// https://syzkaller.appspot.com/bug?id=004b0f7b61d4901cbfecfc33de7996e8cbe0a278 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0x2b, 1, 0); if (res != -1) r[0] = res; *(uint64_t*)0x20003d80 = 0; *(uint32_t*)0x20003d88 = 0; *(uint64_t*)0x20003d90 = 0x200002c0; *(uint64_t*)0x200002c0 = 0x20000080; *(uint64_t*)0x200002c8 = 0; *(uint64_t*)0x200002d0 = 0x200000c0; *(uint64_t*)0x200002d8 = 0; *(uint64_t*)0x200002e0 = 0x20000180; *(uint64_t*)0x200002e8 = 0; *(uint64_t*)0x200002f0 = 0x200001c0; *(uint64_t*)0x200002f8 = 0; *(uint64_t*)0x20003d98 = 4; *(uint64_t*)0x20003da0 = 0x20000300; *(uint64_t*)0x20000300 = 0x10; *(uint32_t*)0x20000308 = 0x116; *(uint32_t*)0x2000030c = 0xff; *(uint64_t*)0x20000310 = 0x10; *(uint32_t*)0x20000318 = 0x116; *(uint32_t*)0x2000031c = 0xfce; *(uint64_t*)0x20000320 = 0x10; *(uint32_t*)0x20000328 = 0x10a; *(uint32_t*)0x2000032c = 3; *(uint64_t*)0x20003da8 = 0x30; *(uint32_t*)0x20003db0 = 0x2000c010; *(uint32_t*)0x20003db8 = 7; *(uint64_t*)0x20003dc0 = 0x20001440; *(uint16_t*)0x20001440 = 0x18; *(uint32_t*)0x20001442 = 1; *(uint32_t*)0x20001446 = 0; *(uint32_t*)0x2000144a = r[0]; *(uint32_t*)0x2000144e = 1; *(uint32_t*)0x20001452 = 2; *(uint32_t*)0x20001456 = 2; *(uint32_t*)0x2000145a = 3; *(uint16_t*)0x2000145e = 0xa; *(uint16_t*)0x20001460 = htobe16(0x4e20); *(uint32_t*)0x20001462 = 4; *(uint8_t*)0x20001466 = 0xfe; *(uint8_t*)0x20001467 = 0x80; *(uint8_t*)0x20001468 = 0; *(uint8_t*)0x20001469 = 0; *(uint8_t*)0x2000146a = 0; *(uint8_t*)0x2000146b = 0; *(uint8_t*)0x2000146c = 0; *(uint8_t*)0x2000146d = 0; *(uint8_t*)0x2000146e = 0; *(uint8_t*)0x2000146f = 0; *(uint8_t*)0x20001470 = 0; *(uint8_t*)0x20001471 = 0; *(uint8_t*)0x20001472 = 0; *(uint8_t*)0x20001473 = 0; *(uint8_t*)0x20001474 = 0; *(uint8_t*)0x20001475 = 0xaa; *(uint32_t*)0x20001476 = 2; *(uint32_t*)0x20003dc8 = 0x80; *(uint64_t*)0x20003dd0 = 0x20001880; *(uint64_t*)0x20001880 = 0x200014c0; *(uint64_t*)0x20001888 = 0; *(uint64_t*)0x20001890 = 0x200015c0; *(uint64_t*)0x20001898 = 0; *(uint64_t*)0x200018a0 = 0x200016c0; *(uint64_t*)0x200018a8 = 0; *(uint64_t*)0x200018b0 = 0x20001740; *(uint64_t*)0x200018b8 = 0; *(uint64_t*)0x200018c0 = 0x200017c0; *(uint64_t*)0x200018c8 = 0; *(uint64_t*)0x200018d0 = 0x20001800; *(uint64_t*)0x200018d8 = 0; *(uint64_t*)0x20003dd8 = 6; *(uint64_t*)0x20003de0 = 0x20001900; *(uint64_t*)0x20001900 = 0x10; *(uint32_t*)0x20001908 = 0x10b; *(uint32_t*)0x2000190c = 0xfffff3b3; *(uint64_t*)0x20001910 = 0x10; *(uint32_t*)0x20001918 = 0x119; *(uint32_t*)0x2000191c = 6; *(uint64_t*)0x20001920 = 0x10; *(uint32_t*)0x20001928 = 0x100; *(uint32_t*)0x2000192c = 7; *(uint64_t*)0x20001930 = 0x10; *(uint32_t*)0x20001938 = 0x113; *(uint32_t*)0x2000193c = 7; *(uint64_t*)0x20001940 = 0x10; *(uint32_t*)0x20001948 = 0x111; *(uint32_t*)0x2000194c = 0x1ff; *(uint64_t*)0x20001950 = 0x10; *(uint32_t*)0x20001958 = 0x113; *(uint32_t*)0x2000195c = 5; *(uint64_t*)0x20001960 = 0x10; *(uint32_t*)0x20001968 = 1; *(uint32_t*)0x2000196c = 0; *(uint64_t*)0x20001970 = 0x10; *(uint32_t*)0x20001978 = 0x111; *(uint32_t*)0x2000197c = 1; *(uint64_t*)0x20001980 = 0x10; *(uint32_t*)0x20001988 = 0x101; *(uint32_t*)0x2000198c = 8; *(uint64_t*)0x20001990 = 0x10; *(uint32_t*)0x20001998 = 0x10f; *(uint32_t*)0x2000199c = 0x7fff; *(uint64_t*)0x20003de8 = 0xa0; *(uint32_t*)0x20003df0 = 4; *(uint32_t*)0x20003df8 = 0x1dc; syscall(__NR_sendmmsg, r[0], 0x20003d80, 2, 0x20000800); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }