// https://syzkaller.appspot.com/bug?id=d3c85e02ceda01f8616b57fc8af71fa0f13550a2 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); intptr_t res = 0; res = syscall(__NR_socket, 0xful, 3ul, 2); if (res != -1) r[0] = res; *(uint64_t*)0x20000100 = 0x40000000; *(uint32_t*)0x20000108 = 0; *(uint64_t*)0x20000110 = 0x200000c0; *(uint64_t*)0x200000c0 = 0x20000400; *(uint8_t*)0x20000400 = 2; *(uint8_t*)0x20000401 = 0xd; *(uint8_t*)0x20000402 = 0; *(uint8_t*)0x20000403 = 0; *(uint16_t*)0x20000404 = 0x18; *(uint16_t*)0x20000406 = 0; *(uint32_t*)0x20000408 = 0; *(uint32_t*)0x2000040c = 0; *(uint16_t*)0x20000410 = 5; *(uint16_t*)0x20000412 = 6; *(uint8_t*)0x20000414 = 0; *(uint8_t*)0x20000415 = 0; *(uint16_t*)0x20000416 = 0; *(uint16_t*)0x20000418 = 0xa; *(uint16_t*)0x2000041a = htobe16(0); *(uint32_t*)0x2000041c = htobe32(0); *(uint8_t*)0x20000420 = 0; *(uint8_t*)0x20000421 = 0; *(uint8_t*)0x20000422 = 0; *(uint8_t*)0x20000423 = 0; *(uint8_t*)0x20000424 = 0; *(uint8_t*)0x20000425 = 0; *(uint8_t*)0x20000426 = 0; *(uint8_t*)0x20000427 = 0; *(uint8_t*)0x20000428 = 0; *(uint8_t*)0x20000429 = 0; *(uint8_t*)0x2000042a = 0; *(uint8_t*)0x2000042b = 0; *(uint8_t*)0x2000042c = 0; *(uint8_t*)0x2000042d = 0; *(uint8_t*)0x2000042e = 0; *(uint8_t*)0x2000042f = 0; *(uint32_t*)0x20000430 = 0; *(uint16_t*)0x20000438 = 8; *(uint16_t*)0x2000043a = 0x12; *(uint16_t*)0x2000043c = 0; *(uint8_t*)0x2000043e = 1; *(uint8_t*)0x2000043f = 0; *(uint32_t*)0x20000440 = 0; *(uint32_t*)0x20000444 = 0; *(uint16_t*)0x20000448 = 6; *(uint16_t*)0x2000044a = 0; *(uint8_t*)0x2000044c = 0; *(uint8_t*)0x2000044d = 0; *(uint16_t*)0x2000044e = 0; *(uint32_t*)0x20000450 = 0; *(uint32_t*)0x20000454 = 0; *(uint64_t*)0x20000458 = htobe64(0); *(uint64_t*)0x20000460 = htobe64(1); *(uint32_t*)0x20000468 = htobe32(0x7f000001); *(uint16_t*)0x20000478 = 5; *(uint16_t*)0x2000047a = 5; *(uint8_t*)0x2000047c = 0; *(uint8_t*)0x2000047d = 0; *(uint16_t*)0x2000047e = 0; *(uint16_t*)0x20000480 = 0xa; *(uint16_t*)0x20000482 = htobe16(0); *(uint32_t*)0x20000484 = htobe32(0); *(uint8_t*)0x20000488 = 0; *(uint8_t*)0x20000489 = 0; *(uint8_t*)0x2000048a = 0; *(uint8_t*)0x2000048b = 0; *(uint8_t*)0x2000048c = 0; *(uint8_t*)0x2000048d = 0; *(uint8_t*)0x2000048e = 0; *(uint8_t*)0x2000048f = 0; *(uint8_t*)0x20000490 = 0; *(uint8_t*)0x20000491 = 0; *(uint8_t*)0x20000492 = 0; *(uint8_t*)0x20000493 = 0; *(uint8_t*)0x20000494 = 0; *(uint8_t*)0x20000495 = 0; *(uint8_t*)0x20000496 = 0; *(uint8_t*)0x20000497 = 0; *(uint32_t*)0x20000498 = 0; *(uint16_t*)0x200004a0 = 4; *(uint16_t*)0x200004a2 = 4; *(uint32_t*)0x200004a4 = 0; *(uint64_t*)0x200004a8 = 0; *(uint64_t*)0x200004b0 = 0; *(uint64_t*)0x200004b8 = 0; *(uint64_t*)0x200000c8 = 0xc0; *(uint64_t*)0x20000118 = 1; *(uint64_t*)0x20000120 = 0; *(uint64_t*)0x20000128 = 0; *(uint32_t*)0x20000130 = 0; syscall(__NR_sendmsg, r[0], 0x20000100ul, 0ul); res = syscall(__NR_socket, 0xaul, 1ul, 0x84); if (res != -1) r[1] = res; memcpy((void*)0x20847fff, "X", 1); *(uint16_t*)0x2005ffe4 = 0xa; *(uint16_t*)0x2005ffe6 = htobe16(0x4e23); *(uint32_t*)0x2005ffe8 = htobe32(0); *(uint64_t*)0x2005ffec = htobe64(0); *(uint64_t*)0x2005fff4 = htobe64(1); *(uint32_t*)0x2005fffc = 0; syscall(__NR_sendto, r[1], 0x20847ffful, 0x34000ul, 0ul, 0x2005ffe4ul, 0x1cul); return 0; }