? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/pkg/debugtracer [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ? github.com/google/syzkaller/pkg/html/pages [no test files] ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ? github.com/google/syzkaller/pkg/report/crash [no test files] ? github.com/google/syzkaller/pkg/rpctype [no test files] ? github.com/google/syzkaller/pkg/stats/syzbotstats [no test files] ? github.com/google/syzkaller/pkg/testutil [no test files] ? github.com/google/syzkaller/pkg/tools [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/darwin [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/darwin/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ok github.com/google/syzkaller/executor 15.481s ok github.com/google/syzkaller/pkg/asset (cached) ok github.com/google/syzkaller/pkg/ast 1.370s ok github.com/google/syzkaller/pkg/auth (cached) ok github.com/google/syzkaller/pkg/bisect (cached) ok github.com/google/syzkaller/pkg/bisect/minimize (cached) ok github.com/google/syzkaller/pkg/build (cached) ? github.com/google/syzkaller/syz-runner [no test files] ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-build [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fillreports [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ok github.com/google/syzkaller/pkg/compiler 16.270s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/corpus (cached) ok github.com/google/syzkaller/pkg/cover (cached) ok github.com/google/syzkaller/pkg/cover/backend (cached) ? github.com/google/syzkaller/tools/syz-lore [no test files] ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-query-subsystems [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/cuttlefish [no test files] ? github.com/google/syzkaller/vm/proxyapp/mocks [no test files] ? github.com/google/syzkaller/vm/proxyapp/proxyrpc [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ? github.com/google/syzkaller/vm/starnix [no test files] ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] --- FAIL: TestGenerate (19.63s) --- FAIL: TestGenerate/test/64 (0.01s) testutil.go:33: seed=1712058747190521797 testutil.go:33: seed=1712058747200690821 --- FAIL: TestGenerate/test/64/7 (1.18s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } break; case 1: res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } break; case 2: memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } break; case 3: res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } break; case 4: *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); break; case 5: syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); break; case 6: *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); break; case 7: res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; break; case 8: *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); break; case 9: memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/1); break; case 15: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/6); break; case 17: syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); loop(); return 0; } :327:9: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor593892855 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/9 (1.21s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:9223372036854775807 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } break; case 1: res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } break; case 2: memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } break; case 3: res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } break; case 4: *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); break; case 5: syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); break; case 6: *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); break; case 7: res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; break; case 8: *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); break; case 9: memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/1); break; case 15: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/6); break; case 17: syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :334:9: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor2094169678 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/3 (1.25s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:10 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } break; case 1: res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } break; case 2: memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } break; case 3: res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } break; case 4: *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); break; case 5: syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); break; case 6: *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); break; case 7: res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; break; case 8: *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); break; case 9: memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/1); break; case 15: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/6); break; case 17: syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :334:9: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor3456878101 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/2 (1.27s) csource_test.go:150: opts: {Threaded:true Repeat:false RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } break; case 1: res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } break; case 2: memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } break; case 3: res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } break; case 4: *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); break; case 5: syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); break; case 6: *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); break; case 7: res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; break; case 8: *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); break; case 9: memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/1); break; case 15: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/6); break; case 17: syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :328:9: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1436502759 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/6 (1.33s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 500); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } break; case 1: res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } break; case 2: memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } break; case 3: res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } break; case 4: *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); break; case 5: syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); break; case 6: *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); break; case 7: res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; break; case 8: *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); break; case 9: memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/1); break; case 15: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/6); break; case 17: syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :334:9: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1555631119 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/12 (1.37s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } break; case 1: res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } break; case 2: memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } break; case 3: res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } break; case 4: *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); break; case 5: syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); break; case 6: *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); break; case 7: res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; break; case 8: *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); break; case 9: memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/1); break; case 15: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/6); break; case 17: syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :336:9: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor4058233557 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/0 (1.40s) csource_test.go:150: opts: {Threaded:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_one(void) { intptr_t res = 0; inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); syz_errno(/*v=*/2); memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); syz_exit(/*status=*/1); syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); syz_sleep_ms(/*ms=*/6); syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :182:8: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor12863307 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/4 (1.43s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } break; case 1: res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } break; case 2: memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } break; case 3: res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } break; case 4: *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); break; case 5: syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); break; case 6: *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); break; case 7: res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; break; case 8: *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); break; case 9: memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/1); break; case 15: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/6); break; case 17: syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :334:9: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor2430527295 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/8 (1.50s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:-9223372036854775808 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } break; case 1: res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } break; case 2: memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } break; case 3: res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } break; case 4: *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); break; case 5: syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); break; case 6: *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); break; case 7: res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; break; case 8: *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); break; case 9: memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/1); break; case 15: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/6); break; case 17: syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); use_temporary_dir(); do_sandbox_none(); return 0; } :334:9: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor3214753569 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/10 (1.53s) csource_test.go:150: opts: {Threaded:true Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Repro:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}} program: foo$anyres(&(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) (fail_nth: 1) foo$anyres(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) (async) syz_execute_func(&(0x7f0000000180)="e443a2b2b5c1bbc81d2a3b736e164f9dd1d7b4cc6e23dbf5a3bbf7bd6b3ae5bec8cbc75c69f39b9e48b0b77cd30465d5a482") (rerun: 4) foo$anyres(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) foo$any0(&(0x7f0000000280)={0x0, 0x5, 0x4, 0x1, {0x0, 0x6, 0x1, 0x1, 0x100, 0x4}, [{@res32=r4, @i8=0x9, "bb74b3e6d48bba5694aa5ee1dea3a96b41512b466687860781108896b4c7b3bd054b7685ca50b88b9a868db4deb5316274ab3b26f307a81bfb9f71bfafa4af967cc1e8e61ddb7296c0728c5cf9846a1cd42093e115cd19c7509d1dec110b102f834c25c7acdb3a0417c79b6fac3262353c36648c8d3691075048cc9acbbcb900e0373023dc7a89ff76772b39d9d2754c474d827c5d1fedac578f9afe13fed981ca330b8c7173fa0962a9c628bc381c56dfd4e5589674df68d9e79c42418a14c029c25d7c1fdbe863f858b0b448dca5678bf9bf5af134d5f397149940c300c40ca54dd7430108fcc1293d22019e8e0b80a8ae361d"}, {@res64=r2, @i32=0xd839, "11a3776391a856232e30a708fefc6c1e822aa7102679df8f85922ff119034e5f357300afb377e71135c95aaaa8e60e121b78ee7e8637b56027e42008f3a96868550e9119ccc94edfcf8e7e29f5015b630aba9ec9db41c156f18fe60e5225e96bd124298b87b9a914a95efadfb52b0b186ec5b25df7f2fcacc718c3e1bce69ffa8069cf7b373516c4143d4fedf1b352fbc43431d686626d9d1d64e314"}, {@res32=r4, @i8=0x5, "0d9c7b693252af2044e685eb10d423afb7a8ce7147e15728beec94d54f4f34c5464085d6efbdd799031a43de452a57d5d108140a61bbb1085eb145835ce0034fa6a74367be5b0e920c1f3338349854"}, {@res32=r4, @i8=0xfa, "dceb6a28fc75f8e647188b133b5a532fe065adbcf9d3b3a2daf5075472c1b83ab5a211f0fd0e985aa429151a51b9661bd9f8508b70251cea195cdd121e21e45f660660aa34a777fc726467efde6ff95bc333b89cd8"}, {@res64=r2, @i32=0x2, "3a229ff99afa27607d6c50f2572bab9c0f4f5ddb5c1c002b2cb1d56927514ce485a7db62f97a388cf80c92012885cb1ba8f4c568c3d4cbafda9a6fd637caf24812bf66218881b734614478465c6075d579b1165a1eccfeb5571a5cfc7eea9cb3ab44d0e21ade0aa7ab6ee55e50f4e51e1ceaff82"}, {@res8=r3, @i8=0x6f, "46555b57e4370f284b5d9d12f6df174e80290d9ac9e88005062995e1fbc011aabbc54594326f6886f2fc133c782eabb2113522a8a494aaef24bd4c87901af5999e3a3f9b9950f98848b54f4e4ee2d4f1c11a3ea77c6d16234d7a8f59fbfaef1a7ca6c4995079cd907b40658fa9440dd753912695ea01789256d38b041a57e7cd7f0580350bc7695995d537ac53caa831298c142bafdda2c3f307de22842084273507c5e6393ecc"}, {@res32=r5, @i32=0x8001, "934251946a88c454e6edc9cd0a3da52a7400a6330a69b0f60797d4dd1dcd159c6fe8e82e7f8d5b7455fe812ac1708922aedce28faf580ce8a5fb9bf046a6ee4e2ecb2b1a34e0fe3dd2ed3319611aa5e845639f1cc30e82968a5b23beba5d7aa84d83b9621646ecb4c9e95b604aea2c668bf2396a04ab78b9782c0d27ec5a2d551ac84c63703e75ec38e725df803e97c532020377df65ebfeada99cfa4da2aeaace"}, {@res8=r0, @i32, "0e79355685af28ad6d995e803cf3dc6b628d61cbd01c51f9d24082d039d93e20fe3cd3e686b3f0b1d751ba8122df753d603a2b11cf8bdabd44c7b6c983313d40c92f5b290ee0d7731091aa43202021c44b5dee31b70cdee4451b76377f74d249e440d29aef06854c0660c1d6208c72b5392b6a3ba874e055aa634bf12ff7524a6ec06cc81b85f77edc69b8905629aedb96d9b073fbc068368aba0562dd8893fdd9a817d4f9e6d40efa49c2129e9d0db4d0f0dcb337ac"}, {@res8=r0, @i32=0x3, "d709c35932142ca10b80c89fb37ba7e7ab5128a6e5aed48d939883d4b996d2b97e49ffe6684d70c1762e9ef544c0345223deec5874db100d3253090180325dcaf9076bde080f6aec09a542c3a3823614805eeb67aae9bf185524c5d0254bd4e87f5ede0d957fa58451b8f2e17dd3cbed6090330e430ba770eff4c0bd79c536e983e0601ed9bc923589d1072badaa57ed7cd5b968dcd1622a0d5008ba719b91dcd82e96"}, {@res32, @i8=0x3, "7797a526f421dd34d4e0c75656973a1e92c1407354c7abfddb8cd7055aa730ec31b374a73d091803049fbf553d62eda8e331554b7f5a4e064a3d06d0bf7df55f7a3c59258d505dd34e30b0db6ba74b5afb65dc596bb61b8c2137a1eb1eae5118cf13bff1f2d8bf6fa1f60902f3602304c9968734b7563dbbbd338e33741b608421e84a75191a494bae946461b8565f651c98877e091c835da6978e77c7bbddad06187dc0cef44efc1eb6f201a30e8daf9da07298566c566278918231edbd80792903"}]}) foo$anyres(&(0x7f0000000940), &(0x7f0000000980), &(0x7f00000009c0)) foo$any0(&(0x7f0000000a00)={0x81, 0x5, 0x8, 0xeef3, {0x1, 0x2, 0x0, 0x1, 0x3fb, 0x5}, [{@res32=r1, @i32=0x1ff, "5c10955e1d5817a5f82eee5602a6cb93f8744aa491cb4e120c72b4a51008439b715f485bc2547eb119a9ad47bfdf7701ae4a9715e9"}, {@res32=r4, @i8=0x4, "3532152b5fabda57bd9524503c4e20e177c5370d503ac0607fd71266993e681c1284972e44e870b52927324d32b0cff6fdb43d91489ceee1f8c0201117c771f4089cf5e1314a2815930ec032016f6c275041cfcf3331e547b268bed91efbcaef8184"}, {@res64=r6, @i32=0x2, "1eb5755aeec8197e0541e3f5101456eb838f39f872032e1390ef956bc05b2e2292960e8e6f0dbc0885fdb629f9279a11ee68e66de9232dfaa0db654eb4ad764d2417d1a4ec2f6a2fcbd462c0e5701a6930fabba75286b7e167e70db42ddf895f6f014a7126912b9c224d691ee216c02091cae1f72b04b0a50aa442fc85ad3bb5eef35edb1e152a31501443b7fe507a5112938a23c5ac30184b56bcd785dfd2d976cbd9ccd73b1f81880e2c9e5c7ba7d4883f7438"}, {@res8=r3, @i8=0x3, "6e554dc5f93e6c4e0173b9c8e7888a959e78da2f098811a2eaf42b35c7f0d095bcd16f44f61a6f81a7fb63c3be9c9ea9bac723b51d293ae94c7168ea0aaaf7cc4d"}, {@res64=r2, @i8=0x8, "a273f1d8227f0be222806fbbc0fe168344"}, {@res32=r1, @i32=0xdd8d, "138581f7b3a615ee17d88be3a34eb770ef56ef9c6effeaaaf222489df91b41b551"}, {@res8=r3, @i32=0x2387, "d7e9aa23bff0fcc835b55d79caed0bb2eb1cd9926bd5ba3b194619f287b773d2cb3c05ab99461d95201e50b2acae2f4f1c721280a1dea3f7407bbbd5ee004235a0243a8631cd119472a1aecba97f677b0836876138ea3052c579b6fd82"}, {@res32=r1, @i32=0x2, "255872e21cb75b5db2cd9da8884ebd1e67aa210188c6ff8c43e80ff0186cb275425471aef24293daf7f103857056c649d965918814faeabf8a318c5ac36e64fb4acc487a50a3e860e85f6756c289e93f63dc7af534445342e8d5d7bc9d2abe6e50b3801e279b0bfa6654a5a5037332455fefea5d"}, {@res32=r4, @i32=0x581, "6227d66cb94570217ddbc09dd54338a5999bd26a703a502ea33930028b1769225e089a02e16723a296c21e0f58254ac939251c2d44812a67027891c3c116fd43ecaf5284c033237294bd73"}]}) foo$anyres(&(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00)=0x0) foo$any0(&(0x7f0000000e40)={0x80, 0x40, 0xf000, 0x1, {0x3, 0x1, 0x1, 0x0, 0x6, 0x4}, [{@res64=r7, @i8=0x1, "6c495010a9bbbeb37f0d32ab6120510217111fcd0cd59d4984fdccff2bf78dc51c0aa6d1bddac190d74e580603ee03bbcf72fffe699205268749b986d8f79212e456b6362560952fd7eab31da4617dbed9f1bac205e144ae"}]}) test$csum_ipv6_tcp(&(0x7f0000000ec0)={{"0ff830c7cbd6989bc072f5d941c2b3a8", "4b47d08757adb1326c6e8729550c1fa2"}, {{}, "0404657eaa6f5027071fb73b0ec44292b95b11c6ba9fbe4b1680a6a3910c4eea1745e57edf686c34c274985b38a1af3c35d17df08f6a4fa4ba4bfb5d9ea9735ca1225d3eb09560d4f59fe01cabaa5847e9b4cef1561f58f063d2c0d2bbf39511be9fd2d580baa75ad27851043bf3e3c49decce42052e138e056a8c536b2b60ddb0483cd2b39b9454cb140326de75de5bd0b2885fb5f4fbc8079962"}}) syz_compare(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000040)=@arr16be=[0x4, 0x32, 0x9, 0x5], 0x8) syz_compare_int$2(0x2, 0x3, 0x1) syz_errno(0x2) syz_execute_func(&(0x7f0000000080)="89163464ff9aaca22b68f4aeed6f972453dfaeae524d3e95d41e2d287d4a1ddac9b31d4df72410fdd52adc8aa2d228b8cf5b") syz_exit(0x1) syz_mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) syz_sleep_ms(0x6) syz_test_fuzzer1(0x3, 0xd, 0x9) csource_test.go:151: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #ifndef SYS_foo #define SYS_foo 0 #endif #ifndef SYS_test #define SYS_test 0 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static int inject_fault(int nth) { return 0; } static void setup_fault() { } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static long syz_mmap(volatile long a0, volatile long a1) { return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0); } static long syz_errno(volatile long v) { errno = v; return v == 0 ? 0 : -1; } static long syz_exit(volatile long status) { _exit(status); return 0; } static long syz_sleep_ms(volatile long ms) { sleep_ms(ms); return 0; } static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len) { if (want_len != got_len) { errno = EBADF; goto error; } if (memcmp((void*)want, (void*)got, want_len)) { errno = EINVAL; goto error; } return 0; error: return -1; } static long syz_compare_int(volatile long n, ...) { va_list args; va_start(args, n); long v0 = va_arg(args, long); long v1 = va_arg(args, long); long v2 = va_arg(args, long); long v3 = va_arg(args, long); va_end(args); if (n < 2 || n > 4) return errno = E2BIG, -1; if (n <= 2 && v2 != 0) return errno = EFAULT, -1; if (n <= 3 && v3 != 0) return errno = EFAULT, -1; if (v0 != v1) return errno = EINVAL, -1; if (n > 2 && v0 != v2) return errno = EINVAL, -1; if (n > 3 && v0 != v3) return errno = EINVAL, -1; return 0; } static void loop(); static int do_sandbox_none(void) { loop(); return 0; } static void fake_crash(const char* name) { exit(1); exit(1); } static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) { if (a == 1 && b == 1 && c == 1) fake_crash("first bug"); if (a == 1 && b == 2 && c == 3) fake_crash("second bug"); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 18; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); static void loop(void) { execute_one(); } uint64_t r[8] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: inject_fault(1); res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); if (res != -1) { r[0] = *(uint8_t*)0x20000000; r[1] = *(uint32_t*)0x20000040; r[2] = *(uint64_t*)0x20000080; } break; case 1: res = syscall(SYS_foo, /*a0=*/0x200000c0ul, /*a1=*/0x20000100ul, /*a2=*/0x20000140ul); if (res != -1) { r[3] = *(uint8_t*)0x200000c0; r[4] = *(uint32_t*)0x20000100; } break; case 2: memcpy((void*)0x20000180, "\xe4\x43\xa2\xb2\xb5\xc1\xbb\xc8\x1d\x2a\x3b\x73\x6e\x16\x4f\x9d\xd1\xd7\xb4\xcc\x6e\x23\xdb\xf5\xa3\xbb\xf7\xbd\x6b\x3a\xe5\xbe\xc8\xcb\xc7\x5c\x69\xf3\x9b\x9e\x48\xb0\xb7\x7c\xd3\x04\x65\xd5\xa4\x82", 50); syz_execute_func(/*text=*/0x20000180); { int i; for(i = 0; i < 4; i++) { syz_execute_func(/*text=*/0x20000180); } } break; case 3: res = syscall(SYS_foo, /*a0=*/0x200001c0ul, /*a1=*/0x20000200ul, /*a2=*/0x20000240ul); if (res != -1) { r[5] = *(uint32_t*)0x20000200; r[6] = *(uint64_t*)0x20000240; } break; case 4: *(uint8_t*)0x20000280 = 0; *(uint32_t*)0x20000284 = 5; *(uint16_t*)0x20000288 = htobe16(4); *(uint64_t*)0x20000290 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000298, 0, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000298, 6, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000298, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000298, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 0x100, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x2000029a, 4, 10, 3); *(uint32_t*)0x2000029c = r[4]; *(uint8_t*)0x200002a4 = 9; memcpy((void*)0x200002a5, "\xbb\x74\xb3\xe6\xd4\x8b\xba\x56\x94\xaa\x5e\xe1\xde\xa3\xa9\x6b\x41\x51\x2b\x46\x66\x87\x86\x07\x81\x10\x88\x96\xb4\xc7\xb3\xbd\x05\x4b\x76\x85\xca\x50\xb8\x8b\x9a\x86\x8d\xb4\xde\xb5\x31\x62\x74\xab\x3b\x26\xf3\x07\xa8\x1b\xfb\x9f\x71\xbf\xaf\xa4\xaf\x96\x7c\xc1\xe8\xe6\x1d\xdb\x72\x96\xc0\x72\x8c\x5c\xf9\x84\x6a\x1c\xd4\x20\x93\xe1\x15\xcd\x19\xc7\x50\x9d\x1d\xec\x11\x0b\x10\x2f\x83\x4c\x25\xc7\xac\xdb\x3a\x04\x17\xc7\x9b\x6f\xac\x32\x62\x35\x3c\x36\x64\x8c\x8d\x36\x91\x07\x50\x48\xcc\x9a\xcb\xbc\xb9\x00\xe0\x37\x30\x23\xdc\x7a\x89\xff\x76\x77\x2b\x39\xd9\xd2\x75\x4c\x47\x4d\x82\x7c\x5d\x1f\xed\xac\x57\x8f\x9a\xfe\x13\xfe\xd9\x81\xca\x33\x0b\x8c\x71\x73\xfa\x09\x62\xa9\xc6\x28\xbc\x38\x1c\x56\xdf\xd4\xe5\x58\x96\x74\xdf\x68\xd9\xe7\x9c\x42\x41\x8a\x14\xc0\x29\xc2\x5d\x7c\x1f\xdb\xe8\x63\xf8\x58\xb0\xb4\x48\xdc\xa5\x67\x8b\xf9\xbf\x5a\xf1\x34\xd5\xf3\x97\x14\x99\x40\xc3\x00\xc4\x0c\xa5\x4d\xd7\x43\x01\x08\xfc\xc1\x29\x3d\x22\x01\x9e\x8e\x0b\x80\xa8\xae\x36\x1d", 244); *(uint64_t*)0x2000039a = r[2]; *(uint32_t*)0x200003a2 = 0xd839; memcpy((void*)0x200003a6, "\x11\xa3\x77\x63\x91\xa8\x56\x23\x2e\x30\xa7\x08\xfe\xfc\x6c\x1e\x82\x2a\xa7\x10\x26\x79\xdf\x8f\x85\x92\x2f\xf1\x19\x03\x4e\x5f\x35\x73\x00\xaf\xb3\x77\xe7\x11\x35\xc9\x5a\xaa\xa8\xe6\x0e\x12\x1b\x78\xee\x7e\x86\x37\xb5\x60\x27\xe4\x20\x08\xf3\xa9\x68\x68\x55\x0e\x91\x19\xcc\xc9\x4e\xdf\xcf\x8e\x7e\x29\xf5\x01\x5b\x63\x0a\xba\x9e\xc9\xdb\x41\xc1\x56\xf1\x8f\xe6\x0e\x52\x25\xe9\x6b\xd1\x24\x29\x8b\x87\xb9\xa9\x14\xa9\x5e\xfa\xdf\xb5\x2b\x0b\x18\x6e\xc5\xb2\x5d\xf7\xf2\xfc\xac\xc7\x18\xc3\xe1\xbc\xe6\x9f\xfa\x80\x69\xcf\x7b\x37\x35\x16\xc4\x14\x3d\x4f\xed\xf1\xb3\x52\xfb\xc4\x34\x31\xd6\x86\x62\x6d\x9d\x1d\x64\xe3\x14", 156); *(uint32_t*)0x20000442 = r[4]; *(uint8_t*)0x2000044a = 5; memcpy((void*)0x2000044b, "\x0d\x9c\x7b\x69\x32\x52\xaf\x20\x44\xe6\x85\xeb\x10\xd4\x23\xaf\xb7\xa8\xce\x71\x47\xe1\x57\x28\xbe\xec\x94\xd5\x4f\x4f\x34\xc5\x46\x40\x85\xd6\xef\xbd\xd7\x99\x03\x1a\x43\xde\x45\x2a\x57\xd5\xd1\x08\x14\x0a\x61\xbb\xb1\x08\x5e\xb1\x45\x83\x5c\xe0\x03\x4f\xa6\xa7\x43\x67\xbe\x5b\x0e\x92\x0c\x1f\x33\x38\x34\x98\x54", 79); *(uint32_t*)0x2000049a = r[4]; *(uint8_t*)0x200004a2 = 0xfa; memcpy((void*)0x200004a3, "\xdc\xeb\x6a\x28\xfc\x75\xf8\xe6\x47\x18\x8b\x13\x3b\x5a\x53\x2f\xe0\x65\xad\xbc\xf9\xd3\xb3\xa2\xda\xf5\x07\x54\x72\xc1\xb8\x3a\xb5\xa2\x11\xf0\xfd\x0e\x98\x5a\xa4\x29\x15\x1a\x51\xb9\x66\x1b\xd9\xf8\x50\x8b\x70\x25\x1c\xea\x19\x5c\xdd\x12\x1e\x21\xe4\x5f\x66\x06\x60\xaa\x34\xa7\x77\xfc\x72\x64\x67\xef\xde\x6f\xf9\x5b\xc3\x33\xb8\x9c\xd8", 85); *(uint64_t*)0x200004f8 = r[2]; *(uint32_t*)0x20000500 = 2; memcpy((void*)0x20000504, "\x3a\x22\x9f\xf9\x9a\xfa\x27\x60\x7d\x6c\x50\xf2\x57\x2b\xab\x9c\x0f\x4f\x5d\xdb\x5c\x1c\x00\x2b\x2c\xb1\xd5\x69\x27\x51\x4c\xe4\x85\xa7\xdb\x62\xf9\x7a\x38\x8c\xf8\x0c\x92\x01\x28\x85\xcb\x1b\xa8\xf4\xc5\x68\xc3\xd4\xcb\xaf\xda\x9a\x6f\xd6\x37\xca\xf2\x48\x12\xbf\x66\x21\x88\x81\xb7\x34\x61\x44\x78\x46\x5c\x60\x75\xd5\x79\xb1\x16\x5a\x1e\xcc\xfe\xb5\x57\x1a\x5c\xfc\x7e\xea\x9c\xb3\xab\x44\xd0\xe2\x1a\xde\x0a\xa7\xab\x6e\xe5\x5e\x50\xf4\xe5\x1e\x1c\xea\xff\x82", 116); *(uint8_t*)0x20000578 = r[3]; *(uint8_t*)0x20000580 = 0x6f; memcpy((void*)0x20000581, "\x46\x55\x5b\x57\xe4\x37\x0f\x28\x4b\x5d\x9d\x12\xf6\xdf\x17\x4e\x80\x29\x0d\x9a\xc9\xe8\x80\x05\x06\x29\x95\xe1\xfb\xc0\x11\xaa\xbb\xc5\x45\x94\x32\x6f\x68\x86\xf2\xfc\x13\x3c\x78\x2e\xab\xb2\x11\x35\x22\xa8\xa4\x94\xaa\xef\x24\xbd\x4c\x87\x90\x1a\xf5\x99\x9e\x3a\x3f\x9b\x99\x50\xf9\x88\x48\xb5\x4f\x4e\x4e\xe2\xd4\xf1\xc1\x1a\x3e\xa7\x7c\x6d\x16\x23\x4d\x7a\x8f\x59\xfb\xfa\xef\x1a\x7c\xa6\xc4\x99\x50\x79\xcd\x90\x7b\x40\x65\x8f\xa9\x44\x0d\xd7\x53\x91\x26\x95\xea\x01\x78\x92\x56\xd3\x8b\x04\x1a\x57\xe7\xcd\x7f\x05\x80\x35\x0b\xc7\x69\x59\x95\xd5\x37\xac\x53\xca\xa8\x31\x29\x8c\x14\x2b\xaf\xdd\xa2\xc3\xf3\x07\xde\x22\x84\x20\x84\x27\x35\x07\xc5\xe6\x39\x3e\xcc", 167); *(uint32_t*)0x20000628 = r[5]; *(uint32_t*)0x20000630 = 0x8001; memcpy((void*)0x20000634, "\x93\x42\x51\x94\x6a\x88\xc4\x54\xe6\xed\xc9\xcd\x0a\x3d\xa5\x2a\x74\x00\xa6\x33\x0a\x69\xb0\xf6\x07\x97\xd4\xdd\x1d\xcd\x15\x9c\x6f\xe8\xe8\x2e\x7f\x8d\x5b\x74\x55\xfe\x81\x2a\xc1\x70\x89\x22\xae\xdc\xe2\x8f\xaf\x58\x0c\xe8\xa5\xfb\x9b\xf0\x46\xa6\xee\x4e\x2e\xcb\x2b\x1a\x34\xe0\xfe\x3d\xd2\xed\x33\x19\x61\x1a\xa5\xe8\x45\x63\x9f\x1c\xc3\x0e\x82\x96\x8a\x5b\x23\xbe\xba\x5d\x7a\xa8\x4d\x83\xb9\x62\x16\x46\xec\xb4\xc9\xe9\x5b\x60\x4a\xea\x2c\x66\x8b\xf2\x39\x6a\x04\xab\x78\xb9\x78\x2c\x0d\x27\xec\x5a\x2d\x55\x1a\xc8\x4c\x63\x70\x3e\x75\xec\x38\xe7\x25\xdf\x80\x3e\x97\xc5\x32\x02\x03\x77\xdf\x65\xeb\xfe\xad\xa9\x9c\xfa\x4d\xa2\xae\xaa\xce", 161); *(uint8_t*)0x200006d6 = r[0]; *(uint32_t*)0x200006de = 0; memcpy((void*)0x200006e2, "\x0e\x79\x35\x56\x85\xaf\x28\xad\x6d\x99\x5e\x80\x3c\xf3\xdc\x6b\x62\x8d\x61\xcb\xd0\x1c\x51\xf9\xd2\x40\x82\xd0\x39\xd9\x3e\x20\xfe\x3c\xd3\xe6\x86\xb3\xf0\xb1\xd7\x51\xba\x81\x22\xdf\x75\x3d\x60\x3a\x2b\x11\xcf\x8b\xda\xbd\x44\xc7\xb6\xc9\x83\x31\x3d\x40\xc9\x2f\x5b\x29\x0e\xe0\xd7\x73\x10\x91\xaa\x43\x20\x20\x21\xc4\x4b\x5d\xee\x31\xb7\x0c\xde\xe4\x45\x1b\x76\x37\x7f\x74\xd2\x49\xe4\x40\xd2\x9a\xef\x06\x85\x4c\x06\x60\xc1\xd6\x20\x8c\x72\xb5\x39\x2b\x6a\x3b\xa8\x74\xe0\x55\xaa\x63\x4b\xf1\x2f\xf7\x52\x4a\x6e\xc0\x6c\xc8\x1b\x85\xf7\x7e\xdc\x69\xb8\x90\x56\x29\xae\xdb\x96\xd9\xb0\x73\xfb\xc0\x68\x36\x8a\xba\x05\x62\xdd\x88\x93\xfd\xd9\xa8\x17\xd4\xf9\xe6\xd4\x0e\xfa\x49\xc2\x12\x9e\x9d\x0d\xb4\xd0\xf0\xdc\xb3\x37\xac", 182); *(uint8_t*)0x20000798 = r[0]; *(uint32_t*)0x200007a0 = 3; memcpy((void*)0x200007a4, "\xd7\x09\xc3\x59\x32\x14\x2c\xa1\x0b\x80\xc8\x9f\xb3\x7b\xa7\xe7\xab\x51\x28\xa6\xe5\xae\xd4\x8d\x93\x98\x83\xd4\xb9\x96\xd2\xb9\x7e\x49\xff\xe6\x68\x4d\x70\xc1\x76\x2e\x9e\xf5\x44\xc0\x34\x52\x23\xde\xec\x58\x74\xdb\x10\x0d\x32\x53\x09\x01\x80\x32\x5d\xca\xf9\x07\x6b\xde\x08\x0f\x6a\xec\x09\xa5\x42\xc3\xa3\x82\x36\x14\x80\x5e\xeb\x67\xaa\xe9\xbf\x18\x55\x24\xc5\xd0\x25\x4b\xd4\xe8\x7f\x5e\xde\x0d\x95\x7f\xa5\x84\x51\xb8\xf2\xe1\x7d\xd3\xcb\xed\x60\x90\x33\x0e\x43\x0b\xa7\x70\xef\xf4\xc0\xbd\x79\xc5\x36\xe9\x83\xe0\x60\x1e\xd9\xbc\x92\x35\x89\xd1\x07\x2b\xad\xaa\x57\xed\x7c\xd5\xb9\x68\xdc\xd1\x62\x2a\x0d\x50\x08\xba\x71\x9b\x91\xdc\xd8\x2e\x96", 163); *(uint32_t*)0x20000848 = 0; *(uint8_t*)0x20000850 = 3; memcpy((void*)0x20000851, "\x77\x97\xa5\x26\xf4\x21\xdd\x34\xd4\xe0\xc7\x56\x56\x97\x3a\x1e\x92\xc1\x40\x73\x54\xc7\xab\xfd\xdb\x8c\xd7\x05\x5a\xa7\x30\xec\x31\xb3\x74\xa7\x3d\x09\x18\x03\x04\x9f\xbf\x55\x3d\x62\xed\xa8\xe3\x31\x55\x4b\x7f\x5a\x4e\x06\x4a\x3d\x06\xd0\xbf\x7d\xf5\x5f\x7a\x3c\x59\x25\x8d\x50\x5d\xd3\x4e\x30\xb0\xdb\x6b\xa7\x4b\x5a\xfb\x65\xdc\x59\x6b\xb6\x1b\x8c\x21\x37\xa1\xeb\x1e\xae\x51\x18\xcf\x13\xbf\xf1\xf2\xd8\xbf\x6f\xa1\xf6\x09\x02\xf3\x60\x23\x04\xc9\x96\x87\x34\xb7\x56\x3d\xbb\xbd\x33\x8e\x33\x74\x1b\x60\x84\x21\xe8\x4a\x75\x19\x1a\x49\x4b\xae\x94\x64\x61\xb8\x56\x5f\x65\x1c\x98\x87\x7e\x09\x1c\x83\x5d\xa6\x97\x8e\x77\xc7\xbb\xdd\xad\x06\x18\x7d\xc0\xce\xf4\x4e\xfc\x1e\xb6\xf2\x01\xa3\x0e\x8d\xaf\x9d\xa0\x72\x98\x56\x6c\x56\x62\x78\x91\x82\x31\xed\xbd\x80\x79\x29\x03", 194); syscall(SYS_foo, /*a=*/0x20000280ul, 0, 0); break; case 5: syscall(SYS_foo, /*a0=*/0x20000940ul, /*a1=*/0x20000980ul, /*a2=*/0x200009c0ul); break; case 6: *(uint8_t*)0x20000a00 = 0x81; *(uint32_t*)0x20000a04 = 5; *(uint16_t*)0x20000a08 = htobe16(8); *(uint64_t*)0x20000a10 = 0xeef3; STORE_BY_BITMASK(uint8_t, , 0x20000a18, 1, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 2, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000a18, 0, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a18, 1, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 0x3fb, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000a1a, 5, 10, 3); *(uint32_t*)0x20000a1c = r[1]; *(uint32_t*)0x20000a24 = 0x1ff; memcpy((void*)0x20000a28, "\x5c\x10\x95\x5e\x1d\x58\x17\xa5\xf8\x2e\xee\x56\x02\xa6\xcb\x93\xf8\x74\x4a\xa4\x91\xcb\x4e\x12\x0c\x72\xb4\xa5\x10\x08\x43\x9b\x71\x5f\x48\x5b\xc2\x54\x7e\xb1\x19\xa9\xad\x47\xbf\xdf\x77\x01\xae\x4a\x97\x15\xe9", 53); *(uint32_t*)0x20000a5e = r[4]; *(uint8_t*)0x20000a66 = 4; memcpy((void*)0x20000a67, "\x35\x32\x15\x2b\x5f\xab\xda\x57\xbd\x95\x24\x50\x3c\x4e\x20\xe1\x77\xc5\x37\x0d\x50\x3a\xc0\x60\x7f\xd7\x12\x66\x99\x3e\x68\x1c\x12\x84\x97\x2e\x44\xe8\x70\xb5\x29\x27\x32\x4d\x32\xb0\xcf\xf6\xfd\xb4\x3d\x91\x48\x9c\xee\xe1\xf8\xc0\x20\x11\x17\xc7\x71\xf4\x08\x9c\xf5\xe1\x31\x4a\x28\x15\x93\x0e\xc0\x32\x01\x6f\x6c\x27\x50\x41\xcf\xcf\x33\x31\xe5\x47\xb2\x68\xbe\xd9\x1e\xfb\xca\xef\x81\x84", 98); *(uint64_t*)0x20000aca = r[6]; *(uint32_t*)0x20000ad2 = 2; memcpy((void*)0x20000ad6, "\x1e\xb5\x75\x5a\xee\xc8\x19\x7e\x05\x41\xe3\xf5\x10\x14\x56\xeb\x83\x8f\x39\xf8\x72\x03\x2e\x13\x90\xef\x95\x6b\xc0\x5b\x2e\x22\x92\x96\x0e\x8e\x6f\x0d\xbc\x08\x85\xfd\xb6\x29\xf9\x27\x9a\x11\xee\x68\xe6\x6d\xe9\x23\x2d\xfa\xa0\xdb\x65\x4e\xb4\xad\x76\x4d\x24\x17\xd1\xa4\xec\x2f\x6a\x2f\xcb\xd4\x62\xc0\xe5\x70\x1a\x69\x30\xfa\xbb\xa7\x52\x86\xb7\xe1\x67\xe7\x0d\xb4\x2d\xdf\x89\x5f\x6f\x01\x4a\x71\x26\x91\x2b\x9c\x22\x4d\x69\x1e\xe2\x16\xc0\x20\x91\xca\xe1\xf7\x2b\x04\xb0\xa5\x0a\xa4\x42\xfc\x85\xad\x3b\xb5\xee\xf3\x5e\xdb\x1e\x15\x2a\x31\x50\x14\x43\xb7\xfe\x50\x7a\x51\x12\x93\x8a\x23\xc5\xac\x30\x18\x4b\x56\xbc\xd7\x85\xdf\xd2\xd9\x76\xcb\xd9\xcc\xd7\x3b\x1f\x81\x88\x0e\x2c\x9e\x5c\x7b\xa7\xd4\x88\x3f\x74\x38", 180); *(uint8_t*)0x20000b8a = r[3]; *(uint8_t*)0x20000b92 = 3; memcpy((void*)0x20000b93, "\x6e\x55\x4d\xc5\xf9\x3e\x6c\x4e\x01\x73\xb9\xc8\xe7\x88\x8a\x95\x9e\x78\xda\x2f\x09\x88\x11\xa2\xea\xf4\x2b\x35\xc7\xf0\xd0\x95\xbc\xd1\x6f\x44\xf6\x1a\x6f\x81\xa7\xfb\x63\xc3\xbe\x9c\x9e\xa9\xba\xc7\x23\xb5\x1d\x29\x3a\xe9\x4c\x71\x68\xea\x0a\xaa\xf7\xcc\x4d", 65); *(uint64_t*)0x20000bd4 = r[2]; *(uint8_t*)0x20000bdc = 8; memcpy((void*)0x20000bdd, "\xa2\x73\xf1\xd8\x22\x7f\x0b\xe2\x22\x80\x6f\xbb\xc0\xfe\x16\x83\x44", 17); *(uint32_t*)0x20000bee = r[1]; *(uint32_t*)0x20000bf6 = 0xdd8d; memcpy((void*)0x20000bfa, "\x13\x85\x81\xf7\xb3\xa6\x15\xee\x17\xd8\x8b\xe3\xa3\x4e\xb7\x70\xef\x56\xef\x9c\x6e\xff\xea\xaa\xf2\x22\x48\x9d\xf9\x1b\x41\xb5\x51", 33); *(uint8_t*)0x20000c1c = r[3]; *(uint32_t*)0x20000c24 = 0x2387; memcpy((void*)0x20000c28, "\xd7\xe9\xaa\x23\xbf\xf0\xfc\xc8\x35\xb5\x5d\x79\xca\xed\x0b\xb2\xeb\x1c\xd9\x92\x6b\xd5\xba\x3b\x19\x46\x19\xf2\x87\xb7\x73\xd2\xcb\x3c\x05\xab\x99\x46\x1d\x95\x20\x1e\x50\xb2\xac\xae\x2f\x4f\x1c\x72\x12\x80\xa1\xde\xa3\xf7\x40\x7b\xbb\xd5\xee\x00\x42\x35\xa0\x24\x3a\x86\x31\xcd\x11\x94\x72\xa1\xae\xcb\xa9\x7f\x67\x7b\x08\x36\x87\x61\x38\xea\x30\x52\xc5\x79\xb6\xfd\x82", 93); *(uint32_t*)0x20000c86 = r[1]; *(uint32_t*)0x20000c8e = 2; memcpy((void*)0x20000c92, "\x25\x58\x72\xe2\x1c\xb7\x5b\x5d\xb2\xcd\x9d\xa8\x88\x4e\xbd\x1e\x67\xaa\x21\x01\x88\xc6\xff\x8c\x43\xe8\x0f\xf0\x18\x6c\xb2\x75\x42\x54\x71\xae\xf2\x42\x93\xda\xf7\xf1\x03\x85\x70\x56\xc6\x49\xd9\x65\x91\x88\x14\xfa\xea\xbf\x8a\x31\x8c\x5a\xc3\x6e\x64\xfb\x4a\xcc\x48\x7a\x50\xa3\xe8\x60\xe8\x5f\x67\x56\xc2\x89\xe9\x3f\x63\xdc\x7a\xf5\x34\x44\x53\x42\xe8\xd5\xd7\xbc\x9d\x2a\xbe\x6e\x50\xb3\x80\x1e\x27\x9b\x0b\xfa\x66\x54\xa5\xa5\x03\x73\x32\x45\x5f\xef\xea\x5d", 116); *(uint32_t*)0x20000d06 = r[4]; *(uint32_t*)0x20000d0e = 0x581; memcpy((void*)0x20000d12, "\x62\x27\xd6\x6c\xb9\x45\x70\x21\x7d\xdb\xc0\x9d\xd5\x43\x38\xa5\x99\x9b\xd2\x6a\x70\x3a\x50\x2e\xa3\x39\x30\x02\x8b\x17\x69\x22\x5e\x08\x9a\x02\xe1\x67\x23\xa2\x96\xc2\x1e\x0f\x58\x25\x4a\xc9\x39\x25\x1c\x2d\x44\x81\x2a\x67\x02\x78\x91\xc3\xc1\x16\xfd\x43\xec\xaf\x52\x84\xc0\x33\x23\x72\x94\xbd\x73", 75); syscall(SYS_foo, /*a=*/0x20000a00ul, 0, 0); break; case 7: res = syscall(SYS_foo, /*a0=*/0x20000d80ul, /*a1=*/0x20000dc0ul, /*a2=*/0x20000e00ul); if (res != -1) r[7] = *(uint64_t*)0x20000e00; break; case 8: *(uint8_t*)0x20000e40 = 0x80; *(uint32_t*)0x20000e44 = 0x40; *(uint16_t*)0x20000e48 = htobe16(0xf000); *(uint64_t*)0x20000e50 = 1; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 3, 0, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 2, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 1, 5, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e58, 0, 6, 1); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 6, 0, 10); STORE_BY_BITMASK(uint16_t, , 0x20000e5a, 4, 10, 3); *(uint64_t*)0x20000e5c = r[7]; *(uint8_t*)0x20000e64 = 1; memcpy((void*)0x20000e65, "\x6c\x49\x50\x10\xa9\xbb\xbe\xb3\x7f\x0d\x32\xab\x61\x20\x51\x02\x17\x11\x1f\xcd\x0c\xd5\x9d\x49\x84\xfd\xcc\xff\x2b\xf7\x8d\xc5\x1c\x0a\xa6\xd1\xbd\xda\xc1\x90\xd7\x4e\x58\x06\x03\xee\x03\xbb\xcf\x72\xff\xfe\x69\x92\x05\x26\x87\x49\xb9\x86\xd8\xf7\x92\x12\xe4\x56\xb6\x36\x25\x60\x95\x2f\xd7\xea\xb3\x1d\xa4\x61\x7d\xbe\xd9\xf1\xba\xc2\x05\xe1\x44\xae", 88); syscall(SYS_foo, /*a=*/0x20000e40ul, 0, 0); break; case 9: memcpy((void*)0x20000ec0, "\x0f\xf8\x30\xc7\xcb\xd6\x98\x9b\xc0\x72\xf5\xd9\x41\xc2\xb3\xa8", 16); memcpy((void*)0x20000ed0, "\x4b\x47\xd0\x87\x57\xad\xb1\x32\x6c\x6e\x87\x29\x55\x0c\x1f\xa2", 16); *(uint16_t*)0x20000ee0 = 0; memcpy((void*)0x20000ee2, "\x04\x04\x65\x7e\xaa\x6f\x50\x27\x07\x1f\xb7\x3b\x0e\xc4\x42\x92\xb9\x5b\x11\xc6\xba\x9f\xbe\x4b\x16\x80\xa6\xa3\x91\x0c\x4e\xea\x17\x45\xe5\x7e\xdf\x68\x6c\x34\xc2\x74\x98\x5b\x38\xa1\xaf\x3c\x35\xd1\x7d\xf0\x8f\x6a\x4f\xa4\xba\x4b\xfb\x5d\x9e\xa9\x73\x5c\xa1\x22\x5d\x3e\xb0\x95\x60\xd4\xf5\x9f\xe0\x1c\xab\xaa\x58\x47\xe9\xb4\xce\xf1\x56\x1f\x58\xf0\x63\xd2\xc0\xd2\xbb\xf3\x95\x11\xbe\x9f\xd2\xd5\x80\xba\xa7\x5a\xd2\x78\x51\x04\x3b\xf3\xe3\xc4\x9d\xec\xce\x42\x05\x2e\x13\x8e\x05\x6a\x8c\x53\x6b\x2b\x60\xdd\xb0\x48\x3c\xd2\xb3\x9b\x94\x54\xcb\x14\x03\x26\xde\x75\xde\x5b\xd0\xb2\x88\x5f\xb5\xf4\xfb\xc8\x07\x99\x62", 155); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000ec0, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000ed0, 16); uint32_t csum_1_chunk_2 = 0x9d000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x6000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x20000ee0, 157); *(uint16_t*)0x20000ee0 = csum_inet_digest(&csum_1); syscall(SYS_test, /*a0=*/0x20000ec0ul, 0, 0, 0, 0, 0); break; case 10: memset((void*)0x20000000, 0, 1); *(uint16_t*)0x20000040 = htobe16(4); *(uint16_t*)0x20000042 = htobe16(0x32); *(uint16_t*)0x20000044 = htobe16(9); *(uint16_t*)0x20000046 = htobe16(5); syz_compare(/*want=*/0x20000000, /*want_len=*/1, /*got=*/0x20000040, /*got_len=*/8); break; case 11: syz_compare_int(/*n=*/2, /*v0=*/3, /*v1=*/1, 0, 0); break; case 12: syz_errno(/*v=*/2); break; case 13: memcpy((void*)0x20000080, "\x89\x16\x34\x64\xff\x9a\xac\xa2\x2b\x68\xf4\xae\xed\x6f\x97\x24\x53\xdf\xae\xae\x52\x4d\x3e\x95\xd4\x1e\x2d\x28\x7d\x4a\x1d\xda\xc9\xb3\x1d\x4d\xf7\x24\x10\xfd\xd5\x2a\xdc\x8a\xa2\xd2\x28\xb8\xcf\x5b", 50); syz_execute_func(/*text=*/0x20000080); break; case 14: syz_exit(/*status=*/1); break; case 15: syz_mmap(/*addr=*/0x20ffb000, /*len=*/0x3000); break; case 16: syz_sleep_ms(/*ms=*/6); break; case 17: syz_test_fuzzer1(/*a=*/3, /*b=*/0xd, /*c=*/9); break; } } int main(void) { syz_mmap(/*addr=*/0x20000000, /*len=*/0x1000000); setup_fault(); do_sandbox_none(); return 0; } :321:9: error: call to undeclared function 'syscall'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration] res = syscall(SYS_foo, /*a0=*/0x20000000ul, /*a1=*/0x20000040ul, /*a2=*/0x20000080ul); ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor1080702909 -DGOOS_test=1 -DGOARCH_64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-array-bounds -Wno-unused-but-set-variable -Wno-unused-command-line-argument -no-pie -fno-exceptions] --- FAIL: TestGenerate/test/64/5 (1.56s) csource_test.go:148: --- FAIL: TestGenerate/test/64/1 (0.93s) csource_test.go:148: --- FAIL: TestGenerate/test/64/13 (0.96s) csource_test.go:148: --- FAIL: TestGenerate/test/64/14 (1.15s) csource_test.go:148: FAIL FAIL github.com/google/syzkaller/pkg/csource 29.963s ok github.com/google/syzkaller/pkg/db (cached) ok github.com/google/syzkaller/pkg/email (cached) ok github.com/google/syzkaller/pkg/email/lore (cached) ok github.com/google/syzkaller/pkg/fuzzer 41.062s ok github.com/google/syzkaller/pkg/gce (cached) ok github.com/google/syzkaller/pkg/host (cached) ok github.com/google/syzkaller/pkg/html (cached) ok github.com/google/syzkaller/pkg/ifuzz (cached) ok github.com/google/syzkaller/pkg/image (cached) ok github.com/google/syzkaller/pkg/instance (cached) ok github.com/google/syzkaller/pkg/ipc (cached) ok github.com/google/syzkaller/pkg/kconfig (cached) ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig (cached) ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report (cached) ok github.com/google/syzkaller/pkg/repro (cached) ok github.com/google/syzkaller/pkg/runtest (cached) ok github.com/google/syzkaller/pkg/serializer (cached) ok github.com/google/syzkaller/pkg/signal (cached) ok github.com/google/syzkaller/pkg/stats (cached) ok github.com/google/syzkaller/pkg/subsystem (cached) ok github.com/google/syzkaller/pkg/subsystem/linux (cached) ok github.com/google/syzkaller/pkg/subsystem/lists (cached) ok github.com/google/syzkaller/pkg/symbolizer (cached) ok github.com/google/syzkaller/pkg/tool (cached) ok github.com/google/syzkaller/pkg/vcs (cached) ok github.com/google/syzkaller/prog (cached) ok github.com/google/syzkaller/prog/test (cached) ok github.com/google/syzkaller/sys/linux (cached) ok github.com/google/syzkaller/sys/netbsd (cached) ok github.com/google/syzkaller/sys/openbsd (cached) ok github.com/google/syzkaller/syz-ci (cached) ok github.com/google/syzkaller/syz-fuzzer (cached) ok github.com/google/syzkaller/syz-hub (cached) ok github.com/google/syzkaller/syz-hub/state (cached) ok github.com/google/syzkaller/syz-manager 10.882s ok github.com/google/syzkaller/syz-verifier (cached) ok github.com/google/syzkaller/tools/syz-kconf (cached) ok github.com/google/syzkaller/tools/syz-linter (cached) ok github.com/google/syzkaller/tools/syz-testbed (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/parser (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/proggen (cached) ok github.com/google/syzkaller/vm (cached) ok github.com/google/syzkaller/vm/isolated (cached) ok github.com/google/syzkaller/vm/proxyapp (cached) ok github.com/google/syzkaller/vm/vmimpl (cached) FAIL