// https://syzkaller.appspot.com/bug?id=2c136133b6850b603232e92bf14aee9c3595e33c // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include long r[3]; void loop() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0xa, 2, 0); *(uint8_t*)0x201e8000 = 0xac; *(uint8_t*)0x201e8001 = 0x14; *(uint8_t*)0x201e8002 = 0; *(uint8_t*)0x201e8003 = 0xbb; *(uint8_t*)0x201e8010 = 0xfe; *(uint8_t*)0x201e8011 = 0x80; *(uint8_t*)0x201e8012 = 0; *(uint8_t*)0x201e8013 = 0; *(uint8_t*)0x201e8014 = 0; *(uint8_t*)0x201e8015 = 0; *(uint8_t*)0x201e8016 = 0; *(uint8_t*)0x201e8017 = 0; *(uint8_t*)0x201e8018 = 0; *(uint8_t*)0x201e8019 = 0; *(uint8_t*)0x201e801a = 0; *(uint8_t*)0x201e801b = 0; *(uint8_t*)0x201e801c = 0; *(uint8_t*)0x201e801d = 0; *(uint8_t*)0x201e801e = 0; *(uint8_t*)0x201e801f = 0xbb; *(uint16_t*)0x201e8020 = htobe16(0x4e20); *(uint16_t*)0x201e8022 = 0; *(uint16_t*)0x201e8024 = htobe16(0x4e20); *(uint16_t*)0x201e8026 = 0; *(uint16_t*)0x201e8028 = 2; *(uint8_t*)0x201e802a = 0; *(uint8_t*)0x201e802b = 0; *(uint8_t*)0x201e802c = 0; *(uint32_t*)0x201e8030 = 0; *(uint32_t*)0x201e8034 = 0; *(uint64_t*)0x201e8038 = 0; *(uint64_t*)0x201e8040 = 0; *(uint64_t*)0x201e8048 = 0; *(uint64_t*)0x201e8050 = 0; *(uint64_t*)0x201e8058 = 0; *(uint64_t*)0x201e8060 = 0; *(uint64_t*)0x201e8068 = 0; *(uint64_t*)0x201e8070 = 0; *(uint64_t*)0x201e8078 = 0; *(uint64_t*)0x201e8080 = 0; *(uint64_t*)0x201e8088 = 0; *(uint64_t*)0x201e8090 = 0; *(uint32_t*)0x201e8098 = 0; *(uint32_t*)0x201e809c = 0x6e6bb0; *(uint8_t*)0x201e80a0 = 0; *(uint8_t*)0x201e80a1 = 0; *(uint8_t*)0x201e80a2 = 0; *(uint8_t*)0x201e80a3 = 0; *(uint8_t*)0x201e80a8 = 0xac; *(uint8_t*)0x201e80a9 = 0x14; *(uint8_t*)0x201e80aa = 0; *(uint8_t*)0x201e80ab = 0xaa; *(uint32_t*)0x201e80b8 = htobe32(0x4d2); *(uint8_t*)0x201e80bc = -1; *(uint16_t*)0x201e80c0 = 0; *(uint8_t*)0x201e80c4 = 0; *(uint8_t*)0x201e80c5 = 0; *(uint8_t*)0x201e80c6 = 0; *(uint8_t*)0x201e80c7 = 0; *(uint8_t*)0x201e80c8 = 0; *(uint8_t*)0x201e80c9 = 0; *(uint8_t*)0x201e80ca = 0; *(uint8_t*)0x201e80cb = 0; *(uint8_t*)0x201e80cc = 0; *(uint8_t*)0x201e80cd = 0; *(uint8_t*)0x201e80ce = 0; *(uint8_t*)0x201e80cf = 0; *(uint8_t*)0x201e80d0 = 0; *(uint8_t*)0x201e80d1 = 0; *(uint8_t*)0x201e80d2 = 0; *(uint8_t*)0x201e80d3 = 0; *(uint32_t*)0x201e80d4 = 0x34ff; *(uint8_t*)0x201e80d8 = 0; *(uint8_t*)0x201e80d9 = 0; *(uint8_t*)0x201e80da = 0; *(uint32_t*)0x201e80dc = 0; *(uint32_t*)0x201e80e0 = 0; *(uint32_t*)0x201e80e4 = 0; syscall(__NR_setsockopt, r[0], 0x29, 0x23, 0x201e8000, 0xe8); r[1] = syscall(__NR_socket, 0xf, 3, 2); *(uint32_t*)0x20e8c000 = 0; syscall(__NR_setsockopt, r[1], 1, 8, 0x20e8c000, 4); memcpy((void*)0x20a97ff0, "\x02\x0b\xaf\x01\x02\x00\x00\x00\x00\x06\x7b\xbc\x8e\x1d\x4b\x48", 16); syscall(__NR_write, r[1], 0x20a97ff0, 0x10); memcpy((void*)0x20000ff0, "\x02\x12\xa1\x25\x02\x00\x00\x00\x09\xe5\x00\x00\x00\x00\x09\x00", 16); syscall(__NR_write, r[1], 0x20000ff0, 0x10); r[2] = syscall(__NR_socket, 0x10, 2, 6); *(uint64_t*)0x20616fc8 = 0x20000000; *(uint32_t*)0x20616fd0 = 0; *(uint64_t*)0x20616fd8 = 0x20664000; *(uint64_t*)0x20616fe0 = 1; *(uint64_t*)0x20616fe8 = 0x2061e000; *(uint64_t*)0x20616ff0 = 0; *(uint32_t*)0x20616ff8 = 0; *(uint64_t*)0x20664000 = 0x20d9efdf; *(uint64_t*)0x20664008 = 0x20; *(uint32_t*)0x20d9efdf = 0x20; *(uint16_t*)0x20d9efe3 = 0x24; *(uint16_t*)0x20d9efe5 = 1; *(uint32_t*)0x20d9efe7 = 0; *(uint32_t*)0x20d9efeb = 0x25dfdbfb; memcpy((void*)0x20d9efef, "\x23\x00\xfb\x06\x0b\x00\x04\x00\x00\x00\x00\x00\xff", 13); syscall(__NR_sendmsg, r[2], 0x20616fc8, 0); } int main() { loop(); return 0; }