xref: /freebsd/tools/test/stress2/misc/syzkaller34.sh (revision 13ec1e3155c7e9bf037b12af186351b7fa9b9450)
1#!/bin/sh
2
3# Fixed by git: 208256579804 - main - O_PATH: disable kqfilter for fifos
4# Submitted by markj@
5
6[ `uname -p` != "amd64" ] && exit 0
7
8. ../default.cfg
9cat > /tmp/syzkaller34.c <<EOF
10// autogenerated by syzkaller (https://github.com/google/syzkaller)
11
12#define _GNU_SOURCE
13
14#include <sys/types.h>
15
16#include <pwd.h>
17#include <signal.h>
18#include <stdarg.h>
19#include <stdbool.h>
20#include <stdint.h>
21#include <stdio.h>
22#include <stdlib.h>
23#include <string.h>
24#include <sys/endian.h>
25#include <sys/syscall.h>
26#include <sys/wait.h>
27#include <time.h>
28#include <unistd.h>
29
30static void kill_and_wait(int pid, int* status)
31{
32  kill(pid, SIGKILL);
33  while (waitpid(-1, status, 0) != pid) {
34  }
35}
36
37static void sleep_ms(uint64_t ms)
38{
39  usleep(ms * 1000);
40}
41
42static uint64_t current_time_ms(void)
43{
44  struct timespec ts;
45  if (clock_gettime(CLOCK_MONOTONIC, &ts))
46    exit(1);
47  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
48}
49
50static void execute_one(void);
51
52#define WAIT_FLAGS 0
53
54static void loop(void)
55{
56  int iter = 0;
57  for (;; iter++) {
58    int pid = fork();
59    if (pid < 0)
60      exit(1);
61    if (pid == 0) {
62      execute_one();
63      exit(0);
64    }
65    int status = 0;
66    uint64_t start = current_time_ms();
67    for (;;) {
68      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
69        break;
70      sleep_ms(1);
71      if (current_time_ms() - start < 5000) {
72        continue;
73      }
74      kill_and_wait(pid, &status);
75      break;
76    }
77  }
78}
79
80uint64_t r[1] = {0xffffffffffffffff};
81
82void execute_one(void)
83{
84  intptr_t res = 0;
85  memcpy((void*)0x20000000, "./file0\000", 8);
86  syscall(SYS_mknodat, 0xffffff9c, 0x20000000ul, 0x1000ul, 0ul);
87  memcpy((void*)0x20000040, "./file0\000", 8);
88  syscall(SYS_open, 0x20000040ul, 0x400000ul, 0x72ul);
89  res = syscall(SYS_kqueue);
90  if (res != -1)
91    r[0] = res;
92  *(uint64_t*)0x20000100 = 3;
93  *(uint16_t*)0x20000108 = -1;
94  *(uint16_t*)0x2000010a = 0x4015;
95  *(uint32_t*)0x2000010c = 0;
96  *(uint64_t*)0x20000110 = 0x400000000;
97  *(uint64_t*)0x20000118 = 5;
98  *(uint64_t*)0x20000120 = 4;
99  *(uint64_t*)0x20000128 = 0;
100  *(uint64_t*)0x20000130 = 0;
101  *(uint64_t*)0x20000138 = 0;
102  syscall(SYS_kevent, r[0], 0x20000100ul, 0x2cul, 0ul, 0ul, 0ul);
103}
104int main(void)
105{
106  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul);
107  loop();
108  return 0;
109}
110
111
112EOF
113mycc -o /tmp/syzkaller34 -Wall -Wextra -O0 /tmp/syzkaller34.c ||
114    exit 1
115
116(cd /tmp; timeout 3m ./syzkaller34)
117
118rm -rf /tmp/syzkaller34 syzkaller34.c /tmp/syzkaller.*
119exit 0
120