ok github.com/google/syzkaller/dashboard/app (cached) ? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/executor 1.033s ok github.com/google/syzkaller/pkg/ast 1.617s ok github.com/google/syzkaller/pkg/bisect 46.233s ok github.com/google/syzkaller/pkg/build 0.125s ok github.com/google/syzkaller/pkg/compiler 9.141s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/cover (cached) ? github.com/google/syzkaller/pkg/cover/backend [no test files] --- FAIL: TestGenerate (5.10s) --- FAIL: TestGenerate/freebsd/386 (0.74s) csource_test.go:52: seed=1613065041497043173 --- FAIL: TestGenerate/freebsd/386/4 (0.42s) csource_test.go:108: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:10 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (; iter < 10; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_kqueue); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup2, -1, (intptr_t)r[0]); if (res != -1) r[1] = res; break; case 2: syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); break; case 3: res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[2] = res; break; case 4: syscall(SYS_flock, (intptr_t)r[2], 8); break; case 5: memcpy((void*)0x10000080, "/$\\\273}/%\000", 8); syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); break; case 6: syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); break; case 7: *(uint32_t*)0x10000100 = 0xc; syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); break; case 8: memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024); memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32); *(uint32_t*)0x10000660 = -1; *(uint8_t*)0x10000664 = 4; *(uint32_t*)0x10000668 = 0x10000140; memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221); *(uint64_t*)0x1000066c = 0xfffffffffffffff9; *(uint64_t*)0x10000674 = 3; *(uint64_t*)0x1000067c = 6; *(uint64_t*)0x10000684 = 4; *(uint64_t*)0x1000068c = 0x1679; *(uint64_t*)0x10000694 = 4; *(uint64_t*)0x1000069c = 9; *(uint32_t*)0x100006a4 = 6; syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); break; case 9: *(uint32_t*)0x10000700 = 5; syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); break; case 10: *(uint8_t*)0x10000000 = 0; *(uint8_t*)0x10000001 = 0; *(uint8_t*)0x10000002 = 0; *(uint8_t*)0x10000003 = 0; *(uint8_t*)0x10000004 = 0; *(uint8_t*)0x10000005 = 0; *(uint8_t*)0x10000006 = -1; *(uint8_t*)0x10000007 = -1; *(uint8_t*)0x10000008 = -1; *(uint8_t*)0x10000009 = -1; *(uint8_t*)0x1000000a = -1; *(uint8_t*)0x1000000b = -1; *(uint16_t*)0x1000000c = htobe16(0x88a8); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12); *(uint16_t*)0x10000014 = htobe16(0x806); *(uint16_t*)0x10000016 = htobe16(1); *(uint16_t*)0x10000018 = htobe16(0x800); *(uint8_t*)0x1000001a = 6; *(uint8_t*)0x1000001b = 4; *(uint16_t*)0x1000001c = htobe16(4); *(uint8_t*)0x1000001e = 0xaa; *(uint8_t*)0x1000001f = 0xaa; *(uint8_t*)0x10000020 = 0xaa; *(uint8_t*)0x10000021 = 0xaa; *(uint8_t*)0x10000022 = 0xaa; *(uint8_t*)0x10000023 = 0xaa; *(uint32_t*)0x10000024 = htobe32(0xe0000001); *(uint8_t*)0x10000028 = 0xaa; *(uint8_t*)0x10000029 = 0xaa; *(uint8_t*)0x1000002a = 0xaa; *(uint8_t*)0x1000002b = 0xaa; *(uint8_t*)0x1000002c = 0xaa; *(uint8_t*)0x1000002d = 0xbb; *(uint32_t*)0x1000002e = htobe32(0x81); break; case 11: memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53); syz_execute_func(0x10000040); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :332:11: error: use of undeclared identifier 'SYS_freebsd12_closefrom' syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor090928706 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/0 (0.48s) csource_test.go:108: opts: {Threaded:false Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; res = syscall(SYS_kqueue); if (res != -1) r[0] = res; res = syscall(SYS_dup2, -1, (intptr_t)r[0]); if (res != -1) r[1] = res; syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[2] = res; syscall(SYS_flock, (intptr_t)r[2], 8); memcpy((void*)0x10000080, "/$\\\273}/%\000", 8); syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); *(uint32_t*)0x10000100 = 0xc; syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024); memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32); *(uint32_t*)0x10000660 = -1; *(uint8_t*)0x10000664 = 4; *(uint32_t*)0x10000668 = 0x10000140; memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221); *(uint64_t*)0x1000066c = 0xfffffffffffffff9; *(uint64_t*)0x10000674 = 3; *(uint64_t*)0x1000067c = 6; *(uint64_t*)0x10000684 = 4; *(uint64_t*)0x1000068c = 0x1679; *(uint64_t*)0x10000694 = 4; *(uint64_t*)0x1000069c = 9; *(uint32_t*)0x100006a4 = 6; syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); *(uint32_t*)0x10000700 = 5; syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); *(uint8_t*)0x10000000 = 0; *(uint8_t*)0x10000001 = 0; *(uint8_t*)0x10000002 = 0; *(uint8_t*)0x10000003 = 0; *(uint8_t*)0x10000004 = 0; *(uint8_t*)0x10000005 = 0; *(uint8_t*)0x10000006 = -1; *(uint8_t*)0x10000007 = -1; *(uint8_t*)0x10000008 = -1; *(uint8_t*)0x10000009 = -1; *(uint8_t*)0x1000000a = -1; *(uint8_t*)0x1000000b = -1; *(uint16_t*)0x1000000c = htobe16(0x88a8); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12); *(uint16_t*)0x10000014 = htobe16(0x806); *(uint16_t*)0x10000016 = htobe16(1); *(uint16_t*)0x10000018 = htobe16(0x800); *(uint8_t*)0x1000001a = 6; *(uint8_t*)0x1000001b = 4; *(uint16_t*)0x1000001c = htobe16(4); *(uint8_t*)0x1000001e = 0xaa; *(uint8_t*)0x1000001f = 0xaa; *(uint8_t*)0x10000020 = 0xaa; *(uint8_t*)0x10000021 = 0xaa; *(uint8_t*)0x10000022 = 0xaa; *(uint8_t*)0x10000023 = 0xaa; *(uint32_t*)0x10000024 = htobe32(0xe0000001); *(uint8_t*)0x10000028 = 0xaa; *(uint8_t*)0x10000029 = 0xaa; *(uint8_t*)0x1000002a = 0xaa; *(uint8_t*)0x1000002b = 0xaa; *(uint8_t*)0x1000002c = 0xaa; *(uint8_t*)0x1000002d = 0xbb; *(uint32_t*)0x1000002e = htobe32(0x81); memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53); syz_execute_func(0x10000040); } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :181:10: error: use of undeclared identifier 'SYS_freebsd12_closefrom' syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor981335236 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/12 (0.49s) csource_test.go:108: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:true Repro:false Trace:false} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (sig == SIGBUS) { valid = 1; } if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) ({ int ok = 1; __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); if (_setjmp(segv_env) == 0) { __VA_ARGS__; } else ok = 0; __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); ok; }) static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_kqueue); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup2, -1, (intptr_t)r[0]); if (res != -1) r[1] = res; break; case 2: syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); break; case 3: res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[2] = res; break; case 4: syscall(SYS_flock, (intptr_t)r[2], 8); break; case 5: NONFAILING(memcpy((void*)0x10000080, "/$\\\273}/%\000", 8)); syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); break; case 6: syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); break; case 7: NONFAILING(*(uint32_t*)0x10000100 = 0xc); syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); break; case 8: NONFAILING(memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024)); NONFAILING(memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32)); NONFAILING(*(uint32_t*)0x10000660 = -1); NONFAILING(*(uint8_t*)0x10000664 = 4); NONFAILING(*(uint32_t*)0x10000668 = 0x10000140); NONFAILING(memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221)); NONFAILING(*(uint64_t*)0x1000066c = 0xfffffffffffffff9); NONFAILING(*(uint64_t*)0x10000674 = 3); NONFAILING(*(uint64_t*)0x1000067c = 6); NONFAILING(*(uint64_t*)0x10000684 = 4); NONFAILING(*(uint64_t*)0x1000068c = 0x1679); NONFAILING(*(uint64_t*)0x10000694 = 4); NONFAILING(*(uint64_t*)0x1000069c = 9); NONFAILING(*(uint32_t*)0x100006a4 = 6); syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); break; case 9: NONFAILING(*(uint32_t*)0x10000700 = 5); syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); break; case 10: NONFAILING(*(uint8_t*)0x10000000 = 0); NONFAILING(*(uint8_t*)0x10000001 = 0); NONFAILING(*(uint8_t*)0x10000002 = 0); NONFAILING(*(uint8_t*)0x10000003 = 0); NONFAILING(*(uint8_t*)0x10000004 = 0); NONFAILING(*(uint8_t*)0x10000005 = 0); NONFAILING(*(uint8_t*)0x10000006 = -1); NONFAILING(*(uint8_t*)0x10000007 = -1); NONFAILING(*(uint8_t*)0x10000008 = -1); NONFAILING(*(uint8_t*)0x10000009 = -1); NONFAILING(*(uint8_t*)0x1000000a = -1); NONFAILING(*(uint8_t*)0x1000000b = -1); NONFAILING(*(uint16_t*)0x1000000c = htobe16(0x88a8)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12)); NONFAILING(*(uint16_t*)0x10000010 = htobe16(0x8100)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1)); NONFAILING(STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12)); NONFAILING(*(uint16_t*)0x10000014 = htobe16(0x806)); NONFAILING(*(uint16_t*)0x10000016 = htobe16(1)); NONFAILING(*(uint16_t*)0x10000018 = htobe16(0x800)); NONFAILING(*(uint8_t*)0x1000001a = 6); NONFAILING(*(uint8_t*)0x1000001b = 4); NONFAILING(*(uint16_t*)0x1000001c = htobe16(4)); NONFAILING(*(uint8_t*)0x1000001e = 0xaa); NONFAILING(*(uint8_t*)0x1000001f = 0xaa); NONFAILING(*(uint8_t*)0x10000020 = 0xaa); NONFAILING(*(uint8_t*)0x10000021 = 0xaa); NONFAILING(*(uint8_t*)0x10000022 = 0xaa); NONFAILING(*(uint8_t*)0x10000023 = 0xaa); NONFAILING(*(uint32_t*)0x10000024 = htobe32(0xe0000001)); NONFAILING(*(uint8_t*)0x10000028 = 0xaa); NONFAILING(*(uint8_t*)0x10000029 = 0xaa); NONFAILING(*(uint8_t*)0x1000002a = 0xaa); NONFAILING(*(uint8_t*)0x1000002b = 0xaa); NONFAILING(*(uint8_t*)0x1000002c = 0xaa); NONFAILING(*(uint8_t*)0x1000002d = 0xbb); NONFAILING(*(uint32_t*)0x1000002e = htobe32(0x81)); break; case 11: NONFAILING(memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53)); NONFAILING(syz_execute_func(0x10000040)); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); install_segv_handler(); use_temporary_dir(); do_sandbox_none(); return 0; } :364:11: error: use of undeclared identifier 'SYS_freebsd12_closefrom' syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor513782969 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/7 (0.66s) csource_test.go:108: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:10 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 500); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 15000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_kqueue); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup2, -1, (intptr_t)r[0]); if (res != -1) r[1] = res; break; case 2: syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); break; case 3: res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[2] = res; break; case 4: syscall(SYS_flock, (intptr_t)r[2], 8); break; case 5: memcpy((void*)0x10000080, "/$\\\273}/%\000", 8); syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); break; case 6: syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); break; case 7: *(uint32_t*)0x10000100 = 0xc; syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); break; case 8: memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024); memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32); *(uint32_t*)0x10000660 = -1; *(uint8_t*)0x10000664 = 4; *(uint32_t*)0x10000668 = 0x10000140; memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221); *(uint64_t*)0x1000066c = 0xfffffffffffffff9; *(uint64_t*)0x10000674 = 3; *(uint64_t*)0x1000067c = 6; *(uint64_t*)0x10000684 = 4; *(uint64_t*)0x1000068c = 0x1679; *(uint64_t*)0x10000694 = 4; *(uint64_t*)0x1000069c = 9; *(uint32_t*)0x100006a4 = 6; syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); break; case 9: *(uint32_t*)0x10000700 = 5; syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); break; case 10: *(uint8_t*)0x10000000 = 0; *(uint8_t*)0x10000001 = 0; *(uint8_t*)0x10000002 = 0; *(uint8_t*)0x10000003 = 0; *(uint8_t*)0x10000004 = 0; *(uint8_t*)0x10000005 = 0; *(uint8_t*)0x10000006 = -1; *(uint8_t*)0x10000007 = -1; *(uint8_t*)0x10000008 = -1; *(uint8_t*)0x10000009 = -1; *(uint8_t*)0x1000000a = -1; *(uint8_t*)0x1000000b = -1; *(uint16_t*)0x1000000c = htobe16(0x88a8); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12); *(uint16_t*)0x10000014 = htobe16(0x806); *(uint16_t*)0x10000016 = htobe16(1); *(uint16_t*)0x10000018 = htobe16(0x800); *(uint8_t*)0x1000001a = 6; *(uint8_t*)0x1000001b = 4; *(uint16_t*)0x1000001c = htobe16(4); *(uint8_t*)0x1000001e = 0xaa; *(uint8_t*)0x1000001f = 0xaa; *(uint8_t*)0x10000020 = 0xaa; *(uint8_t*)0x10000021 = 0xaa; *(uint8_t*)0x10000022 = 0xaa; *(uint8_t*)0x10000023 = 0xaa; *(uint32_t*)0x10000024 = htobe32(0xe0000001); *(uint8_t*)0x10000028 = 0xaa; *(uint8_t*)0x10000029 = 0xaa; *(uint8_t*)0x1000002a = 0xaa; *(uint8_t*)0x1000002b = 0xaa; *(uint8_t*)0x1000002c = 0xaa; *(uint8_t*)0x1000002d = 0xbb; *(uint32_t*)0x1000002e = htobe32(0x81); break; case 11: memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53); syz_execute_func(0x10000040); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :332:11: error: use of undeclared identifier 'SYS_freebsd12_closefrom' syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor589094227 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/5 (0.80s) csource_test.go:108: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_kqueue); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup2, -1, (intptr_t)r[0]); if (res != -1) r[1] = res; break; case 2: syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); break; case 3: res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[2] = res; break; case 4: syscall(SYS_flock, (intptr_t)r[2], 8); break; case 5: memcpy((void*)0x10000080, "/$\\\273}/%\000", 8); syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); break; case 6: syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); break; case 7: *(uint32_t*)0x10000100 = 0xc; syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); break; case 8: memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024); memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32); *(uint32_t*)0x10000660 = -1; *(uint8_t*)0x10000664 = 4; *(uint32_t*)0x10000668 = 0x10000140; memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221); *(uint64_t*)0x1000066c = 0xfffffffffffffff9; *(uint64_t*)0x10000674 = 3; *(uint64_t*)0x1000067c = 6; *(uint64_t*)0x10000684 = 4; *(uint64_t*)0x1000068c = 0x1679; *(uint64_t*)0x10000694 = 4; *(uint64_t*)0x1000069c = 9; *(uint32_t*)0x100006a4 = 6; syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); break; case 9: *(uint32_t*)0x10000700 = 5; syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); break; case 10: *(uint8_t*)0x10000000 = 0; *(uint8_t*)0x10000001 = 0; *(uint8_t*)0x10000002 = 0; *(uint8_t*)0x10000003 = 0; *(uint8_t*)0x10000004 = 0; *(uint8_t*)0x10000005 = 0; *(uint8_t*)0x10000006 = -1; *(uint8_t*)0x10000007 = -1; *(uint8_t*)0x10000008 = -1; *(uint8_t*)0x10000009 = -1; *(uint8_t*)0x1000000a = -1; *(uint8_t*)0x1000000b = -1; *(uint16_t*)0x1000000c = htobe16(0x88a8); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12); *(uint16_t*)0x10000014 = htobe16(0x806); *(uint16_t*)0x10000016 = htobe16(1); *(uint16_t*)0x10000018 = htobe16(0x800); *(uint8_t*)0x1000001a = 6; *(uint8_t*)0x1000001b = 4; *(uint16_t*)0x1000001c = htobe16(4); *(uint8_t*)0x1000001e = 0xaa; *(uint8_t*)0x1000001f = 0xaa; *(uint8_t*)0x10000020 = 0xaa; *(uint8_t*)0x10000021 = 0xaa; *(uint8_t*)0x10000022 = 0xaa; *(uint8_t*)0x10000023 = 0xaa; *(uint32_t*)0x10000024 = htobe32(0xe0000001); *(uint8_t*)0x10000028 = 0xaa; *(uint8_t*)0x10000029 = 0xaa; *(uint8_t*)0x1000002a = 0xaa; *(uint8_t*)0x1000002b = 0xaa; *(uint8_t*)0x1000002c = 0xaa; *(uint8_t*)0x1000002d = 0xbb; *(uint32_t*)0x1000002e = htobe32(0x81); break; case 11: memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53); syz_execute_func(0x10000040); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :332:11: error: use of undeclared identifier 'SYS_freebsd12_closefrom' syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor464520248 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/6 (0.82s) csource_test.go:108: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_kqueue); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup2, -1, (intptr_t)r[0]); if (res != -1) r[1] = res; break; case 2: syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); break; case 3: res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[2] = res; break; case 4: syscall(SYS_flock, (intptr_t)r[2], 8); break; case 5: memcpy((void*)0x10000080, "/$\\\273}/%\000", 8); syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); break; case 6: syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); break; case 7: *(uint32_t*)0x10000100 = 0xc; syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); break; case 8: memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024); memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32); *(uint32_t*)0x10000660 = -1; *(uint8_t*)0x10000664 = 4; *(uint32_t*)0x10000668 = 0x10000140; memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221); *(uint64_t*)0x1000066c = 0xfffffffffffffff9; *(uint64_t*)0x10000674 = 3; *(uint64_t*)0x1000067c = 6; *(uint64_t*)0x10000684 = 4; *(uint64_t*)0x1000068c = 0x1679; *(uint64_t*)0x10000694 = 4; *(uint64_t*)0x1000069c = 9; *(uint32_t*)0x100006a4 = 6; syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); break; case 9: *(uint32_t*)0x10000700 = 5; syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); break; case 10: *(uint8_t*)0x10000000 = 0; *(uint8_t*)0x10000001 = 0; *(uint8_t*)0x10000002 = 0; *(uint8_t*)0x10000003 = 0; *(uint8_t*)0x10000004 = 0; *(uint8_t*)0x10000005 = 0; *(uint8_t*)0x10000006 = -1; *(uint8_t*)0x10000007 = -1; *(uint8_t*)0x10000008 = -1; *(uint8_t*)0x10000009 = -1; *(uint8_t*)0x1000000a = -1; *(uint8_t*)0x1000000b = -1; *(uint16_t*)0x1000000c = htobe16(0x88a8); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12); *(uint16_t*)0x10000014 = htobe16(0x806); *(uint16_t*)0x10000016 = htobe16(1); *(uint16_t*)0x10000018 = htobe16(0x800); *(uint8_t*)0x1000001a = 6; *(uint8_t*)0x1000001b = 4; *(uint16_t*)0x1000001c = htobe16(4); *(uint8_t*)0x1000001e = 0xaa; *(uint8_t*)0x1000001f = 0xaa; *(uint8_t*)0x10000020 = 0xaa; *(uint8_t*)0x10000021 = 0xaa; *(uint8_t*)0x10000022 = 0xaa; *(uint8_t*)0x10000023 = 0xaa; *(uint32_t*)0x10000024 = htobe32(0xe0000001); *(uint8_t*)0x10000028 = 0xaa; *(uint8_t*)0x10000029 = 0xaa; *(uint8_t*)0x1000002a = 0xaa; *(uint8_t*)0x1000002b = 0xaa; *(uint8_t*)0x1000002c = 0xaa; *(uint8_t*)0x1000002d = 0xbb; *(uint32_t*)0x1000002e = htobe32(0x81); break; case 11: memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53); syz_execute_func(0x10000040); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); for (procid = 0; procid < 4; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :334:11: error: use of undeclared identifier 'SYS_freebsd12_closefrom' syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor408088726 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/15 (0.81s) csource_test.go:108: opts: {Threaded:true Collide:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; int collide = 0; again: for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_kqueue); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup2, -1, (intptr_t)r[0]); if (res != -1) r[1] = res; break; case 2: syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); break; case 3: res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[2] = res; break; case 4: syscall(SYS_flock, (intptr_t)r[2], 8); break; case 5: memcpy((void*)0x10000080, "/$\\\273}/%\000", 8); syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); break; case 6: syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); break; case 7: *(uint32_t*)0x10000100 = 0xc; syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); break; case 8: memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024); memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32); *(uint32_t*)0x10000660 = -1; *(uint8_t*)0x10000664 = 4; *(uint32_t*)0x10000668 = 0x10000140; memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221); *(uint64_t*)0x1000066c = 0xfffffffffffffff9; *(uint64_t*)0x10000674 = 3; *(uint64_t*)0x1000067c = 6; *(uint64_t*)0x10000684 = 4; *(uint64_t*)0x1000068c = 0x1679; *(uint64_t*)0x10000694 = 4; *(uint64_t*)0x1000069c = 9; *(uint32_t*)0x100006a4 = 6; syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); break; case 9: *(uint32_t*)0x10000700 = 5; syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); break; case 10: *(uint8_t*)0x10000000 = 0; *(uint8_t*)0x10000001 = 0; *(uint8_t*)0x10000002 = 0; *(uint8_t*)0x10000003 = 0; *(uint8_t*)0x10000004 = 0; *(uint8_t*)0x10000005 = 0; *(uint8_t*)0x10000006 = -1; *(uint8_t*)0x10000007 = -1; *(uint8_t*)0x10000008 = -1; *(uint8_t*)0x10000009 = -1; *(uint8_t*)0x1000000a = -1; *(uint8_t*)0x1000000b = -1; *(uint16_t*)0x1000000c = htobe16(0x88a8); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12); *(uint16_t*)0x10000014 = htobe16(0x806); *(uint16_t*)0x10000016 = htobe16(1); *(uint16_t*)0x10000018 = htobe16(0x800); *(uint8_t*)0x1000001a = 6; *(uint8_t*)0x1000001b = 4; *(uint16_t*)0x1000001c = htobe16(4); *(uint8_t*)0x1000001e = 0xaa; *(uint8_t*)0x1000001f = 0xaa; *(uint8_t*)0x10000020 = 0xaa; *(uint8_t*)0x10000021 = 0xaa; *(uint8_t*)0x10000022 = 0xaa; *(uint8_t*)0x10000023 = 0xaa; *(uint32_t*)0x10000024 = htobe32(0xe0000001); *(uint8_t*)0x10000028 = 0xaa; *(uint8_t*)0x10000029 = 0xaa; *(uint8_t*)0x1000002a = 0xaa; *(uint8_t*)0x1000002b = 0xaa; *(uint8_t*)0x1000002c = 0xaa; *(uint8_t*)0x1000002d = 0xbb; *(uint32_t*)0x1000002e = htobe32(0x81); break; case 11: memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53); syz_execute_func(0x10000040); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); for (procid = 0; procid < 2; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :344:11: error: use of undeclared identifier 'SYS_freebsd12_closefrom' syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor721884413 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/14 (0.96s) csource_test.go:108: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:true} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { fprintf(stderr, "### start\n"); int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_kqueue); fprintf(stderr, "### call=0 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup2, -1, (intptr_t)r[0]); fprintf(stderr, "### call=1 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[1] = res; break; case 2: res = syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); fprintf(stderr, "### call=2 errno=%u\n", res == -1 ? errno : 0); break; case 3: res = syscall(SYS_socket, 2, 2, 0); fprintf(stderr, "### call=3 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[2] = res; break; case 4: res = syscall(SYS_flock, (intptr_t)r[2], 8); fprintf(stderr, "### call=4 errno=%u\n", res == -1 ? errno : 0); break; case 5: memcpy((void*)0x10000080, "/$\\\273}/%\000", 8); res = syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); fprintf(stderr, "### call=5 errno=%u\n", res == -1 ? errno : 0); break; case 6: res = syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); fprintf(stderr, "### call=6 errno=%u\n", res == -1 ? errno : 0); break; case 7: *(uint32_t*)0x10000100 = 0xc; res = syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); fprintf(stderr, "### call=7 errno=%u\n", res == -1 ? errno : 0); break; case 8: memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024); memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32); *(uint32_t*)0x10000660 = -1; *(uint8_t*)0x10000664 = 4; *(uint32_t*)0x10000668 = 0x10000140; memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221); *(uint64_t*)0x1000066c = 0xfffffffffffffff9; *(uint64_t*)0x10000674 = 3; *(uint64_t*)0x1000067c = 6; *(uint64_t*)0x10000684 = 4; *(uint64_t*)0x1000068c = 0x1679; *(uint64_t*)0x10000694 = 4; *(uint64_t*)0x1000069c = 9; *(uint32_t*)0x100006a4 = 6; res = syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); fprintf(stderr, "### call=8 errno=%u\n", res == -1 ? errno : 0); break; case 9: *(uint32_t*)0x10000700 = 5; res = syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); fprintf(stderr, "### call=9 errno=%u\n", res == -1 ? errno : 0); break; case 10: *(uint8_t*)0x10000000 = 0; *(uint8_t*)0x10000001 = 0; *(uint8_t*)0x10000002 = 0; *(uint8_t*)0x10000003 = 0; *(uint8_t*)0x10000004 = 0; *(uint8_t*)0x10000005 = 0; *(uint8_t*)0x10000006 = -1; *(uint8_t*)0x10000007 = -1; *(uint8_t*)0x10000008 = -1; *(uint8_t*)0x10000009 = -1; *(uint8_t*)0x1000000a = -1; *(uint8_t*)0x1000000b = -1; *(uint16_t*)0x1000000c = htobe16(0x88a8); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12); *(uint16_t*)0x10000014 = htobe16(0x806); *(uint16_t*)0x10000016 = htobe16(1); *(uint16_t*)0x10000018 = htobe16(0x800); *(uint8_t*)0x1000001a = 6; *(uint8_t*)0x1000001b = 4; *(uint16_t*)0x1000001c = htobe16(4); *(uint8_t*)0x1000001e = 0xaa; *(uint8_t*)0x1000001f = 0xaa; *(uint8_t*)0x10000020 = 0xaa; *(uint8_t*)0x10000021 = 0xaa; *(uint8_t*)0x10000022 = 0xaa; *(uint8_t*)0x10000023 = 0xaa; *(uint32_t*)0x10000024 = htobe32(0xe0000001); *(uint8_t*)0x10000028 = 0xaa; *(uint8_t*)0x10000029 = 0xaa; *(uint8_t*)0x1000002a = 0xaa; *(uint8_t*)0x1000002b = 0xaa; *(uint8_t*)0x1000002c = 0xaa; *(uint8_t*)0x1000002d = 0xbb; *(uint32_t*)0x1000002e = htobe32(0x81); (void)res; break; case 11: memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53); res = -1; errno = EFAULT; res = syz_execute_func(0x10000040); fprintf(stderr, "### call=11 errno=%u\n", res == -1 ? errno : 0); break; case 12: (void)res; break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :339:17: error: use of undeclared identifier 'SYS_freebsd12_closefrom' res = syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor171310647 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/3 (0.90s) csource_test.go:108: opts: {Threaded:true Collide:false Repeat:false RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_kqueue); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup2, -1, (intptr_t)r[0]); if (res != -1) r[1] = res; break; case 2: syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); break; case 3: res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[2] = res; break; case 4: syscall(SYS_flock, (intptr_t)r[2], 8); break; case 5: memcpy((void*)0x10000080, "/$\\\273}/%\000", 8); syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); break; case 6: syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); break; case 7: *(uint32_t*)0x10000100 = 0xc; syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); break; case 8: memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024); memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32); *(uint32_t*)0x10000660 = -1; *(uint8_t*)0x10000664 = 4; *(uint32_t*)0x10000668 = 0x10000140; memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221); *(uint64_t*)0x1000066c = 0xfffffffffffffff9; *(uint64_t*)0x10000674 = 3; *(uint64_t*)0x1000067c = 6; *(uint64_t*)0x10000684 = 4; *(uint64_t*)0x1000068c = 0x1679; *(uint64_t*)0x10000694 = 4; *(uint64_t*)0x1000069c = 9; *(uint32_t*)0x100006a4 = 6; syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); break; case 9: *(uint32_t*)0x10000700 = 5; syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); break; case 10: *(uint8_t*)0x10000000 = 0; *(uint8_t*)0x10000001 = 0; *(uint8_t*)0x10000002 = 0; *(uint8_t*)0x10000003 = 0; *(uint8_t*)0x10000004 = 0; *(uint8_t*)0x10000005 = 0; *(uint8_t*)0x10000006 = -1; *(uint8_t*)0x10000007 = -1; *(uint8_t*)0x10000008 = -1; *(uint8_t*)0x10000009 = -1; *(uint8_t*)0x1000000a = -1; *(uint8_t*)0x1000000b = -1; *(uint16_t*)0x1000000c = htobe16(0x88a8); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12); *(uint16_t*)0x10000014 = htobe16(0x806); *(uint16_t*)0x10000016 = htobe16(1); *(uint16_t*)0x10000018 = htobe16(0x800); *(uint8_t*)0x1000001a = 6; *(uint8_t*)0x1000001b = 4; *(uint16_t*)0x1000001c = htobe16(4); *(uint8_t*)0x1000001e = 0xaa; *(uint8_t*)0x1000001f = 0xaa; *(uint8_t*)0x10000020 = 0xaa; *(uint8_t*)0x10000021 = 0xaa; *(uint8_t*)0x10000022 = 0xaa; *(uint8_t*)0x10000023 = 0xaa; *(uint32_t*)0x10000024 = htobe32(0xe0000001); *(uint8_t*)0x10000028 = 0xaa; *(uint8_t*)0x10000029 = 0xaa; *(uint8_t*)0x1000002a = 0xaa; *(uint8_t*)0x1000002b = 0xaa; *(uint8_t*)0x1000002c = 0xaa; *(uint8_t*)0x1000002d = 0xbb; *(uint32_t*)0x1000002e = htobe32(0x81); break; case 11: memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53); syz_execute_func(0x10000040); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :251:11: error: use of undeclared identifier 'SYS_freebsd12_closefrom' syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor399885866 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/13 (0.94s) csource_test.go:108: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: r0 = kqueue() r1 = dup2(0xffffffffffffffff, r0) freebsd11_fstat(r1, &(0x7f0000000000)) r2 = socket$inet_udp(0x2, 0x2, 0x0) flock(r2, 0x8) extattr_delete_fd(r2, 0x1, &(0x7f0000000080)='/$\\\xbb}/%\x00') freebsd12_closefrom(r2) getsockopt$inet_mreqsrc(r2, 0x0, 0x46, &(0x7f00000000c0)={@empty, @local, @multicast1}, &(0x7f0000000100)=0xc) ioctl$DIOCRGETASTATS(r1, 0xc4504447, &(0x7f0000000240)={{"a1740ea9d3dde8c7f900973c9f7b4d36d59465aeefb6c31e1a1a93c666ba8b20a55e6aff30d06ef3b2e7d1e2f30d84af84130cd2e27c4f2ee2154517f289b262e070daabfe225447b9f8c4acb69f59336d096ade1d70f6d69098c451493a1fa41090f53baf2d0c5f7a10c83d29398d9dbe527304a42db05b7a3226d432d34ae0a091b58e26261254c970d80dc96f04943b864c8748843567bab2ba79db4f588d203e016149e21e413f3f416901083f9286aaa727a49d72c769829e8024354fc324a99067a7b7da16f7644d96dc3c57c10e1a751a99acfaf14508c6dcc54ef43f74363f4f6f417c33dd2749f6f10d3c704a5876a135f227cca90af85ef182256ed221c38e0c50677a802d6002f50e481167eccb1758b77bdde2a3d2465f147ab979875cb125b067cd37043d0513bcbdc5e79b208f7c2d6383e2284a58a5db5e955c71fe9cb3d122c0c7e7c47353f29b8e49065f973fdb9dae899acd12e59a4fff41fe3978415a5a6d5a55f590111195ba73cfb332f80ecf85c3ff957183cecd2bf069904dc8daf35f54e8847fec3e0f928b06a5355b3c1989283ddea2e77bfc50af6365dc505a6538d4ec5cff65090ff09b12f800ebce602ab635607a88ba3eeb916ce6031fc26c0fa7272200a9980d707796b6c917a79206d2c4c09ea418fca9db36f6ac0daf5902352c7de03af42c3d1ff5079455ace7b7120a004db7138300acf97e39fe51ccb6ce64386500a2f95b617fbc352a25f120b4a7c7cf1d28ea6c4b1b371553e9223051ef978d879df74e5975121fc80060b82392bd626293980cdcc501d542384573a83f3a1a06aee53a60a292aa1ab1147cbab6ef8d6af2173d0258b0327528a396af20d66c8d33d02493a7ad292f04787588ee1b5c4a9c313b18decfe3036601816c95e1887f077d523ffd3b73c91708d67499ff77089ea0f00365b2a358af83d381ecea944241af6a591941834c4630f6d0993da63a85ae2081904ea82ef82eda3a7e7389b31558fc3e05708a30cf1de742cefc54d4f379ae012c24ddef2afb5c77abd18a0da9ac383028bd3e31431613b5f0a5583093824c7b2056517773ed26f653740156f7a50aaa532123d6701835396ce55d9b50661e05f1e664ed043ce985023ea40b74e9f986c136d0c24eda683818cb5ddc7cdd6c8599c4816044343de06d88af6f9e03e365536636c76a05ef7da19d2b9d2b1cb85b23319efa812c95a91ab8e49bb3037f29ce6f08eaf005853a8267368108ec4aacf059d2da96d1af79c5f32f19086118d6396d4b1167eae4aab7ed8764dd9dd9c43d9aee44ecd8d0be380d536aa32de9f662fdf27ff65e0c6d4fffcf2f9140f168939283dda7b48b4cc6294fb7d03f21ef35c346b6fd7ef2dad0f0f65781404966cf523865242e71cfc74de893e38504b4a762801909b3239a554eb9060af95c", "0d99967cebff11ef0b6140841d5e74214120d79da45b56cdfcbc94e237769157", 0xffffffff, 0x4}, &(0x7f0000000140)="b4bcbbfe0b7f0b0eae45a1e2bd081ec52f7c6e44801b510f94b5f8065209b9fc618c2d192d48fc4647e0bb40c2f39eb0dce48c65889321d353b6079ece97867d3718595bc4eca1e13d71e9d50c861f4f9b60e4c2f10d205774d210efd3795646c0be0f22d33a4ff542362855c3b1153eded80eb08456da9224e5d2f3354918fd7c56e7b4a059689286adc6784581e02f42a695721a228c0d2d44bc8d03ffb6d49816bdc187551d3c79672374ebe80b58ffbe18c6adb87fea88bc586ffed5d47f47a2431c506efba20bcf3e558733d3896a674abb2f9ddc351084e990fa", 0xfffffffffffffff9, 0x3, 0x6, 0x4, 0x1679, 0x4, 0x9, 0x6}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000700)=0x5, 0x4) syz_emit_ethernet(0x32, &(0x7f0000000000)={@empty, @broadcast, [{[{0x88a8, 0x7, 0x1}], {0x8100, 0x2, 0x0, 0x4}}], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x4, @local, @multicast1, @remote, @rand_addr=0x81}}}}) syz_execute_func(&(0x7f0000000040)="c4e135d13128cb6767f3a53ef22e828f0000000000c4c2d59084c81e9100000f0e0fa2c4e16c5dc9646616c4c27d7884ad56c2d556") syz_extract_tcp_res(&(0x7f0000000080), 0x40, 0x7) csource_test.go:109: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 13; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) { continue; } kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(SYS_kqueue); if (res != -1) r[0] = res; break; case 1: res = syscall(SYS_dup2, -1, (intptr_t)r[0]); if (res != -1) r[1] = res; break; case 2: syscall(SYS_freebsd11_fstat, (intptr_t)r[1], 0x10000000); break; case 3: res = syscall(SYS_socket, 2, 2, 0); if (res != -1) r[2] = res; break; case 4: syscall(SYS_flock, (intptr_t)r[2], 8); break; case 5: memcpy((void*)0x10000080, "/$\\\273}/%\000", 8); syscall(SYS_extattr_delete_fd, (intptr_t)r[2], 1, 0x10000080); break; case 6: syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); break; case 7: *(uint32_t*)0x10000100 = 0xc; syscall(SYS_getsockopt, (intptr_t)r[2], 0, 0x46, 0x100000c0, 0x10000100); break; case 8: memcpy((void*)0x10000240, "\xa1\x74\x0e\xa9\xd3\xdd\xe8\xc7\xf9\x00\x97\x3c\x9f\x7b\x4d\x36\xd5\x94\x65\xae\xef\xb6\xc3\x1e\x1a\x1a\x93\xc6\x66\xba\x8b\x20\xa5\x5e\x6a\xff\x30\xd0\x6e\xf3\xb2\xe7\xd1\xe2\xf3\x0d\x84\xaf\x84\x13\x0c\xd2\xe2\x7c\x4f\x2e\xe2\x15\x45\x17\xf2\x89\xb2\x62\xe0\x70\xda\xab\xfe\x22\x54\x47\xb9\xf8\xc4\xac\xb6\x9f\x59\x33\x6d\x09\x6a\xde\x1d\x70\xf6\xd6\x90\x98\xc4\x51\x49\x3a\x1f\xa4\x10\x90\xf5\x3b\xaf\x2d\x0c\x5f\x7a\x10\xc8\x3d\x29\x39\x8d\x9d\xbe\x52\x73\x04\xa4\x2d\xb0\x5b\x7a\x32\x26\xd4\x32\xd3\x4a\xe0\xa0\x91\xb5\x8e\x26\x26\x12\x54\xc9\x70\xd8\x0d\xc9\x6f\x04\x94\x3b\x86\x4c\x87\x48\x84\x35\x67\xba\xb2\xba\x79\xdb\x4f\x58\x8d\x20\x3e\x01\x61\x49\xe2\x1e\x41\x3f\x3f\x41\x69\x01\x08\x3f\x92\x86\xaa\xa7\x27\xa4\x9d\x72\xc7\x69\x82\x9e\x80\x24\x35\x4f\xc3\x24\xa9\x90\x67\xa7\xb7\xda\x16\xf7\x64\x4d\x96\xdc\x3c\x57\xc1\x0e\x1a\x75\x1a\x99\xac\xfa\xf1\x45\x08\xc6\xdc\xc5\x4e\xf4\x3f\x74\x36\x3f\x4f\x6f\x41\x7c\x33\xdd\x27\x49\xf6\xf1\x0d\x3c\x70\x4a\x58\x76\xa1\x35\xf2\x27\xcc\xa9\x0a\xf8\x5e\xf1\x82\x25\x6e\xd2\x21\xc3\x8e\x0c\x50\x67\x7a\x80\x2d\x60\x02\xf5\x0e\x48\x11\x67\xec\xcb\x17\x58\xb7\x7b\xdd\xe2\xa3\xd2\x46\x5f\x14\x7a\xb9\x79\x87\x5c\xb1\x25\xb0\x67\xcd\x37\x04\x3d\x05\x13\xbc\xbd\xc5\xe7\x9b\x20\x8f\x7c\x2d\x63\x83\xe2\x28\x4a\x58\xa5\xdb\x5e\x95\x5c\x71\xfe\x9c\xb3\xd1\x22\xc0\xc7\xe7\xc4\x73\x53\xf2\x9b\x8e\x49\x06\x5f\x97\x3f\xdb\x9d\xae\x89\x9a\xcd\x12\xe5\x9a\x4f\xff\x41\xfe\x39\x78\x41\x5a\x5a\x6d\x5a\x55\xf5\x90\x11\x11\x95\xba\x73\xcf\xb3\x32\xf8\x0e\xcf\x85\xc3\xff\x95\x71\x83\xce\xcd\x2b\xf0\x69\x90\x4d\xc8\xda\xf3\x5f\x54\xe8\x84\x7f\xec\x3e\x0f\x92\x8b\x06\xa5\x35\x5b\x3c\x19\x89\x28\x3d\xde\xa2\xe7\x7b\xfc\x50\xaf\x63\x65\xdc\x50\x5a\x65\x38\xd4\xec\x5c\xff\x65\x09\x0f\xf0\x9b\x12\xf8\x00\xeb\xce\x60\x2a\xb6\x35\x60\x7a\x88\xba\x3e\xeb\x91\x6c\xe6\x03\x1f\xc2\x6c\x0f\xa7\x27\x22\x00\xa9\x98\x0d\x70\x77\x96\xb6\xc9\x17\xa7\x92\x06\xd2\xc4\xc0\x9e\xa4\x18\xfc\xa9\xdb\x36\xf6\xac\x0d\xaf\x59\x02\x35\x2c\x7d\xe0\x3a\xf4\x2c\x3d\x1f\xf5\x07\x94\x55\xac\xe7\xb7\x12\x0a\x00\x4d\xb7\x13\x83\x00\xac\xf9\x7e\x39\xfe\x51\xcc\xb6\xce\x64\x38\x65\x00\xa2\xf9\x5b\x61\x7f\xbc\x35\x2a\x25\xf1\x20\xb4\xa7\xc7\xcf\x1d\x28\xea\x6c\x4b\x1b\x37\x15\x53\xe9\x22\x30\x51\xef\x97\x8d\x87\x9d\xf7\x4e\x59\x75\x12\x1f\xc8\x00\x60\xb8\x23\x92\xbd\x62\x62\x93\x98\x0c\xdc\xc5\x01\xd5\x42\x38\x45\x73\xa8\x3f\x3a\x1a\x06\xae\xe5\x3a\x60\xa2\x92\xaa\x1a\xb1\x14\x7c\xba\xb6\xef\x8d\x6a\xf2\x17\x3d\x02\x58\xb0\x32\x75\x28\xa3\x96\xaf\x20\xd6\x6c\x8d\x33\xd0\x24\x93\xa7\xad\x29\x2f\x04\x78\x75\x88\xee\x1b\x5c\x4a\x9c\x31\x3b\x18\xde\xcf\xe3\x03\x66\x01\x81\x6c\x95\xe1\x88\x7f\x07\x7d\x52\x3f\xfd\x3b\x73\xc9\x17\x08\xd6\x74\x99\xff\x77\x08\x9e\xa0\xf0\x03\x65\xb2\xa3\x58\xaf\x83\xd3\x81\xec\xea\x94\x42\x41\xaf\x6a\x59\x19\x41\x83\x4c\x46\x30\xf6\xd0\x99\x3d\xa6\x3a\x85\xae\x20\x81\x90\x4e\xa8\x2e\xf8\x2e\xda\x3a\x7e\x73\x89\xb3\x15\x58\xfc\x3e\x05\x70\x8a\x30\xcf\x1d\xe7\x42\xce\xfc\x54\xd4\xf3\x79\xae\x01\x2c\x24\xdd\xef\x2a\xfb\x5c\x77\xab\xd1\x8a\x0d\xa9\xac\x38\x30\x28\xbd\x3e\x31\x43\x16\x13\xb5\xf0\xa5\x58\x30\x93\x82\x4c\x7b\x20\x56\x51\x77\x73\xed\x26\xf6\x53\x74\x01\x56\xf7\xa5\x0a\xaa\x53\x21\x23\xd6\x70\x18\x35\x39\x6c\xe5\x5d\x9b\x50\x66\x1e\x05\xf1\xe6\x64\xed\x04\x3c\xe9\x85\x02\x3e\xa4\x0b\x74\xe9\xf9\x86\xc1\x36\xd0\xc2\x4e\xda\x68\x38\x18\xcb\x5d\xdc\x7c\xdd\x6c\x85\x99\xc4\x81\x60\x44\x34\x3d\xe0\x6d\x88\xaf\x6f\x9e\x03\xe3\x65\x53\x66\x36\xc7\x6a\x05\xef\x7d\xa1\x9d\x2b\x9d\x2b\x1c\xb8\x5b\x23\x31\x9e\xfa\x81\x2c\x95\xa9\x1a\xb8\xe4\x9b\xb3\x03\x7f\x29\xce\x6f\x08\xea\xf0\x05\x85\x3a\x82\x67\x36\x81\x08\xec\x4a\xac\xf0\x59\xd2\xda\x96\xd1\xaf\x79\xc5\xf3\x2f\x19\x08\x61\x18\xd6\x39\x6d\x4b\x11\x67\xea\xe4\xaa\xb7\xed\x87\x64\xdd\x9d\xd9\xc4\x3d\x9a\xee\x44\xec\xd8\xd0\xbe\x38\x0d\x53\x6a\xa3\x2d\xe9\xf6\x62\xfd\xf2\x7f\xf6\x5e\x0c\x6d\x4f\xff\xcf\x2f\x91\x40\xf1\x68\x93\x92\x83\xdd\xa7\xb4\x8b\x4c\xc6\x29\x4f\xb7\xd0\x3f\x21\xef\x35\xc3\x46\xb6\xfd\x7e\xf2\xda\xd0\xf0\xf6\x57\x81\x40\x49\x66\xcf\x52\x38\x65\x24\x2e\x71\xcf\xc7\x4d\xe8\x93\xe3\x85\x04\xb4\xa7\x62\x80\x19\x09\xb3\x23\x9a\x55\x4e\xb9\x06\x0a\xf9\x5c", 1024); memcpy((void*)0x10000640, "\x0d\x99\x96\x7c\xeb\xff\x11\xef\x0b\x61\x40\x84\x1d\x5e\x74\x21\x41\x20\xd7\x9d\xa4\x5b\x56\xcd\xfc\xbc\x94\xe2\x37\x76\x91\x57", 32); *(uint32_t*)0x10000660 = -1; *(uint8_t*)0x10000664 = 4; *(uint32_t*)0x10000668 = 0x10000140; memcpy((void*)0x10000140, "\xb4\xbc\xbb\xfe\x0b\x7f\x0b\x0e\xae\x45\xa1\xe2\xbd\x08\x1e\xc5\x2f\x7c\x6e\x44\x80\x1b\x51\x0f\x94\xb5\xf8\x06\x52\x09\xb9\xfc\x61\x8c\x2d\x19\x2d\x48\xfc\x46\x47\xe0\xbb\x40\xc2\xf3\x9e\xb0\xdc\xe4\x8c\x65\x88\x93\x21\xd3\x53\xb6\x07\x9e\xce\x97\x86\x7d\x37\x18\x59\x5b\xc4\xec\xa1\xe1\x3d\x71\xe9\xd5\x0c\x86\x1f\x4f\x9b\x60\xe4\xc2\xf1\x0d\x20\x57\x74\xd2\x10\xef\xd3\x79\x56\x46\xc0\xbe\x0f\x22\xd3\x3a\x4f\xf5\x42\x36\x28\x55\xc3\xb1\x15\x3e\xde\xd8\x0e\xb0\x84\x56\xda\x92\x24\xe5\xd2\xf3\x35\x49\x18\xfd\x7c\x56\xe7\xb4\xa0\x59\x68\x92\x86\xad\xc6\x78\x45\x81\xe0\x2f\x42\xa6\x95\x72\x1a\x22\x8c\x0d\x2d\x44\xbc\x8d\x03\xff\xb6\xd4\x98\x16\xbd\xc1\x87\x55\x1d\x3c\x79\x67\x23\x74\xeb\xe8\x0b\x58\xff\xbe\x18\xc6\xad\xb8\x7f\xea\x88\xbc\x58\x6f\xfe\xd5\xd4\x7f\x47\xa2\x43\x1c\x50\x6e\xfb\xa2\x0b\xcf\x3e\x55\x87\x33\xd3\x89\x6a\x67\x4a\xbb\x2f\x9d\xdc\x35\x10\x84\xe9\x90\xfa", 221); *(uint64_t*)0x1000066c = 0xfffffffffffffff9; *(uint64_t*)0x10000674 = 3; *(uint64_t*)0x1000067c = 6; *(uint64_t*)0x10000684 = 4; *(uint64_t*)0x1000068c = 0x1679; *(uint64_t*)0x10000694 = 4; *(uint64_t*)0x1000069c = 9; *(uint32_t*)0x100006a4 = 6; syscall(SYS_ioctl, (intptr_t)r[1], 0xc4504447, 0x10000240); break; case 9: *(uint32_t*)0x10000700 = 5; syscall(SYS_setsockopt, -1, 0x84, 0x18, 0x10000700, 4); break; case 10: *(uint8_t*)0x10000000 = 0; *(uint8_t*)0x10000001 = 0; *(uint8_t*)0x10000002 = 0; *(uint8_t*)0x10000003 = 0; *(uint8_t*)0x10000004 = 0; *(uint8_t*)0x10000005 = 0; *(uint8_t*)0x10000006 = -1; *(uint8_t*)0x10000007 = -1; *(uint8_t*)0x10000008 = -1; *(uint8_t*)0x10000009 = -1; *(uint8_t*)0x1000000a = -1; *(uint8_t*)0x1000000b = -1; *(uint16_t*)0x1000000c = htobe16(0x88a8); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 7, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 1, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x1000000e, 0, 4, 12); *(uint16_t*)0x10000010 = htobe16(0x8100); STORE_BY_BITMASK(uint16_t, , 0x10000012, 2, 0, 3); STORE_BY_BITMASK(uint16_t, , 0x10000012, 0, 3, 1); STORE_BY_BITMASK(uint16_t, , 0x10000012, 4, 4, 12); *(uint16_t*)0x10000014 = htobe16(0x806); *(uint16_t*)0x10000016 = htobe16(1); *(uint16_t*)0x10000018 = htobe16(0x800); *(uint8_t*)0x1000001a = 6; *(uint8_t*)0x1000001b = 4; *(uint16_t*)0x1000001c = htobe16(4); *(uint8_t*)0x1000001e = 0xaa; *(uint8_t*)0x1000001f = 0xaa; *(uint8_t*)0x10000020 = 0xaa; *(uint8_t*)0x10000021 = 0xaa; *(uint8_t*)0x10000022 = 0xaa; *(uint8_t*)0x10000023 = 0xaa; *(uint32_t*)0x10000024 = htobe32(0xe0000001); *(uint8_t*)0x10000028 = 0xaa; *(uint8_t*)0x10000029 = 0xaa; *(uint8_t*)0x1000002a = 0xaa; *(uint8_t*)0x1000002b = 0xaa; *(uint8_t*)0x1000002c = 0xaa; *(uint8_t*)0x1000002d = 0xbb; *(uint32_t*)0x1000002e = htobe32(0x81); break; case 11: memcpy((void*)0x10000040, "\xc4\xe1\x35\xd1\x31\x28\xcb\x67\x67\xf3\xa5\x3e\xf2\x2e\x82\x8f\x00\x00\x00\x00\x00\xc4\xc2\xd5\x90\x84\xc8\x1e\x91\x00\x00\x0f\x0e\x0f\xa2\xc4\xe1\x6c\x5d\xc9\x64\x66\x16\xc4\xc2\x7d\x78\x84\xad\x56\xc2\xd5\x56", 53); syz_execute_func(0x10000040); break; case 12: break; } } int main(void) { syscall(SYS_mmap, 0x10000000, 0x1000000, 7, 0x1012, -1, 0); use_temporary_dir(); do_sandbox_none(); return 0; } :334:11: error: use of undeclared identifier 'SYS_freebsd12_closefrom' syscall(SYS_freebsd12_closefrom, (intptr_t)r[2]); ^ 1 error generated. compiler invocation: clang [-o /tmp/syz-executor183342977 -DGOOS_freebsd=1 -DGOARCH_386=1 -DHOSTGOOS_freebsd=1 -x c - -m32 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static -lc++ -Wno-overflow] --- FAIL: TestGenerate/freebsd/386/9 (0.98s) csource_test.go:106: --- FAIL: TestGenerate/freebsd/386/10 (1.02s) csource_test.go:106: --- FAIL: TestGenerate/freebsd/386/11 (0.98s) csource_test.go:106: --- FAIL: TestGenerate/freebsd/386/8 (0.96s) csource_test.go:106: --- FAIL: TestGenerate/freebsd/386/2 (1.08s) csource_test.go:106: --- FAIL: TestGenerate/freebsd/386/1 (1.13s) csource_test.go:106: FAIL FAIL github.com/google/syzkaller/pkg/csource 8.373s ok github.com/google/syzkaller/pkg/db (cached) ? github.com/google/syzkaller/pkg/debugtracer [no test files] ok github.com/google/syzkaller/pkg/email (cached) ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ok github.com/google/syzkaller/pkg/host 0.927s ? github.com/google/syzkaller/pkg/html [no test files] ok github.com/google/syzkaller/pkg/ifuzz (cached) ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ok github.com/google/syzkaller/pkg/instance 0.995s ok github.com/google/syzkaller/pkg/ipc 3.608s ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ok github.com/google/syzkaller/pkg/kconfig 0.039s ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig (cached) ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report (cached) ok github.com/google/syzkaller/pkg/repro (cached) ? github.com/google/syzkaller/pkg/rpctype [no test files] ok github.com/google/syzkaller/pkg/runtest 44.379s ok github.com/google/syzkaller/pkg/serializer (cached) ? github.com/google/syzkaller/pkg/signal [no test files] ok github.com/google/syzkaller/pkg/symbolizer 0.161s ok github.com/google/syzkaller/pkg/tool (cached) ok github.com/google/syzkaller/pkg/vcs 6.937s ok github.com/google/syzkaller/prog (cached) ok github.com/google/syzkaller/prog/test (cached) ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ok github.com/google/syzkaller/sys/linux (cached) ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ok github.com/google/syzkaller/sys/openbsd (cached) ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ok github.com/google/syzkaller/syz-ci (cached) ok github.com/google/syzkaller/syz-fuzzer (cached) ok github.com/google/syzkaller/syz-hub (cached) ok github.com/google/syzkaller/syz-hub/state (cached) ok github.com/google/syzkaller/syz-manager 1.044s ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-build [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ? github.com/google/syzkaller/tools/syz-kconf [no test files] ok github.com/google/syzkaller/tools/syz-linter 2.599s ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ok github.com/google/syzkaller/tools/syz-trace2syz/parser (cached) ok github.com/google/syzkaller/tools/syz-trace2syz/proggen (cached) ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ok github.com/google/syzkaller/vm (cached) ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ok github.com/google/syzkaller/vm/isolated (cached) ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ok github.com/google/syzkaller/vm/vmimpl (cached) ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] FAIL