diff --git a/tools/test/stress2/misc/all.exclude b/tools/test/stress2/misc/all.exclude index 50e4d0ecc77b..e388fa8957d9 100644 --- a/tools/test/stress2/misc/all.exclude +++ b/tools/test/stress2/misc/all.exclude @@ -1,107 +1,107 @@ # List of tests not to run, unless the '-a' option is used with run.sh # Exclude names must start in column 1 backingstore.sh g_vfs_done():md6a[WRITE(offset=...)]error = 28 20111220 backingstore2.sh panic: 43 vncache entries remaining 20111220 backingstore3.sh g_vfs_done():md6a[WRITE(offset=...)]error = 28 20111230 dd.sh CAM stuck in vmwait 20200116 devfs4.sh Hang seen 20210210 force4.sh https://people.freebsd.org/~pho/stress/log/log0082.txt 20210328 fsync.sh panic: Journal overflow 20190208 fuse.sh Memory corruption seen in log file kostik734.txt 20141114 fuse2.sh Deadlock seen 20121129 fuse3.sh Deadlock seen 20141120 getrandom.sh Known DoS issue 20201107 getrandom2.sh Known DoS issue 20200302 gjournal.sh panic: Journal overflow 20190626 gjournal2.sh panic: Journal overflow 20180125 gjournal3.sh panic: Bio not on queue 20171225 gjournal4.sh CAM stuck in vmwait 20180517 gnop7.sh Waiting for patch commit 20190820 gnop8.sh Waiting for patch commit 20201214 gnop9.sh Waiting for patch commit 20201214 gnop10.sh Waiting for patch commit 20210105 graid1_8.sh Known issue 20170909 graid1_9.sh panic: Bad effnlink 20180212 lockf5.sh Spinning threads seen 20160718 ifconfig.sh Bug 253824 20210322 ifconfig2.sh https://people.freebsd.org/~pho/stress/log/log0051.txt 20210210 maxvnodes2.sh https://people.freebsd.org/~pho/stress/log/log0083.txt 20210329 memguard.sh https://people.freebsd.org/~pho/stress/log/log0088.txt 20210402 memguard2.sh Waiting for fix commit memguard3.sh Waiting for fix commit memsetdomain.sh May change policy for random threads to to domainset_fixed 20210104 mlockall2.sh Unrecoverable OOM killing seen 20190203 mlockall7.sh Needs further investigation 20210123 nfs15lockd.sh panic: Assertion td->td_realucred == td->td_ucred failed ... 20210211 newfs4.sh watchdog fired. newbuf 20190225 nfs10.sh Double fault 20151013 nfs13.sh mount_nfs hangs in mntref 20191007 nfs16.sh panic: Failed to register NFS lock locally - error=11 20160608 oom2.sh Hang in pfault 20180324 overcommit2.sh CAM stuck in vmwait seen 20200112 pageout.sh panic: handle_written_filepage: not started 20190218 pmc4.sh ld: error: /usr/lib/libpmc.so: undefined reference 20210124 pmc5.sh ld: error: /usr/lib/libpmc.so: undefined reference 20210124 pmc6.sh ld: error: /usr/lib/libpmc.so: undefined reference 20210124 quota10.sh people.freebsd.org/~pho/stress/log/quota10-2.txt 20200525 quota2.sh panic: dqflush: stray dquot 20120221 quota3.sh panic: softdep_deallocate_dependencies: unrecovered ... 20111222 quota7.sh panic: dqflush: stray dquot 20120221 -sctp.sh panic: Queues are not empty when handling ... i386 20201104 -sctp2.sh panic: soclose: SS_NOFDREF on enter 20200307 sctp3.sh panic: Queues are not empty when handling SHUTDOWN-COMPLETE 20210211 sendfile25.sh WiP 20200611 signal.sh Timing issues. Needs fixing 20171116 snap8.sh https://people.freebsd.org/~pho/stress/log/log0049.txt 20210216 snap9.sh panic: handle_written_filepage: not started 20170722 snap11.sh panic: handle_written_filepage: not started 20200928 swapoff2.sh swap_pager_force_pagein: read from swap failed 20171223 swapoff5.sh log0005.txt, known issue 20210111 systrace.sh WiP 20200227 systrace2.sh WiP 20200227 syzkaller11.sh WiP 20200721 syzkaller15.sh WiP 20200712 syzkaller16.sh WiP 20200620 syzkaller17.sh WiP 20200630 syzkaller19.sh WiP 20200712 syzkaller25.sh WiP 20201116 syzkaller28.sh WiP 20201120 syzkaller29.sh May change policy for random threads to to domainset_fixed 20210104 syzkaller30.sh May change policy for random threads to to domainset_fixed 20210104 syzkaller31.sh panic: Bad tailq NEXT(0xfffffe0079608f00->tqh_last) != NULL 20210322 syzkaller32.sh Fatal trap 18: integer divide fault while in kernel mode 20210322 syzkaller33.sh Fatal trap 18: integer divide fault while in kernel mode 20210418 +syzkaller35.sh panic: AEAD without a separate IV 20210508 +syzkaller36.sh panic: IV outside buffer length 20210508 truss3.sh WiP 20200915 unionfs.sh insmntque: non-locked vp: xx is not exclusive locked... 20130909 unionfs2.sh insmntque: mp-safe fs and non-locked vp is not ... 20111219 unionfs3.sh insmntque: mp-safe fs and non-locked vp is not ... 20111216 # Test not to run for other reasons: fuzz.sh A know issue marcus3.sh OK, but runs for a long time statfs.sh Not very interesting vunref.sh No problems ever seen vunref2.sh No problems ever seen # Snapshots has been disabled on SU+J suj15.sh suj16.sh suj19.sh suj20.sh suj21.sh suj22.sh suj24.sh suj25.sh suj26.sh suj27.sh suj28.sh # Exclude NFS loopback tests nfs2.sh panic: wrong diroffset 20140219 nfs5.sh nfs6.sh nfs11.sh vmwait deadlock 20151004 nullfs8.sh tmpfs18.sh mntref hang seen 20191019 diff --git a/tools/test/stress2/misc/syzkaller35.sh b/tools/test/stress2/misc/syzkaller35.sh new file mode 100755 index 000000000000..14619c24ab9c --- /dev/null +++ b/tools/test/stress2/misc/syzkaller35.sh @@ -0,0 +1,101 @@ +#!/bin/sh + +# panic: AEAD without a separate IV +# cpuid = 18 +# time = 1620305816 +# KDB: stack backtrace: +# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01aeea25d0 +# vpanic() at vpanic+0x181/frame 0xfffffe01aeea2620 +# panic() at panic+0x43/frame 0xfffffe01aeea2680 +# crp_sanity() at crp_sanity+0x4e9/frame 0xfffffe01aeea26b0 +# crypto_dispatch() at crypto_dispatch+0xf/frame 0xfffffe01aeea26d0 +# crypto_ioctl() at crypto_ioctl+0x1e33/frame 0xfffffe01aeea27e0 +# devfs_ioctl() at devfs_ioctl+0xcd/frame 0xfffffe01aeea2830 +# VOP_IOCTL_APV() at VOP_IOCTL_APV+0x59/frame 0xfffffe01aeea2850 +# vn_ioctl() at vn_ioctl+0x133/frame 0xfffffe01aeea2960 +# devfs_ioctl_f() at devfs_ioctl_f+0x1e/frame 0xfffffe01aeea2980 +# kern_ioctl() at kern_ioctl+0x289/frame 0xfffffe01aeea29f0 +# sys_ioctl() at sys_ioctl+0x12a/frame 0xfffffe01aeea2ac0 +# amd64_syscall() at amd64_syscall+0x147/frame 0xfffffe01aeea2bf0 +# fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01aeea2bf0 +# --- syscall (0, FreeBSD ELF64, nosys), rip = 0x8003827da, rsp = 0x7fffffffe848, rbp = 0x7fffffffe890 --- +# KDB: enter: panic +# [ thread pid 4018 tid 100350 ] +# Stopped at kdb_enter+0x37: movq $0,0x1282a9e(%rip) +# db> x/s version +# version: FreeBSD 14.0-CURRENT #0 main-n246502-49c894ddced: Thu May 6 09:17:33 CEST 2021 +# pho@t2.osted.lan:/usr/src/sys/amd64/compile/PHO +# db> + +[ `uname -p` != "amd64" ] && exit 0 +[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1 + +. ../default.cfg +cat > /tmp/syzkaller35.c < +#include +#include +#include +#include +#include +#include +#include +#include +#include + +uint64_t r[1] = {0xffffffffffffffff}; + +int main(void) +{ + syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul); + intptr_t res = 0; + memcpy((void*)0x20000340, "/dev/crypto\000", 12); + res = syscall(SYS_openat, 0xffffffffffffff9cul, 0x20000340ul, 0ul, 0ul); + if (res != -1) + r[0] = res; + *(uint32_t*)0x20000440 = 0x28; + *(uint32_t*)0x20000444 = 0; + *(uint32_t*)0x20000448 = 0x10; + *(uint64_t*)0x20000450 = 0x20000380; + memcpy((void*)0x20000380, + "\x3c\x02\x2e\x61\x79\x2e\xec\xb0\x7f\x8a\xee\x18\xe5\xaa\x35\x05", + 16); + *(uint32_t*)0x20000458 = 0; + *(uint64_t*)0x20000460 = 0; + *(uint32_t*)0x20000468 = 0; + *(uint32_t*)0x2000046c = 0xfdffffff; + *(uint32_t*)0x20000470 = 0; + *(uint32_t*)0x20000474 = 0; + *(uint32_t*)0x20000478 = 0; + *(uint32_t*)0x2000047c = 0; + syscall(SYS_ioctl, r[0], 0xc040636aul, 0x20000440ul); + *(uint32_t*)0x20000280 = 0; + *(uint16_t*)0x20000284 = 1; + *(uint16_t*)0x20000286 = 0; + *(uint32_t*)0x20000288 = 0xf0a; + *(uint32_t*)0x2000028c = 0; + *(uint32_t*)0x20000290 = 0; + *(uint64_t*)0x20000298 = 0x20000480; + *(uint64_t*)0x200002a0 = 0; + *(uint64_t*)0x200002a8 = 0; + *(uint64_t*)0x200002b0 = 0x20000680; + *(uint64_t*)0x200002b8 = 0; + syscall(SYS_ioctl, r[0], 0xc040636dul, 0x20000280ul); + return 0; +} +EOF +mycc -o /tmp/syzkaller35 -Wall -Wextra -O0 /tmp/syzkaller35.c || + exit 1 + +kldload cryptodev.ko && loaded=1 +(cd /tmp; timeout 3m ./syzkaller35) +[ $loaded ] && kldunload cryptodev.ko + +rm -rf /tmp/syzkaller35 syzkaller35.c /tmp/syzkaller.* +exit 0 diff --git a/tools/test/stress2/misc/syzkaller36.sh b/tools/test/stress2/misc/syzkaller36.sh new file mode 100755 index 000000000000..ca4678408a25 --- /dev/null +++ b/tools/test/stress2/misc/syzkaller36.sh @@ -0,0 +1,98 @@ +#!/bin/sh + +# panic: IV outside buffer length +# cpuid = 22 +# time = 1620355853 +# KDB: stack backtrace: +# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01af19d5d0 +# vpanic() at vpanic+0x181/frame 0xfffffe01af19d620 +# panic() at panic+0x43/frame 0xfffffe01af19d680 +# crp_sanity() at crp_sanity+0x212/frame 0xfffffe01af19d6b0 +# crypto_dispatch() at crypto_dispatch+0xf/frame 0xfffffe01af19d6d0 +# crypto_ioctl() at crypto_ioctl+0x18a9/frame 0xfffffe01af19d7e0 +# devfs_ioctl() at devfs_ioctl+0xcd/frame 0xfffffe01af19d830 +# VOP_IOCTL_APV() at VOP_IOCTL_APV+0x59/frame 0xfffffe01af19d850 +# vn_ioctl() at vn_ioctl+0x133/frame 0xfffffe01af19d960 +# devfs_ioctl_f() at devfs_ioctl_f+0x1e/frame 0xfffffe01af19d980 +# kern_ioctl() at kern_ioctl+0x289/frame 0xfffffe01af19d9f0 +# sys_ioctl() at sys_ioctl+0x12a/frame 0xfffffe01af19dac0 +# amd64_syscall() at amd64_syscall+0x147/frame 0xfffffe01af19dbf0 +# fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01af19dbf0 +# --- syscall (0, FreeBSD ELF64, nosys), rip = 0x8003827da, rsp = 0x7fffffffe4f8, rbp = 0x7fffffffe540 --- +# KDB: enter: panic +# [ thread pid 2908 tid 100493 ] +# Stopped at kdb_enter+0x37: movq $0,0x1282a9e(%rip) +# db> x/s version +# version: FreeBSD 14.0-CURRENT #1 main-n246506-be578b67b5a: Thu May 6 19:40:29 CEST 2021 +# pho@t2.osted.lan:/usr/src/sys/amd64/compile/PHO +# db> + +[ `uname -p` != "amd64" ] && exit 0 +[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1 + +. ../default.cfg +cat > /tmp/syzkaller36.c < +#include +#include +#include +#include +#include +#include +#include +#include +#include + +uint64_t r[1] = {0xffffffffffffffff}; + +int main(void) +{ + syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul); + intptr_t res = 0; + memcpy((void*)0x20000000, "/dev/crypto\000", 12); + res = syscall(SYS_openat, 0xffffffffffffff9cul, 0x20000000ul, 0ul, 0ul); + if (res != -1) + r[0] = res; + *(uint32_t*)0x20000440 = 0x17; + *(uint32_t*)0x20000444 = 0; + *(uint32_t*)0x20000448 = 0x10; + *(uint64_t*)0x20000450 = 0x200001c0; + memcpy((void*)0x200001c0, + "\x3c\x02\x2e\x61\x79\x2e\xec\xb0\x7f\x8a\xee\x18\xe5\xaa\x35\x05", + 16); + *(uint32_t*)0x20000458 = 0; + *(uint64_t*)0x20000460 = 0; + *(uint32_t*)0x20000468 = 0; + *(uint32_t*)0x2000046c = 0xfdffffff; + *(uint32_t*)0x20000470 = 0; + *(uint32_t*)0x20000474 = 0; + *(uint32_t*)0x20000478 = 0; + *(uint32_t*)0x2000047c = 0; + syscall(SYS_ioctl, r[0], 0xc040636aul, 0x20000440ul); + *(uint32_t*)0x20000180 = 0; + *(uint16_t*)0x20000184 = 1; + *(uint16_t*)0x20000186 = 0; + *(uint32_t*)0x20000188 = 7; + *(uint64_t*)0x20000190 = 0x20000200; + *(uint64_t*)0x20000198 = 0; + *(uint64_t*)0x200001a0 = 0; + *(uint64_t*)0x200001a8 = 0; + syscall(SYS_ioctl, r[0], 0xc0306367ul, 0x20000180ul); + return 0; +} +EOF +mycc -o /tmp/syzkaller36 -Wall -Wextra -O0 /tmp/syzkaller36.c || + exit 1 + +kldload cryptodev.ko && loaded=1 +(cd /tmp; timeout 3m ./syzkaller36) +[ $loaded ] && kldunload cryptodev.ko + +rm -rf /tmp/syzkaller36 syzkaller36.c /tmp/syzkaller.* +exit 0