syzkaller-repros/linux/0ba0487bee95b61e3d4e2edeba86156391b7b167.c - pub/scm/linux/kernel/git/shuah/linux-arts - Git at Google

 // KMSAN: uninit-value in tipc_node_get_mtu
 // https://syzkaller.appspot.com/bug?id=0ba0487bee95b61e3d4e2edeba86156391b7b167
 // status:fixed
 // autogenerated by syzkaller (http://github.com/google/syzkaller)

 #define _GNU_SOURCE
 #include <endian.h>
 #include <stdint.h>
 #include <string.h>
 #include <sys/syscall.h>
 #include <unistd.h>

 uint64_t r[1] = {0xffffffffffffffff};
 void loop()
 {
   long res = 0;
   res = syscall(__NR_socket, 0x1e, 2, 0);
   if (res != -1)
     r[0] = res;
   *(uint64_t*)0x2095ffc8 = 0x204aeb5c;
   *(uint16_t*)0x204aeb5c = 0x1e;
   memcpy((void*)0x204aeb5e,
          "\xbc\x07\x00\x00\x00\x00\x8d\x00\x00\x00\x00\x01\xe5\x26\xcc\x57\x3c"
          "\x5b\xf8\x6c\x48\x37\x24\xc7\x1e\x14\xdd\x6a\x73\x9e\xff\xea\x1b\x48"
          "\x00\x6b\xe6\x1f\xfe\x00\x00\x00\x03\x00\x00\x00\xf8\x00\x00\x07\x00"
          "\x3f\x01\x00\x39\xd8\xf9\x86\xff\x01\x00\x00\x00\x00\x00\x00\xaf\x50"
          "\xd5\xfe\x32\xc4\x19\xd6\x7b\xcb\xc7\xe3\xad\x31\x6a\x19\x83\x74\xed"
          "\xb9\xb7\x34\x1c\x1f\xd4\xcb\x24\x28\x1e\x27\x80\x00\x00\x10\x00\x76"
          "\xc3\x97\x9a\xc4\x00\x00\xbd\x83\x7e\x2e\x78\xa1\xdf\xd3\x00\x88\x1a"
          "\x15\x65\xb3\xb1\x6d\x74\x36",
          126);
   *(uint32_t*)0x2095ffd0 = 0x80;
   *(uint64_t*)0x2095ffd8 = 0x20000240;
   *(uint64_t*)0x20000240 = 0x20000280;
   *(uint64_t*)0x20000248 = 0;
   *(uint64_t*)0x2095ffe0 = 1;
   *(uint64_t*)0x2095ffe8 = 0x202d4000;
   *(uint64_t*)0x2095fff0 = 0;
   *(uint32_t*)0x2095fff8 = 0;
   syscall(__NR_sendmsg, r[0], 0x2095ffc8, 0);
 }

 int main()
 {
   syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
   loop();
   return 0;
 }
	// KMSAN: uninit-value in tipc_node_get_mtu
	// https://syzkaller.appspot.com/bug?id=0ba0487bee95b61e3d4e2edeba86156391b7b167
	// status:fixed
	// autogenerated by syzkaller (http://github.com/google/syzkaller)

	#define _GNU_SOURCE
	#include <endian.h>
	#include <stdint.h>
	#include <string.h>
	#include <sys/syscall.h>
	#include <unistd.h>

	uint64_t r[1] = {0xffffffffffffffff};
	void loop()
	{
	long res = 0;
	res = syscall(__NR_socket, 0x1e, 2, 0);
	if (res != -1)
	r[0] = res;
	(uint64_t)0x2095ffc8 = 0x204aeb5c;
	(uint16_t)0x204aeb5c = 0x1e;
	memcpy((void*)0x204aeb5e,
	"\xbc\x07\x00\x00\x00\x00\x8d\x00\x00\x00\x00\x01\xe5\x26\xcc\x57\x3c"
	"\x5b\xf8\x6c\x48\x37\x24\xc7\x1e\x14\xdd\x6a\x73\x9e\xff\xea\x1b\x48"
	"\x00\x6b\xe6\x1f\xfe\x00\x00\x00\x03\x00\x00\x00\xf8\x00\x00\x07\x00"
	"\x3f\x01\x00\x39\xd8\xf9\x86\xff\x01\x00\x00\x00\x00\x00\x00\xaf\x50"
	"\xd5\xfe\x32\xc4\x19\xd6\x7b\xcb\xc7\xe3\xad\x31\x6a\x19\x83\x74\xed"
	"\xb9\xb7\x34\x1c\x1f\xd4\xcb\x24\x28\x1e\x27\x80\x00\x00\x10\x00\x76"
	"\xc3\x97\x9a\xc4\x00\x00\xbd\x83\x7e\x2e\x78\xa1\xdf\xd3\x00\x88\x1a"
	"\x15\x65\xb3\xb1\x6d\x74\x36",
	126);
	(uint32_t)0x2095ffd0 = 0x80;
	(uint64_t)0x2095ffd8 = 0x20000240;
	(uint64_t)0x20000240 = 0x20000280;
	(uint64_t)0x20000248 = 0;
	(uint64_t)0x2095ffe0 = 1;
	(uint64_t)0x2095ffe8 = 0x202d4000;
	(uint64_t)0x2095fff0 = 0;
	(uint32_t)0x2095fff8 = 0;
	syscall(__NR_sendmsg, r[0], 0x2095ffc8, 0);
	}

	int main()
	{
	syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
	loop();
	return 0;
	}