// https://syzkaller.appspot.com/bug?id=931b8ee1d48676e38d38bc6733533c39213c7e84 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); intptr_t res = 0; *(uint32_t*)0x20008000 = 1; *(uint32_t*)0x20008004 = 3; *(uint64_t*)0x20008008 = 0x200003c0; memcpy( (void*)0x200003c0, "\xb7\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x95\x00" "\x00\x00\x00\x00\x00\x00\xa9\x17\x18\x09\xf8\xdc\xf1\x59\x56\x9d\x54\x75" "\x99\x1f\x7d\xe1\xa0\xd0\xc1\x19\xcf\xcf\x6b\x98\x74\x1c\x23\xfb\x7f\x8d" "\x30\x02\xec\x85\xdb\x75\xaf\x95\x54\x27\xe9\x14\x96\x08\x7a\x51\xa0\xa7" "\x36\x7b\x57\x24\xb1\x1d\x17\x42\x77\xc4\xfe\x35\x52\xc2\x0b\x7f\x5f\xa0" "\x39\x6a\x18\x03\x30\x80\x7a\x5b\x6e\x8c\x79\xaa\x92\x03\x8c\x78\xd1\xf1" "\x6c\x13\x23\xf0\xe0\xc8\xd4\x5c\x64\x1a\x21\x75\x78\x47\xcb\x22\x23\x0e" "\x43\x21\xcc\x35\x81\xe4\x0c\x59\xc4\xde\xfe\xe8\xcf\xfe\x35\x9c\xfe\xef" "\x7f\x58\xff\xfd\xb4\x86\x47\xd2\x8a\xe8\x10\xf6\xd2\x2d\x20\x27\x1e\x9e" "\x88\xe9\x4a\xa6\x98\x2b\xf4\x83\x56\x25\x2b\x08\xe2\xfb\xd4\x04\xe4\x1e" "\xdb\x58\xaa\xe0\x47\x8f\xbe\x54\x2b\x64\x84\x21\xd1\xb4\x48\x6a\x54\x2a" "\x7d\x47\x17\x39\x41\x00\x00\x00\x00\x29\x38\x53\xf9\xc6\x8e\x23\x51\x84" "\xb7\xad\x5b\x6c\x4f\xe7\x0e\xc8\x32\x05\x73\xdb\x0d\xb7\xfd\xa3\xda\x61" "\x71\xa0\x55\x09\xff\xec\xef\x2c\xb9\x80\x2d\x4f\x36\xc9\xa1\xce\x46\xd3" "\xb3\x55\xfe\xe6\x32\xc1\x88\xcc\xfc\x2f\x0f\xc8\x9e\x16\x45\x61\xfb\x06" "\xee\x9a\x01\x53\x98\x1a\x47\xb5\xde\x9e\xdd\x35\x36\xd5\x53\x4f\x9a\x69" "\x9f\x73\xb2\xc9\x34\x1d\x2d\x05\x04\x37\x48\xce\x1f\x45\x77\xed\x76\xcd" "\xf5\xb3\xc6\x97\x08\x9d\xaa\x4a\xbd\xa6\x9a\x8c\x0c\x99\x24\x04\x61\x0a" "\x6b\xe9\xe1\x03\xc9\x72\x45\x90\x65\xde\xc0\x48\x8e\x85\xa6\xa0\x41\x8f" "\xc8\x7d\xd8\x01\x9e\xf7\xbb\x4e\xf4\xfa\x6e\xe0\x8d\x81\x79\x75\x70\x57" "\x8f\x2e\x81\x98\xe6\x87\x01\x2f\x25\xa6\x9a\x90\xe7\x51\x5e\x35\xf8\xab" "\xbd\xdf\xa9\x6c\x3f\x04\x85\xf0\x1f\x0e\x9e\x14\x4a\x2b\xd3\x1c\x1b\x59" "\x4c\x50\xde\x7c\x9e\xfd\x82\x6f\x1e\x19\xb7\xbd\x89\xca\x40\x52\xb1\x98" "\x52\x87\xbd\x13\x95\x7a\x48\x46\x7e\x0e\xed\xdf\x56\x4d\x17\x5b\xf4\x34" "\x08\x85\xb6\x39\x76\xdf\x60\x98\x06\xc3\xb2\xa3\x66\x75\x39\xdf\xd6\x6a" "\x74", 451); *(uint64_t*)0x20008010 = 0x20003ff6; memcpy((void*)0x20003ff6, "syzkaller\000", 10); *(uint32_t*)0x20008018 = 1; *(uint32_t*)0x2000801c = 0xc3; *(uint64_t*)0x20008020 = 0x200002c0; *(uint32_t*)0x20008028 = 0; *(uint32_t*)0x2000802c = 0; memset((void*)0x20008030, 0, 16); *(uint32_t*)0x20008040 = 0; *(uint32_t*)0x20008044 = 0; *(uint32_t*)0x20008048 = -1; *(uint32_t*)0x2000804c = 8; *(uint64_t*)0x20008050 = 0x20000000; *(uint32_t*)0x20000000 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x20008058 = 0xffffff37; *(uint32_t*)0x2000805c = 0x10; *(uint64_t*)0x20008060 = 0x20000000; *(uint32_t*)0x20000000 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x20000008 = 0; *(uint32_t*)0x2000000c = 0; *(uint32_t*)0x20008068 = 0; *(uint32_t*)0x2000806c = 0; *(uint32_t*)0x20008070 = -1; *(uint32_t*)0x20008074 = 0; *(uint64_t*)0x20008078 = 0; res = syscall(__NR_bpf, 5ul, 0x20008000ul, 0x48ul); if (res != -1) r[0] = res; res = syscall(__NR_socket, 2ul, 2ul, 0); if (res != -1) r[1] = res; *(uint32_t*)0x20000100 = 0x57bb; syscall(__NR_setsockopt, r[1], 1, 0xf, 0x20000100ul, 4ul); *(uint32_t*)0x20000040 = r[0]; syscall(__NR_setsockopt, r[1], 1, 0x34, 0x20000040ul, 4ul); return 0; }