xref: /freebsd/tools/test/stress2/misc/syzkaller72.sh (revision ef777be98543f7daae90bd123d4fc1ec4a54efc2) 
1#!/bin/sh
2
3# panic: sbflush_internal: ccc 0 mb 0xfffff8004eee95f0 mbcnt 0
4# cpuid = 9
5# time = 1704448830
6# KDB: stack backtrace:
7# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe016a2ccb70
8# vpanic() at vpanic+0x131/frame 0xfffffe016a2ccca0
9# panic() at panic+0x43/frame 0xfffffe016a2ccd00
10# sbrelease_internal() at sbrelease_internal+0x7c/frame 0xfffffe016a2ccd20
11# sbrelease() at sbrelease+0x5e/frame 0xfffffe016a2ccd50
12# sorflush() at sorflush+0x66/frame 0xfffffe016a2ccd70
13# soshutdown() at soshutdown+0x105/frame 0xfffffe016a2ccdb0
14# kern_shutdown() at kern_shutdown+0x60/frame 0xfffffe016a2ccdf0
15# ia32_syscall() at ia32_syscall+0x154/frame 0xfffffe016a2ccf30
16# int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xffffdb44
17# KDB: enter: panic
18# [ thread pid 4927 tid 100275 ]
19# Stopped at      : movq    $0,0xe37212(%rip)
20# db> x/s version
21# FreeBSD 15.0-CURRENT #0 main-n267418-24cd5c26fe3e: Fri Jan  5 08:21:43 CET 2024
22# pho@mercat1.netperf.freebsd.org:/usr/src/sys/amd64/compile/PHO
23# db>
24
25[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1
26
27. ../default.cfg
28set -u
29prog=$(basename "$0" .sh)
30cat > /tmp/$prog.c <<EOF
31// https://syzkaller.appspot.com/bug?id=a9e90e96743f3e20b4a66d9d0d4c08c57ea8cc7f
32// autogenerated by syzkaller (https://github.com/google/syzkaller)
33// Reported-by: syzbot+a58e1615881c01a51653@syzkaller.appspotmail.com
34
35#define _GNU_SOURCE
36
37#include <pwd.h>
38#include <stdarg.h>
39#include <stdbool.h>
40#include <stdint.h>
41#include <stdio.h>
42#include <stdlib.h>
43#include <string.h>
44#include <sys/endian.h>
45#include <sys/syscall.h>
46#include <unistd.h>
47
48uint64_t r[1] = {0xffffffffffffffff};
49
50int main(void)
51{
52  syscall(SYS_mmap, /*addr=*/0x10000000, /*len=*/0x1000000, /*prot=*/7,
53          /*flags=*/0x1012, /*fd=*/-1, /*offset=*/0);
54  intptr_t res = 0;
55  res = syscall(SYS_socket, /*domain=*/0x26, /*type=*/2, /*proto=*/0);
56  if (res != -1)
57    r[0] = res;
58  syscall(SYS_shutdown, /*fd=*/(intptr_t)r[0], /*how=*/0);
59  return 0;
60}
61EOF
62mycc -o /tmp/$prog -m32 -Wall -Wextra -O0 /tmp/$prog.c -lpthread || exit 1
63
64start=`date +%s`
65while [ $((`date +%s` - start)) -lt 120 ]; do
66	timeout 3m /tmp/$prog
67done
68
69rm -rf /tmp/$prog /tmp/$prog.c /tmp/$prog.core
70exit 0
71