// https://syzkaller.appspot.com/bug?id=566325c29e627765e4f5d223163e5c15191f0f46 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0xa, 2, 0); if (res != -1) r[0] = res; *(uint16_t*)0x2000cfe4 = 0xa; *(uint16_t*)0x2000cfe6 = htobe16(0x4e20); *(uint32_t*)0x2000cfe8 = 0; *(uint8_t*)0x2000cfec = 0; *(uint8_t*)0x2000cfed = 0; *(uint8_t*)0x2000cfee = 0; *(uint8_t*)0x2000cfef = 0; *(uint8_t*)0x2000cff0 = 0; *(uint8_t*)0x2000cff1 = 0; *(uint8_t*)0x2000cff2 = 0; *(uint8_t*)0x2000cff3 = 0; *(uint8_t*)0x2000cff4 = 0; *(uint8_t*)0x2000cff5 = 0; *(uint8_t*)0x2000cff6 = 0; *(uint8_t*)0x2000cff7 = 0; *(uint8_t*)0x2000cff8 = 0; *(uint8_t*)0x2000cff9 = 0; *(uint8_t*)0x2000cffa = 0; *(uint8_t*)0x2000cffb = 0; *(uint32_t*)0x2000cffc = 0; syscall(__NR_connect, r[0], 0x2000cfe4, 0x1c); *(uint64_t*)0x20000080 = 0; *(uint32_t*)0x20000088 = 0; *(uint64_t*)0x20000090 = 0x20000040; *(uint64_t*)0x20000040 = 0x20001000; *(uint64_t*)0x20000048 = 0; *(uint64_t*)0x20000098 = 1; *(uint64_t*)0x200000a0 = 0x20002000; *(uint64_t*)0x200000a8 = 0; *(uint32_t*)0x200000b0 = 0; syscall(__NR_sendmsg, r[0], 0x20000080, 0x8000); *(uint64_t*)0x20000440 = 0; *(uint32_t*)0x20000448 = 0; *(uint64_t*)0x20000450 = 0x20002ff0; *(uint64_t*)0x20002ff0 = 0x20000040; memcpy((void*)0x20000040, "\xbc\xe5", 2); *(uint64_t*)0x20002ff8 = 2; *(uint64_t*)0x20000458 = 1; *(uint64_t*)0x20000460 = 0x2000ae80; *(uint64_t*)0x20000468 = 0; *(uint32_t*)0x20000470 = 0; syscall(__NR_sendmsg, r[0], 0x20000440, 0); *(uint32_t*)0x20000040 = -1; *(uint32_t*)0x20000044 = -1; syscall(__NR_ioctl, -1, 0x890b, 0x20000040); *(uint16_t*)0x20001a80 = 2; *(uint16_t*)0x20001a82 = htobe16(0x4e24); *(uint32_t*)0x20001a84 = htobe32(0xe0000002); *(uint8_t*)0x20001a88 = 0; *(uint8_t*)0x20001a89 = 0; *(uint8_t*)0x20001a8a = 0; *(uint8_t*)0x20001a8b = 0; *(uint8_t*)0x20001a8c = 0; *(uint8_t*)0x20001a8d = 0; *(uint8_t*)0x20001a8e = 0; *(uint8_t*)0x20001a8f = 0; *(uint16_t*)0x20001a90 = 0xa; *(uint16_t*)0x20001a92 = htobe16(0x4e20); *(uint32_t*)0x20001a94 = 0xfffffffc; *(uint8_t*)0x20001a98 = -1; *(uint8_t*)0x20001a99 = 1; *(uint8_t*)0x20001a9a = 0; *(uint8_t*)0x20001a9b = 0; *(uint8_t*)0x20001a9c = 0; *(uint8_t*)0x20001a9d = 0; *(uint8_t*)0x20001a9e = 0; *(uint8_t*)0x20001a9f = 0; *(uint8_t*)0x20001aa0 = 0; *(uint8_t*)0x20001aa1 = 0; *(uint8_t*)0x20001aa2 = 0; *(uint8_t*)0x20001aa3 = 0; *(uint8_t*)0x20001aa4 = 0; *(uint8_t*)0x20001aa5 = 0; *(uint8_t*)0x20001aa6 = 0; *(uint8_t*)0x20001aa7 = 1; *(uint32_t*)0x20001aa8 = 9; *(uint16_t*)0x20001aac = 0xa; *(uint16_t*)0x20001aae = htobe16(0x4e21); *(uint32_t*)0x20001ab0 = 0xb78d; *(uint8_t*)0x20001ab4 = 0xfe; *(uint8_t*)0x20001ab5 = 0x80; *(uint8_t*)0x20001ab6 = 0; *(uint8_t*)0x20001ab7 = 0; *(uint8_t*)0x20001ab8 = 0; *(uint8_t*)0x20001ab9 = 0; *(uint8_t*)0x20001aba = 0; *(uint8_t*)0x20001abb = 0; *(uint8_t*)0x20001abc = 0; *(uint8_t*)0x20001abd = 0; *(uint8_t*)0x20001abe = 0; *(uint8_t*)0x20001abf = 0; *(uint8_t*)0x20001ac0 = 0; *(uint8_t*)0x20001ac1 = 0; *(uint8_t*)0x20001ac2 = 0; *(uint8_t*)0x20001ac3 = 0xbb; *(uint32_t*)0x20001ac4 = 4; *(uint16_t*)0x20001ac8 = 0xa; *(uint16_t*)0x20001aca = htobe16(0x4e24); *(uint32_t*)0x20001acc = 8; *(uint8_t*)0x20001ad0 = 0xfe; *(uint8_t*)0x20001ad1 = 0x80; *(uint8_t*)0x20001ad2 = 0; *(uint8_t*)0x20001ad3 = 0; *(uint8_t*)0x20001ad4 = 0; *(uint8_t*)0x20001ad5 = 0; *(uint8_t*)0x20001ad6 = 0; *(uint8_t*)0x20001ad7 = 0; *(uint8_t*)0x20001ad8 = 0; *(uint8_t*)0x20001ad9 = 0; *(uint8_t*)0x20001ada = 0; *(uint8_t*)0x20001adb = 0; *(uint8_t*)0x20001adc = 0; *(uint8_t*)0x20001add = 0; *(uint8_t*)0x20001ade = 0; *(uint8_t*)0x20001adf = 0x13; *(uint32_t*)0x20001ae0 = -1; *(uint16_t*)0x20001ae4 = 2; *(uint16_t*)0x20001ae6 = htobe16(0x4e21); *(uint8_t*)0x20001ae8 = 0xac; *(uint8_t*)0x20001ae9 = 0x14; *(uint8_t*)0x20001aea = 0x14; *(uint8_t*)0x20001aeb = 0xd; *(uint8_t*)0x20001aec = 0; *(uint8_t*)0x20001aed = 0; *(uint8_t*)0x20001aee = 0; *(uint8_t*)0x20001aef = 0; *(uint8_t*)0x20001af0 = 0; *(uint8_t*)0x20001af1 = 0; *(uint8_t*)0x20001af2 = 0; *(uint8_t*)0x20001af3 = 0; *(uint16_t*)0x20001af4 = 0xa; *(uint16_t*)0x20001af6 = htobe16(0x4e24); *(uint32_t*)0x20001af8 = 0x800; *(uint8_t*)0x20001afc = 0; *(uint8_t*)0x20001afd = 0; *(uint8_t*)0x20001afe = 0; *(uint8_t*)0x20001aff = 0; *(uint8_t*)0x20001b00 = 0; *(uint8_t*)0x20001b01 = 0; *(uint8_t*)0x20001b02 = 0; *(uint8_t*)0x20001b03 = 0; *(uint8_t*)0x20001b04 = 0; *(uint8_t*)0x20001b05 = 0; *(uint8_t*)0x20001b06 = -1; *(uint8_t*)0x20001b07 = -1; *(uint8_t*)0x20001b08 = 0xac; *(uint8_t*)0x20001b09 = 0x14; *(uint8_t*)0x20001b0a = 0x14; *(uint8_t*)0x20001b0b = 0x18; *(uint32_t*)0x20001b0c = 5; syscall(__NR_setsockopt, -1, 0x84, 0x6e, 0x20001a80, 0x90); *(uint64_t*)0x20001b40 = 0x12; syscall(__NR_setsockopt, -1, 0x28, 2, 0x20001b40, 8); syscall(__NR_msgget, 0, 0x424); *(uint32_t*)0x20001b80 = 0; *(uint32_t*)0x20001b84 = 0x55a5; *(uint32_t*)0x20001bc0 = 8; syscall(__NR_getsockopt, -1, 0x84, 0x66, 0x20001b80, 0x20001bc0); *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0x18; *(uint16_t*)0x2000000c = htobe16(0x8137); *(uint16_t*)0x2000000e = htobe16(-1); *(uint16_t*)0x20000010 = htobe16(0x1e); *(uint8_t*)0x20000012 = 0; *(uint8_t*)0x20000013 = 5; *(uint32_t*)0x20000014 = htobe32(-1); *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint16_t*)0x2000001e = htobe16(4); *(uint32_t*)0x20000020 = htobe32(-1); *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0; *(uint8_t*)0x20000026 = 0; *(uint8_t*)0x20000027 = 0; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint16_t*)0x2000002a = htobe16(5); *(uint32_t*)0x200000c0 = 1; *(uint32_t*)0x200000c4 = 3; *(uint32_t*)0x200000c8 = 0xaac; *(uint32_t*)0x200000cc = 0x51; *(uint32_t*)0x200000d0 = 0xa98; *(uint32_t*)0x200000d4 = 0xd84; } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }