xref: /aosp_15_r20/external/liburing/test/a4c0b3decb33.c (revision 25da2bea747f3a93b4c30fd9708b0618ef55a0e6) 
1 /* SPDX-License-Identifier: MIT */
2 // autogenerated by syzkaller (https://github.com/google/syzkaller)
3 
4 #include <dirent.h>
5 #include <endian.h>
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <signal.h>
9 #include <stdarg.h>
10 #include <stdbool.h>
11 #include <stdint.h>
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <sys/prctl.h>
16 #include <sys/stat.h>
17 #include <sys/types.h>
18 #include <sys/wait.h>
19 #include <sys/mman.h>
20 #include <time.h>
21 #include <unistd.h>
22 
23 #include "liburing.h"
24 #include "../src/syscall.h"
25 
sleep_ms(uint64_t ms)26 static void sleep_ms(uint64_t ms)
27 {
28 	usleep(ms * 1000);
29 }
30 
current_time_ms(void)31 static uint64_t current_time_ms(void)
32 {
33 	struct timespec ts;
34 	if (clock_gettime(CLOCK_MONOTONIC, &ts))
35 		exit(1);
36 	return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
37 }
38 
write_file(const char * file,const char * what,...)39 static bool write_file(const char* file, const char* what, ...)
40 {
41 	char buf[1024];
42 	va_list args;
43 	va_start(args, what);
44 	vsnprintf(buf, sizeof(buf), what, args);
45 	va_end(args);
46 	buf[sizeof(buf) - 1] = 0;
47 	int len = strlen(buf);
48 	int fd = open(file, O_WRONLY | O_CLOEXEC);
49 	if (fd == -1)
50 		return false;
51 	if (write(fd, buf, len) != len) {
52 		int err = errno;
53 		close(fd);
54 		errno = err;
55 		return false;
56 	}
57 	close(fd);
58 	return true;
59 }
60 
kill_and_wait(int pid,int * status)61 static void kill_and_wait(int pid, int* status)
62 {
63 	kill(-pid, SIGKILL);
64 	kill(pid, SIGKILL);
65 	int i;
66 	for (i = 0; i < 100; i++) {
67 		if (waitpid(-1, status, WNOHANG | __WALL) == pid)
68 			return;
69 		usleep(1000);
70 	}
71 	DIR* dir = opendir("/sys/fs/fuse/connections");
72 	if (dir) {
73 		for (;;) {
74 			struct dirent* ent = readdir(dir);
75 			if (!ent)
76 				break;
77 			if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
78 				continue;
79 			char abort[300];
80 			snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
81 					ent->d_name);
82 			int fd = open(abort, O_WRONLY);
83 			if (fd == -1) {
84 				continue;
85 			}
86 			if (write(fd, abort, 1) < 0) {
87 			}
88 			close(fd);
89 		}
90 		closedir(dir);
91 	} else {
92 	}
93 	while (waitpid(-1, status, __WALL) != pid) {
94 	}
95 }
96 
setup_test()97 static void setup_test()
98 {
99 	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
100 	setpgrp();
101 	write_file("/proc/self/oom_score_adj", "1000");
102 }
103 
104 static void execute_one(void);
105 
106 #define WAIT_FLAGS __WALL
107 
loop(void)108 static void loop(void)
109 {
110 	int iter;
111 	for (iter = 0; iter < 5000; iter++) {
112 		int pid = fork();
113 		if (pid < 0)
114 			exit(1);
115 		if (pid == 0) {
116 			setup_test();
117 			execute_one();
118 			exit(0);
119 		}
120 		int status = 0;
121 		uint64_t start = current_time_ms();
122 		for (;;) {
123 			if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
124 				break;
125 			sleep_ms(1);
126 			if (current_time_ms() - start < 5 * 1000)
127 				continue;
128 			kill_and_wait(pid, &status);
129 			break;
130 		}
131 	}
132 }
133 
execute_one(void)134 void execute_one(void)
135 {
136 	*(uint32_t*)0x20000080 = 0;
137 	*(uint32_t*)0x20000084 = 0;
138 	*(uint32_t*)0x20000088 = 3;
139 	*(uint32_t*)0x2000008c = 3;
140 	*(uint32_t*)0x20000090 = 0x175;
141 	*(uint32_t*)0x20000094 = 0;
142 	*(uint32_t*)0x20000098 = 0;
143 	*(uint32_t*)0x2000009c = 0;
144 	*(uint32_t*)0x200000a0 = 0;
145 	*(uint32_t*)0x200000a4 = 0;
146 	*(uint32_t*)0x200000a8 = 0;
147 	*(uint32_t*)0x200000ac = 0;
148 	*(uint32_t*)0x200000b0 = 0;
149 	*(uint32_t*)0x200000b4 = 0;
150 	*(uint32_t*)0x200000b8 = 0;
151 	*(uint32_t*)0x200000bc = 0;
152 	*(uint32_t*)0x200000c0 = 0;
153 	*(uint32_t*)0x200000c4 = 0;
154 	*(uint64_t*)0x200000c8 = 0;
155 	*(uint32_t*)0x200000d0 = 0;
156 	*(uint32_t*)0x200000d4 = 0;
157 	*(uint32_t*)0x200000d8 = 0;
158 	*(uint32_t*)0x200000dc = 0;
159 	*(uint32_t*)0x200000e0 = 0;
160 	*(uint32_t*)0x200000e4 = 0;
161 	*(uint32_t*)0x200000e8 = 0;
162 	*(uint32_t*)0x200000ec = 0;
163 	*(uint64_t*)0x200000f0 = 0;
164 	__sys_io_uring_setup(0x983, (struct io_uring_params *) 0x20000080);
165 }
166 
sig_int(int sig)167 static void sig_int(int sig)
168 {
169 	exit(0);
170 }
171 
main(int argc,char * argv[])172 int main(int argc, char *argv[])
173 {
174 	if (argc > 1)
175 		return 0;
176 	signal(SIGINT, sig_int);
177 	mmap((void *) 0x20000000, 0x1000000, 3, 0x32, -1, 0);
178 	loop();
179 	return 0;
180 }
181