// https://syzkaller.appspot.com/bug?id=f9c94b10e49ae0433f27c4838c7e0f0a321606f5 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; res = syscall(__NR_socket, 0x10, 3, 6); if (res != -1) r[0] = res; *(uint64_t*)0x20000140 = 0x203c7ff4; *(uint16_t*)0x203c7ff4 = 0x10; *(uint16_t*)0x203c7ff6 = 0; *(uint32_t*)0x203c7ff8 = 0; *(uint32_t*)0x203c7ffc = 0; *(uint32_t*)0x20000148 = 0xc; *(uint64_t*)0x20000150 = 0x200bfff0; *(uint64_t*)0x200bfff0 = 0x20000040; *(uint32_t*)0x20000040 = 0xb8; *(uint16_t*)0x20000044 = 0x19; *(uint16_t*)0x20000046 = 1; *(uint32_t*)0x20000048 = 0; *(uint32_t*)0x2000004c = 0; *(uint8_t*)0x20000050 = -1; *(uint8_t*)0x20000051 = 1; *(uint8_t*)0x20000052 = 0; *(uint8_t*)0x20000053 = 0; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; *(uint8_t*)0x20000056 = 0; *(uint8_t*)0x20000057 = 0; *(uint8_t*)0x20000058 = 0; *(uint8_t*)0x20000059 = 0; *(uint8_t*)0x2000005a = 0; *(uint8_t*)0x2000005b = 0; *(uint8_t*)0x2000005c = 0; *(uint8_t*)0x2000005d = 0; *(uint8_t*)0x2000005e = 0; *(uint8_t*)0x2000005f = 1; *(uint32_t*)0x20000060 = htobe32(0xe0000001); *(uint16_t*)0x20000070 = htobe16(0); *(uint16_t*)0x20000072 = htobe16(0); *(uint16_t*)0x20000074 = htobe16(0); *(uint16_t*)0x20000076 = htobe16(0); *(uint16_t*)0x20000078 = 0xa; *(uint8_t*)0x2000007a = 0; *(uint8_t*)0x2000007b = 0; *(uint8_t*)0x2000007c = 0; *(uint32_t*)0x20000080 = 0; *(uint32_t*)0x20000084 = 0; *(uint64_t*)0x20000088 = 0; *(uint64_t*)0x20000090 = 0; *(uint64_t*)0x20000098 = 0; *(uint64_t*)0x200000a0 = 0; *(uint64_t*)0x200000a8 = 0; *(uint64_t*)0x200000b0 = 0; *(uint64_t*)0x200000b8 = 0; *(uint64_t*)0x200000c0 = 0; *(uint64_t*)0x200000c8 = 0; *(uint64_t*)0x200000d0 = 0; *(uint64_t*)0x200000d8 = 0; *(uint64_t*)0x200000e0 = 0; *(uint32_t*)0x200000e8 = 0; *(uint32_t*)0x200000ec = 0; *(uint8_t*)0x200000f0 = 0; *(uint8_t*)0x200000f1 = 0; *(uint8_t*)0x200000f2 = 0; *(uint8_t*)0x200000f3 = 0; *(uint64_t*)0x200bfff8 = 0x11f; *(uint64_t*)0x20000158 = 1; *(uint64_t*)0x20000160 = 0; *(uint64_t*)0x20000168 = 0; *(uint32_t*)0x20000170 = 0; syscall(__NR_sendmsg, r[0], 0x20000140, 0); res = syscall(__NR_socket, 0xa, 0x80002, 0x88); if (res != -1) r[1] = res; *(uint16_t*)0x20000240 = 0xa; *(uint16_t*)0x20000242 = htobe16(0x4e23); *(uint32_t*)0x20000244 = 0; *(uint8_t*)0x20000248 = 0; *(uint8_t*)0x20000249 = 0; *(uint8_t*)0x2000024a = 0; *(uint8_t*)0x2000024b = 0; *(uint8_t*)0x2000024c = 0; *(uint8_t*)0x2000024d = 0; *(uint8_t*)0x2000024e = 0; *(uint8_t*)0x2000024f = 0; *(uint8_t*)0x20000250 = 0; *(uint8_t*)0x20000251 = 0; *(uint8_t*)0x20000252 = 0; *(uint8_t*)0x20000253 = 0; *(uint8_t*)0x20000254 = 0; *(uint8_t*)0x20000255 = 0; *(uint8_t*)0x20000256 = 0; *(uint8_t*)0x20000257 = 0; *(uint32_t*)0x20000258 = 0; syscall(__NR_bind, r[1], 0x20000240, 0x1c); *(uint16_t*)0x20000440 = 0xa; *(uint16_t*)0x20000442 = htobe16(0x4e23); *(uint32_t*)0x20000444 = 0; *(uint8_t*)0x20000448 = -1; *(uint8_t*)0x20000449 = 2; *(uint8_t*)0x2000044a = 0; *(uint8_t*)0x2000044b = 0; *(uint8_t*)0x2000044c = 0; *(uint8_t*)0x2000044d = 0; *(uint8_t*)0x2000044e = 0; *(uint8_t*)0x2000044f = 0; *(uint8_t*)0x20000450 = 0; *(uint8_t*)0x20000451 = 0; *(uint8_t*)0x20000452 = 0; *(uint8_t*)0x20000453 = 0; *(uint8_t*)0x20000454 = 0; *(uint8_t*)0x20000455 = 0; *(uint8_t*)0x20000456 = 0; *(uint8_t*)0x20000457 = 1; *(uint32_t*)0x20000458 = 0; syscall(__NR_sendto, r[1], 0x20000000, 0, 0x4058080, 0x20000440, 0x1c); *(uint16_t*)0x20000040 = 0xa; *(uint16_t*)0x20000042 = htobe16(0); *(uint32_t*)0x20000044 = 0; *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 0; *(uint8_t*)0x2000004c = 0; *(uint8_t*)0x2000004d = 0; *(uint8_t*)0x2000004e = 0; *(uint8_t*)0x2000004f = 0; *(uint8_t*)0x20000050 = 0; *(uint8_t*)0x20000051 = 0; *(uint8_t*)0x20000052 = 0; *(uint8_t*)0x20000053 = 0; *(uint8_t*)0x20000054 = 0; *(uint8_t*)0x20000055 = 0; *(uint8_t*)0x20000056 = 0; *(uint8_t*)0x20000057 = 0; *(uint32_t*)0x20000058 = 0; syscall(__NR_sendto, r[1], 0x20000200, 0, 0, 0x20000040, 0x1c); return 0; }