// https://syzkaller.appspot.com/bug?id=004b0f7b61d4901cbfecfc33de7996e8cbe0a278 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0x2b, 1, 0); if (res != -1) r[0] = res; *(uint64_t*)0x20002f80 = 0x20000080; *(uint16_t*)0x20000080 = 0x306; *(uint8_t*)0x20000082 = 0xaa; *(uint8_t*)0x20000083 = 0xaa; *(uint8_t*)0x20000084 = 0xaa; *(uint8_t*)0x20000085 = 0xaa; *(uint8_t*)0x20000086 = 0xaa; *(uint8_t*)0x20000087 = 0xbb; *(uint32_t*)0x20002f88 = 0x80; *(uint64_t*)0x20002f90 = 0x20000140; *(uint64_t*)0x20000140 = 0x20000100; *(uint64_t*)0x20000148 = 0; *(uint64_t*)0x20002f98 = 1; *(uint64_t*)0x20002fa0 = 0x20000180; *(uint64_t*)0x20000180 = 0x10; *(uint32_t*)0x20000188 = 0xff; *(uint32_t*)0x2000018c = 0x400; *(uint64_t*)0x20000190 = 0x10; *(uint32_t*)0x20000198 = 0x115; *(uint32_t*)0x2000019c = 0xff; *(uint64_t*)0x20002fa8 = 0x20; *(uint32_t*)0x20002fb0 = 0x4008800; *(uint32_t*)0x20002fb8 = 8; *(uint64_t*)0x20002fc0 = 0x200002c0; *(uint16_t*)0x200002c0 = 0x18; *(uint32_t*)0x200002c2 = 1; *(uint32_t*)0x200002c6 = 0; *(uint32_t*)0x200002ca = r[0]; *(uint16_t*)0x200002ce = 2; *(uint16_t*)0x200002d0 = htobe16(0x4e24); *(uint32_t*)0x200002d2 = htobe32(0xe0000002); *(uint8_t*)0x200002d6 = 0; *(uint8_t*)0x200002d7 = 0; *(uint8_t*)0x200002d8 = 0; *(uint8_t*)0x200002d9 = 0; *(uint8_t*)0x200002da = 0; *(uint8_t*)0x200002db = 0; *(uint8_t*)0x200002dc = 0; *(uint8_t*)0x200002dd = 0; *(uint16_t*)0x200002de = 0; *(uint16_t*)0x200002e0 = 2; *(uint16_t*)0x200002e2 = 2; *(uint16_t*)0x200002e4 = 4; *(uint32_t*)0x20002fc8 = 0x80; *(uint64_t*)0x20002fd0 = 0x200006c0; *(uint64_t*)0x200006c0 = 0x20000340; *(uint64_t*)0x200006c8 = 0; *(uint64_t*)0x200006d0 = 0x20000380; *(uint64_t*)0x200006d8 = 0; *(uint64_t*)0x200006e0 = 0x200003c0; *(uint64_t*)0x200006e8 = 0; *(uint64_t*)0x200006f0 = 0x20000440; *(uint64_t*)0x200006f8 = 0; *(uint64_t*)0x20000700 = 0x20000540; *(uint64_t*)0x20000708 = 0; *(uint64_t*)0x20000710 = 0x20000600; *(uint64_t*)0x20000718 = 0; *(uint64_t*)0x20002fd8 = 6; *(uint64_t*)0x20002fe0 = 0x20000740; *(uint64_t*)0x20000740 = 0x10; *(uint32_t*)0x20000748 = 0x19f; *(uint32_t*)0x2000074c = 0; *(uint64_t*)0x20002fe8 = 0x10; *(uint32_t*)0x20002ff0 = 0x20000000; *(uint32_t*)0x20002ff8 = 1; *(uint64_t*)0x20003000 = 0x20000800; *(uint16_t*)0x20000800 = 0x26; memcpy((void*)0x20000802, "\x72\x6e\x67\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 14); *(uint32_t*)0x20000810 = 0; *(uint32_t*)0x20000814 = 0; memcpy((void*)0x20000818, "\x6a\x69\x74\x74\x65\x72\x65\x6e\x74\x72\x6f\x70\x79\x5f\x72\x6e\x67" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64); *(uint32_t*)0x20003008 = 0x80; *(uint64_t*)0x20003010 = 0x20000940; *(uint64_t*)0x20000940 = 0x20000880; *(uint64_t*)0x20000948 = 0; *(uint64_t*)0x20003018 = 1; *(uint64_t*)0x20003020 = 0x20000980; *(uint64_t*)0x20000980 = 0x10; *(uint32_t*)0x20000988 = 0x116; *(uint32_t*)0x2000098c = 1; *(uint64_t*)0x20000990 = 0x10; *(uint32_t*)0x20000998 = 0x10f; *(uint32_t*)0x2000099c = 0xe0d; *(uint64_t*)0x200009a0 = 0x10; *(uint32_t*)0x200009a8 = 0x11b; *(uint32_t*)0x200009ac = 2; *(uint64_t*)0x200009b0 = 0x10; *(uint32_t*)0x200009b8 = 0x88; *(uint32_t*)0x200009bc = 8; *(uint64_t*)0x200009c0 = 0x10; *(uint32_t*)0x200009c8 = 1; *(uint32_t*)0x200009cc = 3; *(uint64_t*)0x200009d0 = 0x10; *(uint32_t*)0x200009d8 = 0x3a; *(uint32_t*)0x200009dc = 0xfffffff8; *(uint64_t*)0x20003028 = 0x60; *(uint32_t*)0x20003030 = 0x80; *(uint32_t*)0x20003038 = 4; *(uint64_t*)0x20003040 = 0x20000d00; *(uint16_t*)0x20000d00 = 1; *(uint8_t*)0x20000d02 = 0xaa; *(uint8_t*)0x20000d03 = 0xaa; *(uint8_t*)0x20000d04 = 0xaa; *(uint8_t*)0x20000d05 = 0xaa; *(uint8_t*)0x20000d06 = 0xaa; *(uint8_t*)0x20000d07 = 0xbb; *(uint32_t*)0x20003048 = 0x80; *(uint64_t*)0x20003050 = 0x20001ec0; *(uint64_t*)0x20001ec0 = 0x20000d80; *(uint64_t*)0x20001ec8 = 0; *(uint64_t*)0x20001ed0 = 0x20000dc0; *(uint64_t*)0x20001ed8 = 0; *(uint64_t*)0x20001ee0 = 0x20000e40; *(uint64_t*)0x20001ee8 = 0; *(uint64_t*)0x20001ef0 = 0x20000ec0; *(uint64_t*)0x20001ef8 = 0; *(uint64_t*)0x20003058 = 4; *(uint64_t*)0x20003060 = 0x20001f00; *(uint64_t*)0x20001f00 = 0x10; *(uint32_t*)0x20001f08 = 0x116; *(uint32_t*)0x20001f0c = 0xfff; *(uint64_t*)0x20001f10 = 0x10; *(uint32_t*)0x20001f18 = 0x10d; *(uint32_t*)0x20001f1c = 3; *(uint64_t*)0x20001f20 = 0x10; *(uint32_t*)0x20001f28 = 0x115; *(uint32_t*)0x20001f2c = 6; *(uint64_t*)0x20003068 = 0x30; *(uint32_t*)0x20003070 = 0x80; *(uint32_t*)0x20003078 = 0x401; *(uint64_t*)0x20003080 = 0; *(uint32_t*)0x20003088 = 0; *(uint64_t*)0x20003090 = 0x20002200; *(uint64_t*)0x20002200 = 0x20002140; *(uint64_t*)0x20002208 = 0; *(uint64_t*)0x20002210 = 0x200021c0; *(uint64_t*)0x20002218 = 0; *(uint64_t*)0x20003098 = 2; *(uint64_t*)0x200030a0 = 0x20002240; *(uint64_t*)0x20002240 = 0x10; *(uint32_t*)0x20002248 = 0x114; *(uint32_t*)0x2000224c = 0xbc; *(uint64_t*)0x20002250 = 0x10; *(uint32_t*)0x20002258 = 0x88; *(uint32_t*)0x2000225c = 9; *(uint64_t*)0x200030a8 = 0x20; *(uint32_t*)0x200030b0 = 0x40000; *(uint32_t*)0x200030b8 = 0x8fb; *(uint64_t*)0x200030c0 = 0x20002400; *(uint16_t*)0x20002400 = 0x18; *(uint32_t*)0x20002402 = 1; *(uint32_t*)0x20002406 = 0; *(uint32_t*)0x2000240a = r[0]; *(uint32_t*)0x2000240e = 3; *(uint32_t*)0x20002412 = 3; *(uint32_t*)0x20002416 = 2; *(uint32_t*)0x2000241a = 4; *(uint16_t*)0x2000241e = 0xa; *(uint16_t*)0x20002420 = htobe16(0x4e23); *(uint32_t*)0x20002422 = 0x677d1241; *(uint8_t*)0x20002426 = 0xfe; *(uint8_t*)0x20002427 = 0x80; *(uint8_t*)0x20002428 = 0; *(uint8_t*)0x20002429 = 0; *(uint8_t*)0x2000242a = 0; *(uint8_t*)0x2000242b = 0; *(uint8_t*)0x2000242c = 0; *(uint8_t*)0x2000242d = 0; *(uint8_t*)0x2000242e = 0; *(uint8_t*)0x2000242f = 0; *(uint8_t*)0x20002430 = 0; *(uint8_t*)0x20002431 = 0; *(uint8_t*)0x20002432 = 0; *(uint8_t*)0x20002433 = 0; *(uint8_t*)0x20002434 = 0; *(uint8_t*)0x20002435 = 0xaa; *(uint32_t*)0x20002436 = 0; *(uint32_t*)0x200030c8 = 0x80; *(uint64_t*)0x200030d0 = 0x200029c0; *(uint64_t*)0x200029c0 = 0x20002480; *(uint64_t*)0x200029c8 = 0; *(uint64_t*)0x200029d0 = 0x200024c0; *(uint64_t*)0x200029d8 = 0; *(uint64_t*)0x200029e0 = 0x20002500; *(uint64_t*)0x200029e8 = 0; *(uint64_t*)0x200029f0 = 0x20002600; *(uint64_t*)0x200029f8 = 0; *(uint64_t*)0x20002a00 = 0x20002700; *(uint64_t*)0x20002a08 = 0; *(uint64_t*)0x20002a10 = 0x20002800; *(uint64_t*)0x20002a18 = 0; *(uint64_t*)0x20002a20 = 0x20002900; *(uint64_t*)0x20002a28 = 0; *(uint64_t*)0x20002a30 = 0x20002940; *(uint64_t*)0x20002a38 = 0; *(uint64_t*)0x200030d8 = 8; *(uint64_t*)0x200030e0 = 0x20002a40; *(uint64_t*)0x20002a40 = 0x10; *(uint32_t*)0x20002a48 = 0x116; *(uint32_t*)0x20002a4c = 2; *(uint64_t*)0x20002a50 = 0x10; *(uint32_t*)0x20002a58 = 0; *(uint32_t*)0x20002a5c = 3; *(uint64_t*)0x20002a60 = 0x10; *(uint32_t*)0x20002a68 = 0x11b; *(uint32_t*)0x20002a6c = 5; *(uint64_t*)0x20002a70 = 0x10; *(uint32_t*)0x20002a78 = 0; *(uint32_t*)0x20002a7c = 0xfff; *(uint64_t*)0x20002a80 = 0x10; *(uint32_t*)0x20002a88 = 0x117; *(uint32_t*)0x20002a8c = 0xfffffff8; *(uint64_t*)0x20002a90 = 0x10; *(uint32_t*)0x20002a98 = 0x10e; *(uint32_t*)0x20002a9c = 0x8001; *(uint64_t*)0x20002aa0 = 0x10; *(uint32_t*)0x20002aa8 = 0x113; *(uint32_t*)0x20002aac = 3; *(uint64_t*)0x20002ab0 = 0x10; *(uint32_t*)0x20002ab8 = 0x18e; *(uint32_t*)0x20002abc = 2; *(uint64_t*)0x20002ac0 = 0x10; *(uint32_t*)0x20002ac8 = 0x11f; *(uint32_t*)0x20002acc = 4; *(uint64_t*)0x200030e8 = 0x90; *(uint32_t*)0x200030f0 = 0x800; *(uint32_t*)0x200030f8 = 7; syscall(__NR_sendmmsg, r[0], 0x20002f80, 6, 0x20004081); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }