xref: /freebsd/tools/test/stress2/misc/syzkaller62.sh (revision 4d846d26) 
1#!/bin/sh
2
3# panic: Assertion sb->sb_hiwat >= sb->uxdg_cc failed at ../../../kern/uipc_usrreq.c:1099
4# cpuid = 9
5# time = 1660909804
6# KDB: stack backtrace:
7# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01401e7970
8# vpanic() at vpanic+0x151/frame 0xfffffe01401e79c0
9# panic() at panic+0x43/frame 0xfffffe01401e7a20
10# uipc_dgram_sbspace() at uipc_dgram_sbspace+0x51/frame 0xfffffe01401e7a30
11# uipc_sosend_dgram() at uipc_sosend_dgram+0x690/frame 0xfffffe01401e7ac0
12# sosend() at sosend+0x49/frame 0xfffffe01401e7af0
13# soo_write() at soo_write+0x43/frame 0xfffffe01401e7b20
14# filemon_close_log() at filemon_close_log+0xd5/frame 0xfffffe01401e7b90
15# filemon_dtr() at filemon_dtr+0x31/frame 0xfffffe01401e7bb0
16# devfs_destroy_cdevpriv() at devfs_destroy_cdevpriv+0xab/frame 0xfffffe01401e7bd0
17# devfs_close_f() at devfs_close_f+0x64/frame 0xfffffe01401e7c00
18# _fdrop() at _fdrop+0x1b/frame 0xfffffe01401e7c20
19# closef() at closef+0x1db/frame 0xfffffe01401e7cb0
20# fdescfree() at fdescfree+0x433/frame 0xfffffe01401e7d80
21# exit1() at exit1+0x4df/frame 0xfffffe01401e7df0
22# sys_exit() at sys_exit+0xd/frame 0xfffffe01401e7e00
23# amd64_syscall() at amd64_syscall+0x145/frame 0xfffffe01401e7f30
24# fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01401e7f30
25# --- syscall (1, FreeBSD ELF64, sys_exit), rip = 0x82301d16a, rsp = 0x8209bf628, rbp = 0x8209bf640 ---
26# KDB: enter: panic
27# [ thread pid 2876 tid 100222 ]
28# Stopped at      x32: movq    $0,0x12a1323(%rip)
29# db> x/s version
30# version: FreeBSD 14.0-CURRENT #0 main-n257506-eed634d113d-dirty: Thu Aug 18 13:56:53 CEST 2022
31# pho@mercat1.netperf.freebsd.org:/usr/src/sys/amd64/compile/PHO\012
32# db>
33
34. ../default.cfg
35cat > /tmp/syzkaller62.c <<EOF
36// https://syzkaller.appspot.com/bug?id=582310beb894769fc836748eec49b8d2f905e5ef
37// autogenerated by syzkaller (https://github.com/google/syzkaller)
38// Reported-by: syzbot+6e8be1ec8d77578a3df4@syzkaller.appspotmail.com
39
40#define _GNU_SOURCE
41
42#include <pwd.h>
43#include <stdarg.h>
44#include <stdbool.h>
45#include <stdint.h>
46#include <stdio.h>
47#include <stdlib.h>
48#include <string.h>
49#include <sys/endian.h>
50#include <sys/syscall.h>
51#include <unistd.h>
52
53uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};
54
55int main(void)
56{
57  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul);
58  intptr_t res = 0;
59  memcpy((void*)0x20000040, "/dev/filemon\000", 13);
60  res = syscall(SYS_openat, 0xffffffffffffff9cul, 0x20000040ul, 0ul, 0ul);
61  if (res != -1)
62    r[0] = res;
63  res = syscall(SYS_socketpair, 1ul, 2ul, 0, 0x20000080ul);
64  if (res != -1)
65    r[1] = *(uint32_t*)0x20000084;
66  *(uint32_t*)0x200000c0 = r[1];
67  syscall(SYS_ioctl, r[0], 0xc0045301ul, 0x200000c0ul);
68  *(uint32_t*)0x20000040 = 3;
69  syscall(SYS_setsockopt, r[1], 0xffff, 0x1001, 0x20000040ul, 4ul);
70  return 0;
71}
72EOF
73mycc -o /tmp/syzkaller62 -Wall -Wextra -O0 /tmp/syzkaller62.c || exit 1
74
75kldstat | grep -q filemon   || { kldload filemon.ko && loaded=1; }
76
77(cd /tmp; timeout -k 3s 2s ./syzkaller62)
78
79rm -rf /tmp/syzkaller62 /tmp/syzkaller62.c /tmp/syzkaller62.core \
80    /tmp/syzkaller.??????
81# Unload causes: Fatal trap 12: page fault while in kernel mode
82#[ $loaded ] && kldunload -f filemon.ko
83exit 0
84