|
// autogenerated by syzkaller (https://github.com/google/syzkaller)
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <endian.h>
|
|
#include <stdint.h>
|
|
#include <string.h>
|
|
#include <sys/syscall.h>
|
|
#include <unistd.h>
|
|
#include <sys/mman.h>
|
|
|
|
#include <stdio.h>
|
|
#include <sys/ioctl.h>
|
|
#include <net/if.h>
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <netpacket/packet.h>
|
|
#include <net/ethernet.h>
|
|
#include <stdint.h>
|
|
#include <string.h>
|
|
#include <arpa/inet.h>
|
|
#include <unistd.h>
|
|
|
|
|
|
static void reset_test()
|
|
{
|
|
int fd;
|
|
for (fd = 3; fd < 30; fd++)
|
|
close(fd);
|
|
}
|
|
|
|
void execute_one(void)
|
|
{
|
|
uint8_t buf[] = "\x05\x03\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\xc5\x2c";
|
|
struct ifreq req;
|
|
int ifindex = 0;
|
|
long res = 0;
|
|
int sock;
|
|
struct sockaddr_ll addr;
|
|
int opt;
|
|
|
|
syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
|
|
|
|
sock = socket(PF_PACKET, SOCK_RAW, htons(0x1337));
|
|
if (res == -1) {
|
|
perror("socket");
|
|
return;
|
|
}
|
|
|
|
strncpy(req.ifr_name, "batadv0", IFNAMSIZ);
|
|
|
|
res = ioctl(sock, SIOCGIFINDEX, &req);
|
|
if (res != -1)
|
|
ifindex = req.ifr_ifindex;
|
|
|
|
opt = 4;
|
|
setsockopt(sock, SOL_PACKET, PACKET_QDISC_BYPASS, &opt, 4);
|
|
|
|
|
|
addr.sll_family = AF_PACKET;
|
|
addr.sll_protocol = 0;
|
|
addr.sll_ifindex = ifindex;
|
|
|
|
bind(sock, (struct sockaddr *)&addr, sizeof(addr));
|
|
sendto(sock, buf, sizeof(buf), 0, 0, 0);
|
|
}
|
|
int main(void)
|
|
{
|
|
int iter;
|
|
for (iter = 0;; iter++) {
|
|
execute_one();
|
|
reset_test();
|
|
}
|
|
return 0;
|
|
}
|