Google Git
Sign in
kernel / pub / scm / linux / kernel / git / shuah / linux-arts / e20dfe47d05f05ce21a41761e154a826b4dbcf21 / . / syzkaller-repros / linux / 54f4ce6239e6e0d0d5583488421c6fa3ba7ed6b4.c
blob: c923a45662632665dca7abb8963eaa16a2e06daa [file] [log] [blame]
// BUG: using __this_cpu_read() in preemptible code in ipcomp_init_state
// https://syzkaller.appspot.com/bug?id=54f4ce6239e6e0d0d5583488421c6fa3ba7ed6b4
// status:fixed
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>
static void execute_one();
extern unsigned long long procid;
void loop()
{
while (1) {
execute_one();
}
}
uint64_t r[1] = {0xffffffffffffffff};
void execute_one()
{
long res = 0;
res = syscall(__NR_socket, 0xf, 3, 2);
if (res != -1)
r[0] = res;
*(uint64_t*)0x20f56000 = 0;
*(uint32_t*)0x20f56008 = 0;
*(uint64_t*)0x20f56010 = 0x208feff0;
*(uint64_t*)0x208feff0 = 0x20333f88;
*(uint8_t*)0x20333f88 = 2;
*(uint8_t*)0x20333f89 = 3;
*(uint8_t*)0x20333f8a = 0;
*(uint8_t*)0x20333f8b = 9;
*(uint16_t*)0x20333f8c = 0xc;
*(uint16_t*)0x20333f8e = 0;
*(uint32_t*)0x20333f90 = -1;
*(uint32_t*)0x20333f94 = -1;
*(uint16_t*)0x20333f98 = 2;
*(uint16_t*)0x20333f9a = 0x13;
*(uint8_t*)0x20333f9c = 2;
*(uint8_t*)0x20333f9d = 0;
*(uint16_t*)0x20333f9e = 0;
*(uint32_t*)0x20333fa0 = 0;
*(uint32_t*)0x20333fa4 = 0;
*(uint16_t*)0x20333fa8 = 3;
*(uint16_t*)0x20333faa = 6;
*(uint8_t*)0x20333fac = 0;
*(uint8_t*)0x20333fad = 0;
*(uint16_t*)0x20333fae = 0;
*(uint16_t*)0x20333fb0 = 2;
*(uint16_t*)0x20333fb2 = htobe16(0x4e20);
*(uint32_t*)0x20333fb4 = htobe32(0xe0000001);
*(uint8_t*)0x20333fb8 = 0;
*(uint8_t*)0x20333fb9 = 0;
*(uint8_t*)0x20333fba = 0;
*(uint8_t*)0x20333fbb = 0;
*(uint8_t*)0x20333fbc = 0;
*(uint8_t*)0x20333fbd = 0;
*(uint8_t*)0x20333fbe = 0;
*(uint8_t*)0x20333fbf = 0;
*(uint16_t*)0x20333fc0 = 2;
*(uint16_t*)0x20333fc2 = 1;
*(uint32_t*)0x20333fc4 = htobe32(-1);
*(uint8_t*)0x20333fc8 = 0;
*(uint8_t*)0x20333fc9 = 0;
*(uint8_t*)0x20333fca = 0;
*(uint8_t*)0x20333fcb = 2;
*(uint32_t*)0x20333fcc = 0;
*(uint16_t*)0x20333fd0 = 3;
*(uint16_t*)0x20333fd2 = 5;
*(uint8_t*)0x20333fd4 = 0;
*(uint8_t*)0x20333fd5 = 0;
*(uint16_t*)0x20333fd6 = 0;
*(uint16_t*)0x20333fd8 = 2;
*(uint16_t*)0x20333fda = htobe16(0x4e20);
*(uint32_t*)0x20333fdc = htobe32(0xe0000001);
*(uint8_t*)0x20333fe0 = 0;
*(uint8_t*)0x20333fe1 = 0;
*(uint8_t*)0x20333fe2 = 0;
*(uint8_t*)0x20333fe3 = 0;
*(uint8_t*)0x20333fe4 = 0;
*(uint8_t*)0x20333fe5 = 0;
*(uint8_t*)0x20333fe6 = 0;
*(uint8_t*)0x20333fe7 = 0;
*(uint64_t*)0x208feff8 = 0x60;
*(uint64_t*)0x20f56018 = 1;
*(uint64_t*)0x20f56020 = 0;
*(uint64_t*)0x20f56028 = 0;
*(uint32_t*)0x20f56030 = 0;
syscall(__NR_sendmsg, r[0], 0x20f56000, 0);
}
int main()
{
syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
for (;;) {
loop();
}
}