From nobody Mon Jan 30 08:50:42 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P522V4ngPz3bxbp; Mon, 30 Jan 2023 08:50:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P522V4MFpz3l9b; Mon, 30 Jan 2023 08:50:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675068642; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5EhH014mku+RVegEJuWDs0C+PCJsr0Eb3STjhWms+1Y=; b=Lto03Jn7LzHcmkSOf2DhdhIE6XBqFKtphxJIFgB4G62cD8aRWZKDGi2mnifgLVIpF1hgRk cyLZkVBEcG/Xn9qpLMhIxk3rqIRxtxw93PPJAeI9uLT74lb4d4PqeC4F1J/oj0gaX8vD68 LUpRVz3d7hGgXP//gSeuKQxPV8b9zDUvO1r13nbAAm6vUBSMwrXX3Q5UOJIHE9K3oSriEh DsEKb6zvXtFT8WwsQiwKhZ7VIcv1GROgWA/vKfpGGBvBsQnYiGh6jR8Nv+yd9nPIpMfmHV i6JjSlFHPckozca33PtTzkpyyGdIy670dleZ5rg6rS9/ZSBZnbX83+x/tr4YCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675068642; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=5EhH014mku+RVegEJuWDs0C+PCJsr0Eb3STjhWms+1Y=; b=LAmQkmYZlgoW8nhYiNitSi8yKZ2hz6TcPdsF0QWdgaBsEuurXzNFY3wefaomDKO/O+AVt0 JLPRFMrEMV0UDmEP2RMkoNhTf1h5CZCQ8E8IFy41tVyPId5iSZB73TgJyWiKufDG7U8tie 6y4IS3V3C1tKJObCI6hOLynqzoAI6CnpD2+NyLT6yFSgFq7zoPedDYiXAak/tKIG2iwWpb d2svTeRt2uBlq3RSVPkMPYdWlrLw4jTwnazrduRQ6XjbZlQQ7WyK2VNEUCGmxUlIvzXCpx K7DL+EqeCxgooqZ3tFqSdWRIQAF2s19N1yRru38OuFS+CO8TZEtW+NAZQ/a2RA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675068642; a=rsa-sha256; cv=none; b=TodXjPUQWwAnjHtgB8oN5JfYkNPEK6vN6xf1w/Vdh9zCc5FSHNjuPW/kvrb/5OOY527dt1 FzsZ1tyY8hrD+enwh2WQSXTYpBLAu5YSltxpkC+UlACfSN7MfWwmLIzQhs4jRJqJxlivaE zzNCmDoqxwq3BKtzkkyeiZ50imewItRZoUw+6DpNWXTyQDrTV0UMVaN1t1OUTC6Jb/LIob E2qMJkWl1j5lKv6OZmNNG1pXr9KRHMGxs052/a3ZyDqmHanmkv6vwge0CkNT0JbPFLLbo0 1I91kHSL65r60/rmLUwxacg9TYZdjFk/d5B6SO5B+JW/N8nUr7URaddUvlE4/w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P522V3Q49z12RP; Mon, 30 Jan 2023 08:50:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 30U8ogJs083164; Mon, 30 Jan 2023 08:50:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 30U8ogHI083163; Mon, 30 Jan 2023 08:50:42 GMT (envelope-from git) Date: Mon, 30 Jan 2023 08:50:42 GMT Message-Id: <202301300850.30U8ogHI083163@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Peter Holm Subject: git: bbe0def9b079 - main - stress2: Added a syzkaller reproducer List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: pho X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bbe0def9b079e929c1920b00e60b713dbb6b7474 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by pho: URL: https://cgit.FreeBSD.org/src/commit/?id=bbe0def9b079e929c1920b00e60b713dbb6b7474 commit bbe0def9b079e929c1920b00e60b713dbb6b7474 Author: Peter Holm AuthorDate: 2023-01-30 08:50:19 +0000 Commit: Peter Holm CommitDate: 2023-01-30 08:50:19 +0000 stress2: Added a syzkaller reproducer --- tools/test/stress2/misc/syzkaller63.sh | 75 ++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/tools/test/stress2/misc/syzkaller63.sh b/tools/test/stress2/misc/syzkaller63.sh new file mode 100755 index 000000000000..647801dbdbb9 --- /dev/null +++ b/tools/test/stress2/misc/syzkaller63.sh @@ -0,0 +1,75 @@ +#!/bin/sh + +# Fatal trap 12: page fault while in kernel mode +# cpuid = 1; apic id = 01 +# fault virtual address = 0x20 +# fault code = supervisor read data, page not present +# instruction pointer = 0x20:0xfa1a2c +# stack pointer = 0x28:0x27a41a80 +# frame pointer = 0x28:0x27a41a98 +# code segment = base 0x0, limit 0xfffff, type 0x1b +# = DPL 0, pres 1, def32 1, gran 1 +# processor eflags = interrupt enabled, resume, IOPL = 0 +# current process = 804 (syzkaller63) +# trap number = 12 +# panic: page fault +# cpuid = 1 +# time = 1675071979 +# KDB: stack backtrace: +# db_trace_self_wrapper(d,2048e3a0,27a41a40,20,c,...) at db_trace_self_wrapper+0x28/frame 0x27a418d0 +# vpanic(146c355,27a4190c,27a4190c,27a41938,141f1d6,...) at vpanic+0xf4/frame 0x27a418ec +# panic(146c355,15010e8,0,fffff,1dfc39b,...) at panic+0x14/frame 0x27a41900 +# trap_fatal(2048e3a0,2048e3a0,27a4196c,1008e0a,18cd6638,...) at trap_fatal+0x346/frame 0x27a41938 +# trap_pfault(20,0,0) at trap_pfault+0x6f/frame 0x27a4196c +# trap(27a41a40,8,28,28,0,...) at trap+0x31b/frame 0x27a41a34 +# calltrap() at 0xffc0321f/frame 0x27a41a34 +# --- trap 0xc, eip = 0xfa1a2c, esp = 0x27a41a80, ebp = 0x27a41a98 --- +# kern_cpuset_getid(141f60e,0,9,0,0,0) at kern_cpuset_getid+0x10c/frame 0x27a41a98 +# sys_cpuset_getid(2048e3a0,2048e644,2048e3a0,2048e3a0,27a41b9c,...) at sys_cpuset_getid+0x32/frame 0x27a41ac0 +# syscall(27a41ba8,3b,3b,3b,ffbfe9fc,...) at syscall+0x1ef/frame 0x27a41b9c +# Xint0x80_syscall() at 0xffc03479/frame 0x27a41b9c +# --- syscall (486, FreeBSD ELF32, cpuset_getid), eip = 0x2056317d, esp = 0xffbfe990, ebp = 0xffbfe9b0 --- +# KDB: enter: panic +# [ thread pid 804 tid 100092 ] +# Stopped at kdb_enter+0x34: movl $0,kdb_why +# db> x/s version +# version: FreeBSD 14.0-CURRENT #0 main-n260354-34b867ca30479: Mon Jan 30 07:26:30 CET 2023 +# pho@mercat1.netperf.freebsd.org:/mnt25/obj/usr/src/i386.i386/sys/PHO +# db> + +. ../default.cfg +prog=$(basename "$0" .sh) +[ `uname -p` = "i386" ] || exit 0 + +cat > /tmp/$prog.c < +#include +#include +#include +#include +#include +#include +#include +#include +#include + +int main(void) +{ + syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); + syscall(SYS_cpuset_getid, 0, 9, 0ull, 0); + return 0; +} +EOF +mycc -o /tmp/$prog -Wall -Wextra -O0 /tmp/$prog.c || exit 1 + +(cd /tmp; timeout -k 3s 2s ./$prog) + +rm -rf /tmp/$prog /tmp/$prog.c /tmp/$prog.core \ + /tmp/syzkaller.?????? +exit 0