| // KMSAN: uninit-value in __crypto_memneq |
| // https://syzkaller.appspot.com/bug?id=4c194f75820d5059b949cd1257159d9b46c3ef16 |
| // status:invalid |
| // autogenerated by syzkaller (http://github.com/google/syzkaller) |
| |
| #define _GNU_SOURCE |
| #include <endian.h> |
| #include <stdint.h> |
| #include <string.h> |
| #include <sys/syscall.h> |
| #include <unistd.h> |
| |
| uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; |
| void loop() |
| { |
| long res = 0; |
| res = syscall(__NR_socket, 0x26, 5, 0); |
| if (res != -1) |
| r[0] = res; |
| *(uint16_t*)0x20000000 = 0x26; |
| memcpy((void*)0x20000002, |
| "\x61\x65\x61\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 14); |
| *(uint32_t*)0x20000010 = 0; |
| *(uint32_t*)0x20000014 = 0; |
| memcpy((void*)0x20000018, |
| "\x67\x63\x6d\x28\x61\x65\x73\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00" |
| "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" |
| "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" |
| "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", |
| 64); |
| syscall(__NR_bind, r[0], 0x20000000, 0x58); |
| memcpy((void*)0x204f7000, |
| "\x64\x9c\x47\xad\x46\x39\x0d\x00\x6d\xc8\x00\x00\x00\x9d\x4d\x54", |
| 16); |
| syscall(__NR_setsockopt, r[0], 0x117, 1, 0x204f7000, 0x10); |
| res = syscall(__NR_dup, r[0]); |
| if (res != -1) |
| r[1] = res; |
| res = syscall(__NR_accept4, r[1], 0, 0, 0); |
| if (res != -1) |
| r[2] = res; |
| *(uint64_t*)0x20000a00 = 0; |
| *(uint32_t*)0x20000a08 = 0; |
| *(uint64_t*)0x20000a10 = 0x20000680; |
| *(uint64_t*)0x20000680 = 0x200002c0; |
| *(uint64_t*)0x20000688 = 0; |
| *(uint64_t*)0x20000690 = 0x20000440; |
| *(uint64_t*)0x20000698 = 0; |
| *(uint64_t*)0x200006a0 = 0x200005c0; |
| memcpy((void*)0x200005c0, |
| "\x9c\xd6\x6b\x9e\x1a\xc7\xee\x1e\x31\x3a\xb6\xe8\xc6\xa9\x20\xce\x31" |
| "\xa6\x99\xaf\x4f\xb0\x0f\x45\x6f\x84\x69\x7b\xb3\x80\x4c\xa5\xe8\xf8" |
| "\x86\x9c\x51\x03\x16\x41\x5e\x75\x0b\x1b\xca\x7c\x87\x05\x50\xaf\x43" |
| "\x41\x00\xc4\x71\x0c\x2d\xc0\x8e\x36\xcb\xc0\xa3\xfa\xdb\x9c\x70\x81" |
| "\xe2\x2f\xec\x83\x90\x45\xd1\xa0\xb0\xfa\x07\x89\x82\x19\x28\x54\x64" |
| "\xd0\x87\x60\xe4\x76\x4e\xa7\x1b\x61\x67\x23\x86\x25\xb6\x17\xb2\x06" |
| "\x96\x89\xd3\x3d\x47\x5d\x45\xb2\xd7\xd4\xb8\xa3\xab\x61\x2f\x21\xaf" |
| "\x83\xaa\x49\x1c\x3c\x71\x90\x3c\x1c\xe4\x47\x5d\xd2\xfe\x96\x94\x0f" |
| "\xb7\x94\x6b\xcb\xf8\xb3\x3b\x56\xaa\x9d\xd0\x3f\xc2\x49\x12\xda\x36" |
| "\xc6\xa2\xab\xe8\xb4\xb5\x74\xdd\x84\x74\x4e\xd0\x83\xa4\xaf\x2c\x1b" |
| "\x46\xab\xb6\x4b\x4d\xda\x93\x3a\xf2\x7e\xc3\x59\x40\xd2\x7b\x13\x84" |
| "\xac\x04\xa6\x4e", |
| 191); |
| *(uint64_t*)0x200006a8 = 0xbf; |
| *(uint64_t*)0x20000a18 = 3; |
| *(uint64_t*)0x20000a20 = 0x20000580; |
| *(uint64_t*)0x20000a28 = 0; |
| *(uint32_t*)0x20000a30 = 0; |
| syscall(__NR_sendmmsg, r[2], 0x20000a00, 1, 0); |
| *(uint64_t*)0x200000c0 = 0; |
| *(uint32_t*)0x200000c8 = 0xa6; |
| *(uint64_t*)0x200000d0 = 0x2020bfe8; |
| *(uint64_t*)0x2020bfe8 = 0x20588fa9; |
| *(uint64_t*)0x2020bff0 = 0x32f; |
| *(uint64_t*)0x200000d8 = 1; |
| *(uint64_t*)0x200000e0 = 0x20142000; |
| *(uint64_t*)0x200000e8 = 0xfffffffffffffec8; |
| *(uint32_t*)0x200000f0 = 0; |
| syscall(__NR_recvmsg, r[2], 0x200000c0, 0); |
| } |
| |
| int main() |
| { |
| syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); |
| loop(); |
| return 0; |
| } |