// https://syzkaller.appspot.com/bug?id=004b0f7b61d4901cbfecfc33de7996e8cbe0a278 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0x2b, 1, 0); if (res != -1) r[0] = res; *(uint64_t*)0x20001800 = 0x20000100; *(uint16_t*)0x20000100 = 0x306; *(uint8_t*)0x20000102 = 1; *(uint8_t*)0x20000103 = 0x80; *(uint8_t*)0x20000104 = 0xc2; *(uint8_t*)0x20000105 = 0; *(uint8_t*)0x20000106 = 0; *(uint8_t*)0x20000107 = 2; *(uint32_t*)0x20001808 = 0x80; *(uint64_t*)0x20001810 = 0x20000400; *(uint64_t*)0x20000400 = 0x20000180; *(uint64_t*)0x20000408 = 0; *(uint64_t*)0x20000410 = 0x20000240; *(uint64_t*)0x20000418 = 0; *(uint64_t*)0x20000420 = 0x20000340; *(uint64_t*)0x20000428 = 0; *(uint64_t*)0x20000430 = 0x20000380; *(uint64_t*)0x20000438 = 0; *(uint64_t*)0x20001818 = 4; *(uint64_t*)0x20001820 = 0x20000440; *(uint64_t*)0x20000440 = 0x10; *(uint32_t*)0x20000448 = 0x1ff; *(uint32_t*)0x2000044c = 4; *(uint64_t*)0x20000450 = 0x10; *(uint32_t*)0x20000458 = 0x103; *(uint32_t*)0x2000045c = 0x6067; *(uint64_t*)0x20000460 = 0x10; *(uint32_t*)0x20000468 = 0x10c; *(uint32_t*)0x2000046c = 0xffffff80; *(uint64_t*)0x20000470 = 0x10; *(uint32_t*)0x20000478 = 0x13f; *(uint32_t*)0x2000047c = 0x3ff; *(uint64_t*)0x20000480 = 0x10; *(uint32_t*)0x20000488 = 0x11f; *(uint32_t*)0x2000048c = 1; *(uint64_t*)0x20000490 = 0x10; *(uint32_t*)0x20000498 = 0x11e; *(uint32_t*)0x2000049c = 0; *(uint64_t*)0x200004a0 = 0x10; *(uint32_t*)0x200004a8 = 0x10c; *(uint32_t*)0x200004ac = 0x20; *(uint64_t*)0x200004b0 = 0x10; *(uint32_t*)0x200004b8 = 0; *(uint32_t*)0x200004bc = 0x2cdb; *(uint64_t*)0x20001828 = 0x80; *(uint32_t*)0x20001830 = 0x4081; syscall(__NR_sendmsg, r[0], 0x20001800, 0x24048000); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }