| // general protection fault in __skb_flow_dissect |
| // https://syzkaller.appspot.com/bug?id=657634fd8edcf2bcedae1271b9e6307ce4a61ce8 |
| // status:fixed |
| // autogenerated by syzkaller (http://github.com/google/syzkaller) |
| |
| #define _GNU_SOURCE |
| |
| #include <stdint.h> |
| #include <string.h> |
| #include <sys/syscall.h> |
| #include <unistd.h> |
| |
| long r[18]; |
| void loop() |
| { |
| memset(r, -1, sizeof(r)); |
| r[0] = syscall(__NR_mmap, 0x20000000ul, 0x18000ul, 0x3ul, 0x32ul, |
| 0xfffffffffffffffful, 0x0ul); |
| r[1] = syscall(__NR_socketpair, 0x1ul, 0x2000000000005ul, 0x0ul, |
| 0x20008000ul); |
| if (r[1] != -1) |
| r[2] = *(uint32_t*)0x20008000; |
| if (r[1] != -1) |
| r[3] = *(uint32_t*)0x20008004; |
| *(uint16_t*)0x20015000 = (uint16_t)0x2; |
| *(uint64_t*)0x20015008 = (uint64_t)0x20014000; |
| *(uint16_t*)0x20014000 = (uint16_t)0x20; |
| *(uint8_t*)0x20014002 = (uint8_t)0x0; |
| *(uint8_t*)0x20014003 = (uint8_t)0x0; |
| *(uint32_t*)0x20014004 = (uint32_t)0xeffffffffffff034; |
| *(uint16_t*)0x20014008 = (uint16_t)0x6; |
| *(uint8_t*)0x2001400a = (uint8_t)0x0; |
| *(uint8_t*)0x2001400b = (uint8_t)0x0; |
| *(uint32_t*)0x2001400c = (uint32_t)0x0; |
| r[14] = syscall(__NR_setsockopt, r[2], 0x1ul, 0x1aul, 0x20015000ul, |
| 0x10ul); |
| *(uint16_t*)0x20017ff6 = (uint16_t)0x0; |
| memcpy((void*)0x20017ff8, "\x2e\x2f\x66\x69\x6c\x65\x30\x00", 8); |
| r[17] = syscall(__NR_sendto, r[3], 0x2000cfdbul, 0x0ul, 0x0ul, |
| 0x20017ff6ul, 0xaul); |
| } |
| |
| int main() |
| { |
| loop(); |
| return 0; |
| } |
