xref: /freebsd/tools/test/stress2/misc/syzkaller2.sh (revision 8a272653d9fbd9fc37691c9aad6a05089b4ecb4d) 
1*8a272653SPeter Holm#!/bin/sh
2*8a272653SPeter Holm
3*8a272653SPeter Holm# panic: mutex pcbinfohash not owned at
4*8a272653SPeter Holm# /syzkaller/managers/main/kernel/sys/netinet6/in6_pcb.c:717
5*8a272653SPeter Holm# cpuid = 0
6*8a272653SPeter Holm# time = 1573247472
7*8a272653SPeter Holm# KDB: stack backtrace:
8*8a272653SPeter Holm# db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
9*8a272653SPeter Holm# 0xfffffe0022a56260
10*8a272653SPeter Holm# vpanic() at vpanic+0x1c7/frame 0xfffffe0022a562d0
11*8a272653SPeter Holm# panic() at panic+0x43/frame 0xfffffe0022a56330
12*8a272653SPeter Holm# __mtx_assert() at __mtx_assert+0x18b/frame 0xfffffe0022a56370
13*8a272653SPeter Holm# in6_pcblookup_local() at in6_pcblookup_local+0x53/frame 0xfffffe0022a563c0
14*8a272653SPeter Holm# in_pcb_lport() at in_pcb_lport+0x3fd/frame 0xfffffe0022a56450
15*8a272653SPeter Holm# in_pcbbind_setup() at in_pcbbind_setup+0x28b/frame 0xfffffe0022a564f0
16*8a272653SPeter Holm# in_pcbconnect_setup() at in_pcbconnect_setup+0x4aa/frame 0xfffffe0022a565b0
17*8a272653SPeter Holm# udp_send() at udp_send+0xee4/frame 0xfffffe0022a566c0
18*8a272653SPeter Holm# udp6_send() at udp6_send+0x4e8/frame 0xfffffe0022a56870
19*8a272653SPeter Holm# sosend_dgram() at sosend_dgram+0x54f/frame 0xfffffe0022a568e0
20*8a272653SPeter Holm# sosend() at sosend+0xc6/frame 0xfffffe0022a56950
21*8a272653SPeter Holm# kern_sendit() at kern_sendit+0x32d/frame 0xfffffe0022a56a00
22*8a272653SPeter Holm# sendit() at sendit+0x226/frame 0xfffffe0022a56a60
23*8a272653SPeter Holm# sys_sendto() at sys_sendto+0x5c/frame 0xfffffe0022a56ac0
24*8a272653SPeter Holm# amd64_syscall() at amd64_syscall+0x473/frame 0xfffffe0022a56bf0
25*8a272653SPeter Holm# fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0022a56bf0
26*8a272653SPeter Holm# --- syscall (0, FreeBSD ELF64, nosys), rip = 0x41c3aa, rsp =
27*8a272653SPeter Holm
28*8a272653SPeter Holm. ../default.cfg
29*8a272653SPeter Holmcat > /tmp/syzkaller2.c <<EOF
30*8a272653SPeter Holm// https://syzkaller.appspot.com/bug?id=062e9fde55f117bec30836a4ef1ef121f51faf23
31*8a272653SPeter Holm// autogenerated by syzkaller (https://github.com/google/syzkaller)
32*8a272653SPeter Holm
33*8a272653SPeter Holm#define _GNU_SOURCE
34*8a272653SPeter Holm
35*8a272653SPeter Holm#include <pwd.h>
36*8a272653SPeter Holm#include <stdarg.h>
37*8a272653SPeter Holm#include <stdbool.h>
38*8a272653SPeter Holm#include <stdint.h>
39*8a272653SPeter Holm#include <stdio.h>
40*8a272653SPeter Holm#include <stdlib.h>
41*8a272653SPeter Holm#include <string.h>
42*8a272653SPeter Holm#include <sys/endian.h>
43*8a272653SPeter Holm#include <sys/syscall.h>
44*8a272653SPeter Holm#include <unistd.h>
45*8a272653SPeter Holm
46*8a272653SPeter Holmuint64_t r[1] = {0xffffffffffffffff};
47*8a272653SPeter Holm
48*8a272653SPeter Holmint main(void)
49*8a272653SPeter Holm{
50*8a272653SPeter Holm  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul);
51*8a272653SPeter Holm  intptr_t res = 0;
52*8a272653SPeter Holm  res = syscall(SYS_socket, 0x1cul, 2ul, 0ul);
53*8a272653SPeter Holm  if (res != -1)
54*8a272653SPeter Holm    r[0] = res;
55*8a272653SPeter Holm  *(uint32_t*)0x200001c0 = 0;
56*8a272653SPeter Holm  syscall(SYS_setsockopt, r[0], 0x29ul, 0x1bul, 0x200001c0ul, 4ul);
57*8a272653SPeter Holm  *(uint8_t*)0x20000100 = 0x1c;
58*8a272653SPeter Holm  *(uint8_t*)0x20000101 = 0x1c;
59*8a272653SPeter Holm  *(uint16_t*)0x20000102 = htobe16(0x4e21);
60*8a272653SPeter Holm  *(uint32_t*)0x20000104 = 0;
61*8a272653SPeter Holm  *(uint8_t*)0x20000108 = 0;
62*8a272653SPeter Holm  *(uint8_t*)0x20000109 = 0;
63*8a272653SPeter Holm  *(uint8_t*)0x2000010a = 0;
64*8a272653SPeter Holm  *(uint8_t*)0x2000010b = 0;
65*8a272653SPeter Holm  *(uint8_t*)0x2000010c = 0;
66*8a272653SPeter Holm  *(uint8_t*)0x2000010d = 0;
67*8a272653SPeter Holm  *(uint8_t*)0x2000010e = 0;
68*8a272653SPeter Holm  *(uint8_t*)0x2000010f = 0;
69*8a272653SPeter Holm  *(uint8_t*)0x20000110 = 0;
70*8a272653SPeter Holm  *(uint8_t*)0x20000111 = 0;
71*8a272653SPeter Holm  *(uint8_t*)0x20000112 = -1;
72*8a272653SPeter Holm  *(uint8_t*)0x20000113 = -1;
73*8a272653SPeter Holm  *(uint8_t*)0x20000114 = 0xac;
74*8a272653SPeter Holm  *(uint8_t*)0x20000115 = 0x14;
75*8a272653SPeter Holm  *(uint8_t*)0x20000116 = 0;
76*8a272653SPeter Holm  *(uint8_t*)0x20000117 = 0xaa;
77*8a272653SPeter Holm  *(uint32_t*)0x20000118 = 0;
78*8a272653SPeter Holm  syscall(SYS_sendto, r[0], 0ul, 0ul, 0ul, 0x20000100ul, 0x1cul);
79*8a272653SPeter Holm  return 0;
80*8a272653SPeter Holm}
81*8a272653SPeter HolmEOF
82*8a272653SPeter Holmmycc -o /tmp/syzkaller2 -Wall -Wextra -O2 /tmp/syzkaller2.c ||
83*8a272653SPeter Holm    exit 1
84*8a272653SPeter Holmrm /tmp/syzkaller2.c
85*8a272653SPeter Holm
86*8a272653SPeter Holm(cd /tmp; ./syzkaller2)
87*8a272653SPeter Holm
88*8a272653SPeter Holmrm -f /tmp/syzkaller2 /tmp/syzkaller2.core
89*8a272653SPeter Holmexit 0
90