#!/bin/sh # # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2020 Peter Holm # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # setsockopt() fuzz test scenario inspired by syzkaller. # "panic: mtx_lock() of spin mutex (null) @ # ../../../dev/hyperv/hvsock/hv_sock.c:519" seen. # https://people.freebsd.org/~pho/stress/log/setsockopt.txt # Introduced by r361275 # Fixed by r361360 . ../default.cfg dir=/tmp odir=`pwd` cd $dir sed '1,/^EOF/d' < $odir/$0 > $dir/setsockopt.c mycc -o setsockopt -Wall -Wextra -O0 -g setsockopt.c || exit 1 rm -f setsockopt.c daemon sh -c "(cd $odir/../testcases/swap; ./swap -t 5m)" > /dev/null 2>&1 /tmp/setsockopt s=$? while pgrep -q swap; do pkill -9 swap done rm -rf /tmp/setsockopt /tmp/setsockopt.c exit $s EOF #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define PARALLEL 128 #define RUNTIME (3 * 60) static int port; static void test(int idx) { struct hostent *hostent; struct sockaddr_in inetaddr; int i, j, r; int tcpsock, on; on = 1; for (i = 1; i < 5; i++) { for (j = 0; j < 10000; j++) { if ((tcpsock = socket(arc4random() % 64, arc4random() % 10, arc4random() % 10)) != -1) break; } if (tcpsock == -1) _exit(0); /* if (setsockopt(tcpsock, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)) < 0) err(1, "setsockopt(), %s:%d", __FILE__, __LINE__); */ for (j = 0; j < 10000; j++) { r = setsockopt(tcpsock, arc4random(), arc4random(), (char *)&on, sizeof(on)); if (r != -1) break; } hostent = gethostbyname ("localhost"); r = -1; for (j = 0; j < 10000 && r != 0; j++) { bzero((char *) &inetaddr, sizeof(inetaddr)); memcpy (&inetaddr.sin_addr.s_addr, hostent->h_addr, sizeof (struct in_addr)); // inetaddr.sin_family = AF_INET; inetaddr.sin_family = arc4random() % 128; // inetaddr.sin_addr.s_addr = INADDR_ANY; inetaddr.sin_addr.s_addr = arc4random(); inetaddr.sin_port = htons(port + idx); inetaddr.sin_len = sizeof(inetaddr); alarm(1); r = connect(tcpsock, (struct sockaddr *) &inetaddr, sizeof(inetaddr)); alarm(0); } usleep(1000); close(tcpsock); } write(tcpsock, "a", 1); _exit(0); } int main(void) { time_t start; int i, pids[PARALLEL], status; port = 77665; start = time(NULL); while ((time(NULL) - start) < RUNTIME) { for (i = 0; i < PARALLEL; i++) { if ((pids[i] = fork()) == 0) test(i); } for (i = 0; i < PARALLEL; i++) { if (waitpid(pids[i], &status, 0) == -1) err(1, "waitpid(%d)", pids[i]); } } return (0); }