// https://syzkaller.appspot.com/bug?id=004b0f7b61d4901cbfecfc33de7996e8cbe0a278 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0x2b, 0x801, 0); if (res != -1) r[0] = res; *(uint64_t*)0x20000d80 = 0x20000940; *(uint16_t*)0x20000940 = 2; *(uint16_t*)0x20000942 = htobe16(0x4e21); *(uint32_t*)0x20000944 = htobe32(0xe0000002); *(uint8_t*)0x20000948 = 0; *(uint8_t*)0x20000949 = 0; *(uint8_t*)0x2000094a = 0; *(uint8_t*)0x2000094b = 0; *(uint8_t*)0x2000094c = 0; *(uint8_t*)0x2000094d = 0; *(uint8_t*)0x2000094e = 0; *(uint8_t*)0x2000094f = 0; *(uint32_t*)0x20000d88 = 0x10; *(uint64_t*)0x20000d90 = 0x20000a80; *(uint64_t*)0x20000a80 = 0x20000980; *(uint64_t*)0x20000a88 = 0; *(uint64_t*)0x20000d98 = 1; *(uint64_t*)0x20000da0 = 0x20000c80; *(uint64_t*)0x20000c80 = 0x18; *(uint32_t*)0x20000c88 = 0x84; *(uint32_t*)0x20000c8c = 0; *(uint16_t*)0x20000c90 = 1; *(uint16_t*)0x20000c92 = 1; *(uint16_t*)0x20000c94 = 0x3ff; *(uint16_t*)0x20000c96 = 4; *(uint64_t*)0x20000c98 = 0x18; *(uint32_t*)0x20000ca0 = 0x84; *(uint32_t*)0x20000ca4 = 5; *(uint16_t*)0x20000ca8 = 0; *(uint32_t*)0x20000cac = 0x895; *(uint64_t*)0x20000cb0 = 0x20; *(uint32_t*)0x20000cb8 = 0x84; *(uint32_t*)0x20000cbc = 8; *(uint8_t*)0x20000cc0 = 0xfe; *(uint8_t*)0x20000cc1 = 0x80; *(uint8_t*)0x20000cc2 = 0; *(uint8_t*)0x20000cc3 = 0; *(uint8_t*)0x20000cc4 = 0; *(uint8_t*)0x20000cc5 = 0; *(uint8_t*)0x20000cc6 = 0; *(uint8_t*)0x20000cc7 = 0; *(uint8_t*)0x20000cc8 = 0; *(uint8_t*)0x20000cc9 = 0; *(uint8_t*)0x20000cca = 0; *(uint8_t*)0x20000ccb = 0; *(uint8_t*)0x20000ccc = 0; *(uint8_t*)0x20000ccd = 0; *(uint8_t*)0x20000cce = 0; *(uint8_t*)0x20000ccf = 0xbb; *(uint64_t*)0x20000cd0 = 0x30; *(uint32_t*)0x20000cd8 = 0x84; *(uint32_t*)0x20000cdc = 1; *(uint16_t*)0x20000ce0 = 1; *(uint16_t*)0x20000ce2 = 0x8000; *(uint16_t*)0x20000ce4 = 0x8000; *(uint32_t*)0x20000ce8 = 0x31e; *(uint32_t*)0x20000cec = 0; *(uint32_t*)0x20000cf0 = 6; *(uint32_t*)0x20000cf4 = 0x8001; *(uint32_t*)0x20000cf8 = 2; *(uint32_t*)0x20000cfc = 0; *(uint64_t*)0x20000d00 = 0x20; *(uint32_t*)0x20000d08 = 0x84; *(uint32_t*)0x20000d0c = 2; *(uint16_t*)0x20000d10 = 0xada; *(uint16_t*)0x20000d12 = 0x4368; *(uint32_t*)0x20000d14 = 9; *(uint32_t*)0x20000d18 = 5; *(uint32_t*)0x20000d1c = 0; *(uint64_t*)0x20000d20 = 0x18; *(uint32_t*)0x20000d28 = 0x84; *(uint32_t*)0x20000d2c = 5; *(uint16_t*)0x20000d30 = 0; *(uint32_t*)0x20000d34 = 5; *(uint64_t*)0x20000d38 = 0x18; *(uint32_t*)0x20000d40 = 0x84; *(uint32_t*)0x20000d44 = 7; *(uint8_t*)0x20000d48 = 0xac; *(uint8_t*)0x20000d49 = 0x14; *(uint8_t*)0x20000d4a = 0x14; *(uint8_t*)0x20000d4b = 0xaa; *(uint64_t*)0x20000da8 = 0xd0; *(uint32_t*)0x20000db0 = 0; syscall(__NR_sendmsg, r[0], 0x20000d80, 0x20000001); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }