// https://syzkaller.appspot.com/bug?id=4e947674d10b0fb0cb94d4d723989cee439a71d6 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void loop() { long res; res = syscall(__NR_socket, 0xf, 3, 2); if (res != -1) r[0] = res; *(uint64_t*)0x20360000 = 0; *(uint32_t*)0x20360008 = 0; *(uint64_t*)0x20360010 = 0x2035d000; *(uint64_t*)0x2035d000 = 0x2033c000; *(uint8_t*)0x2033c000 = 2; *(uint8_t*)0x2033c001 = 0xd; *(uint8_t*)0x2033c002 = 0; *(uint8_t*)0x2033c003 = 0; *(uint16_t*)0x2033c004 = 0x10; *(uint16_t*)0x2033c006 = 0; *(uint32_t*)0x2033c008 = 0; *(uint32_t*)0x2033c00c = 0; *(uint16_t*)0x2033c010 = 3; *(uint16_t*)0x2033c012 = 6; *(uint8_t*)0x2033c014 = 0; *(uint8_t*)0x2033c015 = 0; *(uint16_t*)0x2033c016 = 0; *(uint16_t*)0x2033c018 = 2; *(uint16_t*)0x2033c01a = htobe16(0); *(uint32_t*)0x2033c01c = htobe32(0x7f000001); *(uint8_t*)0x2033c020 = 0; *(uint8_t*)0x2033c021 = 0; *(uint8_t*)0x2033c022 = 0; *(uint8_t*)0x2033c023 = 0; *(uint8_t*)0x2033c024 = 0; *(uint8_t*)0x2033c025 = 0; *(uint8_t*)0x2033c026 = 0; *(uint8_t*)0x2033c027 = 0; *(uint16_t*)0x2033c028 = 3; *(uint16_t*)0x2033c02a = 5; *(uint8_t*)0x2033c02c = 0; *(uint8_t*)0x2033c02d = 0; *(uint16_t*)0x2033c02e = 0; *(uint16_t*)0x2033c030 = 2; *(uint16_t*)0x2033c032 = htobe16(0); *(uint32_t*)0x2033c034 = htobe32(0); *(uint8_t*)0x2033c038 = 0; *(uint8_t*)0x2033c039 = 0; *(uint8_t*)0x2033c03a = 0; *(uint8_t*)0x2033c03b = 0; *(uint8_t*)0x2033c03c = 0; *(uint8_t*)0x2033c03d = 0; *(uint8_t*)0x2033c03e = 0; *(uint8_t*)0x2033c03f = 0; *(uint16_t*)0x2033c040 = 8; *(uint16_t*)0x2033c042 = 0x12; *(uint16_t*)0x2033c044 = 2; *(uint8_t*)0x2033c046 = 1; *(uint8_t*)0x2033c047 = 0; *(uint32_t*)0x2033c048 = 0; *(uint32_t*)0x2033c04c = 0; *(uint16_t*)0x2033c050 = 0x30; *(uint16_t*)0x2033c052 = 0; *(uint8_t*)0x2033c054 = 3; *(uint8_t*)0x2033c055 = 3; *(uint16_t*)0x2033c056 = 0; *(uint32_t*)0x2033c058 = 0; *(uint32_t*)0x2033c05c = 0; *(uint8_t*)0x2033c060 = -1; *(uint8_t*)0x2033c061 = 1; *(uint8_t*)0x2033c062 = 0; *(uint8_t*)0x2033c063 = 0; *(uint8_t*)0x2033c064 = 0; *(uint8_t*)0x2033c065 = 0; *(uint8_t*)0x2033c066 = 0; *(uint8_t*)0x2033c067 = 0; *(uint8_t*)0x2033c068 = 0; *(uint8_t*)0x2033c069 = 0; *(uint8_t*)0x2033c06a = 0; *(uint8_t*)0x2033c06b = 0; *(uint8_t*)0x2033c06c = 0; *(uint8_t*)0x2033c06d = 0; *(uint8_t*)0x2033c06e = 0; *(uint8_t*)0x2033c06f = 1; *(uint8_t*)0x2033c070 = 0; *(uint8_t*)0x2033c071 = 0; *(uint8_t*)0x2033c072 = 0; *(uint8_t*)0x2033c073 = 0; *(uint8_t*)0x2033c074 = 0; *(uint8_t*)0x2033c075 = 0; *(uint8_t*)0x2033c076 = 0; *(uint8_t*)0x2033c077 = 0; *(uint8_t*)0x2033c078 = 0; *(uint8_t*)0x2033c079 = 0; *(uint8_t*)0x2033c07a = -1; *(uint8_t*)0x2033c07b = -1; *(uint32_t*)0x2033c07c = htobe32(0xe0000001); *(uint64_t*)0x2035d008 = 0x80; *(uint64_t*)0x20360018 = 1; *(uint64_t*)0x20360020 = 0; *(uint64_t*)0x20360028 = 0; *(uint32_t*)0x20360030 = 0; syscall(__NR_sendmsg, r[0], 0x20360000, 0); res = syscall(__NR_socket, 2, 2, 0x88); if (res != -1) r[1] = res; *(uint16_t*)0x20b9aff0 = 2; *(uint16_t*)0x20b9aff2 = htobe16(0x4e20); *(uint32_t*)0x20b9aff4 = htobe32(0); *(uint8_t*)0x20b9aff8 = 0; *(uint8_t*)0x20b9aff9 = 0; *(uint8_t*)0x20b9affa = 0; *(uint8_t*)0x20b9affb = 0; *(uint8_t*)0x20b9affc = 0; *(uint8_t*)0x20b9affd = 0; *(uint8_t*)0x20b9affe = 0; *(uint8_t*)0x20b9afff = 0; syscall(__NR_bind, r[1], 0x20b9aff0, 0x10); *(uint16_t*)0x20319ff0 = 2; *(uint16_t*)0x20319ff2 = htobe16(0x4e20); *(uint32_t*)0x20319ff4 = htobe32(0); *(uint8_t*)0x20319ff8 = 0; *(uint8_t*)0x20319ff9 = 0; *(uint8_t*)0x20319ffa = 0; *(uint8_t*)0x20319ffb = 0; *(uint8_t*)0x20319ffc = 0; *(uint8_t*)0x20319ffd = 0; *(uint8_t*)0x20319ffe = 0; *(uint8_t*)0x20319fff = 0; syscall(__NR_sendto, r[1], 0x20f49000, 0, 0x10000008084, 0x20319ff0, 0x10); syscall(__NR_sendto, r[1], 0x20000000, 0, 0, 0, 0); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }