xref: /freebsd/tools/test/stress2/misc/syzkaller63.sh (revision bbe0def9b079e929c1920b00e60b713dbb6b7474) 
1*bbe0def9SPeter Holm#!/bin/sh
2*bbe0def9SPeter Holm
3*bbe0def9SPeter Holm# Fatal trap 12: page fault while in kernel mode
4*bbe0def9SPeter Holm# cpuid = 1; apic id = 01
5*bbe0def9SPeter Holm# fault virtual address   = 0x20
6*bbe0def9SPeter Holm# fault code              = supervisor read data, page not present
7*bbe0def9SPeter Holm# instruction pointer     = 0x20:0xfa1a2c
8*bbe0def9SPeter Holm# stack pointer           = 0x28:0x27a41a80
9*bbe0def9SPeter Holm# frame pointer           = 0x28:0x27a41a98
10*bbe0def9SPeter Holm# code segment            = base 0x0, limit 0xfffff, type 0x1b
11*bbe0def9SPeter Holm#                         = DPL 0, pres 1, def32 1, gran 1
12*bbe0def9SPeter Holm# processor eflags        = interrupt enabled, resume, IOPL = 0
13*bbe0def9SPeter Holm# current process         = 804 (syzkaller63)
14*bbe0def9SPeter Holm# trap number             = 12
15*bbe0def9SPeter Holm# panic: page fault
16*bbe0def9SPeter Holm# cpuid = 1
17*bbe0def9SPeter Holm# time = 1675071979
18*bbe0def9SPeter Holm# KDB: stack backtrace:
19*bbe0def9SPeter Holm# db_trace_self_wrapper(d,2048e3a0,27a41a40,20,c,...) at db_trace_self_wrapper+0x28/frame 0x27a418d0
20*bbe0def9SPeter Holm# vpanic(146c355,27a4190c,27a4190c,27a41938,141f1d6,...) at vpanic+0xf4/frame 0x27a418ec
21*bbe0def9SPeter Holm# panic(146c355,15010e8,0,fffff,1dfc39b,...) at panic+0x14/frame 0x27a41900
22*bbe0def9SPeter Holm# trap_fatal(2048e3a0,2048e3a0,27a4196c,1008e0a,18cd6638,...) at trap_fatal+0x346/frame 0x27a41938
23*bbe0def9SPeter Holm# trap_pfault(20,0,0) at trap_pfault+0x6f/frame 0x27a4196c
24*bbe0def9SPeter Holm# trap(27a41a40,8,28,28,0,...) at trap+0x31b/frame 0x27a41a34
25*bbe0def9SPeter Holm# calltrap() at 0xffc0321f/frame 0x27a41a34
26*bbe0def9SPeter Holm# --- trap 0xc, eip = 0xfa1a2c, esp = 0x27a41a80, ebp = 0x27a41a98 ---
27*bbe0def9SPeter Holm# kern_cpuset_getid(141f60e,0,9,0,0,0) at kern_cpuset_getid+0x10c/frame 0x27a41a98
28*bbe0def9SPeter Holm# sys_cpuset_getid(2048e3a0,2048e644,2048e3a0,2048e3a0,27a41b9c,...) at sys_cpuset_getid+0x32/frame 0x27a41ac0
29*bbe0def9SPeter Holm# syscall(27a41ba8,3b,3b,3b,ffbfe9fc,...) at syscall+0x1ef/frame 0x27a41b9c
30*bbe0def9SPeter Holm# Xint0x80_syscall() at 0xffc03479/frame 0x27a41b9c
31*bbe0def9SPeter Holm# --- syscall (486, FreeBSD ELF32, cpuset_getid), eip = 0x2056317d, esp = 0xffbfe990, ebp = 0xffbfe9b0 ---
32*bbe0def9SPeter Holm# KDB: enter: panic
33*bbe0def9SPeter Holm# [ thread pid 804 tid 100092 ]
34*bbe0def9SPeter Holm# Stopped at      kdb_enter+0x34: movl    $0,kdb_why
35*bbe0def9SPeter Holm# db> x/s version
36*bbe0def9SPeter Holm# version: FreeBSD 14.0-CURRENT #0 main-n260354-34b867ca30479: Mon Jan 30 07:26:30 CET 2023
37*bbe0def9SPeter Holm# pho@mercat1.netperf.freebsd.org:/mnt25/obj/usr/src/i386.i386/sys/PHO
38*bbe0def9SPeter Holm# db>
39*bbe0def9SPeter Holm
40*bbe0def9SPeter Holm. ../default.cfg
41*bbe0def9SPeter Holmprog=$(basename "$0" .sh)
42*bbe0def9SPeter Holm[ `uname -p` = "i386" ] || exit 0
43*bbe0def9SPeter Holm
44*bbe0def9SPeter Holmcat > /tmp/$prog.c <<EOF
45*bbe0def9SPeter Holm// https://syzkaller.appspot.com/bug?id=69dd3c8d867306dd9f97e2dae6ab1557fd8d2679
46*bbe0def9SPeter Holm// autogenerated by syzkaller (https://github.com/google/syzkaller)
47*bbe0def9SPeter Holm// Reported-by: syzbot+331e8402e0f7347f0f2a@syzkaller.appspotmail.com
48*bbe0def9SPeter Holm
49*bbe0def9SPeter Holm#define _GNU_SOURCE
50*bbe0def9SPeter Holm
51*bbe0def9SPeter Holm#include <pwd.h>
52*bbe0def9SPeter Holm#include <stdarg.h>
53*bbe0def9SPeter Holm#include <stdbool.h>
54*bbe0def9SPeter Holm#include <stdint.h>
55*bbe0def9SPeter Holm#include <stdio.h>
56*bbe0def9SPeter Holm#include <stdlib.h>
57*bbe0def9SPeter Holm#include <string.h>
58*bbe0def9SPeter Holm#include <sys/endian.h>
59*bbe0def9SPeter Holm#include <sys/syscall.h>
60*bbe0def9SPeter Holm#include <unistd.h>
61*bbe0def9SPeter Holm
62*bbe0def9SPeter Holmint main(void)
63*bbe0def9SPeter Holm{
64*bbe0def9SPeter Holm  syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0);
65*bbe0def9SPeter Holm  syscall(SYS_cpuset_getid, 0, 9, 0ull, 0);
66*bbe0def9SPeter Holm  return 0;
67*bbe0def9SPeter Holm}
68*bbe0def9SPeter HolmEOF
69*bbe0def9SPeter Holmmycc -o /tmp/$prog -Wall -Wextra -O0 /tmp/$prog.c || exit 1
70*bbe0def9SPeter Holm
71*bbe0def9SPeter Holm(cd /tmp; timeout -k 3s 2s ./$prog)
72*bbe0def9SPeter Holm
73*bbe0def9SPeter Holmrm -rf /tmp/$prog /tmp/$prog.c /tmp/$prog.core \
74*bbe0def9SPeter Holm    /tmp/syzkaller.??????
75*bbe0def9SPeter Holmexit 0
76