// https://syzkaller.appspot.com/bug?id=7bd6fc42489ba2eb2a9e44977633abd1c2fe0624 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #ifndef __NR_mmap #define __NR_mmap 90 #endif #ifndef __NR_socket #define __NR_socket 359 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_sendto #define __NR_sendto 369 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 long r[62]; void loop() { memset(r, -1, sizeof(r)); r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); r[1] = syscall(__NR_socket, 0x2ul, 0x3ul, 0x1ul); *(uint32_t*)0x20049f18 = (uint32_t)0x0; *(uint8_t*)0x20049f28 = (uint8_t)0xac; *(uint8_t*)0x20049f29 = (uint8_t)0x14; *(uint8_t*)0x20049f2a = (uint8_t)0x0; *(uint8_t*)0x20049f2b = (uint8_t)0xbb; *(uint16_t*)0x20049f38 = (uint16_t)0x234e; *(uint16_t*)0x20049f3a = (uint16_t)0x0; *(uint16_t*)0x20049f3c = (uint16_t)0x204e; *(uint16_t*)0x20049f3e = (uint16_t)0x0; *(uint16_t*)0x20049f40 = (uint16_t)0x2; *(uint8_t*)0x20049f42 = (uint8_t)0x0; *(uint8_t*)0x20049f43 = (uint8_t)0xfffffffffffffffd; *(uint8_t*)0x20049f44 = (uint8_t)0x0; *(uint32_t*)0x20049f48 = (uint32_t)0x0; *(uint32_t*)0x20049f4c = (uint32_t)0x0; *(uint64_t*)0x20049f50 = (uint64_t)0x0; *(uint64_t*)0x20049f58 = (uint64_t)0x800000000000000; *(uint64_t*)0x20049f60 = (uint64_t)0x0; *(uint64_t*)0x20049f68 = (uint64_t)0x0; *(uint64_t*)0x20049f70 = (uint64_t)0x0; *(uint64_t*)0x20049f78 = (uint64_t)0x0; *(uint64_t*)0x20049f80 = (uint64_t)0x0; *(uint64_t*)0x20049f88 = (uint64_t)0x0; *(uint64_t*)0x20049f90 = (uint64_t)0x0; *(uint64_t*)0x20049f98 = (uint64_t)0x0; *(uint64_t*)0x20049fa0 = (uint64_t)0xff7fffffffffffff; *(uint64_t*)0x20049fa8 = (uint64_t)0x0; *(uint32_t*)0x20049fb0 = (uint32_t)0x1; *(uint32_t*)0x20049fb4 = (uint32_t)0x0; *(uint8_t*)0x20049fb8 = (uint8_t)0x8000000000000001; *(uint8_t*)0x20049fb9 = (uint8_t)0x0; *(uint8_t*)0x20049fba = (uint8_t)0x0; *(uint8_t*)0x20049fbb = (uint8_t)0x0; *(uint32_t*)0x20049fc0 = (uint32_t)0x0; *(uint32_t*)0x20049fd0 = (uint32_t)0x0; *(uint8_t*)0x20049fd4 = (uint8_t)0x0; *(uint16_t*)0x20049fd8 = (uint16_t)0xa; *(uint64_t*)0x20049fdc = (uint64_t)0x0; *(uint64_t*)0x20049fe4 = (uint64_t)0x100000000000000; *(uint32_t*)0x20049fec = (uint32_t)0x0; *(uint8_t*)0x20049ff0 = (uint8_t)0xfffffffffffffffd; *(uint8_t*)0x20049ff1 = (uint8_t)0x0; *(uint8_t*)0x20049ff2 = (uint8_t)0xffffffffffffffff; *(uint32_t*)0x20049ff4 = (uint32_t)0x0; *(uint32_t*)0x20049ff8 = (uint32_t)0x7f; *(uint32_t*)0x20049ffc = (uint32_t)0x0; r[48] = syscall(__NR_setsockopt, r[1], 0x0ul, 0x11ul, 0x20049f18ul, 0xe8ul); memcpy((void*)0x20fdbfc0, "\x81\x61", 2); *(uint16_t*)0x20fdbff0 = (uint16_t)0x2; *(uint16_t*)0x20fdbff2 = (uint16_t)0x204e; *(uint32_t*)0x20fdbff4 = (uint32_t)0x0; *(uint8_t*)0x20fdbff8 = (uint8_t)0x0; *(uint8_t*)0x20fdbff9 = (uint8_t)0x0; *(uint8_t*)0x20fdbffa = (uint8_t)0x0; *(uint8_t*)0x20fdbffb = (uint8_t)0x0; *(uint8_t*)0x20fdbffc = (uint8_t)0x0; *(uint8_t*)0x20fdbffd = (uint8_t)0x0; *(uint8_t*)0x20fdbffe = (uint8_t)0x0; *(uint8_t*)0x20fdbfff = (uint8_t)0x0; r[61] = syscall(__NR_sendto, r[1], 0x20fdbfc0ul, 0x2ul, 0x0ul, 0x20fdbff0ul, 0x10ul); } int main() { loop(); return 0; }