// https://syzkaller.appspot.com/bug?id=004b0f7b61d4901cbfecfc33de7996e8cbe0a278 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0x2b, 1, 0); if (res != -1) r[0] = res; *(uint64_t*)0x20001800 = 0x20000080; *(uint16_t*)0x20000080 = 2; *(uint16_t*)0x20000082 = htobe16(0x4e20); *(uint32_t*)0x20000084 = htobe32(0x7f000001); *(uint8_t*)0x20000088 = 0; *(uint8_t*)0x20000089 = 0; *(uint8_t*)0x2000008a = 0; *(uint8_t*)0x2000008b = 0; *(uint8_t*)0x2000008c = 0; *(uint8_t*)0x2000008d = 0; *(uint8_t*)0x2000008e = 0; *(uint8_t*)0x2000008f = 0; *(uint32_t*)0x20001808 = 0x80; *(uint64_t*)0x20001810 = 0x20001380; *(uint64_t*)0x20001380 = 0x20000100; *(uint64_t*)0x20001388 = 0; *(uint64_t*)0x20001390 = 0x20000180; *(uint64_t*)0x20001398 = 0; *(uint64_t*)0x200013a0 = 0x20001180; *(uint64_t*)0x200013a8 = 0; *(uint64_t*)0x200013b0 = 0x20001200; *(uint64_t*)0x200013b8 = 0; *(uint64_t*)0x200013c0 = 0x20001240; *(uint64_t*)0x200013c8 = 0; *(uint64_t*)0x200013d0 = 0x20001300; *(uint64_t*)0x200013d8 = 0; *(uint64_t*)0x20001818 = 6; *(uint64_t*)0x20001820 = 0x20001400; *(uint64_t*)0x20001400 = 0x10; *(uint32_t*)0x20001408 = 0x29; *(uint32_t*)0x2000140c = 0x401; *(uint64_t*)0x20001410 = 0x10; *(uint32_t*)0x20001418 = 0x11; *(uint32_t*)0x2000141c = 4; *(uint64_t*)0x20001420 = 0x10; *(uint32_t*)0x20001428 = 0x117; *(uint32_t*)0x2000142c = 0x401; *(uint64_t*)0x20001430 = 0x10; *(uint32_t*)0x20001438 = 7; *(uint32_t*)0x2000143c = 5; *(uint64_t*)0x20001440 = 0x10; *(uint32_t*)0x20001448 = 0x3a; *(uint32_t*)0x2000144c = 0x662; *(uint64_t*)0x20001450 = 0x10; *(uint32_t*)0x20001458 = 0x116; *(uint32_t*)0x2000145c = 0xfffffffd; *(uint64_t*)0x20001828 = 0x60; *(uint32_t*)0x20001830 = 0x20000000; syscall(__NR_sendmsg, r[0], 0x20001800, 0x24000080); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }