// https://syzkaller.appspot.com/bug?id=5dc0ef7e00db7ce7b45a9a3737f61f9b11c559aa // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include long r[1]; void loop() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0x10, 3, 0); memcpy((void*)0x20f67000, "\x9a\xdc\x01\xce", 4); syscall(__NR_setsockopt, r[0], 0x10e, 0xb, 0x20f67000, 4); *(uint64_t*)0x201dcfc8 = 0x20c19ffd; *(uint32_t*)0x201dcfd0 = 0xc; *(uint64_t*)0x201dcfd8 = 0x2078dfc0; *(uint64_t*)0x201dcfe0 = 4; *(uint64_t*)0x201dcfe8 = 0x20000000; *(uint64_t*)0x201dcff0 = 0; *(uint32_t*)0x201dcff8 = 0x80; *(uint16_t*)0x20c19ffd = 0x10; *(uint16_t*)0x20c19fff = 0; *(uint32_t*)0x20c1a001 = 0; *(uint32_t*)0x20c1a005 = 4; *(uint64_t*)0x2078dfc0 = 0x2046c000; *(uint64_t*)0x2078dfc8 = 0x1b8; *(uint64_t*)0x2078dfd0 = 0x20fc5000; *(uint64_t*)0x2078dfd8 = 0x16c; *(uint64_t*)0x2078dfe0 = 0x20618e90; *(uint64_t*)0x2078dfe8 = 0xc8; *(uint64_t*)0x2078dff0 = 0x20093000; *(uint64_t*)0x2078dff8 = 0xb0; *(uint32_t*)0x2046c000 = 0x9c; *(uint16_t*)0x2046c004 = 0x13; *(uint16_t*)0x2046c006 = 0x201; *(uint32_t*)0x2046c008 = 0x70bd2c; *(uint32_t*)0x2046c00c = 0x25dfdbfd; *(uint16_t*)0x2046c010 = 0xc; *(uint16_t*)0x2046c012 = 2; memcpy((void*)0x2046c018, ".", 2); *(uint16_t*)0x2046c01c = 4; *(uint16_t*)0x2046c01e = 0x74; *(uint16_t*)0x2046c020 = 0xc; *(uint16_t*)0x2046c022 = 0x46; *(uint16_t*)0x2046c024 = 4; *(uint16_t*)0x2046c026 = 0x52; *(uint16_t*)0x2046c028 = 4; *(uint16_t*)0x2046c02a = 0x36; *(uint16_t*)0x2046c02c = 0xc; *(uint16_t*)0x2046c02e = 0x78; *(uint32_t*)0x2046c034 = 0; *(uint16_t*)0x2046c038 = 0x1c; *(uint16_t*)0x2046c03a = 0x52; *(uint16_t*)0x2046c03c = 0xc; *(uint16_t*)0x2046c03e = 0x65; memcpy((void*)0x2046c044, "%%", 3); *(uint16_t*)0x2046c048 = 8; *(uint16_t*)0x2046c04a = 0; *(uint16_t*)0x2046c050 = 4; *(uint16_t*)0x2046c052 = 0x49; *(uint16_t*)0x2046c054 = 0xc; *(uint16_t*)0x2046c056 = 0x7d; *(uint32_t*)0x2046c05c = 0; *(uint16_t*)0x2046c060 = 0x20; *(uint16_t*)0x2046c062 = 0x64; *(uint16_t*)0x2046c064 = 4; *(uint16_t*)0x2046c066 = 0x81; *(uint16_t*)0x2046c068 = 0xc; *(uint16_t*)0x2046c06a = 0x1e; *(uint32_t*)0x2046c070 = r[0]; *(uint16_t*)0x2046c074 = 4; *(uint16_t*)0x2046c076 = 0x48; *(uint16_t*)0x2046c078 = 4; *(uint16_t*)0x2046c07a = 0x24; *(uint16_t*)0x2046c07c = 4; *(uint16_t*)0x2046c07e = 0x8c; *(uint16_t*)0x2046c080 = 0x1c; *(uint16_t*)0x2046c082 = 3; *(uint16_t*)0x2046c084 = 0x18; *(uint16_t*)0x2046c086 = 0x95; memcpy((void*)0x2046c08c, "\x76\x62\x6f\x78\x6e\x65\x74\x31\x28\x65\x74\x68\x31\x1c\x00", 15); *(uint32_t*)0x2046c09c = 0x14; *(uint16_t*)0x2046c0a0 = 0x31; *(uint16_t*)0x2046c0a2 = 1; *(uint32_t*)0x2046c0a4 = 0x70bd26; *(uint32_t*)0x2046c0a8 = 0x25dfdbfb; *(uint16_t*)0x2046c0ac = 4; *(uint16_t*)0x2046c0ae = 0x70; *(uint32_t*)0x2046c0b0 = 0x64; *(uint16_t*)0x2046c0b4 = 0x2e; *(uint16_t*)0x2046c0b6 = 0x900; *(uint32_t*)0x2046c0b8 = 0x70bd27; *(uint32_t*)0x2046c0bc = 0x25dfdbfe; *(uint16_t*)0x2046c0c0 = 8; *(uint16_t*)0x2046c0c2 = 0x55; *(uint16_t*)0x2046c0c8 = 0x18; *(uint16_t*)0x2046c0ca = 0x45; *(uint16_t*)0x2046c0cc = 0xc; *(uint16_t*)0x2046c0ce = 0x8f; *(uint32_t*)0x2046c0d4 = 0; *(uint16_t*)0x2046c0d8 = 8; *(uint16_t*)0x2046c0da = 0x30; *(uint16_t*)0x2046c0e0 = 0x1c; *(uint16_t*)0x2046c0e2 = 0x6e; *(uint16_t*)0x2046c0e4 = 0xc; *(uint16_t*)0x2046c0e6 = 0xe; *(uint32_t*)0x2046c0ec = r[0]; *(uint16_t*)0x2046c0f0 = 0xc; *(uint16_t*)0x2046c0f2 = 0x17; *(uint32_t*)0x2046c0f8 = 0; *(uint16_t*)0x2046c0fc = 0x10; *(uint16_t*)0x2046c0fe = 0x50; *(uint64_t*)0x2046c104 = 1; *(uint16_t*)0x2046c10c = 4; *(uint16_t*)0x2046c10e = 0x36; *(uint16_t*)0x2046c110 = 4; *(uint16_t*)0x2046c112 = 0x41; *(uint32_t*)0x2046c114 = 0x78; *(uint16_t*)0x2046c118 = 0x27; *(uint16_t*)0x2046c11a = 0x324; *(uint32_t*)0x2046c11c = 0x70bd2a; *(uint32_t*)0x2046c120 = 0x25dfdbfc; *(uint16_t*)0x2046c124 = 8; *(uint16_t*)0x2046c126 = 0x88; *(uint16_t*)0x2046c128 = 4; *(uint16_t*)0x2046c12a = 0x93; *(uint16_t*)0x2046c12c = 8; *(uint16_t*)0x2046c12e = 0x8b; *(uint16_t*)0x2046c134 = 4; *(uint16_t*)0x2046c136 = 0x30; *(uint16_t*)0x2046c138 = 0x44; *(uint16_t*)0x2046c13a = 0x67; *(uint16_t*)0x2046c13c = 0x28; *(uint16_t*)0x2046c13e = 0x4d; memcpy((void*)0x2046c144, "-userppp1vboxnet1ppp1trusted&", 30); *(uint16_t*)0x2046c164 = 0xc; *(uint16_t*)0x2046c166 = 0x3a; *(uint32_t*)0x2046c16c = 7; *(uint16_t*)0x2046c170 = 0xc; *(uint16_t*)0x2046c172 = 0x45; *(uint32_t*)0x2046c178 = 0x3138; *(uint16_t*)0x2046c17c = 4; *(uint16_t*)0x2046c17e = 0x17; *(uint16_t*)0x2046c180 = 0xc; *(uint16_t*)0x2046c182 = 0x18; *(uint32_t*)0x2046c188 = 0x58f; *(uint32_t*)0x2046c18c = 0x2c; *(uint16_t*)0x2046c190 = 0x1c; *(uint16_t*)0x2046c192 = 1; *(uint32_t*)0x2046c194 = 0x70bd26; *(uint32_t*)0x2046c198 = 0x25dfdbfc; *(uint16_t*)0x2046c19c = 0x1c; *(uint16_t*)0x2046c19e = 0x55; *(uint16_t*)0x2046c1a0 = 4; *(uint16_t*)0x2046c1a2 = 0x23; *(uint16_t*)0x2046c1a4 = 0xc; *(uint16_t*)0x2046c1a6 = 0x7c; *(uint32_t*)0x2046c1ac = 0; *(uint16_t*)0x2046c1b0 = 8; *(uint16_t*)0x2046c1b2 = 0x87; *(uint32_t*)0x20fc5000 = 0x20; *(uint16_t*)0x20fc5004 = 0x29; *(uint16_t*)0x20fc5006 = 0x204; *(uint32_t*)0x20fc5008 = 0x70bd25; *(uint32_t*)0x20fc500c = 0x25dfdbfc; *(uint16_t*)0x20fc5010 = 0x10; *(uint16_t*)0x20fc5012 = 0x33; *(uint64_t*)0x20fc5018 = 1; *(uint32_t*)0x20fc5020 = 0x18; *(uint16_t*)0x20fc5024 = 0x33; *(uint16_t*)0x20fc5026 = 0x100; *(uint32_t*)0x20fc5028 = 0x70bd26; *(uint32_t*)0x20fc502c = 0x25dfdbfd; *(uint16_t*)0x20fc5030 = 4; *(uint16_t*)0x20fc5032 = 0x7c; *(uint16_t*)0x20fc5034 = 4; *(uint16_t*)0x20fc5036 = 0x6c; *(uint32_t*)0x20fc5038 = 0x68; *(uint16_t*)0x20fc503c = 0x42; *(uint16_t*)0x20fc503e = 0xc02; *(uint32_t*)0x20fc5040 = 0x70bd27; *(uint32_t*)0x20fc5044 = 0x25dfdbfc; *(uint16_t*)0x20fc5048 = 0x1c; *(uint16_t*)0x20fc504a = 4; *(uint16_t*)0x20fc504c = 4; *(uint16_t*)0x20fc504e = 0x16; *(uint16_t*)0x20fc5050 = 0xc; *(uint16_t*)0x20fc5052 = 0x74; *(uint32_t*)0x20fc5058 = 0; *(uint16_t*)0x20fc505c = 4; *(uint16_t*)0x20fc505e = 0x86; *(uint16_t*)0x20fc5060 = 4; *(uint16_t*)0x20fc5062 = 0x38; *(uint16_t*)0x20fc5064 = 0x3c; *(uint16_t*)0x20fc5066 = 0x59; *(uint16_t*)0x20fc5068 = 0xc; *(uint16_t*)0x20fc506a = 0x4f; *(uint32_t*)0x20fc5070 = r[0]; *(uint16_t*)0x20fc5074 = 8; *(uint16_t*)0x20fc5076 = 0x15; *(uint16_t*)0x20fc507c = 4; *(uint16_t*)0x20fc507e = 0x73; *(uint16_t*)0x20fc5080 = 4; *(uint16_t*)0x20fc5082 = 0x35; *(uint16_t*)0x20fc5084 = 0xc; *(uint16_t*)0x20fc5086 = 0x53; *(uint32_t*)0x20fc508c = 0; *(uint16_t*)0x20fc5090 = 0x10; *(uint16_t*)0x20fc5092 = 0x4c; *(uint64_t*)0x20fc5098 = 8; *(uint32_t*)0x20fc50a0 = 0x10; *(uint16_t*)0x20fc50a4 = 0x16; *(uint16_t*)0x20fc50a6 = 0x600; *(uint32_t*)0x20fc50a8 = 0x70bd2b; *(uint32_t*)0x20fc50ac = 0x25dfdbfd; *(uint32_t*)0x20fc50b0 = 0x20; *(uint16_t*)0x20fc50b4 = 0x15; *(uint16_t*)0x20fc50b6 = 0x2d; *(uint32_t*)0x20fc50b8 = 0x70bd25; *(uint32_t*)0x20fc50bc = 0x25dfdbfe; *(uint16_t*)0x20fc50c0 = 4; *(uint16_t*)0x20fc50c2 = 0x32; *(uint16_t*)0x20fc50c4 = 0xc; *(uint16_t*)0x20fc50c6 = 0x80; *(uint32_t*)0x20fc50cc = r[0]; *(uint32_t*)0x20fc50d0 = 0x14; *(uint16_t*)0x20fc50d4 = 0x3a; *(uint16_t*)0x20fc50d6 = 0x100; *(uint32_t*)0x20fc50d8 = 0x70bd26; *(uint32_t*)0x20fc50dc = 0x25dfdbfb; *(uint16_t*)0x20fc50e0 = 4; *(uint16_t*)0x20fc50e2 = 0x1d; *(uint32_t*)0x20fc50e4 = 0x34; *(uint16_t*)0x20fc50e8 = 0x2b; *(uint16_t*)0x20fc50ea = 0x210; *(uint32_t*)0x20fc50ec = 0x70bd28; *(uint32_t*)0x20fc50f0 = 0x25dfdbfd; *(uint16_t*)0x20fc50f4 = 8; *(uint16_t*)0x20fc50f6 = 0x35; *(uint16_t*)0x20fc50f8 = 4; *(uint16_t*)0x20fc50fa = 0x3e; *(uint16_t*)0x20fc50fc = 0xc; *(uint16_t*)0x20fc50fe = 0; *(uint32_t*)0x20fc5104 = 0; *(uint16_t*)0x20fc5108 = 0xc; *(uint16_t*)0x20fc510a = 0x6c; memcpy((void*)0x20fc5110, "", 1); *(uint16_t*)0x20fc5114 = 4; *(uint16_t*)0x20fc5116 = 0x82; *(uint32_t*)0x20fc5118 = 0x54; *(uint16_t*)0x20fc511c = 0x38; *(uint16_t*)0x20fc511e = 0x400; *(uint32_t*)0x20fc5120 = 0x70bd2a; *(uint32_t*)0x20fc5124 = 0x25dfdbfb; *(uint16_t*)0x20fc5128 = 0xc; *(uint16_t*)0x20fc512a = 0x85; *(uint32_t*)0x20fc5130 = 0; *(uint16_t*)0x20fc5134 = 0xc; *(uint16_t*)0x20fc5136 = 0x45; *(uint32_t*)0x20fc513c = 0; *(uint16_t*)0x20fc5140 = 0x18; *(uint16_t*)0x20fc5142 = 0x48; *(uint16_t*)0x20fc5144 = 4; *(uint16_t*)0x20fc5146 = 0x2e; *(uint16_t*)0x20fc5148 = 0x10; *(uint16_t*)0x20fc514a = 0x8f; *(uint64_t*)0x20fc5150 = 5; *(uint16_t*)0x20fc5158 = 4; *(uint16_t*)0x20fc515a = 0x72; *(uint16_t*)0x20fc515c = 0x10; *(uint16_t*)0x20fc515e = 0x93; *(uint16_t*)0x20fc5160 = 0xc; *(uint16_t*)0x20fc5162 = 0x60; *(uint32_t*)0x20fc5168 = r[0]; *(uint32_t*)0x20618e90 = 0x14; *(uint16_t*)0x20618e94 = 0x1d; *(uint16_t*)0x20618e96 = 0x401; *(uint32_t*)0x20618e98 = 0x70bd25; *(uint32_t*)0x20618e9c = 0x25dfdbfc; *(uint16_t*)0x20618ea0 = 4; *(uint16_t*)0x20618ea2 = 0x6a; *(uint32_t*)0x20618ea4 = 0x4c; *(uint16_t*)0x20618ea8 = 0x3f; *(uint16_t*)0x20618eaa = 0xd08; *(uint32_t*)0x20618eac = 0x70bd26; *(uint32_t*)0x20618eb0 = 0x25dfdbfb; *(uint16_t*)0x20618eb4 = 0x20; *(uint16_t*)0x20618eb6 = 0x74; *(uint16_t*)0x20618eb8 = 4; *(uint16_t*)0x20618eba = 0x32; *(uint16_t*)0x20618ebc = 0xc; *(uint16_t*)0x20618ebe = 0x14; *(uint32_t*)0x20618ec4 = 0; *(uint16_t*)0x20618ec8 = 0xc; *(uint16_t*)0x20618eca = 0x90; *(uint32_t*)0x20618ed0 = r[0]; *(uint16_t*)0x20618ed4 = 4; *(uint16_t*)0x20618ed6 = 0x21; *(uint16_t*)0x20618ed8 = 4; *(uint16_t*)0x20618eda = 0x39; *(uint16_t*)0x20618edc = 0xc; *(uint16_t*)0x20618ede = 0x6a; *(uint32_t*)0x20618ee4 = 0; *(uint16_t*)0x20618ee8 = 8; *(uint16_t*)0x20618eea = 0x1b; *(uint32_t*)0x20618ef0 = 0x1c; *(uint16_t*)0x20618ef4 = 0x2d; *(uint16_t*)0x20618ef6 = 0x800; *(uint32_t*)0x20618ef8 = 0x70bd2c; *(uint32_t*)0x20618efc = 0x25dfdbfb; *(uint16_t*)0x20618f00 = 0xc; *(uint16_t*)0x20618f02 = 0x6f; *(uint32_t*)0x20618f08 = 0; *(uint32_t*)0x20618f0c = 0x2c; *(uint16_t*)0x20618f10 = 0x2c; *(uint16_t*)0x20618f12 = 0x100; *(uint32_t*)0x20618f14 = 0x70bd25; *(uint32_t*)0x20618f18 = 0x25dfdbfe; *(uint16_t*)0x20618f1c = 0x10; *(uint16_t*)0x20618f1e = 0x62; *(uint64_t*)0x20618f24 = 4; *(uint16_t*)0x20618f2c = 0xc; *(uint16_t*)0x20618f2e = 0x15; *(uint32_t*)0x20618f34 = 0; *(uint32_t*)0x20618f38 = 0x20; *(uint16_t*)0x20618f3c = 0x33; *(uint16_t*)0x20618f3e = 0x12; *(uint32_t*)0x20618f40 = 0x70bd2c; *(uint32_t*)0x20618f44 = 0x25dfdbfc; *(uint16_t*)0x20618f48 = 0xc; *(uint16_t*)0x20618f4a = 0x37; *(uint32_t*)0x20618f50 = 0x7fff; *(uint16_t*)0x20618f54 = 4; *(uint16_t*)0x20618f56 = 0x92; *(uint32_t*)0x20093000 = 0x20; *(uint16_t*)0x20093004 = 0x12; *(uint16_t*)0x20093006 = 4; *(uint32_t*)0x20093008 = 0x70bd2b; *(uint32_t*)0x2009300c = 0x25dfdbfe; *(uint16_t*)0x20093010 = 4; *(uint16_t*)0x20093012 = 0xb; *(uint16_t*)0x20093014 = 4; *(uint16_t*)0x20093016 = 4; *(uint16_t*)0x20093018 = 4; *(uint16_t*)0x2009301a = 0x28; *(uint16_t*)0x2009301c = 4; *(uint16_t*)0x2009301e = 0x93; *(uint32_t*)0x20093020 = 0x7c; *(uint16_t*)0x20093024 = 0x3b; *(uint16_t*)0x20093026 = 0xd08; *(uint32_t*)0x20093028 = 0x70bd28; *(uint32_t*)0x2009302c = 0x25dfdbfc; *(uint16_t*)0x20093030 = 0x10; *(uint16_t*)0x20093032 = 9; *(uint64_t*)0x20093038 = 0xffffffffffffffc0; *(uint16_t*)0x20093040 = 8; *(uint16_t*)0x20093042 = 1; *(uint16_t*)0x20093048 = 0xc; *(uint16_t*)0x2009304a = 0x78; *(uint32_t*)0x20093050 = 0; *(uint16_t*)0x20093054 = 0xc; *(uint16_t*)0x20093056 = 0x42; memcpy((void*)0x2009305c, "", 1); *(uint16_t*)0x20093060 = 0x18; *(uint16_t*)0x20093062 = 0x69; *(uint16_t*)0x20093064 = 4; *(uint16_t*)0x20093066 = 0x5b; *(uint16_t*)0x20093068 = 0xc; *(uint16_t*)0x2009306a = 0x12; *(uint32_t*)0x20093070 = 0; *(uint16_t*)0x20093074 = 4; *(uint16_t*)0x20093076 = 0x3a; *(uint16_t*)0x20093078 = 0x1c; *(uint16_t*)0x2009307a = 0x7b; memcpy((void*)0x20093080, "!em0self}selinux", 17); *(uint16_t*)0x20093094 = 8; *(uint16_t*)0x20093096 = 9; *(uint32_t*)0x2009309c = 0x14; *(uint16_t*)0x200930a0 = 0x2d; *(uint16_t*)0x200930a2 = 0x200; *(uint32_t*)0x200930a4 = 0x70bd29; *(uint32_t*)0x200930a8 = 0x25dfdbfd; *(uint16_t*)0x200930ac = 4; *(uint16_t*)0x200930ae = 0x90; syscall(__NR_sendmsg, r[0], 0x201dcfc8, 0x8800); } int main() { loop(); return 0; }