// https://syzkaller.appspot.com/bug?id=54f4ce6239e6e0d0d5583488421c6fa3ba7ed6b4 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include static void test(); void loop() { while (1) { test(); } } long r[1]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0xf, 3, 2); *(uint64_t*)0x20abdfc8 = 0; *(uint32_t*)0x20abdfd0 = 0; *(uint64_t*)0x20abdfd8 = 0x208feff0; *(uint64_t*)0x20abdfe0 = 1; *(uint64_t*)0x20abdfe8 = 0; *(uint64_t*)0x20abdff0 = 0; *(uint32_t*)0x20abdff8 = 0; *(uint64_t*)0x208feff0 = 0x201dcf48; *(uint64_t*)0x208feff8 = 0xb0; *(uint8_t*)0x201dcf48 = 2; *(uint8_t*)0x201dcf49 = 3; *(uint8_t*)0x201dcf4a = 0; *(uint8_t*)0x201dcf4b = 9; *(uint16_t*)0x201dcf4c = 0x16; *(uint16_t*)0x201dcf4e = 0; *(uint32_t*)0x201dcf50 = 0; *(uint32_t*)0x201dcf54 = 0; *(uint16_t*)0x201dcf58 = 4; *(uint16_t*)0x201dcf5a = 3; *(uint32_t*)0x201dcf5c = 0; *(uint64_t*)0x201dcf60 = 0; *(uint64_t*)0x201dcf68 = 0; *(uint64_t*)0x201dcf70 = 0; *(uint16_t*)0x201dcf78 = 5; *(uint16_t*)0x201dcf7a = 6; *(uint8_t*)0x201dcf7c = 0; *(uint8_t*)0x201dcf7d = 0; *(uint16_t*)0x201dcf7e = 0; *(uint16_t*)0x201dcf80 = 0xa; *(uint16_t*)0x201dcf82 = 0; *(uint32_t*)0x201dcf84 = 0; *(uint8_t*)0x201dcf88 = 0; *(uint8_t*)0x201dcf89 = 0; *(uint8_t*)0x201dcf8a = 0; *(uint8_t*)0x201dcf8b = 0; *(uint8_t*)0x201dcf8c = 0; *(uint8_t*)0x201dcf8d = 0; *(uint8_t*)0x201dcf8e = 0; *(uint8_t*)0x201dcf8f = 0; *(uint8_t*)0x201dcf90 = 0; *(uint8_t*)0x201dcf91 = 0; *(uint8_t*)0x201dcf92 = 0; *(uint8_t*)0x201dcf93 = 0; *(uint8_t*)0x201dcf94 = 0; *(uint8_t*)0x201dcf95 = 0; *(uint8_t*)0x201dcf96 = 0; *(uint8_t*)0x201dcf97 = 0; *(uint32_t*)0x201dcf98 = 0; *(uint16_t*)0x201dcfa0 = 4; *(uint16_t*)0x201dcfa2 = 4; *(uint32_t*)0x201dcfa4 = 0x80000001; *(uint64_t*)0x201dcfa8 = 0; *(uint64_t*)0x201dcfb0 = 0; *(uint64_t*)0x201dcfb8 = 0; *(uint16_t*)0x201dcfc0 = 2; *(uint16_t*)0x201dcfc2 = 1; *(uint32_t*)0x201dcfc4 = 0; *(uint8_t*)0x201dcfc8 = 0; *(uint8_t*)0x201dcfc9 = 0; *(uint8_t*)0x201dcfca = 0; *(uint8_t*)0x201dcfcb = 2; *(uint32_t*)0x201dcfcc = 0; *(uint16_t*)0x201dcfd0 = 5; *(uint16_t*)0x201dcfd2 = 5; *(uint8_t*)0x201dcfd4 = 0; *(uint8_t*)0x201dcfd5 = 0; *(uint16_t*)0x201dcfd6 = 0; *(uint16_t*)0x201dcfd8 = 0xa; *(uint16_t*)0x201dcfda = 0; *(uint32_t*)0x201dcfdc = 0; *(uint8_t*)0x201dcfe0 = 0xfe; *(uint8_t*)0x201dcfe1 = 0x80; *(uint8_t*)0x201dcfe2 = 0; *(uint8_t*)0x201dcfe3 = 0; *(uint8_t*)0x201dcfe4 = 0; *(uint8_t*)0x201dcfe5 = 0; *(uint8_t*)0x201dcfe6 = 0; *(uint8_t*)0x201dcfe7 = 0; *(uint8_t*)0x201dcfe8 = 0; *(uint8_t*)0x201dcfe9 = 0; *(uint8_t*)0x201dcfea = 0; *(uint8_t*)0x201dcfeb = 0; *(uint8_t*)0x201dcfec = 0; *(uint8_t*)0x201dcfed = 0; *(uint8_t*)0x201dcfee = 0; *(uint8_t*)0x201dcfef = 0xaa; *(uint32_t*)0x201dcff0 = 0; syscall(__NR_sendmsg, r[0], 0x20abdfc8, 0); } int main() { for (;;) { loop(); } }