// https://syzkaller.appspot.com/bug?id=f0e01204e654ebd94c1d5ec4b99a76e9aa668bf7 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_writev #define __NR_writev 146 #endif #ifndef __NR_add_key #define __NR_add_key 286 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 void loop() { *(uint32_t*)0x20000540 = 0x20000080; *(uint32_t*)0x20000544 = 0; *(uint32_t*)0x20000548 = 0x20000180; *(uint32_t*)0x2000054c = 0; *(uint32_t*)0x20000550 = 0x20000380; *(uint32_t*)0x20000554 = 0; *(uint32_t*)0x20000558 = 0x200003c0; memcpy((void*)0x200003c0, "\x48\x29\x6a\xc8\xa6\x32\xb6\xcb\x5a\x2b\xe4\xd9\x24\x23\x99\x54\x32" "\xf2\xb4\x05\x20\x16\x83\xd0\x4f\x5a\x8d\x51\x22\xe3\xf4\xe2\xb9\xb0" "\x90\x0f\x53\x35\x41\xcb\xa2\x8b\x95\xca\x09\xeb\xe9\x16\x6d\xca\xe9" "\xe5\x5a\x36\x7b\x52\xd5\xce\xa9\xe0\x37\x17\x37\x1f\xe1\x78\xf2\xf5" "\x15\x7c\x47\xb2\x4f\xab\x58\x23\x64\x0d\x90\x30\x20\x25\xcf\xf7\x44" "\xe7\xc2\x34\x7f\x86\xc5\xc5\xfe\x9c\xd7\x2d\x19\xa1\xa6\x99\xfc\xf7" "\x95\x8b\xfe\x38\x21\xf6\x2c\xd5\x17\xd9\x46\xfd\x3f\x9d\xaf\xcd\xcc" "\xa8\x77\xc0\xde\x06\xcd\x60\x19\x11\xfe\x53\x55\x7e\x3d\x8d\x2c\x76" "\xae\x07\x45\xba\xf9\x49\x68", 143); *(uint32_t*)0x2000055c = 0x8f; *(uint32_t*)0x20000560 = 0x20000480; *(uint32_t*)0x20000564 = 0; *(uint32_t*)0x20000568 = 0x200004c0; *(uint32_t*)0x2000056c = 0; syscall(__NR_writev, -1, 0x20000540, 6); memcpy((void*)0x20000280, "dns_resolver", 13); *(uint8_t*)0x200002c0 = 0x73; *(uint8_t*)0x200002c1 = 0x79; *(uint8_t*)0x200002c2 = 0x7a; *(uint8_t*)0x200002c3 = 0; *(uint8_t*)0x200002c4 = 0; syscall(__NR_add_key, 0x20000280, 0x200002c0, 0x20000300, 0xfffff, 0xfffffffd); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }