xref: /aosp_15_r20/external/liburing/test/fc2a85cb02ef.c (revision 25da2bea747f3a93b4c30fd9708b0618ef55a0e6) 
1*25da2beaSAndroid Build Coastguard Worker /* SPDX-License-Identifier: MIT */
2*25da2beaSAndroid Build Coastguard Worker // https://syzkaller.appspot.com/bug?id=1f2ecd7a23dba87e5ca3505ec44514a462cfe8c0
3*25da2beaSAndroid Build Coastguard Worker // autogenerated by syzkaller (https://github.com/google/syzkaller)
4*25da2beaSAndroid Build Coastguard Worker 
5*25da2beaSAndroid Build Coastguard Worker #include <errno.h>
6*25da2beaSAndroid Build Coastguard Worker #include <fcntl.h>
7*25da2beaSAndroid Build Coastguard Worker #include <stdarg.h>
8*25da2beaSAndroid Build Coastguard Worker #include <stdbool.h>
9*25da2beaSAndroid Build Coastguard Worker #include <stdint.h>
10*25da2beaSAndroid Build Coastguard Worker #include <stdio.h>
11*25da2beaSAndroid Build Coastguard Worker #include <stdlib.h>
12*25da2beaSAndroid Build Coastguard Worker #include <string.h>
13*25da2beaSAndroid Build Coastguard Worker #include <sys/socket.h>
14*25da2beaSAndroid Build Coastguard Worker #include <sys/types.h>
15*25da2beaSAndroid Build Coastguard Worker #include <sys/mman.h>
16*25da2beaSAndroid Build Coastguard Worker #include <unistd.h>
17*25da2beaSAndroid Build Coastguard Worker 
18*25da2beaSAndroid Build Coastguard Worker #include "liburing.h"
19*25da2beaSAndroid Build Coastguard Worker #include "../src/syscall.h"
20*25da2beaSAndroid Build Coastguard Worker 
write_file(const char * file,const char * what,...)21*25da2beaSAndroid Build Coastguard Worker static bool write_file(const char* file, const char* what, ...)
22*25da2beaSAndroid Build Coastguard Worker {
23*25da2beaSAndroid Build Coastguard Worker   char buf[1024];
24*25da2beaSAndroid Build Coastguard Worker   va_list args;
25*25da2beaSAndroid Build Coastguard Worker   va_start(args, what);
26*25da2beaSAndroid Build Coastguard Worker   vsnprintf(buf, sizeof(buf), what, args);
27*25da2beaSAndroid Build Coastguard Worker   va_end(args);
28*25da2beaSAndroid Build Coastguard Worker   buf[sizeof(buf) - 1] = 0;
29*25da2beaSAndroid Build Coastguard Worker   int len = strlen(buf);
30*25da2beaSAndroid Build Coastguard Worker   int fd = open(file, O_WRONLY | O_CLOEXEC);
31*25da2beaSAndroid Build Coastguard Worker   if (fd == -1)
32*25da2beaSAndroid Build Coastguard Worker     return false;
33*25da2beaSAndroid Build Coastguard Worker   if (write(fd, buf, len) != len) {
34*25da2beaSAndroid Build Coastguard Worker     int err = errno;
35*25da2beaSAndroid Build Coastguard Worker     close(fd);
36*25da2beaSAndroid Build Coastguard Worker     errno = err;
37*25da2beaSAndroid Build Coastguard Worker     return false;
38*25da2beaSAndroid Build Coastguard Worker   }
39*25da2beaSAndroid Build Coastguard Worker   close(fd);
40*25da2beaSAndroid Build Coastguard Worker   return true;
41*25da2beaSAndroid Build Coastguard Worker }
42*25da2beaSAndroid Build Coastguard Worker 
inject_fault(int nth)43*25da2beaSAndroid Build Coastguard Worker static int inject_fault(int nth)
44*25da2beaSAndroid Build Coastguard Worker {
45*25da2beaSAndroid Build Coastguard Worker   int fd;
46*25da2beaSAndroid Build Coastguard Worker   fd = open("/proc/thread-self/fail-nth", O_RDWR);
47*25da2beaSAndroid Build Coastguard Worker   if (fd == -1)
48*25da2beaSAndroid Build Coastguard Worker     exit(1);
49*25da2beaSAndroid Build Coastguard Worker   char buf[16];
50*25da2beaSAndroid Build Coastguard Worker   sprintf(buf, "%d", nth + 1);
51*25da2beaSAndroid Build Coastguard Worker   if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf))
52*25da2beaSAndroid Build Coastguard Worker     exit(1);
53*25da2beaSAndroid Build Coastguard Worker   return fd;
54*25da2beaSAndroid Build Coastguard Worker }
55*25da2beaSAndroid Build Coastguard Worker 
setup_fault()56*25da2beaSAndroid Build Coastguard Worker static int setup_fault()
57*25da2beaSAndroid Build Coastguard Worker {
58*25da2beaSAndroid Build Coastguard Worker   static struct {
59*25da2beaSAndroid Build Coastguard Worker     const char* file;
60*25da2beaSAndroid Build Coastguard Worker     const char* val;
61*25da2beaSAndroid Build Coastguard Worker     bool fatal;
62*25da2beaSAndroid Build Coastguard Worker   } files[] = {
63*25da2beaSAndroid Build Coastguard Worker       {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true},
64*25da2beaSAndroid Build Coastguard Worker       {"/sys/kernel/debug/failslab/verbose", "0", false},
65*25da2beaSAndroid Build Coastguard Worker       {"/sys/kernel/debug/fail_futex/ignore-private", "N", false},
66*25da2beaSAndroid Build Coastguard Worker       {"/sys/kernel/debug/fail_page_alloc/verbose", "0", false},
67*25da2beaSAndroid Build Coastguard Worker       {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false},
68*25da2beaSAndroid Build Coastguard Worker       {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false},
69*25da2beaSAndroid Build Coastguard Worker       {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false},
70*25da2beaSAndroid Build Coastguard Worker   };
71*25da2beaSAndroid Build Coastguard Worker   unsigned i;
72*25da2beaSAndroid Build Coastguard Worker   for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) {
73*25da2beaSAndroid Build Coastguard Worker     if (!write_file(files[i].file, files[i].val)) {
74*25da2beaSAndroid Build Coastguard Worker       if (files[i].fatal)
75*25da2beaSAndroid Build Coastguard Worker 	return 1;
76*25da2beaSAndroid Build Coastguard Worker     }
77*25da2beaSAndroid Build Coastguard Worker   }
78*25da2beaSAndroid Build Coastguard Worker   return 0;
79*25da2beaSAndroid Build Coastguard Worker }
80*25da2beaSAndroid Build Coastguard Worker 
81*25da2beaSAndroid Build Coastguard Worker uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};
82*25da2beaSAndroid Build Coastguard Worker 
main(int argc,char * argv[])83*25da2beaSAndroid Build Coastguard Worker int main(int argc, char *argv[])
84*25da2beaSAndroid Build Coastguard Worker {
85*25da2beaSAndroid Build Coastguard Worker   if (argc > 1)
86*25da2beaSAndroid Build Coastguard Worker     return 0;
87*25da2beaSAndroid Build Coastguard Worker   mmap((void *) 0x20000000ul, 0x1000000ul, 3ul, 0x32ul, -1, 0);
88*25da2beaSAndroid Build Coastguard Worker   if (setup_fault()) {
89*25da2beaSAndroid Build Coastguard Worker     printf("Test needs failslab/fail_futex/fail_page_alloc enabled, skipped\n");
90*25da2beaSAndroid Build Coastguard Worker     return 0;
91*25da2beaSAndroid Build Coastguard Worker   }
92*25da2beaSAndroid Build Coastguard Worker   intptr_t res = 0;
93*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000000 = 0;
94*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000004 = 0;
95*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000008 = 0;
96*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x2000000c = 0;
97*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000010 = 0;
98*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000014 = 0;
99*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000018 = 0;
100*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x2000001c = 0;
101*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000020 = 0;
102*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000024 = 0;
103*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000028 = 0;
104*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x2000002c = 0;
105*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000030 = 0;
106*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000034 = 0;
107*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000038 = 0;
108*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x2000003c = 0;
109*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000040 = 0;
110*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000044 = 0;
111*25da2beaSAndroid Build Coastguard Worker   *(uint64_t*)0x20000048 = 0;
112*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000050 = 0;
113*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000054 = 0;
114*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000058 = 0;
115*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x2000005c = 0;
116*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000060 = 0;
117*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000064 = 0;
118*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000068 = 0;
119*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x2000006c = 0;
120*25da2beaSAndroid Build Coastguard Worker   *(uint64_t*)0x20000070 = 0;
121*25da2beaSAndroid Build Coastguard Worker   res = __sys_io_uring_setup(0x6a6, (struct io_uring_params *) 0x20000000ul);
122*25da2beaSAndroid Build Coastguard Worker   if (res != -1)
123*25da2beaSAndroid Build Coastguard Worker     r[0] = res;
124*25da2beaSAndroid Build Coastguard Worker   res = socket(0x11ul, 2ul, 0x300ul);
125*25da2beaSAndroid Build Coastguard Worker   if (res != -1)
126*25da2beaSAndroid Build Coastguard Worker     r[1] = res;
127*25da2beaSAndroid Build Coastguard Worker   *(uint32_t*)0x20000080 = r[1];
128*25da2beaSAndroid Build Coastguard Worker   inject_fault(1);
129*25da2beaSAndroid Build Coastguard Worker   __sys_io_uring_register(r[0], 2ul, (const void *) 0x20000080ul, 1ul);
130*25da2beaSAndroid Build Coastguard Worker   return 0;
131*25da2beaSAndroid Build Coastguard Worker }
132