// https://syzkaller.appspot.com/bug?id=0549d8c089382a2593078734cc8166a0fc9049f1 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(SYS_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x1012ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } res = syscall(SYS_freebsd10_pipe, /*pipefd=*/0x2000000005c0ul); if (res != -1) r[0] = *(uint32_t*)0x2000000005c4; syscall(SYS_close, /*fd=*/r[0]); memcpy((void*)0x200000000080, ".\000", 2); syscall(SYS_open, /*file=*/0x200000000080ul, /*flags=*/0ul, /*mode=*/0ul); *(uint32_t*)0x200000000080 = 0; *(uint32_t*)0x200000000084 = 0; *(uint32_t*)0x200000000088 = 4; *(uint64_t*)0x200000000090 = 0; *(uint64_t*)0x200000000098 = 0; *(uint32_t*)0x2000000000a0 = 0; *(uint32_t*)0x2000000000a4 = 8; *(uint64_t*)0x2000000000a8 = 0x7fffffffffffffff; *(uint32_t*)0x2000000000b0 = 0; *(uint32_t*)0x2000000000b4 = 0x100; *(uint64_t*)0x2000000000b8 = 0; *(uint32_t*)0x2000000000c0 = 0; *(uint32_t*)0x2000000000c4 = 0; *(uint32_t*)0x2000000000c8 = 0; *(uint32_t*)0x2000000000cc = 3; *(uint32_t*)0x2000000000d0 = 0; *(uint32_t*)0x2000000000d4 = 0; *(uint32_t*)0x2000000000d8 = 0x400008; *(uint32_t*)0x2000000000dc = 0x8e; *(uint32_t*)0x2000000000e0 = 0xfffffffd; *(uint32_t*)0x2000000000e4 = 0xf; *(uint32_t*)0x2000000000e8 = 0xfffffffc; *(uint32_t*)0x2000000000ec = 0; *(uint32_t*)0x2000000000f0 = 0; *(uint32_t*)0x2000000000f4 = 0; *(uint32_t*)0x2000000000f8 = 0xff; *(uint32_t*)0x2000000000fc = 0; *(uint32_t*)0x200000000100 = 0; *(uint32_t*)0x200000000104 = 2; *(uint32_t*)0x200000000108 = 0; *(uint32_t*)0x20000000010c = 2; *(uint32_t*)0x200000000110 = 2; *(uint32_t*)0x200000000114 = 0x5bee; *(uint32_t*)0x200000000118 = 0; *(uint32_t*)0x20000000011c = 0xc; *(uint32_t*)0x200000000120 = 3; *(uint32_t*)0x200000000124 = 2; *(uint32_t*)0x200000000128 = 0; *(uint32_t*)0x20000000012c = 0x10000000; *(uint32_t*)0x200000000130 = 0; *(uint32_t*)0x200000000134 = 1; *(uint32_t*)0x200000000138 = 0; *(uint32_t*)0x20000000013c = 0x83; *(uint32_t*)0x200000000140 = 0; *(uint32_t*)0x200000000144 = 0; *(uint32_t*)0x200000000148 = 0; *(uint32_t*)0x20000000014c = 0; *(uint32_t*)0x200000000150 = 0; *(uint32_t*)0x200000000154 = 0xfff; *(uint32_t*)0x200000000158 = 1; *(uint32_t*)0x20000000015c = 0x4c; *(uint32_t*)0x200000000160 = 0x1fffffc; *(uint32_t*)0x200000000164 = 4; *(uint32_t*)0x200000000168 = 0x40000001; *(uint32_t*)0x20000000016c = 0; *(uint32_t*)0x200000000170 = 8; *(uint32_t*)0x200000000174 = 0; *(uint32_t*)0x200000000178 = 0; *(uint32_t*)0x20000000017c = 0x100001; *(uint32_t*)0x200000000180 = 0; *(uint32_t*)0x200000000184 = 0x1ff; *(uint32_t*)0x200000000188 = 0xe; *(uint32_t*)0x20000000018c = 8; *(uint32_t*)0x200000000190 = 0; *(uint32_t*)0x200000000194 = 0; *(uint32_t*)0x200000000198 = 0; *(uint32_t*)0x20000000019c = 0xc; *(uint32_t*)0x2000000001a0 = 9; *(uint32_t*)0x2000000001a4 = 2; *(uint32_t*)0x2000000001a8 = 0x10000002; *(uint32_t*)0x2000000001ac = 0x100000; *(uint32_t*)0x2000000001b0 = 0x46; *(uint32_t*)0x2000000001b4 = 6; *(uint32_t*)0x2000000001b8 = 0x3ff; *(uint32_t*)0x2000000001bc = 2; *(uint32_t*)0x2000000001c0 = 0; *(uint32_t*)0x2000000001c4 = 0xfffffffa; *(uint32_t*)0x2000000001c8 = 0x200; *(uint32_t*)0x2000000001cc = 0; *(uint32_t*)0x2000000001d0 = 1; *(uint32_t*)0x2000000001d4 = 3; *(uint32_t*)0x2000000001d8 = 0; *(uint32_t*)0x2000000001dc = 0x100; *(uint32_t*)0x2000000001e0 = 0; *(uint32_t*)0x2000000001e4 = 8; *(uint32_t*)0x2000000001e8 = 0x108c6b2; *(uint32_t*)0x2000000001ec = 0xfffffffa; *(uint32_t*)0x2000000001f0 = 0; *(uint32_t*)0x2000000001f4 = 5; *(uint32_t*)0x2000000001f8 = 0; *(uint32_t*)0x2000000001fc = 0; *(uint32_t*)0x200000000200 = 0; *(uint32_t*)0x200000000204 = 0; *(uint32_t*)0x200000000208 = 0; *(uint32_t*)0x20000000020c = 0x80; *(uint32_t*)0x200000000210 = 0; *(uint32_t*)0x200000000214 = 1; *(uint32_t*)0x200000000218 = 0; *(uint32_t*)0x20000000021c = 6; *(uint32_t*)0x200000000220 = 0; *(uint32_t*)0x200000000224 = 0; *(uint32_t*)0x200000000228 = 0; *(uint32_t*)0x20000000022c = 6; *(uint32_t*)0x200000000230 = 0; *(uint32_t*)0x200000000234 = 0; *(uint32_t*)0x200000000238 = 0; *(uint32_t*)0x20000000023c = 0xa9f; syscall(SYS_ioctl, /*fd=*/(intptr_t)-1, /*cmd=*/0xc1c06d02ul, /*arg=*/0x200000000080ul); *(uint32_t*)0x200000000580 = -1; *(uint64_t*)0x200000000588 = 0; *(uint64_t*)0x200000000590 = 0x200000000180; *(uint64_t*)0x200000000598 = 0; *(uint32_t*)0x2000000005a0 = 0xfffff000; *(uint32_t*)0x2000000005a4 = 3; *(uint64_t*)0x2000000005a8 = 0; *(uint32_t*)0x2000000005b0 = 0; *(uint32_t*)0x2000000005b4 = 0; *(uint64_t*)0x2000000005b8 = 0; *(uint64_t*)0x2000000005c0 = 0; *(uint64_t*)0x2000000005c8 = 0; *(uint32_t*)0x2000000005d0 = 0; *(uint32_t*)0x2000000005d4 = 0; *(uint64_t*)0x2000000005d8 = 0; *(uint16_t*)0x2000000005e0 = 0x4043; *(uint32_t*)0x200000000620 = -1; *(uint64_t*)0x200000000628 = 0; *(uint64_t*)0x200000000630 = 0; *(uint64_t*)0x200000000638 = 0; *(uint32_t*)0x200000000640 = 0x10; *(uint32_t*)0x200000000644 = 0; *(uint64_t*)0x200000000648 = 0; *(uint32_t*)0x200000000650 = 0; *(uint32_t*)0x200000000654 = 0; *(uint64_t*)0x200000000658 = 8; *(uint64_t*)0x200000000660 = 0x3ff; *(uint64_t*)0x200000000668 = 0; *(uint32_t*)0x200000000670 = 1; *(uint32_t*)0x200000000674 = 0; *(uint32_t*)0x200000000678 = 3; *(uint16_t*)0x200000000680 = 0; *(uint32_t*)0x2000000006c0 = -1; *(uint64_t*)0x2000000006c8 = 0; *(uint64_t*)0x2000000006d0 = 0; *(uint64_t*)0x2000000006d8 = 0; *(uint32_t*)0x2000000006e0 = 0; *(uint32_t*)0x2000000006e4 = 0; *(uint64_t*)0x2000000006e8 = 2; *(uint32_t*)0x2000000006f0 = 0; *(uint32_t*)0x2000000006f4 = 0; *(uint64_t*)0x2000000006f8 = 0x101; *(uint64_t*)0x200000000700 = 0xb3; *(uint64_t*)0x200000000708 = 0; *(uint32_t*)0x200000000710 = 0; *(uint32_t*)0x200000000714 = 0xa; *(uint64_t*)0x200000000718 = 3; *(uint32_t*)0x200000000720 = 0; syscall(SYS_lio_listio, /*mode=*/0ul, /*list=*/0x200000000580ul, /*nent=*/3ul, /*sig=*/0ul); return 0; }