// https://syzkaller.appspot.com/bug?id=8593724cce469c9898b7fbc49f48f4943fee940f // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x32ul, -1, 0); intptr_t res = 0; *(uint32_t*)0x20000080 = 3; *(uint32_t*)0x20000084 = 3; *(uint64_t*)0x20000088 = 0x200006c0; memcpy((void*)0x200006c0, "\x85\x00\x00\x00\x4f\x00\x00\x00\x3f\x00\x00\x00\x00\x00\x00\x00\x95" "\x00\x00\xe6\x00\x00\x00\x00\x00\x2c\xe8\x5f\xbf\x62\xc2\x1e\xb4\xd9" "\x81\x83\xdd\x3c\xd5\x8e\xe1\xc9\x48\x6c\x70\xbf\xaa\x12\x47\x26\x7d" "\x55\x88\x65\x03\x9a\xf3\x16\xa9\x20\xc7\xe2\xb2\xea\x81\xdd\xe1\x1c" "\xcf\x86\x9c\x0d\x8d\x4a\xdd\x1f\x6f\x1c\xe7\x1e\xb0\x92\xd6\xaa\x88" "\x33\x23\x8d\x4a\x93\x92\x03\x65\x6e\x38\x4b\x45\x14\x5c\x2e\xbc\x8b" "\xfb\x5b\x5a\x17\xff\x38\x62\x43\xa1\x1b\x2d\x2c\x53\x11\x5d\x3c\x8e" "\x09\x00\x00\x00\xf9\xd3\xa2\x99\x71\xf0\x6c\xf4\x58\x69\xc0\x81\x78" "\x7f\x62\x60\xb6\xf2\x18\x54\x55\x1f\x5e\xd4\xda\xc7\xa3\x98\x47\xd9" "\x28\xf5\xf3\x3d\x00\x10\x7f\x00\xc5\x89\xca\xc9\xb8\x59\xf6\x24\xdb" "\x94\xa7\xa9\xdd\x61\x87\xc4\x6f\x63\x61\x5a\xfe\xf9\x3d\x59\x4e\x53" "\xbe\xeb\xf5\xae\x0e\xa0\x5a\xd7\xaf\x1c\x50\x72\xd3\x2e\x37\x76\x67" "\x5a\x80\xf4\x72\x93\x90\xd8\xb2\xce\x64\x9f\xfd\x21\x93\xb8\x55\xe3" "\xb8\x75\x7b\x7d\x43\xf4\xe5\x93\x62\xb7\xbe\x89\xfe\x30\x8d\x28\x40" "\x93\xec\x41\x39\xca\xd0\x0a\x9a\xc3\x53\xff\x10\x62\xec\x17\xce\x9b" "\xf3\xad\x22\xdd\xe6\x02\xb8\x32\x1d\xe6\x80\x36\xc7\xf6\xcb\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 304); *(uint64_t*)0x20000090 = 0x20000000; memcpy((void*)0x20000000, "GPL\000", 4); *(uint32_t*)0x20000098 = 5; *(uint32_t*)0x2000009c = 0x487; *(uint64_t*)0x200000a0 = 0x2000cf3d; *(uint32_t*)0x200000a8 = 0; *(uint32_t*)0x200000ac = 0; *(uint8_t*)0x200000b0 = 0; *(uint8_t*)0x200000b1 = 0; *(uint8_t*)0x200000b2 = 0; *(uint8_t*)0x200000b3 = 0; *(uint8_t*)0x200000b4 = 0; *(uint8_t*)0x200000b5 = 0; *(uint8_t*)0x200000b6 = 0; *(uint8_t*)0x200000b7 = 0; *(uint8_t*)0x200000b8 = 0; *(uint8_t*)0x200000b9 = 0; *(uint8_t*)0x200000ba = 0; *(uint8_t*)0x200000bb = 0; *(uint8_t*)0x200000bc = 0; *(uint8_t*)0x200000bd = 0; *(uint8_t*)0x200000be = 0; *(uint8_t*)0x200000bf = 0; *(uint32_t*)0x200000c0 = 0; *(uint32_t*)0x200000c4 = 0; *(uint32_t*)0x200000c8 = -1; *(uint32_t*)0x200000cc = 8; *(uint64_t*)0x200000d0 = 0x20000000; *(uint32_t*)0x20000000 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x200000d8 = 0; *(uint32_t*)0x200000dc = 0x10; *(uint64_t*)0x200000e0 = 0x20000000; *(uint32_t*)0x20000000 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x20000008 = 0; *(uint32_t*)0x2000000c = 0; *(uint32_t*)0x200000e8 = 0; *(uint32_t*)0x200000ec = 0; *(uint32_t*)0x200000f0 = -1; res = syscall(__NR_bpf, 5ul, 0x20000080ul, 0x48ul); if (res != -1) r[0] = res; *(uint32_t*)0x200001c0 = r[0]; *(uint32_t*)0x200001c4 = 0; *(uint32_t*)0x200001c8 = 0xe; *(uint32_t*)0x200001cc = 0; *(uint64_t*)0x200001d0 = 0x20000100; memcpy((void*)0x20000100, "\x26\x3a\xbd\x03\xd8\xee\x2f\xe5\x06\x55\xa1\x5c\x88\xa8", 14); *(uint64_t*)0x200001d8 = 0; *(uint32_t*)0x200001e0 = 0x3ff; *(uint32_t*)0x200001e4 = 0; *(uint32_t*)0x200001e8 = 0; *(uint32_t*)0x200001ec = 0; *(uint64_t*)0x200001f0 = 0x20000000; *(uint64_t*)0x200001f8 = 0x20000000; syscall(__NR_bpf, 0xaul, 0x200001c0ul, 0x28ul); return 0; }