syzkaller-repros/linux/bd64b8b529c951b935a7c28423f6738f45d4a8a6.c - pub/scm/linux/kernel/git/shuah/linux-arts - Git at Google

 // general protection fault in bpf_skb_change_tail
 // https://syzkaller.appspot.com/bug?id=bd64b8b529c951b935a7c28423f6738f45d4a8a6
 // status:open
 // autogenerated by syzkaller (https://github.com/google/syzkaller)

 #define _GNU_SOURCE

 #include <endian.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/syscall.h>
 #include <sys/types.h>
 #include <unistd.h>

 #ifndef __NR_bpf
 #define __NR_bpf 321
 #endif

 uint64_t r[1] = {0xffffffffffffffff};

 int main(void)
 {
   syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
   long res = 0;
   *(uint32_t*)0x20000200 = 4;
   *(uint32_t*)0x20000204 = 0xe;
   *(uint64_t*)0x20000208 = 0x20000480;
   memcpy((void*)0x20000480,
          "\xb7\x02\x00\x00\xfe\x00\x00\x00\xbf\xa3\x00\x00\x00\x00\x00\x00\x07"
          "\x01\x00\x00\x00\xfe\xff\xff\x7a\x0a\xf0\xff\xf8\xff\xff\xff\x79\xa4"
          "\xf0\xff\x00\x00\x00\x00\xb7\x06\x00\x00\xff\xff\xff\xff\x2d\x64\x05"
          "\x00\x00\x00\x00\x00\x65\x04\x04\x00\x01\x00\x00\x00\x04\x04\x00\x00"
          "\x01\x00\x00\x00\xb7\x03\x00\x00\x00\x00\x00\x00\x6a\x0a\x00\xfe\x00"
          "\x00\x00\x00\x85\x00\x00\x00\x26\x00\x00\x00\xb7\x00\x00\x00\x00\x00"
          "\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00",
          112);
   *(uint64_t*)0x20000210 = 0x20000340;
   memcpy((void*)0x20000340, "syzkaller", 10);
   *(uint32_t*)0x20000218 = 0;
   *(uint32_t*)0x2000021c = 0;
   *(uint64_t*)0x20000220 = 0;
   *(uint32_t*)0x20000228 = 0;
   *(uint32_t*)0x2000022c = 0;
   *(uint8_t*)0x20000230 = 0;
   *(uint8_t*)0x20000231 = 0;
   *(uint8_t*)0x20000232 = 0;
   *(uint8_t*)0x20000233 = 0;
   *(uint8_t*)0x20000234 = 0;
   *(uint8_t*)0x20000235 = 0;
   *(uint8_t*)0x20000236 = 0;
   *(uint8_t*)0x20000237 = 0;
   *(uint8_t*)0x20000238 = 0;
   *(uint8_t*)0x20000239 = 0;
   *(uint8_t*)0x2000023a = 0;
   *(uint8_t*)0x2000023b = 0;
   *(uint8_t*)0x2000023c = 0;
   *(uint8_t*)0x2000023d = 0;
   *(uint8_t*)0x2000023e = 0;
   *(uint8_t*)0x2000023f = 0;
   *(uint32_t*)0x20000240 = 0;
   *(uint32_t*)0x20000244 = 0;
   res = syscall(__NR_bpf, 5, 0x20000200, 0x48);
   if (res != -1)
     r[0] = res;
   *(uint32_t*)0x20000040 = r[0];
   *(uint32_t*)0x20000044 = 0;
   *(uint32_t*)0x20000048 = 0xff;
   *(uint32_t*)0x2000004c = 0xe7;
   *(uint64_t*)0x20000050 = 0x20000600;
   memcpy((void*)0x20000600,
          "\xdd\xe0\xe5\x13\x7c\x77\x27\x2b\xec\x52\xb0\x2a\xee\x28\x4f\xa8\x9f"
          "\x6a\xa4\xcb\x62\x96\x4b\x9b\x69\x20\xe8\x97\x4b\xc7\x6d\x7f\xc3\x0b"
          "\xd7\xa8\x7a\xa2\xeb\xa4\x30\x86\xad\x53\x74\x02\xf4\x82\x5a\x26\x65"
          "\x32\xc4\x8e\x24\xf6\xa2\x67\x3d\x19\x8b\x3e\xf3\x07\xa7\x5e\xd2\xb7"
          "\x08\xa4\x79\xc1\xa6\x32\xaf\x13\x96\x84\x24\x0f\x03\x45\x94\x54\x8e"
          "\xcd\xbb\x38\x07\x42\x37\x00\x51\x7c\xc6\x6c\x61\xc0\xc7\x3e\x55\xd3"
          "\xf3\xbf\xc5\x29\xe8\x05\xdd\x0b\x42\xcc\x97\xe7\x0c\xed\xe6\x68\x81"
          "\xde\xcc\x9e\x51\x7e\xc7\x4b\x74\x20\x8f\x31\xc3\x36\x1a\x20\x09\xef"
          "\x5d\x3c\x2b\x29\x54\xc5\xa5\x22\x5f\x3e\x5e\xda\xf0\xea\x2c\x90\x1d"
          "\xae\x23\xdc\x88\xe9\x5e\x85\xd3\x81\x5d\xc9\xf2\x38\x62\x69\x3f\x17"
          "\x9a\xb9\xb2\xb9\xbf\x94\x55\x19\x64\xac\x55\x86\xbc\x09\xc8\x8a\x7a"
          "\xfa\x33\xe6\x77\x0c\x13\x7a\x6b\xbb\xa4\xa9\xa9\x2f\xce\x00\xbe\x8a"
          "\x2f\xa8\xb1\xa3\xc0\x08\xba\x99\x60\xee\xc1\x92\x53\x8c\x6d\xa8\x1e"
          "\x52\xd3\xe9\x96\xae\x8a\xb8\xd8\x2c\x96\xbb\x47\x59\x91\x20\x61\x36"
          "\xc5\xda\x34\xa9\x72\x93\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
          255);
   *(uint64_t*)0x20000058 = 0x20000500;
   *(uint32_t*)0x20000060 = 8;
   *(uint32_t*)0x20000064 = 0;
   syscall(__NR_bpf, 0xa, 0x20000040, 0x28);
   return 0;
 }
	// general protection fault in bpf_skb_change_tail
	// https://syzkaller.appspot.com/bug?id=bd64b8b529c951b935a7c28423f6738f45d4a8a6
	// status:open
	// autogenerated by syzkaller (https://github.com/google/syzkaller)

	#define _GNU_SOURCE

	#include <endian.h>
	#include <stdint.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <sys/syscall.h>
	#include <sys/types.h>
	#include <unistd.h>

	#ifndef __NR_bpf
	#define __NR_bpf 321
	#endif

	uint64_t r[1] = {0xffffffffffffffff};

	int main(void)
	{
	syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
	long res = 0;
	(uint32_t)0x20000200 = 4;
	(uint32_t)0x20000204 = 0xe;
	(uint64_t)0x20000208 = 0x20000480;
	memcpy((void*)0x20000480,
	"\xb7\x02\x00\x00\xfe\x00\x00\x00\xbf\xa3\x00\x00\x00\x00\x00\x00\x07"
	"\x01\x00\x00\x00\xfe\xff\xff\x7a\x0a\xf0\xff\xf8\xff\xff\xff\x79\xa4"
	"\xf0\xff\x00\x00\x00\x00\xb7\x06\x00\x00\xff\xff\xff\xff\x2d\x64\x05"
	"\x00\x00\x00\x00\x00\x65\x04\x04\x00\x01\x00\x00\x00\x04\x04\x00\x00"
	"\x01\x00\x00\x00\xb7\x03\x00\x00\x00\x00\x00\x00\x6a\x0a\x00\xfe\x00"
	"\x00\x00\x00\x85\x00\x00\x00\x26\x00\x00\x00\xb7\x00\x00\x00\x00\x00"
	"\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00",
	112);
	(uint64_t)0x20000210 = 0x20000340;
	memcpy((void*)0x20000340, "syzkaller", 10);
	(uint32_t)0x20000218 = 0;
	(uint32_t)0x2000021c = 0;
	(uint64_t)0x20000220 = 0;
	(uint32_t)0x20000228 = 0;
	(uint32_t)0x2000022c = 0;
	(uint8_t)0x20000230 = 0;
	(uint8_t)0x20000231 = 0;
	(uint8_t)0x20000232 = 0;
	(uint8_t)0x20000233 = 0;
	(uint8_t)0x20000234 = 0;
	(uint8_t)0x20000235 = 0;
	(uint8_t)0x20000236 = 0;
	(uint8_t)0x20000237 = 0;
	(uint8_t)0x20000238 = 0;
	(uint8_t)0x20000239 = 0;
	(uint8_t)0x2000023a = 0;
	(uint8_t)0x2000023b = 0;
	(uint8_t)0x2000023c = 0;
	(uint8_t)0x2000023d = 0;
	(uint8_t)0x2000023e = 0;
	(uint8_t)0x2000023f = 0;
	(uint32_t)0x20000240 = 0;
	(uint32_t)0x20000244 = 0;
	res = syscall(__NR_bpf, 5, 0x20000200, 0x48);
	if (res != -1)
	r[0] = res;
	(uint32_t)0x20000040 = r[0];
	(uint32_t)0x20000044 = 0;
	(uint32_t)0x20000048 = 0xff;
	(uint32_t)0x2000004c = 0xe7;
	(uint64_t)0x20000050 = 0x20000600;
	memcpy((void*)0x20000600,
	"\xdd\xe0\xe5\x13\x7c\x77\x27\x2b\xec\x52\xb0\x2a\xee\x28\x4f\xa8\x9f"
	"\x6a\xa4\xcb\x62\x96\x4b\x9b\x69\x20\xe8\x97\x4b\xc7\x6d\x7f\xc3\x0b"
	"\xd7\xa8\x7a\xa2\xeb\xa4\x30\x86\xad\x53\x74\x02\xf4\x82\x5a\x26\x65"
	"\x32\xc4\x8e\x24\xf6\xa2\x67\x3d\x19\x8b\x3e\xf3\x07\xa7\x5e\xd2\xb7"
	"\x08\xa4\x79\xc1\xa6\x32\xaf\x13\x96\x84\x24\x0f\x03\x45\x94\x54\x8e"
	"\xcd\xbb\x38\x07\x42\x37\x00\x51\x7c\xc6\x6c\x61\xc0\xc7\x3e\x55\xd3"
	"\xf3\xbf\xc5\x29\xe8\x05\xdd\x0b\x42\xcc\x97\xe7\x0c\xed\xe6\x68\x81"
	"\xde\xcc\x9e\x51\x7e\xc7\x4b\x74\x20\x8f\x31\xc3\x36\x1a\x20\x09\xef"
	"\x5d\x3c\x2b\x29\x54\xc5\xa5\x22\x5f\x3e\x5e\xda\xf0\xea\x2c\x90\x1d"
	"\xae\x23\xdc\x88\xe9\x5e\x85\xd3\x81\x5d\xc9\xf2\x38\x62\x69\x3f\x17"
	"\x9a\xb9\xb2\xb9\xbf\x94\x55\x19\x64\xac\x55\x86\xbc\x09\xc8\x8a\x7a"
	"\xfa\x33\xe6\x77\x0c\x13\x7a\x6b\xbb\xa4\xa9\xa9\x2f\xce\x00\xbe\x8a"
	"\x2f\xa8\xb1\xa3\xc0\x08\xba\x99\x60\xee\xc1\x92\x53\x8c\x6d\xa8\x1e"
	"\x52\xd3\xe9\x96\xae\x8a\xb8\xd8\x2c\x96\xbb\x47\x59\x91\x20\x61\x36"
	"\xc5\xda\x34\xa9\x72\x93\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
	255);
	(uint64_t)0x20000058 = 0x20000500;
	(uint32_t)0x20000060 = 8;
	(uint32_t)0x20000064 = 0;
	syscall(__NR_bpf, 0xa, 0x20000040, 0x28);
	return 0;
	}