// https://syzkaller.appspot.com/bug?id=004b0f7b61d4901cbfecfc33de7996e8cbe0a278 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0x2b, 0x801, 0); if (res != -1) r[0] = res; *(uint64_t*)0x200035c0 = 0x20000980; *(uint16_t*)0x20000980 = 0x307; *(uint8_t*)0x20000982 = 0xaa; *(uint8_t*)0x20000983 = 0xaa; *(uint8_t*)0x20000984 = 0xaa; *(uint8_t*)0x20000985 = 0xaa; *(uint8_t*)0x20000986 = 0xaa; *(uint8_t*)0x20000987 = 0xaa; *(uint32_t*)0x200035c8 = 0x80; *(uint64_t*)0x200035d0 = 0x20000b00; *(uint64_t*)0x20000b00 = 0x20000a00; *(uint64_t*)0x20000b08 = 0; *(uint64_t*)0x20000b10 = 0x20000a80; *(uint64_t*)0x20000b18 = 0; *(uint64_t*)0x200035d8 = 2; *(uint64_t*)0x200035e0 = 0x20000b40; *(uint64_t*)0x20000b40 = 0x10; *(uint32_t*)0x20000b48 = 0x117; *(uint32_t*)0x20000b4c = 0x2f; *(uint64_t*)0x20000b50 = 0x10; *(uint32_t*)0x20000b58 = 0x139; *(uint32_t*)0x20000b5c = 0x81; *(uint64_t*)0x20000b60 = 0x10; *(uint32_t*)0x20000b68 = 0x103; *(uint32_t*)0x20000b6c = 4; *(uint64_t*)0x20000b70 = 0x10; *(uint32_t*)0x20000b78 = 0x1b9; *(uint32_t*)0x20000b7c = 0xaac; *(uint64_t*)0x20000b80 = 0x10; *(uint32_t*)0x20000b88 = 0x10d; *(uint32_t*)0x20000b8c = 7; *(uint64_t*)0x20000b90 = 0x10; *(uint32_t*)0x20000b98 = 0x10d; *(uint32_t*)0x20000b9c = 0xffff; *(uint64_t*)0x20000ba0 = 0x10; *(uint32_t*)0x20000ba8 = 0x1ff; *(uint32_t*)0x20000bac = 3; *(uint64_t*)0x20000bb0 = 0x10; *(uint32_t*)0x20000bb8 = 0x10f; *(uint32_t*)0x20000bbc = 7; *(uint64_t*)0x20000bc0 = 0x10; *(uint32_t*)0x20000bc8 = 0x10e; *(uint32_t*)0x20000bcc = 0x800; *(uint64_t*)0x20000bd0 = 0x10; *(uint32_t*)0x20000bd8 = 0x119; *(uint32_t*)0x20000bdc = 0x400; *(uint64_t*)0x200035e8 = 0xa0; *(uint32_t*)0x200035f0 = 0x40010; *(uint32_t*)0x200035f8 = 0x56a5; *(uint64_t*)0x20003600 = 0; *(uint32_t*)0x20003608 = 0; *(uint64_t*)0x20003610 = 0x20003300; *(uint64_t*)0x20003300 = 0x20003040; *(uint64_t*)0x20003308 = 0; *(uint64_t*)0x20003310 = 0x200030c0; *(uint64_t*)0x20003318 = 0; *(uint64_t*)0x20003320 = 0x20003100; *(uint64_t*)0x20003328 = 0; *(uint64_t*)0x20003330 = 0x200031c0; *(uint64_t*)0x20003338 = 0; *(uint64_t*)0x20003340 = 0x20003280; *(uint64_t*)0x20003348 = 0; *(uint64_t*)0x20003618 = 5; *(uint64_t*)0x20003620 = 0x20003380; *(uint64_t*)0x20003380 = 0x10; *(uint32_t*)0x20003388 = 0x10f; *(uint32_t*)0x2000338c = 0x7fffffff; *(uint64_t*)0x20003628 = 0x10; *(uint32_t*)0x20003630 = 0; *(uint32_t*)0x20003638 = 0xff; *(uint64_t*)0x20003640 = 0x200033c0; *(uint16_t*)0x200033c0 = 0x27; *(uint32_t*)0x200033c4 = 0; *(uint32_t*)0x200033c8 = 2; *(uint32_t*)0x200033cc = 2; *(uint8_t*)0x200033d0 = -1; *(uint8_t*)0x200033d1 = 0xfb; memcpy((void*)0x200033d2, "\xc5\x3d\xc5\xb9\xe9\x25\xa3\x36\x54\x86\xfa\xcf\x7c\xcd\x79\x51\xaa" "\xb5\x7d\x7b\xa5\x6a\x9a\x2a\x5d\xa2\x35\x48\x64\xea\xeb\xb0\xf0\xd1" "\x75\x6b\x4e\x20\xef\x22\x8d\x37\xda\xf5\x02\x91\x5b\xf4\xa7\x36\xdb" "\x79\x7c\x4f\x30\xb5\x10\x6b\xcf\x3c\xcd\x38\x0a", 63); *(uint64_t*)0x20003418 = 5; *(uint32_t*)0x20003648 = 0x80; *(uint64_t*)0x20003650 = 0x20003540; *(uint64_t*)0x20003540 = 0x20003440; *(uint64_t*)0x20003548 = 0; *(uint64_t*)0x20003658 = 1; *(uint64_t*)0x20003660 = 0x20003580; *(uint64_t*)0x20003668 = 0; *(uint32_t*)0x20003670 = 0; *(uint32_t*)0x20003678 = 6; syscall(__NR_sendmmsg, r[0], 0x200035c0, 3, 0x20000000); *(uint32_t*)0x20000940 = 4; *(uint32_t*)0x20000944 = 3; syscall(__NR_setsockopt, r[0], 6, 0x16, 0x20000940, 0x200000000000018c); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }