// https://syzkaller.appspot.com/bug?id=8593724cce469c9898b7fbc49f48f4943fee940f // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x32ul, -1, 0); intptr_t res = 0; *(uint32_t*)0x20000080 = 3; *(uint32_t*)0x20000084 = 3; *(uint64_t*)0x20000088 = 0x20000200; memcpy((void*)0x20000200, "\x85\x00\x00\x00\x4f\x00\x00\x00\x3f\x00\x00\x00\x00\x00\x00\x00\x95" "\x00\x00\xe6\x00\x00\x00\x00\x00\x81\x83\xdd\x3c\x42\x9d\xe1\xaa\x12" "\x43\x26\x7d\x55\x88\x65\x03\x1a\x42\x16\xa9\x20\xc7\xe2\xb2\xca\x80" "\xdd\xe1\x1c\xcf\x86\x9c\x0d\x8d\x4a\xdd\x1f\x02\x64\x5b\x52\xcd\x5f" "\xa0\x52\xac\x6f\x1c\xe7\x1e\xb0\x92\xd6\xaa\x88\x33\x23\x8d\x4a\x93" "\x92\x03\x65\x6e\x38\x4b\x45\x14\x5c\x2e\x6e\x77\x57\xb1\x43\x2f\x35" "\xe8\x6f\xbc\x8b\x27\x04\x0c\x49\x38\x14\xee\x51\xd4\xbc\xfc\x9e\xd7" "\x07\x0a\xfb\x5b\x5a\x17\xff\x38\x62\x43\xa1\x1b\x2d\x2c\x53\x11\x5d" "\x3c\x8e\x4c\x56\x5b\xb4\xf9\xd3\xa7\xd8\x45\x2c\x0b\xa2\x99\x71\xf0" "\x6c\xf4\x60\x07\x0b\x35\x19\xd7\xd7\x50\xb6\xf2\x18\x54\x55\x1f\x5e" "\xd4\xda\xc7\xa3\x98\x47\xd9\x28\xf5\xf3\x3d\xa8\x63\x7f\x00\xc5\x89" "\xca\xc9\x61\x87\xc4\x6f\x63\x61\x5a\xfe\xf9\x3d\x59\x4e\x53\xbe\xeb" "\xf5\xae\x0e\xa0\x5a\xd7\xaf\x1c\x50\x72\xd3\x2e\x37\xef\x67\x5a\x80" "\xf4\x72\x93\x90\xd8\xb2\xce\x64\x9f\xfd\x21\x93\xb8\xe0\xc7\xc9\x2f" "\x01\x90\x9e\x42\x93\x54\xe3\xb8\x75\x7b\x7d\x43\xf4\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00" "\x00\x00", 274); *(uint64_t*)0x20000090 = 0x20000000; memcpy((void*)0x20000000, "GPL\000", 4); *(uint32_t*)0x20000098 = 5; *(uint32_t*)0x2000009c = 0x487; *(uint64_t*)0x200000a0 = 0x2000cf3d; *(uint32_t*)0x200000a8 = 0; *(uint32_t*)0x200000ac = 0; *(uint8_t*)0x200000b0 = 0; *(uint8_t*)0x200000b1 = 0; *(uint8_t*)0x200000b2 = 0; *(uint8_t*)0x200000b3 = 0; *(uint8_t*)0x200000b4 = 0; *(uint8_t*)0x200000b5 = 0; *(uint8_t*)0x200000b6 = 0; *(uint8_t*)0x200000b7 = 0; *(uint8_t*)0x200000b8 = 0; *(uint8_t*)0x200000b9 = 0; *(uint8_t*)0x200000ba = 0; *(uint8_t*)0x200000bb = 0; *(uint8_t*)0x200000bc = 0; *(uint8_t*)0x200000bd = 0; *(uint8_t*)0x200000be = 0; *(uint8_t*)0x200000bf = 0; *(uint32_t*)0x200000c0 = 0; *(uint32_t*)0x200000c4 = 0; *(uint32_t*)0x200000c8 = -1; *(uint32_t*)0x200000cc = 8; *(uint64_t*)0x200000d0 = 0x20000000; *(uint32_t*)0x20000000 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x200000d8 = 0; *(uint32_t*)0x200000dc = 0x10; *(uint64_t*)0x200000e0 = 0x20000000; *(uint32_t*)0x20000000 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x20000008 = 0; *(uint32_t*)0x2000000c = 0; *(uint32_t*)0x200000e8 = 0; *(uint32_t*)0x200000ec = 0; *(uint32_t*)0x200000f0 = -1; res = syscall(__NR_bpf, 5ul, 0x20000080ul, 0x48ul); if (res != -1) r[0] = res; *(uint32_t*)0x200001c0 = r[0]; *(uint32_t*)0x200001c4 = 0; *(uint32_t*)0x200001c8 = 0xe; *(uint32_t*)0x200001cc = 0; *(uint64_t*)0x200001d0 = 0x20000100; memcpy((void*)0x20000100, "\x26\x3a\xbd\x03\xd8\xee\x2f\xe5\x06\x55\xa1\x5c\x88\xa8", 14); *(uint64_t*)0x200001d8 = 0; *(uint32_t*)0x200001e0 = 0x3ff; *(uint32_t*)0x200001e4 = 0; *(uint32_t*)0x200001e8 = 0; *(uint32_t*)0x200001ec = 0; *(uint64_t*)0x200001f0 = 0x20000000; *(uint64_t*)0x200001f8 = 0x20000000; syscall(__NR_bpf, 0xaul, 0x200001c0ul, 0x28ul); return 0; }