xref: /freebsd/tools/test/stress2/misc/syzkaller48.sh (revision 51015e6d0f570239b0c2088dc6cf2b018928375d)
1#!/bin/sh
2
3[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1
4
5# Fixed by:
6# 628c3b307fb2 - main - cache: only let non-dir descriptors through when doing EMPTYPATH lookups
7
8. ../default.cfg
9[ `id -u` -ne 0 ] && echo "Must be root!" && exit 1
10
11cat > /tmp/syzkaller48.c <<EOF
12// Reported-by: syzbot+9aa5439dd9c708aeb1a8@syzkaller.appspotmail.com
13
14#define _GNU_SOURCE
15
16#include <pwd.h>
17#include <stdarg.h>
18#include <stdbool.h>
19#include <stdint.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <string.h>
23#include <sys/endian.h>
24#include <sys/syscall.h>
25#include <unistd.h>
26
27#ifndef SYS___realpathat
28#define SYS___realpathat 574
29#endif
30
31uint64_t r[1] = {0xffffffffffffffff};
32
33int main(void)
34{
35 int i;
36
37  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul);
38  intptr_t res = 0;
39  memcpy((void*)0x200000c0, "./file0\000", 8);
40  for (i = 0; i < 1000; i++) {
41  res = syscall(SYS_open, 0x200000c0ul, 0x48300ul, 0ul);
42  if (res != -1)
43    r[0] = res;
44  memcpy((void*)0x20000080, ".\000", 2);
45  syscall(SYS___realpathat, r[0], 0x20000080ul, 0x200002c0ul, 0xabul, 0ul);
46  close(res);
47  }
48  return 0;
49}
50EOF
51
52set -e
53mount | grep "on $mntpoint " | grep -q /dev/md && umount -f $mntpoint
54[ -c /dev/md$mdstart ] &&  mdconfig -d -u $mdstart
55mdconfig -a -t swap -s 5g -u $mdstart
56newfs $newfs_flags -n md$mdstart > /dev/null
57mount /dev/md$mdstart $mntpoint
58set +e
59
60mkdir $mntpoint/work
61mycc -o $mntpoint/work/syzkaller48 -Wall -Wextra -O0 /tmp/syzkaller48.c || exit 1
62
63while true; do
64	touch $mntpoint/work/file0
65	rm $mntpoint/work/file0
66done &
67
68start=`date +%s`
69while [ $((`date +%s` - start)) -lt 120 ]; do
70	(cd $mntpoint/work; ./syzkaller48)
71done
72kill $!
73wait
74ls -l $mntpoint/work
75
76for i in `jot 6`; do
77	mount | grep -q "on $mntpoint " || break
78	umount $mntpoint && break || sleep 10
79	[ $i -eq 6 ] &&
80	    { echo FATAL; fstat -mf $mntpoint; exit 1; }
81done
82mdconfig -d -u $mdstart
83
84rm -rf /tmp/syzkaller48.c
85exit 0
86