// https://syzkaller.appspot.com/bug?id=4e947674d10b0fb0cb94d4d723989cee439a71d6 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); long res = 0; res = syscall(__NR_socket, 0x10, 3, 6); if (res != -1) r[0] = res; *(uint64_t*)0x20000340 = 0x20000080; *(uint16_t*)0x20000080 = 0x10; *(uint16_t*)0x20000082 = 0; *(uint32_t*)0x20000084 = 0; *(uint32_t*)0x20000088 = 0; *(uint32_t*)0x20000348 = 0xc; *(uint64_t*)0x20000350 = 0x20000040; *(uint64_t*)0x20000040 = 0x20000640; *(uint32_t*)0x20000640 = 0xb8; *(uint16_t*)0x20000644 = 0x19; *(uint16_t*)0x20000646 = 0x101; *(uint32_t*)0x20000648 = 0; *(uint32_t*)0x2000064c = 0; *(uint32_t*)0x20000650 = htobe32(0); *(uint8_t*)0x20000660 = 0xfe; *(uint8_t*)0x20000661 = 0x80; *(uint8_t*)0x20000662 = 0; *(uint8_t*)0x20000663 = 0; *(uint8_t*)0x20000664 = 0; *(uint8_t*)0x20000665 = 0; *(uint8_t*)0x20000666 = 0; *(uint8_t*)0x20000667 = 0; *(uint8_t*)0x20000668 = 0; *(uint8_t*)0x20000669 = 0; *(uint8_t*)0x2000066a = 0; *(uint8_t*)0x2000066b = 0; *(uint8_t*)0x2000066c = 0; *(uint8_t*)0x2000066d = 0; *(uint8_t*)0x2000066e = 0; *(uint8_t*)0x2000066f = 0xaa; *(uint16_t*)0x20000670 = htobe16(0); *(uint16_t*)0x20000672 = htobe16(0); *(uint16_t*)0x20000674 = htobe16(0); *(uint16_t*)0x20000676 = htobe16(0); *(uint16_t*)0x20000678 = 0xa; *(uint8_t*)0x2000067a = 0; *(uint8_t*)0x2000067b = 0; *(uint8_t*)0x2000067c = 0; *(uint32_t*)0x20000680 = 0; *(uint32_t*)0x20000684 = 0; *(uint64_t*)0x20000688 = 0; *(uint64_t*)0x20000690 = 0; *(uint64_t*)0x20000698 = 0; *(uint64_t*)0x200006a0 = 0; *(uint64_t*)0x200006a8 = 0; *(uint64_t*)0x200006b0 = 0; *(uint64_t*)0x200006b8 = 0; *(uint64_t*)0x200006c0 = 0; *(uint64_t*)0x200006c8 = 0; *(uint64_t*)0x200006d0 = 0; *(uint64_t*)0x200006d8 = 0; *(uint64_t*)0x200006e0 = 0; *(uint32_t*)0x200006e8 = 0; *(uint32_t*)0x200006ec = 0; *(uint8_t*)0x200006f0 = 0; *(uint8_t*)0x200006f1 = 0; *(uint8_t*)0x200006f2 = 0; *(uint8_t*)0x200006f3 = 0; *(uint64_t*)0x20000048 = 0xb8; *(uint64_t*)0x20000358 = 1; *(uint64_t*)0x20000360 = 0; *(uint64_t*)0x20000368 = 0; *(uint32_t*)0x20000370 = 0; syscall(__NR_sendmsg, r[0], 0x20000340, 0); res = syscall(__NR_socket, 2, 0x200000002, 0x88); if (res != -1) r[1] = res; *(uint16_t*)0x20000000 = 2; *(uint16_t*)0x20000002 = htobe16(0x4e21); *(uint32_t*)0x20000004 = htobe32(0); *(uint8_t*)0x20000008 = 0; *(uint8_t*)0x20000009 = 0; *(uint8_t*)0x2000000a = 0; *(uint8_t*)0x2000000b = 0; *(uint8_t*)0x2000000c = 0; *(uint8_t*)0x2000000d = 0; *(uint8_t*)0x2000000e = 0; *(uint8_t*)0x2000000f = 0; syscall(__NR_bind, r[1], 0x20000000, 0x10); res = syscall(__NR_dup2, r[1], r[1]); if (res != -1) r[2] = res; *(uint16_t*)0x20000080 = 2; *(uint16_t*)0x20000082 = htobe16(0x4e21); *(uint32_t*)0x20000084 = htobe32(0); *(uint8_t*)0x20000088 = 0; *(uint8_t*)0x20000089 = 0; *(uint8_t*)0x2000008a = 0; *(uint8_t*)0x2000008b = 0; *(uint8_t*)0x2000008c = 0; *(uint8_t*)0x2000008d = 0; *(uint8_t*)0x2000008e = 0; *(uint8_t*)0x2000008f = 0; syscall(__NR_sendto, r[1], 0x20000040, 0, 0x8000, 0x20000080, 0x10); *(uint16_t*)0x20000200 = 2; *(uint16_t*)0x20000202 = htobe16(0); *(uint32_t*)0x20000204 = htobe32(-1); *(uint8_t*)0x20000208 = 0; *(uint8_t*)0x20000209 = 0; *(uint8_t*)0x2000020a = 0; *(uint8_t*)0x2000020b = 0; *(uint8_t*)0x2000020c = 0; *(uint8_t*)0x2000020d = 0; *(uint8_t*)0x2000020e = 0; *(uint8_t*)0x2000020f = 0; syscall(__NR_sendto, r[2], 0x200001c0, 0, 0, 0x20000200, 0x10); return 0; }