// https://syzkaller.appspot.com/bug?id=f7719d3447c91d8806d66d90e757bd9fb3adb206 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; memcpy((void*)0x20000200, "/net/ipselftab", 15); res = syscall(SYS_openat, 0xffffffffffffff9c, 0x20000200, 0xf, 1, 0); if (res != -1) r[0] = res; *(uint32_t*)0x20000300 = -1; *(uint32_t*)0x20000304 = 2; *(uint32_t*)0x20000308 = 0x308; *(uint32_t*)0x2000030c = 1; *(uint64_t*)0x20000310 = 0x200000c0; *(uint64_t*)0x200000c0 = 0x20000040; memcpy((void*)0x20000040, "\x76\x16\x12\x01\x67\xe2\x4c\x09\x0a\x66\x9a\xfd\x91\x46\x00\xb1\xee" "\xdd\xc4\xa6\xd5\xdd\x69\xba\x0a\x5e\x10\x7c\x5f\xde\x09\xba\xe3\x74" "\x41\xc1\xa3\x51\x7e\xcf\x72\x91\x49\xc2\x8b\xb2\x2a\x11\xc6\xe2\x4b" "\xb4\xc7\x43\x88\xca\x9b\x16\xf6\x0f\xa1\xb0\xd2\xcd\x32\x40\xa7\x9d" "\x74\x9f\x23\x52\x80\x09\xc2\x1c\xb1\x63\x20\xa0", 80); *(uint32_t*)0x200000c8 = 3; *(uint8_t*)0x200000cc = 0; *(uint32_t*)0x200000d0 = 6; *(uint64_t*)0x200000d8 = 1; *(uint64_t*)0x200000e0 = 0xfffffffffffffff9; *(uint64_t*)0x20000318 = 0; *(uint32_t*)0x20000320 = -1; *(uint32_t*)0x20000324 = 1; *(uint32_t*)0x20000328 = 4; *(uint32_t*)0x2000032c = 0x4c8; *(uint64_t*)0x20000330 = 0x200001c0; *(uint64_t*)0x200001c0 = 0x20000140; memcpy((void*)0x20000140, "\xff\xe2\x85\xda\x3c\xdd\xee\x16\x2a\xfb\xb2\xda\x02\x0c\x35\xd5\xdd" "\x8a\x8a\x88\xd1\x44\xa5\xaa\x11\x4c\xa7\x33\xa2\x5c\x95\x02\x28\x4a" "\xbd\xd3\x19\x86\xd2\xf1\xcc\x4a\x3d\x4f\xee\x8e\x9b\x29\xb0\x01\x40" "\x58\x66\x19\xe2\x0b\x44\xda\xb5\x34\xd6\x6a\x29\xdc\xd6\x86\x03\x75" "\xb7\xdd\x91\x00\x2e\x87\x4c\xbb\xc7\xb7\xa3\x89", 80); *(uint32_t*)0x200001c8 = 1; *(uint8_t*)0x200001cc = 1; *(uint32_t*)0x200001d0 = 5; *(uint64_t*)0x200001d8 = 0x200; *(uint64_t*)0x200001e0 = 4; *(uint64_t*)0x20000338 = 0; *(uint32_t*)0x20000340 = r[0]; *(uint32_t*)0x20000344 = 3; *(uint32_t*)0x20000348 = 8; *(uint32_t*)0x2000034c = 6; *(uint64_t*)0x20000350 = 0x200002c0; *(uint64_t*)0x200002c0 = 0x20000240; memcpy((void*)0x20000240, "\x6f\x93\x65\x7d\xc1\x75\x3b\x06\xef\x0d\x30\xde\x2e\x82\xe8\x8f\xc3" "\x2e\x4b\xe1\xe3\x0e\x99\x96\xf0\xd5\x92\x1f\x23\x7e\xe0\x3f\x69\x9e" "\xca\xa7\x50\xd2\x63\xf1\xca\xef\xf3\x3d\xe3\x2c\x7b\x3f\xcf\x27\x43" "\xa2\x47\xc7\x48\xfd\x1b\xa4\x73\xb1\x01\x10\xa8\x3c\x45\x2b\x6f\x59" "\xd1\x7e\xa5\xc2\x29\x00\x2b\x99\x2f\x49\x69\xa5", 80); *(uint32_t*)0x200002c8 = -1; *(uint8_t*)0x200002cc = 0; *(uint32_t*)0x200002d0 = 0xfffffffa; *(uint64_t*)0x200002d8 = 5; *(uint64_t*)0x200002e0 = 1; *(uint64_t*)0x20000358 = 0; syscall(SYS_tap_fds, 0x20000300, 3); memcpy((void*)0x20000380, "/net/ipselftab", 15); syscall(SYS_openat, 0xffffffffffffff9c, 0x20000380, 0xf, 1, 0); memcpy((void*)0x20000400, "/net/icmp/clone", 16); syscall(SYS_openat, 0xffffffffffffff9c, 0x20000400, 0x10, 3, 0); memcpy((void*)0x20000440, "/proc/self/fd", 14); syscall(SYS_openat, 0xffffffffffffff9c, 0x20000440, 0xe, 1, 0); memcpy((void*)0x20000540, "/net/iprouter", 14); syscall(SYS_openat, 0xffffffffffffff9c, 0x20000540, 0xe, 3, 0); memcpy((void*)0x200005c0, "/prof/kptrace", 14); syscall(SYS_openat, 0xffffffffffffff9c, 0x200005c0, 0xe, 3, 0); memcpy((void*)0x20000740, "./file0", 8); syscall(SYS_nmount, -1, 0x20000740, 8, 0x12); memcpy((void*)0x20000780, "/proc/self/noteid", 18); syscall(SYS_openat, 0xffffffffffffff9c, 0x20000780, 0x12, 3, 0); memcpy((void*)0x200007c0, "/proc/self/profile", 19); syscall(SYS_openat, 0xffffffffffffff9c, 0x200007c0, 0x13, 1, 0); memcpy((void*)0x20000800, "/prof/kpctl", 12); syscall(SYS_openat, 0xffffffffffffff9c, 0x20000800, 0xc, 3, 0); return 0; }