syzkaller-repros/linux/4c194f75820d5059b949cd1257159d9b46c3ef16.c - pub/scm/linux/kernel/git/shuah/linux-arts - Git at Google

 // KMSAN: uninit-value in __crypto_memneq
 // https://syzkaller.appspot.com/bug?id=4c194f75820d5059b949cd1257159d9b46c3ef16
 // status:invalid
 // autogenerated by syzkaller (http://github.com/google/syzkaller)

 #define _GNU_SOURCE
 #include <endian.h>
 #include <stdint.h>
 #include <string.h>
 #include <sys/syscall.h>
 #include <unistd.h>

 uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};
 void loop()
 {
   long res = 0;
   res = syscall(__NR_socket, 0x26, 5, 0);
   if (res != -1)
     r[0] = res;
   *(uint16_t*)0x20000000 = 0x26;
   memcpy((void*)0x20000002,
          "\x61\x65\x61\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 14);
   *(uint32_t*)0x20000010 = 0;
   *(uint32_t*)0x20000014 = 0;
   memcpy((void*)0x20000018,
          "\x67\x63\x6d\x28\x61\x65\x73\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00"
          "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
          "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
          "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
          64);
   syscall(__NR_bind, r[0], 0x20000000, 0x58);
   memcpy((void*)0x204f7000,
          "\x64\x9c\x47\xad\x46\x39\x0d\x00\x6d\xc8\x00\x00\x00\x9d\x4d\x54",
          16);
   syscall(__NR_setsockopt, r[0], 0x117, 1, 0x204f7000, 0x10);
   res = syscall(__NR_dup, r[0]);
   if (res != -1)
     r[1] = res;
   res = syscall(__NR_accept4, r[1], 0, 0, 0);
   if (res != -1)
     r[2] = res;
   *(uint64_t*)0x20000a00 = 0;
   *(uint32_t*)0x20000a08 = 0;
   *(uint64_t*)0x20000a10 = 0x20000680;
   *(uint64_t*)0x20000680 = 0x200002c0;
   *(uint64_t*)0x20000688 = 0;
   *(uint64_t*)0x20000690 = 0x20000440;
   *(uint64_t*)0x20000698 = 0;
   *(uint64_t*)0x200006a0 = 0x200005c0;
   memcpy((void*)0x200005c0,
          "\x9c\xd6\x6b\x9e\x1a\xc7\xee\x1e\x31\x3a\xb6\xe8\xc6\xa9\x20\xce\x31"
          "\xa6\x99\xaf\x4f\xb0\x0f\x45\x6f\x84\x69\x7b\xb3\x80\x4c\xa5\xe8\xf8"
          "\x86\x9c\x51\x03\x16\x41\x5e\x75\x0b\x1b\xca\x7c\x87\x05\x50\xaf\x43"
          "\x41\x00\xc4\x71\x0c\x2d\xc0\x8e\x36\xcb\xc0\xa3\xfa\xdb\x9c\x70\x81"
          "\xe2\x2f\xec\x83\x90\x45\xd1\xa0\xb0\xfa\x07\x89\x82\x19\x28\x54\x64"
          "\xd0\x87\x60\xe4\x76\x4e\xa7\x1b\x61\x67\x23\x86\x25\xb6\x17\xb2\x06"
          "\x96\x89\xd3\x3d\x47\x5d\x45\xb2\xd7\xd4\xb8\xa3\xab\x61\x2f\x21\xaf"
          "\x83\xaa\x49\x1c\x3c\x71\x90\x3c\x1c\xe4\x47\x5d\xd2\xfe\x96\x94\x0f"
          "\xb7\x94\x6b\xcb\xf8\xb3\x3b\x56\xaa\x9d\xd0\x3f\xc2\x49\x12\xda\x36"
          "\xc6\xa2\xab\xe8\xb4\xb5\x74\xdd\x84\x74\x4e\xd0\x83\xa4\xaf\x2c\x1b"
          "\x46\xab\xb6\x4b\x4d\xda\x93\x3a\xf2\x7e\xc3\x59\x40\xd2\x7b\x13\x84"
          "\xac\x04\xa6\x4e",
          191);
   *(uint64_t*)0x200006a8 = 0xbf;
   *(uint64_t*)0x20000a18 = 3;
   *(uint64_t*)0x20000a20 = 0x20000580;
   *(uint64_t*)0x20000a28 = 0;
   *(uint32_t*)0x20000a30 = 0;
   syscall(__NR_sendmmsg, r[2], 0x20000a00, 1, 0);
   *(uint64_t*)0x200000c0 = 0;
   *(uint32_t*)0x200000c8 = 0xa6;
   *(uint64_t*)0x200000d0 = 0x2020bfe8;
   *(uint64_t*)0x2020bfe8 = 0x20588fa9;
   *(uint64_t*)0x2020bff0 = 0x32f;
   *(uint64_t*)0x200000d8 = 1;
   *(uint64_t*)0x200000e0 = 0x20142000;
   *(uint64_t*)0x200000e8 = 0xfffffffffffffec8;
   *(uint32_t*)0x200000f0 = 0;
   syscall(__NR_recvmsg, r[2], 0x200000c0, 0);
 }

 int main()
 {
   syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
   loop();
   return 0;
 }
	// KMSAN: uninit-value in __crypto_memneq
	// https://syzkaller.appspot.com/bug?id=4c194f75820d5059b949cd1257159d9b46c3ef16
	// status:invalid
	// autogenerated by syzkaller (http://github.com/google/syzkaller)

	#define _GNU_SOURCE
	#include <endian.h>
	#include <stdint.h>
	#include <string.h>
	#include <sys/syscall.h>
	#include <unistd.h>

	uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};
	void loop()
	{
	long res = 0;
	res = syscall(__NR_socket, 0x26, 5, 0);
	if (res != -1)
	r[0] = res;
	(uint16_t)0x20000000 = 0x26;
	memcpy((void*)0x20000002,
	"\x61\x65\x61\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 14);
	(uint32_t)0x20000010 = 0;
	(uint32_t)0x20000014 = 0;
	memcpy((void*)0x20000018,
	"\x67\x63\x6d\x28\x61\x65\x73\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00"
	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
	64);
	syscall(__NR_bind, r[0], 0x20000000, 0x58);
	memcpy((void*)0x204f7000,
	"\x64\x9c\x47\xad\x46\x39\x0d\x00\x6d\xc8\x00\x00\x00\x9d\x4d\x54",
	16);
	syscall(__NR_setsockopt, r[0], 0x117, 1, 0x204f7000, 0x10);
	res = syscall(__NR_dup, r[0]);
	if (res != -1)
	r[1] = res;
	res = syscall(__NR_accept4, r[1], 0, 0, 0);
	if (res != -1)
	r[2] = res;
	(uint64_t)0x20000a00 = 0;
	(uint32_t)0x20000a08 = 0;
	(uint64_t)0x20000a10 = 0x20000680;
	(uint64_t)0x20000680 = 0x200002c0;
	(uint64_t)0x20000688 = 0;
	(uint64_t)0x20000690 = 0x20000440;
	(uint64_t)0x20000698 = 0;
	(uint64_t)0x200006a0 = 0x200005c0;
	memcpy((void*)0x200005c0,
	"\x9c\xd6\x6b\x9e\x1a\xc7\xee\x1e\x31\x3a\xb6\xe8\xc6\xa9\x20\xce\x31"
	"\xa6\x99\xaf\x4f\xb0\x0f\x45\x6f\x84\x69\x7b\xb3\x80\x4c\xa5\xe8\xf8"
	"\x86\x9c\x51\x03\x16\x41\x5e\x75\x0b\x1b\xca\x7c\x87\x05\x50\xaf\x43"
	"\x41\x00\xc4\x71\x0c\x2d\xc0\x8e\x36\xcb\xc0\xa3\xfa\xdb\x9c\x70\x81"
	"\xe2\x2f\xec\x83\x90\x45\xd1\xa0\xb0\xfa\x07\x89\x82\x19\x28\x54\x64"
	"\xd0\x87\x60\xe4\x76\x4e\xa7\x1b\x61\x67\x23\x86\x25\xb6\x17\xb2\x06"
	"\x96\x89\xd3\x3d\x47\x5d\x45\xb2\xd7\xd4\xb8\xa3\xab\x61\x2f\x21\xaf"
	"\x83\xaa\x49\x1c\x3c\x71\x90\x3c\x1c\xe4\x47\x5d\xd2\xfe\x96\x94\x0f"
	"\xb7\x94\x6b\xcb\xf8\xb3\x3b\x56\xaa\x9d\xd0\x3f\xc2\x49\x12\xda\x36"
	"\xc6\xa2\xab\xe8\xb4\xb5\x74\xdd\x84\x74\x4e\xd0\x83\xa4\xaf\x2c\x1b"
	"\x46\xab\xb6\x4b\x4d\xda\x93\x3a\xf2\x7e\xc3\x59\x40\xd2\x7b\x13\x84"
	"\xac\x04\xa6\x4e",
	191);
	(uint64_t)0x200006a8 = 0xbf;
	(uint64_t)0x20000a18 = 3;
	(uint64_t)0x20000a20 = 0x20000580;
	(uint64_t)0x20000a28 = 0;
	(uint32_t)0x20000a30 = 0;
	syscall(__NR_sendmmsg, r[2], 0x20000a00, 1, 0);
	(uint64_t)0x200000c0 = 0;
	(uint32_t)0x200000c8 = 0xa6;
	(uint64_t)0x200000d0 = 0x2020bfe8;
	(uint64_t)0x2020bfe8 = 0x20588fa9;
	(uint64_t)0x2020bff0 = 0x32f;
	(uint64_t)0x200000d8 = 1;
	(uint64_t)0x200000e0 = 0x20142000;
	(uint64_t)0x200000e8 = 0xfffffffffffffec8;
	(uint32_t)0x200000f0 = 0;
	syscall(__NR_recvmsg, r[2], 0x200000c0, 0);
	}

	int main()
	{
	syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
	loop();
	return 0;
	}