// https://syzkaller.appspot.com/bug?id=4e947674d10b0fb0cb94d4d723989cee439a71d6 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; res = syscall(__NR_socket, 0x10, 3, 6); if (res != -1) r[0] = res; *(uint64_t*)0x2014f000 = 0x203c7ff4; *(uint16_t*)0x203c7ff4 = 0x10; *(uint16_t*)0x203c7ff6 = 0; *(uint32_t*)0x203c7ff8 = 0; *(uint32_t*)0x203c7ffc = 0; *(uint32_t*)0x2014f008 = 0xc; *(uint64_t*)0x2014f010 = 0x200bfff0; *(uint64_t*)0x200bfff0 = 0x20006440; *(uint32_t*)0x20006440 = 0xb8; *(uint16_t*)0x20006444 = 0x19; *(uint16_t*)0x20006446 = 1; *(uint32_t*)0x20006448 = 0; *(uint32_t*)0x2000644c = 0; *(uint8_t*)0x20006450 = -1; *(uint8_t*)0x20006451 = 1; *(uint8_t*)0x20006452 = 0; *(uint8_t*)0x20006453 = 0; *(uint8_t*)0x20006454 = 0; *(uint8_t*)0x20006455 = 0; *(uint8_t*)0x20006456 = 0; *(uint8_t*)0x20006457 = 0; *(uint8_t*)0x20006458 = 0; *(uint8_t*)0x20006459 = 0; *(uint8_t*)0x2000645a = 0; *(uint8_t*)0x2000645b = 0; *(uint8_t*)0x2000645c = 0; *(uint8_t*)0x2000645d = 0; *(uint8_t*)0x2000645e = 0; *(uint8_t*)0x2000645f = 1; *(uint32_t*)0x20006460 = htobe32(0xe0000001); *(uint16_t*)0x20006470 = htobe16(0); *(uint16_t*)0x20006472 = htobe16(0); *(uint16_t*)0x20006474 = htobe16(0); *(uint16_t*)0x20006476 = htobe16(0); *(uint16_t*)0x20006478 = 0xa; *(uint8_t*)0x2000647a = 0; *(uint8_t*)0x2000647b = 0; *(uint8_t*)0x2000647c = 0; *(uint32_t*)0x20006480 = 0; *(uint32_t*)0x20006484 = 0; *(uint64_t*)0x20006488 = 0; *(uint64_t*)0x20006490 = 0; *(uint64_t*)0x20006498 = 0; *(uint64_t*)0x200064a0 = 0; *(uint64_t*)0x200064a8 = 0; *(uint64_t*)0x200064b0 = 0; *(uint64_t*)0x200064b8 = 0; *(uint64_t*)0x200064c0 = 0; *(uint64_t*)0x200064c8 = 0; *(uint64_t*)0x200064d0 = 0; *(uint64_t*)0x200064d8 = 0; *(uint64_t*)0x200064e0 = 0; *(uint32_t*)0x200064e8 = 0; *(uint32_t*)0x200064ec = 0; *(uint8_t*)0x200064f0 = 0; *(uint8_t*)0x200064f1 = 0; *(uint8_t*)0x200064f2 = 0; *(uint8_t*)0x200064f3 = 0; *(uint64_t*)0x200bfff8 = 0xb8; *(uint64_t*)0x2014f018 = 1; *(uint64_t*)0x2014f020 = 0; *(uint64_t*)0x2014f028 = 0; *(uint32_t*)0x2014f030 = 0; syscall(__NR_sendmsg, r[0], 0x2014f000, 0); res = syscall(__NR_socket, 2, 2, 0x88); if (res != -1) r[1] = res; *(uint16_t*)0x20000240 = 2; *(uint16_t*)0x20000242 = htobe16(0x4e20); *(uint32_t*)0x20000244 = htobe32(0); *(uint8_t*)0x20000248 = 0; *(uint8_t*)0x20000249 = 0; *(uint8_t*)0x2000024a = 0; *(uint8_t*)0x2000024b = 0; *(uint8_t*)0x2000024c = 0; *(uint8_t*)0x2000024d = 0; *(uint8_t*)0x2000024e = 0; *(uint8_t*)0x2000024f = 0; syscall(__NR_bind, r[1], 0x20000240, 0x10); *(uint16_t*)0x20319ff0 = 2; *(uint16_t*)0x20319ff2 = htobe16(0x4e20); *(uint32_t*)0x20319ff4 = htobe32(0); *(uint8_t*)0x20319ff8 = 0; *(uint8_t*)0x20319ff9 = 0; *(uint8_t*)0x20319ffa = 0; *(uint8_t*)0x20319ffb = 0; *(uint8_t*)0x20319ffc = 0; *(uint8_t*)0x20319ffd = 0; *(uint8_t*)0x20319ffe = 0; *(uint8_t*)0x20319fff = 0; syscall(__NR_sendto, r[1], 0x20000340, 0, 0x8084, 0x20319ff0, 0x10); *(uint16_t*)0x2082dff0 = 2; *(uint16_t*)0x2082dff2 = htobe16(0); *(uint8_t*)0x2082dff4 = 0xac; *(uint8_t*)0x2082dff5 = 0x14; *(uint8_t*)0x2082dff6 = 0x14; *(uint8_t*)0x2082dff7 = 0xaa; *(uint8_t*)0x2082dff8 = 0; *(uint8_t*)0x2082dff9 = 0; *(uint8_t*)0x2082dffa = 0; *(uint8_t*)0x2082dffb = 0; *(uint8_t*)0x2082dffc = 0; *(uint8_t*)0x2082dffd = 0; *(uint8_t*)0x2082dffe = 0; *(uint8_t*)0x2082dfff = 0; syscall(__NR_sendto, r[1], 0x20000000, 0, 0, 0x2082dff0, 0x10); return 0; }