// https://syzkaller.appspot.com/bug?id=d204aaca3ac260c553e053c566b529f350ea6454 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include static void execute_one(); extern unsigned long long procid; void loop() { while (1) { execute_one(); } } #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_socket #define __NR_socket 359 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_sendto #define __NR_sendto 369 #endif #ifndef __NR_ioctl #define __NR_ioctl 54 #endif #ifndef __NR_getresgid #define __NR_getresgid 171 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[1] = {0xffffffffffffffff}; void execute_one() { long res = 0; res = syscall(__NR_socket, 2, 5, 0x84); if (res != -1) r[0] = res; syscall(__NR_setsockopt, r[0], 0x84, 0x6e, 0x20000140, 0x694a8837); *(uint16_t*)0x200005c0 = 0xa; *(uint16_t*)0x200005c2 = htobe16(0x4e20); *(uint32_t*)0x200005c4 = 0x7ff; *(uint8_t*)0x200005c8 = -1; *(uint8_t*)0x200005c9 = 1; *(uint8_t*)0x200005ca = 0; *(uint8_t*)0x200005cb = 0; *(uint8_t*)0x200005cc = 0; *(uint8_t*)0x200005cd = 0; *(uint8_t*)0x200005ce = 0; *(uint8_t*)0x200005cf = 0; *(uint8_t*)0x200005d0 = 0; *(uint8_t*)0x200005d1 = 0; *(uint8_t*)0x200005d2 = 0; *(uint8_t*)0x200005d3 = 0; *(uint8_t*)0x200005d4 = 0; *(uint8_t*)0x200005d5 = 0; *(uint8_t*)0x200005d6 = 0; *(uint8_t*)0x200005d7 = 1; *(uint32_t*)0x200005d8 = 0x400; syscall(__NR_sendto, -1, 0x200004c0, 0, 0x4008000, 0x200005c0, 0x80); syscall(__NR_ioctl, -1, 0x5460, 0x20000640); syscall(__NR_getresgid, 0x20000600, 0x20000640, 0x20000680); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); for (;;) { loop(); } }