// https://syzkaller.appspot.com/bug?id=f0e01204e654ebd94c1d5ec4b99a76e9aa668bf7 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_getsockopt #define __NR_getsockopt 365 #endif #ifndef __NR_add_key #define __NR_add_key 286 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 void loop() { *(uint32_t*)0x20000200 = 0; *(uint32_t*)0x20000204 = 0x88; *(uint32_t*)0x20000208 = 0x20000300; *(uint16_t*)0x20000300 = 2; *(uint16_t*)0x20000302 = htobe16(0x4e23); *(uint8_t*)0x20000304 = 0xac; *(uint8_t*)0x20000305 = 0x14; *(uint8_t*)0x20000306 = 0x14; *(uint8_t*)0x20000307 = 0xbb; *(uint8_t*)0x20000308 = 0; *(uint8_t*)0x20000309 = 0; *(uint8_t*)0x2000030a = 0; *(uint8_t*)0x2000030b = 0; *(uint8_t*)0x2000030c = 0; *(uint8_t*)0x2000030d = 0; *(uint8_t*)0x2000030e = 0; *(uint8_t*)0x2000030f = 0; *(uint16_t*)0x20000310 = 2; *(uint16_t*)0x20000312 = htobe16(0x4e21); *(uint32_t*)0x20000314 = htobe32(-1); *(uint8_t*)0x20000318 = 0; *(uint8_t*)0x20000319 = 0; *(uint8_t*)0x2000031a = 0; *(uint8_t*)0x2000031b = 0; *(uint8_t*)0x2000031c = 0; *(uint8_t*)0x2000031d = 0; *(uint8_t*)0x2000031e = 0; *(uint8_t*)0x2000031f = 0; *(uint16_t*)0x20000320 = 2; *(uint16_t*)0x20000322 = htobe16(0x4e23); *(uint32_t*)0x20000324 = htobe32(0xe0000002); *(uint8_t*)0x20000328 = 0; *(uint8_t*)0x20000329 = 0; *(uint8_t*)0x2000032a = 0; *(uint8_t*)0x2000032b = 0; *(uint8_t*)0x2000032c = 0; *(uint8_t*)0x2000032d = 0; *(uint8_t*)0x2000032e = 0; *(uint8_t*)0x2000032f = 0; *(uint16_t*)0x20000330 = 0xa; *(uint16_t*)0x20000332 = htobe16(0x4e22); *(uint32_t*)0x20000334 = 0; *(uint8_t*)0x20000338 = -1; *(uint8_t*)0x20000339 = 2; *(uint8_t*)0x2000033a = 0; *(uint8_t*)0x2000033b = 0; *(uint8_t*)0x2000033c = 0; *(uint8_t*)0x2000033d = 0; *(uint8_t*)0x2000033e = 0; *(uint8_t*)0x2000033f = 0; *(uint8_t*)0x20000340 = 0; *(uint8_t*)0x20000341 = 0; *(uint8_t*)0x20000342 = 0; *(uint8_t*)0x20000343 = 0; *(uint8_t*)0x20000344 = 0; *(uint8_t*)0x20000345 = 0; *(uint8_t*)0x20000346 = 0; *(uint8_t*)0x20000347 = 1; *(uint32_t*)0x20000348 = 3; *(uint16_t*)0x2000034c = 2; *(uint16_t*)0x2000034e = htobe16(0x4e22); *(uint32_t*)0x20000350 = htobe32(0x7f000001); *(uint8_t*)0x20000354 = 0; *(uint8_t*)0x20000355 = 0; *(uint8_t*)0x20000356 = 0; *(uint8_t*)0x20000357 = 0; *(uint8_t*)0x20000358 = 0; *(uint8_t*)0x20000359 = 0; *(uint8_t*)0x2000035a = 0; *(uint8_t*)0x2000035b = 0; *(uint16_t*)0x2000035c = 0xa; *(uint16_t*)0x2000035e = htobe16(0x4e24); *(uint32_t*)0x20000360 = 0; *(uint8_t*)0x20000364 = 0; *(uint8_t*)0x20000365 = 0; *(uint8_t*)0x20000366 = 0; *(uint8_t*)0x20000367 = 0; *(uint8_t*)0x20000368 = 0; *(uint8_t*)0x20000369 = 0; *(uint8_t*)0x2000036a = 0; *(uint8_t*)0x2000036b = 0; *(uint8_t*)0x2000036c = 0; *(uint8_t*)0x2000036d = 0; *(uint8_t*)0x2000036e = 0; *(uint8_t*)0x2000036f = 0; *(uint8_t*)0x20000370 = 0; *(uint8_t*)0x20000371 = 0; *(uint8_t*)0x20000372 = 0; *(uint8_t*)0x20000373 = 0; *(uint32_t*)0x20000374 = 6; *(uint16_t*)0x20000378 = 2; *(uint16_t*)0x2000037a = htobe16(0x4e22); *(uint32_t*)0x2000037c = htobe32(0x7f000001); *(uint8_t*)0x20000380 = 0; *(uint8_t*)0x20000381 = 0; *(uint8_t*)0x20000382 = 0; *(uint8_t*)0x20000383 = 0; *(uint8_t*)0x20000384 = 0; *(uint8_t*)0x20000385 = 0; *(uint8_t*)0x20000386 = 0; *(uint8_t*)0x20000387 = 0; *(uint32_t*)0x20000240 = 0x10; syscall(__NR_getsockopt, -1, 0x84, 0x6f, 0x20000200, 0x20000240); memcpy((void*)0x20000280, "dns_resolver", 13); *(uint8_t*)0x200002c0 = 0x73; *(uint8_t*)0x200002c1 = 0x79; *(uint8_t*)0x200002c2 = 0x7a; *(uint8_t*)0x200002c3 = 0; *(uint8_t*)0x200002c4 = 0; syscall(__NR_add_key, 0x20000280, 0x200002c0, 0x20000300, 0xfffff, 0xfffffffd); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }