// autogenerated by syzkaller (http://github.com/google/syzkaller)#define _G

1. // autogenerated by syzkaller (http://github.com/google/syzkaller)
2.  
3. #define _GNU_SOURCE
4.  
5. #include <sys/syscall.h>
6. #include <unistd.h>
7. #include <errno.h>
8. #include <signal.h>
9. #include <stdarg.h>
10. #include <stdio.h>
11. #include <sys/time.h>
12. #include <sys/wait.h>
13. #include <time.h>
14. #include <sys/prctl.h>
15.  
16. __attribute__((noreturn)) static void doexit(int status)
17. {
18. volatile unsigned i;
19. syscall(__NR_exit_group, status);
20. for (i = 0;; i++) {
21. }
22. }
23. #define NORETURN __attribute__((noreturn))
24.  
25. #include <stdint.h>
26. #include <string.h>
27.  
28. const int kFailStatus = 67;
29. const int kRetryStatus = 69;
30.  
31. NORETURN static void fail(const char* msg, ...)
32. {
33. int e = errno;
34. fflush(stdout);
35. va_list args;
36. va_start(args, msg);
37. vfprintf(stderr, msg, args);
38. va_end(args);
39. fprintf(stderr, " (errno %d)\n", e);
40. doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus);
41. }
42.  
43. NORETURN static void exitf(const char* msg, ...)
44. {
45. int e = errno;
46. fflush(stdout);
47. va_list args;
48. va_start(args, msg);
49. vfprintf(stderr, msg, args);
50. va_end(args);
51. fprintf(stderr, " (errno %d)\n", e);
52. doexit(kRetryStatus);
53. }
54.  
55. static uint64_t current_time_ms()
56. {
57. struct timespec ts;
58.  
59. if (clock_gettime(CLOCK_MONOTONIC, &ts))
60. fail("clock_gettime failed");
61. return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
62. }
63.  
64. static void test();
65.  
66. void loop()
67. {
68. int iter;
69. for (iter = 0;; iter++) {
70. int pid = fork();
71. if (pid < 0)
72. fail("clone failed");
73. if (pid == 0) {
74. prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
75. setpgrp();
76. test();
77. doexit(0);
78. }
79. int status = 0;
80. uint64_t start = current_time_ms();
81. for (;;) {
82. int res = waitpid(-1, &status, __WALL | WNOHANG);
83. if (res == pid)
84. break;
85. usleep(1000);
86. if (current_time_ms() - start > 5 * 1000) {
87. kill(-pid, SIGKILL);
88. kill(pid, SIGKILL);
89. while (waitpid(-1, &status, __WALL) != pid) {
90. }
91. break;
92. }
93. }
94. }
95. }
96.  
97. long r[28];
98. void test()
99. {
100. memset(r, -1, sizeof(r));
101. r[0] = syscall(__NR_mmap, 0x20000000ul, 0x3b8000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul);
102. r[1] = syscall(__NR_socket, 0x2ul, 0x1ul, 0x0ul);
103. *(uint16_t*)0x200007b6 = (uint16_t)0x2;
104. *(uint16_t*)0x200007b8 = (uint16_t)0x234e;
105. *(uint32_t*)0x200007ba = (uint32_t)0x0;
106. *(uint8_t*)0x200007be = (uint8_t)0x0;
107. *(uint8_t*)0x200007bf = (uint8_t)0x0;
108. *(uint8_t*)0x200007c0 = (uint8_t)0x0;
109. *(uint8_t*)0x200007c1 = (uint8_t)0x0;
110. *(uint8_t*)0x200007c2 = (uint8_t)0x0;
111. *(uint8_t*)0x200007c3 = (uint8_t)0x0;
112. *(uint8_t*)0x200007c4 = (uint8_t)0x0;
113. *(uint8_t*)0x200007c5 = (uint8_t)0x0;
114. r[13] = syscall(__NR_bind, r[1], 0x200007b6ul, 0x10ul);
115. r[14] = syscall(__NR_listen, r[1], 0x0ul);
116. r[15] = syscall(__NR_socket, 0x2ul, 0x1ul, 0x0ul);
117. *(uint16_t*)0x200008e6 = (uint16_t)0x2;
118. *(uint16_t*)0x200008e8 = (uint16_t)0x234e;
119. *(uint32_t*)0x200008ea = (uint32_t)0x100007f;
120. *(uint8_t*)0x200008ee = (uint8_t)0x0;
121. *(uint8_t*)0x200008ef = (uint8_t)0x0;
122. *(uint8_t*)0x200008f0 = (uint8_t)0x0;
123. *(uint8_t*)0x200008f1 = (uint8_t)0x0;
124. *(uint8_t*)0x200008f2 = (uint8_t)0x0;
125. *(uint8_t*)0x200008f3 = (uint8_t)0x0;
126. *(uint8_t*)0x200008f4 = (uint8_t)0x0;
127. *(uint8_t*)0x200008f5 = (uint8_t)0x0;
128. r[27] = syscall(__NR_connect, r[15], 0x200008e6ul, 0x10ul);
129. }
130.  
131. int main()
132. {
133. int i; for (i = 0; i < 8; i++) {
134. if (fork() == 0) {
135. loop();
136. return 0;
137. }
138. }
139. sleep(1000000);
140. return 0;
141. }