// autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 7; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: // socket$inet_tcp arguments: [ // domain: const = 0x2 (8 bytes) // type: const = 0x1 (8 bytes) // proto: const = 0x0 (4 bytes) // ] // returns sock_tcp res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/1ul, /*proto=*/0); if (res != -1) r[0] = res; break; case 1: // setsockopt$sock_int arguments: [ // fd: sock (resource) // level: const = 0x1 (4 bytes) // optname: sockopt_opt_sock_int = 0x3c (4 bytes) // optval: ptr[in, int32] { // int32 = 0x1 (4 bytes) // } // optlen: len = 0x4 (8 bytes) // ] *(uint32_t*)0x200000000040 = 1; syscall(__NR_setsockopt, /*fd=*/r[0], /*level=*/1, /*optname=SO_ZEROCOPY*/ 0x3c, /*optval=*/0x200000000040ul, /*optlen=*/4ul); break; case 2: // setsockopt$inet_tcp_TCP_REPAIR arguments: [ // fd: sock_tcp (resource) // level: const = 0x6 (4 bytes) // optname: const = 0x13 (4 bytes) // optval: ptr[in, tcp_repair_modes] { // tcp_repair_modes = 0x1 (4 bytes) // } // optlen: len = 0x4 (8 bytes) // ] *(uint32_t*)0x2000000000c0 = 1; syscall(__NR_setsockopt, /*fd=*/r[0], /*level=*/6, /*optname=*/0x13, /*optval=*/0x2000000000c0ul, /*optlen=*/4ul); break; case 3: // connect$inet arguments: [ // fd: sock_in (resource) // addr: ptr[in, sockaddr_in] { // sockaddr_in { // family: const = 0x2 (2 bytes) // port: int16be = 0x0 (2 bytes) // addr: union ipv4_addr { // loopback: const = 0x7f000001 (4 bytes) // } // pad = 0x0 (8 bytes) // } // } // addrlen: len = 0x10 (8 bytes) // ] *(uint16_t*)0x200000000080 = 2; *(uint16_t*)0x200000000082 = htobe16(0); *(uint32_t*)0x200000000084 = htobe32(0x7f000001); syscall(__NR_connect, /*fd=*/r[0], /*addr=*/0x200000000080ul, /*addrlen=*/0x10ul); break; case 4: // setsockopt$inet_tcp_TCP_REPAIR arguments: [ // fd: sock_tcp (resource) // level: const = 0x6 (4 bytes) // optname: const = 0x13 (4 bytes) // optval: ptr[in, tcp_repair_modes] { // tcp_repair_modes = 0xffffffffffffffff (4 bytes) // } // optlen: len = 0x4 (8 bytes) // ] *(uint32_t*)0x2000000001c0 = -1; syscall(__NR_setsockopt, /*fd=*/r[0], /*level=*/6, /*optname=*/0x13, /*optval=*/0x2000000001c0ul, /*optlen=*/4ul); break; case 5: // sendmmsg$inet arguments: [ // fd: sock (resource) // mmsg: ptr[in, array[mmsghdr_inet]] { // array[mmsghdr_inet] { // mmsghdr_inet { // msg_hdr: msghdr_inet { // msg_name: nil // msg_namelen: len = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // msg_iov: ptr[in, array[iovec[in, array[int8]]]] { // array[iovec[in, array[int8]]] { // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {00 00 00 00 00 00 00 00 00} (length 0x9) // } // len: len = 0x9 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {cf} (length 0x1) // } // len: len = 0x1 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {08 e0 ac 8f b1 d9 9d f6 1d 7b 51 8d 0a 62} // (length 0xe) // } // len: len = 0xe (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {8a} (length 0x1) // } // len: len = 0x1 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {f5 fb fd 4f 15 95 31 77 00 ff 55 f1 f9 60 ff // 70 fb a6 40 53 ef 1c 95 2b 85 61 07 1c cf be d9 6b 72 // 27 ea af 92 a1 35 8a fc 14 8a 8a af a5 8b 24 44 56 1a // cf 9a 51 14 b2 07 01 9d a8 51 8f ea 9f d1 89 e3 61 6e // c0 ad 37 f8 6f 43 1d 6f 4f 1f be 1b 0e 3e 64 0a c2 b1 // f7 ff 33 cf 28 d2 7c 40 51 3b 6c ee 87 fb d1 44 c8 42 // c5 c7 b6 75 2e a1 9e fc fc a7 38 ac 52 07 31 8c 1b c3 // 0d b2 a7 27 ce 9a 82 30 39 20 eb 2a 3b 0a a9 99 02 f8 // 42 3e 75 48 43 e7 d6 ce b0 60 48 a8 d9 18 68 0c 04 2a // 42 37 0d c8 07 a3 98 af 79 3f 4b 1a 31 07 c3 77 14 74 // ba 13 d8 26 ce 56 34 d3 3c 48 5f 3f 97 cf fc 9e a1 e0 // 26 f4 32 7e 96 d5 a4 02 68 c7 53 58 06 1e 75 63 3e be // 43 e9 46 f2 ba d5 59 73 c8 1f ff 7d 48 43 dd 1d b3 61 // 80 dd 3b 56 92 f9 8a ce 68 05 c6 7a 9e 20 21 6a ac 90 // 8b 9a 61 11 c6} (length 0xfe) // } // len: len = 0xfe (8 bytes) // } // } // } // msg_iovlen: len = 0x5 (8 bytes) // msg_control: nil // msg_controllen: bytesize = 0x0 (8 bytes) // msg_flags: const = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // } // msg_len: const = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // } // mmsghdr_inet { // msg_hdr: msghdr_inet { // msg_name: nil // msg_namelen: len = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // msg_iov: ptr[in, array[iovec[in, array[int8]]]] { // array[iovec[in, array[int8]]] { // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {ce 90 bf db} (length 0x4) // } // len: len = 0x4 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {f2 e6 59} (length 0x3) // } // len: len = 0x3 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {d4} (length 0x1) // } // len: len = 0x1 (8 bytes) // } // } // } // msg_iovlen: len = 0x3 (8 bytes) // msg_control: nil // msg_controllen: bytesize = 0x0 (8 bytes) // msg_flags: const = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // } // msg_len: const = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // } // mmsghdr_inet { // msg_hdr: msghdr_inet { // msg_name: nil // msg_namelen: len = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // msg_iov: ptr[in, array[iovec[in, array[int8]]]] { // array[iovec[in, array[int8]]] { // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {e1} (length 0x1) // } // len: len = 0x1 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {fa} (length 0x1) // } // len: len = 0x1 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {d8} (length 0x1) // } // len: len = 0x1 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {f2 96 4d d1} (length 0x4) // } // len: len = 0x4 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {b8 a2 f6} (length 0x3) // } // len: len = 0x3 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {79 40 e9 00 e0 37 77 57 a9 ed c0 d9 37 6c 21 // 32 8a d2 f7 58 4f e4 c8 b7 12 b3 e5 e0 8e cf f5 25 81 // 51 bd 9e ea 7b 4c e2 1f 67 ab 51 92 2c e0 35 98 71 27 // fd a5 81 2d f9 03 18 8e 32 14 19 61 0f 4b eb 6c df 6f // a0 73 87 61 57 c4 f1 d2 05 44 39 d8 db 3f 4d 93 78 72 // de 92 8b 62 74 1f d6 0e 6b 56 97 9a d8 83 f8 9a 02 e2 // 4a 57 72 75 bf b4 98 b7 a1 27 ab d0 eb 09 9e 70 4d 18 // d6 3d ad 61 1b 45 ac fc 3b 8d c5 45 7c 83 83 d7 d8 62 // 19 42 e8 e2 ce 6e 40 17 dd 6e 5e d9 73 2e 73 9b e6 59 // 3c 3b 03 35 24 66 9c e1 7c 3b 82 2a 69 53 eb 11 a2 09 // 21 22 00 00 00 00 00 00 00 00} (length 0xbb) // } // len: len = 0xbb (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {87} (length 0x1) // } // len: len = 0x1 (8 bytes) // } // } // } // msg_iovlen: len = 0x7 (8 bytes) // msg_control: nil // msg_controllen: bytesize = 0x0 (8 bytes) // msg_flags: const = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // } // msg_len: const = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // } // mmsghdr_inet { // msg_hdr: msghdr_inet { // msg_name: nil // msg_namelen: len = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // msg_iov: ptr[in, array[iovec[in, array[int8]]]] { // array[iovec[in, array[int8]]] { // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {87} (length 0x1) // } // len: len = 0x1 (8 bytes) // } // iovec[in, array[int8]] { // addr: ptr[in, buffer] { // buffer: {11 e0 90 17} (length 0x4) // } // len: len = 0xfffffec4 (8 bytes) // } // } // } // msg_iovlen: len = 0x2 (8 bytes) // msg_control: nil // msg_controllen: bytesize = 0x0 (8 bytes) // msg_flags: const = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // } // msg_len: const = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // } // } // } // vlen: len = 0x4 (8 bytes) // f: send_flags = 0x4000000 (8 bytes) // ] *(uint64_t*)0x200000000d00 = 0; *(uint32_t*)0x200000000d08 = 0; *(uint64_t*)0x200000000d10 = 0x200000002c00; *(uint64_t*)0x200000002c00 = 0x200000001500; memset((void*)0x200000001500, 0, 9); *(uint64_t*)0x200000002c08 = 9; *(uint64_t*)0x200000002c10 = 0x200000002800; memset((void*)0x200000002800, 207, 1); *(uint64_t*)0x200000002c18 = 1; *(uint64_t*)0x200000002c20 = 0x200000000380; memcpy((void*)0x200000000380, "\x08\xe0\xac\x8f\xb1\xd9\x9d\xf6\x1d\x7b\x51\x8d\x0a\x62", 14); *(uint64_t*)0x200000002c28 = 0xe; *(uint64_t*)0x200000002c30 = 0x200000000180; memset((void*)0x200000000180, 138, 1); *(uint64_t*)0x200000002c38 = 1; *(uint64_t*)0x200000002c40 = 0x2000000005c0; memcpy( (void*)0x2000000005c0, "\xf5\xfb\xfd\x4f\x15\x95\x31\x77\x00\xff\x55\xf1\xf9\x60\xff\x70\xfb" "\xa6\x40\x53\xef\x1c\x95\x2b\x85\x61\x07\x1c\xcf\xbe\xd9\x6b\x72\x27" "\xea\xaf\x92\xa1\x35\x8a\xfc\x14\x8a\x8a\xaf\xa5\x8b\x24\x44\x56\x1a" "\xcf\x9a\x51\x14\xb2\x07\x01\x9d\xa8\x51\x8f\xea\x9f\xd1\x89\xe3\x61" "\x6e\xc0\xad\x37\xf8\x6f\x43\x1d\x6f\x4f\x1f\xbe\x1b\x0e\x3e\x64\x0a" "\xc2\xb1\xf7\xff\x33\xcf\x28\xd2\x7c\x40\x51\x3b\x6c\xee\x87\xfb\xd1" "\x44\xc8\x42\xc5\xc7\xb6\x75\x2e\xa1\x9e\xfc\xfc\xa7\x38\xac\x52\x07" "\x31\x8c\x1b\xc3\x0d\xb2\xa7\x27\xce\x9a\x82\x30\x39\x20\xeb\x2a\x3b" "\x0a\xa9\x99\x02\xf8\x42\x3e\x75\x48\x43\xe7\xd6\xce\xb0\x60\x48\xa8" "\xd9\x18\x68\x0c\x04\x2a\x42\x37\x0d\xc8\x07\xa3\x98\xaf\x79\x3f\x4b" "\x1a\x31\x07\xc3\x77\x14\x74\xba\x13\xd8\x26\xce\x56\x34\xd3\x3c\x48" "\x5f\x3f\x97\xcf\xfc\x9e\xa1\xe0\x26\xf4\x32\x7e\x96\xd5\xa4\x02\x68" "\xc7\x53\x58\x06\x1e\x75\x63\x3e\xbe\x43\xe9\x46\xf2\xba\xd5\x59\x73" "\xc8\x1f\xff\x7d\x48\x43\xdd\x1d\xb3\x61\x80\xdd\x3b\x56\x92\xf9\x8a" "\xce\x68\x05\xc6\x7a\x9e\x20\x21\x6a\xac\x90\x8b\x9a\x61\x11\xc6", 254); *(uint64_t*)0x200000002c48 = 0xfe; *(uint64_t*)0x200000000d18 = 5; *(uint64_t*)0x200000000d20 = 0; *(uint64_t*)0x200000000d28 = 0; *(uint32_t*)0x200000000d30 = 0; *(uint32_t*)0x200000000d38 = 0; *(uint64_t*)0x200000000d40 = 0; *(uint32_t*)0x200000000d48 = 0; *(uint64_t*)0x200000000d50 = 0x200000002f00; *(uint64_t*)0x200000002f00 = 0x200000001580; memcpy((void*)0x200000001580, "\xce\x90\xbf\xdb", 4); *(uint64_t*)0x200000002f08 = 4; *(uint64_t*)0x200000002f10 = 0x2000000007c0; memcpy((void*)0x2000000007c0, "\xf2\xe6\x59", 3); *(uint64_t*)0x200000002f18 = 3; *(uint64_t*)0x200000002f20 = 0x200000002e40; memset((void*)0x200000002e40, 212, 1); *(uint64_t*)0x200000002f28 = 1; *(uint64_t*)0x200000000d58 = 3; *(uint64_t*)0x200000000d60 = 0; *(uint64_t*)0x200000000d68 = 0; *(uint32_t*)0x200000000d70 = 0; *(uint32_t*)0x200000000d78 = 0; *(uint64_t*)0x200000000d80 = 0; *(uint32_t*)0x200000000d88 = 0; *(uint64_t*)0x200000000d90 = 0x200000000440; *(uint64_t*)0x200000000440 = 0x200000003000; memset((void*)0x200000003000, 225, 1); *(uint64_t*)0x200000000448 = 1; *(uint64_t*)0x200000000450 = 0x2000000010c0; memset((void*)0x2000000010c0, 250, 1); *(uint64_t*)0x200000000458 = 1; *(uint64_t*)0x200000000460 = 0x200000001680; memset((void*)0x200000001680, 216, 1); *(uint64_t*)0x200000000468 = 1; *(uint64_t*)0x200000000470 = 0x200000001600; memcpy((void*)0x200000001600, "\xf2\x96\x4d\xd1", 4); *(uint64_t*)0x200000000478 = 4; *(uint64_t*)0x200000000480 = 0x200000000580; memcpy((void*)0x200000000580, "\xb8\xa2\xf6", 3); *(uint64_t*)0x200000000488 = 3; *(uint64_t*)0x200000000490 = 0x2000000002c0; memcpy( (void*)0x2000000002c0, "\x79\x40\xe9\x00\xe0\x37\x77\x57\xa9\xed\xc0\xd9\x37\x6c\x21\x32\x8a" "\xd2\xf7\x58\x4f\xe4\xc8\xb7\x12\xb3\xe5\xe0\x8e\xcf\xf5\x25\x81\x51" "\xbd\x9e\xea\x7b\x4c\xe2\x1f\x67\xab\x51\x92\x2c\xe0\x35\x98\x71\x27" "\xfd\xa5\x81\x2d\xf9\x03\x18\x8e\x32\x14\x19\x61\x0f\x4b\xeb\x6c\xdf" "\x6f\xa0\x73\x87\x61\x57\xc4\xf1\xd2\x05\x44\x39\xd8\xdb\x3f\x4d\x93" "\x78\x72\xde\x92\x8b\x62\x74\x1f\xd6\x0e\x6b\x56\x97\x9a\xd8\x83\xf8" "\x9a\x02\xe2\x4a\x57\x72\x75\xbf\xb4\x98\xb7\xa1\x27\xab\xd0\xeb\x09" "\x9e\x70\x4d\x18\xd6\x3d\xad\x61\x1b\x45\xac\xfc\x3b\x8d\xc5\x45\x7c" "\x83\x83\xd7\xd8\x62\x19\x42\xe8\xe2\xce\x6e\x40\x17\xdd\x6e\x5e\xd9" "\x73\x2e\x73\x9b\xe6\x59\x3c\x3b\x03\x35\x24\x66\x9c\xe1\x7c\x3b\x82" "\x2a\x69\x53\xeb\x11\xa2\x09\x21\x22\x00\x00\x00\x00\x00\x00\x00\x00", 187); *(uint64_t*)0x200000000498 = 0xbb; *(uint64_t*)0x2000000004a0 = 0x200000000280; memset((void*)0x200000000280, 135, 1); *(uint64_t*)0x2000000004a8 = 1; *(uint64_t*)0x200000000d98 = 7; *(uint64_t*)0x200000000da0 = 0; *(uint64_t*)0x200000000da8 = 0; *(uint32_t*)0x200000000db0 = 0; *(uint32_t*)0x200000000db8 = 0; *(uint64_t*)0x200000000dc0 = 0; *(uint32_t*)0x200000000dc8 = 0; *(uint64_t*)0x200000000dd0 = 0x200000000a40; *(uint64_t*)0x200000000a40 = 0x200000000880; memset((void*)0x200000000880, 135, 1); *(uint64_t*)0x200000000a48 = 1; *(uint64_t*)0x200000000a50 = 0x200000000900; memcpy((void*)0x200000000900, "\x11\xe0\x90\x17", 4); *(uint64_t*)0x200000000a58 = 0xfffffec4; *(uint64_t*)0x200000000dd8 = 2; *(uint64_t*)0x200000000de0 = 0; *(uint64_t*)0x200000000de8 = 0; *(uint32_t*)0x200000000df0 = 0; *(uint32_t*)0x200000000df8 = 0; syscall(__NR_sendmmsg, /*fd=*/r[0], /*mmsg=*/0x200000000d00ul, /*vlen=*/4ul, /*f=MSG_ZEROCOPY*/ 0x4000000ul); break; case 6: // setsockopt$sock_int arguments: [ // fd: sock (resource) // level: const = 0x1 (4 bytes) // optname: sockopt_opt_sock_int = 0x20 (4 bytes) // optval: ptr[in, int32] { // int32 = 0x7fffffff (4 bytes) // } // optlen: len = 0x4 (8 bytes) // ] *(uint32_t*)0x200000000000 = 0x7fffffff; syscall(__NR_setsockopt, /*fd=*/r[0], /*level=*/1, /*optname=SO_SNDBUFFORCE*/ 0x20, /*optval=*/0x200000000000ul, /*optlen=*/4ul); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; loop(); return 0; }