// https://syzkaller.appspot.com/bug?id=8593724cce469c9898b7fbc49f48f4943fee940f // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); intptr_t res = 0; *(uint32_t*)0x202a0fb8 = 3; *(uint32_t*)0x202a0fbc = 4; *(uint64_t*)0x202a0fc0 = 0x20000c00; memcpy( (void*)0x20000c00, "\x85\x00\x00\x00\x4f\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x85\x00" "\x00\x00\x08\x00\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00\xf4\x67\x08\x80" "\x27\x1e\x35\x03\x20\x0f\xfa\x95\xa2\xc8\xc0\x37\xc5\xa1\x42\xdf\xa8\xd7" "\x62\x87\x06\x6c\x51\x97\xfa\xbd\x5f\x70\x10\xe8\x1a\xe0\xb7\x37\x00\x00" "\xa6\xf7\xdc\x39\xcd\x34\xd5\xae\xed\x8d\x38\xe6\x5c\xb6\xe2\x2f\xf5\xdd" "\xe5\x47\x04\xd2\x5c\x79\x94\x9c\x23\xe2\xeb\x15\xd7\x55\xa2\x35\x0e\xa7" "\xc0\x9c\xc2\x8d\xe1\x94\xf4\x48\x42\xa5\xf0\xa8\x32\x0e\x13\x82\x2c\x87" "\x07\xf8\x61\x2c\x10\xb1\x00\x00\x00\x00\xb0\xd3\x71\x2c\x7e\x93\x36\x3a" "\xf3\xc0\x75\xff\x1e\x23\x16\x6a\x32\xd9\x54\x33\xbb\x75\x5a\xf3\xd5\x76" "\x09\x0c\x48\x67\xa7\xb6\x39\x3e\x36\x6c\x63\x86\xd5\xec\x72\x09\xd0\x31" "\xf4\x0f\x30\x12\xe9\x57\x6e\x51\xa7\xf5\x50\xaf\xc8\x52\x00\x3b\x2f\x78" "\x46\xc7\x44\xae\x6a\xf3\xe4\x19\x5c\xc0\x37\x10\x29\x89\x01\xeb\xb3\x95" "\x22\xf6\x64\x9d\xd7\x6d\x06\x7a\x97\xf5\xfe\x47\xfe\x5f\x17\xfd\xab\x80" "\x0f\x41\x04\xe9\xab\xbd\x6a\xa4\x3a\x81\x5b\x1e\x5c\x6d\x1d\x22\x4b\x64" "\xbe\x6c\x4d\x7e\xb6\xba\xaa\x4a\x97\x7b\xf8\x55\x5e\xae\xa7\x68\xc1\xf2" "\xc2\x21\xc1\x10\xef\x05\x00\x00\x00\x0e\xe2\x82\xab\x76\xf5\x93\xd9\x28" "\xcf\x32\x48\x12\x69\x6a\x62\x3c\xd8\xa4\xf8\xdc\x8d\xcb\xa0\x0b\x1b\x42" "\x34\x23\xbd\x11\x2f\xae\xf5\x2d\x25\x47\xc4\x5b\x0c\x52\x08\x7b\x5e\xfa" "\xbf\x84\x96\xb9\xa9\x51\x66\x7d\xd5\x8e\xa0\xe3\x7b\x56\xc0\xeb\xfb\x19" "\xa3\x42\x68\x33\x56\x48\xe1\xf8\x44\xce\x32\x8c\x10\x75\x2a\x42\xdc\xa5" "\x2f\xb9\x8c\x14\x52\xb6\x51\x8a\x6e\xf7\x29\x7f\x7b\x27\x44\x41\x9a\x2f" "\x23\x8f\x17\x3d\x0c\xd4\x6d\xaf\xc6\xac\x00\xf5\x3e\x53\x09\xec\x8d\xd8" "\x3c\xf4\xfb\xd7\x75\xd9\xc0\x7d\x8d\x59\x1a\x4d\xac\x60\xff\x00\x00\x00" "\xb7\x88\x63\xe6\x29\xb3\xb2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x69\xfc\x8e\xc1\x30\x2a\x42\xe6\x91\x9e" "\x8b\x2e\xf6\x64\x54\x7e\xf6\xd6\x7d\xa4\x9e\x1b\x99\xf0\xd8\x46\xbc\x1b" "\xde\x1f\x84\x96\xe7\x84\xf5\x71\xf1\x6c\x96\x7d\x7d\xb4\x63\xd7\x2e\x0f" "\x41\x13\x65\x35\x39\x30\x63\xe7\xa9\xe6\xff\xe5\xd6\x56\x70\x66\x1d\xce" "\x14\x17\x85\x9b\xa5\x29\xe2\xac\x8c\x92\x59\x1f\x23\x4e\xac\x3c\x33\x49" "\x57\xef\xc9\xbb\x33\xc5\x7b\x1a\x52\xf6\xb8\xe7\xf3\x75\xbb\x67\x80\x3a" "\x41\xa8\xf5\x9b\xb4\x02\x13\xbc\xf3\xf6\xed\x99\x43\x70\x9a\x3c\x0b\x0d" "\x23\x84\x40\x00\x18\xcf\x50\x67\x37\x1e\x5c\x57\xdb\x44\xc4\x35\xd2\x57" "\xaa\xcb\xa3\x49\x92\x15\x65\x75\x50\xa5\xf3\xba\xe5\x07\xbd\x4a\x27\x0d" "\x1d\x95\xd8\x67\x99\x0e\xfe\x2c\x47\x56\x41\x00\x00\xd4\x48\x9c\xab\x59" "\x56\x34\x7a\xd8\x6e\xfd\xa9\x81\xc9\x50\x61\xa3\xe8\x1f\x94\xed\x40\x45" "\xcf\xe1\x76\x0b\x57\x16\x37\xae\x1a\x25\x99\xbc\xdf\x82\x7d\xeb\x32\x6e" "\x80\x8f\x74\x54\x64\x81\x83\xc7\x82\x97\x57\xf9\xe6\x39\x0f\xcc\x9c\x3c" "\x2b\x8b\xe5\x85\xd1\x2c\x67\x82\xa3\x4a\x45\x78\xd1\xac\x1a\xe5\x85\xd1" "\x87\x30\x23\x8f\x5e\x09\x54\xea\xb1\x9a\xef\x53\xf9\x24\xa6\xb7\x9e\xc7" "\xb3\x07\x1d\x9c\xfe\x6e\x60\x7b\xd6\x72\x07\x41\x89\xda\xfd\x5e\x90\x39" "\x01\x59\x44\x50\x94\x28\x3a\xce\x0d\x74\x95\xa2\xca\x00\x5f\x21\xe2\xcf" "\xac\x58\x4e\xc9\xfa\xfb\xb6\x19\x53\x90\xd5\xef\x4f\x0c\xe7\x17\xdf\x6b" "\x96\x8e\x1c\xfb\x3d\xac\x4d\x56\x11\xb4\x22\xc8\xbe\x73\x66\x3f\xab\xea" "\x97\x74\xab\x62\xdc\xeb\x5c\x8f\x17\xa4\x90\x50\xf6\x17\xa4\x03\x86\x7f" "\xf1\x2f\x9d\x5f\x16\xbd\x2d\xf8\x29\xce\x62\xc3\x4e\x88\xc4\x52\x23\xa9" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x8f\xb0\xce\x01\xd4\x0a\x1a\xdd\x23\x27\xc2\xb1\x8c\xf9\x7f\x6a\xfb" "\x7c\x7d\xfc\x7e\xdc\xdd\x45\x91\x77\x6f\xb9\xef\xe8", 859); *(uint64_t*)0x202a0fc8 = 0x20000140; memcpy((void*)0x20000140, "GPL\000", 4); *(uint32_t*)0x202a0fd0 = 0; *(uint32_t*)0x202a0fd4 = 0xe0; *(uint64_t*)0x202a0fd8 = 0x20000180; *(uint32_t*)0x202a0fe0 = 0; *(uint32_t*)0x202a0fe4 = 0; memset((void*)0x202a0fe8, 0, 16); *(uint32_t*)0x202a0ff8 = 0; *(uint32_t*)0x202a0ffc = 0; *(uint32_t*)0x202a1000 = -1; *(uint32_t*)0x202a1004 = 8; *(uint64_t*)0x202a1008 = 0; *(uint32_t*)0x202a1010 = 0; *(uint32_t*)0x202a1014 = 0x10; *(uint64_t*)0x202a1018 = 0; *(uint32_t*)0x202a1020 = 0xfffffc1a; *(uint32_t*)0x202a1024 = 0; *(uint32_t*)0x202a1028 = -1; *(uint32_t*)0x202a102c = 0; *(uint64_t*)0x202a1030 = 0; res = syscall(__NR_bpf, 5ul, 0x202a0fb8ul, 0x15ul); if (res != -1) r[0] = res; *(uint32_t*)0x20000440 = r[0]; *(uint32_t*)0x20000444 = 0xfffff000; *(uint32_t*)0x20000448 = 0xe; *(uint32_t*)0x2000044c = 0; *(uint64_t*)0x20000450 = 0x200000c0; memcpy((void*)0x200000c0, "\x61\xdf\x71\x2b\xc8\x84\xfe\xd5\x72\x27\x80\xb6\xc2\xa7", 14); *(uint64_t*)0x20000458 = 0; *(uint32_t*)0x20000460 = 0x8000; *(uint32_t*)0x20000464 = 0; *(uint32_t*)0x20000468 = 0; *(uint32_t*)0x2000046c = 0; *(uint64_t*)0x20000470 = 0x20000000; *(uint64_t*)0x20000478 = 0x20000000; *(uint32_t*)0x20000480 = 0; *(uint32_t*)0x20000484 = 0; syscall(__NR_bpf, 0xaul, 0x20000440ul, 0x28ul); return 0; }