1 /* SPDX-License-Identifier: MIT */ 2 /* 3 * Description: trigger segfault. A recent 6.4-rc kernel introduced a bug 4 * via vhost where segfaults for applications using io_uring 5 * would hang in D state forever upon trying to generate the 6 * core file. Perform a trivial test where a child process 7 * generates a NULL pointer dereference and ensure that we don't 8 * hang. 9 * 10 */ 11 #include <stdio.h> 12 #include <stdlib.h> 13 #include <unistd.h> 14 #include <sys/wait.h> 15 16 #include "liburing.h" 17 #include "helpers.h" 18 test(void)19static void test(void) 20 { 21 struct io_uring_sqe *sqe; 22 struct io_uring ring; 23 int *ptr = NULL; 24 int fds[2]; 25 char r1; 26 27 if (pipe(fds) < 0) { 28 perror("pipe"); 29 exit(0); 30 } 31 32 io_uring_queue_init(8, &ring, 0); 33 34 sqe = io_uring_get_sqe(&ring); 35 io_uring_prep_read(sqe, fds[0], &r1, sizeof(r1), 0); 36 sqe->flags = IOSQE_ASYNC; 37 sqe->user_data = 1; 38 39 io_uring_submit(&ring); 40 *ptr = 0; 41 exit(0); 42 } 43 main(int argc,char * argv[])44int main(int argc, char *argv[]) 45 { 46 pid_t pid; 47 int wstat; 48 49 pid = fork(); 50 if (pid < 0) { 51 perror("fork"); 52 return T_EXIT_SKIP; 53 } else if (!pid) { 54 test(); 55 } 56 57 wait(&wstat); 58 unlink("core"); 59 return T_EXIT_PASS; 60 } 61