// https://syzkaller.appspot.com/bug?id=9af1b02de9c2c9d59a4beda7aecb08289aff9e7e // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_socket #define __NR_socket 359 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 long r[1]; void loop() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 2, 1, 0); memcpy((void*)0x203b4326, "\x73\x65\x63\x75\x72\x69\x74\x79\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x203b4346 = 0; *(uint32_t*)0x203b434a = 1; *(uint32_t*)0x203b434e = 0x90; *(uint32_t*)0x203b4352 = 0; *(uint32_t*)0x203b4356 = 0; *(uint32_t*)0x203b435a = 0x1000; *(uint32_t*)0x203b435e = 0; *(uint32_t*)0x203b4362 = 0; *(uint32_t*)0x203b4366 = 0; *(uint32_t*)0x203b436a = 0; *(uint32_t*)0x203b436e = 0; *(uint32_t*)0x203b4372 = 0; *(uint32_t*)0x203b4376 = 0; *(uint32_t*)0x203b437a = 0x10; *(uint32_t*)0x203b437e = 0x2059dff0; *(uint32_t*)0x203b4382 = htobe32(0); *(uint32_t*)0x203b4386 = htobe32(0xe0000001); *(uint32_t*)0x203b438a = htobe32(0); *(uint32_t*)0x203b438e = htobe32(0); memcpy((void*)0x203b4392, "\x76\x6c\x61\x6e\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x203b43a2 = 0x73; *(uint8_t*)0x203b43a3 = 0x79; *(uint8_t*)0x203b43a4 = 0x7a; *(uint8_t*)0x203b43a5 = 0; *(uint8_t*)0x203b43a6 = 0; *(uint8_t*)0x203b43b2 = 0; *(uint8_t*)0x203b43b3 = 0; *(uint8_t*)0x203b43b4 = 0; *(uint8_t*)0x203b43b5 = 0; *(uint8_t*)0x203b43b6 = 0; *(uint8_t*)0x203b43b7 = 0; *(uint8_t*)0x203b43b8 = 0; *(uint8_t*)0x203b43b9 = 0; *(uint8_t*)0x203b43ba = 0; *(uint8_t*)0x203b43bb = 0; *(uint8_t*)0x203b43bc = 0; *(uint8_t*)0x203b43bd = 0; *(uint8_t*)0x203b43be = 0; *(uint8_t*)0x203b43bf = 0; *(uint8_t*)0x203b43c0 = 0; *(uint8_t*)0x203b43c1 = 0; *(uint8_t*)0x203b43c2 = 0; *(uint8_t*)0x203b43c3 = 0; *(uint8_t*)0x203b43c4 = 0; *(uint8_t*)0x203b43c5 = 0; *(uint8_t*)0x203b43c6 = 0; *(uint8_t*)0x203b43c7 = 0; *(uint8_t*)0x203b43c8 = 0; *(uint8_t*)0x203b43c9 = 0; *(uint8_t*)0x203b43ca = 0; *(uint8_t*)0x203b43cb = 0; *(uint8_t*)0x203b43cc = 0; *(uint8_t*)0x203b43cd = 0; *(uint8_t*)0x203b43ce = 0; *(uint8_t*)0x203b43cf = 0; *(uint8_t*)0x203b43d0 = 0; *(uint8_t*)0x203b43d1 = 0; *(uint16_t*)0x203b43d2 = 0; *(uint8_t*)0x203b43d4 = 0; *(uint8_t*)0x203b43d5 = 0x41; *(uint32_t*)0x203b43d6 = 0; *(uint16_t*)0x203b43da = 0x70; *(uint16_t*)0x203b43dc = 0x90; *(uint32_t*)0x203b43de = 0; *(uint64_t*)0x203b43e2 = 0; *(uint64_t*)0x203b43ea = 0; *(uint16_t*)0x203b43f2 = 0x20; memcpy((void*)0x203b43f4, "\x01\xc5\x56\x6a\x10\x28\xe0\xfc\x26\xf3\x5e\x54" "\x21\x27\x20\xc2\xbd\x02\xb6\x02\xd6\x6b\x95\xd4" "\x45\x55\x51\x32\x6d", 29); *(uint8_t*)0x203b4411 = 0xfd; syscall(__NR_setsockopt, r[0], 0, 0x40, 0x203b4326, 0xf0); } int main() { loop(); return 0; }