Google Git
Sign in
kernel / pub / scm / linux / kernel / git / shuah / linux-arts / 119d09e4764c87e4f4680df9d05a8eb141cd633e / . / syzkaller-repros / linux / 74017bdbd502fee41464d03acc065961dae664bd.c
blob: e12635b024c0f3c47fdbc34ecb632ec56a84efbc [file] [log] [blame]
// KMSAN: uninit-value in ip_tunnel_lookup (2)
// https://syzkaller.appspot.com/bug?id=74017bdbd502fee41464d03acc065961dae664bd
// status:fixed
// autogenerated by syzkaller (https://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <arpa/inet.h>
#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <net/if_arp.h>
#include <netinet/in.h>
#include <sched.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
#include <linux/if.h>
#include <linux/if_ether.h>
#include <linux/if_tun.h>
#include <linux/ip.h>
#include <linux/kvm.h>
#include <linux/net.h>
#include <linux/tcp.h>
static void sleep_ms(uint64_t ms)
{
usleep(ms * 1000);
}
static uint64_t current_time_ms(void)
{
struct timespec ts;
if (clock_gettime(CLOCK_MONOTONIC, &ts))
exit(1);
return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}
#define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1)
#define BITMASK_LEN_OFF(type, bf_off, bf_len) \
(type)(BITMASK_LEN(type, (bf_len)) << (bf_off))
#define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len) \
if ((bf_off) == 0 && (bf_len) == 0) { \
*(type*)(addr) = (type)(val); \
} else { \
type new_val = *(type*)(addr); \
new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len)); \
new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off); \
*(type*)(addr) = new_val; \
}
struct csum_inet {
uint32_t acc;
};
static void csum_inet_init(struct csum_inet* csum)
{
csum->acc = 0;
}
static void csum_inet_update(struct csum_inet* csum, const uint8_t* data,
size_t length)
{
if (length == 0)
return;
size_t i;
for (i = 0; i < length - 1; i += 2)
csum->acc += *(uint16_t*)&data[i];
if (length & 1)
csum->acc += (uint16_t)data[length - 1];
while (csum->acc > 0xffff)
csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16);
}
static uint16_t csum_inet_digest(struct csum_inet* csum)
{
return ~csum->acc;
}
static void vsnprintf_check(char* str, size_t size, const char* format,
va_list args)
{
int rv;
rv = vsnprintf(str, size, format, args);
if (rv < 0)
exit(1);
if ((size_t)rv >= size)
exit(1);
}
#define COMMAND_MAX_LEN 128
#define PATH_PREFIX \
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin "
#define PATH_PREFIX_LEN (sizeof(PATH_PREFIX) - 1)
static void execute_command(bool panic, const char* format, ...)
{
va_list args;
char command[PATH_PREFIX_LEN + COMMAND_MAX_LEN];
int rv;
va_start(args, format);
memcpy(command, PATH_PREFIX, PATH_PREFIX_LEN);
vsnprintf_check(command + PATH_PREFIX_LEN, COMMAND_MAX_LEN, format, args);
va_end(args);
rv = system(command);
if (rv) {
if (panic)
exit(1);
}
}
#define DEV_IPV4 "172.20.20.%d"
#define DEV_IPV6 "fe80::%02hx"
#define DEV_MAC "aa:aa:aa:aa:aa:%02hx"
static void snprintf_check(char* str, size_t size, const char* format, ...)
{
va_list args;
va_start(args, format);
vsnprintf_check(str, size, format, args);
va_end(args);
}
static void initialize_netdevices(void)
{
unsigned i;
const char* devtypes[] = {"ip6gretap", "bridge", "vcan", "bond", "team"};
const char* devnames[] = {"lo",
"sit0",
"bridge0",
"vcan0",
"tunl0",
"gre0",
"gretap0",
"ip_vti0",
"ip6_vti0",
"ip6tnl0",
"ip6gre0",
"ip6gretap0",
"erspan0",
"bond0",
"veth0",
"veth1",
"team0",
"veth0_to_bridge",
"veth1_to_bridge",
"veth0_to_bond",
"veth1_to_bond",
"veth0_to_team",
"veth1_to_team"};
const char* devmasters[] = {"bridge", "bond", "team"};
for (i = 0; i < sizeof(devtypes) / (sizeof(devtypes[0])); i++)
execute_command(0, "ip link add dev %s0 type %s", devtypes[i], devtypes[i]);
execute_command(0, "ip link add type veth");
for (i = 0; i < sizeof(devmasters) / (sizeof(devmasters[0])); i++) {
execute_command(
0, "ip link add name %s_slave_0 type veth peer name veth0_to_%s",
devmasters[i], devmasters[i]);
execute_command(
0, "ip link add name %s_slave_1 type veth peer name veth1_to_%s",
devmasters[i], devmasters[i]);
execute_command(0, "ip link set %s_slave_0 master %s0", devmasters[i],
devmasters[i]);
execute_command(0, "ip link set %s_slave_1 master %s0", devmasters[i],
devmasters[i]);
execute_command(0, "ip link set veth0_to_%s up", devmasters[i]);
execute_command(0, "ip link set veth1_to_%s up", devmasters[i]);
}
execute_command(0, "ip link set bridge_slave_0 up");
execute_command(0, "ip link set bridge_slave_1 up");
for (i = 0; i < sizeof(devnames) / (sizeof(devnames[0])); i++) {
char addr[32];
snprintf_check(addr, sizeof(addr), DEV_IPV4, i + 10);
execute_command(0, "ip -4 addr add %s/24 dev %s", addr, devnames[i]);
snprintf_check(addr, sizeof(addr), DEV_IPV6, i + 10);
execute_command(0, "ip -6 addr add %s/120 dev %s", addr, devnames[i]);
snprintf_check(addr, sizeof(addr), DEV_MAC, i + 10);
execute_command(0, "ip link set dev %s address %s", devnames[i], addr);
execute_command(0, "ip link set dev %s up", devnames[i]);
}
}
static long syz_open_dev(long a0, long a1, long a2)
{
if (a0 == 0xc || a0 == 0xb) {
char buf[128];
sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
(uint8_t)a2);
return open(buf, O_RDWR, 0);
} else {
char buf[1024];
char* hash;
strncpy(buf, (char*)a0, sizeof(buf) - 1);
buf[sizeof(buf) - 1] = 0;
while ((hash = strchr(buf, '#'))) {
*hash = '0' + (char)(a1 % 10);
a1 /= 10;
}
return open(buf, a2, 0);
}
}
static long syz_open_procfs(long a0, long a1)
{
char buf[128];
memset(buf, 0, sizeof(buf));
if (a0 == 0) {
snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1);
} else if (a0 == -1) {
snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1);
} else {
snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1);
}
int fd = open(buf, O_RDWR);
if (fd == -1)
fd = open(buf, O_RDONLY);
return fd;
}
static long syz_kvm_setup_cpu(long a0, long a1, long a2, long a3, long a4,
long a5, long a6, long a7)
{
return 0;
}
#define XT_TABLE_SIZE 1536
#define XT_MAX_ENTRIES 10
struct xt_counters {
uint64_t pcnt, bcnt;
};
struct ipt_getinfo {
char name[32];
unsigned int valid_hooks;
unsigned int hook_entry[5];
unsigned int underflow[5];
unsigned int num_entries;
unsigned int size;
};
struct ipt_get_entries {
char name[32];
unsigned int size;
void* entrytable[XT_TABLE_SIZE / sizeof(void*)];
};
struct ipt_replace {
char name[32];
unsigned int valid_hooks;
unsigned int num_entries;
unsigned int size;
unsigned int hook_entry[5];
unsigned int underflow[5];
unsigned int num_counters;
struct xt_counters* counters;
char entrytable[XT_TABLE_SIZE];
};
struct ipt_table_desc {
const char* name;
struct ipt_getinfo info;
struct ipt_replace replace;
};
static struct ipt_table_desc ipv4_tables[] = {
{.name = "filter"}, {.name = "nat"}, {.name = "mangle"},
{.name = "raw"}, {.name = "security"},
};
static struct ipt_table_desc ipv6_tables[] = {
{.name = "filter"}, {.name = "nat"}, {.name = "mangle"},
{.name = "raw"}, {.name = "security"},
};
#define IPT_BASE_CTL 64
#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
#define IPT_SO_GET_INFO (IPT_BASE_CTL)
#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
struct arpt_getinfo {
char name[32];
unsigned int valid_hooks;
unsigned int hook_entry[3];
unsigned int underflow[3];
unsigned int num_entries;
unsigned int size;
};
struct arpt_get_entries {
char name[32];
unsigned int size;
void* entrytable[XT_TABLE_SIZE / sizeof(void*)];
};
struct arpt_replace {
char name[32];
unsigned int valid_hooks;
unsigned int num_entries;
unsigned int size;
unsigned int hook_entry[3];
unsigned int underflow[3];
unsigned int num_counters;
struct xt_counters* counters;
char entrytable[XT_TABLE_SIZE];
};
struct arpt_table_desc {
const char* name;
struct arpt_getinfo info;
struct arpt_replace replace;
};
static struct arpt_table_desc arpt_tables[] = {
{.name = "filter"},
};
#define ARPT_BASE_CTL 96
#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables,
int family, int level)
{
struct ipt_get_entries entries;
socklen_t optlen;
int fd, i;
fd = socket(family, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1) {
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
return;
}
exit(1);
}
for (i = 0; i < num_tables; i++) {
struct ipt_table_desc* table = &tables[i];
strcpy(table->info.name, table->name);
strcpy(table->replace.name, table->name);
optlen = sizeof(table->info);
if (getsockopt(fd, level, IPT_SO_GET_INFO, &table->info, &optlen)) {
switch (errno) {
case EPERM:
case ENOENT:
case ENOPROTOOPT:
continue;
}
exit(1);
}
if (table->info.size > sizeof(table->replace.entrytable))
exit(1);
if (table->info.num_entries > XT_MAX_ENTRIES)
exit(1);
memset(&entries, 0, sizeof(entries));
strcpy(entries.name, table->name);
entries.size = table->info.size;
optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size;
if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen))
exit(1);
table->replace.valid_hooks = table->info.valid_hooks;
table->replace.num_entries = table->info.num_entries;
table->replace.size = table->info.size;
memcpy(table->replace.hook_entry, table->info.hook_entry,
sizeof(table->replace.hook_entry));
memcpy(table->replace.underflow, table->info.underflow,
sizeof(table->replace.underflow));
memcpy(table->replace.entrytable, entries.entrytable, table->info.size);
}
close(fd);
}
static void reset_iptables(struct ipt_table_desc* tables, int num_tables,
int family, int level)
{
struct xt_counters counters[XT_MAX_ENTRIES];
struct ipt_get_entries entries;
struct ipt_getinfo info;
socklen_t optlen;
int fd, i;
fd = socket(family, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1) {
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
return;
}
exit(1);
}
for (i = 0; i < num_tables; i++) {
struct ipt_table_desc* table = &tables[i];
if (table->info.valid_hooks == 0)
continue;
memset(&info, 0, sizeof(info));
strcpy(info.name, table->name);
optlen = sizeof(info);
if (getsockopt(fd, level, IPT_SO_GET_INFO, &info, &optlen))
exit(1);
if (memcmp(&table->info, &info, sizeof(table->info)) == 0) {
memset(&entries, 0, sizeof(entries));
strcpy(entries.name, table->name);
entries.size = table->info.size;
optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size;
if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen))
exit(1);
if (memcmp(table->replace.entrytable, entries.entrytable,
table->info.size) == 0)
continue;
}
table->replace.num_counters = info.num_entries;
table->replace.counters = counters;
optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) +
table->replace.size;
if (setsockopt(fd, level, IPT_SO_SET_REPLACE, &table->replace, optlen))
exit(1);
}
close(fd);
}
static void checkpoint_arptables(void)
{
struct arpt_get_entries entries;
socklen_t optlen;
unsigned i;
int fd;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1) {
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
return;
}
exit(1);
}
for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) {
struct arpt_table_desc* table = &arpt_tables[i];
strcpy(table->info.name, table->name);
strcpy(table->replace.name, table->name);
optlen = sizeof(table->info);
if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &table->info, &optlen)) {
switch (errno) {
case EPERM:
case ENOENT:
case ENOPROTOOPT:
continue;
}
exit(1);
}
if (table->info.size > sizeof(table->replace.entrytable))
exit(1);
if (table->info.num_entries > XT_MAX_ENTRIES)
exit(1);
memset(&entries, 0, sizeof(entries));
strcpy(entries.name, table->name);
entries.size = table->info.size;
optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size;
if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen))
exit(1);
table->replace.valid_hooks = table->info.valid_hooks;
table->replace.num_entries = table->info.num_entries;
table->replace.size = table->info.size;
memcpy(table->replace.hook_entry, table->info.hook_entry,
sizeof(table->replace.hook_entry));
memcpy(table->replace.underflow, table->info.underflow,
sizeof(table->replace.underflow));
memcpy(table->replace.entrytable, entries.entrytable, table->info.size);
}
close(fd);
}
static void reset_arptables()
{
struct xt_counters counters[XT_MAX_ENTRIES];
struct arpt_get_entries entries;
struct arpt_getinfo info;
socklen_t optlen;
unsigned i;
int fd;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1) {
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
return;
}
exit(1);
}
for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) {
struct arpt_table_desc* table = &arpt_tables[i];
if (table->info.valid_hooks == 0)
continue;
memset(&info, 0, sizeof(info));
strcpy(info.name, table->name);
optlen = sizeof(info);
if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &info, &optlen))
exit(1);
if (memcmp(&table->info, &info, sizeof(table->info)) == 0) {
memset(&entries, 0, sizeof(entries));
strcpy(entries.name, table->name);
entries.size = table->info.size;
optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size;
if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen))
exit(1);
if (memcmp(table->replace.entrytable, entries.entrytable,
table->info.size) == 0)
continue;
} else {
}
table->replace.num_counters = info.num_entries;
table->replace.counters = counters;
optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) +
table->replace.size;
if (setsockopt(fd, SOL_IP, ARPT_SO_SET_REPLACE, &table->replace, optlen))
exit(1);
}
close(fd);
}
#define NF_BR_NUMHOOKS 6
#define EBT_TABLE_MAXNAMELEN 32
#define EBT_CHAIN_MAXNAMELEN 32
#define EBT_BASE_CTL 128
#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
#define EBT_SO_GET_INFO (EBT_BASE_CTL)
#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO + 1)
#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES + 1)
#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO + 1)
struct ebt_replace {
char name[EBT_TABLE_MAXNAMELEN];
unsigned int valid_hooks;
unsigned int nentries;
unsigned int entries_size;
struct ebt_entries* hook_entry[NF_BR_NUMHOOKS];
unsigned int num_counters;
struct ebt_counter* counters;
char* entries;
};
struct ebt_entries {
unsigned int distinguisher;
char name[EBT_CHAIN_MAXNAMELEN];
unsigned int counter_offset;
int policy;
unsigned int nentries;
char data[0] __attribute__((aligned(__alignof__(struct ebt_replace))));
};
struct ebt_table_desc {
const char* name;
struct ebt_replace replace;
char entrytable[XT_TABLE_SIZE];
};
static struct ebt_table_desc ebt_tables[] = {
{.name = "filter"}, {.name = "nat"}, {.name = "broute"},
};
static void checkpoint_ebtables(void)
{
socklen_t optlen;
unsigned i;
int fd;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1) {
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
return;
}
exit(1);
}
for (i = 0; i < sizeof(ebt_tables) / sizeof(ebt_tables[0]); i++) {
struct ebt_table_desc* table = &ebt_tables[i];
strcpy(table->replace.name, table->name);
optlen = sizeof(table->replace);
if (getsockopt(fd, SOL_IP, EBT_SO_GET_INIT_INFO, &table->replace,
&optlen)) {
switch (errno) {
case EPERM:
case ENOENT:
case ENOPROTOOPT:
continue;
}
exit(1);
}
if (table->replace.entries_size > sizeof(table->entrytable))
exit(1);
table->replace.num_counters = 0;
table->replace.entries = table->entrytable;
optlen = sizeof(table->replace) + table->replace.entries_size;
if (getsockopt(fd, SOL_IP, EBT_SO_GET_INIT_ENTRIES, &table->replace,
&optlen))
exit(1);
}
close(fd);
}
static void reset_ebtables()
{
struct ebt_replace replace;
char entrytable[XT_TABLE_SIZE];
socklen_t optlen;
unsigned i, j, h;
int fd;
fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (fd == -1) {
switch (errno) {
case EAFNOSUPPORT:
case ENOPROTOOPT:
return;
}
exit(1);
}
for (i = 0; i < sizeof(ebt_tables) / sizeof(ebt_tables[0]); i++) {
struct ebt_table_desc* table = &ebt_tables[i];
if (table->replace.valid_hooks == 0)
continue;
memset(&replace, 0, sizeof(replace));
strcpy(replace.name, table->name);
optlen = sizeof(replace);
if (getsockopt(fd, SOL_IP, EBT_SO_GET_INFO, &replace, &optlen))
exit(1);
replace.num_counters = 0;
table->replace.entries = 0;
for (h = 0; h < NF_BR_NUMHOOKS; h++)
table->replace.hook_entry[h] = 0;
if (memcmp(&table->replace, &replace, sizeof(table->replace)) == 0) {
memset(&entrytable, 0, sizeof(entrytable));
replace.entries = entrytable;
optlen = sizeof(replace) + replace.entries_size;
if (getsockopt(fd, SOL_IP, EBT_SO_GET_ENTRIES, &replace, &optlen))
exit(1);
if (memcmp(table->entrytable, entrytable, replace.entries_size) == 0)
continue;
}
for (j = 0, h = 0; h < NF_BR_NUMHOOKS; h++) {
if (table->replace.valid_hooks & (1 << h)) {
table->replace.hook_entry[h] =
(struct ebt_entries*)table->entrytable + j;
j++;
}
}
table->replace.entries = table->entrytable;
optlen = sizeof(table->replace) + table->replace.entries_size;
if (setsockopt(fd, SOL_IP, EBT_SO_SET_ENTRIES, &table->replace, optlen))
exit(1);
}
close(fd);
}
static void checkpoint_net_namespace(void)
{
checkpoint_ebtables();
checkpoint_arptables();
checkpoint_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]),
AF_INET, SOL_IP);
checkpoint_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]),
AF_INET6, SOL_IPV6);
}
static void reset_net_namespace(void)
{
reset_ebtables();
reset_arptables();
reset_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]),
AF_INET, SOL_IP);
reset_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]),
AF_INET6, SOL_IPV6);
}
static void setup_common()
{
if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) {
}
}
static void loop();
static void sandbox_common()
{
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
setsid();
struct rlimit rlim;
rlim.rlim_cur = rlim.rlim_max = 200 << 20;
setrlimit(RLIMIT_AS, &rlim);
rlim.rlim_cur = rlim.rlim_max = 32 << 20;
setrlimit(RLIMIT_MEMLOCK, &rlim);
rlim.rlim_cur = rlim.rlim_max = 136 << 20;
setrlimit(RLIMIT_FSIZE, &rlim);
rlim.rlim_cur = rlim.rlim_max = 1 << 20;
setrlimit(RLIMIT_STACK, &rlim);
rlim.rlim_cur = rlim.rlim_max = 0;
setrlimit(RLIMIT_CORE, &rlim);
rlim.rlim_cur = rlim.rlim_max = 256;
setrlimit(RLIMIT_NOFILE, &rlim);
if (unshare(CLONE_NEWNS)) {
}
if (unshare(CLONE_NEWIPC)) {
}
if (unshare(0x02000000)) {
}
if (unshare(CLONE_NEWUTS)) {
}
if (unshare(CLONE_SYSVSEM)) {
}
}
int wait_for_loop(int pid)
{
if (pid < 0)
exit(1);
int status = 0;
while (waitpid(-1, &status, __WALL) != pid) {
}
return WEXITSTATUS(status);
}
static int do_sandbox_none(void)
{
if (unshare(CLONE_NEWPID)) {
}
int pid = fork();
if (pid != 0)
return wait_for_loop(pid);
setup_common();
sandbox_common();
if (unshare(CLONE_NEWNET)) {
}
initialize_netdevices();
loop();
exit(1);
}
static void kill_and_wait(int pid, int* status)
{
kill(-pid, SIGKILL);
kill(pid, SIGKILL);
int i;
for (i = 0; i < 100; i++) {
if (waitpid(-1, status, WNOHANG | __WALL) == pid)
return;
usleep(1000);
}
DIR* dir = opendir("/sys/fs/fuse/connections");
if (dir) {
for (;;) {
struct dirent* ent = readdir(dir);
if (!ent)
break;
if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
continue;
char abort[300];
snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
ent->d_name);
int fd = open(abort, O_WRONLY);
if (fd == -1) {
continue;
}
if (write(fd, abort, 1) < 0) {
}
close(fd);
}
closedir(dir);
} else {
}
while (waitpid(-1, status, __WALL) != pid) {
}
}
#define SYZ_HAVE_SETUP_LOOP 1
static void setup_loop()
{
checkpoint_net_namespace();
}
#define SYZ_HAVE_RESET_LOOP 1
static void reset_loop()
{
reset_net_namespace();
}
#define SYZ_HAVE_SETUP_TEST 1
static void setup_test()
{
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
}
#define SYZ_HAVE_RESET_TEST 1
static void reset_test()
{
int fd;
for (fd = 3; fd < 30; fd++)
close(fd);
}
static void execute_one(void);
#define WAIT_FLAGS __WALL
static void loop(void)
{
setup_loop();
int iter;
for (iter = 0;; iter++) {
reset_loop();
int pid = fork();
if (pid < 0)
exit(1);
if (pid == 0) {
setup_test();
execute_one();
reset_test();
exit(0);
}
int status = 0;
uint64_t start = current_time_ms();
for (;;) {
if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
break;
sleep_ms(1);
if (current_time_ms() - start < 5 * 1000)
continue;
kill_and_wait(pid, &status);
break;
}
}
}
#ifndef __NR_bpf
#define __NR_bpf 321
#endif
#ifndef __NR_io_pgetevents
#define __NR_io_pgetevents 333
#endif
#ifndef __NR_memfd_create
#define __NR_memfd_create 319
#endif
#ifndef __NR_mlock2
#define __NR_mlock2 325
#endif
#ifndef __NR_pkey_alloc
#define __NR_pkey_alloc 330
#endif
#ifndef __NR_pkey_mprotect
#define __NR_pkey_mprotect 329
#endif
#ifndef __NR_renameat2
#define __NR_renameat2 316
#endif
#ifndef __NR_userfaultfd
#define __NR_userfaultfd 323
#endif
uint64_t r[257] = {0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0x0,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0x0,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0,
0x0,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0x0};
void execute_one(void)
{
long res = 0;
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
res = syscall(__NR_dup3, 0xffffff9c, 0xffffff9c, 0x80000);
if (res != -1)
r[0] = res;
memcpy((void*)0x20000040, "/dev/sg#", 9);
syz_open_dev(0x20000040, 0x98, 0x20500);
syscall(__NR_ioctl, r[0], 0x1279, 0x20000000);
memcpy((void*)0x20000040, "/dev/dmmidi#", 13);
res = syz_open_dev(0x20000040, 3, 0xe0300);
if (res != -1)
r[1] = res;
*(uint32_t*)0x200000c0 = 0;
*(uint32_t*)0x200000c4 = 0xa5;
memcpy((void*)0x200000c8,
"\x3c\x02\x4b\x51\x31\xbb\x3a\xbe\x3c\xf0\xbd\x7d\x63\x6b\x85\xe4\xbc"
"\x6a\x1e\xec\xe4\x44\x21\x85\x6d\x7d\xfd\x08\x38\x0c\xf2\x4d\xc0\x4d"
"\x8f\x02\x8b\x51\xb4\x68\x6c\x8a\xa6\xff\xcb\xa4\xe0\xba\x4c\x1c\xa9"
"\x8f\x51\xff\x70\xcd\x41\x6d\x62\x35\xd0\x8d\xcb\x8f\x1c\x68\xd6\xca"
"\x3a\x7c\x4b\x53\xb6\xde\x58\xeb\x14\x6d\xcf\x20\x9a\xb3\x2f\x24\xa3"
"\xf9\x1f\x66\xfc\x14\xb8\x24\xb6\x9c\xe3\x32\xbd\xf7\xcb\x74\x9e\xf9"
"\x49\xd5\xe8\x4f\x5b\x89\x3e\xb8\xa0\x7c\x95\xe3\xc0\x47\x2b\xe3\xe2"
"\x04\xac\x05\x42\x60\xc8\x2f\x8b\xcd\xe3\x83\xe9\xfb\xe4\x8a\xe1\x54"
"\xc2\x7e\x94\xbc\xef\x5d\xda\xae\xb7\x7f\x9f\x20\x4e\x91\xbd\x1a\xeb"
"\xc0\x25\xef\x12\xd1\xcd\x51\xa8\x11\x35\xa6\xe8",
165);
*(uint32_t*)0x200001c0 = 0xad;
res = syscall(__NR_getsockopt, -1, 0x84, 0x1b, 0x200000c0, 0x200001c0);
if (res != -1)
r[2] = *(uint32_t*)0x200000c0;
*(uint32_t*)0x20000200 = r[2];
*(uint32_t*)0x20000204 = 9;
syscall(__NR_setsockopt, r[1], 0x84, 0x75, 0x20000200, 8);
res = syscall(__NR_socket, 2, 0x8008000000003, 0x2f);
if (res != -1)
r[3] = res;
memcpy((void*)0x20000000,
"\x6e\x72\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16);
*(uint16_t*)0x20000010 = 2;
*(uint16_t*)0x20000012 = htobe16(0x4e21);
*(uint32_t*)0x20000014 = htobe32(-1);
*(uint8_t*)0x20000018 = 0;
*(uint8_t*)0x20000019 = 0;
*(uint8_t*)0x2000001a = 0;
*(uint8_t*)0x2000001b = 0;
*(uint8_t*)0x2000001c = 0;
*(uint8_t*)0x2000001d = 0;
*(uint8_t*)0x2000001e = 0;
*(uint8_t*)0x2000001f = 0;
syscall(__NR_ioctl, r[3], 0x891c, 0x20000000);
memcpy((void*)0x20000180,
"\x69\x70\x5f\x76\x74\x69\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16);
syscall(__NR_setsockopt, r[3], 1, 0x19, 0x20000180, 0x10);
*(uint16_t*)0x20000080 = 2;
*(uint16_t*)0x20000082 = htobe16(0);
*(uint32_t*)0x20000084 = htobe32(0x7f000001);
*(uint8_t*)0x20000088 = 0;
*(uint8_t*)0x20000089 = 0;
*(uint8_t*)0x2000008a = 0;
*(uint8_t*)0x2000008b = 0;
*(uint8_t*)0x2000008c = 0;
*(uint8_t*)0x2000008d = 0;
*(uint8_t*)0x2000008e = 0;
*(uint8_t*)0x2000008f = 0;
syscall(__NR_sendto, r[3], 0x200001c0, 0x29c, 0, 0x20000080, 0x10);
memcpy((void*)0x20000000, "/dev/amidi#", 12);
res = syz_open_dev(0x20000000, 0x10000, 0x10000);
if (res != -1)
r[4] = res;
syscall(__NR_ioctl, r[4], 0x5428);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[5] = res;
syscall(__NR_ioctl, r[5], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[6] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[6];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[7] = res;
syscall(__NR_ioctl, r[7], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[8] = res;
*(uint64_t*)0x20000000 = 3;
syscall(__NR_fcntl, r[7], 0x40e, 0x20000000);
res = syscall(__NR_pkey_alloc, 0, 1);
if (res != -1)
r[9] = res;
syscall(__NR_pkey_mprotect, 0x20ffc000, 0x4000, 0x1000002, r[9]);
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[8];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
syscall(__NR_gettid);
syscall(__NR_modify_ldt, 2, 0x20000080, 0x74);
memcpy((void*)0x20000000, "/dev/vcs", 9);
syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x10400, 0);
memcpy((void*)0x20000040, "/dev/amidi#", 12);
res = syz_open_dev(0x20000040, 9, 2);
if (res != -1)
r[10] = res;
syscall(__NR_ioctl, r[10], 0xae01, 0);
res = syscall(__NR_socket, 2, 2, 0x88);
if (res != -1)
r[11] = res;
memcpy((void*)0x20000280,
"\x67\x72\x65\x74\x61\x70\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16);
*(uint64_t*)0x20000290 = 0x200001c0;
*(uint32_t*)0x200001c0 = 0x3a;
*(uint32_t*)0x200001c4 = 2;
*(uint32_t*)0x200001c8 = 0xf7;
*(uint32_t*)0x200001cc = 8;
*(uint32_t*)0x200001d0 = 1;
*(uint32_t*)0x200001d4 = 0x1ff;
*(uint32_t*)0x200001d8 = 0;
*(uint32_t*)0x200001dc = 0;
*(uint32_t*)0x200001e0 = 0;
*(uint32_t*)0x200001e4 = 0;
syscall(__NR_ioctl, r[11], 0x8946, 0x20000280);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[12] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[12], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[13] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[13], 0x10d, 0xdb, 0x200002c0, 0x20000000);
syscall(__NR_socketpair, 0x11, 3, 0x300, 0x20000040);
res = syscall(__NR_eventfd2, 0xc28, 0x80000);
if (res != -1)
r[14] = res;
syscall(__NR_lseek, r[14], 7, 0);
res = syscall(__NR_socket, 0x1e, 2, 0);
if (res != -1)
r[15] = res;
syscall(__NR_unshare, 0x20400);
res = syscall(__NR_clock_gettime, 0, 0x20000000);
if (res != -1) {
r[16] = *(uint64_t*)0x20000000;
r[17] = *(uint64_t*)0x20000008;
}
*(uint32_t*)0x20000400 = r[15];
*(uint16_t*)0x20000404 = 0;
*(uint16_t*)0x20000406 = 0;
*(uint64_t*)0x20000040 = r[16];
*(uint64_t*)0x20000048 = r[17] + 30000000;
*(uint64_t*)0x20000480 = 0x1eb;
syscall(__NR_ppoll, 0x20000400, 1, 0x20000040, 0x20000480, 8);
res = syscall(__NR_socketpair, 0x11, 0, 4, 0x20000080);
if (res != -1)
r[18] = *(uint32_t*)0x20000080;
syscall(__NR_ioctl, r[18], 0x4b2f, 0x1f);
res = syscall(__NR_socket, 0xa, 0x1000000000005, 0);
if (res != -1)
r[19] = res;
*(uint32_t*)0x20000000 = 0x18;
syscall(__NR_getsockopt, r[19], 0x84, 0x17, 0x20dcffe8, 0x20000000);
syscall(__NR_write, r[19], 0x20000040, 0);
memcpy((void*)0x20000080, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000080, 0, 0);
if (res != -1)
r[20] = res;
syscall(__NR_mmap, 0x20000000, 0xff5000, 2, 0x5c831, -1, 0);
syscall(__NR_shmget, 0x798dd813, 0x3000, 0x600, 0x20065000);
res = syscall(__NR_ioctl, r[20], 0xae01, 0);
if (res != -1)
r[21] = res;
res = syscall(__NR_ioctl, r[21], 0xae41, 0);
if (res != -1)
r[22] = res;
syscall(__NR_mlock2, 0x20dc2000, 0x3000, 0);
*(uint64_t*)0x20001580 = 0x10;
*(uint64_t*)0x20001588 = 0x20000140;
memcpy((void*)0x20000140,
"\x36\x0f\x30\x3e\x0f\x01\xdf\x67\x66\xc7\x44\x24\x00\x09\x00\x00\x00"
"\x67\x66\xc7\x44\x24\x02\x02\x00\x00\x00\x67\x66\xc7\x44\x24\x06\x00"
"\x00\x00\x00\x67\x0f\x01\x1c\x24\x0f\x20\xc0\x66\x35\x20\x00\x00\x00"
"\x0f\x22\xc0\x26\x33\x56\x47\x0f\x07\x64\xf3\x0f\x2a\x34\x2e\x26\x0f"
"\x0f\x97\x0a\x00\x8e\x0f\x08\x66\x0f\x58\x08",
79);
*(uint64_t*)0x20001590 = 0x4f;
syz_kvm_setup_cpu(-1, r[22], 0x209b2000, 0x20001580, 1, 0, 0x20001500, 0);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[23] = res;
memcpy((void*)0x200001c0, "/dev/hwrng", 11);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200001c0, 0x4000, 0);
if (res != -1)
r[24] = res;
syscall(__NR_ioctl, r[24], 0x2400, 1);
syscall(__NR_ioctl, r[23], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[25] = res;
res = syscall(__NR_pipe2, 0x20000000, 0x84000);
if (res != -1)
r[26] = *(uint32_t*)0x20000000;
*(uint8_t*)0x200000c0 = 8;
*(uint8_t*)0x200000c1 = 2;
*(uint16_t*)0x200000c2 = 0;
*(uint16_t*)0x200000c4 = 2;
*(uint16_t*)0x200000c6 = 2;
syscall(__NR_ioctl, r[26], 0x5602, 0x200000c0);
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[25];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
syscall(__NR_mmap, 0x202aa000, 0x1000, 0, 0x5c83f, -1, 0x68f);
res = syscall(__NR_socketpair, 2, 6, 0, 0x20000440);
if (res != -1)
r[27] = *(uint32_t*)0x20000444;
*(uint32_t*)0x200000c0 = 0xc;
syscall(__NR_getsockopt, r[27], 0, 0x27, 0x20000080, 0x200000c0);
*(uint8_t*)0x20000040 = 0xaa;
*(uint8_t*)0x20000041 = 0xaa;
*(uint8_t*)0x20000042 = 0xaa;
*(uint8_t*)0x20000043 = 0xaa;
*(uint8_t*)0x20000044 = 0xaa;
*(uint8_t*)0x20000045 = 0xaa;
*(uint8_t*)0x20000046 = 0xaa;
*(uint8_t*)0x20000047 = 0xaa;
*(uint8_t*)0x20000048 = 0xaa;
*(uint8_t*)0x20000049 = 0xaa;
*(uint8_t*)0x2000004a = 0xaa;
*(uint8_t*)0x2000004b = 0;
*(uint16_t*)0x2000004c = htobe16(0x800);
STORE_BY_BITMASK(uint8_t, 0x2000004e, 5, 0, 4);
STORE_BY_BITMASK(uint8_t, 0x2000004e, 4, 4, 4);
STORE_BY_BITMASK(uint8_t, 0x2000004f, 0, 0, 2);
STORE_BY_BITMASK(uint8_t, 0x2000004f, 0, 2, 6);
*(uint16_t*)0x20000050 = htobe16(0x30);
*(uint16_t*)0x20000052 = htobe16(0);
*(uint16_t*)0x20000054 = htobe16(0);
*(uint8_t*)0x20000056 = 0;
*(uint8_t*)0x20000057 = 1;
*(uint16_t*)0x20000058 = htobe16(0);
*(uint8_t*)0x2000005a = 0xac;
*(uint8_t*)0x2000005b = 0x14;
*(uint8_t*)0x2000005c = 0x14;
*(uint8_t*)0x2000005d = 0xbb;
*(uint8_t*)0x2000005e = 0xac;
*(uint8_t*)0x2000005f = 0x14;
*(uint8_t*)0x20000060 = 0x14;
*(uint8_t*)0x20000061 = 0x11;
*(uint8_t*)0x20000062 = 5;
*(uint8_t*)0x20000063 = 6;
*(uint16_t*)0x20000064 = htobe16(0);
*(uint8_t*)0x20000066 = 0;
*(uint8_t*)0x20000067 = 0;
*(uint16_t*)0x20000068 = 0;
STORE_BY_BITMASK(uint8_t, 0x2000006a, 5, 0, 4);
STORE_BY_BITMASK(uint8_t, 0x2000006a, 4, 4, 4);
STORE_BY_BITMASK(uint8_t, 0x2000006b, 0, 0, 2);
STORE_BY_BITMASK(uint8_t, 0x2000006b, 0, 2, 6);
*(uint16_t*)0x2000006c = htobe16(0);
*(uint16_t*)0x2000006e = htobe16(0);
*(uint16_t*)0x20000070 = htobe16(0);
*(uint8_t*)0x20000072 = 0;
*(uint8_t*)0x20000073 = 0x2f;
*(uint16_t*)0x20000074 = htobe16(0);
*(uint8_t*)0x20000076 = 0xac;
*(uint8_t*)0x20000077 = 0x5c;
*(uint8_t*)0x20000078 = 0x14;
*(uint8_t*)0x20000079 = 0xaa;
*(uint8_t*)0x2000007a = 0xac;
*(uint8_t*)0x2000007b = 0x14;
*(uint8_t*)0x2000007c = 0x14;
*(uint8_t*)0x2000007d = 0;
*(uint32_t*)0x20000140 = 0;
*(uint32_t*)0x20000144 = 0;
*(uint32_t*)0x20000148 = 0;
*(uint32_t*)0x2000014c = 0;
*(uint32_t*)0x20000150 = 0x50c;
*(uint32_t*)0x20000154 = 0x261;
struct csum_inet csum_1;
csum_inet_init(&csum_1);
csum_inet_update(&csum_1, (const uint8_t*)0x20000062, 28);
*(uint16_t*)0x20000064 = csum_inet_digest(&csum_1);
struct csum_inet csum_2;
csum_inet_init(&csum_2);
csum_inet_update(&csum_2, (const uint8_t*)0x2000004e, 20);
*(uint16_t*)0x20000058 = csum_inet_digest(&csum_2);
memcpy((void*)0x20000240, "./file0", 8);
syscall(__NR_stat, 0x20000240, 0x20000280);
memcpy((void*)0x20000300, "net/dev", 8);
res = syz_open_procfs(-1, 0x20000300);
if (res != -1)
r[28] = res;
*(uint16_t*)0x20000340 = 0x28;
*(uint16_t*)0x20000342 = 0;
*(uint32_t*)0x20000344 = -1;
*(uint32_t*)0x20000348 = -1;
*(uint32_t*)0x2000034c = 0;
syscall(__NR_bind, r[28], 0x20000340, 0x10);
memcpy((void*)0x20000100, "/dev/dsp#", 10);
res = syz_open_dev(0x20000100, 2, 0x20000);
if (res != -1)
r[29] = res;
*(uint32_t*)0x20000180 = 4;
*(uint32_t*)0x20000184 = 0x100;
*(uint32_t*)0x20000188 = 0x7f;
*(uint32_t*)0x2000018c = 0xffff20e2;
*(uint32_t*)0x20000190 = 4;
*(uint64_t*)0x20000198 = 0xcbfa;
syscall(__NR_ioctl, r[29], 0xc0206416, 0x20000180);
*(uint32_t*)0x200001c0 = 5;
*(uint32_t*)0x200001c4 = 0x70;
*(uint8_t*)0x200001c8 = 0;
*(uint8_t*)0x200001c9 = 6;
*(uint8_t*)0x200001ca = 3;
*(uint8_t*)0x200001cb = 8;
*(uint32_t*)0x200001cc = 0;
*(uint64_t*)0x200001d0 = 0x101;
*(uint64_t*)0x200001d8 = 0x201;
*(uint64_t*)0x200001e0 = 0xe;
STORE_BY_BITMASK(uint64_t, 0x200001e8, 7, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0xd, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0x1000, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0x100, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0x2e4, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0x7fffffff, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 3, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 7, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0xc05, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0x200, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0xfffffffffffffffe, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 4, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0x9773, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0xfff, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0xde, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 4, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 4, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 5, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 5, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0xffffffff, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0x20, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0xff, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 2, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 9, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0x1f, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 6, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 5, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x200001e8, 0, 29, 35);
*(uint32_t*)0x200001f0 = 6;
*(uint32_t*)0x200001f4 = 0;
*(uint64_t*)0x200001f8 = 7;
*(uint64_t*)0x20000200 = 0x65;
*(uint64_t*)0x20000208 = 0x8000;
*(uint64_t*)0x20000210 = 9;
*(uint32_t*)0x20000218 = 8;
*(uint32_t*)0x2000021c = 3;
*(uint64_t*)0x20000220 = 8;
*(uint32_t*)0x20000228 = 0x80000001;
*(uint16_t*)0x2000022c = 7;
*(uint16_t*)0x2000022e = 0;
syscall(__NR_ioctl, r[29], 0x4008240b, 0x200001c0);
syscall(__NR_socket, 0x18, 1, 1);
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, -1, 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[30] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[30], 0x10d, 0xdb, 0x200002c0, 0x20000000);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_mremap, 0x2005b000, 0x1000, 0x4000, 0x200000000000003,
0x203b9000);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[31] = res;
syscall(__NR_ioctl, r[31], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_getpid);
if (res != -1)
r[32] = res;
*(uint16_t*)0x20000140 = 0x21;
*(uint32_t*)0x20000144 = htobe32(0x7f000001);
*(uint16_t*)0x20000148 = htobe16(0x4e24);
*(uint32_t*)0x2000014c = 4;
memcpy((void*)0x20000150,
"\x73\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16);
*(uint32_t*)0x20000160 = 0x10;
*(uint32_t*)0x20000164 = 0x7fffffff;
*(uint32_t*)0x20000168 = htobe32(0x2f);
*(uint32_t*)0x2000016c = htobe32(0x7f000001);
*(uint16_t*)0x20000170 = htobe16(0x4e23);
*(uint32_t*)0x20000174 = 0;
*(uint32_t*)0x20000178 = 0x1f;
*(uint32_t*)0x2000017c = 4;
*(uint32_t*)0x20000180 = 0x4ba;
syscall(__NR_setsockopt, r[31], 0, 0x487, 0x20000140, 0x44);
memcpy((void*)0x20000000, "ns/uts", 7);
syz_open_procfs(r[32], 0x20000000);
res = syscall(__NR_gettid);
if (res != -1)
r[33] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[33];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
memcpy((void*)0x200000c0, "/dev/bus/usb/00#/00#", 21);
res = syz_open_dev(0x200000c0, 5, 0x80000);
if (res != -1)
r[34] = res;
*(uint32_t*)0x200001c0 = 6;
syscall(__NR_ioctl, r[34], 0x5206, 0x200001c0);
*(uint32_t*)0x20000200 = 0;
*(uint32_t*)0x20000204 = 0xfffffffb;
*(uint16_t*)0x20000208 = 0x10;
*(uint32_t*)0x20000300 = 0xc;
res = syscall(__NR_getsockopt, r[34], 0x84, 0x72, 0x20000200, 0x20000300);
if (res != -1)
r[35] = *(uint32_t*)0x20000200;
*(uint32_t*)0x20000340 = r[35];
*(uint16_t*)0x20000344 = 2;
*(uint16_t*)0x20000346 = htobe16(0x4e20);
*(uint8_t*)0x20000348 = 0xac;
*(uint8_t*)0x20000349 = 0x14;
*(uint8_t*)0x2000034a = 0x14;
*(uint8_t*)0x2000034b = 0xbb;
*(uint8_t*)0x2000034c = 0;
*(uint8_t*)0x2000034d = 0;
*(uint8_t*)0x2000034e = 0;
*(uint8_t*)0x2000034f = 0;
*(uint8_t*)0x20000350 = 0;
*(uint8_t*)0x20000351 = 0;
*(uint8_t*)0x20000352 = 0;
*(uint8_t*)0x20000353 = 0;
*(uint32_t*)0x200003c4 = 0x3f;
*(uint32_t*)0x200003c8 = 0x80000001;
*(uint32_t*)0x200003cc = 0xfac;
*(uint32_t*)0x200003d0 = 0xdd;
*(uint32_t*)0x200003d4 = 0xde;
*(uint32_t*)0x20000400 = 0x98;
syscall(__NR_getsockopt, r[34], 0x84, 0xf, 0x20000340, 0x20000400);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
syscall(__NR_ioctl, -1, 0x8912, 0x20000280);
res = syscall(__NR_socketpair, 1, 2, 0, 0x20000000);
if (res != -1)
r[36] = *(uint32_t*)0x20000000;
*(uint32_t*)0x20000080 = 4;
syscall(__NR_getsockopt, -1, 6, 0x19, 0x20000040, 0x20000080);
*(uint32_t*)0x20d8cffc = 4;
syscall(__NR_getsockopt, r[36], 1, 0x14, 0x2059dffc, 0x20d8cffc);
memcpy((void*)0x200000c0, "/dev/dsp#", 10);
res = syz_open_dev(0x200000c0, 0x849, 0x200200);
if (res != -1)
r[37] = res;
syscall(__NR_ioctl, r[37], 0x5605);
res = syscall(__NR_clock_gettime, 0, 0x20000100);
if (res != -1) {
r[38] = *(uint64_t*)0x20000100;
r[39] = *(uint64_t*)0x20000108;
}
*(uint64_t*)0x20000140 = r[38];
*(uint64_t*)0x20000148 = r[39] + 10000000;
syscall(__NR_clock_nanosleep, 7, 0, 0x20000140, 0x20000180);
syscall(__NR_socket, 0xa, 3, 6);
res = syscall(__NR_socket, 0xa, 0x802, 3);
if (res != -1)
r[40] = res;
syscall(__NR_ioctl, r[40], 0x8912, 0x20000200);
memcpy((void*)0x20000640, "/dev/net/tun", 13);
syscall(__NR_openat, 0xffffffffffffff9c, 0x20000640, 0, 0);
res = syscall(__NR_socket, 0xa, 0x1000000000002, 0);
if (res != -1)
r[41] = res;
memcpy((void*)0x20000040, "/dev/input/event#", 18);
res = syz_open_dev(0x20000040, 0, 0);
if (res != -1)
r[42] = res;
*(uint32_t*)0x20000240 = 0xfffffe91;
syscall(__NR_getsockopt, r[41], 0x84, 0x20, 0x20000740, 0x20000240);
*(uint32_t*)0x2001d000 = 1;
*(uint32_t*)0x2001d004 = 0x70;
*(uint8_t*)0x2001d008 = 0;
*(uint8_t*)0x2001d009 = 0;
*(uint8_t*)0x2001d00a = 0;
*(uint8_t*)0x2001d00b = 0;
*(uint32_t*)0x2001d00c = 0;
*(uint64_t*)0x2001d010 = 0x7f;
*(uint64_t*)0x2001d018 = 0;
*(uint64_t*)0x2001d020 = 0;
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0x81, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 8, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0x10, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x2001d028, 0, 29, 35);
*(uint32_t*)0x2001d030 = 0;
*(uint32_t*)0x2001d034 = 0;
*(uint64_t*)0x2001d038 = 0x20abe000;
*(uint64_t*)0x2001d040 = 0;
*(uint64_t*)0x2001d048 = 0;
*(uint64_t*)0x2001d050 = 0;
*(uint32_t*)0x2001d058 = 0;
*(uint32_t*)0x2001d05c = 0;
*(uint64_t*)0x2001d060 = 0;
*(uint32_t*)0x2001d068 = 0;
*(uint16_t*)0x2001d06c = 0;
*(uint16_t*)0x2001d06e = 0;
syscall(__NR_perf_event_open, 0x2001d000, 0, -1, -1, 0);
*(uint32_t*)0x20000180 = 8;
syscall(__NR_getsockopt, -1, 0x84, 0x14, 0x200000c0, 0x20000180);
syscall(__NR_gettid);
syscall(__NR_pkey_mprotect, 0x20ffd000, 0x3000, 0, -1);
syscall(__NR_mremap, 0x20ffb000, 0x4000, 0x4000, 3, 0x20ffc000);
memcpy((void*)0x20000400, "/dev/snd/pcmC#D#p", 18);
res = syz_open_dev(0x20000400, 0x3ff, 0x2002);
if (res != -1)
r[43] = res;
*(uint16_t*)0x20000880 = 1;
*(uint8_t*)0x20000882 = 0;
*(uint32_t*)0x20000884 = 0x4e21;
*(uint64_t*)0x20000900 = 0x20000680;
*(uint64_t*)0x20000908 = 0xb7;
*(uint64_t*)0x20000910 = 0x20000300;
*(uint64_t*)0x20000918 = 3;
syscall(__NR_setsockopt, -1, 0x114, 7, 0x20000880, 0xa0);
memcpy((void*)0x20000100, "\x2e\x2f\x63\x67\x72\x6f\x75\x70\x2e\x63\x70\x75"
"\x2f\x73\x79\x7a\x31\x02",
18);
syscall(__NR_mkdirat, 0xffffffffffffff9c, 0x20000100, 0x1ff);
*(uint32_t*)0x20000380 = 3;
*(uint32_t*)0x20000384 = 0x7ff;
syscall(__NR_ioctl, r[43], 0x4008af23, 0x20000380);
*(uint32_t*)0x200001c0 = 0;
*(uint32_t*)0x200001c4 = 9;
*(uint16_t*)0x200001c8 = 0x20;
*(uint32_t*)0x20000200 = 0xc;
syscall(__NR_getsockopt, -1, 0x84, 0x72, 0x200001c0, 0x20000200);
memcpy((void*)0x20000280, "\x2e\x2f\x63\x67\x72\x6f\x75\x70\x2e\x6e\x65\x74"
"\x2f\x73\x79\x7a\x31\x27\x75\xca\x1e\x56\xb8\x2a"
"\x6b\x2c\x96\x10\x34\x5b\xf0\x84\x1f\x9c\x01\x02"
"\xea\x83\x17\xe1\xc2\xfd\x7a\xd8\x19\xa4\xe0\x39",
48);
syscall(__NR_mkdirat, 0xffffffffffffff9c, 0x20000280, 0x1ff);
*(uint32_t*)0x200003c0 = 0;
syscall(__NR_setsockopt, -1, 0x84, 0x12, 0x200003c0, 4);
syscall(__NR_ioctl, r[42], 0xc008af12, 0x20000000);
syscall(__NR_ioctl, r[43], 0x7005);
memcpy((void*)0x200002c0, "/dev/loop-control", 18);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[44] = res;
syscall(__NR_ioctl, r[44], 0x4c81, 0);
syscall(__NR_setsockopt, r[43], 0x111, 2, 1, 4);
*(uint32_t*)0x20000540 = 0x7ff;
*(uint32_t*)0x20000544 = 0;
*(uint32_t*)0x20000548 = 0xfffffeff;
*(uint32_t*)0x2000054c = 5;
*(uint32_t*)0x20000550 = 0;
*(uint32_t*)0x20000554 = 0x3f;
*(uint8_t*)0x20000558 = 0;
*(uint8_t*)0x20000559 = 0;
*(uint8_t*)0x2000055a = 0;
*(uint8_t*)0x2000055b = 0;
*(uint8_t*)0x2000055c = 0;
*(uint8_t*)0x2000055d = 0;
*(uint8_t*)0x2000055e = 0;
*(uint8_t*)0x2000055f = 0;
*(uint8_t*)0x20000560 = 0;
*(uint8_t*)0x20000561 = 0;
*(uint8_t*)0x20000562 = 0;
*(uint8_t*)0x20000563 = 0;
*(uint8_t*)0x20000564 = 0;
*(uint8_t*)0x20000565 = 0;
*(uint8_t*)0x20000566 = 0;
*(uint8_t*)0x20000567 = 0;
*(uint8_t*)0x20000568 = 0;
*(uint8_t*)0x20000569 = 0;
*(uint8_t*)0x2000056a = 0;
*(uint8_t*)0x2000056b = 0;
*(uint8_t*)0x2000056c = 0;
*(uint8_t*)0x2000056d = 0;
*(uint8_t*)0x2000056e = 0;
*(uint8_t*)0x2000056f = 0;
*(uint8_t*)0x20000570 = 0;
*(uint8_t*)0x20000571 = 0;
*(uint8_t*)0x20000572 = 0;
*(uint8_t*)0x20000573 = 0;
*(uint8_t*)0x20000574 = 0;
*(uint8_t*)0x20000575 = 0;
*(uint8_t*)0x20000576 = 0;
*(uint8_t*)0x20000577 = 0;
*(uint8_t*)0x20000578 = 0;
*(uint8_t*)0x20000579 = 0;
*(uint8_t*)0x2000057a = 0;
*(uint8_t*)0x2000057b = 0;
*(uint8_t*)0x2000057c = 0;
*(uint8_t*)0x2000057d = 0;
*(uint8_t*)0x2000057e = 0;
*(uint8_t*)0x2000057f = 0;
*(uint8_t*)0x20000580 = 0;
*(uint8_t*)0x20000581 = 0;
*(uint8_t*)0x20000582 = 0;
*(uint8_t*)0x20000583 = 0;
*(uint8_t*)0x20000584 = 0;
*(uint8_t*)0x20000585 = 0;
*(uint8_t*)0x20000586 = 0;
*(uint8_t*)0x20000587 = 0;
*(uint8_t*)0x20000588 = 0;
*(uint8_t*)0x20000589 = 0;
*(uint8_t*)0x2000058a = 0;
*(uint8_t*)0x2000058b = 0;
*(uint8_t*)0x2000058c = 0;
*(uint8_t*)0x2000058d = 0;
*(uint8_t*)0x2000058e = 0;
*(uint8_t*)0x2000058f = 0;
*(uint8_t*)0x20000590 = 0;
*(uint8_t*)0x20000591 = 0;
*(uint8_t*)0x20000592 = 0;
*(uint8_t*)0x20000593 = 0;
*(uint8_t*)0x20000594 = 0;
*(uint8_t*)0x20000595 = 0;
*(uint8_t*)0x20000596 = 0;
*(uint8_t*)0x20000597 = 0;
syscall(__NR_ioctl, r[43], 0x4058534c, 0x20000540);
syscall(__NR_getresuid, 0x20000440, 0x20000600, 0x20000640);
syscall(__NR_ioctl, r[44], 0x4c80, 0);
syscall(__NR_ioctl, r[43], 0x4008af03, 0x20000b00);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
syscall(__NR_madvise, 0x20ffb000, 0x4000, 0x6f);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[45] = res;
syscall(__NR_ioctl, r[45], 0xae01, 0);
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[46] = res;
memcpy((void*)0x20000200, "/dev/autofs", 12);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000200, 0x141801, 0);
if (res != -1)
r[47] = res;
*(uint32_t*)0x200001c0 = 7;
syscall(__NR_ioctl, r[47], 0x5417, 0x200001c0);
*(uint64_t*)0x20000080 = 2;
syscall(__NR_ioctl, r[47], 0x40082404, 0x20000080);
syscall(__NR_ioctl, r[46], 0x800000008912, 0x200000c0);
syscall(__NR_ioctl, r[47], 0x4b34, 6);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
res = syscall(__NR_socketpair, 1, 5, 0, 0x20000100);
if (res != -1)
r[48] = *(uint32_t*)0x20000104;
res = syscall(__NR_socketpair, 1, 3, 0, 0x20000140);
if (res != -1)
r[49] = *(uint32_t*)0x20000140;
res = syscall(__NR_socketpair, 1, 1, 0, 0x20000280);
if (res != -1)
r[50] = *(uint32_t*)0x20000284;
syscall(__NR_ioctl, r[50], 0x8912, 0x400200);
*(uint16_t*)0x20968ff6 = 1;
memcpy((void*)0x20968ff8,
"\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00",
108);
syscall(__NR_bind, r[49], 0x20968ff6, 0xa);
memcpy((void*)0x20000000, "/dev/rfkill", 12);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x100, 0);
if (res != -1)
r[51] = res;
res = syscall(__NR_dup, r[50]);
if (res != -1)
r[52] = res;
memcpy((void*)0x20000080, "./file0", 8);
memcpy((void*)0x20000180, "./file0", 8);
syscall(__NR_renameat2, r[51], 0x20000080, r[52], 0x20000180, 4);
memcpy((void*)0x20000040, "./file0", 8);
res = syscall(__NR_open, 0x20000040, 0x200000, 0);
if (res != -1)
r[53] = res;
*(uint64_t*)0x200034c0 = 0x200003c0;
*(uint16_t*)0x200003c0 = 0;
*(uint8_t*)0x200003c2 = 0;
*(uint32_t*)0x200003c4 = 0;
*(uint32_t*)0x200034c8 = 0x6e;
*(uint64_t*)0x200034d0 = 0x20000100;
*(uint64_t*)0x200034d8 = 0;
*(uint64_t*)0x200034e0 = 0x200000c0;
*(uint64_t*)0x200000c0 = 0x18;
*(uint32_t*)0x200000c8 = 1;
*(uint32_t*)0x200000cc = 1;
*(uint32_t*)0x200000d0 = r[53];
*(uint64_t*)0x200034e8 = 0x18;
*(uint32_t*)0x200034f0 = 0;
syscall(__NR_sendmmsg, r[48], 0x200034c0, 0x47, 0);
res = syscall(__NR_eventfd, 0);
if (res != -1)
r[54] = res;
memcpy((void*)0x20000000, "/dev/nullb0", 12);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x4000, 0);
if (res != -1)
r[55] = res;
*(uint64_t*)0x20000040 = 0x100000001;
*(uint64_t*)0x20000048 = 0x100000001;
syscall(__NR_ioctl, r[55], 0x40101283, 0x20000040);
res = syscall(__NR_shmget, 0x798dd815, 0x2000, 0x78000824, 0x20ffe000);
if (res != -1)
r[56] = res;
syscall(__NR_shmctl, r[56], 0xc);
syscall(__NR_mmap, 0x20fff000, 0x1000, 2, 0x22010, r[54], 0);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[57] = res;
syscall(__NR_mmap, 0x20000000, 0x3000, 0xfffffffffffffffc, 0x80012, r[57], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[58] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[58], 0x10d, 0xdb, 0x200002c0, 0x20000000);
memcpy((void*)0x20000000, "cpuacct.stat", 13);
res = syscall(__NR_openat, -1, 0x20000000, 0, 0);
if (res != -1)
r[59] = res;
res = syscall(__NR_geteuid);
if (res != -1)
r[60] = res;
syscall(__NR_ioctl, r[59], 0x400454cc, r[60]);
syscall(__NR_mremap, 0x20202000, 0x3000, 0x1000, 7, 0x20ffc000);
memcpy((void*)0x20000080, "cpuacct.usage_percpu_sys", 25);
res = syscall(__NR_openat, -1, 0x20000080, 0, 0);
if (res != -1)
r[61] = res;
syscall(__NR_ioctl, r[61], 0x80047013, 0x200001c0);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[62] = res;
syscall(__NR_ioctl, r[62], 0xae01, 0);
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[63] = res;
syscall(__NR_ioctl, r[63], 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0x23);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[64] = res;
memcpy((void*)0x20000000, "./file0", 8);
memcpy((void*)0x200000c0, "trusted.overlay.nlink", 22);
memcpy((void*)0x20000140, "L+", 2);
sprintf((char*)0x20000154, "%020llu", (long long)0x8000);
syscall(__NR_setxattr, 0x20000000, 0x200000c0, 0x20000140, 0x28, 1);
syscall(__NR_ioctl, r[64], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[65] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[65];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x20000000, "/dev/adsp#", 11);
res = syz_open_dev(0x20000000, 0x422c97b1, 0x400);
if (res != -1)
r[66] = res;
*(uint32_t*)0x20000040 = 0;
*(uint32_t*)0x20000044 = 7;
*(uint32_t*)0x200002c0 = 8;
res =
syscall(__NR_getsockopt, 0xffffff9c, 0x84, 0x13, 0x20000040, 0x200002c0);
if (res != -1)
r[67] = *(uint32_t*)0x20000040;
*(uint16_t*)0x20000300 = 3;
*(uint16_t*)0x20000302 = 6;
*(uint16_t*)0x20000304 = 0x200;
*(uint32_t*)0x20000308 = 7;
*(uint32_t*)0x2000030c = 4;
*(uint32_t*)0x20000310 = 0x800;
*(uint32_t*)0x20000314 = 5;
*(uint32_t*)0x20000318 = 1;
*(uint32_t*)0x2000031c = r[67];
*(uint32_t*)0x20000340 = 0x20;
syscall(__NR_getsockopt, r[66], 0x84, 0xa, 0x20000300, 0x20000340);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[68] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[68], 0);
syscall(__NR_setns, r[66], 0x2000000);
*(uint32_t*)0x20000280 = 0xffffffc1;
syscall(__NR_getsockopt, -1, 0x10d, 0xdb, 0x20000240, 0x20000280);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
memcpy((void*)0x20000000, "cpuacct.stat", 13);
res = syscall(__NR_openat, -1, 0x20000000, 0, 0);
if (res != -1)
r[69] = res;
res = syscall(__NR_geteuid);
if (res != -1)
r[70] = res;
syscall(__NR_ioctl, r[69], 0x400454cc, r[70]);
syscall(__NR_mremap, 0x20202000, 0x3000, 0x1000, 7, 0x20ffc000);
res = syscall(__NR_ioctl, -1, 0xae01, 0);
if (res != -1)
r[71] = res;
memcpy((void*)0x20000300, "/dev/input/mouse#", 18);
res = syz_open_dev(0x20000300, 0xfffffffffffff001, 0x412001);
if (res != -1)
r[72] = res;
*(uint32_t*)0x20000340 = 0;
*(uint16_t*)0x20000344 = 2;
*(uint16_t*)0x20000346 = 0;
*(uint64_t*)0x20000348 = 0x80000001;
*(uint64_t*)0x20000350 = 0;
*(uint32_t*)0x20000380 = 0x18;
res = syscall(__NR_getsockopt, -1, 0x84, 0x73, 0x20000340, 0x20000380);
if (res != -1)
r[73] = *(uint32_t*)0x20000340;
*(uint32_t*)0x200003c0 = r[73];
*(uint32_t*)0x200003c4 = 0x401;
*(uint32_t*)0x200003c8 = 0x24c8;
*(uint32_t*)0x200003cc = 7;
syscall(__NR_setsockopt, r[72], 0x84, 0, 0x200003c0, 0x10);
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[74] = res;
syscall(__NR_ioctl, r[74], 0x800000008912, 0x200000c0);
memcpy((void*)0x20000080, "/proc/sys/net/ipv4/vs/backup_only", 34);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000080, 2, 0);
if (res != -1)
r[75] = res;
syscall(__NR_ioctl, r[75], 0x4c05, 0x200001c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[71], 0x4040ae79, 0x20000100);
syscall(__NR_epoll_ctl, r[75], 2, -1);
res = syscall(__NR_socket, 0xa, 0x807, 0);
if (res != -1)
r[76] = res;
res = syscall(__NR_pipe, 0x20000140);
if (res != -1)
r[77] = *(uint32_t*)0x20000144;
syscall(__NR_ioctl, r[77], 0x80081270, 0x20000180);
syscall(__NR_ioctl, r[76], 0x8912, 0x20000280);
res = syscall(__NR_socket, 2, 3, 4);
if (res != -1)
r[78] = res;
memcpy((void*)0x20000080, "/dev/rfkill", 12);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000080, 0x40400, 0);
if (res != -1)
r[79] = res;
*(uint32_t*)0x20000100 = 0;
*(uint32_t*)0x20000104 = 0xd2;
*(uint64_t*)0x20000108 = 2;
*(uint64_t*)0x20000110 = 0x200000c0;
*(uint64_t*)0x200000c0 = 0xfffffffffffffffd;
syscall(__NR_ioctl, r[79], 0x4018aee3, 0x20000100);
*(uint32_t*)0x20469ffc = 0x7fe;
syscall(__NR_setsockopt, r[78], 1, 0x25, 0x20469ffc, 4);
*(uint32_t*)0x20000040 = 1;
syscall(__NR_setsockopt, r[79], 6, 0x100000000000000, 0x20000040, 4);
*(uint16_t*)0x20cd2ff0 = 2;
*(uint16_t*)0x20cd2ff2 = htobe16(0);
*(uint32_t*)0x20cd2ff4 = htobe32(0);
*(uint8_t*)0x20cd2ff8 = 0;
*(uint8_t*)0x20cd2ff9 = 0;
*(uint8_t*)0x20cd2ffa = 0;
*(uint8_t*)0x20cd2ffb = 0;
*(uint8_t*)0x20cd2ffc = 0;
*(uint8_t*)0x20cd2ffd = 0;
*(uint8_t*)0x20cd2ffe = 0;
*(uint8_t*)0x20cd2fff = 0;
syscall(__NR_sendto, r[78], 0x20edf000, 0, 0, 0x20cd2ff0, 0x10);
*(uint64_t*)0x20000000 = 0;
*(uint32_t*)0x20000008 = 0;
*(uint64_t*)0x20000010 = 0x20001380;
*(uint64_t*)0x20000018 = 0;
*(uint64_t*)0x20000020 = 0x20603000;
*(uint64_t*)0x20000028 = 0x51;
*(uint32_t*)0x20000030 = 0;
syscall(__NR_recvmsg, r[78], 0x20000000, 0);
res = syscall(__NR_socketpair, 1, 2, 0, 0x20000240);
if (res != -1)
r[80] = *(uint32_t*)0x20000244;
syscall(__NR_fcntl, r[80], 0xb21a3efa84789bb8, r[80]);
memcpy((void*)0x20000000, "/dev/dsp#", 10);
res = syz_open_dev(0x20000000, 0x20, 0x400000);
if (res != -1)
r[81] = res;
syscall(__NR_ioctl, r[81], 0x8912, 0x400200);
syscall(__NR_socket, 2, 2, 0);
memcpy((void*)0x20000140, "/dev/input/mice", 16);
res = syz_open_dev(0x20000140, 0, 0x40100);
if (res != -1)
r[82] = res;
memcpy((void*)0x20000180, "/dev/hwrng", 11);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000180, 0x4000, 0);
if (res != -1)
r[83] = res;
*(uint32_t*)0x200001c0 = 1;
*(uint32_t*)0x200001c4 = r[83];
*(uint32_t*)0x200001c8 = 1;
syscall(__NR_ioctl, r[82], 0xc00caee0, 0x200001c0);
syscall(__NR_socketpair, 0x13, 2, 6, 0x200000c0);
memcpy((void*)0x20000100, "/dev/usbmon#", 13);
res = syz_open_dev(0x20000100, 5, 0x400);
if (res != -1)
r[84] = res;
syscall(__NR_ioctl, r[84], 0x8912, 1);
*(uint64_t*)0x20000000 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000000, 0, 0x233);
res = syscall(__NR_gettid);
if (res != -1)
r[85] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[85];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[86] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[86], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[87] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[87], 0x10d, 0xdb, 0x200002c0, 0x20000000);
syscall(__NR_mmap, 0x20000000, 0x400000, 0x1000009, 0x5c831, -1, 0);
memcpy((void*)0x20000080, "attr", 5);
res = syz_open_procfs(-1, 0x20000080);
if (res != -1)
r[88] = res;
syscall(__NR_ioctl, r[88], 0xaf02, 0);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[89] = res;
res = syscall(__NR_ioctl, r[89], 0xae01, 0);
if (res != -1)
r[90] = res;
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[91] = res;
syscall(__NR_ioctl, r[91], 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[90], 0x4040ae79, 0x20000100);
res = syscall(__NR_socket, 0xa, 0x1000000000002, 0);
if (res != -1)
r[92] = res;
syscall(__NR_ioctl, r[92], 0x8912, 0x20000280);
res = syscall(__NR_userfaultfd, 0);
if (res != -1)
r[93] = res;
*(uint64_t*)0x20000080 = 0xaa;
*(uint64_t*)0x20000088 = 0;
*(uint64_t*)0x20000090 = 0;
syscall(__NR_ioctl, r[93], 0xc018aa3f, 0x20000080);
memcpy((void*)0x20000000, "/dev/rtc0", 10);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x200, 0);
if (res != -1)
r[94] = res;
syscall(__NR_socketpair, 0xa, 0xb, 1, 0x200000c0);
*(uint8_t*)0x20000040 = 8;
*(uint8_t*)0x20000041 = 0;
*(uint8_t*)0x20000042 = 0;
*(uint8_t*)0x20000043 = 0;
*(uint8_t*)0x20000044 = 0;
*(uint8_t*)0x20000045 = 0;
*(uint8_t*)0x20000046 = 0;
*(uint8_t*)0x20000047 = 0;
*(uint8_t*)0x20000048 = 0;
*(uint8_t*)0x20000049 = 0;
*(uint8_t*)0x2000004a = 0;
*(uint8_t*)0x2000004b = 0;
*(uint8_t*)0x2000004c = 0;
*(uint8_t*)0x2000004d = 0;
*(uint8_t*)0x2000004e = 0;
*(uint8_t*)0x2000004f = 0;
*(uint8_t*)0x20000050 = 0;
*(uint8_t*)0x20000051 = 0;
*(uint8_t*)0x20000052 = 0;
*(uint8_t*)0x20000053 = 0;
*(uint8_t*)0x20000054 = 0;
*(uint8_t*)0x20000055 = 0;
*(uint8_t*)0x20000056 = 0;
*(uint8_t*)0x20000057 = 0;
*(uint8_t*)0x20000058 = 0;
*(uint8_t*)0x20000059 = 0;
*(uint8_t*)0x2000005a = 0;
*(uint8_t*)0x2000005b = 0;
*(uint8_t*)0x2000005c = 0;
*(uint8_t*)0x2000005d = 0;
*(uint8_t*)0x2000005e = 0;
*(uint8_t*)0x2000005f = 0;
syscall(__NR_ioctl, r[94], 0xae71, 0x20000040);
*(uint32_t*)0x200001c0 = r[93];
*(uint16_t*)0x200001c4 = 0;
*(uint16_t*)0x200001c6 = 0;
*(uint32_t*)0x200001c8 = r[92];
*(uint16_t*)0x200001cc = 0;
*(uint16_t*)0x200001ce = 0;
*(uint64_t*)0x20000200 = 0;
*(uint64_t*)0x20000208 = 0x989680;
*(uint64_t*)0x20000240 = 0;
syscall(__NR_ppoll, 0x200001c0, 2, 0x20000200, 0x20000240, 8);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[95] = res;
memcpy((void*)0x20000040, "/dev/fuse", 10);
syscall(__NR_openat, 0xffffffffffffff9c, 0x20000040, 2, 0);
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[95], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[96] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[96], 0x10d, 0xdb, 0x200002c0, 0x20000000);
syscall(__NR_ioctl, r[95], 0xab0a, 0x1f);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[97] = res;
memcpy((void*)0x20000000, "./file1", 8);
memcpy((void*)0x20000140,
"\x29\x7b\xe8\x27\xcf\x92\x0c\x47\x63\x4c\x2a\x76\x6d\x24\x00", 15);
syscall(__NR_setxattr, 0x20000000, 0x200004c0, 0x20000140, 0xf, 2);
syscall(__NR_ioctl, r[97], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_io_setup, 0xd, 0x200005c0);
if (res != -1)
r[98] = *(uint64_t*)0x200005c0;
*(uint64_t*)0x20000480 = 0;
*(uint64_t*)0x20000488 = 0x989680;
syscall(__NR_io_pgetevents, r[98], 9, 1, 0x20000440, 0x20000480, 0);
res = syscall(__NR_gettid);
if (res != -1)
r[99] = res;
*(uint64_t*)0x200000c0 = 3;
syscall(__NR_rt_sigsuspend, 0x200000c0, 8);
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[99];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
syscall(__NR_ioctl, r[97], 0x40106614, 0x20000180);
memcpy((void*)0x200001c0, "/dev/snd/pcmC#D#p", 18);
res = syz_open_dev(0x200001c0, 5, 0x20200);
if (res != -1)
r[100] = res;
syscall(__NR_ioctl, r[100], 0x40045568, 0x29);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
syscall(__NR_ioctl, r[100], 0x80247009, 0x20000200);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 2);
syscall(__NR_socket, 0x1f, 0, 3);
syscall(__NR_getpgrp, -1);
res = syscall(__NR_socket, 0x10, 0x8000a, 0x77);
if (res != -1)
r[101] = res;
*(uint16_t*)0x20000000 = 2;
*(uint16_t*)0x20000002 = htobe16(0x4e23);
*(uint8_t*)0x20000004 = 0xac;
*(uint8_t*)0x20000005 = 0x14;
*(uint8_t*)0x20000006 = 0x14;
*(uint8_t*)0x20000007 = 0xbb;
*(uint8_t*)0x20000008 = 0;
*(uint8_t*)0x20000009 = 0;
*(uint8_t*)0x2000000a = 0;
*(uint8_t*)0x2000000b = 0;
*(uint8_t*)0x2000000c = 0;
*(uint8_t*)0x2000000d = 0;
*(uint8_t*)0x2000000e = 0;
*(uint8_t*)0x2000000f = 0;
syscall(__NR_bind, r[101], 0x20000000, 0x10);
memcpy((void*)0x20000040, "/dev/nbd#", 10);
syz_open_dev(0x20000040, 0, 0x2080);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
memcpy((void*)0x20000000, "/dev/null", 10);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x400000, 0);
if (res != -1)
r[102] = res;
syscall(__NR_ioctl, r[102], 0x227d, 0x20000040);
syscall(__NR_setsockopt, -1, 0x29, 0, 0x20002000, 0);
*(uint16_t*)0x20002000 = 0xa;
*(uint16_t*)0x20002002 = htobe16(0);
*(uint32_t*)0x20002004 = 0;
*(uint8_t*)0x20002008 = 0;
*(uint8_t*)0x20002009 = 0;
*(uint8_t*)0x2000200a = 0;
*(uint8_t*)0x2000200b = 0;
*(uint8_t*)0x2000200c = 0;
*(uint8_t*)0x2000200d = 0;
*(uint8_t*)0x2000200e = 0;
*(uint8_t*)0x2000200f = 0;
*(uint8_t*)0x20002010 = 0;
*(uint8_t*)0x20002011 = 0;
*(uint8_t*)0x20002012 = 0;
*(uint8_t*)0x20002013 = 0;
*(uint8_t*)0x20002014 = 0;
*(uint8_t*)0x20002015 = 0;
*(uint8_t*)0x20002016 = 0;
*(uint8_t*)0x20002017 = 0;
*(uint32_t*)0x20002018 = 0;
*(uint16_t*)0x2000201c = 0xa;
*(uint16_t*)0x2000201e = htobe16(0);
*(uint32_t*)0x20002020 = 0;
*(uint8_t*)0x20002024 = 0;
*(uint8_t*)0x20002025 = 0;
*(uint8_t*)0x20002026 = 0;
*(uint8_t*)0x20002027 = 0;
*(uint8_t*)0x20002028 = 0;
*(uint8_t*)0x20002029 = 0;
*(uint8_t*)0x2000202a = 0;
*(uint8_t*)0x2000202b = 0;
*(uint8_t*)0x2000202c = 0;
*(uint8_t*)0x2000202d = 0;
*(uint8_t*)0x2000202e = 0;
*(uint8_t*)0x2000202f = 0;
*(uint8_t*)0x20002030 = 0;
*(uint8_t*)0x20002031 = 0;
*(uint8_t*)0x20002032 = 0;
*(uint8_t*)0x20002033 = 0;
*(uint32_t*)0x20002034 = 1;
*(uint16_t*)0x20002038 = 0;
*(uint32_t*)0x2000203c = 0;
*(uint32_t*)0x20002040 = 0;
*(uint32_t*)0x20002044 = 0;
*(uint32_t*)0x20002048 = 0;
*(uint32_t*)0x2000204c = 0;
*(uint32_t*)0x20002050 = 0;
*(uint32_t*)0x20002054 = 0;
*(uint32_t*)0x20002058 = 0;
syscall(__NR_setsockopt, -1, 0x29, 0xd3, 0x20002000, 0x5c);
*(uint32_t*)0x20002000 = 0x80000000;
*(uint32_t*)0x20002004 = 0;
*(uint32_t*)0x20002008 = 1;
*(uint32_t*)0x2000200c = 0;
*(uint32_t*)0x20002010 = 0;
syscall(__NR_setsockopt, -1, 6, 0x1d, 0x20002000, 0x14);
res = syscall(__NR_socket, 0xa, 1, 0);
if (res != -1)
r[103] = res;
syscall(__NR_clock_gettime, 7, 0x200000c0);
*(uint32_t*)0x20001fde = 4;
syscall(__NR_setsockopt, r[103], 0x29, 0x43, 0x20001fde, 4);
*(uint32_t*)0x20000080 = 8;
*(uint32_t*)0x20000084 = -1;
*(uint32_t*)0x20000088 = 0x7fff;
*(uint32_t*)0x2000008c = 3;
*(uint32_t*)0x20000090 = 0xfffffdf6;
syscall(__NR_setsockopt, r[103], 6, 0x1d, 0x20000080, 0x14);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[104] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[104], 0);
syscall(__NR_socket, 2, 6, 0);
*(uint32_t*)0x20000280 = 4;
syscall(__NR_getsockopt, r[104], 0x10d, 0x17, 0x20000240, 0x20000280);
syscall(__NR_socket, 2, 2, 0);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[105] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[105];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
memcpy((void*)0x20000000, "./file0", 8);
res = syscall(__NR_lstat, 0x20000000, 0x20000140);
if (res != -1)
r[106] = *(uint32_t*)0x20000150;
syscall(__NR_setgid, r[106]);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x20001140, "/dev/qat_adf_ctl", 17);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20001140, 0x800, 0);
if (res != -1)
r[107] = res;
memcpy((void*)0x20001180, "trusted.overlay.nlink", 22);
memcpy((void*)0x200011c0, "L+", 2);
sprintf((char*)0x200011d4, "%020llu", (long long)0xffff);
syscall(__NR_fsetxattr, r[107], 0x20001180, 0x200011c0, 0x28, 1);
memcpy((void*)0x20002b40,
"\x73\x69\x74\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16);
*(uint32_t*)0x20002b50 = 0;
res = syscall(__NR_ioctl, -1, 0x8933, 0x20002b40);
if (res != -1)
r[108] = *(uint32_t*)0x20002b50;
*(uint8_t*)0x20002b80 = 0xfe;
*(uint8_t*)0x20002b81 = 0x80;
*(uint8_t*)0x20002b82 = 0;
*(uint8_t*)0x20002b83 = 0;
*(uint8_t*)0x20002b84 = 0;
*(uint8_t*)0x20002b85 = 0;
*(uint8_t*)0x20002b86 = 0;
*(uint8_t*)0x20002b87 = 0;
*(uint8_t*)0x20002b88 = 0;
*(uint8_t*)0x20002b89 = 0;
*(uint8_t*)0x20002b8a = 0;
*(uint8_t*)0x20002b8b = 0;
*(uint8_t*)0x20002b8c = 0;
*(uint8_t*)0x20002b8d = 0;
*(uint8_t*)0x20002b8e = 0;
*(uint8_t*)0x20002b8f = 0xaa;
*(uint8_t*)0x20002b90 = 0;
*(uint8_t*)0x20002b91 = 0;
*(uint8_t*)0x20002b92 = 0;
*(uint8_t*)0x20002b93 = 0;
*(uint8_t*)0x20002b94 = 0;
*(uint8_t*)0x20002b95 = 0;
*(uint8_t*)0x20002b96 = 0;
*(uint8_t*)0x20002b97 = 0;
*(uint8_t*)0x20002b98 = 0;
*(uint8_t*)0x20002b99 = 0;
*(uint8_t*)0x20002b9a = -1;
*(uint8_t*)0x20002b9b = -1;
*(uint32_t*)0x20002b9c = htobe32(-1);
*(uint8_t*)0x20002ba0 = -1;
*(uint8_t*)0x20002ba1 = 1;
*(uint8_t*)0x20002ba2 = 0;
*(uint8_t*)0x20002ba3 = 0;
*(uint8_t*)0x20002ba4 = 0;
*(uint8_t*)0x20002ba5 = 0;
*(uint8_t*)0x20002ba6 = 0;
*(uint8_t*)0x20002ba7 = 0;
*(uint8_t*)0x20002ba8 = 0;
*(uint8_t*)0x20002ba9 = 0;
*(uint8_t*)0x20002baa = 0;
*(uint8_t*)0x20002bab = 0;
*(uint8_t*)0x20002bac = 0;
*(uint8_t*)0x20002bad = 0;
*(uint8_t*)0x20002bae = 0;
*(uint8_t*)0x20002baf = 1;
*(uint32_t*)0x20002bb0 = 2;
*(uint16_t*)0x20002bb4 = 0;
*(uint16_t*)0x20002bb6 = 7;
*(uint32_t*)0x20002bb8 = 0x500;
*(uint64_t*)0x20002bc0 = 8;
*(uint32_t*)0x20002bc8 = 0x40020;
*(uint32_t*)0x20002bcc = r[108];
syscall(__NR_ioctl, r[107], 0x890c, 0x20002b80);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
memcpy((void*)0x20000000, "/dev/amidi#", 12);
res = syz_open_dev(0x20000000, 0, 0x400);
if (res != -1)
r[109] = res;
*(uint32_t*)0x20001100 = 3;
*(uint32_t*)0x20001104 = 0;
*(uint64_t*)0x20001108 = 0x20000040;
*(uint64_t*)0x20001110 = 0x20001040;
*(uint64_t*)0x20001118 = 0x200010c0;
*(uint64_t*)0x20001120 = 4;
syscall(__NR_ioctl, r[109], 0x4028af11, 0x20001100);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[110] = res;
res = syscall(__NR_ioctl, r[110], 0xae01, 0);
if (res != -1)
r[111] = res;
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[112] = res;
syscall(__NR_ioctl, r[112], 0x800000008912, 0x200000c0);
res = syscall(__NR_dup, r[112]);
if (res != -1)
r[113] = res;
*(uint32_t*)0x20000080 = 0;
*(uint16_t*)0x20000084 = 0;
*(uint16_t*)0x20000086 = 1;
*(uint16_t*)0x20000088 = 0x101;
*(uint32_t*)0x200001c0 = 0xa;
res =
syscall(__NR_getsockopt, 0xffffff9c, 0x84, 0x77, 0x20000080, 0x200001c0);
if (res != -1)
r[114] = *(uint32_t*)0x20000080;
*(uint32_t*)0x20000200 = r[114];
syscall(__NR_setsockopt, r[113], 0x84, 0x78, 0x20000200, 4);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[111], 0x4040ae79, 0x20000100);
*(uint32_t*)0x20000240 = 2;
*(uint32_t*)0x20000244 = 0;
*(uint32_t*)0x20000248 = 6;
*(uint32_t*)0x2000024c = 6;
*(uint32_t*)0x20000250 = 0;
*(uint32_t*)0x20000254 = 9;
syscall(__NR_ioctl, r[113], 0x401845c0, 0x20000240);
res = syscall(__NR_socketpair, 1, 5, 0, 0x20000200);
if (res != -1)
r[115] = *(uint32_t*)0x20000204;
syscall(__NR_ioctl, r[115], 0x8912, 0x400200);
memcpy((void*)0x20000000, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b\x00", 11);
syscall(__NR_mknod, 0x20000000, 0, 0);
syscall(__NR_clone, 0x3102001ffe, 0, 0x9999999999999999, 0x20000140, -1);
res = syscall(__NR_socketpair, 2, 0, 0, 0x20000080);
if (res != -1)
r[116] = *(uint32_t*)0x20000080;
memcpy((void*)0x20000340, "/dev/audio", 11);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000340, 0, 0);
if (res != -1)
r[117] = res;
res = syscall(__NR_fcntl, r[115], 0x10, 0x20000240);
if (res != -1)
r[118] = *(uint32_t*)0x20000244;
*(uint8_t*)0x20000280 = 0;
*(uint8_t*)0x20000281 = 0;
*(uint8_t*)0x20000282 = 0;
*(uint8_t*)0x20000283 = 0;
*(uint8_t*)0x20000284 = 0;
*(uint8_t*)0x20000285 = 0;
*(uint8_t*)0x20000286 = 0;
*(uint8_t*)0x20000287 = 0;
*(uint8_t*)0x20000288 = 0;
*(uint8_t*)0x20000289 = 0;
*(uint8_t*)0x2000028a = 0;
*(uint8_t*)0x2000028b = 0;
*(uint8_t*)0x2000028c = 0;
*(uint8_t*)0x2000028d = 0;
*(uint8_t*)0x2000028e = 0;
*(uint8_t*)0x2000028f = 0;
*(uint8_t*)0x20000290 = 0;
*(uint8_t*)0x20000291 = 0;
*(uint8_t*)0x20000292 = 0;
*(uint8_t*)0x20000293 = 0;
*(uint8_t*)0x20000294 = 0;
*(uint8_t*)0x20000295 = 0;
*(uint8_t*)0x20000296 = 0;
*(uint8_t*)0x20000297 = 0;
*(uint8_t*)0x20000298 = 0;
*(uint8_t*)0x20000299 = 0;
*(uint8_t*)0x2000029a = 0;
*(uint8_t*)0x2000029b = 0;
*(uint8_t*)0x2000029c = 0;
*(uint8_t*)0x2000029d = 0;
*(uint8_t*)0x2000029e = 0;
*(uint8_t*)0x2000029f = 0;
*(uint16_t*)0x200002a0 = 0x100;
*(uint32_t*)0x200002a4 = 1;
*(uint32_t*)0x200002a8 = 1;
*(uint64_t*)0x200002b0 = 2;
*(uint64_t*)0x200002b8 = 8;
*(uint32_t*)0x200002c0 = r[118];
syscall(__NR_ioctl, r[117], 0xc0481273, 0x20000280);
memcpy((void*)0x20000180, "\x62\x72\x6f\x75\x74\x65\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
32);
*(uint32_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a4 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint64_t*)0x200001b0 = 0;
*(uint64_t*)0x200001b8 = 0;
*(uint64_t*)0x200001c0 = 0;
*(uint64_t*)0x200001c8 = 0;
*(uint64_t*)0x200001d0 = 0;
*(uint64_t*)0x200001d8 = 0;
*(uint32_t*)0x200001e0 = 0;
*(uint64_t*)0x200001e8 = 0;
*(uint64_t*)0x200001f0 = 0;
*(uint32_t*)0x20000040 = 0x78;
syscall(__NR_getsockopt, r[116], 0, 0x80, 0x20000180, 0x20000040);
memcpy((void*)0x200000c0, "\xe9\x1f\x71\x89\x59\x1e\x92\x33\x61\x4b\x00", 11);
syscall(__NR_execve, 0x200000c0, 0x20000140, 0x20001580);
syscall(__NR_socketpair, 2, 6, 0, 0x20000300);
*(uint16_t*)0x20000340 = 0x80;
syscall(__NR_setsockopt, -1, 0x112, 0xb, 0x20000340, 2);
syscall(__NR_socketpair, 2, 5, 0x84, 0x20000280);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[119] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[119], 0x10d, 0xdb, 0x200002c0, 0x20000000);
res = syscall(__NR_socket, 2, 1, 0x84);
if (res != -1)
r[120] = res;
*(uint32_t*)0x20000040 = 0;
*(uint16_t*)0x20000044 = 0x37c;
*(uint16_t*)0x20000046 = 0xfffc;
*(uint32_t*)0x20000080 = 8;
res = syscall(__NR_getsockopt, r[120], 0x84, 0x7c, 0x20000040, 0x20000080);
if (res != -1)
r[121] = *(uint32_t*)0x20000040;
*(uint32_t*)0x20000100 = r[121];
*(uint16_t*)0x20000104 = 0xde1;
*(uint32_t*)0x20000140 = 8;
syscall(__NR_getsockopt, r[120], 0x84, 0x18, 0x20000100, 0x20000140);
*(uint64_t*)0x20002080 = 0x20000000;
*(uint16_t*)0x20000000 = 2;
*(uint16_t*)0x20000002 = htobe16(0);
*(uint8_t*)0x20000004 = 0xac;
*(uint8_t*)0x20000005 = 0x14;
*(uint8_t*)0x20000006 = 0x14;
*(uint8_t*)0x20000007 = 0xaa;
*(uint8_t*)0x20000008 = 0;
*(uint8_t*)0x20000009 = 0;
*(uint8_t*)0x2000000a = 0;
*(uint8_t*)0x2000000b = 0;
*(uint8_t*)0x2000000c = 0;
*(uint8_t*)0x2000000d = 0;
*(uint8_t*)0x2000000e = 0;
*(uint8_t*)0x2000000f = 0;
*(uint32_t*)0x20002088 = 0x10;
*(uint64_t*)0x20002090 = 0x200005c0;
*(uint64_t*)0x200005c0 = 0x200000c0;
*(uint64_t*)0x200005c8 = 0;
*(uint64_t*)0x20002098 = 1;
*(uint64_t*)0x200020a0 = 0x20000a00;
*(uint64_t*)0x20000a00 = 0x30;
*(uint32_t*)0x20000a08 = 0x84;
*(uint32_t*)0x20000a0c = 1;
*(uint16_t*)0x20000a10 = 0x10b;
*(uint16_t*)0x20000a12 = 0xfff;
*(uint16_t*)0x20000a14 = 4;
*(uint32_t*)0x20000a18 = 1;
*(uint32_t*)0x20000a1c = 2;
*(uint32_t*)0x20000a20 = 0x80000001;
*(uint32_t*)0x20000a24 = 0xfffffff7;
*(uint32_t*)0x20000a28 = 0x101;
*(uint32_t*)0x20000a2c = 0;
*(uint64_t*)0x20000a30 = 0x18;
*(uint32_t*)0x20000a38 = 0x84;
*(uint32_t*)0x20000a3c = 7;
*(uint8_t*)0x20000a40 = 0xac;
*(uint8_t*)0x20000a41 = 0x14;
*(uint8_t*)0x20000a42 = 0x14;
*(uint8_t*)0x20000a43 = 0xbb;
*(uint64_t*)0x20000a48 = 0x18;
*(uint32_t*)0x20000a50 = 0x84;
*(uint32_t*)0x20000a54 = 5;
*(uint16_t*)0x20000a58 = 0;
*(uint32_t*)0x20000a5c = 0;
*(uint64_t*)0x20000a60 = 0x18;
*(uint32_t*)0x20000a68 = 0x84;
*(uint32_t*)0x20000a6c = 7;
*(uint8_t*)0x20000a70 = 0xac;
*(uint8_t*)0x20000a71 = 0x14;
*(uint8_t*)0x20000a72 = 0x14;
*(uint8_t*)0x20000a73 = 0;
*(uint64_t*)0x200020a8 = 0x78;
*(uint32_t*)0x200020b0 = 0x4011;
syscall(__NR_sendmmsg, r[120], 0x20002080, 1, 0x44000);
res = syscall(__NR_dup, 0xffffff9c);
if (res != -1)
r[122] = res;
*(uint64_t*)0x20000000 = 0x6000000000000000;
*(uint64_t*)0x20000008 = 0x2000;
*(uint64_t*)0x20000010 = 0;
*(uint64_t*)0x20000018 = 2;
*(uint8_t*)0x20000020 = 0x1e;
*(uint8_t*)0x20000021 = 0;
*(uint8_t*)0x20000022 = 0;
*(uint8_t*)0x20000023 = 0;
*(uint8_t*)0x20000024 = 0;
*(uint8_t*)0x20000025 = 0;
*(uint8_t*)0x20000026 = 0;
*(uint8_t*)0x20000027 = 0;
*(uint64_t*)0x20000028 = 0;
*(uint64_t*)0x20000030 = 0;
*(uint64_t*)0x20000038 = 0;
syscall(__NR_ioctl, r[122], 0x4040ae9e, 0x20000000);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[123] = res;
syscall(__NR_ioctl, r[123], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[124] = res;
*(uint64_t*)0x200000c0 = 0;
*(uint32_t*)0x200000c8 = 0x20;
*(uint32_t*)0x200000cc = 4;
*(uint32_t*)0x200000d0 = r[124];
syscall(__NR_timer_create, 0, 0x200000c0, 0x20000140);
*(uint32_t*)0x20000180 = 0x100000;
syscall(__NR_setsockopt, r[122], 0x11b, 5, 0x20000180, 4);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
memcpy((void*)0x20000000, "./file0", 8);
res = syscall(__NR_openat, -1, 0x20000000, 0x100, 0xe8);
if (res != -1)
r[125] = res;
res = syscall(__NR_socket, 2, 3, 1);
if (res != -1)
r[126] = res;
memcpy((void*)0x20000040, "/proc/self/attr/current", 24);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000040, 2, 0);
if (res != -1)
r[127] = res;
syscall(__NR_ioctl, r[125], 0x40087703, 0);
res = syscall(__NR_socket, 0xf, 3, 2);
if (res != -1)
r[128] = res;
*(uint64_t*)0x200000c0 = 0x7f;
*(uint64_t*)0x200000c8 = 0x400;
*(uint16_t*)0x200000d0 = 5;
*(uint16_t*)0x200000d2 = 0;
*(uint32_t*)0x200000d4 = 0;
*(uint32_t*)0x200000d8 = r[126];
*(uint32_t*)0x200000dc = 0;
*(uint64_t*)0x200000e0 = 0x3a;
*(uint64_t*)0x200000e8 = 0;
*(uint32_t*)0x200000f0 = 0;
*(uint32_t*)0x200000f4 = 0;
*(uint32_t*)0x200000f8 = r[127];
*(uint32_t*)0x200000fc = 0;
*(uint64_t*)0x20000100 = 3;
*(uint64_t*)0x20000108 = 0;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = 0;
*(uint32_t*)0x20000118 = -1;
*(uint32_t*)0x2000011c = 0;
*(uint64_t*)0x20000120 = 0x40;
*(uint64_t*)0x20000128 = 0;
*(uint32_t*)0x20000130 = 0;
*(uint32_t*)0x20000134 = 0;
*(uint32_t*)0x20000138 = r[128];
*(uint32_t*)0x2000013c = 0;
*(uint64_t*)0x20000140 = 0x80000;
*(uint64_t*)0x20000148 = 0;
*(uint32_t*)0x20000150 = 0;
*(uint32_t*)0x20000154 = 0;
*(uint32_t*)0x20000158 = -1;
*(uint32_t*)0x2000015c = 0;
*(uint64_t*)0x20000160 = 0x8001;
*(uint64_t*)0x20000168 = 0;
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
syscall(__NR_ioctl, r[125], 0xc0189436, 0x200000c0);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[129] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[129], 0);
*(uint16_t*)0x20000040 = 8;
*(uint16_t*)0x20000042 = 8;
*(uint16_t*)0x20000044 = 8;
syscall(__NR_ioctl, r[129], 0x4b68, 0x20000040);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[130] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[130], 0x10d, 0xdb, 0x200002c0, 0x20000000);
res = syscall(__NR_epoll_create1, 0);
if (res != -1)
r[131] = res;
syscall(__NR_close, -1);
memcpy((void*)0x20000040, "/dev/ppp", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000040, 0, 0);
if (res != -1)
r[132] = res;
*(uint32_t*)0x20000080 = htobe32(0x67446698);
*(uint32_t*)0x20000084 = 2;
*(uint16_t*)0x20000088 = 1;
*(uint16_t*)0x2000008a = 2;
*(uint32_t*)0x2000008c = 3;
syscall(__NR_write, r[132], 0x20000080, 0x10);
syscall(__NR_ioctl, r[132], 0xc004743e, 0x20001180);
*(uint32_t*)0x20c85000 = 0;
*(uint64_t*)0x20c85004 = 0;
syscall(__NR_epoll_ctl, r[131], 1, -1, 0x20c85000);
*(uint32_t*)0x20000000 = 0x80000001;
*(uint64_t*)0x20000004 = 0;
syscall(__NR_epoll_ctl, r[131], 3, r[132], 0x20000000);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[133] = res;
res = syscall(__NR_ioctl, r[133], 0xae01, 0);
if (res != -1)
r[134] = res;
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[135] = res;
syscall(__NR_ioctl, r[135], 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint32_t*)0x200001c0 = 0x1c;
syscall(__NR_accept, r[134], 0x20000080, 0x200001c0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[134], 0x4040ae79, 0x20000100);
syscall(__NR_socket, 2, 2, 0);
memcpy((void*)0x20000140, "cpuacct.usage_sys", 18);
syscall(__NR_openat, -1, 0x20000140, 0, 0);
memcpy((void*)0x20000180, "/dev/adsp#", 11);
res = syz_open_dev(0x20000180, 0x80000001, 0x202000);
if (res != -1)
r[136] = res;
syscall(__NR_ioctl, r[136], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[137] = res;
syscall(__NR_sched_yield);
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[137];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
memcpy((void*)0x20000000, "/dev/autofs", 12);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0, 0);
if (res != -1)
r[138] = res;
syscall(__NR_ioctl, r[138], 0x80f86406, 0x200000c0);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
syscall(__NR_getrusage, -1, 0x20000240);
memcpy((void*)0x20000000, "/dev/snapshot", 14);
syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x30000, 0);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
memcpy((void*)0x20000040, "./file0", 8);
syscall(__NR_creat, 0x20000040, 0x170);
syscall(__NR_mremap, 0x20ffd000, 0x1000, 0x2000, 3, 0x202dc000);
memcpy((void*)0x20000080, "/dev/snapshot", 14);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000080, 0x800, 0);
if (res != -1)
r[139] = res;
syscall(__NR_ioctl, r[139], 0xae9a);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[140] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[140], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[141] = res;
*(uint64_t*)0x20000040 = 0;
syscall(__NR_ioctl, r[141], 0x40087602, 0x20000040);
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[141], 0x10d, 0xdb, 0x200002c0, 0x20000000);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[142] = res;
syscall(__NR_ioctl, r[142], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 2, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[143] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[143];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x20000280, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000280, 0, 0);
if (res != -1)
r[144] = res;
res = syscall(__NR_ioctl, r[144], 0xae01, 0);
if (res != -1)
r[145] = res;
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[146] = res;
syscall(__NR_ioctl, r[146], 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[145], 0x4040ae79, 0x20000100);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_mremap, 0x201ff000, 0x2000, 0x3000, 3, 0x2032c000);
res = syscall(__NR_msgget, 0, 0x20);
if (res != -1)
r[147] = res;
syscall(__NR_msgrcv, r[147], 0x20000180, 0xf2, 3, 0x3000);
syscall(__NR_msgrcv, r[147], 0x20000080, 0xc9, 3, 0x2000);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[148] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[148], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[149] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[149], 0x10d, 0xdb, 0x200002c0, 0x20000000);
memcpy((void*)0x20000040, "/dev/bus/usb/00#/00#", 21);
syz_open_dev(0x20000040, 0xfff, 0x482001);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[150] = res;
*(uint64_t*)0x20000140 = 0xfff;
*(uint16_t*)0x20000148 = 2;
*(uint16_t*)0x2000014a = htobe16(0x4e23);
*(uint32_t*)0x2000014c = htobe32(0);
*(uint8_t*)0x20000150 = 0;
*(uint8_t*)0x20000151 = 0;
*(uint8_t*)0x20000152 = 0;
*(uint8_t*)0x20000153 = 0;
*(uint8_t*)0x20000154 = 0;
*(uint8_t*)0x20000155 = 0;
*(uint8_t*)0x20000156 = 0;
*(uint8_t*)0x20000157 = 0;
*(uint16_t*)0x20000158 = 2;
*(uint16_t*)0x2000015a = htobe16(0x4e20);
*(uint32_t*)0x2000015c = htobe32(0xe0000001);
*(uint8_t*)0x20000160 = 0;
*(uint8_t*)0x20000161 = 0;
*(uint8_t*)0x20000162 = 0;
*(uint8_t*)0x20000163 = 0;
*(uint8_t*)0x20000164 = 0;
*(uint8_t*)0x20000165 = 0;
*(uint8_t*)0x20000166 = 0;
*(uint8_t*)0x20000167 = 0;
*(uint16_t*)0x20000168 = 2;
*(uint16_t*)0x2000016a = htobe16(0x4e22);
*(uint32_t*)0x2000016c = htobe32(0);
*(uint8_t*)0x20000170 = 0;
*(uint8_t*)0x20000171 = 0;
*(uint8_t*)0x20000172 = 0;
*(uint8_t*)0x20000173 = 0;
*(uint8_t*)0x20000174 = 0;
*(uint8_t*)0x20000175 = 0;
*(uint8_t*)0x20000176 = 0;
*(uint8_t*)0x20000177 = 0;
*(uint16_t*)0x20000178 = 0x280;
*(uint16_t*)0x2000017a = 4;
*(uint64_t*)0x20000180 = 3;
*(uint64_t*)0x20000188 = 0x200;
*(uint16_t*)0x20000190 = 6;
*(uint64_t*)0x20000198 = 0x20000000;
memcpy((void*)0x20000000,
"\x69\x70\x36\x67\x72\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16);
*(uint64_t*)0x200001a0 = 0xfffffffffffffff8;
*(uint64_t*)0x200001a8 = 7;
*(uint16_t*)0x200001b0 = -1;
syscall(__NR_ioctl, r[150], 0x890d, 0x20000140);
syscall(__NR_ioctl, r[150], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[151] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[151];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
syscall(__NR_socket, 0xa, 0, 0x84);
*(uint32_t*)0x20001000 = 0x10000;
*(uint32_t*)0x20001004 = 4;
*(uint32_t*)0x20001008 = 0x100;
*(uint32_t*)0x2000100c = 0x400;
syscall(__NR_setsockopt, -1, 0x84, 0, 0x20001000, 0xffffffffffffff6e);
res = syscall(__NR_socket, 0x11, 0x4000000000080003, 0);
if (res != -1)
r[152] = res;
*(uint32_t*)0x20000000 = 2;
syscall(__NR_setsockopt, r[152], 0x107, 0xa, 0x20000000, 4);
syscall(__NR_setsockopt, r[152], 0x107, 0xd, 0x20001000, 0x1fd);
*(uint64_t*)0x20008e00 = 0x20000040;
*(uint16_t*)0x20000040 = 0xa;
*(uint16_t*)0x20000042 = htobe16(0);
*(uint32_t*)0x20000044 = 4;
*(uint8_t*)0x20000048 = -1;
*(uint8_t*)0x20000049 = 1;
*(uint8_t*)0x2000004a = 0;
*(uint8_t*)0x2000004b = 0;
*(uint8_t*)0x2000004c = 0;
*(uint8_t*)0x2000004d = 0;
*(uint8_t*)0x2000004e = 0;
*(uint8_t*)0x2000004f = 0;
*(uint8_t*)0x20000050 = 0;
*(uint8_t*)0x20000051 = 0;
*(uint8_t*)0x20000052 = 0;
*(uint8_t*)0x20000053 = 0;
*(uint8_t*)0x20000054 = 0;
*(uint8_t*)0x20000055 = 0;
*(uint8_t*)0x20000056 = 0;
*(uint8_t*)0x20000057 = 1;
*(uint32_t*)0x20000058 = 0;
*(uint32_t*)0x20008e08 = 0x1c;
*(uint64_t*)0x20008e10 = 0x20000400;
*(uint64_t*)0x20008e18 = 0;
*(uint64_t*)0x20008e20 = 0;
*(uint64_t*)0x20008e28 = 0;
*(uint32_t*)0x20008e30 = 0;
syscall(__NR_sendmmsg, r[152], 0x20008e00, 1, 0x4040);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
memcpy((void*)0x20000000, "/dev/snd/controlC#", 19);
res = syz_open_dev(0x20000000, 7, 0x204000);
if (res != -1)
r[153] = res;
syscall(__NR_mmap, 0x203b9000, 0x2000, 0x100000b, 0x1013, r[153], 0);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
res = syscall(__NR_getpgid, 0);
if (res != -1)
r[154] = res;
syscall(__NR_read, -1, 0x20000140, 0x1c);
*(uint8_t*)0x20418f50 = 0x80;
*(uint8_t*)0x20418f51 = 0;
memcpy((void*)0x20418f52,
"\x0a\x4c\xea\xa0\x5d\x9a\x00\x00\x00\x00\x00\x00\x00\x03\x9b\x3f\xd4"
"\xce\xc3\x07\xe8\xef\x3d\x13\xeb\x79\x0e\xc9\xc6\x5a\xba\xf9\x0d\x22"
"\x9d\xb6\x92\x54\x2e\x5b\x78\xf8\xb2\x9e\x0a\x27\x80\x0f\x00\x00\x00"
"\x00\x00\x00\x00\x09\xfb\x42\xf3\x76\x58\x97\x01\xa4",
64);
*(uint32_t*)0x20418f94 = 0xd1376637;
*(uint32_t*)0x20418f98 = 0x10800a;
*(uint32_t*)0x20418f9c = 0;
*(uint32_t*)0x20418fa0 = 0;
*(uint32_t*)0x20418fa4 = 0;
*(uint32_t*)0x20418fa8 = 0;
*(uint32_t*)0x20418fac = 0;
*(uint64_t*)0x20418fb0 = 0;
*(uint32_t*)0x20418fb8 = 0;
*(uint32_t*)0x20418fbc = 0;
*(uint8_t*)0x20418fc0 = 0;
*(uint8_t*)0x20418fc1 = 0;
*(uint8_t*)0x20418fc2 = 0;
*(uint8_t*)0x20418fc3 = 0;
*(uint8_t*)0x20418fc4 = 0;
*(uint8_t*)0x20418fc5 = 0;
*(uint8_t*)0x20418fc6 = 0;
*(uint8_t*)0x20418fc7 = 0;
*(uint8_t*)0x20418fc8 = 0;
*(uint8_t*)0x20418fc9 = 0;
*(uint8_t*)0x20418fca = 0;
*(uint8_t*)0x20418fcb = 0;
*(uint8_t*)0x20418fcc = 0;
*(uint8_t*)0x20418fcd = 0;
*(uint8_t*)0x20418fce = 0;
*(uint8_t*)0x20418fcf = 0;
*(uint8_t*)0x20418fd0 = 0;
*(uint8_t*)0x20418fd1 = 0;
*(uint8_t*)0x20418fd2 = 0;
*(uint8_t*)0x20418fd3 = 0;
*(uint8_t*)0x20418fd4 = 0;
*(uint8_t*)0x20418fd5 = 0;
*(uint8_t*)0x20418fd6 = 0;
*(uint8_t*)0x20418fd7 = 0;
*(uint8_t*)0x20418fd8 = 0;
*(uint8_t*)0x20418fd9 = 0;
*(uint8_t*)0x20418fda = 0;
*(uint8_t*)0x20418fdb = 0;
*(uint8_t*)0x20418fdc = 0;
*(uint8_t*)0x20418fdd = 0;
*(uint8_t*)0x20418fde = 0;
*(uint8_t*)0x20418fdf = 0;
*(uint8_t*)0x20418fe0 = 0;
*(uint8_t*)0x20418fe1 = 0;
*(uint8_t*)0x20418fe2 = 0;
*(uint8_t*)0x20418fe3 = 0;
*(uint8_t*)0x20418fe4 = 0;
*(uint8_t*)0x20418fe5 = 0;
*(uint8_t*)0x20418fe6 = 0;
*(uint8_t*)0x20418fe7 = 0;
*(uint8_t*)0x20418fe8 = 0;
*(uint8_t*)0x20418fe9 = 0;
*(uint8_t*)0x20418fea = 0;
*(uint8_t*)0x20418feb = 0;
*(uint8_t*)0x20418fec = 0;
*(uint8_t*)0x20418fed = 0;
*(uint8_t*)0x20418fee = 0;
*(uint8_t*)0x20418fef = 0;
*(uint8_t*)0x20418ff0 = 0;
*(uint8_t*)0x20418ff1 = 0;
*(uint8_t*)0x20418ff2 = 0;
*(uint8_t*)0x20418ff3 = 0;
*(uint8_t*)0x20418ff4 = 0;
*(uint8_t*)0x20418ff5 = 0;
*(uint8_t*)0x20418ff6 = 0;
*(uint8_t*)0x20418ff7 = 0;
*(uint8_t*)0x20418ff8 = 0;
*(uint8_t*)0x20418ff9 = 0;
*(uint8_t*)0x20418ffa = 0;
syscall(__NR_ioctl, -1, 0xc0a85320, 0x20418f50);
*(uint64_t*)0x20000200 = 0x101;
syscall(__NR_sched_setaffinity, r[154], 8, 0x20000200);
*(uint32_t*)0x2019ffe9 = 0xc1;
*(uint64_t*)0x2019fff1 = 0x77359400;
*(uint64_t*)0x2019fff9 = 0;
*(uint8_t*)0x201a0001 = 0;
*(uint8_t*)0x201a0002 = 0;
*(uint8_t*)0x201a0003 = 0;
*(uint8_t*)0x201a0004 = 0;
*(uint32_t*)0x201a0005 = 3;
*(uint8_t*)0x201a0009 = 0;
*(uint32_t*)0x201a000d = 0;
*(uint32_t*)0x201a0011 = 0;
*(uint32_t*)0x201a0015 = 0;
*(uint32_t*)0x201a0019 = 0;
*(uint32_t*)0x201a001d = 0;
*(uint32_t*)0x201a0021 = 0;
*(uint32_t*)0x201a0025 = 0;
*(uint32_t*)0x201a0029 = 0;
*(uint32_t*)0x201a002d = 0;
*(uint32_t*)0x201a0031 = 0;
syscall(__NR_ioctl, -1, 0x4040534e, 0x2019ffe9);
*(uint32_t*)0x20000240 = 8;
*(uint32_t*)0x20000244 = 0;
*(uint32_t*)0x20000248 = 0;
memcpy((void*)0x2000024c,
"\x71\x75\x65\x75\x65\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
64);
*(uint32_t*)0x2000028c = 0;
*(uint8_t*)0x20000290 = 0;
*(uint8_t*)0x20000291 = 0;
*(uint8_t*)0x20000292 = 0;
*(uint8_t*)0x20000293 = 0;
*(uint8_t*)0x20000294 = 0;
*(uint8_t*)0x20000295 = 0;
*(uint8_t*)0x20000296 = 0;
*(uint8_t*)0x20000297 = 0;
*(uint8_t*)0x20000298 = 0;
*(uint8_t*)0x20000299 = 0;
*(uint8_t*)0x2000029a = 0;
*(uint8_t*)0x2000029b = 0;
*(uint8_t*)0x2000029c = 0;
*(uint8_t*)0x2000029d = 0;
*(uint8_t*)0x2000029e = 0;
*(uint8_t*)0x2000029f = 0;
*(uint8_t*)0x200002a0 = 0;
*(uint8_t*)0x200002a1 = 0;
*(uint8_t*)0x200002a2 = 0;
*(uint8_t*)0x200002a3 = 0;
*(uint8_t*)0x200002a4 = 0;
*(uint8_t*)0x200002a5 = 0;
*(uint8_t*)0x200002a6 = 0;
*(uint8_t*)0x200002a7 = 0;
*(uint8_t*)0x200002a8 = 0;
*(uint8_t*)0x200002a9 = 0;
*(uint8_t*)0x200002aa = 0;
*(uint8_t*)0x200002ab = 0;
*(uint8_t*)0x200002ac = 0;
*(uint8_t*)0x200002ad = 0;
*(uint8_t*)0x200002ae = 0;
*(uint8_t*)0x200002af = 0;
*(uint8_t*)0x200002b0 = 0;
*(uint8_t*)0x200002b1 = 0;
*(uint8_t*)0x200002b2 = 0;
*(uint8_t*)0x200002b3 = 0;
*(uint8_t*)0x200002b4 = 0;
*(uint8_t*)0x200002b5 = 0;
*(uint8_t*)0x200002b6 = 0;
*(uint8_t*)0x200002b7 = 0;
*(uint8_t*)0x200002b8 = 0;
*(uint8_t*)0x200002b9 = 0;
*(uint8_t*)0x200002ba = 0;
*(uint8_t*)0x200002bb = 0;
*(uint8_t*)0x200002bc = 0;
*(uint8_t*)0x200002bd = 0;
*(uint8_t*)0x200002be = 0;
*(uint8_t*)0x200002bf = 0;
*(uint8_t*)0x200002c0 = 0;
*(uint8_t*)0x200002c1 = 0;
*(uint8_t*)0x200002c2 = 0;
*(uint8_t*)0x200002c3 = 0;
*(uint8_t*)0x200002c4 = 0;
*(uint8_t*)0x200002c5 = 0;
*(uint8_t*)0x200002c6 = 0;
*(uint8_t*)0x200002c7 = 0;
*(uint8_t*)0x200002c8 = 0;
*(uint8_t*)0x200002c9 = 0;
*(uint8_t*)0x200002ca = 0;
*(uint8_t*)0x200002cb = 0;
syscall(__NR_ioctl, -1, 0x408c5333, 0x20000240);
*(uint8_t*)0x20000000 = 0;
*(uint8_t*)0x20000001 = 0;
*(uint32_t*)0x20000004 = 0;
*(uint32_t*)0x20000008 = 0;
*(uint32_t*)0x2000000c = 0;
*(uint8_t*)0x20000010 = 0;
*(uint8_t*)0x20000011 = 0;
*(uint8_t*)0x20000012 = 0;
*(uint32_t*)0x20000014 = 0;
*(uint8_t*)0x20000018 = 0;
*(uint8_t*)0x20000019 = 0;
*(uint8_t*)0x2000001a = 0;
*(uint8_t*)0x2000001b = 0;
*(uint8_t*)0x2000001c = 0;
*(uint8_t*)0x2000001d = 0;
*(uint8_t*)0x2000001e = 0;
*(uint8_t*)0x2000001f = 0;
*(uint8_t*)0x20000020 = 0;
*(uint8_t*)0x20000021 = 0;
*(uint8_t*)0x20000022 = 0;
*(uint8_t*)0x20000023 = 0;
*(uint8_t*)0x20000024 = 0;
*(uint8_t*)0x20000025 = 0;
*(uint8_t*)0x20000026 = 0;
*(uint8_t*)0x20000027 = 0;
*(uint8_t*)0x20000028 = 0;
*(uint8_t*)0x20000029 = 0;
*(uint8_t*)0x2000002a = 0;
*(uint8_t*)0x2000002b = 0;
*(uint8_t*)0x2000002c = 0;
*(uint8_t*)0x2000002d = 0;
*(uint8_t*)0x2000002e = 0;
*(uint8_t*)0x2000002f = 0;
*(uint8_t*)0x20000030 = 0;
*(uint8_t*)0x20000031 = 0;
*(uint8_t*)0x20000032 = 0;
*(uint8_t*)0x20000033 = 0;
*(uint8_t*)0x20000034 = 0;
*(uint8_t*)0x20000035 = 0;
*(uint8_t*)0x20000036 = 0;
*(uint8_t*)0x20000037 = 0;
*(uint8_t*)0x20000038 = 0;
*(uint8_t*)0x20000039 = 0;
*(uint8_t*)0x2000003a = 0;
*(uint8_t*)0x2000003b = 0;
*(uint8_t*)0x2000003c = 0;
*(uint8_t*)0x2000003d = 0;
*(uint8_t*)0x2000003e = 0;
*(uint8_t*)0x2000003f = 0;
*(uint8_t*)0x20000040 = 0;
*(uint8_t*)0x20000041 = 0;
*(uint8_t*)0x20000042 = 0;
*(uint8_t*)0x20000043 = 0;
*(uint8_t*)0x20000044 = 0;
*(uint8_t*)0x20000045 = 0;
*(uint8_t*)0x20000046 = 0;
*(uint8_t*)0x20000047 = 0;
*(uint8_t*)0x20000048 = 0;
*(uint8_t*)0x20000049 = 0;
*(uint8_t*)0x2000004a = 0;
*(uint8_t*)0x2000004b = 0;
*(uint8_t*)0x2000004c = 0;
*(uint8_t*)0x2000004d = 0;
*(uint8_t*)0x2000004e = 0;
*(uint8_t*)0x2000004f = 0;
*(uint8_t*)0x20000050 = 0;
*(uint8_t*)0x20000051 = 0;
*(uint8_t*)0x20000052 = 0;
*(uint8_t*)0x20000053 = 0;
*(uint8_t*)0x20000054 = 0;
*(uint8_t*)0x20000055 = 0;
*(uint8_t*)0x20000056 = 0;
*(uint8_t*)0x20000057 = 0;
syscall(__NR_ioctl, -1, 0xc058534f, 0x20000000);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[155] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[155], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[156] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[156], 0x10d, 0xdb, 0x200002c0, 0x20000000);
memcpy((void*)0x20000040,
"\x62\x72\x69\x64\x67\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16);
*(uint8_t*)0x20000050 = 0;
*(uint8_t*)0x20000051 = 0;
*(uint8_t*)0x20000052 = 0;
*(uint8_t*)0x20000053 = 0;
*(uint8_t*)0x20000054 = 0;
*(uint8_t*)0x20000055 = 0;
syscall(__NR_ioctl, r[155], 0x8924, 0x20000040);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[157] = res;
syscall(__NR_ioctl, r[157], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[158] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[158];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x20000000, "/dev/audio#", 12);
res = syz_open_dev(0x20000000, 0xd0d, 0);
if (res != -1)
r[159] = res;
syscall(__NR_ioctl, r[159], 0x80045500, 0x200000c0);
memcpy((void*)0x20000040, "/dev/fuse", 10);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000040, 2, 0);
if (res != -1)
r[160] = res;
syscall(__NR_mmap, 0x20000000, 0x400000, 6, 0x10010, r[160], 0);
syscall(__NR_getrlimit, 1, 0x20000080);
syscall(__NR_mremap, 0x20ffa000, 0x3000, 0x6000, 2, 0x206ff000);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[161] = res;
res = syscall(__NR_ioctl, r[161], 0xae01, 0);
if (res != -1)
r[162] = res;
memcpy((void*)0x200000c0, "/dev/usbmon#", 13);
res = syz_open_dev(0x200000c0, 0x34, 0x80);
if (res != -1)
r[163] = res;
*(uint16_t*)0x20000200 = 0xa;
*(uint16_t*)0x20000202 = htobe16(0x4e23);
*(uint32_t*)0x20000204 = 0x89e;
*(uint8_t*)0x20000208 = 0xfe;
*(uint8_t*)0x20000209 = 0x80;
*(uint8_t*)0x2000020a = 0;
*(uint8_t*)0x2000020b = 0;
*(uint8_t*)0x2000020c = 0;
*(uint8_t*)0x2000020d = 0;
*(uint8_t*)0x2000020e = 0;
*(uint8_t*)0x2000020f = 0;
*(uint8_t*)0x20000210 = 0;
*(uint8_t*)0x20000211 = 0;
*(uint8_t*)0x20000212 = 0;
*(uint8_t*)0x20000213 = 0;
*(uint8_t*)0x20000214 = 0;
*(uint8_t*)0x20000215 = 0;
*(uint8_t*)0x20000216 = 0;
*(uint8_t*)0x20000217 = 0xbb;
*(uint32_t*)0x20000218 = 0x87;
*(uint16_t*)0x2000021c = 0xa;
*(uint16_t*)0x2000021e = htobe16(0x4e22);
*(uint32_t*)0x20000220 = 0xb065;
*(uint8_t*)0x20000224 = 0;
*(uint8_t*)0x20000225 = 0;
*(uint8_t*)0x20000226 = 0;
*(uint8_t*)0x20000227 = 0;
*(uint8_t*)0x20000228 = 0;
*(uint8_t*)0x20000229 = 0;
*(uint8_t*)0x2000022a = 0;
*(uint8_t*)0x2000022b = 0;
*(uint8_t*)0x2000022c = 0;
*(uint8_t*)0x2000022d = 0;
*(uint8_t*)0x2000022e = -1;
*(uint8_t*)0x2000022f = -1;
*(uint8_t*)0x20000230 = 0xac;
*(uint8_t*)0x20000231 = 0x14;
*(uint8_t*)0x20000232 = 0x14;
*(uint8_t*)0x20000233 = 0xaa;
*(uint32_t*)0x20000234 = 8;
*(uint16_t*)0x20000238 = 5;
*(uint32_t*)0x2000023c = 9;
*(uint32_t*)0x20000240 = 3;
*(uint32_t*)0x20000244 = 0;
*(uint32_t*)0x20000248 = 2;
*(uint32_t*)0x2000024c = 7;
*(uint32_t*)0x20000250 = 0x76;
*(uint32_t*)0x20000254 = 0xc3b;
*(uint32_t*)0x20000258 = 6;
syscall(__NR_setsockopt, r[163], 0x29, 0xcd, 0x20000200, 0x5c);
syscall(__NR_socket, 0x18, 1, 1);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[162], 0x4040ae79, 0x20000100);
memcpy((void*)0x20000080, "\x69\x70\x76\x73\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00",
29);
*(uint8_t*)0x2000009d = 0;
*(uint32_t*)0x200001c0 = 0x1e;
syscall(__NR_getsockopt, r[161], 0, 0x42, 0x20000080, 0x200001c0);
syscall(__NR_mprotect, 0x20000000, 0x800000, 4);
syscall(__NR_io_setup, 0x70d, 0x20000000);
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x200001c0 = 0;
syscall(__NR_ppoll, 0x20000080, 0xda, 0x20000180, 0x200001c0, 8);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[164] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x100010, r[164],
0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[165] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[165], 0x10d, 0xdb, 0x200002c0, 0x20000000);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[166] = res;
memcpy((void*)0x20000200, "/dev/vcs#", 10);
syz_open_dev(0x20000200, 0x7cb, 0xc900);
memcpy((void*)0x20000300, "/dev/null", 10);
syscall(__NR_openat, 0xffffffffffffff9c, 0x20000300, 0x100, 0);
memcpy((void*)0x20000340, "/dev/qat_adf_ctl", 17);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000340, 0x200000, 0);
if (res != -1)
r[167] = res;
syscall(__NR_ioctl, r[167], 0x8912, 0xac0c);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
memcpy((void*)0x200000c0, "/dev/sequencer", 15);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200000c0, 0x210080, 0);
if (res != -1)
r[168] = res;
*(uint32_t*)0x200001c0 = 8;
*(uint64_t*)0x200001c4 = 0;
syscall(__NR_epoll_ctl, r[168], 3, r[166], 0x200001c0);
res = syscall(__NR_gettid);
if (res != -1)
r[169] = res;
memcpy((void*)0x20000000, "/dev/zero", 10);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x88002, 0);
if (res != -1)
r[170] = res;
memcpy((void*)0x20000380, "security.evm", 13);
*(uint8_t*)0x20000280 = 1;
memcpy((void*)0x20000281,
"\x6c\x87\x79\xfb\x1e\x88\x5e\x7b\x7f\x0b\x3d\xb2\x1b\xf7\x6a\x45",
16);
syscall(__NR_fsetxattr, r[167], 0x20000380, 0x20000280, 0x221, 1);
syscall(__NR_ioctl, r[170], 0x4b6a, 0x20000140);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
syscall(__NR_fcntl, r[166], 8, r[169]);
memcpy((void*)0x20000000, "/dev/vsock", 11);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x400000, 0);
if (res != -1)
r[171] = res;
syscall(__NR_mmap, 0x20000000, 0x400000, 0x1000000, 0x5c831, r[171], 0);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x2000, 3, 0x2015b000);
*(uint8_t*)0x20000040 = 6;
syscall(__NR_setsockopt, r[171], 0x112, 9, 0x20000040, 1);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[172] = res;
syscall(__NR_ioctl, r[172], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
memcpy((void*)0x20000000, "/dev/dmmidi#", 13);
res = syz_open_dev(0x20000000, 0xd29e, 0x8000);
if (res != -1)
r[173] = res;
*(uint32_t*)0x200000c0 = 0xa;
*(uint16_t*)0x200000c4 = 5;
*(uint16_t*)0x200000c6 = 7;
*(uint16_t*)0x200000c8 = 0;
*(uint16_t*)0x200000ca = 2;
*(uint16_t*)0x200000cc = 3;
*(uint16_t*)0x200000ce = 0xb0;
*(uint16_t*)0x200000d0 = 0x1514;
*(uint16_t*)0x200000d2 = 0;
*(uint16_t*)0x200000d4 = 8;
*(uint16_t*)0x200000d6 = 7;
syscall(__NR_setsockopt, r[173], 0x84, 0x16, 0x200000c0, 0x18);
res = syscall(__NR_gettid);
if (res != -1)
r[174] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[174];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x20000240, "net/protocols", 14);
res = syz_open_procfs(-1, 0x20000240);
if (res != -1)
r[175] = res;
*(uint32_t*)0x20000280 = 6;
*(uint32_t*)0x20000284 = 2;
*(uint32_t*)0x20000288 = 0x7fff;
*(uint32_t*)0x2000028c = 1;
syscall(__NR_ioctl, r[175], 0x4040ae70, 0x20000280);
syscall(__NR_ioctl, -1, 0x6612);
syscall(__NR_socket, 2, 6, 0);
memcpy((void*)0x20000040, "/dev/admmidi#", 14);
syz_open_dev(0x20000040, 0x49c3, 0xa0100);
res = syscall(__NR_socket, 0x10, 3, 6);
if (res != -1)
r[176] = res;
memcpy((void*)0x20000040,
"\x65\x71\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
16);
*(uint32_t*)0x20000050 = 0;
syscall(__NR_ioctl, r[176], 0x8933, 0x20000040);
syscall(__NR_getuid);
memcpy((void*)0x20000080, "./file0", 8);
syscall(__NR_lstat, 0x20000080, 0x200001c0);
*(uint32_t*)0x20001ac0 = 0x14;
res = syscall(__NR_accept, 0xffffff9c, 0x20001a80, 0x20001ac0);
if (res != -1)
r[177] = *(uint32_t*)0x20001a84;
memcpy((void*)0x20000000, "/dev/null", 10);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x200, 0);
if (res != -1)
r[178] = res;
*(uint32_t*)0x20000180 = 0;
*(uint16_t*)0x20000184 = 0x18;
*(uint16_t*)0x20000186 = 0xfa00;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0x20000100;
*(uint16_t*)0x20000198 = 0x13f;
*(uint8_t*)0x2000019a = 8;
*(uint8_t*)0x2000019b = 0;
*(uint8_t*)0x2000019c = 0;
*(uint8_t*)0x2000019d = 0;
*(uint8_t*)0x2000019e = 0;
*(uint8_t*)0x2000019f = 0;
res = syscall(__NR_write, 0xffffff9c, 0x20000180, 0x20);
if (res != -1)
r[179] = *(uint32_t*)0x20000100;
*(uint32_t*)0x20000240 = 4;
*(uint16_t*)0x20000244 = 8;
*(uint16_t*)0x20000246 = 0xfa00;
*(uint32_t*)0x20000248 = r[179];
*(uint32_t*)0x2000024c = 0xeda;
syscall(__NR_write, r[178], 0x20000240, 0x10);
*(uint64_t*)0x200000c0 = 0x20001b00;
*(uint16_t*)0x20001b00 = 0x10;
*(uint16_t*)0x20001b02 = 0;
*(uint32_t*)0x20001b04 = 0;
*(uint32_t*)0x20001b08 = 0;
*(uint32_t*)0x200000c8 = 0xc;
*(uint64_t*)0x200000d0 = 0x20000140;
*(uint64_t*)0x20000140 = 0x200005c0;
*(uint32_t*)0x200005c0 = 0xf8;
*(uint16_t*)0x200005c4 = 0x1f;
*(uint16_t*)0x200005c6 = 0x21;
*(uint32_t*)0x200005c8 = 0x70bd2a;
*(uint32_t*)0x200005cc = 0x25dfdbfd;
*(uint8_t*)0x200005d0 = 0xac;
*(uint8_t*)0x200005d1 = 0x14;
*(uint8_t*)0x200005d2 = 0x14;
*(uint8_t*)0x200005d3 = 0xb;
*(uint32_t*)0x200005e0 = htobe32(0x4d5);
*(uint16_t*)0x200005e4 = 0xa;
*(uint8_t*)0x200005e6 = 0x3e;
*(uint8_t*)0x200005e8 = 0xfe;
*(uint8_t*)0x200005e9 = 0x80;
*(uint8_t*)0x200005ea = 0;
*(uint8_t*)0x200005eb = 0;
*(uint8_t*)0x200005ec = 0;
*(uint8_t*)0x200005ed = 0;
*(uint8_t*)0x200005ee = 0;
*(uint8_t*)0x200005ef = 0;
*(uint8_t*)0x200005f0 = 0;
*(uint8_t*)0x200005f1 = 0;
*(uint8_t*)0x200005f2 = 0;
*(uint8_t*)0x200005f3 = 0;
*(uint8_t*)0x200005f4 = 0;
*(uint8_t*)0x200005f5 = 0;
*(uint8_t*)0x200005f6 = 0;
*(uint8_t*)0x200005f7 = 0xbb;
*(uint32_t*)0x200005f8 = 9;
*(uint32_t*)0x200005fc = 0x3500;
*(uint16_t*)0x20000600 = 0x28;
*(uint16_t*)0x20000602 = 0x1a;
*(uint8_t*)0x20000604 = 0xfe;
*(uint8_t*)0x20000605 = 0x80;
*(uint8_t*)0x20000606 = 0;
*(uint8_t*)0x20000607 = 0;
*(uint8_t*)0x20000608 = 0;
*(uint8_t*)0x20000609 = 0;
*(uint8_t*)0x2000060a = 0;
*(uint8_t*)0x2000060b = 0;
*(uint8_t*)0x2000060c = 0;
*(uint8_t*)0x2000060d = 0;
*(uint8_t*)0x2000060e = 0;
*(uint8_t*)0x2000060f = 0;
*(uint8_t*)0x20000610 = 0;
*(uint8_t*)0x20000611 = 0;
*(uint8_t*)0x20000612 = 0;
*(uint8_t*)0x20000613 = 0x11;
*(uint8_t*)0x20000614 = 0xac;
*(uint8_t*)0x20000615 = 0x14;
*(uint8_t*)0x20000616 = 0x14;
*(uint8_t*)0x20000617 = 0xaa;
*(uint16_t*)0x20000624 = 0xa;
*(uint8_t*)0x20000626 = 1;
*(uint8_t*)0x20000627 = 8;
*(uint16_t*)0x20000628 = 0xc;
*(uint16_t*)0x2000062a = 0x1c;
*(uint32_t*)0x2000062c = r[177];
*(uint8_t*)0x20000630 = 3;
*(uint16_t*)0x20000634 = 8;
*(uint16_t*)0x20000636 = 0x19;
*(uint8_t*)0x20000638 = -1;
*(uint16_t*)0x2000063c = 0xc;
*(uint16_t*)0x2000063e = 0x10;
*(uint8_t*)0x20000640 = 1;
*(uint16_t*)0x20000642 = 0;
*(uint8_t*)0x20000644 = 0;
*(uint16_t*)0x20000648 = 0x48;
*(uint16_t*)0x2000064a = 2;
memcpy((void*)0x2000064c,
"\x72\x66\x63\x33\x36\x38\x36\x28\x6c\x72\x77\x2d\x73\x65\x72\x70\x65"
"\x6e\x74\x2d\x61\x76\x78\x32\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
64);
*(uint32_t*)0x2000068c = 0;
*(uint16_t*)0x20000690 = 0x14;
*(uint16_t*)0x20000692 = 0xe;
*(uint64_t*)0x20000694 = htobe64(0);
*(uint64_t*)0x2000069c = htobe64(1);
*(uint16_t*)0x200006a4 = 0xc;
*(uint16_t*)0x200006a6 = 8;
*(uint16_t*)0x200006a8 = 8;
*(uint16_t*)0x200006aa = 8;
*(uint8_t*)0x200006ac = 0;
*(uint8_t*)0x200006ad = 1;
*(uint16_t*)0x200006ae = 0;
*(uint16_t*)0x200006b0 = 8;
*(uint16_t*)0x200006b2 = 0x18;
*(uint32_t*)0x200006b4 = 0;
*(uint64_t*)0x20000148 = 0xf8;
*(uint64_t*)0x200000d8 = 8;
*(uint64_t*)0x200000e0 = 0;
*(uint64_t*)0x200000e8 = 0;
*(uint32_t*)0x200000f0 = 0;
syscall(__NR_sendmsg, r[176], 0x200000c0, 0);
memcpy((void*)0x20000340, "/dev/kvm", 9);
syscall(__NR_openat, 0xffffffffffffff9c, 0x20000340, 0x2000, 0);
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[180] = res;
syscall(__NR_ioctl, r[180], 0x800000008912, 0x200000c0);
memcpy((void*)0x20000200, "/dev/rfkill", 12);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000200, 0x301000, 0);
if (res != -1)
r[181] = res;
memcpy((void*)0x20000240, "./file0", 8);
syscall(__NR_unlinkat, r[181], 0x20000240, 0x200);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
res = syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
if (res != -1)
r[182] = res;
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, -1, 0x4040ae79, 0x20000100);
memcpy((void*)0x200001c0, "security.apparmor", 18);
syscall(__NR_fremovexattr, r[182], 0x200001c0);
syscall(__NR_ioctl, r[180], 0x894b, 0x20000080);
syscall(__NR_getgid);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[183] = res;
syscall(__NR_ioctl, r[183], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[184] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[184];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
res = syscall(__NR_dup, r[183]);
if (res != -1)
r[185] = res;
*(uint32_t*)0x20000140 = 0;
*(uint16_t*)0x20000144 = 0x18;
*(uint16_t*)0x20000146 = 0xfa00;
*(uint64_t*)0x20000148 = 1;
*(uint64_t*)0x20000150 = 0x200000c0;
*(uint16_t*)0x20000158 = 2;
*(uint8_t*)0x2000015a = 7;
*(uint8_t*)0x2000015b = 0;
*(uint8_t*)0x2000015c = 0;
*(uint8_t*)0x2000015d = 0;
*(uint8_t*)0x2000015e = 0;
*(uint8_t*)0x2000015f = 0;
res = syscall(__NR_write, r[185], 0x20000140, 0x20);
if (res != -1)
r[186] = *(uint32_t*)0x200000c0;
memcpy((void*)0x20000180, "/dev/rfkill", 12);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000180, 0x4100, 0);
if (res != -1)
r[187] = res;
*(uint32_t*)0x20000300 = 0x14;
*(uint16_t*)0x20000304 = 0x88;
*(uint16_t*)0x20000306 = 0xfa00;
*(uint32_t*)0x20000308 = r[186];
*(uint16_t*)0x2000030c = 0x1c;
*(uint16_t*)0x2000030e = 0;
*(uint16_t*)0x20000310 = 2;
*(uint16_t*)0x20000312 = htobe16(0x4e24);
*(uint8_t*)0x20000314 = 0xac;
*(uint8_t*)0x20000315 = 0x14;
*(uint8_t*)0x20000316 = 0x14;
*(uint8_t*)0x20000317 = 0xaa;
*(uint8_t*)0x20000318 = 0;
*(uint8_t*)0x20000319 = 0;
*(uint8_t*)0x2000031a = 0;
*(uint8_t*)0x2000031b = 0;
*(uint8_t*)0x2000031c = 0;
*(uint8_t*)0x2000031d = 0;
*(uint8_t*)0x2000031e = 0;
*(uint8_t*)0x2000031f = 0;
syscall(__NR_write, r[187], 0x20000300, 0x90);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint32_t*)0x200003c0 = 0;
*(uint32_t*)0x200003c4 = 0;
*(uint32_t*)0x200001c0 = 8;
res = syscall(__NR_getsockopt, r[187], 0x84, 0x6d, 0x200003c0, 0x200001c0);
if (res != -1)
r[188] = *(uint32_t*)0x200003c0;
*(uint32_t*)0x20000480 = r[188];
*(uint16_t*)0x20000484 = 0xa;
*(uint16_t*)0x20000486 = htobe16(0x4e21);
*(uint32_t*)0x20000488 = 0xb4;
*(uint8_t*)0x2000048c = 0xfe;
*(uint8_t*)0x2000048d = 0x80;
*(uint8_t*)0x2000048e = 0;
*(uint8_t*)0x2000048f = 0;
*(uint8_t*)0x20000490 = 0;
*(uint8_t*)0x20000491 = 0;
*(uint8_t*)0x20000492 = 0;
*(uint8_t*)0x20000493 = 0;
*(uint8_t*)0x20000494 = 0;
*(uint8_t*)0x20000495 = 0;
*(uint8_t*)0x20000496 = 0;
*(uint8_t*)0x20000497 = 0;
*(uint8_t*)0x20000498 = 0;
*(uint8_t*)0x20000499 = 0;
*(uint8_t*)0x2000049a = 0;
*(uint8_t*)0x2000049b = 0xbb;
*(uint32_t*)0x2000049c = 0x10000;
syscall(__NR_setsockopt, r[187], 0x84, 6, 0x20000480, 0x84);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
syscall(__NR_ioctl, r[183], 5, 0x20000000);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[189] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[189], 0);
*(uint32_t*)0x20000000 = 0xf6;
syscall(__NR_getsockopt, r[189], 1, 0x1f, 0x20000300, 0x20000000);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[190] = res;
*(uint32_t*)0x200002c0 = 2;
syscall(__NR_getsockopt, r[190], 0x10d, 0xdb, 0x20000040, 0x200002c0);
res = syscall(__NR_io_setup, 0xfe, 0x200001c0);
if (res != -1)
r[191] = *(uint64_t*)0x200001c0;
memcpy((void*)0x20000000, "/dev/admmidi#", 14);
syz_open_dev(0x20000000, 0x2fb, 0x8000);
syscall(__NR_io_destroy, r[191]);
syscall(__NR_io_setup, 0x100, 0x20000080);
syscall(__NR_io_destroy, r[191]);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
memcpy((void*)0x20000180, "./file0", 8);
res = syscall(__NR_open, 0x20000180, 0, 0x80);
if (res != -1)
r[192] = res;
syscall(__NR_ioctl, r[192], 0x40046208, 0);
*(uint32_t*)0x20000340 = 0xe8;
res = syscall(__NR_getsockopt, r[192], 0, 0x11, 0x20000240, 0x20000340);
if (res != -1)
r[193] = *(uint32_t*)0x20000270;
*(uint16_t*)0x20000380 = 0x11;
*(uint16_t*)0x20000382 = htobe16(4);
*(uint32_t*)0x20000384 = r[193];
*(uint16_t*)0x20000388 = 1;
*(uint8_t*)0x2000038a = 0x13;
*(uint8_t*)0x2000038b = 6;
*(uint8_t*)0x2000038c = 0xaa;
*(uint8_t*)0x2000038d = 0xaa;
*(uint8_t*)0x2000038e = 0xaa;
*(uint8_t*)0x2000038f = 0xaa;
*(uint8_t*)0x20000390 = 0xaa;
*(uint8_t*)0x20000391 = 0xa;
*(uint8_t*)0x20000392 = 0;
*(uint8_t*)0x20000393 = 0;
syscall(__NR_recvfrom, r[192], 0x20000200, 0x1a, 0x2001, 0x20000380, 0x14);
memcpy((void*)0x20000080, "/dev/sequencer2", 16);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000080, 0x8000, 0);
if (res != -1)
r[194] = res;
*(uint32_t*)0x200000c0 = 0;
syscall(__NR_ioctl, r[194], 0x4004ae8b, 0x200000c0);
res = syscall(__NR_ioctl, -1, 0xae01, 0);
if (res != -1)
r[195] = res;
memcpy((void*)0x20000000, "trusted.overlay.opaque", 23);
memcpy((void*)0x20000040, "y", 2);
syscall(__NR_fsetxattr, r[195], 0x20000000, 0x20000040, 2, 1);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[196] = res;
syscall(__NR_ioctl, r[196], 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, -1, 0x4040ae79, 0x20000100);
memcpy((void*)0x20000080, "/dev/full", 10);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000080, 0x101000, 0);
if (res != -1)
r[197] = res;
*(uint16_t*)0x200001c0 = 2;
*(uint16_t*)0x200001c2 = htobe16(0x4e24);
*(uint32_t*)0x200001c4 = htobe32(0);
*(uint8_t*)0x200001c8 = 0;
*(uint8_t*)0x200001c9 = 0;
*(uint8_t*)0x200001ca = 0;
*(uint8_t*)0x200001cb = 0;
*(uint8_t*)0x200001cc = 0;
*(uint8_t*)0x200001cd = 0;
*(uint8_t*)0x200001ce = 0;
*(uint8_t*)0x200001cf = 0;
*(uint16_t*)0x200001d0 = 2;
*(uint16_t*)0x200001d2 = htobe16(0x4e21);
*(uint32_t*)0x200001d4 = htobe32(0x7f000001);
*(uint8_t*)0x200001d8 = 0;
*(uint8_t*)0x200001d9 = 0;
*(uint8_t*)0x200001da = 0;
*(uint8_t*)0x200001db = 0;
*(uint8_t*)0x200001dc = 0;
*(uint8_t*)0x200001dd = 0;
*(uint8_t*)0x200001de = 0;
*(uint8_t*)0x200001df = 0;
*(uint16_t*)0x200001e0 = 0xa;
*(uint16_t*)0x200001e2 = htobe16(0x4e21);
*(uint32_t*)0x200001e4 = 0x59175768;
*(uint8_t*)0x200001e8 = 0xfe;
*(uint8_t*)0x200001e9 = 0x80;
*(uint8_t*)0x200001ea = 0;
*(uint8_t*)0x200001eb = 0;
*(uint8_t*)0x200001ec = 0;
*(uint8_t*)0x200001ed = 0;
*(uint8_t*)0x200001ee = 0;
*(uint8_t*)0x200001ef = 0;
*(uint8_t*)0x200001f0 = 0;
*(uint8_t*)0x200001f1 = 0;
*(uint8_t*)0x200001f2 = 0;
*(uint8_t*)0x200001f3 = 0;
*(uint8_t*)0x200001f4 = 0;
*(uint8_t*)0x200001f5 = 0;
*(uint8_t*)0x200001f6 = 0;
*(uint8_t*)0x200001f7 = 0xbb;
*(uint32_t*)0x200001f8 = 0xfff;
*(uint16_t*)0x200001fc = 2;
*(uint16_t*)0x200001fe = htobe16(0x4e23);
*(uint32_t*)0x20000200 = htobe32(-1);
*(uint8_t*)0x20000204 = 0;
*(uint8_t*)0x20000205 = 0;
*(uint8_t*)0x20000206 = 0;
*(uint8_t*)0x20000207 = 0;
*(uint8_t*)0x20000208 = 0;
*(uint8_t*)0x20000209 = 0;
*(uint8_t*)0x2000020a = 0;
*(uint8_t*)0x2000020b = 0;
*(uint16_t*)0x2000020c = 0xa;
*(uint16_t*)0x2000020e = htobe16(0x4e22);
*(uint32_t*)0x20000210 = 0xfffffcda;
*(uint8_t*)0x20000214 = 0xfe;
*(uint8_t*)0x20000215 = 0x80;
*(uint8_t*)0x20000216 = 0;
*(uint8_t*)0x20000217 = 0;
*(uint8_t*)0x20000218 = 0;
*(uint8_t*)0x20000219 = 0;
*(uint8_t*)0x2000021a = 0;
*(uint8_t*)0x2000021b = 0;
*(uint8_t*)0x2000021c = 0;
*(uint8_t*)0x2000021d = 0;
*(uint8_t*)0x2000021e = 0;
*(uint8_t*)0x2000021f = 0;
*(uint8_t*)0x20000220 = 0;
*(uint8_t*)0x20000221 = 0;
*(uint8_t*)0x20000222 = 0;
*(uint8_t*)0x20000223 = 0x1b;
*(uint32_t*)0x20000224 = 0x101;
*(uint16_t*)0x20000228 = 2;
*(uint16_t*)0x2000022a = htobe16(0x4e20);
*(uint32_t*)0x2000022c = htobe32(0x7f000001);
*(uint8_t*)0x20000230 = 0;
*(uint8_t*)0x20000231 = 0;
*(uint8_t*)0x20000232 = 0;
*(uint8_t*)0x20000233 = 0;
*(uint8_t*)0x20000234 = 0;
*(uint8_t*)0x20000235 = 0;
*(uint8_t*)0x20000236 = 0;
*(uint8_t*)0x20000237 = 0;
syscall(__NR_setsockopt, r[197], 0x84, 0x64, 0x200001c0, 0x78);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[198] = res;
memcpy((void*)0x200000c0, "/proc/self/net/pfkey", 21);
syscall(__NR_memfd_create, 0x200000c0, 7);
syscall(__NR_ioctl, r[198], 0x8912, 0x100000000);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[199] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[199];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
memcpy((void*)0x20000000, "/proc/self/net/pfkey", 21);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x8000, 0);
if (res != -1)
r[200] = res;
*(uint8_t*)0x20000140 = 0;
*(uint8_t*)0x20000141 = 6;
*(uint32_t*)0x20000144 = 0;
*(uint32_t*)0x20000148 = 1;
*(uint32_t*)0x2000014c = 1;
*(uint8_t*)0x20000150 = 3;
*(uint8_t*)0x20000151 = 0x33;
*(uint8_t*)0x20000152 = 2;
*(uint32_t*)0x20000154 = 0x609d;
*(uint8_t*)0x20000158 = 0;
*(uint8_t*)0x20000159 = 0;
*(uint8_t*)0x2000015a = 0;
*(uint8_t*)0x2000015b = 0;
*(uint8_t*)0x2000015c = 0;
*(uint8_t*)0x2000015d = 0;
*(uint8_t*)0x2000015e = 0;
*(uint8_t*)0x2000015f = 0;
*(uint8_t*)0x20000160 = 0;
*(uint8_t*)0x20000161 = 0;
*(uint8_t*)0x20000162 = 0;
*(uint8_t*)0x20000163 = 0;
*(uint8_t*)0x20000164 = 0;
*(uint8_t*)0x20000165 = 0;
*(uint8_t*)0x20000166 = 0;
*(uint8_t*)0x20000167 = 0;
*(uint8_t*)0x20000168 = 0;
*(uint8_t*)0x20000169 = 0;
*(uint8_t*)0x2000016a = 0;
*(uint8_t*)0x2000016b = 0;
*(uint8_t*)0x2000016c = 0;
*(uint8_t*)0x2000016d = 0;
*(uint8_t*)0x2000016e = 0;
*(uint8_t*)0x2000016f = 0;
*(uint8_t*)0x20000170 = 0;
*(uint8_t*)0x20000171 = 0;
*(uint8_t*)0x20000172 = 0;
*(uint8_t*)0x20000173 = 0;
*(uint8_t*)0x20000174 = 0;
*(uint8_t*)0x20000175 = 0;
*(uint8_t*)0x20000176 = 0;
*(uint8_t*)0x20000177 = 0;
*(uint8_t*)0x20000178 = 0;
*(uint8_t*)0x20000179 = 0;
*(uint8_t*)0x2000017a = 0;
*(uint8_t*)0x2000017b = 0;
*(uint8_t*)0x2000017c = 0;
*(uint8_t*)0x2000017d = 0;
*(uint8_t*)0x2000017e = 0;
*(uint8_t*)0x2000017f = 0;
*(uint8_t*)0x20000180 = 0;
*(uint8_t*)0x20000181 = 0;
*(uint8_t*)0x20000182 = 0;
*(uint8_t*)0x20000183 = 0;
*(uint8_t*)0x20000184 = 0;
*(uint8_t*)0x20000185 = 0;
*(uint8_t*)0x20000186 = 0;
*(uint8_t*)0x20000187 = 0;
*(uint8_t*)0x20000188 = 0;
*(uint8_t*)0x20000189 = 0;
*(uint8_t*)0x2000018a = 0;
*(uint8_t*)0x2000018b = 0;
*(uint8_t*)0x2000018c = 0;
*(uint8_t*)0x2000018d = 0;
*(uint8_t*)0x2000018e = 0;
*(uint8_t*)0x2000018f = 0;
*(uint8_t*)0x20000190 = 0;
*(uint8_t*)0x20000191 = 0;
*(uint8_t*)0x20000192 = 0;
*(uint8_t*)0x20000193 = 0;
*(uint8_t*)0x20000194 = 0;
*(uint8_t*)0x20000195 = 0;
*(uint8_t*)0x20000196 = 0;
*(uint8_t*)0x20000197 = 0;
syscall(__NR_ioctl, r[200], 0xc058534f, 0x20000140);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0;
syscall(__NR_timer_settime, 0, 0x800000000, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x20000040, "/proc/thread-self/attr/exec", 28);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000040, 2, 0);
if (res != -1)
r[201] = res;
syscall(__NR_geteuid);
memcpy((void*)0x20000000, "\x84\x74\x61\x63\x6b\x20", 6);
memcpy((void*)0x20000006, "&", 2);
syscall(__NR_write, r[201], 0x20000000, 8);
res = syscall(__NR_socket, 0xa, 2, 0);
if (res != -1)
r[202] = res;
*(uint32_t*)0x200000c0 = 0xc;
syscall(__NR_getsockopt, r[202], 1, 0x11, 0x20000080, 0x200000c0);
res = syscall(__NR_ioctl, -1, 0x5429, 0x20000240);
if (res != -1)
r[203] = *(uint32_t*)0x20000240;
memcpy(
(void*)0x20000300,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\xf7\x4d\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xb0\x58\xa3\xe2\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e\xba\x96"
"\xb4\xeb\xeb\x8a\x1e\x29\x3e\xd4\xbe\xf7\x5c\xac\xc5\x38\x58\xd8\xaf\xfb"
"\x73\x5b\x5f\xbd\x50\xc4\x84\xdf\x58\x13\x2a\xc3\x17\x6e\xe1\xc5\x9c\x46"
"\x3a\xe1\x96\x01\xd0\x81\xd9\x4a\xaa\x1c\xb2\xc8\xf9\xa7\xa6\xf2\xf6\x90"
"\x65\x8c\x8e\x5f\xc7\x64\x9c\x23\x0e\xd2\x6b\x19\x36\xe7\x3a\x58\xb6\x11"
"\x0f\xce\x8e\x42\x61\x72\x13\x50\x25\xee\xaf\x0e\x7e\x09\x22\x19\x8e\x3c"
"\xe8\x75\xf8\x00\x39\x9e\x25\x11\x3d\x3f\x2a\xd4\xc3\x8c\x14\x14\x72\xc1"
"\xc4\xe9\xa6\x95\xb9\x32\x03\xe8\x7c\xf9\x0b\xf5\x45\x6b\xd5\x54\xcb\xbf"
"\xe8\xa2\x0c\x8d\x80\x15\x30\x6e\x2e\xc9\x6f\x4c\x09\x62\x1b\x70\x91\xc7"
"\x2f\x60\x38\x4c\xc8\x01\xe8\xb7\x7a\x2c\x1e",
569);
res = syz_open_procfs(r[203], 0x20000300);
if (res != -1)
r[204] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[204], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[205] = res;
*(uint32_t*)0x200000c0 = 4;
syscall(__NR_getsockopt, r[205], 0x10d, 0xdb, 0x200002c0, 0x200000c0);
syscall(__NR_ioctl, r[204], 0x5411, 0x20000040);
memcpy((void*)0x20000080, "syz", 3);
*(uint8_t*)0x20000083 = 0x21;
*(uint8_t*)0x20000084 = 0;
syscall(__NR_keyctl, 1, 0x20000080);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
memcpy((void*)0x20000000, "/dev/hwrng", 11);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x200, 0);
if (res != -1)
r[206] = res;
*(uint32_t*)0x20000080 = 0x14;
syscall(__NR_getsockopt, r[206], 0x29, 0x14, 0x20000040, 0x20000080);
syscall(__NR_setsockopt, r[206], 0x21, 0xd, 0x200000c0, 0);
syscall(__NR_madvise, 0x200b7000, 0x3000, 0x7f);
syscall(__NR_mlock, 0x20336000, 0x1000);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[207] = res;
res = syscall(__NR_ioctl, r[207], 0xae01, 0);
if (res != -1)
r[208] = res;
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[209] = res;
syscall(__NR_ioctl, r[209], 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[208], 0x4040ae79, 0x20000100);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[210] = res;
syscall(__NR_ioctl, r[210], 0x8912, 0x400200);
*(uint64_t*)0x20000000 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000000, 0, 0xffffffffffffffdc);
res = syscall(__NR_gettid);
if (res != -1)
r[211] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[211];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x20000100, "/dev/sequencer", 15);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000100, 2, 0);
if (res != -1)
r[212] = res;
*(uint8_t*)0x20000000 = -1;
*(uint8_t*)0x20000001 = 0;
*(uint8_t*)0x20000002 = 0;
*(uint8_t*)0x20000003 = 0;
*(uint32_t*)0x20000008 = 0;
*(uint8_t*)0x20000018 = 0;
*(uint8_t*)0x20000019 = 0;
*(uint8_t*)0x2000001a = 0;
*(uint8_t*)0x2000001b = 0;
*(uint8_t*)0x20000020 = 0;
*(uint8_t*)0x20000021 = 0;
*(uint8_t*)0x20000022 = 0;
*(uint8_t*)0x20000023 = 0;
syscall(__NR_write, r[212], 0x20000000, 0x30);
res = syscall(__NR_socket, 0x10, 3, 2);
if (res != -1)
r[213] = res;
*(uint32_t*)0x200001c0 = 0;
*(uint32_t*)0x200001c4 = 0x2c;
*(uint64_t*)0x200001c8 = 0x20000180;
*(uint16_t*)0x20000180 = 2;
*(uint16_t*)0x20000182 = htobe16(0x4e22);
*(uint8_t*)0x20000184 = 0xac;
*(uint8_t*)0x20000185 = 0x14;
*(uint8_t*)0x20000186 = 0x14;
*(uint8_t*)0x20000187 = 0xaa;
*(uint8_t*)0x20000188 = 0;
*(uint8_t*)0x20000189 = 0;
*(uint8_t*)0x2000018a = 0;
*(uint8_t*)0x2000018b = 0;
*(uint8_t*)0x2000018c = 0;
*(uint8_t*)0x2000018d = 0;
*(uint8_t*)0x2000018e = 0;
*(uint8_t*)0x2000018f = 0;
*(uint16_t*)0x20000190 = 0xa;
*(uint16_t*)0x20000192 = htobe16(0x4e23);
*(uint32_t*)0x20000194 = 0x787f;
*(uint8_t*)0x20000198 = -1;
*(uint8_t*)0x20000199 = 2;
*(uint8_t*)0x2000019a = 0;
*(uint8_t*)0x2000019b = 0;
*(uint8_t*)0x2000019c = 0;
*(uint8_t*)0x2000019d = 0;
*(uint8_t*)0x2000019e = 0;
*(uint8_t*)0x2000019f = 0;
*(uint8_t*)0x200001a0 = 0;
*(uint8_t*)0x200001a1 = 0;
*(uint8_t*)0x200001a2 = 0;
*(uint8_t*)0x200001a3 = 0;
*(uint8_t*)0x200001a4 = 0;
*(uint8_t*)0x200001a5 = 0;
*(uint8_t*)0x200001a6 = 0;
*(uint8_t*)0x200001a7 = 1;
*(uint32_t*)0x200001a8 = 9;
*(uint32_t*)0x20000200 = 0x10;
res = syscall(__NR_getsockopt, r[212], 0x84, 0x6f, 0x200001c0, 0x20000200);
if (res != -1)
r[214] = *(uint32_t*)0x200001c0;
*(uint32_t*)0x20000380 = 0xe;
*(uint32_t*)0x20000384 = 0x800;
*(uint32_t*)0x20000388 = 0x10000;
syscall(__NR_ioctl, r[212], 0xc00c55ca, 0x20000380);
*(uint32_t*)0x20000240 = r[214];
*(uint16_t*)0x20000244 = 0xc4;
syscall(__NR_setsockopt, r[212], 0x84, 0x23, 0x20000240, 8);
*(uint32_t*)0x20000400 = r[214];
*(uint32_t*)0x20000404 = 9;
*(uint32_t*)0x20000440 = 8;
syscall(__NR_getsockopt, r[212], 0x84, 0x71, 0x20000400, 0x20000440);
*(uint32_t*)0x200002c0 = r[214];
*(uint16_t*)0x200002c8 = 2;
*(uint16_t*)0x200002ca = htobe16(0x4e23);
*(uint8_t*)0x200002cc = 0xac;
*(uint8_t*)0x200002cd = 0x14;
*(uint8_t*)0x200002ce = 0x14;
*(uint8_t*)0x200002cf = 0xaa;
*(uint8_t*)0x200002d0 = 0;
*(uint8_t*)0x200002d1 = 0;
*(uint8_t*)0x200002d2 = 0;
*(uint8_t*)0x200002d3 = 0;
*(uint8_t*)0x200002d4 = 0;
*(uint8_t*)0x200002d5 = 0;
*(uint8_t*)0x200002d6 = 0;
*(uint8_t*)0x200002d7 = 0;
*(uint16_t*)0x20000348 = 8;
*(uint16_t*)0x2000034a = 0x8a22;
syscall(__NR_setsockopt, r[212], 0x84, 0x1f, 0x200002c0, 0x90);
*(uint32_t*)0x20000140 = 0x30;
*(uint32_t*)0x20000144 = 5;
*(uint64_t*)0x20000148 = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 5;
*(uint64_t*)0x20000160 = 0x958;
*(uint32_t*)0x20000168 = 0x1000;
*(uint32_t*)0x2000016c = 0;
syscall(__NR_write, r[212], 0x20000140, 0x30);
*(uint32_t*)0x20000040 = 0;
*(uint32_t*)0x20000044 = -1;
*(uint32_t*)0x20000080 = 8;
res = syscall(__NR_getsockopt, r[212], 0x84, 0x66, 0x20000040, 0x20000080);
if (res != -1)
r[215] = *(uint32_t*)0x20000040;
*(uint16_t*)0x200003c0 = 8;
*(uint16_t*)0x200003c2 = 5;
*(uint16_t*)0x200003c4 = 0x8000;
*(uint32_t*)0x200003c8 = -1;
*(uint32_t*)0x200003cc = 0xfffffff7;
*(uint32_t*)0x200003d0 = 0xad;
*(uint32_t*)0x200003d4 = 0x8001;
*(uint32_t*)0x200003d8 = 0x100;
*(uint32_t*)0x200003dc = r[215];
syscall(__NR_setsockopt, r[213], 0x84, 0xa, 0x200003c0, 0x20);
*(uint16_t*)0x200000c0 = 3;
*(uint16_t*)0x200000c2 = 4;
*(uint16_t*)0x200000c4 = 0x820b;
*(uint32_t*)0x200000c8 = 7;
*(uint32_t*)0x200000cc = 0x7f;
*(uint32_t*)0x200000d0 = 0xfffffffd;
*(uint32_t*)0x200000d4 = 8;
*(uint32_t*)0x200000d8 = 0x621;
*(uint32_t*)0x200000dc = r[215];
syscall(__NR_setsockopt, r[212], 0x84, 0xa, 0x200000c0, 0x20);
*(uint32_t*)0x200004c0 = 0;
syscall(__NR_ioctl, r[212], 0x40086432, 0x200004c0);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[216] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[216], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[217] = res;
syscall(__NR_recvfrom, r[217], 0x20000240, 0x7a, 0x2002, 0, 0);
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[217], 0x10d, 0xdb, 0x200002c0, 0x20000000);
res = syscall(__NR_socket, 2, 0x4000000000000001, 0);
if (res != -1)
r[218] = res;
*(uint32_t*)0x20000680 = 0x82;
syscall(__NR_setsockopt, r[218], 6, 0x80200000000002, 0x20000680, 4);
memcpy((void*)0x20000080, "bbr", 4);
syscall(__NR_setsockopt, r[218], 6, 0xd, 0x20000080, 4);
*(uint16_t*)0x20deb000 = 2;
*(uint16_t*)0x20deb002 = htobe16(0x4e23);
*(uint32_t*)0x20deb004 = htobe32(-1);
*(uint8_t*)0x20deb008 = 0;
*(uint8_t*)0x20deb009 = 0;
*(uint8_t*)0x20deb00a = 0;
*(uint8_t*)0x20deb00b = 0;
*(uint8_t*)0x20deb00c = 0;
*(uint8_t*)0x20deb00d = 0;
*(uint8_t*)0x20deb00e = 0;
*(uint8_t*)0x20deb00f = 0;
syscall(__NR_bind, r[218], 0x20deb000, 0x10);
*(uint16_t*)0x20e68000 = 2;
*(uint16_t*)0x20e68002 = htobe16(0x4e23);
*(uint32_t*)0x20e68004 = htobe32(0x7f000001);
*(uint8_t*)0x20e68008 = 0;
*(uint8_t*)0x20e68009 = 0;
*(uint8_t*)0x20e6800a = 0;
*(uint8_t*)0x20e6800b = 0;
*(uint8_t*)0x20e6800c = 0;
*(uint8_t*)0x20e6800d = 0;
*(uint8_t*)0x20e6800e = 0;
*(uint8_t*)0x20e6800f = 0;
syscall(__NR_sendto, r[218], 0x20000000, 0, 0x200007fd, 0x20e68000, 0x10);
*(uint64_t*)0x200016c0 = 0x200005c0;
*(uint64_t*)0x200005c0 = 0x200004c0;
*(uint16_t*)0x200004c0 = -1;
*(uint32_t*)0x200005c8 = -1;
*(uint64_t*)0x200005cc = 0;
*(uint64_t*)0x200005d4 = 0x20000580;
*(uint64_t*)0x20000580 = 0;
sprintf((char*)0x20000588, "0x%016llx", (long long)-1);
*(uint64_t*)0x2000059a = 0;
*(uint32_t*)0x200005a2 = 0;
sprintf((char*)0x200016c8, "%020llu", (long long)-1);
*(uint16_t*)0x200016dc = -1;
syscall(__NR_write, r[218], 0x200016c0, 0xffffff84);
res = syscall(__NR_dup2, -1, 0xffffff9c);
if (res != -1)
r[219] = res;
*(uint32_t*)0x20000840 = 0x49;
*(uint8_t*)0x20000844 = 0x29;
*(uint16_t*)0x20000845 = 1;
*(uint32_t*)0x20000847 = 1;
*(uint8_t*)0x2000084b = 0x18;
*(uint32_t*)0x2000084c = 0;
*(uint64_t*)0x20000850 = 8;
*(uint64_t*)0x20000858 = 1;
*(uint8_t*)0x20000860 = 8;
*(uint16_t*)0x20000861 = 7;
memcpy((void*)0x20000863, "./file0", 7);
*(uint8_t*)0x2000086a = 0x10;
*(uint32_t*)0x2000086b = 0;
*(uint64_t*)0x2000086f = 7;
*(uint64_t*)0x20000877 = 6;
*(uint8_t*)0x2000087f = 0xf9;
*(uint16_t*)0x20000880 = 7;
memcpy((void*)0x20000882, "./file0", 7);
syscall(__NR_write, r[219], 0x20000840, 0x49);
memcpy((void*)0x20000000, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
32);
*(uint32_t*)0x20000020 = 0;
*(uint32_t*)0x20000024 = 0;
*(uint32_t*)0x20000028 = 0;
*(uint32_t*)0x2000002c = 0;
*(uint32_t*)0x20000030 = 0;
*(uint32_t*)0x20000034 = 0;
*(uint32_t*)0x20000038 = 0;
*(uint32_t*)0x2000003c = 0;
*(uint32_t*)0x20000040 = 0;
*(uint32_t*)0x20000080 = 0x44;
syscall(__NR_getsockopt, r[219], 0, 0x60, 0x20000000, 0x20000080);
syscall(__NR_setsockopt, r[219], 0x111, 2, 0, 4);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_mremap, 0x20ffa000, 0x3000, 0x2000, 0x13, 0x201c1000);
*(uint64_t*)0x20000800 = 0x200000c0;
*(uint16_t*)0x200000c0 = 0xa;
*(uint16_t*)0x200000c2 = htobe16(0x4e24);
*(uint32_t*)0x200000c4 = 0;
*(uint8_t*)0x200000c8 = -1;
*(uint8_t*)0x200000c9 = 2;
*(uint8_t*)0x200000ca = 0;
*(uint8_t*)0x200000cb = 0;
*(uint8_t*)0x200000cc = 0;
*(uint8_t*)0x200000cd = 0;
*(uint8_t*)0x200000ce = 0;
*(uint8_t*)0x200000cf = 0;
*(uint8_t*)0x200000d0 = 0;
*(uint8_t*)0x200000d1 = 0;
*(uint8_t*)0x200000d2 = 0;
*(uint8_t*)0x200000d3 = 0;
*(uint8_t*)0x200000d4 = 0;
*(uint8_t*)0x200000d5 = 0;
*(uint8_t*)0x200000d6 = 0;
*(uint8_t*)0x200000d7 = 1;
*(uint32_t*)0x200000d8 = 1;
*(uint32_t*)0x20000808 = 0x80;
*(uint64_t*)0x20000810 = 0x20000580;
*(uint64_t*)0x20000580 = 0x20000140;
*(uint64_t*)0x20000588 = 0;
*(uint64_t*)0x20000590 = 0x200001c0;
*(uint64_t*)0x20000598 = 0;
*(uint64_t*)0x200005a0 = 0x20000280;
*(uint64_t*)0x200005a8 = 0;
*(uint64_t*)0x200005b0 = 0x20000340;
*(uint64_t*)0x200005b8 = 0;
*(uint64_t*)0x200005c0 = 0x20000380;
*(uint64_t*)0x200005c8 = 0;
*(uint64_t*)0x200005d0 = 0x20000440;
*(uint64_t*)0x200005d8 = 0;
*(uint64_t*)0x200005e0 = 0x20000500;
*(uint64_t*)0x200005e8 = 0;
*(uint64_t*)0x20000818 = 7;
*(uint64_t*)0x20000820 = 0x20000600;
*(uint64_t*)0x20000600 = 0x10;
*(uint32_t*)0x20000608 = 0x11f;
*(uint32_t*)0x2000060c = 5;
*(uint64_t*)0x20000610 = 0x10;
*(uint32_t*)0x20000618 = 0x103;
*(uint32_t*)0x2000061c = 0xfffff001;
*(uint64_t*)0x20000620 = 0x10;
*(uint32_t*)0x20000628 = 0x11f;
*(uint32_t*)0x2000062c = 0x200;
*(uint64_t*)0x20000630 = 0x10;
*(uint32_t*)0x20000638 = 0x11f;
*(uint32_t*)0x2000063c = 0xe92;
*(uint64_t*)0x20000640 = 0x10;
*(uint32_t*)0x20000648 = 0x10e;
*(uint32_t*)0x2000064c = 8;
*(uint64_t*)0x20000828 = 0x50;
*(uint32_t*)0x20000830 = 0x20040001;
syscall(__NR_sendmsg, r[219], 0x20000800, 0x800);
syscall(__NR_munmap, 0x20ff9000, 0x4000);
syscall(__NR_madvise, 0x20ff9000, 0x4000, 0);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[220] = res;
res = syscall(__NR_ioctl, r[220], 0xae01, 0);
if (res != -1)
r[221] = res;
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[222] = res;
syscall(__NR_ioctl, r[222], 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[221], 0x4040ae79, 0x20000100);
syscall(__NR_ioctl, -1, 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[223] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[223];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
*(uint32_t*)0x20000000 = htobe32(0x7f);
*(uint8_t*)0x20000004 = 0xac;
*(uint8_t*)0x20000005 = 0x14;
*(uint8_t*)0x20000006 = 0x14;
*(uint8_t*)0x20000007 = 0xc;
syscall(__NR_setsockopt, -1, 0, 0x27, 0x20000000, 8);
res = syscall(__NR_socket, 0xf, 3, 2);
if (res != -1)
r[224] = res;
*(uint64_t*)0x200001c0 = 0x40000000;
*(uint32_t*)0x200001c8 = 0;
*(uint64_t*)0x200001d0 = 0x20000000;
*(uint64_t*)0x20000000 = 0x20000080;
*(uint64_t*)0x20000008 = 0x1c2f709d15676996;
*(uint64_t*)0x200001d8 = 1;
*(uint64_t*)0x200001e0 = 0;
*(uint64_t*)0x200001e8 = 0;
*(uint32_t*)0x200001f0 = 0;
syscall(__NR_sendmsg, r[224], 0x200001c0, 0);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
*(uint32_t*)0x20000000 = -1;
syscall(__NR_bpf, 0xd, 0x20000000, 4);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[225] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[225], 0);
*(uint32_t*)0x20000240 = 0x7b;
*(uint32_t*)0x20000244 = 0;
*(uint64_t*)0x20000248 = 2;
*(uint64_t*)0x20000250 = 0x636;
*(uint64_t*)0x20000258 = 7;
*(uint64_t*)0x20000260 = 0x7fff;
*(uint8_t*)0x20000268 = 0;
*(uint8_t*)0x20000269 = 0;
*(uint8_t*)0x2000026a = 0;
*(uint8_t*)0x2000026b = 0;
*(uint8_t*)0x2000026c = 0;
*(uint8_t*)0x2000026d = 0;
*(uint8_t*)0x2000026e = 0;
*(uint8_t*)0x2000026f = 0;
*(uint8_t*)0x20000270 = 0;
*(uint8_t*)0x20000271 = 0;
*(uint8_t*)0x20000272 = 0;
*(uint8_t*)0x20000273 = 0;
*(uint8_t*)0x20000274 = 0;
*(uint8_t*)0x20000275 = 0;
*(uint8_t*)0x20000276 = 0;
*(uint8_t*)0x20000277 = 0;
*(uint8_t*)0x20000278 = 0;
*(uint8_t*)0x20000279 = 0;
*(uint8_t*)0x2000027a = 0;
*(uint8_t*)0x2000027b = 0;
*(uint8_t*)0x2000027c = 0;
*(uint8_t*)0x2000027d = 0;
*(uint8_t*)0x2000027e = 0;
*(uint8_t*)0x2000027f = 0;
*(uint8_t*)0x20000280 = 0;
*(uint8_t*)0x20000281 = 0;
*(uint8_t*)0x20000282 = 0;
*(uint8_t*)0x20000283 = 0;
*(uint8_t*)0x20000284 = 0;
*(uint8_t*)0x20000285 = 0;
*(uint8_t*)0x20000286 = 0;
*(uint8_t*)0x20000287 = 0;
*(uint8_t*)0x20000288 = 0;
*(uint8_t*)0x20000289 = 0;
*(uint8_t*)0x2000028a = 0;
*(uint8_t*)0x2000028b = 0;
*(uint8_t*)0x2000028c = 0;
*(uint8_t*)0x2000028d = 0;
*(uint8_t*)0x2000028e = 0;
*(uint8_t*)0x2000028f = 0;
*(uint8_t*)0x20000290 = 0;
*(uint8_t*)0x20000291 = 0;
*(uint8_t*)0x20000292 = 0;
*(uint8_t*)0x20000293 = 0;
*(uint8_t*)0x20000294 = 0;
*(uint8_t*)0x20000295 = 0;
*(uint8_t*)0x20000296 = 0;
*(uint8_t*)0x20000297 = 0;
*(uint8_t*)0x20000298 = 0;
*(uint8_t*)0x20000299 = 0;
*(uint8_t*)0x2000029a = 0;
*(uint8_t*)0x2000029b = 0;
*(uint8_t*)0x2000029c = 0;
*(uint8_t*)0x2000029d = 0;
*(uint8_t*)0x2000029e = 0;
*(uint8_t*)0x2000029f = 0;
*(uint8_t*)0x200002a0 = 0;
*(uint8_t*)0x200002a1 = 0;
*(uint8_t*)0x200002a2 = 0;
*(uint8_t*)0x200002a3 = 0;
*(uint8_t*)0x200002a4 = 0;
*(uint8_t*)0x200002a5 = 0;
*(uint8_t*)0x200002a6 = 0;
*(uint8_t*)0x200002a7 = 0;
syscall(__NR_ioctl, r[225], 0x4068aea3, 0x20000240);
syscall(__NR_socket, 2, 6, 0);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[226] = res;
syscall(__NR_ioctl, r[226], 0x8912, 0x400200);
res = syscall(__NR_gettid);
if (res != -1)
r[227] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[227];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x20000000 = 0;
*(uint64_t*)0x20000008 = 1;
*(uint64_t*)0x20000010 = 0;
*(uint64_t*)0x20000018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x20000000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[228] = res;
res = syscall(__NR_ioctl, r[228], 0xae01, 0);
if (res != -1)
r[229] = res;
syscall(__NR_ioctl, -1, 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[229], 0x4040ae79, 0x20000100);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_ioctl, -1, 0x6611);
syscall(__NR_mremap, 0x2004d000, 0x1000, 0x6000, 0x4000000000000004,
0x206ff000);
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, -1, 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[230] = res;
*(uint32_t*)0x20000240 = 4;
syscall(__NR_getsockopt, r[230], 0x10d, 0x31, 0x20000040, 0x20000240);
memcpy((void*)0x20000080, "/dev/dsp", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000080, 0x80000, 0);
if (res != -1)
r[231] = res;
syscall(__NR_ioctl, r[231], 4);
memcpy((void*)0x20000000, "\x2d\x73\x65\x6c\x66\xa1\x65\x74\x68\x30\x76\x6d"
"\x6e\x65\x74\x30\x2c\x28\x25\x00",
20);
syscall(__NR_sysfs, 1, 0x20000000);
syscall(__NR_socket, 2, 2, 0);
res = syscall(__NR_socket, 0x26, 5, 0);
if (res != -1)
r[232] = res;
memcpy((void*)0x20000000, "/dev/input/mice", 16);
res = syz_open_dev(0x20000000, 0, 0);
if (res != -1)
r[233] = res;
*(uint16_t*)0x20000100 = 1;
*(uint64_t*)0x20000108 = 0x20000080;
syscall(__NR_ioctl, r[233], 0x4b66, 0x20000100);
*(uint16_t*)0x20000140 = 0x26;
memcpy((void*)0x20000142,
"\x68\x61\x73\x68\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 14);
*(uint32_t*)0x20000150 = 0;
*(uint32_t*)0x20000154 = 0;
memcpy((void*)0x20000158,
"\x63\x6d\x61\x63\x28\x63\x61\x6d\x65\x6c\x6c\x69\x61\x2d\x67\x65\x6e"
"\x65\x72\x69\x63\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
64);
syscall(__NR_bind, r[232], 0x20000140, 0x58);
syscall(__NR_setsockopt, r[232], 0x117, 1, 0x20000040, 0);
syscall(__NR_setsockopt, r[233], 0x111, 1, 0x1000, 4);
*(uint32_t*)0x200000c0 = 0;
res = syscall(__NR_accept4, r[232], 0, 0x200000c0, 0);
if (res != -1)
r[234] = res;
*(uint16_t*)0x20000200 = 2;
*(uint16_t*)0x20000202 = htobe16(0);
*(uint32_t*)0x20000204 = htobe32(0);
*(uint8_t*)0x20000208 = 0;
*(uint8_t*)0x20000209 = 0;
*(uint8_t*)0x2000020a = 0;
*(uint8_t*)0x2000020b = 0;
*(uint8_t*)0x2000020c = 0;
*(uint8_t*)0x2000020d = 0;
*(uint8_t*)0x2000020e = 0;
*(uint8_t*)0x2000020f = 0;
syscall(__NR_recvfrom, r[234], 0x200001c0, 0x20, 0, 0x20000200, 0x10);
*(uint16_t*)0x20000240 = 0x26;
memcpy((void*)0x20000242,
"\x61\x65\x61\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 14);
*(uint32_t*)0x20000250 = 0;
*(uint32_t*)0x20000254 = 0;
memcpy((void*)0x20000258,
"\x61\x65\x67\x69\x73\x31\x32\x38\x2d\x61\x65\x73\x6e\x69\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
64);
syscall(__NR_bind, r[232], 0x20000240, 0x58);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[235] = res;
syscall(__NR_ioctl, r[235], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[236] = res;
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[236];
syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, 0, 0, 0x2004a000, 0x20040000);
memcpy((void*)0x20000000, "/proc/self/net/pfkey", 21);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0x8000, 0);
if (res != -1)
r[237] = res;
*(uint32_t*)0x20000140 = 0x43;
*(uint8_t*)0x20000144 = 9;
*(uint16_t*)0x20000145 = 2;
*(uint32_t*)0x20000147 = 6;
*(uint32_t*)0x2000014b = -1;
*(uint64_t*)0x2000014f = -1;
*(uint64_t*)0x20000157 = 9;
*(uint64_t*)0x2000015f = 0x20;
*(uint64_t*)0x20000167 = 1;
*(uint64_t*)0x2000016f = 0xfffffffffffffff8;
*(uint64_t*)0x20000177 = 0xfffffffffffffff9;
*(uint32_t*)0x2000017f = 0x219;
syscall(__NR_write, r[237], 0x20000140, 0x43);
syscall(__NR_fcntl, r[235], 0xa, 0x17);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[238] = res;
res = syscall(__NR_ioctl, r[238], 0xae01, 0);
if (res != -1)
r[239] = res;
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[240] = res;
syscall(__NR_ioctl, r[240], 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[239], 0x4040ae79, 0x20000100);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[241] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[241], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[242] = res;
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[242], 0x10d, 0xdb, 0x200002c0, 0x20000000);
*(uint16_t*)0x20000240 = 2;
*(uint16_t*)0x20000242 = htobe16(0x4e21);
*(uint32_t*)0x20000244 = htobe32(0);
*(uint8_t*)0x20000248 = 0;
*(uint8_t*)0x20000249 = 0;
*(uint8_t*)0x2000024a = 0;
*(uint8_t*)0x2000024b = 0;
*(uint8_t*)0x2000024c = 0;
*(uint8_t*)0x2000024d = 0;
*(uint8_t*)0x2000024e = 0;
*(uint8_t*)0x2000024f = 0;
syscall(__NR_sendto, r[241], 0x20000040, 0, 1, 0x20000240, 0x10);
memcpy((void*)0x20000000, "/proc/sys/net/ipv4/vs/sloppy_tcp", 33);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 2, 0);
if (res != -1)
r[243] = res;
syscall(__NR_ioctl, r[243], 0xc008ae88, 0x20000040);
syscall(__NR_mmap, 0x20000000, 0x400000, 0, 0x5c831, -1, 0);
syscall(__NR_mremap, 0x2012d000, 0x3000, 0x6000, 3, 0x206ff000);
res = syscall(__NR_socket, 0xa, 0x80002, 0x8c);
if (res != -1)
r[244] = res;
syscall(__NR_ioctl, r[244], 0x8912, 0x20000340);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[245] = res;
*(uint64_t*)0x20000080 = 0x20000140;
*(uint16_t*)0x20000140 = 0x307;
*(uint8_t*)0x20000142 = 0xaa;
*(uint8_t*)0x20000143 = 0xaa;
*(uint8_t*)0x20000144 = 0xaa;
*(uint8_t*)0x20000145 = 0xaa;
*(uint8_t*)0x20000146 = 0xaa;
*(uint8_t*)0x20000147 = 0xd;
*(uint32_t*)0x20000088 = 0x80;
*(uint64_t*)0x20000090 = 0x20000740;
*(uint64_t*)0x20000098 = 0;
*(uint64_t*)0x200000a0 = 0x20000040;
*(uint64_t*)0x20000040 = 0x10;
*(uint32_t*)0x20000048 = 0;
*(uint32_t*)0x2000004c = 7;
*(uint64_t*)0x200000a8 = 0x10;
*(uint32_t*)0x200000b0 = 0;
syscall(__NR_sendmsg, r[245], 0x20000080, 0);
*(uint32_t*)0x20000000 = 0xfffffffb;
syscall(__NR_setsockopt, r[245], 0x119, 1, 0x20000000, 4);
res = syscall(__NR_socket, 2, 2, 0);
if (res != -1)
r[246] = res;
syscall(__NR_ioctl, r[246], 0x8912, 0x400200);
*(uint64_t*)0x20000100 = 0xfffffffffffffffd;
syscall(__NR_rt_sigprocmask, 0, 0x20000100, 0, 8);
res = syscall(__NR_gettid);
if (res != -1)
r[247] = res;
memcpy((void*)0x20000000, "/dev/sg#", 9);
syz_open_dev(0x20000000, 0xfffffffffffffffb, 0);
*(uint64_t*)0x20000280 = 0;
*(uint32_t*)0x20000288 = 0x20;
*(uint32_t*)0x2000028c = 4;
*(uint32_t*)0x20000290 = r[247];
res = syscall(__NR_timer_create, 0, 0x20000280, 0x200002c0);
if (res != -1)
r[248] = *(uint32_t*)0x200002c0;
*(uint64_t*)0x2004a000 = 0;
*(uint64_t*)0x2004a008 = 1;
*(uint64_t*)0x2004a010 = 0;
*(uint64_t*)0x2004a018 = 0xe4c;
syscall(__NR_timer_settime, r[248], 1, 0x2004a000, 0x20040000);
*(uint64_t*)0x20000040 = 0;
*(uint64_t*)0x20000048 = 0x1c9c380;
*(uint64_t*)0x20000240 = 0x20000080;
*(uint64_t*)0x20000080 = 0;
*(uint64_t*)0x20000248 = 8;
syscall(__NR_io_pgetevents, 0, 0, 0, 0x20000000, 0x20000040, 0x20000240);
memcpy((void*)0x200002c0, "/dev/kvm", 9);
res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[249] = res;
res = syscall(__NR_ioctl, r[249], 0xae01, 0);
if (res != -1)
r[250] = res;
res = syscall(__NR_socket, 0x18, 1, 1);
if (res != -1)
r[251] = res;
syscall(__NR_ioctl, r[251], 0x800000008912, 0x200000c0);
*(uint32_t*)0x20000140 = 2;
*(uint32_t*)0x20000144 = 0x70;
*(uint8_t*)0x20000148 = 0x16;
*(uint8_t*)0x20000149 = 0;
*(uint8_t*)0x2000014a = 0;
*(uint8_t*)0x2000014b = 0;
*(uint32_t*)0x2000014c = 0;
*(uint64_t*)0x20000150 = 0;
*(uint64_t*)0x20000158 = 0;
*(uint64_t*)0x20000160 = 0;
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 1, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 2, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 3, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0x10000003, 5, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 7, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 9, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 14, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 15, 2);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 17, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 18, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 20, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 22, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 23, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 24, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 25, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 27, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, 0x20000168, 0, 29, 35);
*(uint32_t*)0x20000170 = 0;
*(uint32_t*)0x20000174 = 0;
*(uint64_t*)0x20000178 = 0x20000000;
*(uint64_t*)0x20000180 = 0;
*(uint64_t*)0x20000188 = 0;
*(uint64_t*)0x20000190 = 0;
*(uint32_t*)0x20000198 = 0;
*(uint32_t*)0x2000019c = 0;
*(uint64_t*)0x200001a0 = 0;
*(uint32_t*)0x200001a8 = 0;
*(uint16_t*)0x200001ac = 0;
*(uint16_t*)0x200001ae = 0;
syscall(__NR_perf_event_open, 0x20000140, 0, 0, -1, 0);
*(uint64_t*)0x20000100 = 0;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint32_t*)0x20000110 = 0;
*(uint32_t*)0x20000114 = -1;
*(uint32_t*)0x20000118 = 0xe;
*(uint8_t*)0x2000011c = 0;
*(uint8_t*)0x2000011d = 0;
*(uint8_t*)0x2000011e = 0;
*(uint8_t*)0x2000011f = 0;
*(uint8_t*)0x20000120 = 0;
*(uint8_t*)0x20000121 = 0;
*(uint8_t*)0x20000122 = 0;
*(uint8_t*)0x20000123 = 0;
*(uint8_t*)0x20000124 = 0;
*(uint8_t*)0x20000125 = 0;
*(uint8_t*)0x20000126 = 0;
*(uint8_t*)0x20000127 = 0;
*(uint8_t*)0x20000128 = 0;
*(uint8_t*)0x20000129 = 0;
*(uint8_t*)0x2000012a = 0;
*(uint8_t*)0x2000012b = 0;
*(uint8_t*)0x2000012c = 0;
*(uint8_t*)0x2000012d = 0;
*(uint8_t*)0x2000012e = 0;
*(uint8_t*)0x2000012f = 0;
*(uint8_t*)0x20000130 = 0;
*(uint8_t*)0x20000131 = 0;
*(uint8_t*)0x20000132 = 0;
*(uint8_t*)0x20000133 = 0;
*(uint8_t*)0x20000134 = 0;
*(uint8_t*)0x20000135 = 0;
*(uint8_t*)0x20000136 = 0;
*(uint8_t*)0x20000137 = 0;
*(uint8_t*)0x20000138 = 0;
*(uint8_t*)0x20000139 = 0;
*(uint8_t*)0x2000013a = 0;
*(uint8_t*)0x2000013b = 0;
*(uint8_t*)0x2000013c = 0;
*(uint8_t*)0x2000013d = 0;
*(uint8_t*)0x2000013e = 0;
*(uint8_t*)0x2000013f = 0;
syscall(__NR_ioctl, r[250], 0x4040ae79, 0x20000100);
memcpy(
(void*)0x20000080,
"\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91\xbe"
"\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa\x07\x42"
"\x4a\xb9\xb3\xf8\x68\x3e\xcf\x89\xde\xe9\x01\xd2\xda\x75\xc0\x1f\x02\x00"
"\xf5\x8d\x26\xd7\xa0\x71\xfb\x35\x33\x1c\xe3\x9c\x5a\xee\xff\x50\x83\xcf"
"\x07\xdd\x46\x45\x5c\x91\x4d\x4a\xff\x1e\x7c\xf7\xed\x57\xc0\xc2\x05\x6f"
"\x5c\xa9\xfc\xf0\x3c\xbf\x82\xbd\x13\x53\x47\x37\x33\x92\x45\xd3\xc7\x06"
"\x41\xbe\x62\x81\xd7\xe1\xb4\xb7\x09\x91\x14\xc5\x71\x87\x22\x98\xdd\x7f"
"\x21\x20\xe2\xb6\xfa\x2a\x2e\x2a\x2c\x9c\x6e\x00\x34\x75\x0b\x79\x61\xfa"
"\x2c\x15\x84\xc0\xb5\xa5\x00\xae\x0a\xc3\x9b\xc7\x6a\x78\xd9\x15\x82\x66"
"\x75\x9f\x76\x6a\x3e\x8c\x84\xc0\x9c\xf3\xad\x88\x82\x94\x7f\xfa\x1f\xb4"
"\xc0\x50\x72\x7b\xeb\x12\xc5\x7e\x06\xff\x59\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x89\x24\x57\x8a\xd4\x9e\xa1\x14\x4c\x74"
"\x48\xd6\x40\xaa\x88\xa6\x6a\x71\xb7\x7d\x73\xa9\x24\xff\x02\x7f\xdc\xb5"
"\x50\x16\x16\x53\xd4\xcb\x57\x08\x83\x85\x24\x82\x86\xf5\xbe\x9d\x87\x66"
"\xc7\x0c\x29\xe6\xf5\x06\x3d\xfe\x74\xa1\xb0\xb5\x20\x79\x15\x90\x48\x21"
"\x0b\x4d\x27\x1a\xc9\x4c\x88\x9b\x06\x3c\xa3\x4a\x09\x57\x9a\xf0\x36\x31"
"\xf1\x28\xe6\xdd\x2c\x96\x6d\xae\xcd\x7c\x6f\x7e\x0f\x4e\xbc\xaf\x80\x25"
"\x0c\xfa\xb0\x71\x84\x83\x80\x78\xc7\x1d\x80\x9d\x06\xdc\x0b\xac\x75\xdb"
"\x81\x45\x25\xd1\xd1\xac\xaf\x4c\xb6\xf4\x89\x0f\x39\x73\x82\xae\x63\x66"
"\x97\xf6\x88\x09\x4e\x38\xdb\x5c\x22\x77\x0f\x53\x07\x6c\x63\x0d\xf9\xbb"
"\x4c\x14\x91\x89\xff\xa9\x75\xf5\x20\x87\x31\x1c\x5b\xaa\xfc\x11\xc9\x0b"
"\xdc\x25\xfc\x80\x3b\x71\x15\x3d\xdc\x39\x95\xb2\xdf\x49\xcd\xd7\x84\xbc"
"\x5b\xea\x40\x86\x10\x70\xda\xdb\x39\x5e\x85\xc9\x3c\xdf\xa0\x8e",
412);
res = syz_open_procfs(0, 0x20000080);
if (res != -1)
r[252] = res;
syscall(__NR_mmap, 0x20000000, 0x1000, 0xfffffffffffffffc, 0x12, r[252], 0);
res = syscall(__NR_socket, 2, 6, 0);
if (res != -1)
r[253] = res;
syscall(__NR_ioctl, r[252], 0x5411, 0x20000040);
*(uint32_t*)0x20000000 = 4;
syscall(__NR_getsockopt, r[253], 0x10d, 0xdb, 0x200002c0, 0x20000000);
memcpy((void*)0x20000200, "/dev/vcs#", 10);
res = syz_open_dev(0x20000200, 6, 0x20600);
if (res != -1)
r[254] = res;
*(uint32_t*)0x20000240 = 0x400;
syscall(__NR_setsockopt, r[254], 0x11b, 6, 0x20000240, 4);
memcpy((void*)0x200002c0, "cgroup.events", 14);
res = syscall(__NR_openat, 0xffffff9c, 0x200002c0, 0, 0);
if (res != -1)
r[255] = res;
*(uint32_t*)0x20000100 = 0;
*(uint32_t*)0x20000104 = 0x94;
*(uint64_t*)0x20000108 = 0x20000040;
*(uint16_t*)0x20000040 = 0xa;
*(uint16_t*)0x20000042 = htobe16(0x4e23);
*(uint32_t*)0x20000044 = 0x295;
*(uint8_t*)0x20000048 = 0;
*(uint8_t*)0x20000049 = 0;
*(uint8_t*)0x2000004a = 0;
*(uint8_t*)0x2000004b = 0;
*(uint8_t*)0x2000004c = 0;
*(uint8_t*)0x2000004d = 0;
*(uint8_t*)0x2000004e = 0;
*(uint8_t*)0x2000004f = 0;
*(uint8_t*)0x20000050 = 0;
*(uint8_t*)0x20000051 = 0;
*(uint8_t*)0x20000052 = 0;
*(uint8_t*)0x20000053 = 0;
*(uint8_t*)0x20000054 = 0;
*(uint8_t*)0x20000055 = 0;
*(uint8_t*)0x20000056 = 0;
*(uint8_t*)0x20000057 = 0;
*(uint32_t*)0x20000058 = 0xda6;
*(uint16_t*)0x2000005c = 0xa;
*(uint16_t*)0x2000005e = htobe16(0x4e24);
*(uint32_t*)0x20000060 = 9;
*(uint8_t*)0x20000064 = 0xfe;
*(uint8_t*)0x20000065 = 0x80;
*(uint8_t*)0x20000066 = 0;
*(uint8_t*)0x20000067 = 0;
*(uint8_t*)0x20000068 = 0;
*(uint8_t*)0x20000069 = 0;
*(uint8_t*)0x2000006a = 0;
*(uint8_t*)0x2000006b = 0;
*(uint8_t*)0x2000006c = 0;
*(uint8_t*)0x2000006d = 0;
*(uint8_t*)0x2000006e = 0;
*(uint8_t*)0x2000006f = 0;
*(uint8_t*)0x20000070 = 0;
*(uint8_t*)0x20000071 = 0;
*(uint8_t*)0x20000072 = 0;
*(uint8_t*)0x20000073 = 0xbb;
*(uint32_t*)0x20000074 = 0x1f;
*(uint16_t*)0x20000078 = 2;
*(uint16_t*)0x2000007a = htobe16(0x4e21);
*(uint8_t*)0x2000007c = 0xac;
*(uint8_t*)0x2000007d = 0x14;
*(uint8_t*)0x2000007e = 0x14;
*(uint8_t*)0x2000007f = 0xbb;
*(uint8_t*)0x20000080 = 0;
*(uint8_t*)0x20000081 = 0;
*(uint8_t*)0x20000082 = 0;
*(uint8_t*)0x20000083 = 0;
*(uint8_t*)0x20000084 = 0;
*(uint8_t*)0x20000085 = 0;
*(uint8_t*)0x20000086 = 0;
*(uint8_t*)0x20000087 = 0;
*(uint16_t*)0x20000088 = 2;
*(uint16_t*)0x2000008a = htobe16(0x4e20);
*(uint8_t*)0x2000008c = 0xac;
*(uint8_t*)0x2000008d = 0x14;
*(uint8_t*)0x2000008e = 0x14;
*(uint8_t*)0x2000008f = 0xaa;
*(uint8_t*)0x20000090 = 0;
*(uint8_t*)0x20000091 = 0;
*(uint8_t*)0x20000092 = 0;
*(uint8_t*)0x20000093 = 0;
*(uint8_t*)0x20000094 = 0;
*(uint8_t*)0x20000095 = 0;
*(uint8_t*)0x20000096 = 0;
*(uint8_t*)0x20000097 = 0;
*(uint16_t*)0x20000098 = 2;
*(uint16_t*)0x2000009a = htobe16(0x4e24);
*(uint32_t*)0x2000009c = htobe32(0);
*(uint8_t*)0x200000a0 = 0;
*(uint8_t*)0x200000a1 = 0;
*(uint8_t*)0x200000a2 = 0;
*(uint8_t*)0x200000a3 = 0;
*(uint8_t*)0x200000a4 = 0;
*(uint8_t*)0x200000a5 = 0;
*(uint8_t*)0x200000a6 = 0;
*(uint8_t*)0x200000a7 = 0;
*(uint16_t*)0x200000a8 = 2;
*(uint16_t*)0x200000aa = htobe16(0x4e22);
*(uint32_t*)0x200000ac = htobe32(0xe0000002);
*(uint8_t*)0x200000b0 = 0;
*(uint8_t*)0x200000b1 = 0;
*(uint8_t*)0x200000b2 = 0;
*(uint8_t*)0x200000b3 = 0;
*(uint8_t*)0x200000b4 = 0;
*(uint8_t*)0x200000b5 = 0;
*(uint8_t*)0x200000b6 = 0;
*(uint8_t*)0x200000b7 = 0;
*(uint16_t*)0x200000b8 = 0xa;
*(uint16_t*)0x200000ba = htobe16(0x4e20);
*(uint32_t*)0x200000bc = 0;
*(uint8_t*)0x200000c0 = 0xfe;
*(uint8_t*)0x200000c1 = 0x80;
*(uint8_t*)0x200000c2 = 0;
*(uint8_t*)0x200000c3 = 0;
*(uint8_t*)0x200000c4 = 0;
*(uint8_t*)0x200000c5 = 0;
*(uint8_t*)0x200000c6 = 0;
*(uint8_t*)0x200000c7 = 0;
*(uint8_t*)0x200000c8 = 0;
*(uint8_t*)0x200000c9 = 0;
*(uint8_t*)0x200000ca = 0;
*(uint8_t*)0x200000cb = 0;
*(uint8_t*)0x200000cc = 0;
*(uint8_t*)0x200000cd = 0;
*(uint8_t*)0x200000ce = 0;
*(uint8_t*)0x200000cf = 0xaa;
*(uint32_t*)0x200000d0 = 1;
*(uint32_t*)0x20000140 = 0x10;
res =
syscall(__NR_getsockopt, 0xffffff9c, 0x84, 0x6f, 0x20000100, 0x20000140);
if (res != -1)
r[256] = *(uint32_t*)0x20000100;
*(uint32_t*)0x20000180 = r[256];
*(uint16_t*)0x20000184 = 0x13;
*(uint16_t*)0x20000186 = 1;
*(uint16_t*)0x20000188 = 0x401;
*(uint32_t*)0x200001c0 = 0xa;
syscall(__NR_getsockopt, r[255], 0x84, 0x77, 0x20000180, 0x200001c0);
syscall(__NR_mremap, 0x2008a000, 0x3000, 0x6000, 3, 0x206ff000);
}
int main(void)
{
syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
do_sandbox_none();
return 0;
}