004a0 = 0; *(uint64_t*)0x200004a8 = 0; *(uint32_t*)0x200004b0 = 0x20000050; syscall(__NR_sendmsg, r[114], 0x20000480, 0x800); memcpy((void*)0x200004c0, "/dev/cuse", 10); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200004c0, 2, 0); if (res != -1) r[116] = res; *(uint32_t*)0x20000500 = 0; *(uint32_t*)0x20000504 = 2; *(uint32_t*)0x20000540 = 8; res = syscall(__NR_getsockopt, r[114], 0x84, 0x66, 0x20000500, 0x20000540); if (res != -1) r[117] = *(uint32_t*)0x20000500; *(uint32_t*)0x20000580 = r[117]; *(uint32_t*)0x20000584 = 0x7337; syscall(__NR_setsockopt, r[112], 0x84, 0x7b, 0x20000580, 8); *(uint64_t*)0x20000980 = 0x200005c0; *(uint16_t*)0x200005c0 = 0x10; *(uint16_t*)0x200005c2 = 0; *(uint32_t*)0x200005c4 = 0; *(uint32_t*)0x200005c8 = 1; *(uint32_t*)0x20000988 = 0xc; *(uint64_t*)0x20000990 = 0x20000940; *(uint64_t*)0x20000940 = 0x20000600; *(uint32_t*)0x20000600 = 0x310; *(uint16_t*)0x20000604 = 0x31; *(uint16_t*)0x20000606 = 2; *(uint32_t*)0x20000608 = 0x70bd2b; *(uint32_t*)0x2000060c = 0x25dfdbfe; *(uint8_t*)0x20000610 = 0; *(uint8_t*)0x20000611 = 9; *(uint16_t*)0x20000612 = 1; *(uint16_t*)0x20000614 = 0x74; *(uint16_t*)0x20000616 = 1; *(uint16_t*)0x20000618 = 0x18; *(uint32_t*)0x2000061a = 0x16; *(uint16_t*)0x2000061e = 0x10; *(uint16_t*)0x20000620 = 1; memcpy((void*)0x20000622, "connmark", 9); *(uint16_t*)0x20000630 = 0x10; *(uint32_t*)0x20000632 = 9; *(uint16_t*)0x20000636 = 8; *(uint16_t*)0x20000638 = 1; memcpy((void*)0x2000063a, "nat", 4); *(uint16_t*)0x20000640 = 0x14; *(uint32_t*)0x20000642 = 0x14; *(uint16_t*)0x20000646 = 0xc; *(uint16_t*)0x20000648 = 1; memcpy((void*)0x2000064a, "skbmod", 7); *(uint16_t*)0x20000654 = 0x10; *(uint32_t*)0x20000656 = 0x20; *(uint16_t*)0x2000065a = 8; *(uint16_t*)0x2000065c = 1; memcpy((void*)0x2000065e, "xt", 3); *(uint16_t*)0x20000664 = 0x14; *(uint32_t*)0x20000666 = 0x1c; *(uint16_t*)0x2000066a = 0xc; *(uint16_t*)0x2000066c = 1; memcpy((void*)0x2000066e, "pedit", 6); *(uint16_t*)0x20000678 = 0x10; *(uint32_t*)0x2000067a = 5; *(uint16_t*)0x2000067e = 8; *(uint16_t*)0x20000680 = 3; *(uint32_t*)0x20000682 = 0xfffffff8; *(uint16_t*)0x20000688 = 0x5c; *(uint16_t*)0x2000068a = 1; *(uint16_t*)0x2000068c = 0x14; *(uint32_t*)0x2000068e = 0xf; *(uint16_t*)0x20000692 = 0xc; *(uint16_t*)0x20000694 = 1; memcpy((void*)0x20000696, "pedit", 6); *(uint16_t*)0x200006a0 = 0x10; *(uint32_t*)0x200006a2 = 9; *(uint16_t*)0x200006a6 = 8; *(uint16_t*)0x200006a8 = 3; *(uint32_t*)0x200006aa = 0x7fff; *(uint16_t*)0x200006b0 = 0x14; *(uint32_t*)0x200006b2 = 0xf; *(uint16_t*)0x200006b6 = 0xc; *(uint16_t*)0x200006b8 = 1; memcpy((void*)0x200006ba, "pedit", 6); *(uint16_t*)0x200006c4 = 0x10; *(uint32_t*)0x200006c6 = 0x1f; *(uint16_t*)0x200006ca = 8; *(uint16_t*)0x200006cc = 3; *(uint32_t*)0x200006ce = 3; *(uint16_t*)0x200006d4 = 0x10; *(uint32_t*)0x200006d6 = 0x20; *(uint16_t*)0x200006da = 8; *(uint16_t*)0x200006dc = 3; *(uint32_t*)0x200006de = 6; *(uint16_t*)0x200006e4 = 0x14; *(uint16_t*)0x200006e6 = 1; *(uint16_t*)0x200006e8 = 0x10; *(uint32_t*)0x200006ea = 0x16; *(uint16_t*)0x200006ee = 8; *(uint16_t*)0x200006f0 = 3; *(uint32_t*)0x200006f2 = 7; *(uint16_t*)0x200006f8 = 0x58; *(uint16_t*)0x200006fa = 1; *(uint16_t*)0x200006fc = 0x10; *(uint32_t*)0x200006fe = 0x1e; *(uint16_t*)0x20000702 = 8; *(uint16_t*)0x20000704 = 3; *(uint32_t*)0x20000706 = 0xfffffff9; *(uint16_t*)0x2000070c = 0x10; *(uint32_t*)0x2000070e = 0x12; *(uint16_t*)0x20000712 = 8; *(uint16_t*)0x20000714 = 3; *(uint32_t*)0x20000716 = 0; *(uint16_t*)0x2000071c = 0x10; *(uint32_t*)0x2000071e = 0xc; *(uint16_t*)0x20000722 = 8; *(uint16_t*)0x20000724 = 3; *(uint32_t*)0x20000726 = 0x1ff; *(uint16_t*)0x2000072c = 0x14; *(uint32_t*)0x2000072e = 7; *(uint16_t*)0x20000732 = 0xc; *(uint16_t*)0x20000734 = 1; memcpy((void*)0x20000736, "skbedit", 8); *(uint16_t*)0x20000740 = 0x10; *(uint32_t*)0x20000742 = 0x19; *(uint16_t*)0x20000746 = 8; *(uint16_t*)0x20000748 = 3; *(uint32_t*)0x2000074a = 9; *(uint16_t*)0x20000750 = 0x58; *(uint16_t*)0x20000752 = 1; *(uint16_t*)0x20000754 = 0x10; *(uint32_t*)0x20000756 = 0x1f; *(uint16_t*)0x2000075a = 8; *(uint16_t*)0x2000075c = 3; *(uint32_t*)0x2000075e = 8; *(uint16_t*)0x20000764 = 0x14; *(uint32_t*)0x20000766 = 4; *(uint16_t*)0x2000076a = 0xc; *(uint16_t*)0x2000076c = 1; memcpy((void*)0x2000076e, "skbedit", 8); *(uint16_t*)0x20000778 = 0x10; *(uint32_t*)0x2000077a = 0x15; *(uint16_t*)0x2000077e = 8; *(uint16_t*)0x20000780 = 3; *(uint32_t*)0x20000782 = 1; *(uint16_t*)0x20000788 = 0x10; *(uint32_t*)0x2000078a = 0x1f; *(uint16_t*)0x2000078e = 8; *(uint16_t*)0x20000790 = 1; memcpy((void*)0x20000792, "ipt", 4); *(uint16_t*)0x20000798 = 0x10; *(uint32_t*)0x2000079a = 0x1d; *(uint16_t*)0x2000079e = 8; *(uint16_t*)0x200007a0 = 1; memcpy((void*)0x200007a2, "nat", 4); *(uint16_t*)0x200007a8 = 0x28; *(uint16_t*)0x200007aa = 1; *(uint16_t*)0x200007ac = 0x10; *(uint32_t*)0x200007ae = 7; *(uint16_t*)0x200007b2 = 8; *(uint16_t*)0x200007b4 = 3; *(uint32_t*)0x200007b6 = 1; *(uint16_t*)0x200007bc = 0x14; *(uint32_t*)0x200007be = 0x17; *(uint16_t*)0x200007c2 = 0xc; *(uint16_t*)0x200007c4 = 1; memcpy((void*)0x200007c6, "police", 7); *(uint16_t*)0x200007d0 = 0x48; *(uint16_t*)0x200007d2 = 1; *(uint16_t*)0x200007d4 = 0x10; *(uint32_t*)0x200007d6 = 0xa; *(uint16_t*)0x200007da = 8; *(uint16_t*)0x200007dc = 1; memcpy((void*)0x200007de, "ife", 4); *(uint16_t*)0x200007e4 = 0x10; *(uint32_t*)0x200007e6 = 6; *(uint16_t*)0x200007ea = 8; *(uint16_t*)0x200007ec = 1; memcpy((void*)0x200007ee, "nat", 4); *(uint16_t*)0x200007f4 = 0x14; *(uint32_t*)0x200007f6 = 2; *(uint16_t*)0x200007fa = 0xc; *(uint16_t*)0x200007fc = 1; memcpy((void*)0x200007fe, "vlan", 5); *(uint16_t*)0x20000808 = 0x10; *(uint32_t*)0x2000080a = 0x17; *(uint16_t*)0x2000080e = 8; *(uint16_t*)0x20000810 = 3; *(uint32_t*)0x20000812 = 7; *(uint16_t*)0x20000818 = 0x38; *(uint16_t*)0x2000081a = 1; *(uint16_t*)0x2000081c = 0x14; *(uint32_t*)0x2000081e = 9; *(uint16_t*)0x20000822 = 0xc; *(uint16_t*)0x20000824 = 1; memcpy((void*)0x20000826, "skbedit", 8); *(uint16_t*)0x20000830 = 0x10; *(uint32_t*)0x20000832 = 0xa; *(uint16_t*)0x20000836 = 8; *(uint16_t*)0x20000838 = 3; *(uint32_t*)0x2000083a = 7; *(uint16_t*)0x20000840 = 0x10; *(uint32_t*)0x20000842 = 4; *(uint16_t*)0x20000846 = 8; *(uint16_t*)0x20000848 = 3; *(uint32_t*)0x2000084a = 0x401; *(uint16_t*)0x20000850 = 0x38; *(uint16_t*)0x20000852 = 1; *(uint16_t*)0x20000854 = 0x10; *(uint32_t*)0x20000856 = 0x19; *(uint16_t*)0x2000085a = 8; *(uint16_t*)0x2000085c = 3; *(uint32_t*)0x2000085e = 1; *(uint16_t*)0x20000864 = 0x10; *(uint32_t*)0x20000866 = 0; *(uint16_t*)0x2000086a = 8; *(uint16_t*)0x2000086c = 3; *(uint32_t*)0x2000086e = 0x80000001; *(uint16_t*)0x20000874 = 0x14; *(uint32_t*)0x20000876 = 0x1c; *(uint16_t*)0x2000087a = 0xc; *(uint16_t*)0x2000087c = 1; memcpy((void*)0x2000087e, "sample", 7); *(uint16_t*)0x20000888 = 0x88; *(uint16_t*)0x2000088a = 1; *(uint16_t*)0x2000088c = 0x18; *(uint32_t*)0x2000088e = 0x1b; *(uint16_t*)0x20000892 = 0x10; *(uint16_t*)0x20000894 = 1; memcpy((void*)0x20000896, "connmark", 9); *(uint16_t*)0x200008a4 = 0x10; *(uint32_t*)0x200008a6 = 0x1d; *(uint16_t*)0x200008aa = 8; *(uint16_t*)0x200008ac = 3; *(uint32_t*)0x200008ae = 0x101; *(uint16_t*)0x200008b4 = 0x18; *(uint32_t*)0x200008b6 = 0x16; *(uint16_t*)0x200008ba = 0x10; *(uint16_t*)0x200008bc = 1; memcpy((void*)0x200008be, "tunnel_key", 11); *(uint16_t*)0x200008cc = 0x10; *(uint32_t*)0x200008ce = 3; *(uint16_t*)0x200008d2 = 8; *(uint16_t*)0x200008d4 = 1; memcpy((void*)0x200008d6, "ipt", 4); *(uint16_t*)0x200008dc = 0x14; *(uint32_t*)0x200008de = 0x1d; *(uint16_t*)0x200008e2 = 0xc; *(uint16_t*)0x200008e4 = 1; memcpy((void*)0x200008e6, "gact", 5); *(uint16_t*)0x200008f0 = 0x10; *(uint32_t*)0x200008f2 = 2; *(uint16_t*)0x200008f6 = 8; *(uint16_t*)0x200008f8 = 3; *(uint32_t*)0x200008fa = 6; *(uint16_t*)0x20000900 = 0x10; *(uint32_t*)0x20000902 = 9; *(uint16_t*)0x20000906 = 8; *(uint16_t*)0x20000908 = 3; *(uint32_t*)0x2000090a = 0xcbc; *(uint64_t*)0x20000948 = 0x310; *(uint64_t*)0x20000998 = 1; *(uint64_t*)0x200009a0 = 0; *(uint64_t*)0x200009a8 = 0; *(uint32_t*)0x200009b0 = 0x10; syscall(__NR_sendmsg, r[112], 0x20000980, 0x800); *(uint64_t*)0x200009c0 = 7; syscall(__NR_fcntl, r[116], 0x40c, 0x200009c0); *(uint16_t*)0x20000a00 = 0x81; *(uint64_t*)0x20000a40 = 2; syscall(__NR_getsockopt, r[114], 0x112, 0xc, 0x20000a00, 0x20000a40); *(uint32_t*)0x20000a80 = -1; syscall(__NR_setsockopt, r[114], 0x112, 0xa, 0x20000a80, 4); *(uint32_t*)0x20000bc0 = 0xe8; res = syscall(__NR_getsockopt, r[112], 0, 0x11, 0x20000ac0, 0x20000bc0); if (res != -1) r[118] = *(uint32_t*)0x20000af4; syscall(__NR_ioprio_set, 3, r[118], 8); *(uint32_t*)0x20000c00 = r[117]; *(uint32_t*)0x20000c04 = 0xfffffff7; *(uint32_t*)0x20000c08 = 4; *(uint32_t*)0x20000c0c = 3; syscall(__NR_setsockopt, r[112], 0x84, 0, 0x20000c00, 0x10); *(uint32_t*)0x20000c40 = 0xa; *(uint16_t*)0x20000c44 = 4; *(uint16_t*)0x20000c46 = 0xfa00; *(uint32_t*)0x20000c48 = r[113]; syscall(__NR_write, r[114], 0x20000c40, 0xc); memcpy((void*)0x20000c80, "/dev/adsp#", 11); res = syz_open_dev(0x20000c80, 0x800, 0x101); if (res != -1) r[119] = res; memcpy((void*)0x20000cc0, "osx.", 4); memcpy((void*)0x20000cc4, "", 1); memcpy((void*)0x20000d00, "sample", 7); syscall(__NR_fsetxattr, r[116], 0x20000cc0, 0x20000d00, 7, 3); *(uint64_t*)0x20001400 = 0; *(uint32_t*)0x20001408 = 0; *(uint64_t*)0x20001410 = 0x20000f40; *(uint64_t*)0x20000f40 = 0x20000d40; *(uint64_t*)0x20000f48 = 0xd7; *(uint64_t*)0x20000f50 = 0x20000e40; *(uint64_t*)0x20000f58 = 0xcd; *(uint64_t*)0x20001418 = 2; *(uint64_t*)0x20001420 = 0x20001300; *(uint64_t*)0x20001300 = 0x30; *(uint32_t*)0x20001308 = 0x114; *(uint32_t*)0x2000130c = 3; *(uint64_t*)0x20001310 = 0x20000f80; *(uint64_t*)0x20001318 = 0x40; *(uint64_t*)0x20001320 = 0x20000fc0; *(uint64_t*)0x20001328 = 8; *(uint64_t*)0x20001330 = 0x30; *(uint32_t*)0x20001338 = 0x114; *(uint32_t*)0x2000133c = 3; *(uint64_t*)0x20001340 = 0x20001000; *(uint64_t*)0x20001348 = 0x18; *(uint64_t*)0x20001350 = 0x20001040; *(uint64_t*)0x20001358 = 0x14; *(uint64_t*)0x20001360 = 0x58; *(uint32_t*)0x20001368 = 0x114; *(uint32_t*)0x2000136c = 8; *(uint32_t*)0x20001370 = 7; *(uint32_t*)0x20001374 = 0; *(uint64_t*)0x20001378 = 0x20001080; *(uint64_t*)0x20001080 = 4; *(uint64_t*)0x20001380 = 0x200010c0; *(uint64_t*)0x200010c0 = 4; *(uint64_t*)0x20001388 = 0x7ff; *(uint64_t*)0x20001390 = 0x200; *(uint64_t*)0x20001398 = 0xb9; *(uint64_t*)0x200013a0 = 0x40; *(uint64_t*)0x200013a8 = 0; *(uint64_t*)0x200013b0 = 0x200; *(uint64_t*)0x200013b8 = 0x48; *(uint32_t*)0x200013c0 = 0x114; *(uint32_t*)0x200013c4 = 1; *(uint32_t*)0x200013c8 = 0x6d; *(uint32_t*)0x200013cc = 0x3ff; *(uint64_t*)0x200013d0 = 0x20001100; *(uint64_t*)0x200013d8 = 0xff; *(uint64_t*)0x200013e0 = 0x200012c0; *(uint64_t*)0x200012c0 = 0x20001200; *(uint64_t*)0x200012c8 = 0x38; *(uint64_t*)0x200012d0 = 0x20001240; *(uint64_t*)0x200012d8 = 0x56; *(uint64_t*)0x200013e8 = 2; *(uint64_t*)0x200013f0 = 8; *(uint64_t*)0x200013f8 = 0x6f; *(uint64_t*)0x20001428 = 0x100; *(uint32_t*)0x20001430 = 0x8000; syscall(__NR_sendmsg, r[114], 0x20001400, 0x8d0); res = syscall(__NR_getgid); if (res != -1) r[120] = res; memcpy((void*)0x20001440, "/dev/loop0", 11); memcpy((void*)0x20001480, "./file0", 8); memcpy((void*)0x200014c0, "fuseblk", 8); memcpy((void*)0x20001500, "fd", 2); *(uint8_t*)0x20001502 = 0x3d; sprintf((char*)0x20001503, "0x%016llx", (long long)r[119]); *(uint8_t*)0x20001515 = 0x2c; memcpy((void*)0x20001516, "rootmode", 8); *(uint8_t*)0x2000151e = 0x3d; sprintf((char*)0x2000151f, "%023llo", (long long)0x9000); *(uint8_t*)0x20001536 = 0x2c; memcpy((void*)0x20001537, "user_id", 7); *(uint8_t*)0x2000153e = 0x3d; sprintf((char*)0x2000153f, "%020llu", (long long)r[118]); *(uint8_t*)0x20001553 = 0x2c; memcpy((void*)0x20001554, "group_id", 8); *(uint8_t*)0x2000155c = 0x3d; sprintf((char*)0x2000155d, "%020llu", (long long)r[120]); *(uint8_t*)0x20001571 = 0x2c; memcpy((void*)0x20001572, "default_permissions", 19); *(uint8_t*)0x20001585 = 0x2c; memcpy((void*)0x20001586, "default_permissions", 19); *(uint8_t*)0x20001599 = 0x2c; memcpy((void*)0x2000159a, "max_read", 8); *(uint8_t*)0x200015a2 = 0x3d; sprintf((char*)0x200015a3, "0x%016llx", (long long)5); *(uint8_t*)0x200015b5 = 0x2c; memcpy((void*)0x200015b6, "default_permissions", 19); *(uint8_t*)0x200015c9 = 0x2c; memcpy((void*)0x200015ca, "default_permissions", 19); *(uint8_t*)0x200015dd = 0x2c; memcpy((void*)0x200015de, "max_read", 8); *(uint8_t*)0x200015e6 = 0x3d; sprintf((char*)0x200015e7, "0x%016llx", (long long)0x8e); *(uint8_t*)0x200015f9 = 0x2c; memcpy((void*)0x200015fa, "allow_other", 11); *(uint8_t*)0x20001605 = 0x2c; memcpy((void*)0x20001606, "default_permissions", 19); *(uint8_t*)0x20001619 = 0x2c; *(uint8_t*)0x2000161a = 0; syscall(__NR_mount, 0x20001440, 0x20001480, 0x200014c0, 0x10000, 0x20001500); *(uint16_t*)0x20001640 = 0x10; *(uint16_t*)0x20001642 = 0; *(uint32_t*)0x20001644 = 0x25dfdbfc; *(uint32_t*)0x20001648 = 0x8000020; syscall(__NR_connect, r[112], 0x20001640, 0xc); *(uint32_t*)0x20001680 = 0xb; memcpy((void*)0x20001684, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 128); memcpy((void*)0x20001704, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64); memcpy((void*)0x20001744, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64); *(uint16_t*)0x20001784 = 0; *(uint16_t*)0x20001786 = 1; *(uint32_t*)0x20001788 = 0xffffff01; *(uint32_t*)0x2000178c = 0x659c; *(uint32_t*)0x20001790 = 0x200; *(uint32_t*)0x20001794 = 8; syscall(__NR_write, r[119], 0x20001680, 0x118); *(uint16_t*)0x200018c0 = 6; *(uint64_t*)0x20001900 = 2; syscall(__NR_getsockopt, r[112], 0x112, 0xb, 0x200018c0, 0x20001900); *(uint32_t*)0x20001980 = 4; syscall(__NR_getsockopt, r[119], 0x84, 0x1c, 0x20001940, 0x20001980); memcpy((void*)0x20000000, "/dev/input/mice", 16); res = syz_open_dev(0x20000000, 0, 0x100); if (res != -1) r[121] = res; *(uint64_t*)0x20000080 = 5; *(uint16_t*)0x20000088 = 2; *(uint16_t*)0x2000008a = htobe16(0x4e20); *(uint32_t*)0x2000008c = htobe32(0x7f000001); *(uint8_t*)0x20000090 = 0; *(uint8_t*)0x20000091 = 0; *(uint8_t*)0x20000092 = 0; *(uint8_t*)0x20000093 = 0; *(uint8_t*)0x20000094 = 0; *(uint8_t*)0x20000095 = 0; *(uint8_t*)0x20000096 = 0; *(uint8_t*)0x20000097 = 0; *(uint16_t*)0x20000098 = 2; *(uint16_t*)0x2000009a = htobe16(0x4e23); *(uint32_t*)0x2000009c = htobe32(0x7f000001); *(uint8_t*)0x200000a0 = 0; *(uint8_t*)0x200000a1 = 0; *(uint8_t*)0x200000a2 = 0; *(uint8_t*)0x200000a3 = 0; *(uint8_t*)0x200000a4 = 0; *(uint8_t*)0x200000a5 = 0; *(uint8_t*)0x200000a6 = 0; *(uint8_t*)0x200000a7 = 0; *(uint16_t*)0x200000a8 = 2; *(uint16_t*)0x200000aa = htobe16(0x4e23); *(uint32_t*)0x200000ac = htobe32(0x7f000001); *(uint8_t*)0x200000b0 = 0; *(uint8_t*)0x200000b1 = 0; *(uint8_t*)0x200000b2 = 0; *(uint8_t*)0x200000b3 = 0; *(uint8_t*)0x200000b4 = 0; *(uint8_t*)0x200000b5 = 0; *(uint8_t*)0x200000b6 = 0; *(uint8_t*)0x200000b7 = 0; *(uint16_t*)0x200000b8 = 0x208; *(uint16_t*)0x200000ba = 0; *(uint64_t*)0x200000c0 = 0; *(uint64_t*)0x200000c8 = 0x16; *(uint16_t*)0x200000d0 = 0x100; *(uint64_t*)0x200000d8 = 0x20000040; memcpy((void*)0x20000040, "\x6e\x72\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint64_t*)0x200000e0 = 0x3f; *(uint64_t*)0x200000e8 = 5; *(uint16_t*)0x200000f0 = 0; syscall(__NR_ioctl, r[121], 0x890c, 0x20000080); *(uint64_t*)0x20001340 = 0x20000100; *(uint64_t*)0x20001348 = 0x4c; *(uint64_t*)0x20001350 = 0x20000180; *(uint64_t*)0x20001358 = 0x6d; *(uint64_t*)0x20001360 = 0x20000200; *(uint64_t*)0x20001368 = 0x88; *(uint64_t*)0x20001370 = 0x200002c0; *(uint64_t*)0x20001378 = 0x79; *(uint64_t*)0x20001380 = 0x20000340; *(uint64_t*)0x20001388 = 0x1000; syscall(__NR_preadv, r[121], 0x20001340, 5, 0); syscall(__NR_mincore, 0x20ff9000, 0x4000, 0x200013c0); memcpy((void*)0x200014c0, "nr0", 4); res = syscall(__NR_memfd_create, 0x200014c0, 2); if (res != -1) r[122] = res; *(uint32_t*)0x20001580 = 0x80; syscall(__NR_getpeername, r[121], 0x20001500, 0x20001580); memcpy((void*)0x200015c0, "./file0", 8); syscall(__NR_mknodat, r[122], 0x200015c0, 0x8000, 0x6e64); res = syscall(__NR_ioctl, r[121], 0x5429, 0x20001600); if (res != -1) r[123] = *(uint32_t*)0x20001600; syscall(__NR_ptrace, 0xf, r[123], 9, 0x20001640); *(uint32_t*)0x20001780 = 4; syscall(__NR_getsockopt, r[121], 0x84, 0x12, 0x20001740, 0x20001780); syscall(__NR_ioctl, r[122], 0x5419, 0x200017c0); *(uint32_t*)0x20001840 = 4; syscall(__NR_getsockopt, r[121], 0x84, 0x1c, 0x20001800, 0x20001840); *(uint64_t*)0x20001880 = 0; *(uint64_t*)0x20001888 = 0; syscall(__NR_setsockopt, r[121], 1, 0x14, 0x20001880, 0x10); syscall(__NR_ptrace, 0x4200, r[123], 0x20, 0x13); syscall(__NR_ioctl, r[121], 0x541d); syscall(__NR_ioctl, r[122], 0x40049409, r[122]); syscall(__NR_ioprio_get, 1, r[123]); *(uint32_t*)0x200018c0 = 1; *(uint32_t*)0x200018c4 = 6; *(uint32_t*)0x200018c8 = 0; *(uint32_t*)0x200018cc = 7; *(uint32_t*)0x200018d0 = 0xfff; *(uint32_t*)0x200018d4 = 2; *(uint8_t*)0x200018d8 = 0; *(uint8_t*)0x200018d9 = 0; *(uint8_t*)0x200018da = 0; *(uint8_t*)0x200018db = 0; *(uint8_t*)0x200018dc = 0; *(uint8_t*)0x200018dd = 0; *(uint8_t*)0x200018de = 0; *(uint8_t*)0x200018df = 0; *(uint8_t*)0x200018e0 = 0; *(uint8_t*)0x200018e1 = 0; *(uint8_t*)0x200018e2 = 0; *(uint8_t*)0x200018e3 = 0; *(uint8_t*)0x200018e4 = 0; *(uint8_t*)0x200018e5 = 0; *(uint8_t*)0x200018e6 = 0; *(uint8_t*)0x200018e7 = 0; *(uint8_t*)0x200018e8 = 0; *(uint8_t*)0x200018e9 = 0; *(uint8_t*)0x200018ea = 0; *(uint8_t*)0x200018eb = 0; *(uint8_t*)0x200018ec = 0; *(uint8_t*)0x200018ed = 0; *(uint8_t*)0x200018ee = 0; *(uint8_t*)0x200018ef = 0; syscall(__NR_ioctl, r[122], 0xc0305302, 0x200018c0); *(uint32_t*)0x20001900 = 1; syscall(__NR_setsockopt, r[121], 0x114, 6, 0x20001900, 4); syscall(__NR_read, r[121], 0x20001940, 0x1000); *(uint64_t*)0x20002980 = 0x20002940; *(uint64_t*)0x20002988 = 0x12000; *(uint32_t*)0x20002990 = 0; *(uint32_t*)0x20002994 = 4; syscall(__NR_setsockopt, r[122], 0x11b, 4, 0x20002980, 0x18); res = syscall(__NR_shmget, 0, 0x2000, 0x78000000, 0x20ffe000); if (res != -1) r[124] = res; syscall(__NR_shmctl, r[124], 0xd, 0x200029c0); memcpy((void*)0x200039c0, "\x74\x65\x61\x6d\x5f\x73\x6c\x61\x76\x65\x5f\x30\x00\x00\x00\x00", 16); *(uint8_t*)0x200039d0 = -1; *(uint8_t*)0x200039d1 = -1; *(uint8_t*)0x200039d2 = -1; *(uint8_t*)0x200039d3 = -1; *(uint8_t*)0x200039d4 = -1; *(uint8_t*)0x200039d5 = -1; syscall(__NR_ioctl, r[122], 0x8924, 0x200039c0); syscall(__NR_ptrace, 0x4200, r[123], 0x8001, 0x30); memcpy((void*)0x20003a00, "/dev/md0", 9); syscall(__NR_openat, 0xffffffffffffff9c, 0x20003a00, 0x181000, 0); *(uint32_t*)0x20003a40 = 8; *(uint32_t*)0x20003a44 = 0xa1; *(uint32_t*)0x20003a48 = 3; *(uint32_t*)0x20003a4c = 8; syscall(__NR_setsockopt, r[121], 0x107, 0xd, 0x20003a40, 0x10); syscall(__NR_fcntl, r[121], 0x402, 0xb); *(uint32_t*)0x20003ac0 = 0x14; syscall(__NR_getsockopt, r[121], 0x29, 0x15, 0x20003a80, 0x20003ac0); *(uint32_t*)0x20003b00 = 0; *(uint32_t*)0x20003b04 = r[121]; *(uint32_t*)0x20003b08 = 0; *(uint32_t*)0x20003b0c = 2; *(uint32_t*)0x20003b10 = 0; syscall(__NR_bpf, 9, 0x20003b00, 0x14); memcpy((void*)0x20000000, "/dev/admmidi#", 14); res = syz_open_dev(0x20000000, 9, 0x4400); if (res != -1) r[125] = res; *(uint32_t*)0x20000140 = 0xe8; res = syscall(__NR_getsockopt, r[125], 0x29, 0x22, 0x20000040, 0x20000140); if (res != -1) { r[126] = *(uint32_t*)0x20000070; r[127] = *(uint32_t*)0x20000074; } memcpy((void*)0x20000180, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80); *(uint16_t*)0x200001d0 = 8; *(uint16_t*)0x200001d2 = 8; *(uint16_t*)0x200001d4 = 0xf455; *(uint16_t*)0x200001d6 = 9; *(uint32_t*)0x200001d8 = 0x13; *(uint32_t*)0x200001dc = 9; *(uint32_t*)0x200001e0 = 0x80000000; *(uint32_t*)0x200001e4 = 0x7fd; *(uint32_t*)0x200001e8 = 6; *(uint32_t*)0x200001ec = 2; *(uint32_t*)0x200001f0 = 1; *(uint32_t*)0x200001f4 = 9; *(uint32_t*)0x200001f8 = 0; *(uint32_t*)0x200001fc = 6; *(uint32_t*)0x20000200 = 8; *(uint32_t*)0x20000204 = 6; *(uint32_t*)0x20000208 = 7; *(uint32_t*)0x2000020c = 6; *(uint32_t*)0x20000210 = 2; *(uint32_t*)0x20000214 = 0; *(uint32_t*)0x20000218 = 5; *(uint32_t*)0x2000021c = 0x3ff; *(uint32_t*)0x20000220 = 1; *(uint32_t*)0x20000224 = 6; *(uint32_t*)0x20000228 = 7; *(uint32_t*)0x2000022c = 0; *(uint32_t*)0x20000230 = 0; *(uint32_t*)0x20000234 = 6; *(uint32_t*)0x20000238 = 0; *(uint32_t*)0x2000023c = 0xfffffffa; *(uint32_t*)0x20000240 = 0; *(uint32_t*)0x20000244 = 0; *(uint32_t*)0x20000248 = 7; *(uint32_t*)0x2000024c = 0x3ff; *(uint32_t*)0x20000250 = 0x7f; *(uint32_t*)0x20000254 = 0xfffffffb; *(uint32_t*)0x20000258 = 7; *(uint32_t*)0x2000025c = 8; *(uint32_t*)0x20000260 = 0xffff; *(uint32_t*)0x20000264 = 0xc1; *(uint32_t*)0x20000268 = 0xfa8; *(uint32_t*)0x2000026c = 6; *(uint32_t*)0x20000270 = 8; *(uint32_t*)0x20000274 = 1; *(uint32_t*)0x20000278 = 0; *(uint32_t*)0x2000027c = 8; *(uint32_t*)0x20000280 = 0x80000001; *(uint32_t*)0x20000284 = 0xf79; *(uint32_t*)0x20000288 = 0xfffff801; *(uint32_t*)0x2000028c = 1; *(uint32_t*)0x20000290 = 0; *(uint32_t*)0x20000294 = 4; *(uint32_t*)0x20000298 = 0xfffff001; *(uint32_t*)0x2000029c = 0x3f; *(uint32_t*)0x200002a0 = 1; *(uint32_t*)0x200002a4 = 2; *(uint32_t*)0x200002a8 = 0x58ad; *(uint32_t*)0x200002ac = 0xac2f; *(uint32_t*)0x200002b0 = 4; *(uint32_t*)0x200002b4 = 4; *(uint32_t*)0x200002b8 = 0x81; *(uint32_t*)0x200002bc = 6; *(uint32_t*)0x200002c0 = 0xfffff7d0; *(uint32_t*)0x200002c4 = 0xc301; *(uint32_t*)0x200002c8 = 0x10000; *(uint32_t*)0x200002cc = 0xfffffff9; *(uint32_t*)0x200002d0 = 0xff; *(uint32_t*)0x200002d4 = 6; *(uint32_t*)0x200002d8 = 1; *(uint32_t*)0x200002dc = 0xc63a; *(uint32_t*)0x200002e0 = 0x8314; *(uint32_t*)0x200002e4 = 0xc5; *(uint32_t*)0x200002e8 = 0x40; *(uint32_t*)0x200002ec = 7; *(uint32_t*)0x200002f0 = 2; *(uint32_t*)0x200002f4 = 7; *(uint32_t*)0x200002f8 = 4; *(uint32_t*)0x200002fc = 3; *(uint32_t*)0x20000300 = 1; *(uint32_t*)0x20000304 = 0x20; *(uint32_t*)0x20000308 = 0; *(uint32_t*)0x2000030c = 0x100; *(uint32_t*)0x20000310 = 1; *(uint32_t*)0x20000314 = 2; *(uint32_t*)0x20000318 = 0x100; *(uint32_t*)0x2000031c = 4; *(uint32_t*)0x20000320 = 0; *(uint32_t*)0x20000324 = 4; *(uint32_t*)0x20000328 = 0x80000000; *(uint32_t*)0x2000032c = 0x43; *(uint32_t*)0x20000330 = 0x300000; *(uint32_t*)0x20000334 = 9; *(uint32_t*)0x20000338 = 0; *(uint32_t*)0x2000033c = 7; *(uint32_t*)0x20000340 = 2; *(uint32_t*)0x20000344 = 8; *(uint32_t*)0x20000348 = 3; *(uint32_t*)0x2000034c = 0x66; *(uint32_t*)0x20000350 = 8; *(uint32_t*)0x20000354 = 7; *(uint32_t*)0x20000358 = 1; *(uint32_t*)0x2000035c = 6; *(uint32_t*)0x20000360 = 7; *(uint32_t*)0x20000364 = 0x81; *(uint32_t*)0x20000368 = 0xf1; *(uint32_t*)0x2000036c = 0xff; *(uint32_t*)0x20000370 = 0x2dd3fe13; *(uint32_t*)0x20000374 = 2; *(uint32_t*)0x20000378 = 6; *(uint32_t*)0x2000037c = 0x800; *(uint32_t*)0x20000380 = 1; *(uint32_t*)0x20000384 = -1; *(uint32_t*)0x20000388 = -1; *(uint32_t*)0x2000038c = 0; *(uint32_t*)0x20000390 = 9; *(uint32_t*)0x20000394 = 0x88; *(uint32_t*)0x20000398 = 3; *(uint32_t*)0x2000039c = 0; *(uint32_t*)0x200003a0 = 7; *(uint32_t*)0x200003a4 = 0xc32; *(uint32_t*)0x200003a8 = 2; *(uint32_t*)0x200003ac = 9; *(uint32_t*)0x200003b0 = 1; *(uint32_t*)0x200003b4 = 8; *(uint32_t*)0x200003b8 = 7; *(uint32_t*)0x200003bc = 0xff; *(uint32_t*)0x200003c0 = 5; *(uint32_t*)0x200003c4 = 3; *(uint32_t*)0x200003c8 = 0xfffffff9; *(uint32_t*)0x200003cc = 3; *(uint32_t*)0x200003d0 = 6; *(uint32_t*)0x200003d4 = 0xff; *(uint32_t*)0x200003d8 = 0; *(uint32_t*)0x200003dc = 3; *(uint32_t*)0x200003e0 = 5; *(uint32_t*)0x200003e4 = 3; *(uint32_t*)0x200003e8 = 7; *(uint32_t*)0x200003ec = 8; *(uint32_t*)0x200003f0 = 0x80000000; *(uint32_t*)0x200003f4 = 0x9a; *(uint32_t*)0x200003f8 = 9; *(uint32_t*)0x200003fc = 9; *(uint32_t*)0x20000400 = 0x200; *(uint32_t*)0x20000404 = 0x55; *(uint32_t*)0x20000408 = 2; *(uint32_t*)0x2000040c = 8; *(uint32_t*)0x20000410 = 0; *(uint32_t*)0x20000414 = 0x13; *(uint32_t*)0x20000418 = 3; *(uint32_t*)0x2000041c = 0x400; *(uint32_t*)0x20000420 = 6; *(uint32_t*)0x20000424 = 6; *(uint32_t*)0x20000428 = 3; *(uint32_t*)0x2000042c = 0; *(uint32_t*)0x20000430 = 0x48; *(uint32_t*)0x20000434 = 0x7fff; *(uint32_t*)0x20000438 = 0x4ba13f53; *(uint32_t*)0x2000043c = 8; *(uint32_t*)0x20000440 = 0; *(uint32_t*)0x20000444 = 0x401; *(uint32_t*)0x20000448 = 2; *(uint32_t*)0x2000044c = 3; *(uint32_t*)0x20000450 = 0; *(uint32_t*)0x20000454 = 0xd8; *(uint32_t*)0x20000458 = 0x40; *(uint32_t*)0x2000045c = 0x7ff; *(uint32_t*)0x20000460 = 0x200; *(uint32_t*)0x20000464 = 1; *(uint32_t*)0x20000468 = 3; *(uint32_t*)0x2000046c = 0; *(uint32_t*)0x20000470 = 0; *(uint32_t*)0x20000474 = 7; *(uint32_t*)0x20000478 = 0; *(uint32_t*)0x2000047c = 1; *(uint32_t*)0x20000480 = 0x5f10; *(uint32_t*)0x20000484 = 0x791; *(uint32_t*)0x20000488 = 0xfffffff7; *(uint32_t*)0x2000048c = 6; *(uint32_t*)0x20000490 = 0xfffffff9; *(uint32_t*)0x20000494 = 0x3a4a5750; *(uint32_t*)0x20000498 = 0; *(uint32_t*)0x2000049c = 8; *(uint32_t*)0x200004a0 = 1; *(uint32_t*)0x200004a4 = 0x1f3111cd; *(uint32_t*)0x200004a8 = 0xca3; *(uint32_t*)0x200004ac = 0x15; *(uint32_t*)0x200004b0 = 0x4ef; *(uint32_t*)0x200004b4 = 5; *(uint32_t*)0x200004b8 = 6; *(uint32_t*)0x200004bc = 0x101; *(uint32_t*)0x200004c0 = 7; *(uint32_t*)0x200004c4 = 3; *(uint32_t*)0x200004c8 = 0xabdc; *(uint32_t*)0x200004cc = 4; *(uint32_t*)0x200004d0 = 4; *(uint32_t*)0x200004d4 = 3; *(uint32_t*)0x200004d8 = 0x8bc; *(uint32_t*)0x200004dc = 0x80; *(uint32_t*)0x200004e0 = 0; *(uint32_t*)0x200004e4 = 0x3ff; *(uint32_t*)0x200004e8 = 9; *(uint32_t*)0x200004ec = 0xc7; *(uint32_t*)0x200004f0 = 0x59; *(uint32_t*)0x200004f4 = 5; *(uint32_t*)0x200004f8 = 5; *(uint32_t*)0x200004fc = 0x7fffffff; *(uint32_t*)0x20000500 = 5; *(uint32_t*)0x20000504 = 2; *(uint32_t*)0x20000508 = 0xe09; *(uint32_t*)0x2000050c = 0x101; *(uint32_t*)0x20000510 = 0x101; *(uint32_t*)0x20000514 = 0xea50; *(uint32_t*)0x20000518 = 0x4f; *(uint32_t*)0x2000051c = 7; *(uint32_t*)0x20000520 = 2; *(uint32_t*)0x20000524 = 8; *(uint32_t*)0x20000528 = 0x200; *(uint32_t*)0x2000052c = 0; *(uint32_t*)0x20000530 = 4; *(uint32_t*)0x20000534 = 9; *(uint32_t*)0x20000538 = 0x40; *(uint32_t*)0x2000053c = 7; *(uint32_t*)0x20000540 = 0x7257; *(uint32_t*)0x20000544 = 6; *(uint32_t*)0x20000548 = 0x7ff; *(uint32_t*)0x2000054c = 0; *(uint32_t*)0x20000550 = 0xfffffffb; *(uint32_t*)0x20000554 = 0; *(uint32_t*)0x20000558 = 0; *(uint32_t*)0x2000055c = 0x10000; *(uint32_t*)0x20000560 = 0x3ff; *(uint32_t*)0x20000564 = 4; *(uint32_t*)0x20000568 = 1; *(uint32_t*)0x2000056c = 0; *(uint32_t*)0x20000570 = 6; *(uint32_t*)0x20000574 = 0; *(uint32_t*)0x20000578 = 7; *(uint32_t*)0x2000057c = 0x100; *(uint32_t*)0x20000580 = 0x1000; *(uint32_t*)0x20000584 = 0xaea9; *(uint32_t*)0x20000588 = 0x400; *(uint32_t*)0x2000058c = 0x20000; *(uint32_t*)0x20000590 = 9; *(uint32_t*)0x20000594 = 0x963c; *(uint32_t*)0x20000598 = 5; *(uint32_t*)0x2000059c = 7; *(uint32_t*)0x200005a0 = 0x731bddef; *(uint32_t*)0x200005a4 = 2; *(uint32_t*)0x200005a8 = 0x846; *(uint32_t*)0x200005ac = 0xea; *(uint32_t*)0x200005b0 = 0x800; *(uint32_t*)0x200005b4 = 1; *(uint32_t*)0x200005b8 = 5; *(uint32_t*)0x200005bc = 8; *(uint32_t*)0x200005c0 = 0x10000; *(uint32_t*)0x200005c4 = 9; *(uint32_t*)0x200005c8 = 0xfffffffd; *(uint32_t*)0x200005cc = 0xc0; *(uint32_t*)0x200005d0 = 0x31f; *(uint32_t*)0x200005d4 = 0x40; *(uint32_t*)0x200005d8 = 0x72a4; syscall(__NR_write, r[125], 0x20000180, 0x45c); *(uint16_t*)0x20000600 = 0x1d; *(uint32_t*)0x20000604 = 0; *(uint32_t*)0x20000608 = 0; *(uint32_t*)0x2000060c = 0; syscall(__NR_connect, r[125], 0x20000600, 0x10); *(uint32_t*)0x200006c0 = 0x80; res = syscall(__NR_accept4, r[125], 0x20000640, 0x200006c0, 0x80000); if (res != -1) r[128] = res; res = syscall(__NR_clock_gettime, 0, 0x20000740); if (res != -1) { r[129] = *(uint64_t*)0x20000740; r[130] = *(uint64_t*)0x20000748; } *(uint64_t*)0x20000840 = 0x20000700; *(uint16_t*)0x20000700 = 0x1d; *(uint32_t*)0x20000704 = r[126]; *(uint32_t*)0x20000708 = 0; *(uint32_t*)0x2000070c = 0; *(uint32_t*)0x20000848 = 0x10; *(uint64_t*)0x20000850 = 0x20000800; *(uint64_t*)0x20000800 = 0x20000780; *(uint32_t*)0x20000780 = 7; *(uint32_t*)0x20000784 = 0x200; *(uint32_t*)0x20000788 = 0x5c16b1b3; *(uint64_t*)0x20000790 = r[129]; *(uint64_t*)0x20000798 = r[130] / 1000 + 30000; *(uint64_t*)0x200007a0 = 0x77359400; *(uint64_t*)0x200007a8 = 0; STORE_BY_BITMASK(uint32_t, 0x200007b0, 8, 0, 29); STORE_BY_BITMASK(uint32_t, 0x200007b0, 0xfff, 29, 1); STORE_BY_BITMASK(uint32_t, 0x200007b0, 8, 30, 1); STORE_BY_BITMASK(uint32_t, 0x200007b0, 5, 31, 1); *(uint32_t*)0x200007b4 = 1; STORE_BY_BITMASK(uint32_t, 0x200007b8, 3, 0, 29); STORE_BY_BITMASK(uint32_t, 0x200007b8, 0xe62, 29, 1); STORE_BY_BITMASK(uint32_t, 0x200007b8, 3, 30, 1); STORE_BY_BITMASK(uint32_t, 0x200007b8, 9, 31, 1); *(uint8_t*)0x200007bc = 0x34; *(uint8_t*)0x200007bd = 3; *(uint8_t*)0x200007be = 0; *(uint8_t*)0x200007bf = 0; memcpy((void*)0x200007c0, "\xc5\x41\x06\x90\x99\x85\xd7\xe1\x9d\xfd\xa8\x82\x5e\xbe\xb8\xd9\x4e" "\x42\x4c\x9e\x89\x4b\x50\x9f\xfa\xaa\x5a\x14\x52\x07\xdf\x4c\x4b\xd3" "\x30\xef\x07\x25\x75\x2a\x96\x0d\xce\xca\x0d\xc7\xee\x0f\x1a\x66\x84" "\xe7\x04\x49\xf2\x92\x85\x1e\x72\x0f\xee\x16\x89\x87", 64); *(uint64_t*)0x20000808 = 0x80; *(uint64_t*)0x20000858 = 1; *(uint64_t*)0x20000860 = 0; *(uint64_t*)0x20000868 = 0; *(uint32_t*)0x20000870 = 0x4010; syscall(__NR_sendmsg, r[128], 0x20000840, 0x10); *(uint32_t*)0x200008c0 = 0xc; syscall(__NR_getsockopt, r[125], 0, 0x481, 0x20000880, 0x200008c0); memcpy((void*)0x20000900, "/dev/snd/controlC#", 19); syz_open_dev(0x20000900, 0, 0x100); *(uint32_t*)0x20000940 = 0; *(uint16_t*)0x20000944 = 0xa; *(uint16_t*)0x20000946 = htobe16(0x4e23); *(uint32_t*)0x20000948 = 0x80; *(uint8_t*)0x2000094c = -1; *(uint8_t*)0x2000094d = 1; *(uint8_t*)0x2000094e = 0; *(uint8_t*)0x2000094f = 0; *(uint8_t*)0x20000950 = 0; *(uint8_t*)0x20000951 = 0; *(uint8_t*)0x20000952 = 0; *(uint8_t*)0x20000953 = 0; *(uint8_t*)0x20000954 = 0; *(uint8_t*)0x20000955 = 0; *(uint8_t*)0x20000956 = 0; *(uint8_t*)0x20000957 = 0; *(uint8_t*)0x20000958 = 0; *(uint8_t*)0x20000959 = 0; *(uint8_t*)0x2000095a = 0; *(uint8_t*)0x2000095b = 1; *(uint32_t*)0x2000095c = 8; *(uint32_t*)0x200009c4 = 0x400; *(uint32_t*)0x200009c8 = 3; *(uint32_t*)0x200009cc = 6; *(uint32_t*)0x200009d0 = 0x3ff; *(uint32_t*)0x200009d4 = 0xfffffffb; *(uint32_t*)0x20000a00 = 0x98; res = syscall(__NR_getsockopt, r[128], 0x84, 0xf, 0x20000940, 0x20000a00); if (res != -1) r[131] = *(uint32_t*)0x20000940; *(uint16_t*)0x20000a40 = 0xff; *(uint16_t*)0x20000a42 = 0xfff7; *(uint16_t*)0x20000a44 = 0x8000; *(uint32_t*)0x20000a48 = 1; *(uint32_t*)0x20000a4c = 0x81; *(uint32_t*)0x20000a50 = 0; *(uint32_t*)0x20000a54 = 0xc3; *(uint32_t*)0x20000a58 = 7; *(uint32_t*)0x20000a5c = r[131]; syscall(__NR_setsockopt, r[128], 0x84, 0xa, 0x20000a40, 0x20); syscall(__NR_ioctl, r[125], 0x4b60, 0x20000a80); memcpy((void*)0x20000ac0, "\x62\x63\x73\x68\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20000ad0 = 0; *(uint8_t*)0x20000ad1 = 0; *(uint8_t*)0x20000ad2 = 0; *(uint8_t*)0x20000ad3 = 0; *(uint8_t*)0x20000ad4 = 0; *(uint8_t*)0x20000ad5 = 0; syscall(__NR_ioctl, r[128], 0x89f4, 0x20000ac0); syscall(__NR_read, r[125], 0x20000b00, 8); memcpy((void*)0x20000b40, "\x69\x70\x5f\x76\x74\x69\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint16_t*)0x20000b50 = 2; *(uint16_t*)0x20000b52 = htobe16(0x4e23); *(uint32_t*)0x20000b54 = htobe32(0x7ff); *(uint8_t*)0x20000b58 = 0; *(uint8_t*)0x20000b59 = 0; *(uint8_t*)0x20000b5a = 0; *(uint8_t*)0x20000b5b = 0; *(uint8_t*)0x20000b5c = 0; *(uint8_t*)0x20000b5d = 0; *(uint8_t*)0x20000b5e = 0; *(uint8_t*)0x20000b5f = 0; syscall(__NR_ioctl, r[125], 0x891b, 0x20000b40); syscall(__NR_ioctl, r[125], 0x4c03, 0x20000b80); *(uint32_t*)0x20000c40 = r[131]; *(uint16_t*)0x20000c48 = 2; *(uint16_t*)0x20000c4a = htobe16(0x4e24); *(uint32_t*)0x20000c4c = htobe32(0xe998); *(uint8_t*)0x20000c50 = 0; *(uint8_t*)0x20000c51 = 0; *(uint8_t*)0x20000c52 = 0; *(uint8_t*)0x20000c53 = 0; *(uint8_t*)0x20000c54 = 0; *(uint8_t*)0x20000c55 = 0; *(uint8_t*)0x20000c56 = 0; *(uint8_t*)0x20000c57 = 0; *(uint16_t*)0x20000cc8 = 0x26f; *(uint16_t*)0x20000cca = 6; syscall(__NR_setsockopt, r[125], 0x84, 0x1f, 0x20000c40, 0x90); *(uint8_t*)0x20000d00 = 0xfe; *(uint8_t*)0x20000d01 = 0x80; *(uint8_t*)0x20000d02 = 0; *(uint8_t*)0x20000d03 = 0; *(uint8_t*)0x20000d04 = 0; *(uint8_t*)0x20000d05 = 0; *(uint8_t*)0x20000d06 = 0; *(uint8_t*)0x20000d07 = 0; *(uint8_t*)0x20000d08 = 0; *(uint8_t*)0x20000d09 = 0; *(uint8_t*)0x20000d0a = 0; *(uint8_t*)0x20000d0b = 0; *(uint8_t*)0x20000d0c = 0; *(uint8_t*)0x20000d0d = 0; *(uint8_t*)0x20000d0e = 0; *(uint8_t*)0x20000d0f = 0xf; *(uint8_t*)0x20000d10 = 0; *(uint8_t*)0x20000d11 = 0; *(uint8_t*)0x20000d12 = 0; *(uint8_t*)0x20000d13 = 0; *(uint8_t*)0x20000d14 = 0; *(uint8_t*)0x20000d15 = 0; *(uint8_t*)0x20000d16 = 0; *(uint8_t*)0x20000d17 = 0; *(uint8_t*)0x20000d18 = 0; *(uint8_t*)0x20000d19 = 0; *(uint8_t*)0x20000d1a = -1; *(uint8_t*)0x20000d1b = -1; *(uint32_t*)0x20000d1c = htobe32(0xe0000001); *(uint16_t*)0x20000d20 = htobe16(0x4e21); *(uint16_t*)0x20000d22 = htobe16(0x27ff); *(uint16_t*)0x20000d24 = htobe16(0x4e22); *(uint16_t*)0x20000d26 = htobe16(0); *(uint16_t*)0x20000d28 = 0xa; *(uint8_t*)0x20000d2a = 0x20; *(uint8_t*)0x20000d2b = 0xa0; *(uint8_t*)0x20000d2c = 0x32; *(uint32_t*)0x20000d30 = 0; *(uint32_t*)0x20000d34 = r[127]; *(uint64_t*)0x20000d38 = 0x1f; *(uint64_t*)0x20000d40 = 1; *(uint64_t*)0x20000d48 = 5; *(uint64_t*)0x20000d50 = 0xff; *(uint64_t*)0x20000d58 = 0x319; *(uint64_t*)0x20000d60 = 0x80000000; *(uint64_t*)0x20000d68 = 0x80000000; *(uint64_t*)0x20000d70 = 9; *(uint64_t*)0x20000d78 = 0x1b; *(uint64_t*)0x20000d80 = 0x3c7; *(uint64_t*)0x20000d88 = 4; *(uint64_t*)0x20000d90 = 0xffff; *(uint32_t*)0x20000d98 = 3; *(uint32_t*)0x20000d9c = 0x6e6bb5; *(uint8_t*)0x20000da0 = 0; *(uint8_t*)0x20000da1 = 0; *(uint8_t*)0x20000da2 = 2; *(uint8_t*)0x20000da3 = 3; *(uint8_t*)0x20000da8 = 0xfe; *(uint8_t*)0x20000da9 = 0x80; *(uint8_t*)0x20000daa = 0; *(uint8_t*)0x20000dab = 0; *(uint8_t*)0x20000dac = 0; *(uint8_t*)0x20000dad = 0; *(uint8_t*)0x20000dae = 0; *(uint8_t*)0x20000daf = 0; *(uint8_t*)0x20000db0 = 0; *(uint8_t*)0x20000db1 = 0; *(uint8_t*)0x20000db2 = 0; *(uint8_t*)0x20000db3 = 0; *(uint8_t*)0x20000db4 = 0; *(uint8_t*)0x20000db5 = 0; *(uint8_t*)0x20000db6 = 0; *(uint8_t*)0x20000db7 = 0x14; *(uint32_t*)0x20000db8 = htobe32(0x4d2); *(uint8_t*)0x20000dbc = 0; *(uint16_t*)0x20000dc0 = 0xa; *(uint32_t*)0x20000dc4 = htobe32(0xe0000001); *(uint32_t*)0x20000dd4 = 0x3502; *(uint8_t*)0x20000dd8 = 4; *(uint8_t*)0x20000dd9 = 3; *(uint8_t*)0x20000dda = 1; *(uint32_t*)0x20000ddc = 0xbba; *(uint32_t*)0x20000de0 = 0; *(uint32_t*)0x20000de4 = 0x8000; syscall(__NR_setsockopt, r[128], 0x29, 0x22, 0x20000d00, 0xe8); *(uint32_t*)0x20000e00 = r[131]; *(uint16_t*)0x20000e08 = 2; *(uint16_t*)0x20000e0a = htobe16(0x4e20); *(uint8_t*)0x20000e0c = 0xac; *(uint8_t*)0x20000e0d = 0x14; *(uint8_t*)0x20000e0e = 0x14; *(uint8_t*)0x20000e0f = 0xaa; *(uint8_t*)0x20000e10 = 0; *(uint8_t*)0x20000e11 = 0; *(uint8_t*)0x20000e12 = 0; *(uint8_t*)0x20000e13 = 0; *(uint8_t*)0x20000e14 = 0; *(uint8_t*)0x20000e15 = 0; *(uint8_t*)0x20000e16 = 0; *(uint8_t*)0x20000e17 = 0; *(uint16_t*)0x20000e88 = 0; *(uint16_t*)0x20000e8a = 3; *(uint32_t*)0x20000ec0 = 0x90; syscall(__NR_getsockopt, r[125], 0x84, 0x1f, 0x20000e00, 0x20000ec0); syscall(__NR_ioctl, r[125], 0x2272, 0x20000f00); syscall(__NR_ioctl, r[125], 0x700f); *(uint64_t*)0x20001000 = 0x20000f40; *(uint16_t*)0x20000f40 = 0x1f; *(uint8_t*)0x20000f42 = 9; *(uint8_t*)0x20000f43 = 5; *(uint8_t*)0x20000f44 = 0; *(uint8_t*)0x20000f45 = -1; *(uint8_t*)0x20000f46 = 0x9e; *(uint8_t*)0x20000f47 = 7; *(uint8_t*)0x20000f48 = 9; *(uint32_t*)0x20001008 = 0x80; *(uint64_t*)0x20001010 = 0x20000fc0; *(uint64_t*)0x20001018 = 0; *(uint64_t*)0x20001020 = 0; *(uint64_t*)0x20001028 = 0; *(uint32_t*)0x20001030 = 0x80; syscall(__NR_sendmsg, r[128], 0x20001000, 0x8c0); *(uint8_t*)0x20001040 = 1; *(uint8_t*)0x20001041 = 2; syscall(__NR_write, r[125], 0x20001040, 2); res = syscall(__NR_socketpair, 5, 5, 0, 0x20001080); if (res != -1) { r[132] = *(uint32_t*)0x20001080; r[133] = *(uint32_t*)0x20001084; } *(uint8_t*)0x200010c0 = 0xfe; *(uint8_t*)0x200010c1 = 0x80; *(uint8_t*)0x200010c2 = 0; *(uint8_t*)0x200010c3 = 0; *(uint8_t*)0x200010c4 = 0; *(uint8_t*)0x200010c5 = 0; *(uint8_t*)0x200010c6 = 0; *(uint8_t*)0x200010c7 = 0; *(uint8_t*)0x200010c8 = 0; *(uint8_t*)0x200010c9 = 0; *(uint8_t*)0x200010ca = 0; *(uint8_t*)0x200010cb = 0; *(uint8_t*)0x200010cc = 0; *(uint8_t*)0x200010cd = 0; *(uint8_t*)0x200010ce = 0; *(uint8_t*)0x200010cf = 0xaa; *(uint32_t*)0x200010d0 = 0x3a; *(uint32_t*)0x200010d4 = r[126]; syscall(__NR_ioctl, r[133], 0x8916, 0x200010c0); *(uint16_t*)0x20001100 = 0x28; *(uint16_t*)0x20001102 = 0; *(uint32_t*)0x20001104 = 0; *(uint32_t*)0x20001108 = 0x4d3; *(uint32_t*)0x2000110c = 0; syscall(__NR_connect, r[128], 0x20001100, 0x10); *(uint64_t*)0x20001280 = 0x20001140; *(uint16_t*)0x20001140 = 0x10; *(uint16_t*)0x20001142 = 0; *(uint32_t*)0x20001144 = 0; *(uint32_t*)0x20001148 = 0x48000000; *(uint32_t*)0x20001288 = 0xc; *(uint64_t*)0x20001290 = 0x20001240; *(uint64_t*)0x20001240 = 0x20001180; *(uint32_t*)0x20001180 = 0x14; *(uint16_t*)0x20001184 = 0x2e; *(uint16_t*)0x20001186 = 0x6d5e; *(uint32_t*)0x20001188 = 0x70bd25; *(uint32_t*)0x2000118c = 0x25dfdbfd; *(uint8_t*)0x20001190 = 0x14; *(uint8_t*)0x20001191 = 0; *(uint16_t*)0x20001192 = 0; *(uint64_t*)0x20001248 = 0x14; *(uint64_t*)0x20001298 = 1; *(uint64_t*)0x200012a0 = 0; *(uint64_t*)0x200012a8 = 0; *(uint32_t*)0x200012b0 = 0x20000010; syscall(__NR_sendmsg, r[133], 0x20001280, 0x80); *(uint32_t*)0x20001300 = 0xc; syscall(__NR_getsockopt, r[132], 0, 0x486, 0x200012c0, 0x20001300); memcpy((void*)0x20001340, "\x69\x63\x6d\x70\x36\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2000135d = 0; *(uint32_t*)0x20001380 = 0x1e; syscall(__NR_getsockopt, r[128], 0x29, 0x45, 0x20001340, 0x20001380); *(uint32_t*)0x20001440 = 0x68; syscall(__NR_getsockopt, r[125], 0, 0x483, 0x200013c0, 0x20001440); res = syscall(__NR_socket, 0x1b, 0x801, 0x7f); if (res != -1) r[134] = res; *(uint32_t*)0x20000000 = 5; syscall(__NR_setsockopt, r[134], 0x119, 1, 0x20000000, 4); syscall(__NR_ustat, 0, 0x200000c0); *(uint8_t*)0x20000100 = 3; *(uint8_t*)0x20000101 = 0xf9; *(uint8_t*)0x20000102 = 8; *(uint8_t*)0x20000103 = 5; *(uint8_t*)0x20000104 = 5; *(uint8_t*)0x20000105 = 8; *(uint32_t*)0x20000108 = 1; *(uint16_t*)0x2000010c = 6; *(uint16_t*)0x2000010e = 0; *(uint16_t*)0x20000110 = 9; *(uint16_t*)0x20000112 = 6; memcpy((void*)0x20000114, "\x49\xc8\xe6\xc8\x5e\x5e\xcf\x97\xf3\x52\xf9\x2f\xbd\xea\xc5\x4c\x2d" "\x7f\x81\x12\x67\x3d\x8a\x94\x43\xf4\x3c\x0e\x54\x69\xc0\x3f\x73\xd4" "\x7b\x72\xd3\x23\x7a\x08\x09\x30\x41\x78\x6b\x75\xa2\xf9\x27\x4a\x97" "\x5d\xcf\x17\x5e\xa0\xe3\xe7\xf4\x48\x5e\x1e\x77\xaa\x55\x68\xfb\x50" "\x08\x09\x7b\xad\xa8\x8b\xb1\xa2\xb2\x62\x40\x09\x4a\xd0\x83\xc5\x4f" "\xe4\xe0\x3a\x8f\x15\xbb\x93\x0b\x8e\x53\xbb\xb1\xe7\x52\x3d\x0e\x4d" "\x02\x72\x52\xa0\x57\xa4\x1c\x82\xa6\x4e\x3d\xea\x75\x45\x50\x89\x94" "\x1a\x97\xcc\x3b\x10\xc1\xc9\x32\x0b", 128); syscall(__NR_ioctl, r[134], 0x800448d3, 0x20000100); *(uint32_t*)0x20000240 = 0x6e; syscall(__NR_getsockname, r[134], 0x200001c0, 0x20000240); *(uint32_t*)0x20000280 = 6; syscall(__NR_ioctl, r[134], 0x40047452, 0x20000280); memcpy((void*)0x200002c0, "/dev/input/mice", 16); res = syz_open_dev(0x200002c0, 0, 0x80000); if (res != -1) r[135] = res; syscall(__NR_ioctl, r[135], 0x5385, 0x20000300); *(uint32_t*)0x20000400 = 4; syscall(__NR_getsockopt, r[134], 0x21, 0x11, 0x200003c0, 0x20000400); res = syscall(__NR_getpid); if (res != -1) r[136] = res; *(uint32_t*)0x20000900 = 0xe8; res = syscall(__NR_getsockopt, r[135], 0x29, 0x22, 0x20000800, 0x20000900); if (res != -1) r[137] = *(uint32_t*)0x20000834; res = syscall(__NR_getegid); if (res != -1) r[138] = res; *(uint64_t*)0x200009c0 = 0x20000440; *(uint16_t*)0x20000440 = 1; *(uint8_t*)0x20000442 = 0; *(uint32_t*)0x20000444 = 0x4e24; *(uint32_t*)0x200009c8 = 0x6e; *(uint64_t*)0x200009d0 = 0x200007c0; *(uint64_t*)0x200007c0 = 0x200004c0; *(uint64_t*)0x200007c8 = 0; *(uint64_t*)0x200007d0 = 0x20000500; *(uint64_t*)0x200007d8 = 0; *(uint64_t*)0x200007e0 = 0x20000600; *(uint64_t*)0x200007e8 = 0; *(uint64_t*)0x200007f0 = 0x20000700; *(uint64_t*)0x200007f8 = 0; *(uint64_t*)0x200009d8 = 4; *(uint64_t*)0x200009e0 = 0x20000940; *(uint64_t*)0x20000940 = 0x28; *(uint32_t*)0x20000948 = 1; *(uint32_t*)0x2000094c = 1; *(uint32_t*)0x20000950 = r[135]; *(uint32_t*)0x20000954 = r[134]; *(uint32_t*)0x20000958 = r[135]; *(uint32_t*)0x2000095c = r[135]; *(uint32_t*)0x20000960 = r[135]; *(uint64_t*)0x20000968 = 0x20; *(uint32_t*)0x20000970 = 1; *(uint32_t*)0x20000974 = 2; *(uint32_t*)0x20000978 = r[136]; *(uint32_t*)0x2000097c = r[137]; *(uint32_t*)0x20000980 = r[138]; *(uint64_t*)0x200009e8 = 0x48; *(uint32_t*)0x200009f0 = 0x41; syscall(__NR_sendmsg, r[135], 0x200009c0, 0x4050); *(uint16_t*)0x20000a00 = 1; *(uint16_t*)0x20000a02 = 1; *(uint16_t*)0x20000a04 = 6; *(uint32_t*)0x20000a08 = 6; *(uint32_t*)0x20000a0c = 5; *(uint32_t*)0x20000a10 = 3; *(uint32_t*)0x20000a14 = 5; *(uint32_t*)0x20000a18 = 0; *(uint32_t*)0x20000a1c = 0; *(uint32_t*)0x20000a40 = 0x20; res = syscall(__NR_getsockopt, r[135], 0x84, 0xa, 0x20000a00, 0x20000a40); if (res != -1) r[139] = *(uint32_t*)0x20000a1c; *(uint16_t*)0x20000a80 = 4; *(uint16_t*)0x20000a82 = 0; *(uint16_t*)0x20000a84 = 0x200; *(uint32_t*)0x20000a88 = 6; *(uint32_t*)0x20000a8c = 0xbed; *(uint32_t*)0x20000a90 = 0x40; *(uint32_t*)0x20000a94 = 9; *(uint32_t*)0x20000a98 = 5; *(uint32_t*)0x20000a9c = r[139]; syscall(__NR_setsockopt, r[135], 0x84, 0xa, 0x20000a80, 0x20); *(uint32_t*)0x20000ac0 = 0x200020; syscall(__NR_ioctl, r[134], 0x40047459, 0x20000ac0); *(uint32_t*)0x20000bc0 = 0xa6; syscall(__NR_getsockopt, r[134], 0x29, 0x3b, 0x20000b00, 0x20000bc0); *(uint8_t*)0x20000c00 = 0xfe; *(uint8_t*)0x20000c01 = 0x80; *(uint8_t*)0x20000c02 = 0; *(uint8_t*)0x20000c03 = 0; *(uint8_t*)0x20000c04 = 0; *(uint8_t*)0x20000c05 = 0; *(uint8_t*)0x20000c06 = 0; *(uint8_t*)0x20000c07 = 0; *(uint8_t*)0x20000c08 = 0; *(uint8_t*)0x20000c09 = 0; *(uint8_t*)0x20000c0a = 0; *(uint8_t*)0x20000c0b = 0; *(uint8_t*)0x20000c0c = 0; *(uint8_t*)0x20000c0d = 0; *(uint8_t*)0x20000c0e = 0; *(uint8_t*)0x20000c0f = 0xaa; *(uint32_t*)0x20000c10 = 1; *(uint8_t*)0x20000c14 = 0; *(uint8_t*)0x20000c15 = 3; *(uint16_t*)0x20000c16 = 1; *(uint16_t*)0x20000c18 = 4; *(uint16_t*)0x20000c1a = 9; *(uint32_t*)0x20000c1c = 5; *(uint32_t*)0x20000c40 = 0x20; syscall(__NR_getsockopt, r[134], 0x29, 0x20, 0x20000c00, 0x20000c40); *(uint32_t*)0x20000c80 = r[139]; *(uint32_t*)0x20000c84 = 0xef; syscall(__NR_setsockopt, r[135], 0x84, 0x76, 0x20000c80, 8); *(uint32_t*)0x20000cc0 = r[139]; *(uint16_t*)0x20000cc8 = 2; *(uint16_t*)0x20000cca = htobe16(0x4e24); *(uint32_t*)0x20000ccc = htobe32(3); *(uint8_t*)0x20000cd0 = 0; *(uint8_t*)0x20000cd1 = 0; *(uint8_t*)0x20000cd2 = 0; *(uint8_t*)0x20000cd3 = 0; *(uint8_t*)0x20000cd4 = 0; *(uint8_t*)0x20000cd5 = 0; *(uint8_t*)0x20000cd6 = 0; *(uint8_t*)0x20000cd7 = 0; *(uint16_t*)0x20000d48 = 0x16; *(uint16_t*)0x20000d4a = 7; syscall(__NR_setsockopt, r[134], 0x84, 0x1f, 0x20000cc0, 0x90); *(uint64_t*)0x20001000 = 0x20000d80; *(uint16_t*)0x20000d80 = 1; memcpy((void*)0x20000d82, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00", 108); *(uint32_t*)0x20001008 = 0x6e; *(uint64_t*)0x20001010 = 0x20000ec0; *(uint64_t*)0x20000ec0 = 0x20000e00; *(uint64_t*)0x20000ec8 = 0; *(uint64_t*)0x20001018 = 1; *(uint64_t*)0x20001020 = 0x20000f00; *(uint64_t*)0x20000f00 = 0x20; *(uint32_t*)0x20000f08 = 1; *(uint32_t*)0x20000f0c = 2; *(uint32_t*)0x20000f10 = r[136]; *(uint32_t*)0x20000f14 = r[137]; *(uint32_t*)0x20000f18 = r[138]; *(uint64_t*)0x20000f20 = 0x20; *(uint32_t*)0x20000f28 = 1; *(uint32_t*)0x20000f2c = 1; *(uint32_t*)0x20000f30 = r[134]; *(uint32_t*)0x20000f34 = r[135]; *(uint32_t*)0x20000f38 = r[135]; *(uint32_t*)0x20000f3c = r[135]; *(uint64_t*)0x20000f40 = 0x20; *(uint32_t*)0x20000f48 = 1; *(uint32_t*)0x20000f4c = 2; *(uint32_t*)0x20000f50 = r[136]; *(uint32_t*)0x20000f54 = r[137]; *(uint32_t*)0x20000f58 = r[138]; *(uint64_t*)0x20000f60 = 0x20; *(uint32_t*)0x20000f68 = 1; *(uint32_t*)0x20000f6c = 1; *(uint32_t*)0x20000f70 = r[134]; *(uint32_t*)0x20000f74 = r[135]; *(uint32_t*)0x20000f78 = r[135]; *(uint32_t*)0x20000f7c = r[134]; *(uint64_t*)0x20000f80 = 0x18; *(uint32_t*)0x20000f88 = 1; *(uint32_t*)0x20000f8c = 1; *(uint32_t*)0x20000f90 = r[135]; *(uint32_t*)0x20000f94 = r[134]; *(uint64_t*)0x20000f98 = 0x20; *(uint32_t*)0x20000fa0 = 1; *(uint32_t*)0x20000fa4 = 2; *(uint32_t*)0x20000fa8 = r[136]; *(uint32_t*)0x20000fac = r[137]; *(uint32_t*)0x20000fb0 = r[138]; *(uint64_t*)0x20000fb8 = 0x20; *(uint32_t*)0x20000fc0 = 1; *(uint32_t*)0x20000fc4 = 1; *(uint32_t*)0x20000fc8 = r[134]; *(uint32_t*)0x20000fcc = r[135]; *(uint32_t*)0x20000fd0 = r[134]; *(uint64_t*)0x20001028 = 0xd8; *(uint32_t*)0x20001030 = 0x4000; syscall(__NR_sendmsg, r[134], 0x20001000, 0x40000); *(uint32_t*)0x20001040 = 0x10; *(uint8_t*)0x20001044 = 0x17; *(uint16_t*)0x20001045 = 1; *(uint16_t*)0x20001047 = 7; memcpy((void*)0x20001049, "./file0", 7); syscall(__NR_write, r[135], 0x20001040, 0x10); *(uint32_t*)0x20001080 = 0x8ff; *(uint16_t*)0x20001088 = 0xa; *(uint16_t*)0x2000108a = htobe16(0x4e21); *(uint32_t*)0x2000108c = 0x81; *(uint64_t*)0x20001090 = htobe64(0); *(uint64_t*)0x20001098 = htobe64(1); *(uint32_t*)0x200010a0 = 0; syscall(__NR_setsockopt, r[135], 0x29, 0x2d, 0x20001080, 0x88); memcpy((void*)0x20001140, "hugetlb.2MB.max_usage_in_bytes", 31); syscall(__NR_openat, r[134], 0x20001140, 2, 0); *(uint32_t*)0x20001180 = r[139]; *(uint16_t*)0x20001184 = 0xa; *(uint16_t*)0x20001186 = htobe16(0x4e23); *(uint32_t*)0x20001188 = 0xffffff7f; *(uint8_t*)0x2000118c = 0xfe; *(uint8_t*)0x2000118d = 0x80; *(uint8_t*)0x2000118e = 0; *(uint8_t*)0x2000118f = 0; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0xbb; *(uint32_t*)0x2000119c = 0x579c9411; syscall(__NR_setsockopt, r[135], 0x84, 6, 0x20001180, 0x84); *(uint32_t*)0x20001280 = 4; syscall(__NR_getsockopt, r[134], 6, 0x13, 0x20001240, 0x20001280); *(uint32_t*)0x200012c0 = r[139]; *(uint16_t*)0x200012c4 = 0x8001; *(uint16_t*)0x200012c6 = 1; syscall(__NR_setsockopt, r[134], 0x84, 0x7c, 0x200012c0, 8); memcpy((void*)0x20001300, "/dev/dsp#", 10); syz_open_dev(0x20001300, 5, 0x240); memcpy((void*)0x20001340, "./file0", 8); memcpy((void*)0x20001380, "./file0", 8); syscall(__NR_link, 0x20001340, 0x20001380); return 0; }