// https://syzkaller.appspot.com/bug?id=2ba02045eb5dbeb12c20b68c462f4866fed8c949 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); intptr_t res = 0; *(uint64_t*)0x20001980 = 0; *(uint32_t*)0x20001988 = 0; *(uint64_t*)0x20001990 = 0; *(uint64_t*)0x20001998 = 0; *(uint64_t*)0x200019a0 = 0x200018c0; *(uint64_t*)0x200018c0 = 0x1c; *(uint32_t*)0x200018c8 = 1; *(uint32_t*)0x200018cc = 2; *(uint32_t*)0x200018d0 = 0; *(uint32_t*)0x200018d4 = 0; *(uint32_t*)0x200018d8 = 0xee01; *(uint64_t*)0x200019a8 = 0x20; *(uint32_t*)0x200019b0 = 0; syscall(__NR_sendmsg, -1, 0x20001980ul, 0ul); res = syscall(__NR_socket, 0xaul, 1ul, 0); if (res != -1) r[0] = res; *(uint32_t*)0x20000000 = 1; syscall(__NR_setsockopt, r[0], 6, 0x13, 0x20000000ul, 4ul); *(uint16_t*)0x20000200 = 0xa; *(uint16_t*)0x20000202 = htobe16(0); *(uint32_t*)0x20000204 = htobe32(0); *(uint64_t*)0x20000208 = htobe64(0); *(uint64_t*)0x20000210 = htobe64(1); *(uint32_t*)0x20000218 = 0; syscall(__NR_connect, r[0], 0x20000200ul, 0x1cul); memcpy((void*)0x200000c0, "tls\000", 4); syscall(__NR_setsockopt, r[0], 6, 0x1f, 0x200000c0ul, 4ul); *(uint16_t*)0x20000080 = 0x303; *(uint16_t*)0x20000082 = 0x33; memcpy((void*)0x20000084, "\xe6\x4a\x4a\x44\xf8\x5b\x84\x62", 8); memcpy((void*)0x2000008c, "\xac\x14\x69\x84\x0b\x90\xeb\xec\x29\xec\xf3\x22\x9c\xea\x7f\x40", 16); memcpy((void*)0x2000009c, "\x03\xc9\x23\x33", 4); memcpy((void*)0x200000a0, "\xec\xb9\xb5\x8d\xf4\xc3\x60\x43", 8); syscall(__NR_setsockopt, r[0], 0x11a, 1, 0x20000080ul, 0x28ul); *(uint64_t*)0x20001500 = 0x20000040; memset((void*)0x20000040, 185, 1); *(uint64_t*)0x20001508 = 0x3fe3; syscall(__NR_writev, r[0], 0x20001500ul, 0x41ul); return 0; }