syzkaller-repros/linux/5a978b949b172f67a927db696a70b6ac84088ce2.c - pub/scm/linux/kernel/git/shuah/linux-arts - Git at Google

 // BUG: sleeping function called from invalid context at mm/slab.h:LINE (4)
 // https://syzkaller.appspot.com/bug?id=5a978b949b172f67a927db696a70b6ac84088ce2
 // status:fixed
 // autogenerated by syzkaller (https://github.com/google/syzkaller)

 #define _GNU_SOURCE

 #include <endian.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/syscall.h>
 #include <sys/types.h>
 #include <unistd.h>

 uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

 int main(void)
 {
   syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
   long res = 0;
   res = syscall(__NR_socket, 0x26, 5, 0);
   if (res != -1)
     r[0] = res;
   *(uint16_t*)0x20000740 = 0x26;
   memcpy((void*)0x20000742,
          "\x73\x6b\x63\x69\x70\x68\x65\x72\x00\x00\x00\x00\x00\x00", 14);
   *(uint32_t*)0x20000750 = 0;
   *(uint32_t*)0x20000754 = 0;
   memcpy((void*)0x20000758,
          "\x63\x68\x61\x63\x68\x61\x32\x30\x2d\x73\x69\x6d\x64\x00\x00\x00\x00"
          "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
          "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
          "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
          64);
   syscall(__NR_bind, r[0], 0x20000740, 0x58);
   memcpy((void*)0x20000080, "\xb7\xf2\x28\x8a\x91\x19\x93\xf0\x26\x5d\xf5\xcf"
                             "\x1c\xdd\x8b\x55\xb0\x62\x95\x0b\x86\xbc\x01\xab"
                             "\xc8\x46\x4d\x4f\x8a\x90\x61\x51",
          32);
   syscall(__NR_setsockopt, r[0], 0x117, 1, 0x20000080, 0x20);
   res = syscall(__NR_accept, r[0], 0, 0);
   if (res != -1)
     r[1] = res;
   memcpy((void*)0x200003c0, "#! ", 3);
   memcpy((void*)0x200003c3, "./file0", 7);
   *(uint8_t*)0x200003ca = 0xa;
   memcpy((void*)0x200003cb,
          "\x62\xfc\x15\xbb\xb6\x9c\x31\x93\xb6\xda\x50\xda\x27\x00\x3b\x38\x7e"
          "\xd4\xba\xc1\x56\xe2\x84\x6e\x7d\x20\xd4\x3b\xf0\x74\xa1\x9f\x62\xf0"
          "\x28\x47\x5b\x5b\xc8\xec\x8b\xb0\x9e\xe7\x7e\x02\x4f\xf6\xa7\x47\xf2"
          "\x0a\xfc\x81\x11\xf4\x85\x12\x16\x38\x3b\xe5\x12\x43\xd3\xd7\xc1\x0f"
          "\xd3\x6f\xcf\xe6\x2c\x2f\xb9\x89\x58\x9b\x85\x2f\x9d\x23\x6b\x72\xb1"
          "\x72\x2a\xaa\xb9\x95\x44\x30\x03\x70\xaa\x74\x6c\xac\x2d\xfb\xf7\xc9"
          "\xc2\x04\xae\xc6\xeb\x8f\xcc\x9a\xc5\x8a\x0d\xe5\x89\x44\x8f\xe9",
          118);
   syscall(__NR_write, r[1], 0x200003c0, 0x81);
   *(uint64_t*)0x2000a280 = 0;
   *(uint32_t*)0x2000a288 = 0;
   *(uint64_t*)0x2000a290 = 0x20002200;
   *(uint64_t*)0x20002200 = 0x20001e40;
   *(uint64_t*)0x20002208 = 0xd;
   *(uint64_t*)0x20002210 = 0x20002100;
   *(uint64_t*)0x20002218 = 0xd1;
   *(uint64_t*)0x2000a298 = 2;
   *(uint64_t*)0x2000a2a0 = 0;
   *(uint64_t*)0x2000a2a8 = 0;
   *(uint32_t*)0x2000a2b0 = 0;
   *(uint32_t*)0x2000a2b8 = 0;
   syscall(__NR_recvmmsg, r[1], 0x2000a280, 1, 0, 0);
   return 0;
 }
	// BUG: sleeping function called from invalid context at mm/slab.h:LINE (4)
	// https://syzkaller.appspot.com/bug?id=5a978b949b172f67a927db696a70b6ac84088ce2
	// status:fixed
	// autogenerated by syzkaller (https://github.com/google/syzkaller)

	#define _GNU_SOURCE

	#include <endian.h>
	#include <stdint.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <sys/syscall.h>
	#include <sys/types.h>
	#include <unistd.h>

	uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

	int main(void)
	{
	syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
	long res = 0;
	res = syscall(__NR_socket, 0x26, 5, 0);
	if (res != -1)
	r[0] = res;
	(uint16_t)0x20000740 = 0x26;
	memcpy((void*)0x20000742,
	"\x73\x6b\x63\x69\x70\x68\x65\x72\x00\x00\x00\x00\x00\x00", 14);
	(uint32_t)0x20000750 = 0;
	(uint32_t)0x20000754 = 0;
	memcpy((void*)0x20000758,
	"\x63\x68\x61\x63\x68\x61\x32\x30\x2d\x73\x69\x6d\x64\x00\x00\x00\x00"
	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
	64);
	syscall(__NR_bind, r[0], 0x20000740, 0x58);
	memcpy((void*)0x20000080, "\xb7\xf2\x28\x8a\x91\x19\x93\xf0\x26\x5d\xf5\xcf"
	"\x1c\xdd\x8b\x55\xb0\x62\x95\x0b\x86\xbc\x01\xab"
	"\xc8\x46\x4d\x4f\x8a\x90\x61\x51",
	32);
	syscall(__NR_setsockopt, r[0], 0x117, 1, 0x20000080, 0x20);
	res = syscall(__NR_accept, r[0], 0, 0);
	if (res != -1)
	r[1] = res;
	memcpy((void*)0x200003c0, "#! ", 3);
	memcpy((void*)0x200003c3, "./file0", 7);
	(uint8_t)0x200003ca = 0xa;
	memcpy((void*)0x200003cb,
	"\x62\xfc\x15\xbb\xb6\x9c\x31\x93\xb6\xda\x50\xda\x27\x00\x3b\x38\x7e"
	"\xd4\xba\xc1\x56\xe2\x84\x6e\x7d\x20\xd4\x3b\xf0\x74\xa1\x9f\x62\xf0"
	"\x28\x47\x5b\x5b\xc8\xec\x8b\xb0\x9e\xe7\x7e\x02\x4f\xf6\xa7\x47\xf2"
	"\x0a\xfc\x81\x11\xf4\x85\x12\x16\x38\x3b\xe5\x12\x43\xd3\xd7\xc1\x0f"
	"\xd3\x6f\xcf\xe6\x2c\x2f\xb9\x89\x58\x9b\x85\x2f\x9d\x23\x6b\x72\xb1"
	"\x72\x2a\xaa\xb9\x95\x44\x30\x03\x70\xaa\x74\x6c\xac\x2d\xfb\xf7\xc9"
	"\xc2\x04\xae\xc6\xeb\x8f\xcc\x9a\xc5\x8a\x0d\xe5\x89\x44\x8f\xe9",
	118);
	syscall(__NR_write, r[1], 0x200003c0, 0x81);
	(uint64_t)0x2000a280 = 0;
	(uint32_t)0x2000a288 = 0;
	(uint64_t)0x2000a290 = 0x20002200;
	(uint64_t)0x20002200 = 0x20001e40;
	(uint64_t)0x20002208 = 0xd;
	(uint64_t)0x20002210 = 0x20002100;
	(uint64_t)0x20002218 = 0xd1;
	(uint64_t)0x2000a298 = 2;
	(uint64_t)0x2000a2a0 = 0;
	(uint64_t)0x2000a2a8 = 0;
	(uint32_t)0x2000a2b0 = 0;
	(uint32_t)0x2000a2b8 = 0;
	syscall(__NR_recvmmsg, r[1], 0x2000a280, 1, 0, 0);
	return 0;
	}