// https://syzkaller.appspot.com/bug?id=004b0f7b61d4901cbfecfc33de7996e8cbe0a278 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0x2b, 1, 0); if (res != -1) r[0] = res; *(uint64_t*)0x20004280 = 0; *(uint32_t*)0x20004288 = 0; *(uint64_t*)0x20004290 = 0x20000200; *(uint64_t*)0x20000200 = 0x20000280; *(uint64_t*)0x20000208 = 0; *(uint64_t*)0x20004298 = 1; *(uint64_t*)0x200042a0 = 0x20000340; *(uint64_t*)0x20000340 = 0x10; *(uint32_t*)0x20000348 = 0x117; *(uint32_t*)0x2000034c = 0xfd; *(uint64_t*)0x20000350 = 0x10; *(uint32_t*)0x20000358 = 0x19d; *(uint32_t*)0x2000035c = 1; *(uint64_t*)0x20000360 = 0x10; *(uint32_t*)0x20000368 = 0x105; *(uint32_t*)0x2000036c = 8; *(uint64_t*)0x20000370 = 0x10; *(uint32_t*)0x20000378 = 0x102; *(uint32_t*)0x2000037c = 0x5db; *(uint64_t*)0x20000380 = 0x10; *(uint32_t*)0x20000388 = 0x10f; *(uint32_t*)0x2000038c = 0x8000; *(uint64_t*)0x20000390 = 0x10; *(uint32_t*)0x20000398 = 0x11d; *(uint32_t*)0x2000039c = 4; *(uint64_t*)0x200042a8 = 0x60; *(uint32_t*)0x200042b0 = 0x810; *(uint32_t*)0x200042b8 = 7; *(uint64_t*)0x200042c0 = 0x20000600; *(uint16_t*)0x20000600 = 0x1f; *(uint8_t*)0x20000602 = 5; *(uint8_t*)0x20000603 = 0xe8; *(uint8_t*)0x20000604 = 0; *(uint8_t*)0x20000605 = 0; *(uint8_t*)0x20000606 = 8; *(uint8_t*)0x20000607 = 4; *(uint8_t*)0x20000608 = 0; *(uint32_t*)0x200042c8 = 0x80; *(uint64_t*)0x200042d0 = 0x20000a00; *(uint64_t*)0x20000a00 = 0x20000680; *(uint64_t*)0x20000a08 = 0; *(uint64_t*)0x20000a10 = 0x20000700; *(uint64_t*)0x20000a18 = 0; *(uint64_t*)0x20000a20 = 0x20000780; *(uint64_t*)0x20000a28 = 0; *(uint64_t*)0x20000a30 = 0x20000840; *(uint64_t*)0x20000a38 = 0; *(uint64_t*)0x20000a40 = 0x20000880; *(uint64_t*)0x20000a48 = 0; *(uint64_t*)0x20000a50 = 0x20000900; *(uint64_t*)0x20000a58 = 0; *(uint64_t*)0x200042d8 = 6; *(uint64_t*)0x200042e0 = 0x20000a80; *(uint64_t*)0x20000a80 = 0x10; *(uint32_t*)0x20000a88 = 0x11f; *(uint32_t*)0x20000a8c = 0x101; *(uint64_t*)0x20000a90 = 0x10; *(uint32_t*)0x20000a98 = 0; *(uint32_t*)0x20000a9c = 0x40; *(uint64_t*)0x20000aa0 = 0x10; *(uint32_t*)0x20000aa8 = 0x10b; *(uint32_t*)0x20000aac = 7; *(uint64_t*)0x20000ab0 = 0x10; *(uint32_t*)0x20000ab8 = 0x10b; *(uint32_t*)0x20000abc = 1; *(uint64_t*)0x20000ac0 = 0x10; *(uint32_t*)0x20000ac8 = 0x108; *(uint32_t*)0x20000acc = 0x88; *(uint64_t*)0x200042e8 = 0x50; *(uint32_t*)0x200042f0 = 0x20008000; *(uint32_t*)0x200042f8 = 8; *(uint64_t*)0x20004300 = 0x20002cc0; *(uint16_t*)0x20002cc0 = 0x1f; *(uint16_t*)0x20002cc2 = 0; *(uint8_t*)0x20002cc4 = 0x29; *(uint8_t*)0x20002cc5 = 4; *(uint8_t*)0x20002cc6 = 0x4f; *(uint8_t*)0x20002cc7 = 0x7f; *(uint8_t*)0x20002cc8 = 0x4e; *(uint8_t*)0x20002cc9 = 0x3f; *(uint16_t*)0x20002cca = 0; *(uint8_t*)0x20002ccc = 0; *(uint32_t*)0x20004308 = 0x80; *(uint64_t*)0x20004310 = 0x200041c0; *(uint64_t*)0x200041c0 = 0x20002d40; *(uint64_t*)0x200041c8 = 0; *(uint64_t*)0x200041d0 = 0x20002d80; *(uint64_t*)0x200041d8 = 0; *(uint64_t*)0x200041e0 = 0x20002e80; *(uint64_t*)0x200041e8 = 0; *(uint64_t*)0x200041f0 = 0x20003e80; *(uint64_t*)0x200041f8 = 0; *(uint64_t*)0x20004200 = 0x20003f40; *(uint64_t*)0x20004208 = 0; *(uint64_t*)0x20004210 = 0x20003f80; *(uint64_t*)0x20004218 = 0; *(uint64_t*)0x20004220 = 0x20003fc0; *(uint64_t*)0x20004228 = 0; *(uint64_t*)0x20004230 = 0x20004080; *(uint64_t*)0x20004238 = 0; *(uint64_t*)0x20004240 = 0x20004100; *(uint64_t*)0x20004248 = 0; *(uint64_t*)0x20004318 = 9; *(uint64_t*)0x20004320 = 0; *(uint64_t*)0x20004328 = 0; *(uint32_t*)0x20004330 = 0x800; *(uint32_t*)0x20004338 = 0x10; syscall(__NR_sendmmsg, r[0], 0x20004280, 3, 0x20000014); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }