// autogenerated by syzkaller (https://github.com/google/syzkaller) /* Generated from this syzkaller program: clone(0x88004400, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x4, 0x70, 0x40, 0x1, 0x3, 0x1, 0x0, 0x6, 0x10001, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x2, @perf_bp={&(0x7f0000000380), 0xd}, 0x1000, 0x6, 0x0, 0x4, 0x1, 0x4, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) clone(0x8000, &(0x7f0000000200)="3017248985480229c715f01f2776139977f49770d8181077dce816423a929ed5e59bf26ca77f2ba311b783dda29870d621ff2394424d9c799be5fa29f1ee42102645b56fd9727401d2fe52073c20023d4623dd48522d13dff56af96e4d73f53d62f3de841a58436c591733b58072f04a49bd5cf0473e3f568b604959c06365a82e0e1350550271c25298", &(0x7f0000000100), &(0x7f0000000140), &(0x7f00000002c0)="8c0e32ae8f2716cdf998f341eb4ff0b404c7dca07d9e895c109603d3552c42f07c0190860e4c880d03ba867e8d5d738172839bdbe974d38580e5bc8a91713bee4b859c1a4500f61f197d3610ef2f515474d0b302af29f64053899418054cdf0afe2e75f313f92daf84b3f77cdb10d9d002c44bf43d0cb532cce29b249aab4d6e8218e2528c95453d255e31715422b9d3014c35603fa361ec70136322a7366868f53b78b7c369496dc39cf8ea248b7345e378") */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \ *(type*)(addr) = \ htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \ (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_clone, 0x88004400ul, 0ul, 0ul, 0ul, 0ul); *(uint32_t*)0x200003c0 = 4; *(uint32_t*)0x200003c4 = 0x70; *(uint8_t*)0x200003c8 = 0x40; *(uint8_t*)0x200003c9 = 1; *(uint8_t*)0x200003ca = 3; *(uint8_t*)0x200003cb = 1; *(uint32_t*)0x200003cc = 0; *(uint64_t*)0x200003d0 = 6; *(uint64_t*)0x200003d8 = 0x10001; *(uint64_t*)0x200003e0 = 0; STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 0, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 1, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 2, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 3, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 4, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 5, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 6, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 7, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 8, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 9, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 10, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 11, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 12, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 13, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 14, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 15, 2); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 17, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 18, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 19, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 20, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 21, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 22, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 23, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 24, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 25, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 26, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 27, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 28, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 29, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 30, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 31, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 32, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 33, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 1, 34, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 35, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 36, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 37, 1); STORE_BY_BITMASK(uint64_t, , 0x200003e8, 0, 38, 26); *(uint32_t*)0x200003f0 = 0x80000001; *(uint32_t*)0x200003f4 = 2; *(uint64_t*)0x200003f8 = 0x20000380; *(uint64_t*)0x20000400 = 0xd; *(uint64_t*)0x20000408 = 0x1000; *(uint64_t*)0x20000410 = 6; *(uint32_t*)0x20000418 = 0; *(uint32_t*)0x2000041c = 4; *(uint64_t*)0x20000420 = 1; *(uint32_t*)0x20000428 = 4; *(uint16_t*)0x2000042c = 8; *(uint16_t*)0x2000042e = 0; syscall(__NR_perf_event_open, 0x200003c0ul, 0, -1ul, -1, 1ul); memcpy( (void*)0x20000200, "\x30\x17\x24\x89\x85\x48\x02\x29\xc7\x15\xf0\x1f\x27\x76\x13\x99\x77\xf4" "\x97\x70\xd8\x18\x10\x77\xdc\xe8\x16\x42\x3a\x92\x9e\xd5\xe5\x9b\xf2\x6c" "\xa7\x7f\x2b\xa3\x11\xb7\x83\xdd\xa2\x98\x70\xd6\x21\xff\x23\x94\x42\x4d" "\x9c\x79\x9b\xe5\xfa\x29\xf1\xee\x42\x10\x26\x45\xb5\x6f\xd9\x72\x74\x01" "\xd2\xfe\x52\x07\x3c\x20\x02\x3d\x46\x23\xdd\x48\x52\x2d\x13\xdf\xf5\x6a" "\xf9\x6e\x4d\x73\xf5\x3d\x62\xf3\xde\x84\x1a\x58\x43\x6c\x59\x17\x33\xb5" "\x80\x72\xf0\x4a\x49\xbd\x5c\xf0\x47\x3e\x3f\x56\x8b\x60\x49\x59\xc0\x63" "\x65\xa8\x2e\x0e\x13\x50\x55\x02\x71\xc2\x52\x98", 138); memcpy( (void*)0x200002c0, "\x8c\x0e\x32\xae\x8f\x27\x16\xcd\xf9\x98\xf3\x41\xeb\x4f\xf0\xb4\x04\xc7" "\xdc\xa0\x7d\x9e\x89\x5c\x10\x96\x03\xd3\x55\x2c\x42\xf0\x7c\x01\x90\x86" "\x0e\x4c\x88\x0d\x03\xba\x86\x7e\x8d\x5d\x73\x81\x72\x83\x9b\xdb\xe9\x74" "\xd3\x85\x80\xe5\xbc\x8a\x91\x71\x3b\xee\x4b\x85\x9c\x1a\x45\x00\xf6\x1f" "\x19\x7d\x36\x10\xef\x2f\x51\x54\x74\xd0\xb3\x02\xaf\x29\xf6\x40\x53\x89" "\x94\x18\x05\x4c\xdf\x0a\xfe\x2e\x75\xf3\x13\xf9\x2d\xaf\x84\xb3\xf7\x7c" "\xdb\x10\xd9\xd0\x02\xc4\x4b\xf4\x3d\x0c\xb5\x32\xcc\xe2\x9b\x24\x9a\xab" "\x4d\x6e\x82\x18\xe2\x52\x8c\x95\x45\x3d\x25\x5e\x31\x71\x54\x22\xb9\xd3" "\x01\x4c\x35\x60\x3f\xa3\x61\xec\x70\x13\x63\x22\xa7\x36\x68\x68\xf5\x3b" "\x78\xb7\xc3\x69\x49\x6d\xc3\x9c\xf8\xea\x24\x8b\x73\x45\xe3\x78", 178); syscall(__NR_clone, 0x8000ul, 0x20000200ul, 0x20000100ul, 0x20000140ul, 0x200002c0ul); return 0; }