xref: /freebsd/tools/test/stress2/misc/syzkaller38.sh (revision af23369a6deaaeb612ab266eb88b8bb8d560c322) 
1#!/bin/sh
2
3# panic: Assertion (cnp->cn_flags & (LOCKPARENT | WANTPARENT)) == 0 failed at ../../../kern/vfs_lookup.c:490
4# cpuid = 22
5# time = 1620845561
6# KDB: stack backtrace:
7# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01499e7690
8# vpanic() at vpanic+0x181/frame 0xfffffe01499e76e0
9# panic() at panic+0x43/frame 0xfffffe01499e7740
10# namei() at namei+0xb4e/frame 0xfffffe01499e77f0
11# vn_open_cred() at vn_open_cred+0x11d/frame 0xfffffe01499e7960
12# kern_openat() at kern_openat+0x28f/frame 0xfffffe01499e7ac0
13# amd64_syscall() at amd64_syscall+0x147/frame 0xfffffe01499e7bf0
14# fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01499e7bf0
15# --- syscall (0, FreeBSD ELF64, nosys), rip = 0x80038254a, rsp = 0x7fffffffe4f8, rbp = 0x7fffffffe540 ---
16# KDB: enter: panic
17# [ thread pid 2990 tid 100320 ]
18# Stopped at      kdb_enter+0x37: movq    $0,0x12819de(%rip)
19# db> x/s version
20# version: FreeBSD 14.0-CURRENT #0 main-n246600-e681dd3e2c1-dirty: Wed May 12 07:56:58 CEST 2021
21# pho@t2.osted.lan:/usr/src/sys/amd64/compile/PHO\012
22# db>
23
24# Fixed by: 6de3cf14c47d - main - vn_open_cred(): disallow O_CREAT | O_EMPTY_PATH
25
26[ `uname -p` != "amd64" ] && exit 0
27[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1
28
29. ../default.cfg
30cat > /tmp/syzkaller38.c <<EOF
31// https://syzkaller.appspot.com/bug?id=72344b68a3a10a92bf1ef18b0c8286409c81b1c9
32// autogenerated by syzkaller (https://github.com/google/syzkaller)
33// Reported-by: syzbot+dbfd5b122ad66ae9a14b@syzkaller.appspotmail.com
34
35#define _GNU_SOURCE
36
37#include <pwd.h>
38#include <stdarg.h>
39#include <stdbool.h>
40#include <stdint.h>
41#include <stdio.h>
42#include <stdlib.h>
43#include <string.h>
44#include <sys/endian.h>
45#include <sys/syscall.h>
46#include <unistd.h>
47
48int main(void)
49{
50  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul);
51
52  memset((void*)0x20000180, 0, 1);
53  syscall(SYS_open, 0x20000180ul, 0x20c0200ul, 0ul);
54  return 0;
55}
56EOF
57mycc -o /tmp/syzkaller38 -Wall -Wextra -O0 /tmp/syzkaller38.c ||
58    exit 1
59
60(cd /tmp; timeout 3m ./syzkaller38)
61
62rm -rf /tmp/syzkaller38 /tmp/syzkaller38.c /tmp/syzkaller.*
63exit 0
64