// https://syzkaller.appspot.com/bug?id=004b0f7b61d4901cbfecfc33de7996e8cbe0a278 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0x2b, 0x801, 0); if (res != -1) r[0] = res; *(uint64_t*)0x20001d00 = 0x20001980; *(uint16_t*)0x20001980 = 0x10; *(uint16_t*)0x20001982 = 0; *(uint32_t*)0x20001984 = 0; *(uint32_t*)0x20001988 = 0; *(uint32_t*)0x20001d08 = 0xc; *(uint64_t*)0x20001d10 = 0x20001cc0; *(uint64_t*)0x20001cc0 = 0x20001b80; *(uint32_t*)0x20001b80 = 0x104; *(uint16_t*)0x20001b84 = 0; *(uint16_t*)0x20001b86 = 0x300; *(uint32_t*)0x20001b88 = 0x70bd2d; *(uint32_t*)0x20001b8c = 0x25dfdbff; *(uint8_t*)0x20001b90 = 9; *(uint8_t*)0x20001b91 = 0; *(uint16_t*)0x20001b92 = 0; *(uint16_t*)0x20001b94 = 0x44; *(uint16_t*)0x20001b96 = 2; *(uint16_t*)0x20001b98 = 8; *(uint16_t*)0x20001b9a = 5; *(uint32_t*)0x20001b9c = 0xffffffc1; *(uint16_t*)0x20001ba0 = 8; *(uint16_t*)0x20001ba2 = 7; *(uint32_t*)0x20001ba4 = 0x3ff; *(uint16_t*)0x20001ba8 = 8; *(uint16_t*)0x20001baa = 3; *(uint16_t*)0x20001bac = 1; *(uint16_t*)0x20001bb0 = 8; *(uint16_t*)0x20001bb2 = 6; *(uint32_t*)0x20001bb4 = 0x1000; *(uint16_t*)0x20001bb8 = 8; *(uint16_t*)0x20001bba = 5; *(uint32_t*)0x20001bbc = 9; *(uint16_t*)0x20001bc0 = 8; *(uint16_t*)0x20001bc2 = 6; *(uint32_t*)0x20001bc4 = 0x10000; *(uint16_t*)0x20001bc8 = 8; *(uint16_t*)0x20001bca = 3; *(uint16_t*)0x20001bcc = 2; *(uint16_t*)0x20001bd0 = 8; *(uint16_t*)0x20001bd2 = 3; *(uint16_t*)0x20001bd4 = 2; *(uint16_t*)0x20001bd8 = 8; *(uint16_t*)0x20001bda = 4; *(uint32_t*)0x20001bdc = 4; *(uint16_t*)0x20001be0 = 0x34; *(uint16_t*)0x20001be2 = 2; *(uint16_t*)0x20001be4 = 8; *(uint16_t*)0x20001be6 = 0xb; *(uint16_t*)0x20001be8 = 2; *(uint16_t*)0x20001bec = 8; *(uint16_t*)0x20001bee = 9; *(uint32_t*)0x20001bf0 = 8; *(uint16_t*)0x20001bf4 = 8; *(uint16_t*)0x20001bf6 = 4; *(uint32_t*)0x20001bf8 = 2; *(uint16_t*)0x20001bfc = 8; *(uint16_t*)0x20001bfe = 9; *(uint32_t*)0x20001c00 = 0xff; *(uint16_t*)0x20001c04 = 8; *(uint16_t*)0x20001c06 = 8; *(uint32_t*)0x20001c08 = 0x7f; *(uint16_t*)0x20001c0c = 8; *(uint16_t*)0x20001c0e = 9; *(uint32_t*)0x20001c10 = 0xfff; *(uint16_t*)0x20001c14 = 0x28; *(uint16_t*)0x20001c16 = 1; *(uint16_t*)0x20001c18 = 0x14; *(uint16_t*)0x20001c1a = 3; *(uint32_t*)0x20001c1c = htobe32(0); *(uint16_t*)0x20001c2c = 8; *(uint16_t*)0x20001c2e = 6; memcpy((void*)0x20001c30, "wrr", 4); *(uint16_t*)0x20001c34 = 8; *(uint16_t*)0x20001c36 = 0xb; memcpy((void*)0x20001c38, "sip", 4); *(uint16_t*)0x20001c3c = 0x14; *(uint16_t*)0x20001c3e = 1; *(uint16_t*)0x20001c40 = 8; *(uint16_t*)0x20001c42 = 2; *(uint16_t*)0x20001c44 = 0x2f; *(uint16_t*)0x20001c48 = 8; *(uint16_t*)0x20001c4a = 1; *(uint16_t*)0x20001c4c = 0xa; *(uint16_t*)0x20001c50 = 8; *(uint16_t*)0x20001c52 = 5; *(uint32_t*)0x20001c54 = 0x7f; *(uint16_t*)0x20001c58 = 0x20; *(uint16_t*)0x20001c5a = 2; *(uint16_t*)0x20001c5c = 0x14; *(uint16_t*)0x20001c5e = 1; *(uint8_t*)0x20001c60 = -1; *(uint8_t*)0x20001c61 = 1; *(uint8_t*)0x20001c62 = 0; *(uint8_t*)0x20001c63 = 0; *(uint8_t*)0x20001c64 = 0; *(uint8_t*)0x20001c65 = 0; *(uint8_t*)0x20001c66 = 0; *(uint8_t*)0x20001c67 = 0; *(uint8_t*)0x20001c68 = 0; *(uint8_t*)0x20001c69 = 0; *(uint8_t*)0x20001c6a = 0; *(uint8_t*)0x20001c6b = 0; *(uint8_t*)0x20001c6c = 0; *(uint8_t*)0x20001c6d = 0; *(uint8_t*)0x20001c6e = 0; *(uint8_t*)0x20001c6f = 1; *(uint16_t*)0x20001c70 = 8; *(uint16_t*)0x20001c72 = 3; *(uint16_t*)0x20001c74 = 1; *(uint16_t*)0x20001c78 = 0xc; *(uint16_t*)0x20001c7a = 1; *(uint16_t*)0x20001c7c = 8; *(uint16_t*)0x20001c7e = 0xb; memcpy((void*)0x20001c80, "sip", 4); *(uint64_t*)0x20001cc8 = 0x104; *(uint64_t*)0x20001d18 = 1; *(uint64_t*)0x20001d20 = 0; *(uint64_t*)0x20001d28 = 0; *(uint32_t*)0x20001d30 = 0x800; syscall(__NR_sendmsg, r[0], 0x20001d00, 0x20008054); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }