// https://syzkaller.appspot.com/bug?id=8593724cce469c9898b7fbc49f48f4943fee940f // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); intptr_t res = 0; *(uint32_t*)0x202a0fb8 = 3; *(uint32_t*)0x202a0fbc = 4; *(uint64_t*)0x202a0fc0 = 0x20000ac0; memcpy( (void*)0x20000ac0, "\x85\x00\x00\x00\x4f\x00\x00\x00\x35\x00\x00\x00\x00\x00\x00\x00\x85\x00" "\x00\x00\x2a\x00\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00" "\x27\x1e\x35\x03\x20\x0f\xfa\x95\xa2\xc8\xc0\x37\xc5\xa1\x42\xdf\xa8\xd7" "\x62\x87\x06\x6c\x51\x97\xfa\xbd\x5f\x98\x10\xe8\x1a\xf8\xb7\x37\x12\x9a" "\x99\x34\xd8\x39\xcd\x34\xd5\xae\xed\x8d\x38\xe6\x5c\xb6\xe2\x2f\xf5\xdd" "\xe5\x47\x04\xd2\x55\xa2\x35\x0e\xa7\xc0\x9c\x4f\x42\xa5\xf0\xa8\x32\x0e" "\x12\x82\x2c\x45\xc0\xf8\x61\x2c\x10\xb1\x00\x00\x00\x27\x01\x40\x76\x1f" "\x5c\x26\xe9\x91\xc9\xb5\xfb\x1f\xb3\xd3\x71\x2c\x7e\x93\x36\x3a\xf3\x16" "\x6a\x32\xd9\x54\x55\xbb\x75\x5a\x2d\xd5\x76\x09\x9d\x17\x10\x4f\x86\x0c" "\x48\x67\xa7\xb6\x39\x3e\x36\x6c\x63\x86\xd5\xec\x72\x09\xd0\x31\xf4\x0f" "\x30\x12\xe9\x57\x6e\x51\xa7\xf5\x50\xaf\xc8\x52\x00\x3b\xf3\xe4\x19\x5c" "\xc0\x37\x10\x21\x24\xd8\x5c\xec\xe7\x4c\x69\x49\xe1\x29\x89\x01\x52\x21" "\x3c\x8b\x27\x59\xa0\x7e\x6d\x06\x7a\x97\xf5\xfe\x47\xfe\x5f\x17\xfd\xab" "\x80\x0f\x41\x04\xdb\xab\xa4\x6a\xa4\x3a\x8a\x5b\x1e\x5c\x6d\x1d\x22\x4f" "\x64\xbe\x6c\xdf\x78\xd8\x1c\xaf\x8b\x60\xd0\x0f\xfd\x43\xa3\x7a\xc3\x4d" "\x7f\x47\xef\x04\xeb\x7e\x29\x33\x44\xcd\x57\x5c\x22\x36\x82\x65\x78\xa6" "\x53\xb4\xa1\x46\xf9\xaa\x4a\x97\x79\xf8\x55\x5e\xae\xa7\x68\xc0\xf2\xc2" "\x21\xc1\x10\xef\x4b\x25\x3d\x11\x0e\xe2\x78\xab\x76\xf5\x93\xd9\x28\xcf" "\x95\x84\x6b\xe6\x27\x7c\x04\x37\x25\xcd\xb8\xc5\x32\x48\x12\x69\x6a\x62" "\x3c\xd8\xa4\xf8\xdc\x8d\x00\x00\x00\x00\x00\x00\x52\x08\x7b\x5e\xfa\xbf" "\x84\x96\xb9\xa9\x51\x66\x7d\x51\x0b\xa0\xe3\x7b\x56\xc0\xeb\xfa\xfd\xa3" "\x42\x68\x2f\xb9\x8c\x14\x52\xb6\x51\x2d\x2a\xf7\x27\x44\x41\x9a\xf5\x3e" "\x53\x09\xec\x91\xd8\x3c\xf4\xfb\xd7\x75\xd9\xc0\x7d\x8d\x59\x1a\x4d\xac" "\x60\xff\x00\x00\x00\xb7\x88\x63\xe6\x29\xb3\xb2\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcb\xc1\x00\x00\x31" "\x74\xc8\x7e\xe5\x45\x86\x7a\x31\x26\xaf\x7a\x8b\x20\x74\x4e\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\x47\x37\xfe\xd0" "\xfa\x81\xf2\x9a\xd5\x92\xa2\x4d\x6d\x93\x34\xb3\xe9\xca\xfc\x9c\xb0\x5c" "\x1d\xcf\xe3\x7d\x9a\x0a\x66\xbf\x8d\x0a\x4a\x58\x57\x34\xb3\xca\x74\x01" "\x3e\xfb\x27\x47\x4c\xc4\xd4\x7b\x51\xd5\xd0\xfb\xe8\x8a\xf5\xe6\xd6\x38" "\x39\x4b\x9e\x69\xcb\xbd\x2e\x63\xe0\xff\xc0\x4c\x11\x51\x71\xe5\xd4\x0f" "\x6d\xbd\x66\x7e\xb9\x4c\x80\x41\xa5\x16\xa4\x5e\xfe\x30\xe5\x06\x24\xcb" "\x96\x96\xdf\x98\xb0\xf0\x72\xdf\x71\x6c\x46\x6c\xfc\x26\x8e\x8b\x9e\x7a" "\xa0\xe2\x22\x78\x02\x09\xda\x65\x6c\x8a\x65\x7d\x3a\xce\xc9\x8a\x79\xd3" "\x58\xdb\x83\x98\xc8\x35\x8c\xd0\x09\xd6\x92\x0d\x84\xa5\x9f\xf9\xf5\x29" "\xfb\x3f\x28\xcf\x8e\x5e\xa6\xf7\xac\xfd\xe5\x45\x73\xb9\xae\x57\xf2\xb7" "\xdc\xd9\x22\xd0\xa1\xf4\x15\x0d\xdb\x16\xd3\x25\xbe\x63\x0f\x0c\xed\x0a" "\xcc\x1b\x28\x1c\xed\x17\x5b\x17\xc7\x4d\x0e\x3e\x0d\xc8\xa4\x67\x38\x4b" "\x51\x0b\xe0\x2b\x3f\x65\x80\x92\x43\xa7\x3f\xc5\x55\x30\xbd\x59\xc8\xcb" "\xcd\x3f\xe0\x66\x08\xd8\x60\x82\x98\x65\x2b\x9a\x5d\xf0\x12\xff\xb9\xf6" "\xc4\x25\x55\x52\xf2\x37\x61\xef\x4b\x8c\xf7\x03\x00\x00\x00\x00\x00\x00" "\x00\x03\x8b\x64\xa8\xea\xf5\x8a\x3a\xb1\xba\x70\x76\xc4\xd1\xa9\x1a\x32" "\x3a\x1a\x5d\x2e\xf1\x42\x42\xa2\x5d\xb2\xb0\x58\x15\x5b\x8d\x0c\x2b\x55" "\xa1\xab\xe6\x85\x71\x29\x0c\x84\x0c\x7c\xfe\x15\x89\xc9\x39\x5c\x4a\x18" "\xd0\x32\xc9\xcd\xfb\x44\x29\x65\xd3\x9b\xcd\x08\x02\x00\x00\x00\x00\x00" "\x00\xf6\x93\xa3\x63\x50\x00\x25\x93\xfa\xe3\x12\xbe\xf8\x61\x94\xdd\xf6" "\x40\xc4\xe8\xb8\xa4\x4e\xf8\x28\x1c\x2c\x99\xb2\x1e\x02\xe3\x88\x37\xf6" "\xfb\x3a\x57\x1b\xe3\x99\xd8\xcb\x32\x3c\x6b\xfd\xc8\x52\x56\x36\xef\x4c" "\xcd\xf2\x58\x44\xe0\xb0\xa3\x8d\x54\xa4\x2f\x4b\x35\xd2\xe0\x36\xeb\x46" "\x2f\x53\xeb\x3a\x82\x8f\x49\xea\xdf\x42\xa4\x36\x25\x08\x30\xa5\xeb\xc3" "\x55\x4e\xe6\x9d\xf0\x2a\x04\x00\xb4\xd4\xc4\x71\x06\x1d\xa1\xfc\xe1\x2a" "\x24\x99\xbd\x6a\x20\x49\x37\x98\x04\x3b\x0f\x61\x41\xc7\xcc\x20\x37\x43" "\x02\xad\xa4\xb4\xbf\xeb\x6a\xb6\x56\xfa\xce\xe3\x46\xb4\x8f\x4a\x5d\xbb" "\x1e\x0a\x05\xb7\xf1\xba\x3e\x1c\xaa\x02\x08\xe1\x93\xfc\x0b\x11\x50\x4d" "\xc1\x73\xec\x12\x69\x14\x92\xd4\x00\x32\x0a\x53\x76\x3f\x0a\x73\x99\x91" "\x84\x69\x3b\x07\x90\xce\xca\x57\xd2\x79\xe2\xb4\x4a\xc3\x2a\xc2\x3f\x7d" "\x2a\x1d\x3c\x8d\x57\xa0\x3b\x91\xa4\x52\x76\x75\x7f\xbd\xe7\xf4\x2c\xb6" "\x8e\x8c\x6b\xc4\x06\x42\x00\x00\x00\x00\x47\x64\x68\x88\x56\xab\x2e\xbd" "\x42\x5c\x70\x45\x82\x7a\x0a\xdd\xb6\x40\xcd\xa1\xe0\x9a\xe1\xc8\xc1\x08" "\x0f\x57\x66\xe9\x18\x53\xbe\xe7\x72\x24\x54\x04\xa6\x8f\xa1\xf5\x6e\xd6" "\x65\x4f\x49\xf5\xaa\x3c\xdc\xea\x07\x5f\x6a\x3e\x7a\xa7\xb6\xb9\xfd\x51" "\xfc\x51\x1d\x64\x6c\x61\x1c\x62\x1e\x90\xb8\x7b\x9f\x8c\xe8\xb5\x02\x95" "\x46\xf7\xbf\x01\x70\x63\x5d\x33\xb7\x26\xae\x28\xcb\x71\x86\x45\x93\x49" "\xab\x00\xbb\xbf\x46\x01\x32\xba\x11\x61\xad\xb7\x3a\x44\xe5\x99\xea\x89" "\x57\x39\x0e\x39\x0c\xe2\x08\x88\xe9\xb1\xaa\x19\x0a\x68\xcf\xfe\xb0\xb2" "\xa6\xbb\xc5\xd8\x01\x54\xd7\x1b\x91\x01\xaa\x06\x10\x13\xb9\x08\xe4\x18" "\x13\x60\xeb\x30\xda\x54\x4f\x1b\xd2\x6d\x4c\xb9\xf9\xbd\x76\x4b\x6e\x63" "\xb2\xac\xf5\x61\x67\x80\x5b\x27\xad\xba\x7c\x04\x69\x54\xb3\x6f\x65\x67" "\x0e\xb2\x02\x3f\x3b\x6b\x78\x62\x24\x13\x03\xb4\xab\x49\x03\x51\x0d\xf3" "\x28\x9b\x48\x2c\xfd\x20\x80\x8e\x0c\x37\xaf\x4c\xb0\x4a\x41\xe7\xa0\xc1" "\xb3\x78\x72\x2a\xab\x67\x8a\x35\xb6\x7f\x2a\xbc\x55\x7b\x91\x44\x98\xc5" "\x63\xca\x1f\x05\xbe\xd2\x34\x25\xf9\x27\x59\x38\xca\xc4\x42\x5b\x23\xb7" "\x39\x59\x7b\xad\x91\xd0\xf7\xc8\xef\x5b\xeb\xd7\x0e\xa5\x9a\xe6\x40\xd3" "\xbd\x7a\xa7\xaf\xaa\xfa\xea\x0b\x0c\xcf\x3d\x55\x57\x5f\x03\x10\x26\xe1" "\x2f\xa4\x18\xc8\xa1\xd7\x52\x90\x59\x68\x08\xbc\x11\xce\x8a\x5b\x0a\x26" "\x6e\xcf\xb7\xf3\x46\xe6\x45\xf8\x2d\xcd\xd0\xdb\x76\x2a\xbb\xbf\x0d\xfc" "\x4a\x35\xbf\xca\x44\xff\x27\x50\x63\x98\x40\xb3\xf0\x90\x14\x78\x8f\xb1" "\x3e\x46\x16\x98\x7e\xb8\x4e\xd9\x87\x0e\x5f\x8f\xa0\xbb\xf6\x1d\x3e\xe5" "\xcd\x2c\x79\x0f\x12\x69\x51\x4e\x63\xdd\x4a\x96\x4c\x2e\x8b\x0a\x98\xa1" "\x5a\xa4\xe8\xe7\x78\x37\xa2\xd9\xdc\xac\x69\xba\xf7\x3d\x18\xa8\x47\x0a" "\x40\x66\x6e\xdb\xb4\xae\x6f\x8f\x5c\x72\x3f\xc9\xb6\x5e\x61\x15\xf7\x8c" "\x45\x7f\xbf\xb8\x8f\x5c\x5e\x2c\x54\x42\xd8\x22\xb8\x3d\xe6\x44\xbb\x83" "\x27\xf2\xd2\x21\x91\xec\x4a\x4a\x1e\x62\x0e\xe4\x57\x9d\x32\xc2\xd6\x2b" "\x3b\xad\x98\xa8\xe2\x3c\x8d\x71\xd9\x5d\x98\xd8\x17\x03\xe2\x72\xa0\xb3" "\x8c\x06\x00\x00\x00\x48\xac\x71\x0b\x47\x57\xdd\x92\x84\xc3\x0b\x5f\xeb" "\x6e\x5c\x91\x1b\x69\x4d\x84\x34\x02\x05\x6a\x28\xcc\x76\xfd\xd6\x2a\xd9" "\xcb\x90\xff\xb5\xdc\x56\x4a\x4d\xb7\x66\xe6\xd9\xa3\x12\x95\x11\x22\x54" "\x27\x0d\xc0\x9a\x6e\xed\xda\xa2\x19\x63\x9b\x1a\x27\x22\x0c\xc1\x69\x0c" "\x4a\x38\x32\x66\x3a\x02\x9f\x2d\xf5\x3f\x3a\x0b\xef\xa7\x03\xb1\xc3\xb3" "\x5d\xb5\x77\x8f\x9c\xee\xa5\x39\x48\x75\x09\xff\xd1\x09\x43\xb2\x6f\x10" "\xfa\xa4\xe1\x42\x1b\xe8\xa5\x0d\x49\xa5\xcf\x05\x38\xe1\xb0\x68\x00\x5c" "\x15\xd3\x6a\xe7\x16\x47\x3a\x03\x2a\xf3\x16\x15\xf9\x94\x46\x8a\x01\xef" "\x9f\x00\x0e\x37\x15\x44\xd1\xc0\x5e\xa2\x8c\x04\xc0\x5e\xe5\x80\x57\x11" "\x9e\x1f\xe0\xfb\xdd\x89\x97\x8b\xa2\xbe\x48\x8b\x9a\xa4\xf7\x26\x65\x78" "\x3b\x12\x60\x66\x6d\x91\x30\x65\xe5\xd7\x86\x51\x7e\xc6\x88\x19\x98\x57" "\x85\x54\x11\x6a\xf6\x2c\xc8\x9a\xcb\xb2\xee\xbd\x21\x5e\xdf\x98\xcc\xe4" "\x1f\x04\xde\xf0\xc1\x74\xf0\x7d\x38\x66\xa3\xb8\xd9", 1741); *(uint64_t*)0x202a0fc8 = 0x20000140; memcpy((void*)0x20000140, "GPL\000", 4); *(uint32_t*)0x202a0fd0 = 0; *(uint32_t*)0x202a0fd4 = 0xe0; *(uint64_t*)0x202a0fd8 = 0x20000180; *(uint32_t*)0x202a0fe0 = 0; *(uint32_t*)0x202a0fe4 = 0; memset((void*)0x202a0fe8, 0, 16); *(uint32_t*)0x202a0ff8 = 0; *(uint32_t*)0x202a0ffc = 0; *(uint32_t*)0x202a1000 = -1; *(uint32_t*)0x202a1004 = 8; *(uint64_t*)0x202a1008 = 0; *(uint32_t*)0x202a1010 = 0; *(uint32_t*)0x202a1014 = 0x10; *(uint64_t*)0x202a1018 = 0; *(uint32_t*)0x202a1020 = 0xfffffc1a; *(uint32_t*)0x202a1024 = 0; *(uint32_t*)0x202a1028 = -1; *(uint32_t*)0x202a102c = 0; *(uint64_t*)0x202a1030 = 0; *(uint64_t*)0x202a1038 = 0; *(uint32_t*)0x202a1040 = 0x10; *(uint32_t*)0x202a1044 = 0; res = syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x202a0fb8ul, /*size=*/0x15ul); if (res != -1) r[0] = res; *(uint32_t*)0x20000440 = r[0]; *(uint32_t*)0x20000444 = 0xfffff000; *(uint32_t*)0x20000448 = 0xe; *(uint32_t*)0x2000044c = 0; *(uint64_t*)0x20000450 = 0x200000c0; memcpy((void*)0x200000c0, "\x61\xdf\x71\x2b\xc8\x84\xfe\xd5\x72\x27\x80\xb6\xc2\xa7", 14); *(uint64_t*)0x20000458 = 0; *(uint32_t*)0x20000460 = 0x42; *(uint32_t*)0x20000464 = 0; *(uint32_t*)0x20000468 = 0; *(uint32_t*)0x2000046c = 0; *(uint64_t*)0x20000470 = 0x20000000; *(uint64_t*)0x20000478 = 0x20000000; *(uint32_t*)0x20000480 = 0; *(uint32_t*)0x20000484 = 0; *(uint32_t*)0x20000488 = 0; syscall(__NR_bpf, /*cmd=*/0xaul, /*arg=*/0x20000440ul, /*size=*/0x28ul); return 0; }