// https://syzkaller.appspot.com/bug?id=826185a3ca17eb363147ce23a041ca1389b89ce3 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); intptr_t res = 0; memcpy((void*)0x200004c0, "/dev/vim2m\000", 11); res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x200004c0ul, 2ul, 0ul); if (res != -1) r[0] = res; *(uint32_t*)0x20000340 = 0x59c0; *(uint32_t*)0x20000344 = 2; *(uint32_t*)0x20000348 = 1; *(uint32_t*)0x2000034c = 0; *(uint8_t*)0x20000350 = 0; memset((void*)0x20000351, 0, 3); syscall(__NR_ioctl, r[0], 0xc0145608, 0x20000340ul); *(uint32_t*)0x20000080 = 3; *(uint32_t*)0x20000084 = 5; *(uint32_t*)0x20000088 = 4; *(uint32_t*)0x20000090 = 2; memcpy((void*)0x20000098, "\xfe\x44\x9f\x92\x9f\xed\x76\x24\xe4\x3e\xc5\x17\x0f\x89\xb5\x04\x26" "\x68\x03\x58\xa0\x1f\xa4\x96\x46\xd1\xeb\x5c\x25\x55\x91\x6d\xd8\xee" "\xc4\xa9\xfb\xe9\x40\xf9\x37\xbc\x9c\x48\x7c\x9c\x5a\xa2\x78\x68\x1b" "\x2a\x17\xc9\x64\xee\x9c\x29\x6f\xf7\x1b\xc1\x4b\xff\x72\xaf\x72\xa3" "\xee\x58\x8f\x58\x95\x00\x5e\xb4\x69\x10\x09\xac\x9a\x13\x7d\xcb\xd9" "\xac\x97\x38\xde\x99\xb0\xe7\x95\x46\x72\x27\x0c\xff\xc5\x44\x94\xbc" "\x4b\x3d\xe1\xc7\x20\xa3\x66\xb5\x2b\x73\x83\x44\xd7\xde\xd3\x9b\x97" "\xef\xdd\xbf\x04\x81\x20\xdd\xa6\x21\x1b\xef\x7f\x6d\x77\x1a\xdd\xd3" "\x91\x8b\x6d\xdd\x84\x33\x66\x0a\x00\xd6\x78\x81\x44\x83\x54\x43\x36" "\x74\x34\x23\x0e\x24\xe8\x68\x3d\xdd\x03\x49\xab\xa8\x6f\xaa\x7b\xe7" "\xa5\xbe\xef\xe8\x6c\x0b\xc4\x21\xab\x71\x9d\x3d\x2c\x94\xdb\xb0\xd6" "\x5e\x8a\xb2\xd3\xd3\x8b\x0d\xf3\x16\x96\xb0\x52\xe9", 200); *(uint32_t*)0x20000160 = 5; memset((void*)0x20000164, 0, 28); syscall(__NR_ioctl, r[0], 0xc100565c, 0x20000080ul); return 0; }