// https://syzkaller.appspot.com/bug?id=90cd06695bd4650a5228385b4b02f370ef9c219f // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; memcpy((void*)0x20000000, "/dev/kvm", 9); res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0, 0); if (res != -1) r[0] = res; res = syscall(__NR_ioctl, r[0], 0xae01, 0); if (res != -1) r[1] = res; res = syscall(__NR_ioctl, r[1], 0xae41, 0); if (res != -1) r[2] = res; *(uint32_t*)0x20000040 = 2; *(uint32_t*)0x20000044 = 0; *(uint64_t*)0x20000048 = 0x49; *(uint64_t*)0x20000050 = 2; *(uint64_t*)0x20000058 = 0; *(uint64_t*)0x20000060 = 0; *(uint8_t*)0x20000068 = 0; *(uint8_t*)0x20000069 = 0; *(uint8_t*)0x2000006a = 0; *(uint8_t*)0x2000006b = 0; *(uint8_t*)0x2000006c = 0; *(uint8_t*)0x2000006d = 0; *(uint8_t*)0x2000006e = 0; *(uint8_t*)0x2000006f = 0; *(uint8_t*)0x20000070 = 0; *(uint8_t*)0x20000071 = 0; *(uint8_t*)0x20000072 = 0; *(uint8_t*)0x20000073 = 0; *(uint8_t*)0x20000074 = 0; *(uint8_t*)0x20000075 = 0; *(uint8_t*)0x20000076 = 0; *(uint8_t*)0x20000077 = 0; *(uint8_t*)0x20000078 = 0; *(uint8_t*)0x20000079 = 0; *(uint8_t*)0x2000007a = 0; *(uint8_t*)0x2000007b = 0; *(uint8_t*)0x2000007c = 0; *(uint8_t*)0x2000007d = 0; *(uint8_t*)0x2000007e = 0; *(uint8_t*)0x2000007f = 0; *(uint8_t*)0x20000080 = 0; *(uint8_t*)0x20000081 = 0; *(uint8_t*)0x20000082 = 0; *(uint8_t*)0x20000083 = 0; *(uint8_t*)0x20000084 = 0; *(uint8_t*)0x20000085 = 0; *(uint8_t*)0x20000086 = 0; *(uint8_t*)0x20000087 = 0; *(uint8_t*)0x20000088 = 0; *(uint8_t*)0x20000089 = 0; *(uint8_t*)0x2000008a = 0; *(uint8_t*)0x2000008b = 0; *(uint8_t*)0x2000008c = 0; *(uint8_t*)0x2000008d = 0; *(uint8_t*)0x2000008e = 0; *(uint8_t*)0x2000008f = 0; *(uint8_t*)0x20000090 = 0; *(uint8_t*)0x20000091 = 0; *(uint8_t*)0x20000092 = 0; *(uint8_t*)0x20000093 = 0; *(uint8_t*)0x20000094 = 0; *(uint8_t*)0x20000095 = 0; *(uint8_t*)0x20000096 = 0; *(uint8_t*)0x20000097 = 0; *(uint8_t*)0x20000098 = 0; *(uint8_t*)0x20000099 = 0; *(uint8_t*)0x2000009a = 0; *(uint8_t*)0x2000009b = 0; *(uint8_t*)0x2000009c = 0; *(uint8_t*)0x2000009d = 0; *(uint8_t*)0x2000009e = 0; *(uint8_t*)0x2000009f = 0; *(uint8_t*)0x200000a0 = 0; *(uint8_t*)0x200000a1 = 0; *(uint8_t*)0x200000a2 = 0; *(uint8_t*)0x200000a3 = 0; *(uint8_t*)0x200000a4 = 0; *(uint8_t*)0x200000a5 = 0; *(uint8_t*)0x200000a6 = 0; *(uint8_t*)0x200000a7 = 0; syscall(__NR_ioctl, r[2], 0xc080aebe, 0x20000040); return 0; }