// https://syzkaller.appspot.com/bug?id=f7719d3447c91d8806d66d90e757bd9fb3adb206 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include uint64_t r[3] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff}; int main(void) { syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; memcpy((void*)0x20000080, "/dev/osversion", 15); res = syscall(SYS_openat, 0xffffffffffffff9c, 0x20000080, 0xf, 1, 0); if (res != -1) r[0] = res; memcpy((void*)0x200000c0, "./file0", 8); memcpy((void*)0x20000100, "", 1); res = syscall(SYS_proc_create, 0x200000c0, 8, 0x20000100, 1, 1); if (res != -1) r[1] = res; syscall(SYS_fchdir, r[1], r[0]); *(uint32_t*)0x20000400 = -1; *(uint32_t*)0x20000404 = 2; *(uint32_t*)0x20000408 = 4; *(uint32_t*)0x2000040c = 8; *(uint64_t*)0x20000410 = 0x200003c0; *(uint64_t*)0x200003c0 = 0x20000340; memcpy((void*)0x20000340, "\xb6\xb9\x48\xab\xac\xf1\x2f\xa8\x82\x6a\x9e\x5a\x80\x0f\xb8\xd3\x96" "\xad\xe6\xbe\x48\x1e\x12\x26\x48\x52\xb6\xd7\x28\x47\xa4\xce\xd4\x0b" "\xb4\xb1\x72\x3d\x2a\x4e\x1e\x15\xdd\xaa\x77\x7a\x6a\x35\xdd\x86\xb6" "\xc9\x9b\x4e\x9f\x97\x70\x22\x9e\xa5\xa5\x9f\xd1\x7c\xfc\x4a\x1e\xc7" "\x39\x89\x96\xa4\xf4\xa5\x65\x29\xac\x45\x1a\xac", 80); *(uint32_t*)0x200003c8 = 0xfffff975; *(uint8_t*)0x200003cc = 1; *(uint32_t*)0x200003d0 = 8; *(uint64_t*)0x200003d8 = 0xffff; *(uint64_t*)0x200003e0 = 2; *(uint64_t*)0x20000418 = 0; syscall(SYS_tap_fds, 0x20000400, 1); memcpy((void*)0x20000440, "/proc/self/syscall", 19); syscall(SYS_openat, 0xffffffffffffff9c, 0x20000440, 0x13, 1, 0); memcpy((void*)0x20000480, "./file0", 8); res = syscall(SYS_openat, r[0], 0x20000480, 8, 0x21400, 1); if (res != -1) r[2] = res; memcpy((void*)0x20000500, "/prof/kpctl", 12); syscall(SYS_openat, 0xffffffffffffff9c, 0x20000500, 0xc, 3, 0); memcpy((void*)0x20000540, "/prof/kptrace", 14); syscall(SYS_openat, 0xffffffffffffff9c, 0x20000540, 0xe, 3, 0); syscall(SYS_fcntl, r[2], 4, 0x80000); return 0; }