syzkaller-repros/linux/36eeca0fd5b1fdb7c87dac212c3be2c0c40a5dde.c - pub/scm/linux/kernel/git/shuah/linux-arts - Git at Google

 // WARNING in xfrm_add_pol_expire
 // https://syzkaller.appspot.com/bug?id=36eeca0fd5b1fdb7c87dac212c3be2c0c40a5dde
 // status:open
 // autogenerated by syzkaller (http://github.com/google/syzkaller)

 #define _GNU_SOURCE
 #include <endian.h>
 #include <stdint.h>
 #include <string.h>
 #include <sys/syscall.h>
 #include <unistd.h>

 static void test();

 void loop()
 {
   while (1) {
     test();
   }
 }

 long r[2];
 void test()
 {
   memset(r, -1, sizeof(r));
   syscall(__NR_mmap, 0x20000000, 0x57f000, 3, 0x32, -1, 0);
   r[0] = syscall(__NR_socket, 0x10, 3, 6);
   *(uint64_t*)0x2009e000 = 0x2001dff4;
   *(uint32_t*)0x2009e008 = 0xc;
   *(uint64_t*)0x2009e010 = 0x20012000;
   *(uint64_t*)0x2009e018 = 1;
   *(uint64_t*)0x2009e020 = 0;
   *(uint64_t*)0x2009e028 = 0;
   *(uint32_t*)0x2009e030 = 0;
   *(uint16_t*)0x2001dff4 = 0x10;
   *(uint16_t*)0x2001dff6 = 0;
   *(uint32_t*)0x2001dff8 = 0;
   *(uint32_t*)0x2001dffc = 0;
   *(uint64_t*)0x20012000 = 0x2009ed80;
   *(uint64_t*)0x20012008 = 0xcc;
   *(uint32_t*)0x2009ed80 = 0xcc;
   *(uint16_t*)0x2009ed84 = 0x1b;
   *(uint16_t*)0x2009ed86 = 0x305;
   *(uint32_t*)0x2009ed88 = 0x70bd25;
   *(uint32_t*)0x2009ed8c = 0x25dfdbfb;
   *(uint32_t*)0x2009ed90 = htobe32(0xe0000001);
   *(uint8_t*)0x2009eda0 = 0xac;
   *(uint8_t*)0x2009eda1 = 0x14;
   *(uint8_t*)0x2009eda2 = 0;
   *(uint8_t*)0x2009eda3 = 0xaa;
   *(uint16_t*)0x2009edb0 = htobe16(0x4e20);
   *(uint16_t*)0x2009edb2 = htobe16(0);
   *(uint16_t*)0x2009edb4 = htobe16(0x4e20);
   *(uint16_t*)0x2009edb6 = htobe16(0);
   *(uint16_t*)0x2009edb8 = 0;
   *(uint8_t*)0x2009edba = 0;
   *(uint8_t*)0x2009edbb = 0;
   *(uint8_t*)0x2009edbc = 0;
   *(uint32_t*)0x2009edc0 = 0;
   *(uint32_t*)0x2009edc4 = 0;
   *(uint64_t*)0x2009edc8 = 0;
   *(uint64_t*)0x2009edd0 = 0;
   *(uint64_t*)0x2009edd8 = 0;
   *(uint64_t*)0x2009ede0 = 0;
   *(uint64_t*)0x2009ede8 = 0;
   *(uint64_t*)0x2009edf0 = 0;
   *(uint64_t*)0x2009edf8 = 0;
   *(uint64_t*)0x2009ee00 = 0;
   *(uint64_t*)0x2009ee08 = 0;
   *(uint64_t*)0x2009ee10 = 0;
   *(uint64_t*)0x2009ee18 = 0;
   *(uint64_t*)0x2009ee20 = 0;
   *(uint32_t*)0x2009ee28 = 0;
   *(uint32_t*)0x2009ee2c = 0x6e6bb0;
   *(uint8_t*)0x2009ee30 = 0;
   *(uint8_t*)0x2009ee31 = 0;
   *(uint8_t*)0x2009ee32 = 0;
   *(uint8_t*)0x2009ee33 = 0;
   *(uint8_t*)0x2009ee38 = 0;
   *(uint16_t*)0x2009ee3c = 0x10;
   *(uint16_t*)0x2009ee3e = 8;
   *(uint16_t*)0x2009ee40 = 0xc;
   *(uint16_t*)0x2009ee42 = 8;
   *(uint8_t*)0x2009ee44 = 0;
   *(uint8_t*)0x2009ee45 = 0;
   *(uint16_t*)0x2009ee46 = 4;
   memcpy((void*)0x2009ee48, "\xbd\x51\x28\xb4", 4);
   syscall(__NR_sendmsg, r[0], 0x2009e000, 0);
   r[1] = syscall(__NR_socket, 0x10, 3, 6);
   *(uint64_t*)0x204e5fc8 = 0x2009eff4;
   *(uint32_t*)0x204e5fd0 = 0xc;
   *(uint64_t*)0x204e5fd8 = 0x202bf000;
   *(uint64_t*)0x204e5fe0 = 1;
   *(uint64_t*)0x204e5fe8 = 0;
   *(uint64_t*)0x204e5ff0 = 0;
   *(uint32_t*)0x204e5ff8 = 0;
   *(uint16_t*)0x2009eff4 = 0x10;
   *(uint16_t*)0x2009eff6 = 0;
   *(uint32_t*)0x2009eff8 = 0;
   *(uint32_t*)0x2009effc = 0;
   *(uint64_t*)0x202bf000 = 0x20417000;
   *(uint64_t*)0x202bf008 = 0xc4;
   *(uint32_t*)0x20417000 = 0xc4;
   *(uint16_t*)0x20417004 = 0x19;
   *(uint16_t*)0x20417006 = 1;
   *(uint32_t*)0x20417008 = 0x70bd25;
   *(uint32_t*)0x2041700c = 0x25dfdbfb;
   *(uint32_t*)0x20417010 = htobe32(0xe0000002);
   *(uint32_t*)0x20417020 = htobe32(0xe0000001);
   *(uint16_t*)0x20417030 = htobe16(0x4e20);
   *(uint16_t*)0x20417032 = htobe16(0);
   *(uint16_t*)0x20417034 = htobe16(0x4e20);
   *(uint16_t*)0x20417036 = htobe16(0);
   *(uint16_t*)0x20417038 = 2;
   *(uint8_t*)0x2041703a = 0;
   *(uint8_t*)0x2041703b = 0;
   *(uint8_t*)0x2041703c = 0;
   *(uint32_t*)0x20417040 = 0;
   *(uint32_t*)0x20417044 = 0;
   *(uint64_t*)0x20417048 = 0;
   *(uint64_t*)0x20417050 = 0;
   *(uint64_t*)0x20417058 = 0;
   *(uint64_t*)0x20417060 = 0;
   *(uint64_t*)0x20417068 = 0;
   *(uint64_t*)0x20417070 = 0;
   *(uint64_t*)0x20417078 = 0;
   *(uint64_t*)0x20417080 = 0;
   *(uint64_t*)0x20417088 = 0;
   *(uint64_t*)0x20417090 = 0;
   *(uint64_t*)0x20417098 = 0;
   *(uint64_t*)0x204170a0 = 0;
   *(uint32_t*)0x204170a8 = 0;
   *(uint32_t*)0x204170ac = 0x6e6bb0;
   *(uint8_t*)0x204170b0 = 0;
   *(uint8_t*)0x204170b1 = 0;
   *(uint8_t*)0x204170b2 = 0;
   *(uint8_t*)0x204170b3 = 0;
   *(uint16_t*)0x204170b8 = 0xc;
   *(uint16_t*)0x204170ba = 0x10;
   *(uint8_t*)0x204170bc = 0;
   *(uint16_t*)0x204170be = 0;
   *(uint8_t*)0x204170c0 = 0;
   syscall(__NR_sendmsg, r[1], 0x204e5fc8, 0);
 }

 int main()
 {
   for (;;) {
     loop();
   }
 }
	// WARNING in xfrm_add_pol_expire
	// https://syzkaller.appspot.com/bug?id=36eeca0fd5b1fdb7c87dac212c3be2c0c40a5dde
	// status:open
	// autogenerated by syzkaller (http://github.com/google/syzkaller)

	#define _GNU_SOURCE
	#include <endian.h>
	#include <stdint.h>
	#include <string.h>
	#include <sys/syscall.h>
	#include <unistd.h>

	static void test();

	void loop()
	{
	while (1) {
	test();
	}
	}

	long r[2];
	void test()
	{
	memset(r, -1, sizeof(r));
	syscall(__NR_mmap, 0x20000000, 0x57f000, 3, 0x32, -1, 0);
	r[0] = syscall(__NR_socket, 0x10, 3, 6);
	(uint64_t)0x2009e000 = 0x2001dff4;
	(uint32_t)0x2009e008 = 0xc;
	(uint64_t)0x2009e010 = 0x20012000;
	(uint64_t)0x2009e018 = 1;
	(uint64_t)0x2009e020 = 0;
	(uint64_t)0x2009e028 = 0;
	(uint32_t)0x2009e030 = 0;
	(uint16_t)0x2001dff4 = 0x10;
	(uint16_t)0x2001dff6 = 0;
	(uint32_t)0x2001dff8 = 0;
	(uint32_t)0x2001dffc = 0;
	(uint64_t)0x20012000 = 0x2009ed80;
	(uint64_t)0x20012008 = 0xcc;
	(uint32_t)0x2009ed80 = 0xcc;
	(uint16_t)0x2009ed84 = 0x1b;
	(uint16_t)0x2009ed86 = 0x305;
	(uint32_t)0x2009ed88 = 0x70bd25;
	(uint32_t)0x2009ed8c = 0x25dfdbfb;
	(uint32_t)0x2009ed90 = htobe32(0xe0000001);
	(uint8_t)0x2009eda0 = 0xac;
	(uint8_t)0x2009eda1 = 0x14;
	(uint8_t)0x2009eda2 = 0;
	(uint8_t)0x2009eda3 = 0xaa;
	(uint16_t)0x2009edb0 = htobe16(0x4e20);
	(uint16_t)0x2009edb2 = htobe16(0);
	(uint16_t)0x2009edb4 = htobe16(0x4e20);
	(uint16_t)0x2009edb6 = htobe16(0);
	(uint16_t)0x2009edb8 = 0;
	(uint8_t)0x2009edba = 0;
	(uint8_t)0x2009edbb = 0;
	(uint8_t)0x2009edbc = 0;
	(uint32_t)0x2009edc0 = 0;
	(uint32_t)0x2009edc4 = 0;
	(uint64_t)0x2009edc8 = 0;
	(uint64_t)0x2009edd0 = 0;
	(uint64_t)0x2009edd8 = 0;
	(uint64_t)0x2009ede0 = 0;
	(uint64_t)0x2009ede8 = 0;
	(uint64_t)0x2009edf0 = 0;
	(uint64_t)0x2009edf8 = 0;
	(uint64_t)0x2009ee00 = 0;
	(uint64_t)0x2009ee08 = 0;
	(uint64_t)0x2009ee10 = 0;
	(uint64_t)0x2009ee18 = 0;
	(uint64_t)0x2009ee20 = 0;
	(uint32_t)0x2009ee28 = 0;
	(uint32_t)0x2009ee2c = 0x6e6bb0;
	(uint8_t)0x2009ee30 = 0;
	(uint8_t)0x2009ee31 = 0;
	(uint8_t)0x2009ee32 = 0;
	(uint8_t)0x2009ee33 = 0;
	(uint8_t)0x2009ee38 = 0;
	(uint16_t)0x2009ee3c = 0x10;
	(uint16_t)0x2009ee3e = 8;
	(uint16_t)0x2009ee40 = 0xc;
	(uint16_t)0x2009ee42 = 8;
	(uint8_t)0x2009ee44 = 0;
	(uint8_t)0x2009ee45 = 0;
	(uint16_t)0x2009ee46 = 4;
	memcpy((void*)0x2009ee48, "\xbd\x51\x28\xb4", 4);
	syscall(__NR_sendmsg, r[0], 0x2009e000, 0);
	r[1] = syscall(__NR_socket, 0x10, 3, 6);
	(uint64_t)0x204e5fc8 = 0x2009eff4;
	(uint32_t)0x204e5fd0 = 0xc;
	(uint64_t)0x204e5fd8 = 0x202bf000;
	(uint64_t)0x204e5fe0 = 1;
	(uint64_t)0x204e5fe8 = 0;
	(uint64_t)0x204e5ff0 = 0;
	(uint32_t)0x204e5ff8 = 0;
	(uint16_t)0x2009eff4 = 0x10;
	(uint16_t)0x2009eff6 = 0;
	(uint32_t)0x2009eff8 = 0;
	(uint32_t)0x2009effc = 0;
	(uint64_t)0x202bf000 = 0x20417000;
	(uint64_t)0x202bf008 = 0xc4;
	(uint32_t)0x20417000 = 0xc4;
	(uint16_t)0x20417004 = 0x19;
	(uint16_t)0x20417006 = 1;
	(uint32_t)0x20417008 = 0x70bd25;
	(uint32_t)0x2041700c = 0x25dfdbfb;
	(uint32_t)0x20417010 = htobe32(0xe0000002);
	(uint32_t)0x20417020 = htobe32(0xe0000001);
	(uint16_t)0x20417030 = htobe16(0x4e20);
	(uint16_t)0x20417032 = htobe16(0);
	(uint16_t)0x20417034 = htobe16(0x4e20);
	(uint16_t)0x20417036 = htobe16(0);
	(uint16_t)0x20417038 = 2;
	(uint8_t)0x2041703a = 0;
	(uint8_t)0x2041703b = 0;
	(uint8_t)0x2041703c = 0;
	(uint32_t)0x20417040 = 0;
	(uint32_t)0x20417044 = 0;
	(uint64_t)0x20417048 = 0;
	(uint64_t)0x20417050 = 0;
	(uint64_t)0x20417058 = 0;
	(uint64_t)0x20417060 = 0;
	(uint64_t)0x20417068 = 0;
	(uint64_t)0x20417070 = 0;
	(uint64_t)0x20417078 = 0;
	(uint64_t)0x20417080 = 0;
	(uint64_t)0x20417088 = 0;
	(uint64_t)0x20417090 = 0;
	(uint64_t)0x20417098 = 0;
	(uint64_t)0x204170a0 = 0;
	(uint32_t)0x204170a8 = 0;
	(uint32_t)0x204170ac = 0x6e6bb0;
	(uint8_t)0x204170b0 = 0;
	(uint8_t)0x204170b1 = 0;
	(uint8_t)0x204170b2 = 0;
	(uint8_t)0x204170b3 = 0;
	(uint16_t)0x204170b8 = 0xc;
	(uint16_t)0x204170ba = 0x10;
	(uint8_t)0x204170bc = 0;
	(uint16_t)0x204170be = 0;
	(uint8_t)0x204170c0 = 0;
	syscall(__NR_sendmsg, r[1], 0x204e5fc8, 0);
	}

	int main()
	{
	for (;;) {
	loop();
	}
	}