// https://syzkaller.appspot.com/bug?id=54f4ce6239e6e0d0d5583488421c6fa3ba7ed6b4 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include static void test(); void loop() { while (1) { test(); } } long r[1]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0x10, 3, 6); *(uint64_t*)0x2000b000 = 0x2000f000; *(uint32_t*)0x2000b008 = 0xc; *(uint64_t*)0x2000b010 = 0x205a6ff0; *(uint64_t*)0x2000b018 = 1; *(uint64_t*)0x2000b020 = 0; *(uint64_t*)0x2000b028 = 0; *(uint32_t*)0x2000b030 = 0; *(uint16_t*)0x2000f000 = 0x10; *(uint16_t*)0x2000f002 = 0; *(uint32_t*)0x2000f004 = 0; *(uint32_t*)0x2000f008 = 0; *(uint64_t*)0x205a6ff0 = 0x202b2e9c; *(uint64_t*)0x205a6ff8 = 0x160; *(uint32_t*)0x202b2e9c = 0x160; *(uint16_t*)0x202b2ea0 = 0x10; *(uint16_t*)0x202b2ea2 = 0x713; *(uint32_t*)0x202b2ea4 = 0; *(uint32_t*)0x202b2ea8 = 0; *(uint8_t*)0x202b2eac = 0; *(uint8_t*)0x202b2ead = 0; *(uint8_t*)0x202b2eae = 0; *(uint8_t*)0x202b2eaf = 0; *(uint8_t*)0x202b2eb0 = 0; *(uint8_t*)0x202b2eb1 = 0; *(uint8_t*)0x202b2eb2 = 0; *(uint8_t*)0x202b2eb3 = 0; *(uint8_t*)0x202b2eb4 = 0; *(uint8_t*)0x202b2eb5 = 0; *(uint8_t*)0x202b2eb6 = 0; *(uint8_t*)0x202b2eb7 = 0; *(uint8_t*)0x202b2eb8 = 0; *(uint8_t*)0x202b2eb9 = 0; *(uint8_t*)0x202b2eba = 0; *(uint8_t*)0x202b2ebb = 0; *(uint32_t*)0x202b2ebc = htobe32(0xe0000002); *(uint16_t*)0x202b2ecc = 0; *(uint16_t*)0x202b2ece = htobe16(0); *(uint16_t*)0x202b2ed0 = 0; *(uint16_t*)0x202b2ed2 = htobe16(0); *(uint16_t*)0x202b2ed4 = 0; *(uint8_t*)0x202b2ed6 = 0; *(uint8_t*)0x202b2ed7 = 0; *(uint8_t*)0x202b2ed8 = 0; *(uint32_t*)0x202b2edc = 0; *(uint32_t*)0x202b2ee0 = 0; *(uint8_t*)0x202b2ee4 = 0xfe; *(uint8_t*)0x202b2ee5 = 0x80; *(uint8_t*)0x202b2ee6 = 0; *(uint8_t*)0x202b2ee7 = 0; *(uint8_t*)0x202b2ee8 = 0; *(uint8_t*)0x202b2ee9 = 0; *(uint8_t*)0x202b2eea = 0; *(uint8_t*)0x202b2eeb = 0; *(uint8_t*)0x202b2eec = 0; *(uint8_t*)0x202b2eed = 0; *(uint8_t*)0x202b2eee = 0; *(uint8_t*)0x202b2eef = 0; *(uint8_t*)0x202b2ef0 = 0; *(uint8_t*)0x202b2ef1 = 0; *(uint8_t*)0x202b2ef2 = 0; *(uint8_t*)0x202b2ef3 = 0; *(uint32_t*)0x202b2ef4 = 0; *(uint8_t*)0x202b2ef8 = 0x6c; *(uint64_t*)0x202b2efc = htobe64(0); *(uint64_t*)0x202b2f04 = htobe64(1); *(uint64_t*)0x202b2f0c = 0; *(uint64_t*)0x202b2f14 = 0; *(uint64_t*)0x202b2f1c = 0; *(uint64_t*)0x202b2f24 = 0; *(uint64_t*)0x202b2f2c = 0; *(uint64_t*)0x202b2f34 = 0; *(uint64_t*)0x202b2f3c = 0; *(uint64_t*)0x202b2f44 = 0; *(uint64_t*)0x202b2f4c = 0; *(uint64_t*)0x202b2f54 = 0; *(uint64_t*)0x202b2f5c = 0; *(uint64_t*)0x202b2f64 = 0; *(uint32_t*)0x202b2f6c = 0; *(uint32_t*)0x202b2f70 = 0; *(uint32_t*)0x202b2f74 = 0; *(uint32_t*)0x202b2f78 = 0; *(uint32_t*)0x202b2f7c = 0; *(uint16_t*)0x202b2f80 = 2; *(uint8_t*)0x202b2f82 = 0; *(uint8_t*)0x202b2f83 = 0; *(uint8_t*)0x202b2f84 = 0; *(uint16_t*)0x202b2f8c = 0x28; *(uint16_t*)0x202b2f8e = 9; *(uint64_t*)0x202b2f94 = 0; *(uint64_t*)0x202b2f9c = 0; *(uint64_t*)0x202b2fa4 = 0; *(uint64_t*)0x202b2fac = 0; *(uint16_t*)0x202b2fb4 = 0x48; *(uint16_t*)0x202b2fb6 = 3; memcpy((void*)0x202b2fb8, "\x64\x65\x66\x6c\x61\x74\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64); *(uint32_t*)0x202b2ff8 = 0; syscall(__NR_sendmsg, r[0], 0x2000b000, 0); } int main() { for (;;) { loop(); } }