| // general protection fault in xsk_diag_dump |
| // https://syzkaller.appspot.com/bug?id=3120afdf15ad1b3da8a89af459e4d8feac2432d6 |
| // status:fixed |
| // autogenerated by syzkaller (https://github.com/google/syzkaller) |
| |
| #define _GNU_SOURCE |
| |
| #include <endian.h> |
| #include <stdint.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <sys/syscall.h> |
| #include <sys/types.h> |
| #include <unistd.h> |
| |
| uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; |
| |
| int main(void) |
| { |
| syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); |
| long res = 0; |
| res = syscall(__NR_socket, 0x10, 3, 0x400000000000004); |
| if (res != -1) |
| r[0] = res; |
| res = syscall(__NR_socket, 0x2c, 3, 0); |
| if (res != -1) |
| r[1] = res; |
| *(uint64_t*)0x20000080 = 0x20000000; |
| *(uint64_t*)0x20000088 = 0x2000; |
| *(uint32_t*)0x20000090 = 0x1000; |
| *(uint32_t*)0x20000094 = 0; |
| syscall(__NR_setsockopt, r[1], 0x11b, 4, 0x20000080, 0x48); |
| *(uint32_t*)0x200000c0 = 4; |
| syscall(__NR_setsockopt, r[1], 0x11b, 5, 0x200000c0, 4); |
| *(uint64_t*)0x20000080 = 0x20000100; |
| memcpy((void*)0x20000100, "\x48\x00\x00\x00\x14\x00\x19\x0d\x09\x00\x4b\xea" |
| "\xfd\x0d\x8c\x56\x2c\x84\xed\x7a\x80\xff\xe0\x06" |
| "\x0f\x00\x00\x00\x00\x00\x00\xa2\xbc\x56\x03\xca" |
| "\x00\x00\x0f\x7f\x89\x00\x00\x00\x20\x00\x00\x00" |
| "\x01\x01\xff\x00\x00\x00\x03\x09\xff\x5b\xff\xff" |
| "\x00\xc7\xe5\xed\x4e\x00\x00\x00\x00\x00\x00\x00", |
| 72); |
| *(uint64_t*)0x20000088 = 0x48; |
| syscall(__NR_writev, r[0], 0x20000080, 1); |
| return 0; |
| } |