// https://syzkaller.appspot.com/bug?id=3f7deb7eef7977c9e3b39565cd48fe0a6f316ba0 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include long r[1]; void loop() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xb70000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0x10, 3, 6); *(uint64_t*)0x20004000 = 0x20003ff4; *(uint32_t*)0x20004008 = 0xc; *(uint64_t*)0x20004010 = 0x20004ff0; *(uint64_t*)0x20004018 = 1; *(uint64_t*)0x20004020 = 0; *(uint64_t*)0x20004028 = 0; *(uint32_t*)0x20004030 = 0; *(uint16_t*)0x20003ff4 = 0x10; *(uint16_t*)0x20003ff6 = 0; *(uint32_t*)0x20003ff8 = 0; *(uint32_t*)0x20003ffc = 0; *(uint64_t*)0x20004ff0 = 0x20577000; *(uint64_t*)0x20004ff8 = 0x144; *(uint32_t*)0x20577000 = 0x144; *(uint16_t*)0x20577004 = 0x1a; *(uint16_t*)0x20577006 = 1; *(uint32_t*)0x20577008 = 0x70bd25; *(uint32_t*)0x2057700c = 0x25dfdbfb; *(uint8_t*)0x20577010 = 0xfe; *(uint8_t*)0x20577011 = 0x80; *(uint8_t*)0x20577012 = 0; *(uint8_t*)0x20577013 = 0; *(uint8_t*)0x20577014 = 0; *(uint8_t*)0x20577015 = 0; *(uint8_t*)0x20577016 = 0; *(uint8_t*)0x20577017 = 0; *(uint8_t*)0x20577018 = 0; *(uint8_t*)0x20577019 = 0; *(uint8_t*)0x2057701a = 0; *(uint8_t*)0x2057701b = 0; *(uint8_t*)0x2057701c = 0; *(uint8_t*)0x2057701d = 0; *(uint8_t*)0x2057701e = 0; *(uint8_t*)0x2057701f = 0xaa; *(uint8_t*)0x20577020 = 0xfe; *(uint8_t*)0x20577021 = 0x80; *(uint8_t*)0x20577022 = 0; *(uint8_t*)0x20577023 = 0; *(uint8_t*)0x20577024 = 0; *(uint8_t*)0x20577025 = 0; *(uint8_t*)0x20577026 = 0; *(uint8_t*)0x20577027 = 0; *(uint8_t*)0x20577028 = 0; *(uint8_t*)0x20577029 = 0; *(uint8_t*)0x2057702a = 0; *(uint8_t*)0x2057702b = 0; *(uint8_t*)0x2057702c = 0; *(uint8_t*)0x2057702d = 0; *(uint8_t*)0x2057702e = 0; *(uint8_t*)0x2057702f = 0xaa; *(uint16_t*)0x20577030 = htobe16(0x4e20); *(uint16_t*)0x20577032 = 0; *(uint16_t*)0x20577034 = htobe16(0x4e20); *(uint16_t*)0x20577036 = 0; *(uint16_t*)0x20577038 = 0; *(uint8_t*)0x2057703a = 0; *(uint8_t*)0x2057703b = 0; *(uint8_t*)0x2057703c = 0; *(uint32_t*)0x20577040 = 0; *(uint32_t*)0x20577044 = 0; *(uint8_t*)0x20577048 = 0; *(uint8_t*)0x20577049 = 0; *(uint8_t*)0x2057704a = 0; *(uint8_t*)0x2057704b = 0; *(uint8_t*)0x2057704c = 0; *(uint8_t*)0x2057704d = 0; *(uint8_t*)0x2057704e = 0; *(uint8_t*)0x2057704f = 0; *(uint8_t*)0x20577050 = 0; *(uint8_t*)0x20577051 = 0; *(uint8_t*)0x20577052 = -1; *(uint8_t*)0x20577053 = -1; *(uint32_t*)0x20577054 = htobe32(0x7f000001); *(uint32_t*)0x20577058 = htobe32(0x4d2); *(uint8_t*)0x2057705c = 0x33; *(uint32_t*)0x20577060 = htobe32(0xe0000002); *(uint64_t*)0x20577070 = 0; *(uint64_t*)0x20577078 = 0; *(uint64_t*)0x20577080 = 0; *(uint64_t*)0x20577088 = 0; *(uint64_t*)0x20577090 = 0; *(uint64_t*)0x20577098 = 0; *(uint64_t*)0x205770a0 = 0; *(uint64_t*)0x205770a8 = 0x4000000000; *(uint64_t*)0x205770b0 = 0; *(uint64_t*)0x205770b8 = 0; *(uint64_t*)0x205770c0 = 0; *(uint64_t*)0x205770c8 = 0; *(uint32_t*)0x205770d0 = 0; *(uint32_t*)0x205770d4 = 0; *(uint32_t*)0x205770d8 = 0; *(uint32_t*)0x205770dc = 0x70bd25; *(uint32_t*)0x205770e0 = 0x34ff; *(uint16_t*)0x205770e4 = 0xa; *(uint8_t*)0x205770e6 = 0; *(uint8_t*)0x205770e7 = 0; *(uint8_t*)0x205770e8 = 0; *(uint16_t*)0x205770f0 = 0xc; *(uint16_t*)0x205770f2 = 0x1c; *(uint32_t*)0x205770f4 = 7; *(uint8_t*)0x205770f8 = 2; *(uint16_t*)0x205770fc = 0x48; *(uint16_t*)0x205770fe = 1; memcpy((void*)0x20577100, "\x64\x69\x67\x65\x73\x74\x5f\x6e\x75\x6c\x6c\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 64); *(uint32_t*)0x20577140 = 0; syscall(__NR_sendmsg, r[0], 0x20004000, 0); } int main() { loop(); return 0; }