// https://syzkaller.appspot.com/bug?id=681d4e43829c52611dd707e929de7b9f4f681822 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul); intptr_t res = 0; memcpy((void*)0x20000040, "/dev/mdctl\000", 11); res = syscall(SYS_openat, 0xffffffffffffff9cul, 0x20000040ul, 0ul, 0ul); if (res != -1) r[0] = res; *(uint32_t*)0x200005c0 = 0; *(uint32_t*)0x200005c4 = 0; *(uint32_t*)0x200005c8 = 0; *(uint64_t*)0x200005d0 = 0; *(uint64_t*)0x200005d8 = 6; *(uint32_t*)0x200005e0 = 2; *(uint32_t*)0x200005e4 = 0; *(uint64_t*)0x200005e8 = 0xffffffff; *(uint32_t*)0x200005f0 = 9; *(uint32_t*)0x200005f4 = 0x91; *(uint64_t*)0x200005f8 = 0; *(uint32_t*)0x20000600 = 4; *(uint32_t*)0x20000604 = 4; *(uint32_t*)0x20000608 = 1; *(uint32_t*)0x2000060c = 8; *(uint32_t*)0x20000610 = 0; *(uint32_t*)0x20000614 = 0x7f; *(uint32_t*)0x20000618 = 7; *(uint32_t*)0x2000061c = 8; *(uint32_t*)0x20000620 = 7; *(uint32_t*)0x20000624 = 0x2de; *(uint32_t*)0x20000628 = 8; *(uint32_t*)0x2000062c = 5; *(uint32_t*)0x20000630 = 5; *(uint32_t*)0x20000634 = 8; *(uint32_t*)0x20000638 = 7; *(uint32_t*)0x2000063c = 0x11; *(uint32_t*)0x20000640 = 4; *(uint32_t*)0x20000644 = 3; *(uint32_t*)0x20000648 = 6; *(uint32_t*)0x2000064c = 2; *(uint32_t*)0x20000650 = 0x5f; *(uint32_t*)0x20000654 = 0; *(uint32_t*)0x20000658 = 5; *(uint32_t*)0x2000065c = 0xabbb; *(uint32_t*)0x20000660 = 2; *(uint32_t*)0x20000664 = 0xf526; *(uint32_t*)0x20000668 = 8; *(uint32_t*)0x2000066c = 8; *(uint32_t*)0x20000670 = 1; *(uint32_t*)0x20000674 = 8; *(uint32_t*)0x20000678 = 4; *(uint32_t*)0x2000067c = 0x3ff; *(uint32_t*)0x20000680 = 7; *(uint32_t*)0x20000684 = 0x1ff; *(uint32_t*)0x20000688 = 0x10000; *(uint32_t*)0x2000068c = 0xffff; *(uint32_t*)0x20000690 = -1; *(uint32_t*)0x20000694 = 8; *(uint32_t*)0x20000698 = 0x800; *(uint32_t*)0x2000069c = 8; *(uint32_t*)0x200006a0 = 0x101; *(uint32_t*)0x200006a4 = 0xff; *(uint32_t*)0x200006a8 = 0x24ef; *(uint32_t*)0x200006ac = 1; *(uint32_t*)0x200006b0 = 2; *(uint32_t*)0x200006b4 = 5; *(uint32_t*)0x200006b8 = 0x32; *(uint32_t*)0x200006bc = 2; *(uint32_t*)0x200006c0 = 0x200; *(uint32_t*)0x200006c4 = 2; *(uint32_t*)0x200006c8 = -1; *(uint32_t*)0x200006cc = 8; *(uint32_t*)0x200006d0 = 7; *(uint32_t*)0x200006d4 = 2; *(uint32_t*)0x200006d8 = 0xfff; *(uint32_t*)0x200006dc = 1; *(uint32_t*)0x200006e0 = 0xff; *(uint32_t*)0x200006e4 = 0x20; *(uint32_t*)0x200006e8 = 0xe; *(uint32_t*)0x200006ec = 1; *(uint32_t*)0x200006f0 = 0x100; *(uint32_t*)0x200006f4 = 0; *(uint32_t*)0x200006f8 = 1; *(uint32_t*)0x200006fc = 0x10001; *(uint32_t*)0x20000700 = 0x9556; *(uint32_t*)0x20000704 = 9; *(uint32_t*)0x20000708 = 8; *(uint32_t*)0x2000070c = 0xee; *(uint32_t*)0x20000710 = 0x8000; *(uint32_t*)0x20000714 = 3; *(uint32_t*)0x20000718 = 2; *(uint32_t*)0x2000071c = 7; *(uint32_t*)0x20000720 = 7; *(uint32_t*)0x20000724 = 0x81; *(uint32_t*)0x20000728 = 7; *(uint32_t*)0x2000072c = 0xfff; *(uint32_t*)0x20000730 = 0x45; *(uint32_t*)0x20000734 = 7; *(uint32_t*)0x20000738 = 0xfffffe00; *(uint32_t*)0x2000073c = 7; *(uint32_t*)0x20000740 = 1; *(uint32_t*)0x20000744 = 0; *(uint32_t*)0x20000748 = -1; *(uint32_t*)0x2000074c = 0; *(uint32_t*)0x20000750 = 0x80; *(uint32_t*)0x20000754 = 5; *(uint32_t*)0x20000758 = 0x81; *(uint32_t*)0x2000075c = 0x400; *(uint32_t*)0x20000760 = 0xff; *(uint32_t*)0x20000764 = 3; *(uint32_t*)0x20000768 = 1; *(uint32_t*)0x2000076c = 6; *(uint32_t*)0x20000770 = 4; *(uint32_t*)0x20000774 = 0xfff; *(uint32_t*)0x20000778 = 0; *(uint32_t*)0x2000077c = 4; syscall(SYS_ioctl, r[0], 0xc1c06d00ul, 0x200005c0ul); return 0; }