// https://syzkaller.appspot.com/bug?id=dae469d9efc5eb41ce0bfdaea89709e041bb8dd2 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #define __syscall syscall uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); intptr_t res = 0; syscall(SYS_mlock, 0x20001000ul, 0x800000ul); syscall(SYS_mprotect, 0x20003000ul, 0x1000ul, 0ul); syscall(SYS_ioctl, -1, 0x8020426cul, 0ul); syscall(SYS_pipe, 0x20000180ul); memcpy((void*)0x20000480, "/dev/vmm\000", 9); res = syscall(SYS_openat, 0xffffffffffffff9cul, 0x20000480ul, 0ul, 0ul); if (res != -1) r[0] = res; *(uint32_t*)0x20000580 = 1; *(uint32_t*)0x20000584 = 0; *(uint64_t*)0x20000588 = 1; *(uint64_t*)0x20000590 = 0; *(uint64_t*)0x20000598 = 0; *(uint64_t*)0x200005a0 = 0; *(uint64_t*)0x200005a8 = 0x20800000; *(uint64_t*)0x200005b0 = 0x200000; *(uint64_t*)0x200005b8 = 0; *(uint64_t*)0x200005c0 = 0; *(uint64_t*)0x200005c8 = 0; *(uint64_t*)0x200005d0 = 0; *(uint64_t*)0x200005d8 = 0; *(uint64_t*)0x200005e0 = 0; *(uint64_t*)0x200005e8 = 0; *(uint64_t*)0x200005f0 = 0; *(uint64_t*)0x200005f8 = 0; *(uint64_t*)0x20000600 = 0; *(uint64_t*)0x20000608 = 0; *(uint64_t*)0x20000610 = 0; *(uint64_t*)0x20000618 = 0; *(uint64_t*)0x20000620 = 0; *(uint64_t*)0x20000628 = 0; *(uint64_t*)0x20000630 = 0; *(uint64_t*)0x20000638 = 0; *(uint64_t*)0x20000640 = 0; *(uint64_t*)0x20000648 = 0; *(uint64_t*)0x20000650 = 0; *(uint64_t*)0x20000658 = 0; *(uint64_t*)0x20000660 = 0; *(uint64_t*)0x20000668 = 0; *(uint64_t*)0x20000670 = 0; *(uint64_t*)0x20000678 = 0; *(uint64_t*)0x20000680 = 0; *(uint64_t*)0x20000688 = 0; *(uint64_t*)0x20000690 = 0; *(uint64_t*)0x20000698 = 0; *(uint64_t*)0x200006a0 = 0; *(uint64_t*)0x200006a8 = 0; *(uint64_t*)0x200006b0 = 0; *(uint64_t*)0x200006b8 = 0; *(uint64_t*)0x200006c0 = 0; *(uint64_t*)0x200006c8 = 0; *(uint64_t*)0x200006d0 = 0; *(uint16_t*)0x200006d8 = 0; *(uint32_t*)0x200006dc = 0; *(uint32_t*)0x200006e0 = 0; *(uint64_t*)0x200006e8 = 0; *(uint16_t*)0x200006f0 = 0; *(uint32_t*)0x200006f4 = 0; *(uint32_t*)0x200006f8 = 0; *(uint64_t*)0x20000700 = 0; *(uint16_t*)0x20000708 = 0; *(uint32_t*)0x2000070c = 0; *(uint32_t*)0x20000710 = 0; *(uint64_t*)0x20000718 = 0; *(uint16_t*)0x20000720 = 0; *(uint32_t*)0x20000724 = 0; *(uint32_t*)0x20000728 = 0; *(uint64_t*)0x20000730 = 0; *(uint16_t*)0x20000738 = 0; *(uint32_t*)0x2000073c = 0; *(uint32_t*)0x20000740 = 0; *(uint64_t*)0x20000748 = 0; *(uint16_t*)0x20000750 = 0; *(uint32_t*)0x20000754 = 0; *(uint32_t*)0x20000758 = 0; *(uint64_t*)0x20000760 = 0; *(uint16_t*)0x20000768 = 0; *(uint32_t*)0x2000076c = 0; *(uint32_t*)0x20000770 = 0; *(uint64_t*)0x20000778 = 0; *(uint16_t*)0x20000780 = 0; *(uint32_t*)0x20000784 = 0; *(uint32_t*)0x20000788 = 0; *(uint64_t*)0x20000790 = 0; *(uint16_t*)0x20000798 = 0; *(uint32_t*)0x2000079c = 0; *(uint32_t*)0x200007a0 = 0; *(uint64_t*)0x200007a8 = 0; *(uint16_t*)0x200007b0 = 0; *(uint32_t*)0x200007b4 = 0; *(uint32_t*)0x200007b8 = 0; *(uint64_t*)0x200007c0 = 0; syscall(SYS_ioctl, r[0], 0xc5005601ul, 0x20000580ul); *(uint32_t*)0x20000080 = 0; *(uint64_t*)0x20000088 = 0; syscall(SYS_ioctl, -1, 0x80104267ul, 0x20000080ul); memcpy((void*)0x20000100, "tap", 3); *(uint8_t*)0x20000103 = 0x30; *(uint8_t*)0x20000104 = 0; syscall(SYS_ioctl, -1, 0x8020426cul, 0x20000100ul); *(uint32_t*)0x200002c0 = 0; *(uint64_t*)0x200002c8 = 0; syscall(SYS_ioctl, -1, 0x80104277ul, 0x200002c0ul); return 0; }