// https://syzkaller.appspot.com/bug?id=d00cad3f389b75fe7d54472c0b9eba5afbc2f055 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include long r[2]; void loop() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0xa, 1, 0); *(uint8_t*)0x20851000 = -1; *(uint8_t*)0x20851001 = 1; *(uint8_t*)0x20851002 = 0; *(uint8_t*)0x20851003 = 0; *(uint8_t*)0x20851004 = 0; *(uint8_t*)0x20851005 = 0; *(uint8_t*)0x20851006 = 0; *(uint8_t*)0x20851007 = 0; *(uint8_t*)0x20851008 = 0; *(uint8_t*)0x20851009 = 0; *(uint8_t*)0x2085100a = 0; *(uint8_t*)0x2085100b = 0; *(uint8_t*)0x2085100c = 0; *(uint8_t*)0x2085100d = 0; *(uint8_t*)0x2085100e = 0; *(uint8_t*)0x2085100f = 1; *(uint64_t*)0x20851010 = htobe64(0); *(uint64_t*)0x20851018 = htobe64(1); *(uint16_t*)0x20851020 = 0; *(uint16_t*)0x20851022 = htobe16(0); *(uint16_t*)0x20851024 = 0; *(uint16_t*)0x20851026 = htobe16(0); *(uint16_t*)0x20851028 = 0xa; *(uint8_t*)0x2085102a = 0; *(uint8_t*)0x2085102b = 0; *(uint8_t*)0x2085102c = 0; *(uint32_t*)0x20851030 = 0; *(uint32_t*)0x20851034 = 0; *(uint64_t*)0x20851038 = 0; *(uint64_t*)0x20851040 = 0; *(uint64_t*)0x20851048 = 0; *(uint64_t*)0x20851050 = 0; *(uint64_t*)0x20851058 = 0; *(uint64_t*)0x20851060 = 0; *(uint64_t*)0x20851068 = 0; *(uint64_t*)0x20851070 = 0; *(uint64_t*)0x20851078 = 0; *(uint64_t*)0x20851080 = 0; *(uint64_t*)0x20851088 = 0; *(uint64_t*)0x20851090 = 0; *(uint32_t*)0x20851098 = 0; *(uint32_t*)0x2085109c = 0; *(uint8_t*)0x208510a0 = 1; *(uint8_t*)0x208510a1 = 0; *(uint8_t*)0x208510a2 = 0; *(uint8_t*)0x208510a3 = 0; *(uint8_t*)0x208510a8 = 0; *(uint8_t*)0x208510a9 = 0; *(uint8_t*)0x208510aa = 0; *(uint8_t*)0x208510ab = 0; *(uint8_t*)0x208510ac = 0; *(uint8_t*)0x208510ad = 0; *(uint8_t*)0x208510ae = 0; *(uint8_t*)0x208510af = 0; *(uint8_t*)0x208510b0 = 0; *(uint8_t*)0x208510b1 = 0; *(uint8_t*)0x208510b2 = 0; *(uint8_t*)0x208510b3 = 0; *(uint8_t*)0x208510b4 = 0; *(uint8_t*)0x208510b5 = 0; *(uint8_t*)0x208510b6 = 0; *(uint8_t*)0x208510b7 = 0; *(uint32_t*)0x208510b8 = 0; *(uint8_t*)0x208510bc = 0; *(uint16_t*)0x208510c0 = 0; *(uint8_t*)0x208510c4 = 0xfe; *(uint8_t*)0x208510c5 = 0x80; *(uint8_t*)0x208510c6 = 0; *(uint8_t*)0x208510c7 = 0; *(uint8_t*)0x208510c8 = 0; *(uint8_t*)0x208510c9 = 0; *(uint8_t*)0x208510ca = 0; *(uint8_t*)0x208510cb = 0; *(uint8_t*)0x208510cc = 0; *(uint8_t*)0x208510cd = 0; *(uint8_t*)0x208510ce = 0; *(uint8_t*)0x208510cf = 0; *(uint8_t*)0x208510d0 = 0; *(uint8_t*)0x208510d1 = 0; *(uint8_t*)0x208510d2 = 0; *(uint8_t*)0x208510d3 = 0xbb; *(uint32_t*)0x208510d4 = 0; *(uint8_t*)0x208510d8 = 0; *(uint8_t*)0x208510d9 = 0; *(uint8_t*)0x208510da = 5; *(uint32_t*)0x208510dc = 0; *(uint32_t*)0x208510e0 = 0; *(uint32_t*)0x208510e4 = 0; syscall(__NR_setsockopt, r[0], 0x29, 0x23, 0x20851000, 0x1c5); r[1] = syscall(__NR_socket, 0x10, 3, 6); *(uint64_t*)0x20013000 = 0x20000000; *(uint32_t*)0x20013008 = 0xc; *(uint64_t*)0x20013010 = 0x2000b000; *(uint64_t*)0x20013018 = 1; *(uint64_t*)0x20013020 = 0; *(uint64_t*)0x20013028 = 0; *(uint32_t*)0x20013030 = 0; *(uint16_t*)0x20000000 = 0x10; *(uint16_t*)0x20000002 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x20000008 = 0; *(uint64_t*)0x2000b000 = 0x20016f74; *(uint64_t*)0x2000b008 = 0x1c; *(uint32_t*)0x20016f74 = 0x1c; *(uint16_t*)0x20016f78 = 0x24; *(uint16_t*)0x20016f7a = 0x301; *(uint32_t*)0x20016f7c = 0; *(uint32_t*)0x20016f80 = 0; *(uint8_t*)0x20016f84 = 0; *(uint8_t*)0x20016f85 = 0; *(uint16_t*)0x20016f86 = 0; *(uint16_t*)0x20016f88 = 8; *(uint16_t*)0x20016f8a = 3; memcpy((void*)0x20016f8c, "\x04", 1); syscall(__NR_sendmsg, r[1], 0x20013000, 0); } int main() { loop(); return 0; }