Google Git
Sign in
kernel / pub / scm / linux / kernel / git / shuah / linux-arts / ebec47a771cab06af3d956c556a60e1ff05e9f09 / . / syzkaller-repros / linux / 15604084a6f209697fabd4658862a84efc6609fb.c
blob: 8bca0d23f81825218c41bb297a469fce0b1e2040 [file] [log] [blame]
// WARNING in fib6_add
// https://syzkaller.appspot.com/bug?id=15604084a6f209697fabd4658862a84efc6609fb
// status:fixed
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <sys/syscall.h>
#include <unistd.h>
#include <stdint.h>
#include <string.h>
long r[82];
void loop()
{
memset(r, -1, sizeof(r));
r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
0xfffffffffffffffful, 0x0ul);
r[1] = syscall(__NR_socket, 0xaul, 0x2ul, 0x0ul);
memcpy((void*)0x20faf000, "\x6c\x6f\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00",
16);
*(uint32_t*)0x20faf010 = (uint32_t)0x0;
*(uint8_t*)0x20faf014 = (uint8_t)0x0;
*(uint8_t*)0x20faf015 = (uint8_t)0x0;
*(uint8_t*)0x20faf016 = (uint8_t)0x0;
*(uint8_t*)0x20faf017 = (uint8_t)0x0;
*(uint8_t*)0x20faf018 = (uint8_t)0x0;
*(uint8_t*)0x20faf019 = (uint8_t)0x0;
*(uint8_t*)0x20faf01a = (uint8_t)0x0;
*(uint8_t*)0x20faf01b = (uint8_t)0x0;
*(uint8_t*)0x20faf01c = (uint8_t)0x0;
*(uint8_t*)0x20faf01d = (uint8_t)0x0;
*(uint8_t*)0x20faf01e = (uint8_t)0x0;
*(uint8_t*)0x20faf01f = (uint8_t)0x0;
*(uint8_t*)0x20faf020 = (uint8_t)0x0;
*(uint8_t*)0x20faf021 = (uint8_t)0x0;
*(uint8_t*)0x20faf022 = (uint8_t)0x0;
*(uint8_t*)0x20faf023 = (uint8_t)0x0;
*(uint8_t*)0x20faf024 = (uint8_t)0x0;
*(uint8_t*)0x20faf025 = (uint8_t)0x0;
*(uint8_t*)0x20faf026 = (uint8_t)0x0;
*(uint8_t*)0x20faf027 = (uint8_t)0x0;
r[24] = syscall(__NR_ioctl, r[1], 0x8933ul, 0x20faf000ul);
if (r[24] != -1)
r[25] = *(uint32_t*)0x20faf010;
*(uint8_t*)0x206bb000 = (uint8_t)0xfe;
*(uint8_t*)0x206bb001 = (uint8_t)0x80;
*(uint8_t*)0x206bb002 = (uint8_t)0x0;
*(uint8_t*)0x206bb003 = (uint8_t)0x0;
*(uint8_t*)0x206bb004 = (uint8_t)0x0;
*(uint8_t*)0x206bb005 = (uint8_t)0x0;
*(uint8_t*)0x206bb006 = (uint8_t)0x0;
*(uint8_t*)0x206bb007 = (uint8_t)0x0;
*(uint8_t*)0x206bb008 = (uint8_t)0x0;
*(uint8_t*)0x206bb009 = (uint8_t)0x0;
*(uint8_t*)0x206bb00a = (uint8_t)0x0;
*(uint8_t*)0x206bb00b = (uint8_t)0x0;
*(uint8_t*)0x206bb00c = (uint8_t)0x0;
*(uint8_t*)0x206bb00d = (uint8_t)0x0;
*(uint8_t*)0x206bb00e = (uint8_t)0x0;
*(uint8_t*)0x206bb00f = (uint8_t)0xbb;
*(uint8_t*)0x206bb010 = (uint8_t)0xfe;
*(uint8_t*)0x206bb011 = (uint8_t)0x80;
*(uint8_t*)0x206bb012 = (uint8_t)0x0;
*(uint8_t*)0x206bb013 = (uint8_t)0x0;
*(uint8_t*)0x206bb014 = (uint8_t)0x0;
*(uint8_t*)0x206bb015 = (uint8_t)0x0;
*(uint8_t*)0x206bb016 = (uint8_t)0x0;
*(uint8_t*)0x206bb017 = (uint8_t)0x0;
*(uint8_t*)0x206bb018 = (uint8_t)0x0;
*(uint8_t*)0x206bb019 = (uint8_t)0x0;
*(uint8_t*)0x206bb01a = (uint8_t)0x0;
*(uint8_t*)0x206bb01b = (uint8_t)0x0;
*(uint8_t*)0x206bb01c = (uint8_t)0x0;
*(uint8_t*)0x206bb01d = (uint8_t)0x0;
*(uint8_t*)0x206bb01e = (uint8_t)0x0;
*(uint8_t*)0x206bb01f = (uint8_t)0xaa;
*(uint8_t*)0x206bb020 = (uint8_t)0x0;
*(uint8_t*)0x206bb021 = (uint8_t)0x0;
*(uint8_t*)0x206bb022 = (uint8_t)0x0;
*(uint8_t*)0x206bb023 = (uint8_t)0x0;
*(uint8_t*)0x206bb024 = (uint8_t)0x0;
*(uint8_t*)0x206bb025 = (uint8_t)0x0;
*(uint8_t*)0x206bb026 = (uint8_t)0x0;
*(uint8_t*)0x206bb027 = (uint8_t)0x0;
*(uint8_t*)0x206bb028 = (uint8_t)0x0;
*(uint8_t*)0x206bb029 = (uint8_t)0x0;
*(uint8_t*)0x206bb02a = (uint8_t)0x0;
*(uint8_t*)0x206bb02b = (uint8_t)0x0;
*(uint8_t*)0x206bb02c = (uint8_t)0x0;
*(uint8_t*)0x206bb02d = (uint8_t)0x0;
*(uint8_t*)0x206bb02e = (uint8_t)0x0;
*(uint8_t*)0x206bb02f = (uint8_t)0x0;
*(uint32_t*)0x206bb030 = (uint32_t)0x0;
*(uint16_t*)0x206bb034 = (uint16_t)0x0;
*(uint16_t*)0x206bb036 = (uint16_t)0x0;
*(uint32_t*)0x206bb038 = (uint32_t)0x0;
*(uint64_t*)0x206bb040 = (uint64_t)0x4;
*(uint32_t*)0x206bb048 = (uint32_t)0x811ffdfc;
*(uint32_t*)0x206bb04c = r[25];
r[81] = syscall(__NR_ioctl, r[1], 0x890bul, 0x206bb000ul);
}
int main()
{
loop();
return 0;
}