// https://syzkaller.appspot.com/bug?id=197404c3aab044e8fb6a57759f344fdf5d17dc02 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } *(uint32_t*)0x2000000054c0 = 0x16; *(uint32_t*)0x2000000054c4 = 0x16; *(uint64_t*)0x2000000054c8 = 0x200000000440; memcpy( (void*)0x200000000440, "\x61\x12\x4d\x00\x00\x00\x00\x00\x61\x13\x50\x00\x00\x00\x00\x00\xbf\x20" "\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x08\x00\x00\x00\x3d\x03\x01\x00" "\x00\x00\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00\x69\x26\x00\x00\x00\x00" "\x00\x00\xbf\x67\x00\x00\x00\x00\x00\x00\x15\x07\x00\x00\x0f\xff\x00\x00" "\x35\x06\x00\x00\x02\x00\x00\x00\x17\x06\x00\x00\x0e\xe5\xe5\x0c\xbf\x25" "\x00\x00\x00\x00\x00\x00\x1f\x65\x00\x00\x00\x00\x00\x00\x75\x07\x00\x00" "\x02\x00\x00\x00\x17\x07\x00\x00\x4c\x00\x01\x00\x0f\x75\x00\x00\x00\x00" "\x00\x00\xbf\x54\x00\x00\x00\x00\x00\x00\x07\x04\x00\x00\x04\x00\xf9\xff" "\x2d\x35\x01\x00\x00\x00\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00\x05\x00" "\x00\x00\x00\x00\x00\x00\x95\x00\x07\x00\x00\x00\x00\x00\x01\x72\x2f\xab" "\xb7\x33\xa0\xc8\x57\xc7\xc4\x54\x02\x00\x00\x00\xa2\xd2\x3d\xa0\x4d\x1f" "\xfc\x18\x7f\xa1\xa2\xba\x7b\xa0\x30\xc7\x26\x7c\x2d\xe0\x04\x35\xfd\x23" "\x3c\xc0\xf0\xd9\xb2\xc3\x12\x7c\x46\xb0\xf4\x08\x39\x8d\x09\xee\x4d\xc2" "\x58\xd7\x26\xea\xe0\x98\x80\x4c\xe2\x5d\xf6\x27\xa6\x4a\xc7\xef\xde\x50" "\xfd\x7f\x1d\xd5\xb1\x7e\xd7\x64\xc3\x3b\x06\x59\x8b\xae\x66\xea\x38\x54" "\x1a\x7c\xd2\x90\x32\xde\x94\x98\x3d\xfa\xb0\xe5\x04\x3d\xaf\x1b\x46\xbe" "\xf5\x13\x5c\x65\x37\x7b\xdb\xe6\x5d\x52\x57\x43\xd8\x8e\xf4\xb2\xee\x62" "\x65\x2b\x07\xf8\xa4\xb6\xe6\x15\x5c\xec\xc1\x3a\x5d\xdf\xab\x72\x6e\xca" "\x91\xbd\x5f\xec\xb2\x54\xab\x35\x84\x88\xc4\x00\x33\x01\x71\x12\x8b\xe2" "\x91\x29\x79\x47\xd4\x7d\xc5\x70\xa3\x85\xa4\x59\xef\x8e\x6a\xda\x84\xe9" "\x87\xcc\x00\x00\xf6\x99\x10\x78\xa2\x17\x88\xca\xb9\xd5\x3a\xd8\x90\x20" "\x6a\xb5\x65\x06\xab\x08\xb2\x94\xc0\x9e\xa4\x53\x6e\x0b\x9b\xb0\x62\x7a" "\x03\xa1\xeb\x9c\xbe\x69\x58\x81\x2a\x98\xab\xad\x49\xf4\x2a\x6f\xb2\xb6" "\x9c\x08\x80\x54\x8c\x39\xf1\x3f\x4c\xca\x63\xa8\x7a\xd7\xff\x8d\x10\x06" "\xcc\x6d\x95\xe4\x06\xde\xb6\x1b\x9c\x7a\xc3\xf3\x5f\x1f\xdb\x27\xe7\x09" "\x00\x00\x1f\xd1\x3d\x4a\x22\xfc\x90\xe5\xf7\x30\x0c\x53\xf2\xb6\xe7\xe0" "\x01\x05\x8d\xc0\x4b\x43\x4e\x37\x9f\xd5\x52\x6b\x52\x99\x0b\x04\xb1\x83" "\xc2\x1e\x6b\x97\x4a\x4b\xf8\x55\x67\x34\x8c\x6c\x6a\x44\x04\xd9\x87\xf7" "\x1d\x81\xfe\x98\x8d\xdc\x82\xda\xc0\x1b\xbb\x43\xe0\x06\x20\x3a\x31\xb0" "\x2f\x95\x19\xff\xb2\x9c\xd3\x50\x8d\x7d\xa8\x29\x71\x2c\x98\x38\x1a\x67" "\x2d\xb9\xfa\x6a\x8e\xb3\x8d\x78\x4c\x91\x3a\x80\x45\x57\xc4\x57\x7a\x22" "\xac\xb7\xb7\x3c\x4a\xa0\xe0\x79\x98\x73\x4f\xdf\xbb\x0d\x26\x2e\xf8\x8b" "\x3b\x8c\xd1\xa8\x51\x8d\xd8\x32\x6f\x63\x67\xed\x93\x8a\x05\xc1\x08\xcf" "\x26\x39\xe8\x79\x9f\xd7\xcb\x01\x8f\x08\x45\x3f\xa8\x63\xf8\xfb\x81\x78" "\x56\x9d\x26\xa0\xa4\x8e\x44\x98\xf8\x8d\x15\xab\xbb\x22\xd9\x55\xa1\x62" "\xac\x1f\xd3\x71\x0c\x12\x55\xfb\xe3\xc6\xd1\xe8\x41\x52\xc8\x1e\xc0\x19" "\x2e\x54\xd1\x3d\xc5\xbe\xeb\xe3\xde\x27\x96\x7e\x5d\x1a\xa8\xa6\x13\x90" "\x56\xe3\xfb\x73\x8d\x0c\xa4\x6b\x0a\x1c\x63\xa2\x90\x02\xe5\xb1\x23\x14" "\x39\x0c\xa0\x75\xec\xb4\x3e\x0c\x6c\xd5\xaf\x64\xc8\xb6\x76\x31\x6b\x9b" "\xff\x84\x5e\xa0\xb2\x05\x62\xf5\x3c\x5b\x34\x31\x44\x11\xbf\x3d\x4a\xf0" "\x6b\xdc\x3d\xef\x9f\x27\x91\xd6\xd0\x76\xca\x72\xe3\x19\xe6\xa9\xe1\x09" "\x8b\xab\x87\x8a\x9f\x12\x74\xa6\x1d\xde\xe4\x7a\xbb\x54\xd8\xcf\x90\x1e" "\x78\xbd\xb8\x5f\x47\xef\x37\xdd\x0d\xae\xb6\x40\x38\x20\xee\x84\x14\x04" "\x29\x04\x91\x7e\xa1\xb8\x0a\x00\x00\x00\x00\x00\x00\x4c\x84\x01\x8f\xd1" "\x9f\xb3\x58\x1c\xa1\xff\x9f\xb5\x75\x8d\x76\x92\x9e\xc0\x50\x28\x02\x86" "\x9c\x51\x51\x1c\x2c\x9d\xc5\x6e\xad\x14\x49\xc0\x38\xe4\xd2\x38\x2d\x6e" "\xf6\x1a\x7d\x93\x99\xcb", 834); *(uint64_t*)0x2000000054d0 = 0x2000000000c0; memcpy((void*)0x2000000000c0, "syzkaller\000", 10); *(uint32_t*)0x2000000054d8 = 0; *(uint32_t*)0x2000000054dc = 0; *(uint64_t*)0x2000000054e0 = 0; *(uint32_t*)0x2000000054e8 = 0; *(uint32_t*)0x2000000054ec = 0; memset((void*)0x2000000054f0, 0, 16); *(uint32_t*)0x200000005500 = 0; *(uint32_t*)0x200000005504 = 0; *(uint32_t*)0x200000005508 = -1; *(uint32_t*)0x20000000550c = 8; *(uint64_t*)0x200000005510 = 0x200000000040; *(uint32_t*)0x200000000040 = 0; *(uint32_t*)0x200000000044 = 0; *(uint32_t*)0x200000005518 = 0x1f1; *(uint32_t*)0x20000000551c = 0x10; *(uint64_t*)0x200000005520 = 0x200000000000; *(uint32_t*)0x200000000000 = 0; *(uint32_t*)0x200000000004 = 0; *(uint32_t*)0x200000000008 = 0; *(uint32_t*)0x20000000000c = 0; *(uint32_t*)0x200000005528 = 0xffffffa6; *(uint32_t*)0x20000000552c = 0; *(uint32_t*)0x200000005530 = -1; *(uint32_t*)0x200000005534 = 0x60; *(uint64_t*)0x200000005538 = 0; *(uint64_t*)0x200000005540 = 0; *(uint32_t*)0x200000005548 = 0x10; *(uint32_t*)0x20000000554c = 0; *(uint32_t*)0x200000005550 = 0; syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x2000000054c0ul, /*size=*/0x48ul); return 0; }