xref: /freebsd/tools/test/stress2/misc/syzkaller34.sh (revision 7f658f99f7ed5d1d0e0802073bb22eb8a0a784fb) 
1a7d46ad0SPeter Holm#!/bin/sh
2a7d46ad0SPeter Holm
3a7d46ad0SPeter Holm# Fixed by git: 208256579804 - main - O_PATH: disable kqfilter for fifos
4a7d46ad0SPeter Holm# Submitted by markj@
5a7d46ad0SPeter Holm
6a7d46ad0SPeter Holm[ `uname -p` != "amd64" ] && exit 0
7a7d46ad0SPeter Holm
8a7d46ad0SPeter Holm. ../default.cfg
9a7d46ad0SPeter Holmcat > /tmp/syzkaller34.c <<EOF
10a7d46ad0SPeter Holm// autogenerated by syzkaller (https://github.com/google/syzkaller)
11a7d46ad0SPeter Holm
12a7d46ad0SPeter Holm#define _GNU_SOURCE
13a7d46ad0SPeter Holm
14a7d46ad0SPeter Holm#include <sys/types.h>
15a7d46ad0SPeter Holm
16a7d46ad0SPeter Holm#include <pwd.h>
17a7d46ad0SPeter Holm#include <signal.h>
18a7d46ad0SPeter Holm#include <stdarg.h>
19a7d46ad0SPeter Holm#include <stdbool.h>
20a7d46ad0SPeter Holm#include <stdint.h>
21a7d46ad0SPeter Holm#include <stdio.h>
22a7d46ad0SPeter Holm#include <stdlib.h>
23a7d46ad0SPeter Holm#include <string.h>
24a7d46ad0SPeter Holm#include <sys/endian.h>
25a7d46ad0SPeter Holm#include <sys/syscall.h>
26a7d46ad0SPeter Holm#include <sys/wait.h>
27a7d46ad0SPeter Holm#include <time.h>
28a7d46ad0SPeter Holm#include <unistd.h>
29a7d46ad0SPeter Holm
30a7d46ad0SPeter Holmstatic void kill_and_wait(int pid, int* status)
31a7d46ad0SPeter Holm{
32a7d46ad0SPeter Holm  kill(pid, SIGKILL);
33a7d46ad0SPeter Holm  while (waitpid(-1, status, 0) != pid) {
34a7d46ad0SPeter Holm  }
35a7d46ad0SPeter Holm}
36a7d46ad0SPeter Holm
37a7d46ad0SPeter Holmstatic void sleep_ms(uint64_t ms)
38a7d46ad0SPeter Holm{
39a7d46ad0SPeter Holm  usleep(ms * 1000);
40a7d46ad0SPeter Holm}
41a7d46ad0SPeter Holm
42a7d46ad0SPeter Holmstatic uint64_t current_time_ms(void)
43a7d46ad0SPeter Holm{
44a7d46ad0SPeter Holm  struct timespec ts;
45a7d46ad0SPeter Holm  if (clock_gettime(CLOCK_MONOTONIC, &ts))
46a7d46ad0SPeter Holm    exit(1);
47a7d46ad0SPeter Holm  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
48a7d46ad0SPeter Holm}
49a7d46ad0SPeter Holm
50a7d46ad0SPeter Holmstatic void execute_one(void);
51a7d46ad0SPeter Holm
52a7d46ad0SPeter Holm#define WAIT_FLAGS 0
53a7d46ad0SPeter Holm
54a7d46ad0SPeter Holmstatic void loop(void)
55a7d46ad0SPeter Holm{
56*7f658f99SPeter Holm  int iter __unused = 0;
57a7d46ad0SPeter Holm  for (;; iter++) {
58a7d46ad0SPeter Holm    int pid = fork();
59a7d46ad0SPeter Holm    if (pid < 0)
60a7d46ad0SPeter Holm      exit(1);
61a7d46ad0SPeter Holm    if (pid == 0) {
62a7d46ad0SPeter Holm      execute_one();
63a7d46ad0SPeter Holm      exit(0);
64a7d46ad0SPeter Holm    }
65a7d46ad0SPeter Holm    int status = 0;
66a7d46ad0SPeter Holm    uint64_t start = current_time_ms();
67a7d46ad0SPeter Holm    for (;;) {
68a7d46ad0SPeter Holm      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
69a7d46ad0SPeter Holm        break;
70a7d46ad0SPeter Holm      sleep_ms(1);
71a7d46ad0SPeter Holm      if (current_time_ms() - start < 5000) {
72a7d46ad0SPeter Holm        continue;
73a7d46ad0SPeter Holm      }
74a7d46ad0SPeter Holm      kill_and_wait(pid, &status);
75a7d46ad0SPeter Holm      break;
76a7d46ad0SPeter Holm    }
77a7d46ad0SPeter Holm  }
78a7d46ad0SPeter Holm}
79a7d46ad0SPeter Holm
80a7d46ad0SPeter Holmuint64_t r[1] = {0xffffffffffffffff};
81a7d46ad0SPeter Holm
82a7d46ad0SPeter Holmvoid execute_one(void)
83a7d46ad0SPeter Holm{
84a7d46ad0SPeter Holm  intptr_t res = 0;
85a7d46ad0SPeter Holm  memcpy((void*)0x20000000, "./file0\000", 8);
86a7d46ad0SPeter Holm  syscall(SYS_mknodat, 0xffffff9c, 0x20000000ul, 0x1000ul, 0ul);
87a7d46ad0SPeter Holm  memcpy((void*)0x20000040, "./file0\000", 8);
88a7d46ad0SPeter Holm  syscall(SYS_open, 0x20000040ul, 0x400000ul, 0x72ul);
89a7d46ad0SPeter Holm  res = syscall(SYS_kqueue);
90a7d46ad0SPeter Holm  if (res != -1)
91a7d46ad0SPeter Holm    r[0] = res;
92a7d46ad0SPeter Holm  *(uint64_t*)0x20000100 = 3;
93a7d46ad0SPeter Holm  *(uint16_t*)0x20000108 = -1;
94a7d46ad0SPeter Holm  *(uint16_t*)0x2000010a = 0x4015;
95a7d46ad0SPeter Holm  *(uint32_t*)0x2000010c = 0;
96a7d46ad0SPeter Holm  *(uint64_t*)0x20000110 = 0x400000000;
97a7d46ad0SPeter Holm  *(uint64_t*)0x20000118 = 5;
98a7d46ad0SPeter Holm  *(uint64_t*)0x20000120 = 4;
99a7d46ad0SPeter Holm  *(uint64_t*)0x20000128 = 0;
100a7d46ad0SPeter Holm  *(uint64_t*)0x20000130 = 0;
101a7d46ad0SPeter Holm  *(uint64_t*)0x20000138 = 0;
102a7d46ad0SPeter Holm  syscall(SYS_kevent, r[0], 0x20000100ul, 0x2cul, 0ul, 0ul, 0ul);
103a7d46ad0SPeter Holm}
104a7d46ad0SPeter Holmint main(void)
105a7d46ad0SPeter Holm{
106a7d46ad0SPeter Holm  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul);
107a7d46ad0SPeter Holm  loop();
108a7d46ad0SPeter Holm  return 0;
109a7d46ad0SPeter Holm}
110a7d46ad0SPeter Holm
111a7d46ad0SPeter Holm
112a7d46ad0SPeter HolmEOF
113a7d46ad0SPeter Holmmycc -o /tmp/syzkaller34 -Wall -Wextra -O0 /tmp/syzkaller34.c ||
114a7d46ad0SPeter Holm    exit 1
115a7d46ad0SPeter Holm
116a7d46ad0SPeter Holm(cd /tmp; timeout 3m ./syzkaller34)
117a7d46ad0SPeter Holm
118014a2b1aSPeter Holmrm -rf /tmp/syzkaller34 /tmp/syzkaller34.c /tmp/syzkaller.*
119a7d46ad0SPeter Holmexit 0
120