// https://syzkaller.appspot.com/bug?id=a743c25030c86d41c8b2cf6a0651603155c48245 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include long r[1]; void loop() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0x10, 3, 6); *(uint64_t*)0x2014f000 = 0x203c7ff4; *(uint32_t*)0x2014f008 = 0xc; *(uint64_t*)0x2014f010 = 0x20bd7000; *(uint64_t*)0x2014f018 = 1; *(uint64_t*)0x2014f020 = 0; *(uint64_t*)0x2014f028 = 0; *(uint32_t*)0x2014f030 = 0; *(uint16_t*)0x203c7ff4 = 0x10; *(uint16_t*)0x203c7ff6 = 0; *(uint32_t*)0x203c7ff8 = 0; *(uint32_t*)0x203c7ffc = 0; *(uint64_t*)0x20bd7000 = 0x20c07e98; *(uint64_t*)0x20bd7008 = 0x154; *(uint32_t*)0x20c07e98 = 0x154; *(uint16_t*)0x20c07e9c = 0x10; *(uint16_t*)0x20c07e9e = 0x713; *(uint32_t*)0x20c07ea0 = 0; *(uint32_t*)0x20c07ea4 = 0; *(uint8_t*)0x20c07ea8 = 0xfe; *(uint8_t*)0x20c07ea9 = 0x80; *(uint8_t*)0x20c07eaa = 0; *(uint8_t*)0x20c07eab = 0; *(uint8_t*)0x20c07eac = 0; *(uint8_t*)0x20c07ead = 0; *(uint8_t*)0x20c07eae = 0; *(uint8_t*)0x20c07eaf = 0; *(uint8_t*)0x20c07eb0 = 0; *(uint8_t*)0x20c07eb1 = 0; *(uint8_t*)0x20c07eb2 = 0; *(uint8_t*)0x20c07eb3 = 0; *(uint8_t*)0x20c07eb4 = 0; *(uint8_t*)0x20c07eb5 = 0; *(uint8_t*)0x20c07eb6 = 0; *(uint8_t*)0x20c07eb7 = 0xaa; *(uint8_t*)0x20c07eb8 = 0; *(uint8_t*)0x20c07eb9 = 0; *(uint8_t*)0x20c07eba = 0; *(uint8_t*)0x20c07ebb = 0; *(uint8_t*)0x20c07ebc = 0; *(uint8_t*)0x20c07ebd = 0; *(uint8_t*)0x20c07ebe = 0; *(uint8_t*)0x20c07ebf = 0; *(uint8_t*)0x20c07ec0 = 0; *(uint8_t*)0x20c07ec1 = 0; *(uint8_t*)0x20c07ec2 = -1; *(uint8_t*)0x20c07ec3 = -1; *(uint8_t*)0x20c07ec4 = 0xac; *(uint8_t*)0x20c07ec5 = 0x14; *(uint8_t*)0x20c07ec6 = 0; *(uint8_t*)0x20c07ec7 = 0xaa; *(uint16_t*)0x20c07ec8 = htobe16(0x4e20); *(uint16_t*)0x20c07eca = htobe16(0); *(uint16_t*)0x20c07ecc = 0; *(uint16_t*)0x20c07ece = htobe16(0); *(uint16_t*)0x20c07ed0 = 0; *(uint8_t*)0x20c07ed2 = 0; *(uint8_t*)0x20c07ed3 = 0; *(uint8_t*)0x20c07ed4 = 0; *(uint32_t*)0x20c07ed8 = 0; *(uint32_t*)0x20c07edc = 0; *(uint8_t*)0x20c07ee0 = 0; *(uint8_t*)0x20c07ee1 = 0; *(uint8_t*)0x20c07ee2 = 0; *(uint8_t*)0x20c07ee3 = 0; *(uint8_t*)0x20c07ee4 = 0; *(uint8_t*)0x20c07ee5 = 0; *(uint8_t*)0x20c07ee6 = 0; *(uint8_t*)0x20c07ee7 = 0; *(uint8_t*)0x20c07ee8 = 0; *(uint8_t*)0x20c07ee9 = 0; *(uint8_t*)0x20c07eea = 0; *(uint8_t*)0x20c07eeb = 0; *(uint8_t*)0x20c07eec = 0; *(uint8_t*)0x20c07eed = 0; *(uint8_t*)0x20c07eee = 0; *(uint8_t*)0x20c07eef = 0; *(uint32_t*)0x20c07ef0 = 0; *(uint8_t*)0x20c07ef4 = 0x33; *(uint32_t*)0x20c07ef8 = htobe32(-1); *(uint64_t*)0x20c07f08 = 0; *(uint64_t*)0x20c07f10 = 0; *(uint64_t*)0x20c07f18 = 0; *(uint64_t*)0x20c07f20 = 0; *(uint64_t*)0x20c07f28 = 0; *(uint64_t*)0x20c07f30 = 0; *(uint64_t*)0x20c07f38 = 0; *(uint64_t*)0x20c07f40 = 0; *(uint64_t*)0x20c07f48 = 0; *(uint64_t*)0x20c07f50 = 0; *(uint64_t*)0x20c07f58 = 0; *(uint64_t*)0x20c07f60 = 0; *(uint32_t*)0x20c07f68 = 0; *(uint32_t*)0x20c07f6c = 0; *(uint32_t*)0x20c07f70 = 0; *(uint32_t*)0x20c07f74 = 0; *(uint32_t*)0x20c07f78 = 0; *(uint16_t*)0x20c07f7c = 0xa; *(uint8_t*)0x20c07f7e = 0; *(uint8_t*)0x20c07f7f = 0; *(uint8_t*)0x20c07f80 = 0; *(uint16_t*)0x20c07f88 = 0x1c; *(uint16_t*)0x20c07f8a = 0x17; *(uint32_t*)0x20c07f8c = 0xfffffd69; *(uint32_t*)0x20c07f90 = 0; *(uint32_t*)0x20c07f94 = 0; *(uint32_t*)0x20c07f98 = 0; *(uint32_t*)0x20c07f9c = 0; *(uint32_t*)0x20c07fa0 = 4; *(uint16_t*)0x20c07fa4 = 0x48; *(uint16_t*)0x20c07fa6 = 1; memcpy((void*)0x20c07fa8, "\x6d\x64\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64); *(uint32_t*)0x20c07fe8 = 0; syscall(__NR_sendmsg, r[0], 0x2014f000, 0); } int main() { loop(); return 0; }