chore: autopublish 2025-04-17T01:11:15Z

github-actions[bot] · github-actions[bot] · commit 1d72e6e5d23c · 2025-04-17T01:11:16.000Z
diff --git a/crepros/4036165fc595a74b09b2-12170c04580000.c b/crepros/4036165fc595a74b09b2-12170c04580000.c
@@ -0,0 +1,193 @@
+// https://syzkaller.appspot.com/bug?id=27fe4a84236153b25f0ea48b3e92d53487c6859f
+// autogenerated by syzkaller (https://github.com/google/syzkaller)
+
+#define _GNU_SOURCE
+
+#include <dirent.h>
+#include <endian.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/prctl.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <time.h>
+#include <unistd.h>
+
+static void sleep_ms(uint64_t ms)
+{
+  usleep(ms * 1000);
+}
+
+static uint64_t current_time_ms(void)
+{
+  struct timespec ts;
+  if (clock_gettime(CLOCK_MONOTONIC, &ts))
+    exit(1);
+  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
+}
+
+static bool write_file(const char* file, const char* what, ...)
+{
+  char buf[1024];
+  va_list args;
+  va_start(args, what);
+  vsnprintf(buf, sizeof(buf), what, args);
+  va_end(args);
+  buf[sizeof(buf) - 1] = 0;
+  int len = strlen(buf);
+  int fd = open(file, O_WRONLY | O_CLOEXEC);
+  if (fd == -1)
+    return false;
+  if (write(fd, buf, len) != len) {
+    int err = errno;
+    close(fd);
+    errno = err;
+    return false;
+  }
+  close(fd);
+  return true;
+}
+
+static void kill_and_wait(int pid, int* status)
+{
+  kill(-pid, SIGKILL);
+  kill(pid, SIGKILL);
+  for (int i = 0; i < 100; i++) {
+    if (waitpid(-1, status, WNOHANG | __WALL) == pid)
+      return;
+    usleep(1000);
+  }
+  DIR* dir = opendir("/sys/fs/fuse/connections");
+  if (dir) {
+    for (;;) {
+      struct dirent* ent = readdir(dir);
+      if (!ent)
+        break;
+      if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
+        continue;
+      char abort[300];
+      snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
+               ent->d_name);
+      int fd = open(abort, O_WRONLY);
+      if (fd == -1) {
+        continue;
+      }
+      if (write(fd, abort, 1) < 0) {
+      }
+      close(fd);
+    }
+    closedir(dir);
+  } else {
+  }
+  while (waitpid(-1, status, __WALL) != pid) {
+  }
+}
+
+static void setup_test()
+{
+  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
+  setpgrp();
+  write_file("/proc/self/oom_score_adj", "1000");
+}
+
+static void execute_one(void);
+
+#define WAIT_FLAGS __WALL
+
+static void loop(void)
+{
+  int iter = 0;
+  for (;; iter++) {
+    int pid = fork();
+    if (pid < 0)
+      exit(1);
+    if (pid == 0) {
+      setup_test();
+      execute_one();
+      exit(0);
+    }
+    int status = 0;
+    uint64_t start = current_time_ms();
+    for (;;) {
+      sleep_ms(10);
+      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
+        break;
+      if (current_time_ms() - start < 5000)
+        continue;
+      kill_and_wait(pid, &status);
+      break;
+    }
+  }
+}
+
+uint64_t r[1] = {0xffffffffffffffff};
+
+void execute_one(void)
+{
+  intptr_t res = 0;
+  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
+  }
+  memcpy((void*)0x200000000280, "./file0\000", 8);
+  syscall(__NR_mkdirat, /*fd=*/0xffffff9c, /*path=*/0x200000000280ul,
+          /*mode=S_IWGRP*/ 0x10ul);
+  memcpy((void*)0x200000000140, "./file1\000", 8);
+  syscall(__NR_mkdirat, /*fd=*/0xffffff9c, /*path=*/0x200000000140ul,
+          /*mode=*/0ul);
+  memcpy((void*)0x200000000300, "./bus\000", 6);
+  syscall(__NR_mkdir, /*path=*/0x200000000300ul, /*mode=*/0ul);
+  memcpy((void*)0x2000000000c0, "./bus\000", 6);
+  memcpy((void*)0x200000000340, "overlay\000", 8);
+  memcpy((void*)0x200000000080, "workdir", 7);
+  *(uint8_t*)0x200000000087 = 0x3d;
+  memcpy((void*)0x200000000088, "./bus", 5);
+  *(uint8_t*)0x20000000008d = 0x2c;
+  memcpy((void*)0x20000000008e, "lowerdir", 8);
+  *(uint8_t*)0x200000000096 = 0x3d;
+  memcpy((void*)0x200000000097, "./file0", 7);
+  *(uint8_t*)0x20000000009e = 0x2c;
+  memcpy((void*)0x20000000009f, "upperdir", 8);
+  *(uint8_t*)0x2000000000a7 = 0x3d;
+  memcpy((void*)0x2000000000a8, "./file1", 7);
+  *(uint8_t*)0x2000000000af = 0x2c;
+  *(uint8_t*)0x2000000000b0 = 0;
+  syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x2000000000c0ul,
+          /*type=*/0x200000000340ul, /*flags=*/0ul, /*opts=*/0x200000000080ul);
+  memcpy((void*)0x200000000140, "./bus\000", 6);
+  syscall(__NR_chdir, /*dir=*/0x200000000140ul);
+  memcpy((void*)0x200000000040, "cgroup.freeze\000", 14);
+  res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000040ul,
+                /*flags=*/0x275a, /*mode=*/0);
+  if (res != -1)
+    r[0] = res;
+  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xb36000ul,
+          /*prot=PROT_GROWSDOWN|PROT_WRITE|PROT_READ*/ 0x1000003ul,
+          /*flags=MAP_STACK|MAP_POPULATE|MAP_FIXED|MAP_SHARED*/ 0x28011ul,
+          /*fd=*/r[0], /*offset=*/0ul);
+  syscall(__NR_lseek, /*fd=*/r[0], /*offset=*/5ul, /*whence=SEEK_CUR*/ 1ul);
+}
+int main(void)
+{
+  syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
+          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
+          /*offset=*/0ul);
+  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
+          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
+          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
+          /*offset=*/0ul);
+  syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
+          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
+          /*offset=*/0ul);
+  const char* reason;
+  (void)reason;
+  loop();
+  return 0;
+}
diff --git a/crepros/4036165fc595a74b09b2-1571c7e4580000.c b/crepros/4036165fc595a74b09b2-1571c7e4580000.c
@@ -0,0 +1,72 @@
+// https://syzkaller.appspot.com/bug?id=27fe4a84236153b25f0ea48b3e92d53487c6859f
+// autogenerated by syzkaller (https://github.com/google/syzkaller)
+
+#define _GNU_SOURCE
+
+#include <endian.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+uint64_t r[1] = {0xffffffffffffffff};
+
+int main(void)
+{
+  syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
+          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
+          /*offset=*/0ul);
+  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
+          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
+          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
+          /*offset=*/0ul);
+  syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
+          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
+          /*offset=*/0ul);
+  const char* reason;
+  (void)reason;
+  intptr_t res = 0;
+  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
+  }
+  memcpy((void*)0x200000000280, "./file0\000", 8);
+  syscall(__NR_mkdirat, /*fd=*/0xffffff9c, /*path=*/0x200000000280ul,
+          /*mode=S_IWGRP*/ 0x10ul);
+  memcpy((void*)0x200000000140, "./file1\000", 8);
+  syscall(__NR_mkdirat, /*fd=*/0xffffff9c, /*path=*/0x200000000140ul,
+          /*mode=*/0ul);
+  memcpy((void*)0x200000000300, "./bus\000", 6);
+  syscall(__NR_mkdir, /*path=*/0x200000000300ul, /*mode=*/0ul);
+  memcpy((void*)0x2000000000c0, "./bus\000", 6);
+  memcpy((void*)0x200000000340, "overlay\000", 8);
+  memcpy((void*)0x200000000080, "workdir", 7);
+  *(uint8_t*)0x200000000087 = 0x3d;
+  memcpy((void*)0x200000000088, "./bus", 5);
+  *(uint8_t*)0x20000000008d = 0x2c;
+  memcpy((void*)0x20000000008e, "lowerdir", 8);
+  *(uint8_t*)0x200000000096 = 0x3d;
+  memcpy((void*)0x200000000097, "./file0", 7);
+  *(uint8_t*)0x20000000009e = 0x2c;
+  memcpy((void*)0x20000000009f, "upperdir", 8);
+  *(uint8_t*)0x2000000000a7 = 0x3d;
+  memcpy((void*)0x2000000000a8, "./file1", 7);
+  *(uint8_t*)0x2000000000af = 0x2c;
+  *(uint8_t*)0x2000000000b0 = 0;
+  syscall(__NR_mount, /*src=*/0ul, /*dst=*/0x2000000000c0ul,
+          /*type=*/0x200000000340ul, /*flags=*/0ul, /*opts=*/0x200000000080ul);
+  memcpy((void*)0x200000000140, "./bus\000", 6);
+  syscall(__NR_chdir, /*dir=*/0x200000000140ul);
+  memcpy((void*)0x200000000040, "cgroup.freeze\000", 14);
+  res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000040ul,
+                /*flags=*/0x275a, /*mode=*/0);
+  if (res != -1)
+    r[0] = res;
+  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0xb36000ul,
+          /*prot=PROT_GROWSDOWN|PROT_WRITE|PROT_READ*/ 0x1000003ul,
+          /*flags=MAP_STACK|MAP_POPULATE|MAP_FIXED|MAP_SHARED*/ 0x28011ul,
+          /*fd=*/r[0], /*offset=*/0ul);
+  syscall(__NR_lseek, /*fd=*/r[0], /*offset=*/5ul, /*whence=SEEK_CUR*/ 1ul);
+  return 0;
+}
diff --git a/crepros/c35d73ce910d86c0026e-13ef023f980000.c b/crepros/c35d73ce910d86c0026e-13ef023f980000.c
@@ -0,0 +1,53 @@
+// https://syzkaller.appspot.com/bug?id=3bcd844b287ea67f182e2a87f482f6e8222b9c50
+// autogenerated by syzkaller (https://github.com/google/syzkaller)
+
+#define _GNU_SOURCE
+
+#include <endian.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#ifndef __NR_fsconfig
+#define __NR_fsconfig 431
+#endif
+#ifndef __NR_fsopen
+#define __NR_fsopen 430
+#endif
+
+uint64_t r[1] = {0xffffffffffffffff};
+
+int main(void)
+{
+  syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
+          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
+          /*offset=*/0ul);
+  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
+          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
+          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
+          /*offset=*/0ul);
+  syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
+          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
+          /*offset=*/0ul);
+  const char* reason;
+  (void)reason;
+  intptr_t res = 0;
+  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
+  }
+  memcpy((void*)0x200000000280, "ceph\000", 5);
+  res = syscall(__NR_fsopen, /*type=*/0x200000000280ul,
+                /*flags=FSOPEN_CLOEXEC*/ 1ul);
+  if (res != -1)
+    r[0] = res;
+  memcpy((void*)0x200000000000, "source", 6);
+  memcpy((void*)0x200000000040, "c:::\000", 5);
+  syscall(__NR_fsconfig, /*fd=*/r[0], /*cmd=*/1ul, /*key=*/0x200000000000ul,
+          /*value=*/0x200000000040ul, /*aux=*/0ul);
+  syscall(__NR_fsconfig, /*fd=*/r[0], /*cmd=*/6ul, /*key=*/0ul, /*value=*/0ul,
+          /*aux=*/0ul);
+  return 0;
+}
diff --git a/crepros/f37372d86207b3bb2941-11632a3f980000.c b/crepros/f37372d86207b3bb2941-11632a3f980000.c
