// https://syzkaller.appspot.com/bug?id=a8733289ee7ad0f009602be2d31d436da93344b8 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_bind #define __NR_bind 361 #endif #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_sendto #define __NR_sendto 369 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_socket #define __NR_socket 359 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; res = syscall(__NR_socket, 0xa, 1, 0); if (res != -1) r[0] = res; *(uint8_t*)0x20000640 = 0x87; *(uint8_t*)0x20000641 = 0x19; *(uint8_t*)0x20000642 = 0; *(uint8_t*)0x20000643 = 0; *(uint8_t*)0x20000644 = 0; *(uint8_t*)0x20000645 = 0; *(uint8_t*)0x20000646 = 0; *(uint8_t*)0x20000647 = 0; *(uint8_t*)0x20000648 = 4; *(uint8_t*)0x20000649 = 0xc3; memcpy((void*)0x2000064a, "\xdf\x0b\xef\x7e\x2c\x0a\x7a\x0a\xf0\x8f\x06\x7e\xed\xba\x64\xca\x03" "\x21\x95\x69\xb9\x56\x67\xac\x78\xfd\x78\x7d\x52\xd7\x89\xa7\xdd\xee" "\xa4\x00\x8f\x49\x3c\xc2\xea\xd8\x5d\x36\xd0\xbb\xf9\xab\x20\xc4\xe4" "\x72\x2a\xcb\x01\x8d\x23\x9a\x3a\x4d\x16\xb6\x11\x02\xf8\x25\xb8\x0a" "\x20\x9a\x8f\x62\x67\xbe\x2f\x78\x38\xef\xc5\x04\x68\x31\x45\xb1\x21" "\x98\x4b\x9d\x24\xa2\xe2\x92\xce\xd0\x2b\x3a\x6c\x4f\x4e\xa9\xb9\x8d" "\x5e\x72\x82\x41\x4f\xeb\xd3\xf5\x5f\xcb\x30\x79\xc4\x50\x0c\x06\xa3" "\x48\x22\x83\x93\x58\x3c\x92\xe2\xd7\x58\x37\xff\xc9\x78\xab\x83\xb4" "\xb0\x83\xed\x51\xb1\xfe\x03\x47\xee\x69\x78\x04\xed\x7b\x8d\x58\xcc" "\x13\x7c\xe6\xa0\xc5\x05\x4c\xc2\x79\x62\x8b\xc5\x26\x59\xec\x85\xfd" "\xe5\x45\xa1\x9a\xb8\x53\x49\x43\x1f\x1f\x4e\x7d\xc3\x97\x4b\xbc\x22" "\xd1\x26\x9b\x7a\x5b\x8a\x0e\xa3", 195); *(uint8_t*)0x2000070d = 0; *(uint8_t*)0x2000070e = 1; *(uint8_t*)0x2000070f = 0; syscall(__NR_setsockopt, (long)r[0], 0x29, 0x3b, 0x20000640, 0xd0); *(uint16_t*)0x20000040 = 0xa; *(uint16_t*)0x20000042 = htobe16(0x4e20); *(uint32_t*)0x20000044 = 0; *(uint64_t*)0x20000048 = htobe64(0); *(uint64_t*)0x20000050 = htobe64(1); *(uint32_t*)0x20000058 = 0; syscall(__NR_bind, (long)r[0], 0x20000040, 0x1c); *(uint16_t*)0x204a5fe4 = 0xa; *(uint16_t*)0x204a5fe6 = htobe16(0x4e20); *(uint32_t*)0x204a5fe8 = 0; *(uint64_t*)0x204a5fec = htobe64(0); *(uint64_t*)0x204a5ff4 = htobe64(1); *(uint32_t*)0x204a5ffc = 0; syscall(__NR_sendto, (long)r[0], 0x20f98000, 0xfffffff3, 0x2000000c, 0x204a5fe4, 0x1c); return 0; }