// https://syzkaller.appspot.com/bug?id=54f4ce6239e6e0d0d5583488421c6fa3ba7ed6b4 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include static void test(); void loop() { while (1) { test(); } } #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_socket #define __NR_socket 359 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 long r[1]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xf57000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0xf, 3, 2); *(uint32_t*)0x208befc8 = 0; *(uint32_t*)0x208befcc = 0; *(uint32_t*)0x208befd0 = 0x208feff0; *(uint32_t*)0x208befd4 = 1; *(uint32_t*)0x208befd8 = 0; *(uint32_t*)0x208befdc = 0; *(uint32_t*)0x208befe0 = 0; *(uint32_t*)0x208feff0 = 0x20f54f80; *(uint32_t*)0x208feff4 = 0x70; *(uint8_t*)0x20f54f80 = 2; *(uint8_t*)0x20f54f81 = 3; *(uint8_t*)0x20f54f82 = 0; *(uint8_t*)0x20f54f83 = 9; *(uint16_t*)0x20f54f84 = 0xe; *(uint16_t*)0x20f54f86 = 0; *(uint32_t*)0x20f54f88 = 0x70bd25; *(uint32_t*)0x20f54f8c = 0x25dfdbfb; *(uint16_t*)0x20f54f90 = 5; *(uint16_t*)0x20f54f92 = 6; *(uint8_t*)0x20f54f94 = 0; *(uint8_t*)0x20f54f95 = 0; *(uint16_t*)0x20f54f96 = 0; *(uint16_t*)0x20f54f98 = 0xa; *(uint16_t*)0x20f54f9a = htobe16(0x4e20); *(uint32_t*)0x20f54f9c = 0; *(uint64_t*)0x20f54fa0 = htobe64(0); *(uint64_t*)0x20f54fa8 = htobe64(1); *(uint32_t*)0x20f54fb0 = 0; *(uint16_t*)0x20f54fb8 = 2; *(uint16_t*)0x20f54fba = 1; *(uint32_t*)0x20f54fbc = htobe32(0x4d2); *(uint8_t*)0x20f54fc0 = 0; *(uint8_t*)0x20f54fc1 = 0; *(uint8_t*)0x20f54fc2 = 0; *(uint8_t*)0x20f54fc3 = 2; *(uint32_t*)0x20f54fc4 = 0; *(uint16_t*)0x20f54fc8 = 5; *(uint16_t*)0x20f54fca = 5; *(uint8_t*)0x20f54fcc = 0; *(uint8_t*)0x20f54fcd = 0; *(uint16_t*)0x20f54fce = 0; *(uint16_t*)0x20f54fd0 = 0xa; *(uint16_t*)0x20f54fd2 = htobe16(0x4e20); *(uint32_t*)0x20f54fd4 = 0; *(uint8_t*)0x20f54fd8 = 0xfe; *(uint8_t*)0x20f54fd9 = 0x80; *(uint8_t*)0x20f54fda = 0; *(uint8_t*)0x20f54fdb = 0; *(uint8_t*)0x20f54fdc = 0; *(uint8_t*)0x20f54fdd = 0; *(uint8_t*)0x20f54fde = 0; *(uint8_t*)0x20f54fdf = 0; *(uint8_t*)0x20f54fe0 = 0; *(uint8_t*)0x20f54fe1 = 0; *(uint8_t*)0x20f54fe2 = 0; *(uint8_t*)0x20f54fe3 = 0; *(uint8_t*)0x20f54fe4 = 0; *(uint8_t*)0x20f54fe5 = 0; *(uint8_t*)0x20f54fe6 = 0; *(uint8_t*)0x20f54fe7 = 0xbb; *(uint32_t*)0x20f54fe8 = 0; syscall(__NR_sendmsg, r[0], 0x208befc8, 0); } int main() { for (;;) { loop(); } }