// https://syzkaller.appspot.com/bug?id=00ab003c84ca279986e93284c534c514e894e028 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[8] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); intptr_t res = 0; res = syscall(__NR_timerfd_create, 0ul, 0ul); if (res != -1) r[0] = res; memcpy((void*)0x20000080, ".\000", 2); res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20000080ul, 0ul, 0ul); if (res != -1) r[1] = res; memcpy((void*)0x20000080, ".\000", 2); res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20000080ul, 0ul, 0ul); if (res != -1) r[2] = res; res = syscall(__NR_dup3, r[1], r[2], 0ul); if (res != -1) r[3] = res; memcpy((void*)0x20000000, "./file0\000", 8); syscall(__NR_mknodat, r[3], 0x20000000ul, 0ul, 0x700); syscall(__NR_close, r[0]); memcpy((void*)0x20000000, "/sys/devices/virtual", 20); syscall(__NR_openat, 0xffffffffffffff9cul, 0x20000000ul, 0x8400ul, 0x2eul); memcpy((void*)0x20000080, ".\000", 2); res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20000080ul, 0ul, 0ul); if (res != -1) r[4] = res; memcpy((void*)0x20000080, ".\000", 2); res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20000080ul, 0ul, 0ul); if (res != -1) r[5] = res; res = syscall(__NR_dup3, r[4], r[5], 0ul); if (res != -1) r[6] = res; res = syscall(__NR_dup, r[0]); if (res != -1) r[7] = res; memcpy((void*)0x200000c0, "./file0\000", 8); memcpy((void*)0x20000100, "./file0\000", 8); syscall(__NR_linkat, r[6], 0x200000c0ul, r[7], 0x20000100ul, 0x1400ul); return 0; }