xref: /aosp_15_r20/external/liburing/test/fc2a85cb02ef.c (revision 25da2bea747f3a93b4c30fd9708b0618ef55a0e6) 
1 /* SPDX-License-Identifier: MIT */
2 // https://syzkaller.appspot.com/bug?id=1f2ecd7a23dba87e5ca3505ec44514a462cfe8c0
3 // autogenerated by syzkaller (https://github.com/google/syzkaller)
4 
5 #include <errno.h>
6 #include <fcntl.h>
7 #include <stdarg.h>
8 #include <stdbool.h>
9 #include <stdint.h>
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <sys/socket.h>
14 #include <sys/types.h>
15 #include <sys/mman.h>
16 #include <unistd.h>
17 
18 #include "liburing.h"
19 #include "../src/syscall.h"
20 
write_file(const char * file,const char * what,...)21 static bool write_file(const char* file, const char* what, ...)
22 {
23   char buf[1024];
24   va_list args;
25   va_start(args, what);
26   vsnprintf(buf, sizeof(buf), what, args);
27   va_end(args);
28   buf[sizeof(buf) - 1] = 0;
29   int len = strlen(buf);
30   int fd = open(file, O_WRONLY | O_CLOEXEC);
31   if (fd == -1)
32     return false;
33   if (write(fd, buf, len) != len) {
34     int err = errno;
35     close(fd);
36     errno = err;
37     return false;
38   }
39   close(fd);
40   return true;
41 }
42 
inject_fault(int nth)43 static int inject_fault(int nth)
44 {
45   int fd;
46   fd = open("/proc/thread-self/fail-nth", O_RDWR);
47   if (fd == -1)
48     exit(1);
49   char buf[16];
50   sprintf(buf, "%d", nth + 1);
51   if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf))
52     exit(1);
53   return fd;
54 }
55 
setup_fault()56 static int setup_fault()
57 {
58   static struct {
59     const char* file;
60     const char* val;
61     bool fatal;
62   } files[] = {
63       {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true},
64       {"/sys/kernel/debug/failslab/verbose", "0", false},
65       {"/sys/kernel/debug/fail_futex/ignore-private", "N", false},
66       {"/sys/kernel/debug/fail_page_alloc/verbose", "0", false},
67       {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false},
68       {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false},
69       {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false},
70   };
71   unsigned i;
72   for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) {
73     if (!write_file(files[i].file, files[i].val)) {
74       if (files[i].fatal)
75 	return 1;
76     }
77   }
78   return 0;
79 }
80 
81 uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};
82 
main(int argc,char * argv[])83 int main(int argc, char *argv[])
84 {
85   if (argc > 1)
86     return 0;
87   mmap((void *) 0x20000000ul, 0x1000000ul, 3ul, 0x32ul, -1, 0);
88   if (setup_fault()) {
89     printf("Test needs failslab/fail_futex/fail_page_alloc enabled, skipped\n");
90     return 0;
91   }
92   intptr_t res = 0;
93   *(uint32_t*)0x20000000 = 0;
94   *(uint32_t*)0x20000004 = 0;
95   *(uint32_t*)0x20000008 = 0;
96   *(uint32_t*)0x2000000c = 0;
97   *(uint32_t*)0x20000010 = 0;
98   *(uint32_t*)0x20000014 = 0;
99   *(uint32_t*)0x20000018 = 0;
100   *(uint32_t*)0x2000001c = 0;
101   *(uint32_t*)0x20000020 = 0;
102   *(uint32_t*)0x20000024 = 0;
103   *(uint32_t*)0x20000028 = 0;
104   *(uint32_t*)0x2000002c = 0;
105   *(uint32_t*)0x20000030 = 0;
106   *(uint32_t*)0x20000034 = 0;
107   *(uint32_t*)0x20000038 = 0;
108   *(uint32_t*)0x2000003c = 0;
109   *(uint32_t*)0x20000040 = 0;
110   *(uint32_t*)0x20000044 = 0;
111   *(uint64_t*)0x20000048 = 0;
112   *(uint32_t*)0x20000050 = 0;
113   *(uint32_t*)0x20000054 = 0;
114   *(uint32_t*)0x20000058 = 0;
115   *(uint32_t*)0x2000005c = 0;
116   *(uint32_t*)0x20000060 = 0;
117   *(uint32_t*)0x20000064 = 0;
118   *(uint32_t*)0x20000068 = 0;
119   *(uint32_t*)0x2000006c = 0;
120   *(uint64_t*)0x20000070 = 0;
121   res = __sys_io_uring_setup(0x6a6, (struct io_uring_params *) 0x20000000ul);
122   if (res != -1)
123     r[0] = res;
124   res = socket(0x11ul, 2ul, 0x300ul);
125   if (res != -1)
126     r[1] = res;
127   *(uint32_t*)0x20000080 = r[1];
128   inject_fault(1);
129   __sys_io_uring_register(r[0], 2ul, (const void *) 0x20000080ul, 1ul);
130   return 0;
131 }
132