diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:12:36 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:12:36 +0000 |
commit | 04d90211ecab6b0ddadadcf6c182f4607b9b72a8 (patch) | |
tree | ebe9c872e416346e4b333e5062da32401c8e0a73 /test/double-poll-crash.c | |
parent | d53db6851ea17b2d219d084e1afc683b8b62b105 (diff) | |
parent | 1d27ff1934c5c4292dc00fba7f7f8ae411ed42f5 (diff) | |
download | liburing-04d90211ecab6b0ddadadcf6c182f4607b9b72a8.tar.gz |
Snap for 10453563 from 1d27ff1934c5c4292dc00fba7f7f8ae411ed42f5 to mainline-uwb-releaseaml_uwb_341710010aml_uwb_341513070aml_uwb_341511050aml_uwb_341310300aml_uwb_341310030aml_uwb_341111010aml_uwb_341011000android14-mainline-uwb-release
Change-Id: Ic34ca4f84d38b3a9593603ab4791da9a91806588
Diffstat (limited to 'test/double-poll-crash.c')
-rw-r--r-- | test/double-poll-crash.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/test/double-poll-crash.c b/test/double-poll-crash.c index 2a012e5..231c7da 100644 --- a/test/double-poll-crash.c +++ b/test/double-poll-crash.c @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: MIT */ // https://syzkaller.appspot.com/bug?id=5c9918d20f771265ad0ffae3c8f3859d24850692 // autogenerated by syzkaller (https://github.com/google/syzkaller) @@ -51,10 +52,14 @@ static long syz_io_uring_setup(volatile long a0, volatile long a1, *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQ_RING); + if (*ring_ptr_out == MAP_FAILED) + exit(0); uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE; *sqes_ptr_out = mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES); + if (*sqes_ptr_out == MAP_FAILED) + exit(0); return fd_io_uring; } @@ -103,21 +108,24 @@ static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2) } } -#ifndef __NR_io_uring_enter -#define __NR_io_uring_enter 426 -#endif - uint64_t r[4] = {0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff}; int main(int argc, char *argv[]) { + void *mmap_ret; +#if !defined(__i386) && !defined(__x86_64__) + return 0; +#endif if (argc > 1) return 0; - mmap((void *)0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); - mmap((void *)0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); - mmap((void *)0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); + mmap_ret = mmap((void *)0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); + if (mmap_ret == MAP_FAILED) + return 0; + mmap_ret = mmap((void *)0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); + if (mmap_ret == MAP_FAILED) + return 0; intptr_t res = 0; *(uint32_t*)0x20000484 = 0; *(uint32_t*)0x20000488 = 0; |