From nobody Tue Apr 05 08:48:00 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5A96B1A85F7F; Tue, 5 Apr 2022 08:48:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KXh9r1vmNz4hQp; Tue, 5 Apr 2022 08:48:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649148480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0tq2WSlSmF6bju+e+9dcY9q+w70Pu8X7NaLq/8kaXVA=; b=QPQoGRjzJLa9D2+RdJl9biUgos55XD/ewV/4Fh2IUzqp+AYAss/raFPAMhg4D5J7J4HAPy CUaUv22/mZGVvXQKEECkqrcTMgyT3000E3VMk+OTyO86tHfIQxqVfRyOLEoOKwEM4Sp7Jl GDfISVsrraIzcl/bOc0nX1LKbDpDVKLFYRDBga2fmzOjr16rs7KSDI2OhqTozRgxvpB4nL /TRsMGfRsqhnmGuORvCjynOjbR73bp3A3VGq2y4uFf3K8NgGFEJyRzwL7xX1NwbZ6vOVtd 2gYN6HoIA55kWfjETG3+ol1KhqG1zCXSNWcekXX8Zsmd220MWOvYg5et8OyZqQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 227AB2337B; Tue, 5 Apr 2022 08:48:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2358m0Nk046583; Tue, 5 Apr 2022 08:48:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2358m0Sj046582; Tue, 5 Apr 2022 08:48:00 GMT (envelope-from git) Date: Tue, 5 Apr 2022 08:48:00 GMT Message-Id: <202204050848.2358m0Sj046582@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Peter Holm Subject: git: 7c1baa8ab3f5 - main - stress2: Added a syzkaller reproducer List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: pho X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7c1baa8ab3f50a7ad5980b2f4bd9dba4c326d946 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1649148480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0tq2WSlSmF6bju+e+9dcY9q+w70Pu8X7NaLq/8kaXVA=; b=ZjpLEP0AyhpR/q7sYtzMvcTLA/YpZXxd/GYlxWQZBjH70mFOj5kAErtJHAkDy12LaPDymI n0wdLn6vPYfal3QyjuNWm0NPBfm95aiNPWx5FTs8T7O/ukswbBtHhWdBf6uHLVQOsbc+nU lnUsSAaPi/rQZ6OieF63fkNvOBmWhv4HErOcG/H9cHheYg/40hSJ98+0Y2KpUSqyMlx4V+ cN01MY4PDakAYTTg/Tmq1I+22bSOfYtIvSIG9eCh5iinQCjjApILBnoonmbZ11uPhJHPGk F+Gz9JQqkbcgzkGZY79dsiKFo3YyWimMJsuY+5dafj2srK7E7AE+t46bC0rFGg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1649148480; a=rsa-sha256; cv=none; b=ZKIC4zFi9eIRsLNLVpK9T9fuxaZJsTE8Tvxy/n5B7pWSL01ApTxInXxQtLn3Kl5U86i3NS bAy5DX1H6AqeUJ1wEncxhDxLa1wjgT+CMwvxCzrGqbI6Xgs3QzIPe2BLz6wG5Toh8bvEjq Dbu6ZY4DRjRyGkKvQ0ArBApZVBbZS6qGZU/yuoeh3TzCEilR9sW2yp5LRUwpg5B5+LZ4Xl 48kWUtjS4Pj0deXV60Q3+1qlgO/dvIP6xGIYs0mEi86djvmlLaWxhc9y1EBkijCdQVPrmM 3u54ILDyAe431nsJIlXB3TwFhHt8/y/SNMT+z757hSC/NNNCVUUMmzPo4wuriA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by pho: URL: https://cgit.FreeBSD.org/src/commit/?id=7c1baa8ab3f50a7ad5980b2f4bd9dba4c326d946 commit 7c1baa8ab3f50a7ad5980b2f4bd9dba4c326d946 Author: Peter Holm AuthorDate: 2022-04-05 08:47:27 +0000 Commit: Peter Holm CommitDate: 2022-04-05 08:47:27 +0000 stress2: Added a syzkaller reproducer --- tools/test/stress2/misc/all.exclude | 1 + tools/test/stress2/misc/syzkaller50.sh | 169 +++++++++++++++++++++++++++++++++ 2 files changed, 170 insertions(+) diff --git a/tools/test/stress2/misc/all.exclude b/tools/test/stress2/misc/all.exclude index 67c9fa787ba9..b951e0763ff2 100644 --- a/tools/test/stress2/misc/all.exclude +++ b/tools/test/stress2/misc/all.exclude @@ -75,6 +75,7 @@ syzkaller42.sh WiP 20210613 syzkaller43.sh WiP 20210906 syzkaller46.sh WiP 20210925 syzkaller47.sh WiP 20210925 +syzkaller50.sh panic: Assertion done != job_total_nbytes failed at ... 20220405 truss3.sh WiP 20200915 unionfs9.sh https://people.freebsd.org/~pho/stress/log/log0226.txt 20220111 unionfs14.sh WiP 20220111 diff --git a/tools/test/stress2/misc/syzkaller50.sh b/tools/test/stress2/misc/syzkaller50.sh new file mode 100755 index 000000000000..4acc144503b9 --- /dev/null +++ b/tools/test/stress2/misc/syzkaller50.sh @@ -0,0 +1,169 @@ +#!/bin/sh + +# panic: Assertion done != job_total_nbytes failed at ../../../kern/sys_socket.c:670 +# cpuid = 10 +# time = 1649059964 +# KDB: stack backtrace: +# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe069a27fd70 +# vpanic() at vpanic+0x17f/frame 0xfffffe069a27fdc0 +# panic() at panic+0x43/frame 0xfffffe069a27fe20 +# soaio_process_sb() at soaio_process_sb+0x751/frame 0xfffffe069a27feb0 +# soaio_kproc_loop() at soaio_kproc_loop+0xa9/frame 0xfffffe069a27fef0 +# fork_exit() at fork_exit+0x80/frame 0xfffffe069a27ff30 +# fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe069a27ff30 +# --- trap 0xc, rip = 0x36633df4a5ca, rsp = 0x36633cd66d98, rbp = 0x36633cd66db0 --- +# KDB: enter: panic +# [ thread pid 36460 tid 546462 ] +# Stopped at kdb_enter+0x37: movq $0,0x127b48e(%rip) +# db> x/s version +# version: FreeBSD 14.0-CURRENT #0 main-n254248-88b3e65fcff2a: Sun Apr 3 11:21:34 CEST 2022\012 pho@mercat1.netperf.freebsd.org:/usr/src/sys/amd64/compile/PHO\012 +# db> + +[ `uname -p` != "amd64" ] && exit 0 + +. ../default.cfg +cat > /tmp/syzkaller50.c < + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void kill_and_wait(int pid, int* status) +{ + kill(pid, SIGKILL); + while (waitpid(-1, status, 0) != pid) { + } +} + +static void sleep_ms(uint64_t ms) +{ + usleep(ms * 1000); +} + +static uint64_t current_time_ms(void) +{ + struct timespec ts; + if (clock_gettime(CLOCK_MONOTONIC, &ts)) + exit(1); + return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; +} + +static void execute_one(void); + +#define WAIT_FLAGS 0 + +static void loop(void) +{ + int iter = 0; + for (;; iter++) { + int pid = fork(); + if (pid < 0) + exit(1); + if (pid == 0) { + execute_one(); + exit(0); + } + int status = 0; + uint64_t start = current_time_ms(); + for (;;) { + if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) + break; + sleep_ms(1); + if (current_time_ms() - start < 5000) + continue; + kill_and_wait(pid, &status); + break; + } + } +} + +uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; + +void execute_one(void) +{ + intptr_t res = 0; + res = syscall(SYS_socket, 0x1cul, 1ul, 0x84); + if (res != -1) + r[0] = res; + *(uint8_t*)0x20000240 = 0x1c; + *(uint8_t*)0x20000241 = 0x1c; + *(uint16_t*)0x20000242 = htobe16(0x4e23); + *(uint32_t*)0x20000244 = 0; + *(uint64_t*)0x20000248 = htobe64(0); + *(uint64_t*)0x20000250 = htobe64(1); + *(uint32_t*)0x20000258 = 0; + syscall(SYS_bind, r[0], 0x20000240ul, 0x1cul); + *(uint8_t*)0x20000080 = 0x1c; + *(uint8_t*)0x20000081 = 0x1c; + *(uint16_t*)0x20000082 = htobe16(0x4e23); + *(uint32_t*)0x20000084 = 0; + *(uint64_t*)0x20000088 = htobe64(0); + *(uint64_t*)0x20000090 = htobe64(1); + *(uint32_t*)0x20000098 = 0; + syscall(SYS_connect, r[0], 0x20000080ul, 0x1cul); + *(uint32_t*)0x20000000 = r[0]; + *(uint64_t*)0x20000008 = 0; + *(uint64_t*)0x20000010 = 0x200002c0; + *(uint64_t*)0x20000018 = 0; + *(uint32_t*)0x20000020 = 0; + *(uint32_t*)0x20000024 = 0; + *(uint64_t*)0x20000028 = 0; + *(uint32_t*)0x20000030 = 0; + *(uint32_t*)0x20000034 = 0; + *(uint64_t*)0x20000038 = 0; + *(uint64_t*)0x20000040 = 0; + *(uint64_t*)0x20000048 = 0; + *(uint32_t*)0x20000050 = 0; + *(uint32_t*)0x20000054 = 0; + *(uint32_t*)0x20000058 = 0; + *(uint32_t*)0x20000060 = 0; + syscall(SYS_aio_write, 0x20000000ul); + res = syscall(SYS_fcntl, r[0], 0ul, r[0]); + if (res != -1) + r[1] = res; + *(uint32_t*)0x20001540 = 0; + memset((void*)0x20001544, 6, 1); + syscall(SYS_setsockopt, r[1], 0x84, 0x901, 0x20001540ul, 8ul); +} +int main(void) +{ + syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul); + loop(); + return 0; +} +EOF +mycc -o /tmp/syzkaller50 -Wall -Wextra -O0 /tmp/syzkaller50.c || exit 1 + +kldstat | grep -q sctp || { kldload sctp.ko && loaded=1; } + +(cd ../testcases/swap; ./swap -t 3m -i 10 -l 100) & +for i in `jot 3`; do + (cd /tmp; timeout 3m ./syzkaller50) & + pids="$pids $!" +done +for pid in $pids; do + wait $pid +done +while pkill swap; do :; done +wait + +rm -rf /tmp/syzkaller50 syzkaller50.c /tmp/syzkaller.* +[ $loaded ] && kldunload sctp.ko +exit 0