// https://syzkaller.appspot.com/bug?id=8b5017b5ed66cf65459cdbe19cd6ec9f41928a67 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_sendmsg #define __NR_sendmsg 370 #endif #ifndef __NR_socket #define __NR_socket 359 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; int main(void) { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); intptr_t res = 0; res = syscall(__NR_socket, 0x10, 3, 9); if (res != -1) r[0] = res; *(uint32_t*)0x200063c0 = 0; *(uint32_t*)0x200063c4 = 0; *(uint32_t*)0x200063c8 = 0x20006380; *(uint32_t*)0x20006380 = 0x20006340; *(uint32_t*)0x20006340 = 0x34; *(uint16_t*)0x20006344 = 0x3e9; *(uint16_t*)0x20006346 = 0; *(uint32_t*)0x20006348 = 0; *(uint32_t*)0x2000634c = 0; *(uint32_t*)0x20006350 = 0x1d; *(uint32_t*)0x20006354 = 1; *(uint32_t*)0x20006358 = 0; *(uint32_t*)0x2000635c = 0; *(uint32_t*)0x20006360 = 0; *(uint32_t*)0x20006364 = 0; *(uint32_t*)0x20006368 = 0; *(uint32_t*)0x2000636c = 0; *(uint32_t*)0x20006370 = 0; *(uint32_t*)0x20006384 = 0x34; *(uint32_t*)0x200063cc = 1; *(uint32_t*)0x200063d0 = 0; *(uint32_t*)0x200063d4 = 0; *(uint32_t*)0x200063d8 = 0; syscall(__NR_sendmsg, (intptr_t)r[0], 0x200063c0, 0); res = syscall(__NR_socket, 0x10, 3, 9); if (res != -1) r[1] = res; *(uint32_t*)0x20000200 = 0; *(uint32_t*)0x20000204 = 0; *(uint32_t*)0x20000208 = 0x200000c0; *(uint32_t*)0x200000c0 = 0x20000040; *(uint32_t*)0x20000040 = 0x10; *(uint16_t*)0x20000044 = 0x3ed; *(uint16_t*)0x20000046 = 0; *(uint32_t*)0x20000048 = 0; *(uint32_t*)0x2000004c = 0; *(uint32_t*)0x200000c4 = 0x10; *(uint32_t*)0x2000020c = 1; *(uint32_t*)0x20000210 = 0; *(uint32_t*)0x20000214 = 0; *(uint32_t*)0x20000218 = 0; syscall(__NR_sendmsg, (intptr_t)r[1], 0x20000200, 0); return 0; }