1*ef777be9SPeter Holm#!/bin/sh 2*ef777be9SPeter Holm 3*ef777be9SPeter Holm# panic: sbflush_internal: ccc 0 mb 0xfffff8004eee95f0 mbcnt 0 4*ef777be9SPeter Holm# cpuid = 9 5*ef777be9SPeter Holm# time = 1704448830 6*ef777be9SPeter Holm# KDB: stack backtrace: 7*ef777be9SPeter Holm# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe016a2ccb70 8*ef777be9SPeter Holm# vpanic() at vpanic+0x131/frame 0xfffffe016a2ccca0 9*ef777be9SPeter Holm# panic() at panic+0x43/frame 0xfffffe016a2ccd00 10*ef777be9SPeter Holm# sbrelease_internal() at sbrelease_internal+0x7c/frame 0xfffffe016a2ccd20 11*ef777be9SPeter Holm# sbrelease() at sbrelease+0x5e/frame 0xfffffe016a2ccd50 12*ef777be9SPeter Holm# sorflush() at sorflush+0x66/frame 0xfffffe016a2ccd70 13*ef777be9SPeter Holm# soshutdown() at soshutdown+0x105/frame 0xfffffe016a2ccdb0 14*ef777be9SPeter Holm# kern_shutdown() at kern_shutdown+0x60/frame 0xfffffe016a2ccdf0 15*ef777be9SPeter Holm# ia32_syscall() at ia32_syscall+0x154/frame 0xfffffe016a2ccf30 16*ef777be9SPeter Holm# int0x80_syscall_common() at int0x80_syscall_common+0x9c/frame 0xffffdb44 17*ef777be9SPeter Holm# KDB: enter: panic 18*ef777be9SPeter Holm# [ thread pid 4927 tid 100275 ] 19*ef777be9SPeter Holm# Stopped at : movq $0,0xe37212(%rip) 20*ef777be9SPeter Holm# db> x/s version 21*ef777be9SPeter Holm# FreeBSD 15.0-CURRENT #0 main-n267418-24cd5c26fe3e: Fri Jan 5 08:21:43 CET 2024 22*ef777be9SPeter Holm# pho@mercat1.netperf.freebsd.org:/usr/src/sys/amd64/compile/PHO 23*ef777be9SPeter Holm# db> 24*ef777be9SPeter Holm 25*ef777be9SPeter Holm[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1 26*ef777be9SPeter Holm 27*ef777be9SPeter Holm. ../default.cfg 28*ef777be9SPeter Holmset -u 29*ef777be9SPeter Holmprog=$(basename "$0" .sh) 30*ef777be9SPeter Holmcat > /tmp/$prog.c <<EOF 31*ef777be9SPeter Holm// https://syzkaller.appspot.com/bug?id=a9e90e96743f3e20b4a66d9d0d4c08c57ea8cc7f 32*ef777be9SPeter Holm// autogenerated by syzkaller (https://github.com/google/syzkaller) 33*ef777be9SPeter Holm// Reported-by: syzbot+a58e1615881c01a51653@syzkaller.appspotmail.com 34*ef777be9SPeter Holm 35*ef777be9SPeter Holm#define _GNU_SOURCE 36*ef777be9SPeter Holm 37*ef777be9SPeter Holm#include <pwd.h> 38*ef777be9SPeter Holm#include <stdarg.h> 39*ef777be9SPeter Holm#include <stdbool.h> 40*ef777be9SPeter Holm#include <stdint.h> 41*ef777be9SPeter Holm#include <stdio.h> 42*ef777be9SPeter Holm#include <stdlib.h> 43*ef777be9SPeter Holm#include <string.h> 44*ef777be9SPeter Holm#include <sys/endian.h> 45*ef777be9SPeter Holm#include <sys/syscall.h> 46*ef777be9SPeter Holm#include <unistd.h> 47*ef777be9SPeter Holm 48*ef777be9SPeter Holmuint64_t r[1] = {0xffffffffffffffff}; 49*ef777be9SPeter Holm 50*ef777be9SPeter Holmint main(void) 51*ef777be9SPeter Holm{ 52*ef777be9SPeter Holm syscall(SYS_mmap, /*addr=*/0x10000000, /*len=*/0x1000000, /*prot=*/7, 53*ef777be9SPeter Holm /*flags=*/0x1012, /*fd=*/-1, /*offset=*/0); 54*ef777be9SPeter Holm intptr_t res = 0; 55*ef777be9SPeter Holm res = syscall(SYS_socket, /*domain=*/0x26, /*type=*/2, /*proto=*/0); 56*ef777be9SPeter Holm if (res != -1) 57*ef777be9SPeter Holm r[0] = res; 58*ef777be9SPeter Holm syscall(SYS_shutdown, /*fd=*/(intptr_t)r[0], /*how=*/0); 59*ef777be9SPeter Holm return 0; 60*ef777be9SPeter Holm} 61*ef777be9SPeter HolmEOF 62*ef777be9SPeter Holmmycc -o /tmp/$prog -m32 -Wall -Wextra -O0 /tmp/$prog.c -lpthread || exit 1 63*ef777be9SPeter Holm 64*ef777be9SPeter Holmstart=`date +%s` 65*ef777be9SPeter Holmwhile [ $((`date +%s` - start)) -lt 120 ]; do 66*ef777be9SPeter Holm timeout 3m /tmp/$prog 67*ef777be9SPeter Holmdone 68*ef777be9SPeter Holm 69*ef777be9SPeter Holmrm -rf /tmp/$prog /tmp/$prog.c /tmp/$prog.core 70*ef777be9SPeter Holmexit 0 71