xref: /freebsd/tools/test/stress2/misc/syzkaller81.sh (revision d6ee73e5ad271638d54932479b7f2a31e74e78ad) 
1#!/bin/sh
2
3# panic: kern_clock_gettime: 22
4# cpuid = 1
5# time = 1750181240
6# KDB: stack backtrace:
7# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01a6084ba0
8# vpanic() at vpanic+0x136/frame 0xfffffe01a6084cd0
9# panic() at panic+0x43/frame 0xfffffe01a6084d30
10# kern_clock_nanosleep() at kern_clock_nanosleep+0x38f/frame 0xfffffe01a6084db0
11# sys_clock_nanosleep() at sys_clock_nanosleep+0x49/frame 0xfffffe01a6084e00
12# amd64_syscall() at amd64_syscall+0x169/frame 0xfffffe01a6084f30
13# fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01a6084f30
14# --- syscall (0, FreeBSD ELF64, syscall), rip = 0x8233d281a, rsp = 0x820bfb2b8, rbp = 0x820bfb2e0 ---
15# KDB: enter: panic
16# [ thread pid 26119 tid 104417 ]
17# Stopped at      kdb_enter+0x33: movq    $0,0x122a7b2(%rip)
18# db> x/s version
19# version: FreeBSD 15.0-CURRENT #1 ufs-n278031-3296ff02387b: Tue Jun 17 16:40:44 CEST 2025
20# pho@mercat1.netperf.freebsd.org:/var/tmp/deviant3/sys/amd64/compile/PHO
21# db>
22
23[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1
24
25. ../default.cfg
26set -u
27prog=$(basename "$0" .sh)
28cat > /tmp/$prog.c <<EOF
29// https://syzkaller.appspot.com/bug?id=5eb7636bc26fcbd20412de35ec10944233b8577d
30// autogenerated by syzkaller (https://github.com/google/syzkaller)
31// syzbot+e17e46b1f0b65027b005@syzkaller.appspotmail.com
32
33#define _GNU_SOURCE
34
35#include <pwd.h>
36#include <stdarg.h>
37#include <stdbool.h>
38#include <stdint.h>
39#include <stdio.h>
40#include <stdlib.h>
41#include <string.h>
42#include <sys/endian.h>
43#include <sys/syscall.h>
44#include <unistd.h>
45
46int main(void)
47{
48  syscall(SYS_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
49          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
50          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x1012ul,
51          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
52  const char* reason;
53  (void)reason;
54  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
55  }
56  *(uint64_t*)0x200000000040 = 0x10000000000;
57  *(uint64_t*)0x200000000048 = 0x4000000;
58  syscall(SYS_clock_nanosleep, /*id=*/0x10ul, /*flags=TIMER_ABSTIME*/ 1ul,
59          /*rqtp=*/0x200000000040ul, /*rmtp=*/0ul);
60  return 0;
61}
62EOF
63mycc -o /tmp/$prog -Wall -Wextra -O0 /tmp/$prog.c || exit 1
64
65work=/tmp/$prog.dir
66rm -rf $work
67mkdir $work
68cd /tmp/$prog.dir
69timeout 3m /tmp/$prog > /dev/null 2>&1
70
71rm -rf /tmp/$prog /tmp/$prog.c /tmp/$prog.core /tmp/$prog.?????? $work
72exit 0
73