// https://syzkaller.appspot.com/bug?id=edb51be4c9a320186328893287bb30d5eed09231 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); intptr_t res = 0; *(uint32_t*)0x200017c0 = 0x18; *(uint32_t*)0x200017c4 = 0xe; *(uint64_t*)0x200017c8 = 0x200009c0; memcpy( (void*)0x200009c0, "\xb7\x00\x00\x00\x01\x00\x00\x00\xbf\xa3\x00\x00\x00\x00\x00\x00\x07\x03" "\x00\x00\x30\xfe\xff\xff\x72\x0a\xf0\xff\xf8\xff\xff\xff\x71\xa4\xf0\xff" "\x00\x00\x00\x00\x2d\x04\x00\x00\x00\x00\x00\x00\x3d\x40\x03\x00\x00\x00" "\x00\x00\x65\x04\x00\x00\x01\xed\x00\x00\x79\x11\x00\x00\x00\x00\x00\x00" "\x6c\x44\x00\x00\x00\x00\x00\x00\x7a\x0a\xb0\xfe\x00\x00\x00\x00\x7b\x13" "\x00\x00\x00\x00\x00\x00\xb5\x00\x00\x00\x00\x00\x00\x00\x95\x00\x00\x00" "\x00\x00\x00\x00\x02\x3b\xc0\x65\xb7\xa3\x79\xd1\x7c\xf9\x33\x33\x79\xfc" "\x9e\x94\xaf\x69\x91\x24\x35\xf1\xa8\x64\xa7\x10\xaa\xd5\x8d\xb6\xa6\x93" "\x00\x2e\x7f\x3b\xe3\x61\x91\x7a\xde\xf6\xee\x1c\x8a\x2a\x4f\x8e\xf1\xe5" "\x0b\xec\xb1\x9b\xc4\x61\xe9\x1a\x71\x5b\xc5\x18\x15\x54\xa0\x90\xf3\x20" "\x50\xe4\x36\xfe\x27\x5d\xaf\x51\xef\xd6\x01\xb6\xbf\x01\xc8\xe8\xb1\xb5" "\x26\x37\x5e\xc4\xdd\x6f\xcd\x82\xe4\xfe\xe5\xbe\xf7\xaf\x9a\xa0\xd7\xd6" "\x00\xc0\x95\x19\x9f\xe3\xff\x31\x28\xc4\xe5\x99\xb0\xea\xeb\xbd\xbd\x73" "\x2c\x9c\xc0\x0e\xec\x36\x3e\x4a\x8f\x64\x56\xe2\xcc\x21\x55\x7c\x0a\xfc" "\x64\x6c\xb7\x79\x8b\x3e\x64\x40\xc2\xfb\xdb\x00\xa3\xe3\x52\x08\xb0\xbb" "\x0d\x2c\xd8\x29\xe6\x54\x40\x0e\x24\x38\xec\x64\x9d\xc7\x4a\x28\x61\x06" "\x43\xa9\x8d\x9e\xc2\x1e\xad\x2e\xd5\x1b\x10\x4d\x08\x00\xaf\x25\xb8\x45" "\xd8\xa7\x92\x5c\x31\x09\xb1\x51\xb8\xb9\xf7\x5d\xd0\x8d\x12\x3d\xed\xa8" "\x8c\x65\x8d\x42\xec\xbf\x28\xbf\x70\x76\xc1\x5b\x46\x3b\xeb\xc7\x2f\x52" "\x6d\x8e\x8a\xfc\xb9\x13\x46\x6a\xaa\x7f\x6d\xf7\x02\x52\xe7\x91\x66\xd8" "\x58\xfc\xd0\xe0\x6d\xd3\x1a\xf9\x61\x2f\x24\x60\xd0\xb1\x10\x08\xe5\x9a" "\x59\x23\x90\x6f\x88\xb5\x39\x87\xad\x17\x14\xe7\x2b\xa7\xa5\x4f\x0c\x33" "\xd3\x90\x00\xd0\x6a\x59\xff\x61\x62\x2c\xfd\x9a\xa5\x8f\x24\x77\x18\x4b" "\x6a\x89\xad\xaf\x17\xb0\xa6\x04\x1b\xde\xf7\x28\xd2\x36\x61\x90\x74\xd6" "\xeb\xdf\x09\x8b\xc9\x08\xf5\x23\xd2\x28\xa4\x0f\x94\x11\xfe\x72\x26\xa4" "\x04\x09\xd6\xe3\x7c\x4f\x46\x75\x6d\x31\xcb\x46\x76\x00\xad\xe7\x00\x63" "\xe5\x29\x15\x69\xb3\x3d\x21\xda\xe3\x56\xe1\xc5\xda\x18\xec\x0a\xe5\x64" "\x16\x2a\x27\xaf\xea\x62\xd8\x4f\x3a\x10\x74\x64\x43\xd6\x43\x64\xf5\x6e" "\x24\xe6\xd2\x10\x5b\xd9\x01\x20\x4a\x1d\xee\xed\x41\x55\x61\x75\x72\x65" "\x2d\x95\x0a\xd3\x19\x28\xb0\xb0\xc3\xdc\x28\x69\xf4\x78\x34\x1d\x02\xd0" "\xf5\xad\x94\xb0\x81\xfc\xd5\x07\xac\xb4\xb9\x3d\x00\x00\x00\x22\x5d\x85" "\xae\x49\xce\xe3\x83\xdc\x50\x49\x07\x6b\x98\xfb\x68\x53\xab\x39\xa2\x15" "\x14\xda\x09\x1f\x5d\x8f\x44\x41\x7c\xf8\x5c\xf2\x31\xa0\x60\xd2\xae\x20" "\xcf\xb9\x1d\x6a\x49\x96\x47\x57\xcd\xf5\x38\xf9\xce\x2b\xdb\x1a\xb0\x62" "\xcd\x54\xe6\x70\x11\xd3\x55\xd8\x4c\xe9\x7b\xb0\xc6\xb4\xa5\x95\xe4\x87" "\xef\xbb\x2d\x71\x0b\x65\x1f\x89\x8b\xa7\x49\xe4\x0b\xc6\x98\x0f\xe7\x86" "\x83\xac\x5c\x0c\x31\x03\x06\x99\xdd\xd7\x10\x63\xbe\x92\x61\xb2\xe1\xaa" "\xb1\x67\x5b\x34\xa2\x20\x48\x8c\x12\x6a\xee\xf5\xf5\x10\xa8\xf1\xad\xed" "\x94\xa1\x29\xe4\xae\xc6\xff\xc3\xa1\x5d\x96\xc2\xea\x3e\x2e\x04\xcf\xe0" "\xe6\x69\xe5\x17\x31\xb2\x87\x53\x53\x19\x3f\x82\xad\xe6\x9d\x05\x40\x05" "\x9f\xe6\xc7\xfe\x7c\xd8\x69\x75\x02\x3c\xb0\x8c\xc7\x59\x65\x66\xd6\x74" "\xe4\x25\xda\x5e\x87\xe5\x96\x02\xa9\xf6\x59\x05\x21\xd3\x1d\x38\x04\xb3" "\xe0\xa1\x05\x3a\xbd\xc3\x12\x82\xdf\xb1\x5e\xb6\x84\x1b\xb6\x4a\x1b\x30" "\x45\x02\xdd\xa7\x87\x34\x3c\xe3\xc9\x53\x99\x2e\x4a\x98\x2f\x3c\x48\x15" "\x3b\xaa\xe2\x44\xe7\xbf\x37\x54\x8c\x7f\x1a\x4c\xad\x24\x22\xee\x96\x5a" "\x38\xf7\xde\xfb\xd2\x96\x02\x42\xb1\x04\xe2\x0d\xc2\xd9\xb0\xc3\x56\x08" "\xd4\x02\xcc\xdd\x90\x69\xbd\x50\xb9\x94\xfd\xa7\xa9\xde\x44\x02\x2a\x57" "\x9d\xfc\x02\x29\xcc\x0d\xc9\x88\x16\x10\x6d\xec\x28\xea\xeb\x88\x34\x18" "\xf5\x62\xae\x00\x00\x3e\xa9\x6d\x10\xf1\x72\xc0\x37\x4d\x6e\xed\x82\x64" "\x16\x87\xf3\xb3\xa7\x0b\xfe\x9b\x4a\x9c\x5a\x90\xff\x59\xd5\x4d\x1f\x92" "\xec\xc4\xe9\x5d\xd2\xd1\x83\x83\x11\x7c\x03\x98\x62\x19\x88\x99\xb2\x12" "\xc5\x53\x8a\x29\x42\x70\xa1\xad\x10\xc8\x0f\xef\x7c\x24\xc8\x7a\xfc\xe8" "\x29\xba\x0f\x85\xda\x6d\x88\x8f\x18\xea\x40\xab\x95\x9f\x60\x74\xab\x2a" "\x40\x09\xb9\xe5\xf0\x7a\xb5\x13\xd0\x10\x03\x20\x96\x20\xdb\x20\xfb\xd4" "\xec\xbd\xfb\x13\xcd\xc6\xc0\xe5\x7f\xb1\xc1\xca\x57\x13\x80\xd7\xb4\xea" "\xd3\x5a\x65\x5e\x0b\x4a\x26\xb7\x02\x39\x6d\xf7\xe0\xcb\xe0\x2b\x6e\x41" "\x14\xf2\x44\xa9\xbf\x93\xf0\x5b\xeb\x72\xf0\x86\x1f\x75\x80\xe6\x9d\xb3" "\x84\xac\x7e\xee\xdc\xf2\xba\x1a\x95\x08\xf9\xd6\xab\xa5\x82\x3a\x34\xa9" "\xf1\xff\xa9\x68\xea\xce\xa7\x5c\xaf\x82\x2a\x7a\x63\xba\x34\x01\x5e\xa5" "\xaa\xcb\x11\x88\x88\x3a\xd2\xa3\xb1\x83\x23\x71\xfe\x5b\xc6\x21\x42\x6d" "\x1e\xd0\xa4\xa9\xb7\x02\xcc\x1b\x69\x12\xa1\xe7\x17\xd2\x91\x35\x75\x32" "\x08\x16\x5b\x9c\xdb\xae\x2e\xd9\xdc\x73\x58\xf0\xeb\xad\xde\x0b\x72\x8f" "\xe2\x6e\x37\x03\x7f\x27\xfe\xeb\x74\x4d\xdc\xc5\x36\xcb\xae\x31\x5c\x7d" "\x95\x16\x80\xf6\xf2\xf9\xa6\xa8\x34\x69\x62\xa3\x50\x84\x5f\xfa\x0d\x82" "\x9e\x4f\x79\xad\xc2\x87\x90\x69\x43\x40\x8e\x6d\xf3\xad\xbf\xd0\x3a\xac" "\x93\xdf\x88\x66\xfb\x01\x0a\xec\x0e\x92\xbe\xd1\xfe\x39\xaf\x16\x9d\x2a" "\x46\x6f\x0d\xb6\xf3\xd9\x43\x6a\x7d\x0a\x87\x4c\x74\xb7\x77\xdf\x00\x5c" "\x55\xfc\x30\x51\x1d\x00\x00\x00\x00\xc9\x52\x65\xb2\xbd\x83\xd6\x4a\x53" "\x28\x69\xd7\x01\x72\x3f\xed\xcb\xad\xa1\xee\x7b\xaa\x5b\x6a\x68\x6b\x50" "\xf0\x93\x7f\x77\x8a\xf0\x83\xe0\x55\xf6\x13\x8a\x75\x7e\xbd\x0e\xd9\x11" "\x14\xa6\xb2\x44\xf9\xac\xf4\x1a\xc5\xd7\x3a\x00\x83\x64\xe0\x60\x6a\x59" "\x48\x17\x03\x1f\xc2\xf5\x2c\x87\x85\xfe\x07\x21\x71\x9b\x3d\x65\x40\x26" "\xc6\xea\x08\xb8\x3b\x12\x31\x45\xab\x57\x03\xda\xd8\x44\xce\xb2\x01\xdd" "\xeb\x6d\xc5\xf6\xa9\x03\x7d\x22\x83\xc4\x2e\xfc\x54\xfa\x84\x32\x3a\x56" "\xed\xbd\x28\x7e\xba\x77\xf3\x5c\x35\xd9\x1f\x3c\x62\xa0\xca\x74\x83\x6a" "\x64\x02\x24\xde\x85\xf2\xb4\xa5\xfe\xe5\x00\xab\xc5\x84\x32\x7d\x6a\x7a" "\x46\x28\xc4\x37\x8c\x9b\x71\xdf\xf6\x40\x75\xb7\x4a\x65\x20\xad\xb1\x87" "\xb4\x0d\x2c\xcc\xbc\xb0\x8c\x06\x34\xee\x74\x65\x8d\x3e\x23\xbf\x51\x1c" "\x8b\x0b\xf1\xb6\x9d\x2b\x37\x82\xb3\xf4\x81\xc3\x14\xe7\xbd\x46\x15\xdb" "\xbf\x24\xc0\x6a\xc9\x5b\xd6\x39\xe6\x8d\x0e\x6a\xa7\xf0\xd0\x7b\xf6\x9a" "\x93\x36\x5f\x80\x3f\x01\x44\xaf\x37\x23\x6e\xa1\x33\xc2\x25\x5b\x06\x13" "\xbf\x8b\xa1\xd5\x38\xe0\x6c\x24\x11\xe8\xd7\x00\x53\xb7\x12\x08\x4f\xd0" "\xe3\x13\xde\x9b\xb1\x92\x66\xe4\x9a\x3a\x21\x90\xcb\x03\x9c\x6f\x89\x61" "\x0a\xcd\x89\x63\x19\xb9\xc8\xd1\xb8\xaa\xc2\xea\xa5\xa4\xf8\xbe\x74\x19" "\xa0\x9e\x3f\xb5\xbe\x3b\xe2\xfc\xda\xdd\x22\x99\x83\x9c\xc4\x0e\x68\x4e" "\x6e\x2b\x4e\x13\x85\xfd\xe7\xa0\xba\xbc\xb0\xbe\x67\x21\x10\x26\x8a\x34" "\xda\xd3\x64\xfd\xde\xe6\x9e\x56\x41\x19\xce\xbb\x69\x40\xc6\x35\x6f\xf8" "\x3c\xa5\x27\xc5\x73\xd7\x00\x00\x00\x00\x00\x00\x00\xc6\x29\x92\x63\xe6" "\xd9\x09\x7f\x22\x5d\xe9\x69\x48\x5b\xce\x3d\x7d\xc4\x71\xc0\x66\x9b\xb6" "\xa4\x67\xcf\x0d\xe5\x4d\xfc\xc1\x85\x70\x48\xfe\x22\xa1\x9d\xbb\x1b\x3c" "\xb9\xba\xba\xa8\x39\xf1\xf6\xe8\x17\xa6\x2d\x95\xa5\xb9\x71\xff\x96\xa5" "\xc6\x6c\x33\x8c\x6f\x2a\x2d\xa4\x64\x45\x19\xf4\x07\x61\x40\x2e\x9c\x81" "\x01\x3d\x76\xc7\x15\x2c\x95\xba\x5e\xfa\x24\xce\x19\x30\xf2\x3a\x80\x2b" "\xf0\x57\xff\xb6\xb0\x14\x4f\x3b\x43\x4a\x2a\xdc\x45\x6e\xf4\xd2\xfb\xdf" "\x7c\x62\x38\xc2\xbb\x00\xff\xcf\x2d\x23\xd6\x8c\xb9\xb0\x27\xf3\xb2\x25" "\xb6\x78\xac\x67\x89\xf7\x95\x6b\x66\xc5\x69\x2b\x46\xea\x03\xab\xb6\xa4" "\x04\xc8\xcc\xce\xaa\x4b\xa4\x16\x14\x09\xfc\xb5\x4b\x10\x39\xd7\xd1\x3f" "\xb5\x9d\x6b\xa1\x93\x20\x56\x43\x5f\xa2\xdc\xb7\x39\x73\x2e\x77\xf7\x5d" "\x09\xdd\xee\xc8\xfe\x0e\x84\x9e\x28\xe3\xa6\x43\xf7\xae\xfa\xa4\x4b\xf3" "\xd6\x34\x49\xa6\x1a\x6f\xc2\x52\x6d\x93\xea\x01\x0a\x2d\x09\xb3\x8b\x0d" "\x55\xd1\xe2\x60\x86\x35\x9b\x2e\xf6\xdb\xc8\x33\xf4\x73\xd0\xf9\x9b\xd5" "\xf5\x8f\xc6\x60\x5a\x24\xbd\x3c\x59\xad\xc5\x4c\x01\x83\x52\x51\xed\xd4" "\x67\xee\xe8\x72\xc0\x11\x9f\x27\x6a\xe4\x01\x2f\x33\x76\x3d\x8a\x4c\x2c" "\x47\xbe\x83\x9a\xca\xef\x3f\x2c\xfc\x39\xc2\xa3\x24\x57\x9c\xb3\xac\x69" "\x7f\x8d\x98\xcb\x3a\xb3\xfe\x3a\xa5\xf3\x63\x39\xb0\x79\xcf\xdd\x5a\x5c" "\x80\x06\x66\x67\x27\x1d\x4c\xb9\xb5\x1c\x41\x8a\x1a\x14\x15\x2b\xd0\x34" "\x25\x05\xf5\x0d\x68\x8e\xad\xc9\xb3\xfa\x54\x56\xe9\x27\x7a\x46\x93\xd4" "\xff\x2a\x1a\xfd\x50\x79\xe0\x33\xe3\xf9\x12\x5f\x6e\xd0\x45\x53\x0c\x47" "\xd7\x4d\x9f\xb4\x2f\xa6\xa9\x79\xe1\xef\xbc\x36\xf7\xfb\x48\x2e", 1960); *(uint64_t*)0x200017d0 = 0x200001c0; memcpy((void*)0x200001c0, "GPL\000", 4); *(uint32_t*)0x200017d8 = 0; *(uint32_t*)0x200017dc = 0; *(uint64_t*)0x200017e0 = 0; *(uint32_t*)0x200017e8 = 0; *(uint32_t*)0x200017ec = 0; *(uint8_t*)0x200017f0 = 0; *(uint8_t*)0x200017f1 = 0; *(uint8_t*)0x200017f2 = 0; *(uint8_t*)0x200017f3 = 0; *(uint8_t*)0x200017f4 = 0; *(uint8_t*)0x200017f5 = 0; *(uint8_t*)0x200017f6 = 0; *(uint8_t*)0x200017f7 = 0; *(uint8_t*)0x200017f8 = 0; *(uint8_t*)0x200017f9 = 0; *(uint8_t*)0x200017fa = 0; *(uint8_t*)0x200017fb = 0; *(uint8_t*)0x200017fc = 0; *(uint8_t*)0x200017fd = 0; *(uint8_t*)0x200017fe = 0; *(uint8_t*)0x200017ff = 0; *(uint32_t*)0x20001800 = 0; *(uint32_t*)0x20001804 = 0; *(uint32_t*)0x20001808 = -1; *(uint32_t*)0x2000180c = 8; *(uint64_t*)0x20001810 = 0x20000000; *(uint32_t*)0x20000000 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x20001818 = 0; *(uint32_t*)0x2000181c = 0x10; *(uint64_t*)0x20001820 = 0x20000000; *(uint32_t*)0x20000000 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x20000008 = 0; *(uint32_t*)0x2000000c = 0; *(uint32_t*)0x20001828 = 0xfffffd00; *(uint32_t*)0x2000182c = 0; *(uint32_t*)0x20001830 = -1; res = syscall(__NR_bpf, 5ul, 0x200017c0ul, 0x48ul); if (res != -1) r[0] = res; *(uint64_t*)0x20000080 = 0x20000000; memcpy((void*)0x20000000, "tlb_flush\000", 10); *(uint32_t*)0x20000088 = r[0]; syscall(__NR_bpf, 0x11ul, 0x20000080ul, 0x10ul); return 0; }