// https://syzkaller.appspot.com/bug?id=0d259373da8be7356652213543e1efc254a5abf0 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include long r[3]; void loop() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); memcpy((void*)0x20ca3ff7, "/dev/kvm", 9); r[0] = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20ca3ff7ul, 0x0ul, 0x0ul); r[1] = syscall(__NR_ioctl, r[0], 0xae01ul, 0x0ul); r[2] = syscall(__NR_ioctl, r[1], 0xae41ul, 0x0ul); *(uint64_t*)0x20af2ec8 = (uint64_t)0x0; *(uint32_t*)0x20af2ed0 = (uint32_t)0x0; *(uint16_t*)0x20af2ed4 = (uint16_t)0x0; *(uint8_t*)0x20af2ed6 = (uint8_t)0x4; *(uint8_t*)0x20af2ed7 = (uint8_t)0x6; *(uint8_t*)0x20af2ed8 = (uint8_t)0x0; *(uint8_t*)0x20af2ed9 = (uint8_t)0x0; *(uint8_t*)0x20af2eda = (uint8_t)0x0; *(uint8_t*)0x20af2edb = (uint8_t)0xfffffffffffffffe; *(uint8_t*)0x20af2edc = (uint8_t)0x0; *(uint8_t*)0x20af2edd = (uint8_t)0x0; *(uint8_t*)0x20af2ede = (uint8_t)0x0; *(uint8_t*)0x20af2edf = (uint8_t)0x0; *(uint64_t*)0x20af2ee0 = (uint64_t)0x0; *(uint32_t*)0x20af2ee8 = (uint32_t)0x0; *(uint16_t*)0x20af2eec = (uint16_t)0x0; *(uint8_t*)0x20af2eee = (uint8_t)0x0; *(uint8_t*)0x20af2eef = (uint8_t)0x0; *(uint8_t*)0x20af2ef0 = (uint8_t)0x0; *(uint8_t*)0x20af2ef1 = (uint8_t)0x0; *(uint8_t*)0x20af2ef2 = (uint8_t)0x0; *(uint8_t*)0x20af2ef3 = (uint8_t)0x0; *(uint8_t*)0x20af2ef4 = (uint8_t)0x0; *(uint8_t*)0x20af2ef5 = (uint8_t)0x0; *(uint8_t*)0x20af2ef6 = (uint8_t)0x0; *(uint8_t*)0x20af2ef7 = (uint8_t)0x0; *(uint64_t*)0x20af2ef8 = (uint64_t)0x0; *(uint32_t*)0x20af2f00 = (uint32_t)0x0; *(uint16_t*)0x20af2f04 = (uint16_t)0x0; *(uint8_t*)0x20af2f06 = (uint8_t)0x0; *(uint8_t*)0x20af2f07 = (uint8_t)0x0; *(uint8_t*)0x20af2f08 = (uint8_t)0x0; *(uint8_t*)0x20af2f09 = (uint8_t)0x0; *(uint8_t*)0x20af2f0a = (uint8_t)0x0; *(uint8_t*)0x20af2f0b = (uint8_t)0x0; *(uint8_t*)0x20af2f0c = (uint8_t)0x0; *(uint8_t*)0x20af2f0d = (uint8_t)0x0; *(uint8_t*)0x20af2f0e = (uint8_t)0x0; *(uint8_t*)0x20af2f0f = (uint8_t)0x0; *(uint64_t*)0x20af2f10 = (uint64_t)0x0; *(uint32_t*)0x20af2f18 = (uint32_t)0x0; *(uint16_t*)0x20af2f1c = (uint16_t)0x0; *(uint8_t*)0x20af2f1e = (uint8_t)0x0; *(uint8_t*)0x20af2f1f = (uint8_t)0x0; *(uint8_t*)0x20af2f20 = (uint8_t)0x0; *(uint8_t*)0x20af2f21 = (uint8_t)0x0; *(uint8_t*)0x20af2f22 = (uint8_t)0x0; *(uint8_t*)0x20af2f23 = (uint8_t)0x0; *(uint8_t*)0x20af2f24 = (uint8_t)0x0; *(uint8_t*)0x20af2f25 = (uint8_t)0x0; *(uint8_t*)0x20af2f26 = (uint8_t)0x0; *(uint8_t*)0x20af2f27 = (uint8_t)0x0; *(uint64_t*)0x20af2f28 = (uint64_t)0x0; *(uint32_t*)0x20af2f30 = (uint32_t)0x0; *(uint16_t*)0x20af2f34 = (uint16_t)0x0; *(uint8_t*)0x20af2f36 = (uint8_t)0x0; *(uint8_t*)0x20af2f37 = (uint8_t)0x0; *(uint8_t*)0x20af2f38 = (uint8_t)0x0; *(uint8_t*)0x20af2f39 = (uint8_t)0x0; *(uint8_t*)0x20af2f3a = (uint8_t)0x0; *(uint8_t*)0x20af2f3b = (uint8_t)0x0; *(uint8_t*)0x20af2f3c = (uint8_t)0x0; *(uint8_t*)0x20af2f3d = (uint8_t)0x0; *(uint8_t*)0x20af2f3e = (uint8_t)0x0; *(uint8_t*)0x20af2f3f = (uint8_t)0x0; *(uint64_t*)0x20af2f40 = (uint64_t)0x0; *(uint32_t*)0x20af2f48 = (uint32_t)0x10000; *(uint16_t*)0x20af2f4c = (uint16_t)0x0; *(uint8_t*)0x20af2f4e = (uint8_t)0x6; *(uint8_t*)0x20af2f4f = (uint8_t)0x0; *(uint8_t*)0x20af2f50 = (uint8_t)0x0; *(uint8_t*)0x20af2f51 = (uint8_t)0x0; *(uint8_t*)0x20af2f52 = (uint8_t)0x0; *(uint8_t*)0x20af2f53 = (uint8_t)0x0; *(uint8_t*)0x20af2f54 = (uint8_t)0x0; *(uint8_t*)0x20af2f55 = (uint8_t)0x0; *(uint8_t*)0x20af2f56 = (uint8_t)0x0; *(uint8_t*)0x20af2f57 = (uint8_t)0x0; *(uint64_t*)0x20af2f58 = (uint64_t)0x0; *(uint32_t*)0x20af2f60 = (uint32_t)0x0; *(uint16_t*)0x20af2f64 = (uint16_t)0x0; *(uint8_t*)0x20af2f66 = (uint8_t)0x0; *(uint8_t*)0x20af2f67 = (uint8_t)0x0; *(uint8_t*)0x20af2f68 = (uint8_t)0x0; *(uint8_t*)0x20af2f69 = (uint8_t)0x0; *(uint8_t*)0x20af2f6a = (uint8_t)0x0; *(uint8_t*)0x20af2f6b = (uint8_t)0x0; *(uint8_t*)0x20af2f6c = (uint8_t)0x0; *(uint8_t*)0x20af2f6d = (uint8_t)0x0; *(uint8_t*)0x20af2f6e = (uint8_t)0x0; *(uint8_t*)0x20af2f6f = (uint8_t)0x0; *(uint64_t*)0x20af2f70 = (uint64_t)0x0; *(uint32_t*)0x20af2f78 = (uint32_t)0x0; *(uint16_t*)0x20af2f7c = (uint16_t)0x0; *(uint8_t*)0x20af2f7e = (uint8_t)0x0; *(uint8_t*)0x20af2f7f = (uint8_t)0x0; *(uint8_t*)0x20af2f80 = (uint8_t)0x0; *(uint8_t*)0x20af2f81 = (uint8_t)0x0; *(uint8_t*)0x20af2f82 = (uint8_t)0x0; *(uint8_t*)0x20af2f83 = (uint8_t)0x0; *(uint8_t*)0x20af2f84 = (uint8_t)0x0; *(uint8_t*)0x20af2f85 = (uint8_t)0x0; *(uint8_t*)0x20af2f86 = (uint8_t)0x0; *(uint8_t*)0x20af2f87 = (uint8_t)0x0; *(uint64_t*)0x20af2f88 = (uint64_t)0x0; *(uint16_t*)0x20af2f90 = (uint16_t)0x0; *(uint16_t*)0x20af2f92 = (uint16_t)0x0; *(uint16_t*)0x20af2f94 = (uint16_t)0x0; *(uint16_t*)0x20af2f96 = (uint16_t)0x0; *(uint64_t*)0x20af2f98 = (uint64_t)0x0; *(uint16_t*)0x20af2fa0 = (uint16_t)0x0; *(uint16_t*)0x20af2fa2 = (uint16_t)0x0; *(uint16_t*)0x20af2fa4 = (uint16_t)0x0; *(uint16_t*)0x20af2fa6 = (uint16_t)0x0; *(uint64_t*)0x20af2fa8 = (uint64_t)0xfffffffffffffffd; *(uint64_t*)0x20af2fb0 = (uint64_t)0x0; *(uint64_t*)0x20af2fb8 = (uint64_t)0x0; *(uint64_t*)0x20af2fc0 = (uint64_t)0x100000; *(uint64_t*)0x20af2fc8 = (uint64_t)0x0; *(uint64_t*)0x20af2fd0 = (uint64_t)0x0; *(uint64_t*)0x20af2fd8 = (uint64_t)0x0; *(uint64_t*)0x20af2fe0 = (uint64_t)0x0; *(uint64_t*)0x20af2fe8 = (uint64_t)0x0; *(uint64_t*)0x20af2ff0 = (uint64_t)0x0; *(uint64_t*)0x20af2ff8 = (uint64_t)0x0; syscall(__NR_ioctl, r[2], 0x4138ae84ul, 0x20af2ec8ul); } int main() { loop(); return 0; }