// https://syzkaller.appspot.com/bug?id=4e947674d10b0fb0cb94d4d723989cee439a71d6 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void loop() { long res; res = syscall(__NR_socket, 0x10, 3, 6); if (res != -1) r[0] = res; *(uint64_t*)0x200048c0 = 0x20004640; *(uint16_t*)0x20004640 = 0x10; *(uint16_t*)0x20004642 = 0; *(uint32_t*)0x20004644 = 0; *(uint32_t*)0x20004648 = 0; *(uint32_t*)0x200048c8 = 0xc; *(uint64_t*)0x200048d0 = 0x20004880; *(uint64_t*)0x20004880 = 0x20004680; *(uint32_t*)0x20004680 = 0xc4; *(uint16_t*)0x20004684 = 0x19; *(uint16_t*)0x20004686 = 0x325; *(uint32_t*)0x20004688 = 0; *(uint32_t*)0x2000468c = 0; *(uint8_t*)0x20004690 = -1; *(uint8_t*)0x20004691 = 1; *(uint8_t*)0x20004692 = 0; *(uint8_t*)0x20004693 = 0; *(uint8_t*)0x20004694 = 0; *(uint8_t*)0x20004695 = 0; *(uint8_t*)0x20004696 = 0; *(uint8_t*)0x20004697 = 0; *(uint8_t*)0x20004698 = 0; *(uint8_t*)0x20004699 = 0; *(uint8_t*)0x2000469a = 0; *(uint8_t*)0x2000469b = 0; *(uint8_t*)0x2000469c = 0; *(uint8_t*)0x2000469d = 0; *(uint8_t*)0x2000469e = 0; *(uint8_t*)0x2000469f = 1; *(uint8_t*)0x200046a0 = 0; *(uint8_t*)0x200046a1 = 0; *(uint8_t*)0x200046a2 = 0; *(uint8_t*)0x200046a3 = 0; *(uint8_t*)0x200046a4 = 0; *(uint8_t*)0x200046a5 = 0; *(uint8_t*)0x200046a6 = 0; *(uint8_t*)0x200046a7 = 0; *(uint8_t*)0x200046a8 = 0; *(uint8_t*)0x200046a9 = 0; *(uint8_t*)0x200046aa = 0; *(uint8_t*)0x200046ab = 0; *(uint8_t*)0x200046ac = 0; *(uint8_t*)0x200046ad = 0; *(uint8_t*)0x200046ae = 0; *(uint8_t*)0x200046af = 0; *(uint16_t*)0x200046b0 = htobe16(0x4e20); *(uint16_t*)0x200046b2 = htobe16(0); *(uint16_t*)0x200046b4 = htobe16(0x4e20); *(uint16_t*)0x200046b6 = htobe16(0); *(uint16_t*)0x200046b8 = 0xa; *(uint8_t*)0x200046ba = 0; *(uint8_t*)0x200046bb = 0; *(uint8_t*)0x200046bc = 0; *(uint32_t*)0x200046c0 = 0; *(uint32_t*)0x200046c4 = 0; *(uint64_t*)0x200046c8 = 0; *(uint64_t*)0x200046d0 = 0; *(uint64_t*)0x200046d8 = 0; *(uint64_t*)0x200046e0 = 0; *(uint64_t*)0x200046e8 = 0; *(uint64_t*)0x200046f0 = 0; *(uint64_t*)0x200046f8 = 0; *(uint64_t*)0x20004700 = 0; *(uint64_t*)0x20004708 = 0; *(uint64_t*)0x20004710 = 0; *(uint64_t*)0x20004718 = 0; *(uint64_t*)0x20004720 = 0; *(uint32_t*)0x20004728 = 0; *(uint32_t*)0x2000472c = 0; *(uint8_t*)0x20004730 = 0; *(uint8_t*)0x20004731 = 0; *(uint8_t*)0x20004732 = 0; *(uint8_t*)0x20004733 = 0; *(uint16_t*)0x20004738 = 0xc; *(uint16_t*)0x2000473a = 0x15; *(uint32_t*)0x2000473c = 3; *(uint32_t*)0x20004740 = 0; *(uint64_t*)0x20004888 = 0xc4; *(uint64_t*)0x200048d8 = 1; *(uint64_t*)0x200048e0 = 0; *(uint64_t*)0x200048e8 = 0; *(uint32_t*)0x200048f0 = 0; syscall(__NR_sendmsg, r[0], 0x200048c0, 0); res = syscall(__NR_socket, 2, 2, 0x88); if (res != -1) r[1] = res; *(uint16_t*)0x20000040 = 2; *(uint16_t*)0x20000042 = htobe16(0x4e20); *(uint32_t*)0x20000044 = htobe32(0x7f000001); *(uint8_t*)0x20000048 = 0; *(uint8_t*)0x20000049 = 0; *(uint8_t*)0x2000004a = 0; *(uint8_t*)0x2000004b = 0; *(uint8_t*)0x2000004c = 0; *(uint8_t*)0x2000004d = 0; *(uint8_t*)0x2000004e = 0; *(uint8_t*)0x2000004f = 0; syscall(__NR_bind, r[1], 0x20000040, 0x10); *(uint16_t*)0x20319ff0 = 2; *(uint16_t*)0x20319ff2 = htobe16(0x4e20); *(uint32_t*)0x20319ff4 = htobe32(0); *(uint8_t*)0x20319ff8 = 0; *(uint8_t*)0x20319ff9 = 0; *(uint8_t*)0x20319ffa = 0; *(uint8_t*)0x20319ffb = 0; *(uint8_t*)0x20319ffc = 0; *(uint8_t*)0x20319ffd = 0; *(uint8_t*)0x20319ffe = 0; *(uint8_t*)0x20319fff = 0; syscall(__NR_sendto, r[1], 0x20f81000, 0, 0x8080, 0x20319ff0, 0x10); *(uint16_t*)0x20df9ff0 = 2; *(uint16_t*)0x20df9ff2 = htobe16(0x4e20); *(uint32_t*)0x20df9ff4 = htobe32(0xe0000002); *(uint8_t*)0x20df9ff8 = 0; *(uint8_t*)0x20df9ff9 = 0; *(uint8_t*)0x20df9ffa = 0; *(uint8_t*)0x20df9ffb = 0; *(uint8_t*)0x20df9ffc = 0; *(uint8_t*)0x20df9ffd = 0; *(uint8_t*)0x20df9ffe = 0; *(uint8_t*)0x20df9fff = 0; syscall(__NR_sendto, r[1], 0x20000000, 0, 0, 0x20df9ff0, 0x10); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }