// https://syzkaller.appspot.com/bug?id=c10e35cea23d1e9c36c784c3b79607c78849c9f0 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include long r[2]; void loop() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0x10, 3, 0); *(uint64_t*)0x2001bfc8 = 0x20016000; *(uint32_t*)0x2001bfd0 = 0xc; *(uint64_t*)0x2001bfd8 = 0x2000b000; *(uint64_t*)0x2001bfe0 = 1; *(uint64_t*)0x2001bfe8 = 0; *(uint64_t*)0x2001bff0 = 0; *(uint32_t*)0x2001bff8 = 0; *(uint16_t*)0x20016000 = 0x10; *(uint16_t*)0x20016002 = 0; *(uint32_t*)0x20016004 = 0; *(uint32_t*)0x20016008 = 0; *(uint64_t*)0x2000b000 = 0x2001f000; *(uint64_t*)0x2000b008 = 0x24; *(uint32_t*)0x2001f000 = 0x24; *(uint16_t*)0x2001f004 = 0x18; *(uint16_t*)0x2001f006 = 0x251f; *(uint32_t*)0x2001f008 = 0; *(uint32_t*)0x2001f00c = 0; *(uint8_t*)0x2001f010 = 0xa; *(uint8_t*)0x2001f011 = 0; *(uint8_t*)0x2001f012 = 0; *(uint8_t*)0x2001f013 = 0; *(uint8_t*)0x2001f014 = 0; *(uint8_t*)0x2001f015 = 0; *(uint8_t*)0x2001f016 = 0; *(uint8_t*)0x2001f017 = 8; *(uint32_t*)0x2001f018 = 0; *(uint16_t*)0x2001f01c = 8; *(uint16_t*)0x2001f01e = 6; *(uint32_t*)0x2001f020 = -1; syscall(__NR_sendmsg, r[0], 0x2001bfc8, 0); r[1] = syscall(__NR_socket, 2, 0xa, 0); memcpy((void*)0x20dc4000, "\x6c\x6f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint32_t*)0x20dc4010 = 0; syscall(__NR_ioctl, r[1], 0x8922, 0x20dc4000); } int main() { loop(); return 0; }