// https://syzkaller.appspot.com/bug?id=36eeca0fd5b1fdb7c87dac212c3be2c0c40a5dde // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include static void test(); void loop() { while (1) { test(); } } long r[2]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0x10, 3, 6); *(uint64_t*)0x2009e000 = 0x2001dff4; *(uint32_t*)0x2009e008 = 0xc; *(uint64_t*)0x2009e010 = 0x20012000; *(uint64_t*)0x2009e018 = 1; *(uint64_t*)0x2009e020 = 0; *(uint64_t*)0x2009e028 = 0; *(uint32_t*)0x2009e030 = 0; *(uint16_t*)0x2001dff4 = 0x10; *(uint16_t*)0x2001dff6 = 0; *(uint32_t*)0x2001dff8 = 0; *(uint32_t*)0x2001dffc = 0; *(uint64_t*)0x20012000 = 0x2009ed80; *(uint64_t*)0x20012008 = 0xcc; *(uint32_t*)0x2009ed80 = 0xcc; *(uint16_t*)0x2009ed84 = 0x1b; *(uint16_t*)0x2009ed86 = 0x305; *(uint32_t*)0x2009ed88 = 0x70bd25; *(uint32_t*)0x2009ed8c = 0x25dfdbfb; *(uint32_t*)0x2009ed90 = htobe32(0xe0000001); *(uint8_t*)0x2009eda0 = 0xac; *(uint8_t*)0x2009eda1 = 0x14; *(uint8_t*)0x2009eda2 = 0; *(uint8_t*)0x2009eda3 = 0xaa; *(uint16_t*)0x2009edb0 = htobe16(0x4e20); *(uint16_t*)0x2009edb2 = 0; *(uint16_t*)0x2009edb4 = htobe16(0x4e20); *(uint16_t*)0x2009edb6 = 0; *(uint16_t*)0x2009edb8 = 0; *(uint8_t*)0x2009edba = 0; *(uint8_t*)0x2009edbb = 0; *(uint8_t*)0x2009edbc = 0; *(uint32_t*)0x2009edc0 = 0; *(uint32_t*)0x2009edc4 = 0; *(uint64_t*)0x2009edc8 = 0; *(uint64_t*)0x2009edd0 = 0; *(uint64_t*)0x2009edd8 = 0; *(uint64_t*)0x2009ede0 = 0; *(uint64_t*)0x2009ede8 = 0; *(uint64_t*)0x2009edf0 = 0; *(uint64_t*)0x2009edf8 = 0; *(uint64_t*)0x2009ee00 = 0; *(uint64_t*)0x2009ee08 = 0; *(uint64_t*)0x2009ee10 = 0; *(uint64_t*)0x2009ee18 = 0; *(uint64_t*)0x2009ee20 = 0; *(uint32_t*)0x2009ee28 = 0; *(uint32_t*)0x2009ee2c = 0x6e6bb0; *(uint8_t*)0x2009ee30 = 0; *(uint8_t*)0x2009ee31 = 0; *(uint8_t*)0x2009ee32 = 0; *(uint8_t*)0x2009ee33 = 0; *(uint8_t*)0x2009ee38 = 0; *(uint16_t*)0x2009ee3c = 0x10; *(uint16_t*)0x2009ee3e = 8; *(uint16_t*)0x2009ee40 = 0xc; *(uint16_t*)0x2009ee42 = 8; *(uint8_t*)0x2009ee44 = 0; *(uint8_t*)0x2009ee45 = 0; *(uint16_t*)0x2009ee46 = 4; memcpy((void*)0x2009ee48, "\xbd\x51\x28\xb4", 4); syscall(__NR_sendmsg, r[0], 0x2009e000, 0); r[1] = syscall(__NR_socket, 0x10, 3, 6); *(uint64_t*)0x204e5fc8 = 0x2009eff4; *(uint32_t*)0x204e5fd0 = 0xc; *(uint64_t*)0x204e5fd8 = 0x202bf000; *(uint64_t*)0x204e5fe0 = 1; *(uint64_t*)0x204e5fe8 = 0; *(uint64_t*)0x204e5ff0 = 0; *(uint32_t*)0x204e5ff8 = 0; *(uint16_t*)0x2009eff4 = 0x10; *(uint16_t*)0x2009eff6 = 0; *(uint32_t*)0x2009eff8 = 0; *(uint32_t*)0x2009effc = 0; *(uint64_t*)0x202bf000 = 0x20417000; *(uint64_t*)0x202bf008 = 0xc4; *(uint32_t*)0x20417000 = 0xc4; *(uint16_t*)0x20417004 = 0x19; *(uint16_t*)0x20417006 = 1; *(uint32_t*)0x20417008 = 0x70bd25; *(uint32_t*)0x2041700c = 0x25dfdbfb; *(uint32_t*)0x20417010 = htobe32(0xe0000002); *(uint32_t*)0x20417020 = htobe32(0xe0000001); *(uint16_t*)0x20417030 = htobe16(0x4e20); *(uint16_t*)0x20417032 = 0; *(uint16_t*)0x20417034 = htobe16(0x4e20); *(uint16_t*)0x20417036 = 0; *(uint16_t*)0x20417038 = 2; *(uint8_t*)0x2041703a = 0; *(uint8_t*)0x2041703b = 0; *(uint8_t*)0x2041703c = 0; *(uint32_t*)0x20417040 = 0; *(uint32_t*)0x20417044 = 0; *(uint64_t*)0x20417048 = 0; *(uint64_t*)0x20417050 = 0; *(uint64_t*)0x20417058 = 0; *(uint64_t*)0x20417060 = 0; *(uint64_t*)0x20417068 = 0; *(uint64_t*)0x20417070 = 0; *(uint64_t*)0x20417078 = 0; *(uint64_t*)0x20417080 = 0; *(uint64_t*)0x20417088 = 0; *(uint64_t*)0x20417090 = 0; *(uint64_t*)0x20417098 = 0; *(uint64_t*)0x204170a0 = 0; *(uint32_t*)0x204170a8 = 0; *(uint32_t*)0x204170ac = 0x6e6bb0; *(uint8_t*)0x204170b0 = 0; *(uint8_t*)0x204170b1 = 0; *(uint8_t*)0x204170b2 = 0; *(uint8_t*)0x204170b3 = 0; *(uint16_t*)0x204170b8 = 0xc; *(uint16_t*)0x204170ba = 0x10; *(uint8_t*)0x204170bc = 0; *(uint16_t*)0x204170be = 0; *(uint8_t*)0x204170c0 = 0; syscall(__NR_sendmsg, r[1], 0x204e5fc8, 0); } int main() { for (;;) { loop(); } }