| // general protection fault in __skb_flow_dissect (2) |
| // https://syzkaller.appspot.com/bug?id=ab5470b9284c9768a11a2a152eeb85994d6193b5 |
| // status:fixed |
| // autogenerated by syzkaller (https://github.com/google/syzkaller) |
| |
| #define _GNU_SOURCE |
| |
| #include <endian.h> |
| #include <stdint.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <sys/syscall.h> |
| #include <sys/types.h> |
| #include <unistd.h> |
| |
| uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; |
| |
| int main(void) |
| { |
| syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); |
| long res = 0; |
| res = syscall(__NR_socketpair, 1, 2, 0, 0x2001a000); |
| if (res != -1) { |
| r[0] = *(uint32_t*)0x2001a000; |
| r[1] = *(uint32_t*)0x2001a004; |
| } |
| *(uint16_t*)0x20ab9ff0 = 2; |
| *(uint64_t*)0x20ab9ff8 = 0x2039a000; |
| *(uint16_t*)0x2039a000 = 0x20; |
| *(uint8_t*)0x2039a002 = 0; |
| *(uint8_t*)0x2039a003 = 0; |
| *(uint32_t*)0x2039a004 = 0xfffff034; |
| *(uint16_t*)0x2039a008 = 6; |
| *(uint8_t*)0x2039a00a = 0; |
| *(uint8_t*)0x2039a00b = 0; |
| *(uint32_t*)0x2039a00c = 0; |
| syscall(__NR_setsockopt, r[1], 1, 0x1a, 0x20ab9ff0, 0x10); |
| syscall(__NR_sendmmsg, r[0], 0x20000000, 0x4000000000000fe, 0); |
| return 0; |
| } |
