// https://syzkaller.appspot.com/bug?id=ee6eb695d299285d2902da117be95146ac6c48cf // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #define __syscall syscall uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); intptr_t res = 0; syscall(SYS_mmap, 0x20719000ul, 0x4000ul, 3ul, 0x5012ul, -1, 0ul, 0ul); memcpy((void*)0x20000000, "/dev/vmm\000", 9); res = syscall(SYS_openat, 0xffffffffffffff9cul, 0x20000000ul, 0ul, 0ul); if (res != -1) r[0] = res; *(uint32_t*)0x20000580 = 1; *(uint32_t*)0x20000584 = 0; *(uint64_t*)0x20000588 = 1; *(uint64_t*)0x20000590 = 0; *(uint64_t*)0x20000598 = 0; *(uint64_t*)0x200005a0 = 0x10000; *(uint64_t*)0x200005a8 = 0x20040000; *(uint64_t*)0x200005b0 = 0x80000000; *(uint64_t*)0x200005b8 = 0xa07; *(uint64_t*)0x200005c0 = 0; *(uint64_t*)0x200005c8 = 0; *(uint64_t*)0x200005d0 = 0; *(uint64_t*)0x200005d8 = 0; *(uint64_t*)0x200005e0 = 0; *(uint64_t*)0x200005e8 = 0; *(uint64_t*)0x200005f0 = 0; *(uint64_t*)0x200005f8 = 0; *(uint64_t*)0x20000600 = 0; *(uint64_t*)0x20000608 = 0; *(uint64_t*)0x20000610 = 0; *(uint64_t*)0x20000618 = 0; *(uint64_t*)0x20000620 = 0; *(uint64_t*)0x20000628 = 0; *(uint64_t*)0x20000630 = 0; *(uint64_t*)0x20000638 = 0; *(uint64_t*)0x20000640 = 0; *(uint64_t*)0x20000648 = 0; *(uint64_t*)0x20000650 = 0; *(uint64_t*)0x20000658 = 0; *(uint64_t*)0x20000660 = 0; *(uint64_t*)0x20000668 = 0; *(uint64_t*)0x20000670 = 0; *(uint64_t*)0x20000678 = 0; *(uint64_t*)0x20000680 = 0; *(uint64_t*)0x20000688 = 0; *(uint64_t*)0x20000690 = 0; *(uint64_t*)0x20000698 = 1; *(uint64_t*)0x200006a0 = 0; *(uint64_t*)0x200006a8 = 0; *(uint64_t*)0x200006b0 = 0; *(uint64_t*)0x200006b8 = 0; *(uint64_t*)0x200006c0 = 0; *(uint64_t*)0x200006c8 = 0x200000000000; *(uint64_t*)0x200006d0 = 0; *(uint16_t*)0x200006d8 = 0; *(uint32_t*)0x200006dc = 0; *(uint32_t*)0x200006e0 = 0; *(uint64_t*)0x200006e8 = 0; *(uint16_t*)0x200006f0 = 0; *(uint32_t*)0x200006f4 = 0; *(uint32_t*)0x200006f8 = 0; *(uint64_t*)0x20000700 = 0; *(uint16_t*)0x20000708 = 0; *(uint32_t*)0x2000070c = 0; *(uint32_t*)0x20000710 = 0; *(uint64_t*)0x20000718 = 0; *(uint16_t*)0x20000720 = 0; *(uint32_t*)0x20000724 = 0; *(uint32_t*)0x20000728 = 0; *(uint64_t*)0x20000730 = 0; *(uint16_t*)0x20000738 = 0; *(uint32_t*)0x2000073c = 0; *(uint32_t*)0x20000740 = 0; *(uint64_t*)0x20000748 = 0; *(uint16_t*)0x20000750 = 0; *(uint32_t*)0x20000754 = 0; *(uint32_t*)0x20000758 = 0; *(uint64_t*)0x20000760 = 0x7fffffff; *(uint16_t*)0x20000768 = 0; *(uint32_t*)0x2000076c = 0; *(uint32_t*)0x20000770 = 0; *(uint64_t*)0x20000778 = 0; *(uint16_t*)0x20000780 = 1; *(uint32_t*)0x20000784 = 0; *(uint32_t*)0x20000788 = 0; *(uint64_t*)0x20000790 = 0; *(uint16_t*)0x20000798 = 0; *(uint32_t*)0x2000079c = 0; *(uint32_t*)0x200007a0 = 4; *(uint64_t*)0x200007a8 = 0; *(uint16_t*)0x200007b0 = 0; *(uint32_t*)0x200007b4 = 0; *(uint32_t*)0x200007b8 = 0; *(uint64_t*)0x200007c0 = 0; syscall(SYS_ioctl, r[0], 0xc5005601ul, 0x20000580ul); return 0; }