// https://syzkaller.appspot.com/bug?id=659c6d9af70cf46de2e8231f72f11097df44f72e // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include static uintptr_t syz_open_pts(uintptr_t a0, uintptr_t a1) { int ptyno = 0; if (ioctl(a0, TIOCGPTN, &ptyno)) return -1; char buf[128]; sprintf(buf, "/dev/pts/%d", ptyno); return open(buf, a1, 0); } static void execute_one(); extern unsigned long long procid; void loop() { while (1) { execute_one(); } } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void execute_one() { long res = 0; memcpy((void*)0x20000480, "/dev/ptmx", 10); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000480, 0x201, 0); if (res != -1) r[0] = res; *(uint32_t*)0x20000040 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0; *(uint32_t*)0x2000004c = 0; *(uint8_t*)0x20000050 = 0; *(uint8_t*)0x20000051 = 0; *(uint8_t*)0x20000052 = 0; *(uint8_t*)0x20000053 = 0; *(uint32_t*)0x20000054 = 0; *(uint32_t*)0x20000058 = 0; *(uint32_t*)0x2000005c = 0; *(uint32_t*)0x20000060 = 0; syscall(__NR_ioctl, r[0], 0x5403, 0x20000040); *(uint64_t*)0x20001500 = -1; memcpy( (void*)0x20001508, "\x4b\x75\xe0\x6f\xb2\x3d\x3b\x4d\xab\xcf\x09\x99\xaf\xa4\x2f\x45\x0c\x35" "\xe9\x72\x62\x9c\xe4\xc4\x29\x26\x3b\x64\x4d\x6c\x36\x4f\xff\xaf\x8b\x29" "\xde\x96\x01\xe2\x7e\xa7\x32\x10\x38\xd0\x1d\x41\x91\x4b\xc5\x08\x2c\x67" "\x4a\xb8\x37\x4c\x85\x60\x9b\x7b\x9b\x06\x46\xb1\x53\xba\x3b\x91\xd2\xc9" "\xbc\x83\x20\x36\xb1\x77\xde\xf9\x6d\x53\xe8\x9c\xd5\x01\x85\x9a\xe9\x3f" "\x7e\xf4\xa2\xbb\x31\x1d\xb8\xa1\x49\x0c\x96\xd2\x2c\x3f\xe2\x67\x89\x4b" "\x94\x83\xfd\x59\x1d\x31\x7b\x72\x00\x0c\x64\xd1\x85\x51\x0b\x15\xe2\xd0" "\x22\x37\xc1\x40\x3c\x87\xdb\x1f\x88\x76\x90\x84\xb4\x49\x96\x1c\x91\x14" "\x70\x79\xe9\xa6\x28\xef\xc9\x40\x3e\xb7\xdb\x66\x07\x88\x8a\x39\x81\xce" "\x49\xa1\x62\x70\x47\xae\xb5\x30\xdf\x7f\xc7\x6b\xdb\x50\x8e\x03\x4b\xc4" "\x08\x70\x96\x4d\x1a\x0d\x1e\x09\xeb\x6f\x16\x00\x45\xf3\x26\xb2\xeb\x4c" "\x30\x9f\x31\x82\x3a\xe5\x1e\x3f\xa1\x71\x9d\x87\x96\x6e\x08\xd0\x43\x3e" "\xe9\x89\x12\x8d\x99\xa6\x0a\xda\xa0\x8e\x8c\x0a\x9e\xa5\x08\x47\xcd\x6d" "\x3d\x2a\xa3\x45\x71\x4a\x56\x0b\xc4\x7a\x8b\xa9\xaf\x8f\x32\x5d\x46\xfd" "\x9f\xbf\xff\x86\x5e\xcb\x3e\x8b\x81\x1b\xc2\xd7\xed\x65\xbf\x55\xf3\x04" "\x23\x75\x1d\x02\xba\x0d\xf0\x19\x1e\x9c\xee\x26\xde\xb4\x4a\x2c\xca\xa5" "\xb9\xc1\xaa\x74\x7d\x6e\x5d\x46\x06\xb1\x5e\xf0\x5d\xae\x63\xc6\x1d\xb4" "\x52\x45\x07\x1e\x8e\xb2\xe5\x0f\x37\x38\xab\x08\x43\x2c\x67\xa8\x1f\x9c" "\xb3\x4c\xec\x1f\x69\x96\xf0\x21\xab\xc6\x24\x34\x07\x55\xe0\xa5\xa5\xd7" "\xa0\x3c\xc9\x6c\xdd\x03\xb5\xa9\x69\x77\x28\x10\x42\x38\x92\x83\xaf\xf9" "\xaa\x8e\x06\x1c\x2d\x34\x5e\x99\x20\x0d\xcb\xf0\x58\xe5\xb2\x67\x1f\x53" "\x1e\x91\xb7\x2f\x4c\xb7\x9f\x17\x7e\x09\xcf\x6e\x91\x73\xb2\x65\x92\x45" "\x8d\x9e\xcf\xc9\xa3\xbd\x7a\xbb\x62\xf5\xb0\xe5\x5d\xd1\x40\x44\x4a\xae" "\xde\x3c\xb7\x3f\x09\xaa\x54\x6c\xc4\xf0\x88\xc3\x4c\xe3\xc7\x97\xe7\xf4" "\xb9\xb5\x2c\xa8\x57\x2c\x1e\xa4\x3c\x11\x3a\xc5\x26\x1c\x59\xba\x3c\x2e" "\xf7\x9c\xd0\xb3\x0b\x66\x34\x14\x61\x78\xbd\x1d\x79\x0b\x57\x92\xaf\x8b" "\xc0\xb7\x24\x96\x25\x01\xd0\x1d\x44\xcf\xce\x50\xe1\xbf\x4e\xd4\x05\xc6" "\x2c\x52\xfa\x56\xc0\x59\xe2\x29\xde\xcd\x7c\x34\x96\x12\xc7\x48\x29\x72" "\x4e\x11\xc1\xc1\xc6\x47\xd6\xa2\xc0\x83\x2d\xcc\x7f\x6e\x56\x97\xa5\x22" "\x07\xc6\x62\xb7\x9c\x30\x18\xe8\x40\xcc\xa8\xde\x36\x9f\x80\x8c\x78\x87" "\x5f\x29\x43\x20\x1b\x29\xd5\xf5\x05\xc2\xdd\x8c\x3c\xe3\xf4\x8a\x4c\x62" "\xf0\xad\x26\x23\x07\xb2\xd8\x28\x1a\xdb\xc2\xf8\xdd\x3e\x99\x2a\x4e\xd0" "\x83\x71\xc1\x6a\xe8\x9e\x59\xf7\xea\xe8\x31\xca\x61\xcb\xd2\xa7\x57\xc5" "\xd5\x29\x56\x47\x20\x83\x3c\x93\x2c\x51\xb2\xb7\x57\x6f\xaa\xe7\xc5\x93" "\xe3\xe0\x24\x4b\x0b\xd2\x06\x8d\xa8\xe5\xee\x75\xad\x11\x83\xa5\xd4\x76" "\x48\xd8\x20\xe6\xf3\x53\x88\x64\x83\x5d\x48\xac\x36\xaa\x86\x59\xc7\x30" "\x0f\x51\x64\x57\x62\xd5\x71\xde\x03\x65\x1f\xab\x71\x19\x27\xc8\xbf\x37" "\xc6\x2e\xc1\x28\xa4\x15\x7b\xf6\x78\xb6\x4c\x34\xbe\x6c\x69\x7d\x08\xf2" "\xbc\x29\xa8\x4b\x8f\x9f\xdc\xdf\xac\xda\x06\xad\x2f\x06\xb8\xee\x9e\xf8" "\xb4\x9f\x96\x03\xc1\xc3\x7a\x83\x6c\x01\x0c\xc5\x5d\xce\x48\x23\x76\x77" "\xec\xb7\xa0\xf8\xa8\x35\x84\x91\xb8\x3f\x29\x44\x48\xe0\x54\x3a\x4b\x94" "\x19\x8a\xab\x49\x2e\xb5\x1a\xda\x4a\x66\x3a\xd6\xe3\x3f\xca\xca\x66\x77" "\xc4\xcf\x06\x6a\x0a\xd5\xbc\xc7\xe2\x6d\x62\x60\x9c\xc6\xd6\xf8\x82\x0f" "\xf7\xde\xa2\x2e\x91\x88\x2c\xa1\x97\x64\xa5\x0b\x48\x36\x3d\x15\xbb\x71" "\xa4\xc3\x2b\xf2\x35\x79\xb8\xe1\x24\x3f\x9a\x2c\x19\xd8\x7e\x67\x21\xba" "\x72\x97\xc7\x00\x9b\xe0\xa7\xb2\x98\xde\xc5\x49\x01\xc6\x15\x4e\x70\x8e" "\x30\x57\x3d\x90\x3c\xb2\x2d\xa6\x58\xe1\x70\xe7\x48\xff\x22\x81\x84\x0b" "\x75\xa5\xdb\x48\xec\x4d\x13\x98\x2d\x8b\x55\x30\xe5\xd0\x89\x61\x52\x31" "\x72\x95\x51\x56\x45\x18\x1f\x0d\xe8\xfb\xe8\x20\x56\xd5\x2d\x75\x71\x65" "\xf4\xb5\xac\x01\x7c\x13\x71\xea\x86\x50\xba\x73\x8a\xa8\x36\x58\x86\x00" "\x13\x32\xbd\x4e\x8a\x7f\xd7\x50\x02\xeb\x2b\xa0\x11\x9a\xf1\x3e\xc8\x14" "\x0c\xad\x3f\x47\x8a\x10\x60\xa6\x01\xd9\x87\x23\x01\xd2\xf8\x5d\x38\x90" "\x5e\xb0\x59\x72\xf5\xe5\x5d\xab\x6b\x5b\x9c\x1d\x8d\xec\x70\x87\xd9\x47" "\x81\xbd\x9c\x25\xa1\xd0\x5c\xd1\xd8\x6e\x63\x5b\xd4\xb1\x3c\x35\x22\xe6" "\x23\xfc\x92\xd5\xad\x61\xf3\x19\xa8\x2d\xeb\x8b\x55\x2b\x57\x14\xfe\x95" "\xdb\x16\x8e\x6b\xc1\x70\x67\x39\xa8\x37\xf6\x4a\x85\xb6\xe2\x18\xaa\xf8" "\xf8\xc6\x50\x7c\x7f\x5b\x2e\x8b\x86\x5b\x1e\x95\x15\x19\x12\x9b\x7e\xd4" "\x75\xba\xe4\x88\xbf\x8e\x2e\x56\xb8\x83\x5f\xc9\x61\x1c\x15\xc8\x6e\x2d" "\x25\xa0\xb3\x33\xf0\xdc\xf3\xb7\xa5\x86\x5c\xff\xff\x9d\xa7\x19\xe9\x49" "\x7c\xf0\x85\x06\x3b\xe8\x0f\xae\x84\x10\x73\xd3\xca\x5b\xe4\x3d\x6e\xa3" "\x68\xf1\xd8\xb6\x66\x95\x50\x7d\xa0\xf5\x86\x9e\xa4\xf2\x9b\xfb\x1c\xd6" "\xa8\x53\xb7\x0f\x25\xb9\xc5\xd2\xc4\xf5\xee\x81\x54\xbe\xf9\x09\xc0\xe9" "\xc8\x5b\xad\x35\x28\x08\x14\x6b\xbb\x6a\x2f\xd2\xae\x5c\xf6\x48\x88\x25" "\x91\x6a\x19\xb3\x62\xf9\x34\x7b\xb7\x9f\x9a\x61\x83\x47\x4a\x99\xf6\x48" "\x9f\x46\x5a\xfa\x77\x8a\x8e\xb8\xf6\x66\x75\xd3\xb3\xaa\x20\xb0\xcb\x3e" "\x0b\x5f\x29\x2e\x0d\x7f\x46\x68\xbe\x70\x7b\x51\xbc\xae\x12\xd3\x05\xda" "\xdc\x22\x0c\xf7\x95\x71\x11\xec\xdb\x33\x4d\x58\x9e\x5c\x4c\x57\x1a\x18" "\xe1\x75\x24\x8b\x01\x0b\x2a\x4c\x54\x08\x93\x30\xef\x7f\xfe\xb2\x38\x7c" "\x5a\xdf\xd4\x29\xa2\x8b\x9b\x4e\xe1\xe0\x77\xad\xe5\xac\x34\xf4\x97\x2f" "\x89\xab\x4a\xa7\x5a\xda\x81\xe3\x0b\x7a\x73\x70\x5e\xfa\xdd\xb9\x82\xb9" "\xe9\x70\x74\xde\x7b\xae\x16\x32\x89\x8e\x02\x68\x6e\xbd\x79\x46\xdf\x87" "\x2d\x25\xee\x70\x7c\x9c\xb1\x3e\xc7\x98\x09\x8e\x4e\xda\xbe\xbd\x65\xa2" "\x3b\x5b\xb3\x21\x94\xea\x36\xee\x95\xe6\x45\x57\x7c\x13\x69\xf8\x20\xd7" "\x8b\xe9\xb1\x91\xa2\xc0\xf9\x4d\xab\x3c\xda\x1b\xfd\x49\x8b\x34\x96\x50" "\x4e\x6e\xda\x34\x30\xae\x4b\x84\xc9\x64\xe9\xd0\xa5\x8d\x5d\x75\xa4\x12" "\xf3\x89\x7d\xb3\x57\x13\x8d\x4a\xd4\x1a\x48\x06\x6d\x4b\x6d\xaa\x5d\xa5" "\xd1\xd9\x9d\x8a\xc0\x1a\x6f\xc1\x7f\x9b\xcb\x46\x04\xe5\x60\xf6\xec\x8a" "\x92\xed\x8b\x60\xbf\x53\x40\x71\x3e\x52\x81\x77\xdb\xd4\x96\xd9\x4f\x2c" "\xc1\x41\x07\xb5\xa9\xb4\xdf\x7b\xd2\xb2\xe3\xd9\x5a\x0c\xf8\x4a\x47\xe6" "\x7a\x9d\xfa\x38\x24\x20\x43\x79\x50\xa4\x07\x66\xf4\xa5\x2b\xf0\x3a\x5d" "\x63\xf9\xe4\x63\x40\x99\x15\x56\x7f\x69\xe9\x43\x7c\xf0\xf6\x97\xf6\xfe" "\x20\x18\x72\x0a\xae\x61\x28\x7b\x42\x9b\x4d\x2d\x64\xbf\xed\xef\xb3\x91" "\x70\x39\x26\xca\x71\x0c\xac\x57\xe1\x57\xc1\xc6\x6d\x87\xe6\x9b\x81\x7a" "\xc5\xa9\x67\xe1\x30\x8f\x9c\x2d\x33\xd1\xa7\x68\xe1\x8a\xe0\xa2\xfa\xbf" "\x74\x6f\x80\x8c\x97\x76\x48\x6b\x75\x72\x21\xd4\x8e\x80\x1d\x9d\x42\x68" "\xc9\xe2\x5f\xeb\x49\xfb\x01\x7c\x81\x0e\x90\xc2\x1f\x61\x18\xc7\x2f\x6e" "\x2b\x3d\x33\x99\x81\x8a\x8e\x0a\x89\x22\xc5\xa0\xdf\x8a\x4c\xea\x00\x5f" "\x8d\xc1\x73\x13\xca\x17\x7d\x69\x9b\x73\x24\xb8\xcc\x68\x53\x0f\xe8\x16" "\x59\x14\xf1\x34\x16\x9c\x1d\xf7\xeb\x50\x62\xaa\xd1\xb5\x31\x8c\xb4\x4c" "\xa4\xfd\x8a\xf7\xa5\xd1\x7f\xb5\x65\x2d\x9c\x73\x5c\xe1\x96\xf5\x09\xdd" "\xd0\xd3\x9e\x7a\xe5\x9b\x48\x6d\x2c\xa0\xe5\x53\xee\xbe\xc1\x51\xd3\x2d" "\x39\x8b\xfc\x8a\x5d\xfc\x53\x22\x37\x85\x8a\xee\xc9\xf0\xe7\xb8\x19\x50" "\xd3\xe0\x42\x37\x73\xe7\x34\x52\xf1\xe8\x8a\x28\x9b\xfe\x67\x61\xda\xd2" "\xc2\x5f\xdb\x45\x52\x7b\x89\x73\x0f\xc3\xb9\x40\x55\x4c\xca\x33\xc2\x5f" "\xe0\x98\x64\x1a\x93\x81\xd6\xc9\x12\xdf\x74\x6d\x7a\xaf\xb9\xac\xb4\x50" "\xaa\xff\x30\x27\xee\xd3\xe4\x95\x58\x0f\x60\x40\x52\xb2\x9e\x29\x25\x1f" "\xa0\x0b\x6a\xdb\x83\xa2\xdd\x5c\xbe\x1e\xc3\xcb\xc0\xdf\x97\x7e\x73\x50" "\xe9\xe8\x0d\x28\xd8\xc0\x2b\xf4\x54\xf7\xf0\xd7\x9f\x61\x0d\xc7\x81\x5e" "\x25\x0f\x33\xbc\x10\xdc\xb4\xe3\x39\xbd\xdd\xff\x10\xb2\xc7\x0a\xb8\xee" "\x21\x41\x27\x32\xdf\xfb\xdd\x53\x24\x5a\x3f\x7a\x4c\xfe\xf6\x9b\x77\xb3" "\x0f\x54\x54\xa5\x15\xad\x44\xe7\x58\x4e\xd4\x9b\x27\x71\x38\x43\xed\x19" "\xd3\x59\xbb\x80\x45\xc6\xc9\x70\x0a\x8c\xbc\xc1\x9e\x20\x80\xb4\xb4\xef" "\x75\x9b\xae\x6f\xa1\xea\xc1\xaf\xc3\xb2\x5d\x33\xa2\xad\x63\x17\x10\xad" "\xe9\x6a\xfa\x64\x8e\x65\xa5\x74\x97\xfa\xb0\x6e\x0a\x4c\x1a\x45\x94\xac" "\x3a\xca\x7f\x2e\x8b\x8c\x5f\x13\x8e\xf9\xfc\x45\xb5\xca\x99\x4b\x52\x13" "\x92\xba\x1b\x98\x6b\xa7\x09\x33\x76\x06\x2a\x91\x42\x20\xaf\xa2\xdf\x56" "\x3c\x0a\x1b\xce\x72\x41\xe1\xd9\x10\xbd\x1a\x57\x5c\x15\xd7\x7a\x81\x8a" "\x78\x12\x9e\x7f\x1c\x1d\x53\x71\x30\xbf\x86\x87\x38\xd9\x96\x75\x33\x97" "\x0f\x25\x56\x8b\xc4\xc5\x16\xf7\x08\xe6\xe9\xb3\xd6\xac\xca\xd3\xff\x22" "\x46\x50\xa9\xb5\xb3\xac\x21\x00\xcc\x44\x73\x70\x85\x46\x46\x18\x3a\x7a" "\xc7\x24\x12\x29\x9b\xfb\x6e\xf2\xb9\x44\x8c\x45\x9a\xf3\x2e\xdd\x12\x5e" "\x7d\x66\x91\xdf\x5d\xec\x52\x5f\x76\x73\x35\x0d\x4b\x85\x0c\xc7\x95\x41" "\x32\x52\xcb\xbb\x9a\xf1\x01\x33\xcc\x24\x3f\x9c\xdd\x6a\x74\x9a\x99\x32" "\xe8\xc5\xd7\x76\xb4\x3b\x23\x04\x82\xe0\xd4\x73\x1a\x40\xf8\xf4\x15\x08" "\xa4\xce\x44\xa1\xab\x10\x76\x5b\xeb\xd3\xeb\x1b\x59\x5f\x93\xbf\x08\xa4" "\xfc\x9f\x2e\x51\xef\xa1\xd2\x7a\x6d\x32\xd7\x0b\xe0\x45\xd4\x4d\x3c\xa9" "\x4f\x9a\x71\xb4\xb0\x7d\x46\xb2\x4d\xaf\x0c\x8b\x06\x82\x6b\x06\x01\xb0" "\x43\x50\x1c\xa9\x6d\x55\xd8\x83\x75\xa1\x51\xbe\x71\xd1\xa2\x23\x39\xfb" "\x8d\x58\x19\x5f\xdc\x1b\x39\x1d\xe5\xc3\x12\xd9\x62\x7a\x51\x6a\x37\x63" "\x41\x95\x29\xbb\xd9\x0f\xf0\xab\xee\x78\xdb\xbd\x67\x27\x82\xe8\x64\x1a" "\xd6\xe0\x1d\x1b\xdd\xe1\x39\x4a\x32\x55\x1e\x76\x66\xb7\x53\xb6\x34\x79" "\xba\x5d\xbf\xd8\x7d\x3f\x86\x3e\xa9\x34\xe9\xf9\xd3\x73\x6b\x4e\x4a\xed" "\x16\x9e\x81\x64\x62\x00\x29\xee\xd3\x85\xfd\xe5\x0c\x2b\x85\xc2\xd1\x3b" "\x46\xb2\x4d\x75\x53\xf3\xff\x21\xa6\xac\xec\x12\xc4\xba\x87\x74\x26\xaf" "\x6e\x47\x8f\x73\xf0\x8f\x09\xa2\x6a\xe2\x52\xa0\x71\xac\xfb\x81\xd0\xa3" "\x15\x8e\x9c\xfe\xa9\x9c\x17\x65\xeb\x56\xaa\xd2\x95\x5f\x25\xdc\x2a\xa1" "\xc5\x46\xb1\x6e\x4f\x1b\x07\xf8\xea\xba\xc0\x51\x45\xf7\x6d\x26\xcb\x5f" "\x43\x1e\xb5\x42\x16\x84\xfc\xf0\x3d\xcb\x67\x8f\x83\x20\x34\x41\x85\x07" "\x1c\x70\xfb\xfb\xa5\x4c\xe3\x2e\xeb\xdc\xb1\x37\x30\x7e\x73\x4a\x68\xe6" "\xc7\xf9\x9d\xfc\xde\xa5\xe1\xfd\xc2\x14\x85\x11\xf3\x8b\x27\xc3\x3b\x17" "\x61\xe6\x00\xba\xbe\xf2\x1c\xaf\x81\x69\xf8\xe0\x82\xc0\xf3\xed\x6d\xad" "\x0e\x67\x9e\xa3\x91\x61\x8b\x50\xde\x53\x7a\xcf\x0e\x32\x9b\x3a\x3e\x7c" "\xe3\xb6\x94\x7c\x0d\xfa\xa8\x7d\x08\x9f\x8d\x2e\x8f\x73\x00\x98\x04\x82" "\x1e\x16\x4e\xb2\xb2\x58\xda\x29\x1a\x2f\xb8\x5d\x76\x21\x2d\xb7\x1f\x66" "\x17\x7c\x4b\x9a\xe4\xfe\x57\x01\x81\x29\xee\xdc\x91\xae\x17\x22\xa8\xc7" "\xae\x2d\x8b\xe0\x6c\xd9\xdd\x7b\x01\xb9\xfe\xe6\x45\x94\x12\x14\x27\xf5" "\xa0\xf5\x28\x7e\x0f\x1d\x0b\x1f\xed\xea\x56\xb9\xe2\xd2\x63\xcd\xd8\xfa" "\xb3\xf0\x62\xad\x99\x32\xd3\x6c\x4c\x44\x34\x67\x31\x38\xb0\x8b\x59\x10" "\x4f\x30\x4f\xd4\xab\x49\xba\x09\xbe\x98\x6c\xf9\xbf\x7e\xcd\xdf\x52\xf2" "\x1c\x30\xe3\xe5\x4e\xb9\x04\x33\xb0\xb8\x45\x4a\x38\x8e\xaa\x8d\x7b\x6e" "\xc2\xb1\x7d\x26\x4b\xb6\x55\x06\xb2\xef\xdf\x6d\xe0\x23\xe4\x33\xdf\x41" "\xf9\x7e\x13\xf6\x06\x38\xf6\x87\xf5\x9d\x6e\x1e\x52\xd0\x77\x9c\x82\x31" "\xec\xe1\x56\x4b\x05\x9e\xf6\xed\x31\xc7\xc3\x3c\xee\xae\xdf\x2d\xd5\xe8" "\xee\xa6\x08\xe9\xb4\x6e\x6b\x2a\x92\x2a\x46\x25\x56\x78\x5b\x42\xa8\x0f" "\x46\xd7\xd9\x80\x3e\x29\x41\x78\x98\x0f\xdb\xd5\x72\x03\x77\x84\x6a\x85" "\xaf\x8e\x76\xd7\x5a\x35\xc8\x0a\x77\x29\x77\x16\xab\x2b\x33\x4d\x7c\x8e" "\xba\xf2\x38\x90\xc5\xd8\xe2\x56\xcc\xff\xeb\x77\x85\x62\x95\xe5\xa8\x4f" "\x75\x61\x81\x66\x96\x69\xf0\x28\x3b\xa0\x72\x1d\xa8\x32\xfd\xd4\x14\xab" "\xa9\x7a\xde\x0a\xea\x3a\xce\x0b\xb8\x6d\xe8\x23\xd4\xb4\xfd\xa5\x73\x1c" "\x58\xf2\xe1\x84\xae\x23\xa6\xc4\x43\x2b\x4f\xbd\xd2\x3e\x76\x02\x62\xc8" "\xa0\xef\x7a\xfc\xdd\x98\x6c\x73\x5b\x49\x82\x02\x69\x41\x37\x62\x3d\x80" "\x6a\xff\x78\x16\x96\x7a\x3c\x81\xee\xae\x42\x27\xe6\xe3\x11\xfb\x32\x40" "\xe9\x11\x17\x99\xb3\x75\x87\xfc\xac\x24\xd6\x84\xa8\x76\xfd\x5b\xf4\x8a" "\x9b\x4a\xbc\x3e\xa8\x2a\x92\x13\x71\x3c\xf1\x22\xb3\x43\xda\xdd\x9a\xaa" "\xc1\x8b\x3c\x4f\x86\x02\x5c\xb4\x71\x58\xe9\xe4\x31\xff\xa8\xf8\x67\x27" "\xcd\x02\xac\x6c\xe6\x66\x1f\x1e\x29\xc1\x55\xfc\xdd\xf6\x0b\x61\x88\x47" "\x33\x08\x2f\xcc\x03\x10\xdb\x13\x63\x7b\x4a\xc6\xd9\xb4\xd0\x9f\x45\xcb" "\x90\x81\x53\x93\x8e\x43\x5e\xc9\x59\x7d\x62\x57\x76\x32\x84\x7e\x21\xd0" "\xbc\xde\x8b\x59\x89\x5b\x8a\x26\x1b\x67\xac\x63\xcd\x5c\xb3\xf3\x76\x05" "\xde\xc0\x74\x31\x2e\x84\x52\xd3\x89\x67\x55\xc3\xb1\xa1\x1b\x23\x72\xc7" "\xa0\x72\x7d\x9a\x48\x36\x29\xa0\x2d\x35\x31\x42\x88\xba\x35\x60\x6d\x4a" "\xd2\x78\x7f\x1c\x3a\x48\x6a\x0f\xfd\x75\xb1\x51\x07\x07\xe7\x81\x5e\x3a" "\x31\x8c\x7e\x60\x3e\x32\x9d\xc7\xe7\x64\x73\xa4\x86\x39\x17\x46\x2f\xdb" "\x7a\xf6\xa9\x6b\x8f\x64\x1c\xde\xc5\xf5\xcf\xf3\x84\x49\x09\xd5\x6f\xbc" "\x97\x90\xcc\xda\x5c\xd9\x65\x30\xe3\x9a\xb2\xb1\xd9\x5d\x25\x70\xe2\x07" "\x64\xee\x18\x7e\x42\xf4\xcc\xeb\xca\x08\xad\x99\xc5\x65\xb8\xfe\xbe\x45" "\x5d\xe5\xfd\x72\x9f\x06\x45\x26\xed\x3c\x1a\xf3\x31\x61\x3d\x34\x95\xc4" "\x54\x0c\x69\x03\x41\xd0\xf6\x29\x97\xb4\xb3\xcc\x8b\xee\x00\xf3\x10\xe1" "\x59\x4b\x8b\x1d\x73\xaa\x1a\x3a\xd9\xa9\x36\x19\x04\xa0\x50\x3f\x24\x46" "\xb6\x78\x26\xc2\x45\x3b\x36\xcb\x96\x6e\xc9\x99\x4d\x8a\xda\x5a\x7d\xb8" "\x15\x72\x47\xba\xed\x02\x26\xc8\x39\x83\xec\x02\xbb\x08\xec\x3f\xa4\xa5" "\x93\x5b\xb4\x80\x4d\x63\x34\x35\x49\x8b\x9f\xd7\x50\xb4\x33\xbc\x8c\x9a" "\xf6\x28\x89\x7c\xe8\x00\xd4\x4f\x1a\xc0\x8c\x4e\xc1\x2c\xa9\xac\x70\x7e" "\x88\x5a\x18\xd2\x38\x26\x03\x6d\x97\xd0\xa3\xc2\xe9\x34\xb3\x97\xd5\x6e" "\x14\x4b\x82\xfe\xa9\xcc\x0c\x90\xaf\x54\x9e\x0e\xa8\x37\x06\x68\xa8\x4f" "\x41\xc4\x97\x22\x5b\x69\x4f\x95\x10\xec\xb8\x9a\x07\xa0\x3c\xb0\x67\x1d" "\x24\xde\x06\x3a\xff\x64\x37\x03\x3f\x43\x58\x29\xf6\x4a\x3c\xd3\x5d\x9f" "\xf8\x0f\xf1\x9c\xef\xc9\x64\xc4\xb6\xc5\x85\x95\xab\xf9\x09\x90\x73\xb9" "\x7c\x60\xba\x55\x70\x70\x54\x12\x06\x85\x40\x01\x68\x94\x63\x30\x7a\x7f" "\x82\xfb\x21\x64\x0b\x37\xc6\x0f\xb9\x43\xf0\x07\x04\x98\x7e\x60\x29\x91" "\x20\xbb\x38\xb0\x4e\x22\x77\x31\xed\x04\xf5\xc8\x57\x61\xd1\x73\x58\x23" "\xfb\x46\xcc\x4f\x67\xae\x6d\x99\x86\x6f\x90\x48\x38\x42\xfa\x02\xe8\xc3" "\x6d\x0f\x6c\x28\x6e\x63\xd0\x0c\x7a\x52\x27\x16\x84\xf3\xce\x0a\xd1\x0c" "\xbe\x6c\x73\xaf\x16\xb7\xa5\x9d\x77\xda\xda\x46\xe9\x90\x3d\x3c\x71\xd6" "\x08\x7e\x9d\x2e\xd7\x91\xba\x12\xc1\xa9\xc4\xae\x7d\x6d\x2e\xd3\xee\x34" "\x99\xc5\xa0\x70\xd4\xba\x39\x04\x21\x8a\xe1\xd3\xe6\x38\xc4\x6b\xc4\xd6" "\x14\xd3\xa1\x9f\xb4\x2b\xa1\x40\x80\x8b\x05\xf5\xd9\x31\x90\x3d\x16\x3b" "\x07\x48\xd8\x9f\x52\x1b\x90\x59\x3d\xc6\x71\xcd\x03\x66\x2b\x5c\xd6\x6a" "\x38\xad\xce\x0e\x5c\x74\x87\xaa\x7e\xed\x51\xc8\xd0\x4b\xba\x50\x5c\x81" "\x99\x82\xda\xfb\xb1\xa2\x1d\xd3\x8e\x61\x8d\x8c\x4a\xaa\x70\x30\x7f\x3a" "\x71\xd8\x1c\x44\xd5\x73\x35\xbf\xe4\x99\x5b\xe9\xa0\x89\x3a\x4d\x6b\xcd" "\x32\xba\xb0\xb2\x22\x65\x03\x58\xe1\x99\x5b\xb6\x76\xdc\xa7\x18\x1a\xf9" "\xb2\xe8\xf8\x81\x6a\x7b\xc2\x0b\x31\x11\x27\x84\x21\x39\x88\x22\xff\xe8" "\x51\xe8\xeb\xaa\xe4\x0c\x29\xf9\xd8\xaa\xd6\xb7\x26\x5c\x25\xda\x5b\x03" "\xa3\xf8\x1a\xca\x32\x4a\x04\x38\x6d\xf7\x52\x42\xfe\x25\x67\x72\xe2\x50" "\xd8\xa9\xad\x5b\x03\xa2\xc0\x4c\x97\x28\x82\xf4\x0b\xdd\x49\xb5\x9b\x03" "\x00\xd6\x83\x39\x79\x69\x16\x4f\x13\xe1\x3d\x0c\xa9\xa7\x8e\x67\x1d\x74" "\xf9\x91\x2f\xfc\x74\x88\x07\x34\x59\x9f\xff\xff\x9c\x30\xeb\xf4\xb0\x66" "\x9a\x9d\xe6\x1b\x46\xd8\xe0\xfa\x52\x58\x4f\x50\x38\x00\xb7\xcb\x98\xa1" "\x2a\x8a\x54\x4b\x72\x69\x1a\xa2\x99\x67\xac\x87\x0f\x7d\xad\x3b\xb3\x8b" "\xb9\xec\xa7\x38\xcb\xe5\x96\xc2\xf7\x53\xf7\x52\xec\x1f\x08\x7c\xfc\x18" "\x78\x2e\xda\x56\xa3\x98\xc9\x4c\xe0\x54\x0d\x0b\x7a\x05\xe9\xea\x13\xea" "\x88\xa1\x58\x7a\xf3\xf3\xda\x2c\xc5\xc6\x73\x41\x67\xc2\x0c\x27\xad\xe1" "\xd4\xfd\x2c\x7d\xe8\x04\xda\xf2\xe2\x50\x43\xcc\x77\x2c\x23\x4d\x04\xcf" "\xc3\xa4\x3c\x87\x84\x01\xc3\xeb\x25\x0a\xd6\x4a\x6a\x7a\xcc\xef\x50\x04" "\x8c\x34\xbb\xbf\x3c\x50\x79\x1e\xff\xd5\x7c\x71\x34\x52\x11\x2a\x06\x22" "\x4d\x40\x1c\x4c\x7a\x3c\x00\xe4\x91\xad\x04\x52\x18\xe3\x10\x8e\xaf\xe0" "\x3e\x1e\x66\x49\xb9\x9c\x43\x54\xb0\x76\xa3\x06\x7f\x3c\xcf\xa4\x38\x31" "\xee\x0b\x79\x01\x3c\x8a\xb9\x8c\x44\x30\x62\x80\xf9\x17\x7c\xbe\x7f\x81" "\x43\xaa\x98\xb3\xe4\xd2\x65\x39\xea\x40\xe8\xd4\x15\x76\x21\x05\x60\x66" "\xd6\x1a\x53\x18\xec\x05\x84\xfa\xec\xfc\x1f\xf4\xc8\x7b\x04\xfc\x79\x39" "\x7f\x00\xc7\xb7\x9c\x09\xce\x24\x63\x1f\xdf\x87\x9a\xb9\x6d\x63\xfd\xff" "\xd8\x72\x87\xff\x16\x70\xfe\xdc\x1c\x6a\x65\xd3\x1f\x81\xfa\xbd\x94\xf6" "\x2b\x76\x75\x54\xe1\xd6\x22\x4b\x72\x5e\x5a\x7b\xe9\x6f\x0b\x70\xb1\x05" "\xed\x0f\xd3\x17\x8e\x4a\x14\xc9\xca\xeb\x16\xf2\x8b\xa7\xcd\xdb\xcc\x14" "\xea\x21\x25\x3f\x5c\x37\x81\x04\x28\x91\xc5\xdf\x17\x65\x61\x58\x48\x77" "\xe0\xcd\x24\xf2\x80\x01\x6c\x28\x8b\x98\x56\xb1\x60\xcc\x78\xed\xb5\xff" "\xa1\xb9\x88\xff\x7c\x33\xc1\xdc\x83\x17\x68\x36\x9c\x7b\xbf\x04\xf0\xe4" "\xb8\x67\xf3\x96\xa6\xf1\x2c\x65\x72\x08\xc6\xd1\x85\xdd\x92\x18\x9c\xf8" "\x08\x3d\xd4\xe5\x2f\x1d\x5a\x6b\x39\x88\x57\xe9\xe1\xea\x1d\x0b\x1a\x81" "\x1a\xf1\x45\x0c\xc0\xc0\xb4\x15\x82\x0a\x5b\x15\x10\x83\xb9\x0d\xf2\x64" "\x45\x96\x7c\x8b\x07\x8e\x1a\x7e\xa3\x2b\x40\x68\x17\x3c\xff\xe6\xf1\x6d" "\x02\x36\x8a\xbd\x0b\xb8\x12\x89\xe8\xfe\xa5\x0d\xf8\x3d\x88\x5a\x37\x81" "\x46\x56\x05\x7d\x6d\x06\x8e\x87\x34\x2a\xbd\xc4\x6b\xd4\x59\x15\x5c\x52" "\x31\xb5\x40\x28\x44\xf4\x9c\x85\x5c\x9f\x87\x56\x0e\x1b\x8f\xc5\x28\x43" "\x6b\x63\xbf\xb8\xb4\xae\xcf\x63\xe2\x2c\x12\x07\xf6\xd1\xdd\xc0\xfc\x6f" "\x78\x3c\x45\xb0\x11\xee\x3b\xbe\x43\x57\x46\x62\x08\x31\x6f\x85\x64\x51" "\x70\x27\xf8", 4089); syscall(__NR_write, r[0], 0x20001500, 0x1001); *(uint32_t*)0x203b9fdc = 0; *(uint32_t*)0x203b9fe0 = 0; *(uint32_t*)0x203b9fe4 = 0; *(uint32_t*)0x203b9fe8 = 0; *(uint8_t*)0x203b9fec = 0; *(uint8_t*)0x203b9fed = 0; *(uint8_t*)0x203b9fee = 0; *(uint8_t*)0x203b9fef = 0; *(uint32_t*)0x203b9ff0 = 0; *(uint32_t*)0x203b9ff4 = 0; *(uint32_t*)0x203b9ff8 = 0; *(uint32_t*)0x203b9ffc = 0; syscall(__NR_ioctl, r[0], 0x40045431, 0x203b9fdc); res = syz_open_pts(r[0], 0); if (res != -1) r[1] = res; syscall(__NR_read, r[1], 0x20000080, 0xffffff5c); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); for (;;) { loop(); } }