// https://syzkaller.appspot.com/bug?id=2431068eb52548f20447545f1948b727e87e720a // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; memcpy((void*)0x20000080, "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00" "\x86\xdd\x60\x0a\x8f\x50\xce\x50\xa0\x9c\x00\x08" "\x00\x00\xfe\x92\x2f\x5a\x01\x75\x44\x62\xb2\x1f" "\x30\x80\x4c\x64\x62\x7a\xca", 43); *(uint32_t*)0x20000040 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0; *(uint32_t*)0x2000004c = 0; *(uint32_t*)0x20000050 = 0; *(uint32_t*)0x20000054 = 0; res = syscall(__NR_socket, 0xa, 2, 0); if (res != -1) r[0] = res; memcpy((void*)0x20000100, "\x76\x65\x74\x68\x31\x5f\x74\x6f\x5f\x74\x65\x61\x6d\x00\x00\x00", 16); *(uint64_t*)0x20000110 = 0x200000c0; memcpy((void*)0x200000c0, "\xff\xff\x00\x00\x00\x00\x00\x89\xb4\x23\x96\x8e" "\x45\x04\x00\x00\x00\x00\x00\x00\x60", 21); syscall(__NR_ioctl, -1, 0x8946, 0x20000100); *(uint32_t*)0x20000080 = 0; syscall(__NR_setsockopt, r[0], 0, 0x40, 0x20000080, 4); return 0; }