// https://syzkaller.appspot.com/bug?id=1d632b9ec6bf51d88a017f17294b1baaba674586 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); intptr_t res = 0; *(uint32_t*)0x20000440 = 0x11; *(uint32_t*)0x20000444 = 6; *(uint64_t*)0x20000448 = 0x20000100; memcpy((void*)0x20000100, "\x05\x00\x00\x00\x00\x00\x00\x00\x61\x11\x0c\x00\x00\x00\x00\x00\x85" "\x10\x00\x00\x02\x00\x00\x00\x85\x00\x00\x00\x05\x00\x00\x00\x95\x00" "\x00\x00\x00\x00\x00\x00\x95\x00\xa5\x05\x00\x00\x00\x00\x77\x51\xe8" "\xba\x63\x9a\x67\x88\xa3\x41\xcc\xa5\x55\xfe\xdb\xe9\xd8\xf3\xb4\x23" "\xcd\xac\xfa\x7e\x32\xfe\x02\x31\x36\x8b\x22\x64\xf9\xdc\x3f\x45\xf9" "\xf6\x55\x15\xb0\xe1\xa3\x8d\x86\x65\x52\x2b\xe1\x8b\xd1\x0a\x48\xb0" "\x43\xcc\xc4\x26\x46\xd2\x5d\xfd\x73\xa0\x15\xe0\xca\x7f\xc2\x50\x6a" "\x0f\x68\xa7\xd0\x6d\x75\x35\xf7\x86\x69\x07\xdc\x67\x51\xdf\xb2\x65" "\xa0\xe3\xcc\xae\x66\x9e\x17\x3a\x64\x9c\x1c\xfd\x65\x87\xd4\x52\xd6" "\x4e\x7c\xc9\x57\xd7\x75\x78\xf4\xc3\x52\x35\x13\x8d\x55\x21\xf9\x45" "\x35\x59\xc3\x5d\xa8\x60\xe8\xef\xbc\x6f\x2b\x2a\x3e\x31\x73\xd5\x66" "\x1c\xfe\xec\x79\xc6\x6c\x54\xc3", 195); *(uint64_t*)0x20000450 = 0x20000080; memcpy((void*)0x20000080, "GPL\000", 4); *(uint32_t*)0x20000458 = 5; *(uint32_t*)0x2000045c = 0x29e; *(uint64_t*)0x20000460 = 0x2000cf3d; *(uint32_t*)0x20000468 = 0; *(uint32_t*)0x2000046c = 0; *(uint8_t*)0x20000470 = 0; *(uint8_t*)0x20000471 = 0; *(uint8_t*)0x20000472 = 0; *(uint8_t*)0x20000473 = 0; *(uint8_t*)0x20000474 = 0; *(uint8_t*)0x20000475 = 0; *(uint8_t*)0x20000476 = 0; *(uint8_t*)0x20000477 = 0; *(uint8_t*)0x20000478 = 0; *(uint8_t*)0x20000479 = 0; *(uint8_t*)0x2000047a = 0; *(uint8_t*)0x2000047b = 0; *(uint8_t*)0x2000047c = 0; *(uint8_t*)0x2000047d = 0; *(uint8_t*)0x2000047e = 0; *(uint8_t*)0x2000047f = 0; *(uint32_t*)0x20000480 = 0; *(uint32_t*)0x20000484 = 0; *(uint32_t*)0x20000488 = -1; *(uint32_t*)0x2000048c = 6; *(uint64_t*)0x20000490 = 0; *(uint32_t*)0x20000498 = 0; *(uint32_t*)0x2000049c = 0x10; *(uint64_t*)0x200004a0 = 0; *(uint32_t*)0x200004a8 = 0; *(uint32_t*)0x200004ac = 0; *(uint32_t*)0x200004b0 = -1; res = syscall(__NR_bpf, 5ul, 0x20000440ul, 0x70ul); if (res != -1) r[0] = res; *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 4; *(uint64_t*)0x20000088 = 0x20000000; memcpy((void*)0x20000000, "\x18\x00\x00\x00\x01\x04\x00\x00\x00\x78\x47\xcc" "\xa6\xf1\xa0\x00\x65\x12\x00", 19); *(uint64_t*)0x20000090 = 0; *(uint32_t*)0x20000098 = 0; *(uint32_t*)0x2000009c = 0; *(uint64_t*)0x200000a0 = 0; *(uint32_t*)0x200000a8 = 0; *(uint32_t*)0x200000ac = 0; *(uint8_t*)0x200000b0 = 0; *(uint8_t*)0x200000b1 = 0; *(uint8_t*)0x200000b2 = 0; *(uint8_t*)0x200000b3 = 0; *(uint8_t*)0x200000b4 = 0; *(uint8_t*)0x200000b5 = 0; *(uint8_t*)0x200000b6 = 0; *(uint8_t*)0x200000b7 = 0; *(uint8_t*)0x200000b8 = 0; *(uint8_t*)0x200000b9 = 0; *(uint8_t*)0x200000ba = 0; *(uint8_t*)0x200000bb = 0; *(uint8_t*)0x200000bc = 0; *(uint8_t*)0x200000bd = 0; *(uint8_t*)0x200000be = 0; *(uint8_t*)0x200000bf = 0; *(uint32_t*)0x200000c0 = 0; *(uint32_t*)0x200000c4 = 0; *(uint32_t*)0x200000c8 = -1; *(uint32_t*)0x200000cc = 8; *(uint64_t*)0x200000d0 = 0; *(uint32_t*)0x200000d8 = 0; *(uint32_t*)0x200000dc = 0x10; *(uint64_t*)0x200000e0 = 0; *(uint32_t*)0x200000e8 = 0; *(uint32_t*)0x200000ec = 0; *(uint32_t*)0x200000f0 = -1; syscall(__NR_bpf, 5ul, 0x20000080ul, 0x78ul); *(uint64_t*)0x20000080 = 0x20000040; memcpy((void*)0x20000040, "ext4_find_delalloc_range\000", 25); *(uint32_t*)0x20000088 = r[0]; res = syscall(__NR_bpf, 0x11ul, 0x20000080ul, 0x10ul); if (res != -1) r[1] = res; *(uint32_t*)0x200000c0 = r[1]; *(uint32_t*)0x200000c4 = 0x28; *(uint64_t*)0x200000c8 = 0x20000000; syscall(__NR_bpf, 0xful, 0x200000c0ul, 0x10ul); return 0; }