| // lost connection to test machine |
| // https://syzkaller.appspot.com/bug?id=bff61d87129afb198021fa0a2d4d09706a14ada8 |
| // status:invalid |
| // autogenerated by syzkaller (http://github.com/google/syzkaller) |
| |
| #define _GNU_SOURCE |
| |
| #include <pthread.h> |
| #include <stdint.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <sys/syscall.h> |
| #include <unistd.h> |
| |
| long r[280]; |
| void* thr(void* arg) |
| { |
| switch ((long)arg) { |
| case 0: |
| r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul, |
| 0xfffffffffffffffful, 0x0ul); |
| break; |
| case 1: |
| r[1] = syscall(__NR_socket, 0x2ul, 0x800000000001ul, 0x84ul); |
| break; |
| case 2: |
| *(uint64_t*)0x20f44000 = (uint64_t)0x20ffcfe4; |
| *(uint32_t*)0x20f44008 = (uint32_t)0x1c; |
| *(uint64_t*)0x20f44010 = (uint64_t)0x200fbfb0; |
| *(uint64_t*)0x20f44018 = (uint64_t)0x5; |
| *(uint64_t*)0x20f44020 = (uint64_t)0x20000000; |
| *(uint64_t*)0x20f44028 = (uint64_t)0x0; |
| *(uint32_t*)0x20f44030 = (uint32_t)0x80; |
| *(uint64_t*)0x20f44038 = (uint64_t)0x20ffc000; |
| *(uint32_t*)0x20f44040 = (uint32_t)0x1c; |
| *(uint64_t*)0x20f44048 = (uint64_t)0x20ffc000; |
| *(uint64_t*)0x20f44050 = (uint64_t)0x8; |
| *(uint64_t*)0x20f44058 = (uint64_t)0x20ffce80; |
| *(uint64_t*)0x20f44060 = (uint64_t)0x8; |
| *(uint32_t*)0x20f44068 = (uint32_t)0x20000000; |
| *(uint64_t*)0x20f44070 = (uint64_t)0x2055dff0; |
| *(uint32_t*)0x20f44078 = (uint32_t)0x10; |
| *(uint64_t*)0x20f44080 = (uint64_t)0x20ffc000; |
| *(uint64_t*)0x20f44088 = (uint64_t)0x2; |
| *(uint64_t*)0x20f44090 = (uint64_t)0x20763000; |
| *(uint64_t*)0x20f44098 = (uint64_t)0x3; |
| *(uint32_t*)0x20f440a0 = (uint32_t)0x804; |
| *(uint64_t*)0x20f440a8 = (uint64_t)0x20ffcfe4; |
| *(uint32_t*)0x20f440b0 = (uint32_t)0x1c; |
| *(uint64_t*)0x20f440b8 = (uint64_t)0x20ffc000; |
| *(uint64_t*)0x20f440c0 = (uint64_t)0xa; |
| *(uint64_t*)0x20f440c8 = (uint64_t)0x20000000; |
| *(uint64_t*)0x20f440d0 = (uint64_t)0x0; |
| *(uint32_t*)0x20f440d8 = (uint32_t)0x800; |
| *(uint64_t*)0x20f440e0 = (uint64_t)0x20ffcff0; |
| *(uint32_t*)0x20f440e8 = (uint32_t)0x10; |
| *(uint64_t*)0x20f440f0 = (uint64_t)0x20ffcfa0; |
| *(uint64_t*)0x20f440f8 = (uint64_t)0x6; |
| *(uint64_t*)0x20f44100 = (uint64_t)0x20ffcfd0; |
| *(uint64_t*)0x20f44108 = (uint64_t)0x1; |
| *(uint32_t*)0x20f44110 = (uint32_t)0x4015; |
| *(uint16_t*)0x20ffcfe4 = (uint16_t)0xa; |
| *(uint16_t*)0x20ffcfe6 = (uint16_t)0x224e; |
| *(uint32_t*)0x20ffcfe8 = (uint32_t)0x4; |
| *(uint8_t*)0x20ffcfec = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcfed = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcfee = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcfef = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff0 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff1 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff2 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff3 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff4 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff5 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff6 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff7 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff8 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff9 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcffa = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcffb = (uint8_t)0x0; |
| *(uint32_t*)0x20ffcffc = (uint32_t)0x800; |
| *(uint64_t*)0x200fbfb0 = (uint64_t)0x20163000; |
| *(uint64_t*)0x200fbfb8 = (uint64_t)0x0; |
| *(uint64_t*)0x200fbfc0 = (uint64_t)0x20ffc000; |
| *(uint64_t*)0x200fbfc8 = (uint64_t)0x0; |
| *(uint64_t*)0x200fbfd0 = (uint64_t)0x20ffc000; |
| *(uint64_t*)0x200fbfd8 = (uint64_t)0x0; |
| *(uint64_t*)0x200fbfe0 = (uint64_t)0x20ffcfd1; |
| *(uint64_t*)0x200fbfe8 = (uint64_t)0x0; |
| *(uint64_t*)0x200fbff0 = (uint64_t)0x203b0000; |
| *(uint64_t*)0x200fbff8 = (uint64_t)0x30; |
| memcpy((void*)0x203b0000, "\x0c\x57\x81\x0e\xd8\x68\x73\x98\x5c\xff" |
| "\xc4\x0e\x1e\x84\xdb\x64\x8a\xab\x1e\xeb" |
| "\x85\x3d\x92\xa5\xa6\x98\xd2\xbf\x69\xf2" |
| "\x3e\xee\xd6\xd5\x0a\xed\xdc\xf7\x93\xc9" |
| "\xef\x5c\x5e\x10\xf1\xb6\xc0\x42", |
| 48); |
| *(uint16_t*)0x20ffc000 = (uint16_t)0xa; |
| *(uint16_t*)0x20ffc002 = (uint16_t)0x224e; |
| *(uint32_t*)0x20ffc004 = (uint32_t)0xe2; |
| *(uint8_t*)0x20ffc008 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc009 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc00a = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc00b = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc00c = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc00d = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc00e = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc00f = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc010 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc011 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc012 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc013 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc014 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc015 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc016 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffc017 = (uint8_t)0x0; |
| *(uint32_t*)0x20ffc018 = (uint32_t)0x3; |
| *(uint64_t*)0x20ffc000 = (uint64_t)0x20c95f56; |
| *(uint64_t*)0x20ffc008 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc010 = (uint64_t)0x20ffc000; |
| *(uint64_t*)0x20ffc018 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc020 = (uint64_t)0x20ffcf88; |
| *(uint64_t*)0x20ffc028 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc030 = (uint64_t)0x20004f33; |
| *(uint64_t*)0x20ffc038 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc040 = (uint64_t)0x20ffcf5e; |
| *(uint64_t*)0x20ffc048 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc050 = (uint64_t)0x20e84fc1; |
| *(uint64_t*)0x20ffc058 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc060 = (uint64_t)0x20e5f000; |
| *(uint64_t*)0x20ffc068 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc070 = (uint64_t)0x20cfcf11; |
| *(uint64_t*)0x20ffc078 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffce80 = (uint64_t)0x20; |
| *(uint32_t*)0x20ffce88 = (uint32_t)0x84; |
| *(uint32_t*)0x20ffce8c = (uint32_t)0x2; |
| *(uint16_t*)0x20ffce90 = (uint16_t)0x6; |
| *(uint16_t*)0x20ffce92 = (uint16_t)0x2; |
| *(uint32_t*)0x20ffce94 = (uint32_t)0x5; |
| *(uint32_t*)0x20ffce98 = (uint32_t)0x80000001; |
| *(uint32_t*)0x20ffce9c = (uint32_t)0x0; |
| *(uint64_t*)0x20ffceb0 = (uint64_t)0x30; |
| *(uint32_t*)0x20ffceb8 = (uint32_t)0x84; |
| *(uint32_t*)0x20ffcebc = (uint32_t)0x1; |
| *(uint16_t*)0x20ffcec0 = (uint16_t)0x7; |
| *(uint16_t*)0x20ffcec2 = (uint16_t)0x100; |
| *(uint16_t*)0x20ffcec4 = (uint16_t)0x2; |
| *(uint32_t*)0x20ffcec8 = (uint32_t)0x9; |
| *(uint32_t*)0x20ffcecc = (uint32_t)0xff; |
| *(uint32_t*)0x20ffced0 = (uint32_t)0xfffffffffffffeff; |
| *(uint32_t*)0x20ffced4 = (uint32_t)0x6; |
| *(uint32_t*)0x20ffced8 = (uint32_t)0x0; |
| *(uint32_t*)0x20ffcedc = (uint32_t)0x0; |
| *(uint64_t*)0x20ffcee0 = (uint64_t)0x18; |
| *(uint32_t*)0x20ffcee8 = (uint32_t)0x84; |
| *(uint32_t*)0x20ffceec = (uint32_t)0x0; |
| *(uint16_t*)0x20ffcef0 = (uint16_t)0x1ff; |
| *(uint16_t*)0x20ffcef2 = (uint16_t)0x5eac; |
| *(uint16_t*)0x20ffcef4 = (uint16_t)0x1; |
| *(uint16_t*)0x20ffcef6 = (uint16_t)0x1ff; |
| *(uint64_t*)0x20ffcf10 = (uint64_t)0x18; |
| *(uint32_t*)0x20ffcf18 = (uint32_t)0x84; |
| *(uint32_t*)0x20ffcf1c = (uint32_t)0x0; |
| *(uint16_t*)0x20ffcf20 = (uint16_t)0x100000000; |
| *(uint16_t*)0x20ffcf22 = (uint16_t)0x1ff; |
| *(uint16_t*)0x20ffcf24 = (uint16_t)0x8f0; |
| *(uint16_t*)0x20ffcf26 = (uint16_t)0x6; |
| *(uint64_t*)0x20ffcf40 = (uint64_t)0x30; |
| *(uint32_t*)0x20ffcf48 = (uint32_t)0x84; |
| *(uint32_t*)0x20ffcf4c = (uint32_t)0x1; |
| *(uint16_t*)0x20ffcf50 = (uint16_t)0x6; |
| *(uint16_t*)0x20ffcf52 = (uint16_t)0xa6; |
| *(uint16_t*)0x20ffcf54 = (uint16_t)0x4; |
| *(uint32_t*)0x20ffcf58 = (uint32_t)0x7ff; |
| *(uint32_t*)0x20ffcf5c = (uint32_t)0xc1; |
| *(uint32_t*)0x20ffcf60 = (uint32_t)0x7; |
| *(uint32_t*)0x20ffcf64 = (uint32_t)0x927; |
| *(uint32_t*)0x20ffcf68 = (uint32_t)0x81; |
| *(uint32_t*)0x20ffcf6c = (uint32_t)0x0; |
| *(uint64_t*)0x20ffcf70 = (uint64_t)0x20; |
| *(uint32_t*)0x20ffcf78 = (uint32_t)0x84; |
| *(uint32_t*)0x20ffcf7c = (uint32_t)0x2; |
| *(uint16_t*)0x20ffcf80 = (uint16_t)0x8; |
| *(uint16_t*)0x20ffcf82 = (uint16_t)0xa; |
| *(uint32_t*)0x20ffcf84 = (uint32_t)0x1; |
| *(uint32_t*)0x20ffcf88 = (uint32_t)0x1; |
| *(uint32_t*)0x20ffcf8c = (uint32_t)0x0; |
| *(uint64_t*)0x20ffcfa0 = (uint64_t)0x20; |
| *(uint32_t*)0x20ffcfa8 = (uint32_t)0x84; |
| *(uint32_t*)0x20ffcfac = (uint32_t)0x2; |
| *(uint16_t*)0x20ffcfb0 = (uint16_t)0x2; |
| *(uint16_t*)0x20ffcfb2 = (uint16_t)0x820a; |
| *(uint32_t*)0x20ffcfb4 = (uint32_t)0x1; |
| *(uint32_t*)0x20ffcfb8 = (uint32_t)0x3; |
| *(uint32_t*)0x20ffcfbc = (uint32_t)0x0; |
| *(uint64_t*)0x20ffcfd0 = (uint64_t)0x18; |
| *(uint32_t*)0x20ffcfd8 = (uint32_t)0x84; |
| *(uint32_t*)0x20ffcfdc = (uint32_t)0x0; |
| *(uint16_t*)0x20ffcfe0 = (uint16_t)0x40; |
| *(uint16_t*)0x20ffcfe2 = (uint16_t)0x0; |
| *(uint16_t*)0x20ffcfe4 = (uint16_t)0x6; |
| *(uint16_t*)0x20ffcfe6 = (uint16_t)0x7; |
| *(uint16_t*)0x2055dff0 = (uint16_t)0x2; |
| *(uint16_t*)0x2055dff2 = (uint16_t)0x204e; |
| *(uint8_t*)0x2055dff4 = (uint8_t)0xac; |
| *(uint8_t*)0x2055dff5 = (uint8_t)0x14; |
| *(uint8_t*)0x2055dff6 = (uint8_t)0x0; |
| *(uint8_t*)0x2055dff7 = (uint8_t)0xaa; |
| *(uint8_t*)0x2055dff8 = (uint8_t)0x0; |
| *(uint8_t*)0x2055dff9 = (uint8_t)0x0; |
| *(uint8_t*)0x2055dffa = (uint8_t)0x0; |
| *(uint8_t*)0x2055dffb = (uint8_t)0x0; |
| *(uint8_t*)0x2055dffc = (uint8_t)0x0; |
| *(uint8_t*)0x2055dffd = (uint8_t)0x0; |
| *(uint8_t*)0x2055dffe = (uint8_t)0x0; |
| *(uint8_t*)0x2055dfff = (uint8_t)0x0; |
| *(uint64_t*)0x20ffc000 = (uint64_t)0x20a0ffa9; |
| *(uint64_t*)0x20ffc008 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc010 = (uint64_t)0x2016d000; |
| *(uint64_t*)0x20ffc018 = (uint64_t)0x0; |
| *(uint64_t*)0x20763000 = (uint64_t)0x30; |
| *(uint32_t*)0x20763008 = (uint32_t)0x84; |
| *(uint32_t*)0x2076300c = (uint32_t)0x1; |
| *(uint16_t*)0x20763010 = (uint16_t)0x80000001; |
| *(uint16_t*)0x20763012 = (uint16_t)0x2; |
| *(uint16_t*)0x20763014 = (uint16_t)0x8006; |
| *(uint32_t*)0x20763018 = (uint32_t)0x101; |
| *(uint32_t*)0x2076301c = (uint32_t)0x6; |
| *(uint32_t*)0x20763020 = (uint32_t)0x5c; |
| *(uint32_t*)0x20763024 = (uint32_t)0xa24; |
| *(uint32_t*)0x20763028 = (uint32_t)0x3; |
| *(uint32_t*)0x2076302c = (uint32_t)0x0; |
| *(uint64_t*)0x20763030 = (uint64_t)0x20; |
| *(uint32_t*)0x20763038 = (uint32_t)0x84; |
| *(uint32_t*)0x2076303c = (uint32_t)0x2; |
| *(uint16_t*)0x20763040 = (uint16_t)0x3; |
| *(uint16_t*)0x20763042 = (uint16_t)0x8; |
| *(uint32_t*)0x20763044 = (uint32_t)0x8; |
| *(uint32_t*)0x20763048 = (uint32_t)0x5; |
| *(uint32_t*)0x2076304c = (uint32_t)0x0; |
| *(uint64_t*)0x20763060 = (uint64_t)0x20; |
| *(uint32_t*)0x20763068 = (uint32_t)0x84; |
| *(uint32_t*)0x2076306c = (uint32_t)0x2; |
| *(uint16_t*)0x20763070 = (uint16_t)0x1; |
| *(uint16_t*)0x20763072 = (uint16_t)0x800a; |
| *(uint32_t*)0x20763074 = (uint32_t)0x6; |
| *(uint32_t*)0x20763078 = (uint32_t)0x401; |
| *(uint32_t*)0x2076307c = (uint32_t)0x0; |
| *(uint16_t*)0x20ffcfe4 = (uint16_t)0xa; |
| *(uint16_t*)0x20ffcfe6 = (uint16_t)0x214e; |
| *(uint32_t*)0x20ffcfe8 = (uint32_t)0x2; |
| *(uint64_t*)0x20ffcfec = (uint64_t)0x0; |
| *(uint64_t*)0x20ffcff4 = (uint64_t)0x100000000000000; |
| *(uint32_t*)0x20ffcffc = (uint32_t)0x8; |
| *(uint64_t*)0x20ffc000 = (uint64_t)0x20557000; |
| *(uint64_t*)0x20ffc008 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc010 = (uint64_t)0x2034d000; |
| *(uint64_t*)0x20ffc018 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc020 = (uint64_t)0x20ba9000; |
| *(uint64_t*)0x20ffc028 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc030 = (uint64_t)0x20ffc000; |
| *(uint64_t*)0x20ffc038 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc040 = (uint64_t)0x20ffcfcf; |
| *(uint64_t*)0x20ffc048 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc050 = (uint64_t)0x202c4000; |
| *(uint64_t*)0x20ffc058 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc060 = (uint64_t)0x20ffcfbc; |
| *(uint64_t*)0x20ffc068 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc070 = (uint64_t)0x20ffcf42; |
| *(uint64_t*)0x20ffc078 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc080 = (uint64_t)0x20c86000; |
| *(uint64_t*)0x20ffc088 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffc090 = (uint64_t)0x205ad000; |
| *(uint64_t*)0x20ffc098 = (uint64_t)0x0; |
| *(uint16_t*)0x20ffcff0 = (uint16_t)0x2; |
| *(uint16_t*)0x20ffcff2 = (uint16_t)0x204e; |
| *(uint32_t*)0x20ffcff4 = (uint32_t)0x20000e0; |
| *(uint8_t*)0x20ffcff8 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcff9 = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcffa = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcffb = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcffc = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcffd = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcffe = (uint8_t)0x0; |
| *(uint8_t*)0x20ffcfff = (uint8_t)0x0; |
| *(uint64_t*)0x20ffcfa0 = (uint64_t)0x2020df35; |
| *(uint64_t*)0x20ffcfa8 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffcfb0 = (uint64_t)0x20ffcf9b; |
| *(uint64_t*)0x20ffcfb8 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffcfc0 = (uint64_t)0x206b4000; |
| *(uint64_t*)0x20ffcfc8 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffcfd0 = (uint64_t)0x20dfff5f; |
| *(uint64_t*)0x20ffcfd8 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffcfe0 = (uint64_t)0x20ffcf34; |
| *(uint64_t*)0x20ffcfe8 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffcff0 = (uint64_t)0x20774f1b; |
| *(uint64_t*)0x20ffcff8 = (uint64_t)0x0; |
| *(uint64_t*)0x20ffcfd0 = (uint64_t)0x20; |
| *(uint32_t*)0x20ffcfd8 = (uint32_t)0x84; |
| *(uint32_t*)0x20ffcfdc = (uint32_t)0x2; |
| *(uint16_t*)0x20ffcfe0 = (uint16_t)0x4; |
| *(uint16_t*)0x20ffcfe2 = (uint16_t)0x8; |
| *(uint32_t*)0x20ffcfe4 = (uint32_t)0x2; |
| *(uint32_t*)0x20ffcfe8 = (uint32_t)0x9; |
| *(uint32_t*)0x20ffcfec = (uint32_t)0x0; |
| r[276] = syscall(__NR_sendmmsg, r[1], 0x20f44000ul, 0x5ul, 0x10ul); |
| break; |
| case 3: |
| r[277] = syscall(__NR_listen, r[1], 0x9ul); |
| break; |
| case 4: |
| *(uint32_t*)0x20ffd000 = (uint32_t)0x10; |
| r[279] = syscall(__NR_accept, r[1], 0x20ffc000ul, 0x20ffd000ul); |
| break; |
| } |
| return 0; |
| } |
| |
| void loop() |
| { |
| long i; |
| pthread_t th[10]; |
| |
| memset(r, -1, sizeof(r)); |
| for (i = 0; i < 5; i++) { |
| pthread_create(&th[i], 0, thr, (void*)i); |
| usleep(rand() % 10000); |
| } |
| usleep(rand() % 100000); |
| } |
| |
| int main() |
| { |
| loop(); |
| return 0; |
| } |
