[apple/xnu.git] / tests / backtracing.c

// Copyright (c) 2016-2020 Apple Computer, Inc.  All rights reserved.

#include <CoreSymbolication/CoreSymbolication.h>
#include <darwintest.h>
#include <dispatch/dispatch.h>
#include <execinfo.h>
#include <pthread.h>
#include <mach/mach.h>
#include <sys/mman.h>
#include <sys/sysctl.h>

T_GLOBAL_META(T_META_RUN_CONCURRENTLY(true));

#define USER_FRAMES (12)
#define MAX_SYSCALL_SETUP_FRAMES (2)
#define NON_RECURSE_FRAMES (2)

static const char *user_bt[USER_FRAMES] = {
	"backtrace_thread",
	"recurse_a", "recurse_b", "recurse_a", "recurse_b",
	"recurse_a", "recurse_b", "recurse_a", "recurse_b",
	"recurse_a", "recurse_b", "expect_callstack",
};

struct callstack_exp {
	bool in_syscall_setup;
	unsigned int syscall_frames;
	const char **callstack;
	size_t callstack_len;
	unsigned int nchecked;
};

static void
expect_frame(struct callstack_exp *cs, CSSymbolRef symbol,
    unsigned long addr, unsigned int bt_idx)
{
	if (CSIsNull(symbol)) {
		if (!cs->in_syscall_setup) {
			T_FAIL("invalid symbol for address %#lx at frame %d", addr,
			    bt_idx);
		}
		return;
	}

	const char *name = CSSymbolGetName(symbol);
	if (name) {
		if (cs->in_syscall_setup) {
			if (strcmp(name, cs->callstack[cs->callstack_len - 1]) == 0) {
				cs->in_syscall_setup = false;
				cs->syscall_frames = bt_idx;
				T_LOG("found start of controlled stack at frame %u, expected "
				    "index %zu", cs->syscall_frames, cs->callstack_len - 1);
			} else {
				T_LOG("found syscall setup symbol %s at frame %u", name,
				    bt_idx);
			}
		}
		if (!cs->in_syscall_setup) {
			if (cs->nchecked >= cs->callstack_len) {
				T_LOG("frame %2u: skipping system frame %s", bt_idx, name);
			} else {
				size_t frame_idx = cs->callstack_len - cs->nchecked - 1;
				T_EXPECT_EQ_STR(name, cs->callstack[frame_idx],
				    "frame %2zu: saw '%s', expected '%s'",
				    frame_idx, name, cs->callstack[frame_idx]);
			}
			cs->nchecked++;
		}
	} else {
		if (!cs->in_syscall_setup) {
			T_ASSERT_NOTNULL(name, NULL, "symbol should not be NULL");
		}
	}
}

static bool
is_kernel_64_bit(void)
{
	static dispatch_once_t k64_once;
	static bool k64 = false;
	dispatch_once(&k64_once, ^{
		int errb;
		int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, 0 /* kernproc */ };

		struct kinfo_proc kp;
		size_t len = sizeof(kp);

		errb = sysctl(mib, sizeof(mib) / sizeof(mib[0]), &kp, &len, NULL, 0);
		T_QUIET; T_ASSERT_POSIX_SUCCESS(errb,
		"sysctl({ CTL_KERN, KERN_PROC, KERN_PROC_PID, 0})");

		k64 = kp.kp_proc.p_flag & P_LP64;
		T_LOG("executing with a %s-bit kernel", k64 ? "64" : "32");
	});
	return k64;
}

// Use an extra, non-inlineable function so that any frames after expect_stack
// can be safely ignored.  This insulates the test from changes in how syscalls
// are called by Libc and the kernel.
static int __attribute__((noinline, not_tail_called))
backtrace_current_thread_wrapper(uint64_t *bt, size_t *bt_filled)
{
	int ret = sysctlbyname("kern.backtrace.user", bt, bt_filled, NULL, 0);
	getpid(); // Really prevent tail calls.
	return ret;
}

static void __attribute__((noinline, not_tail_called))
expect_callstack(void)
{
	uint64_t bt[USER_FRAMES + MAX_SYSCALL_SETUP_FRAMES] = { 0 };

	static CSSymbolicatorRef user_symb;
	static dispatch_once_t expect_stack_once;
	dispatch_once(&expect_stack_once, ^{
		user_symb = CSSymbolicatorCreateWithTask(mach_task_self());
		T_QUIET; T_ASSERT_FALSE(CSIsNull(user_symb), NULL);
		T_QUIET; T_ASSERT_TRUE(CSSymbolicatorIsTaskValid(user_symb), NULL);
	});

	size_t bt_filled = USER_FRAMES + MAX_SYSCALL_SETUP_FRAMES;
	int ret = backtrace_current_thread_wrapper(bt, &bt_filled);
	if (ret == -1 && errno == ENOENT) {
		T_SKIP("release kernel: kern.backtrace.user sysctl returned ENOENT");
	}
	T_ASSERT_POSIX_SUCCESS(ret, "sysctlbyname(\"kern.backtrace.user\")");
	T_LOG("kernel returned %zu frame backtrace", bt_filled);

	unsigned int bt_len = (unsigned int)bt_filled;
	T_EXPECT_GE(bt_len, (unsigned int)USER_FRAMES,
	    "at least %u frames should be present in backtrace", USER_FRAMES);
	T_EXPECT_LE(bt_len, (unsigned int)USER_FRAMES + MAX_SYSCALL_SETUP_FRAMES,
	    "at most %u frames should be present in backtrace",
	    USER_FRAMES + MAX_SYSCALL_SETUP_FRAMES);

	struct callstack_exp callstack = {
		.in_syscall_setup = true,
		.syscall_frames = 0,
		.callstack = user_bt,
		.callstack_len = USER_FRAMES,
		.nchecked = 0,
	};
	for (unsigned int i = 0; i < bt_len; i++) {
		uintptr_t addr;
#if !defined(__LP64__)
		// Backtrace frames come out as kernel words; convert them back to user
		// uintptr_t for 32-bit processes.
		if (is_kernel_64_bit()) {
			addr = (uintptr_t)(bt[i]);
		} else {
			addr = (uintptr_t)(((uint32_t *)bt)[i]);
		}
#else // defined(__LP32__)
		addr = (uintptr_t)bt[i];
#endif // defined(__LP32__)

		CSSymbolRef symbol = CSSymbolicatorGetSymbolWithAddressAtTime(
			user_symb, addr, kCSNow);
		expect_frame(&callstack, symbol, addr, i);
	}

	T_EXPECT_GE(callstack.nchecked, USER_FRAMES,
	    "checked enough frames for correct symbols");
}

static int __attribute__((noinline, not_tail_called))
recurse_a(unsigned int frames);
static int __attribute__((noinline, not_tail_called))
recurse_b(unsigned int frames);

static int __attribute__((noinline, not_tail_called))
recurse_a(unsigned int frames)
{
	if (frames == 1) {
		expect_callstack();
		getpid(); // Really prevent tail calls.
		return 0;
	}

	return recurse_b(frames - 1) + 1;
}

static int __attribute__((noinline, not_tail_called))
recurse_b(unsigned int frames)
{
	if (frames == 1) {
		expect_callstack();
		getpid(); // Really prevent tail calls.
		return 0;
	}

	return recurse_a(frames - 1) + 1;
}

static void *
backtrace_thread(void *arg)
{
#pragma unused(arg)
	unsigned int calls;

	// backtrace_thread, recurse_a, recurse_b, ..., __sysctlbyname
	//
	// Always make one less call for this frame (backtrace_thread).
	calls = USER_FRAMES - NON_RECURSE_FRAMES;

	T_LOG("backtrace thread calling into %d frames (already at %d frames)",
	    calls, NON_RECURSE_FRAMES);
	(void)recurse_a(calls);
	return NULL;
}

T_DECL(backtrace_user, "test that the kernel can backtrace user stacks",
    T_META_CHECK_LEAKS(false), T_META_ALL_VALID_ARCHS(true))
{
	pthread_t thread;

	// Run the test from a different thread to insulate it from libdarwintest
	// setup.
	T_QUIET; T_ASSERT_POSIX_ZERO(pthread_create(&thread, NULL, backtrace_thread,
	    NULL), "create additional thread to backtrace");

	T_QUIET; T_ASSERT_POSIX_ZERO(pthread_join(thread, NULL), NULL);
}

T_DECL(backtrace_user_bounds,
    "test that the kernel doesn't write frames out of expected bounds")
{
	uint64_t bt_init[USER_FRAMES] = {};
	size_t bt_filled = USER_FRAMES, bt_filled_after = 0;
	int error = 0;
	kern_return_t kr = KERN_FAILURE;
	void *bt_page = NULL;
	void *guard_page = NULL;
	void *bt_start = NULL;

	// The backtrace addresses come back as kernel words.
	size_t kword_size = is_kernel_64_bit() ? 8 : 4;

	// Get an idea of how many frames to expect.
	int ret = sysctlbyname("kern.backtrace.user", bt_init, &bt_filled, NULL, 0);
	if (ret == -1 && errno == ENOENT) {
		T_SKIP("release kernel: kern.backtrace.user missing");
	}
	T_ASSERT_POSIX_SUCCESS(error, "sysctlbyname(\"kern.backtrace.user\")");

	// Allocate two pages -- a first one that's valid and a second that
	// will be non-writeable to catch a copyout that's too large.
	bt_page = mmap(NULL, vm_page_size * 2, PROT_READ | PROT_WRITE,
	    MAP_ANON | MAP_PRIVATE, -1, 0);
	T_WITH_ERRNO;
	T_ASSERT_NE(bt_page, MAP_FAILED, "allocated backtrace pages");
	guard_page = (char *)bt_page + vm_page_size;

	error = mprotect(guard_page, vm_page_size, PROT_READ);
	T_ASSERT_POSIX_SUCCESS(error, "mprotect(..., PROT_READ) guard page");

	// Ensure the pages are set up as expected.
	kr = vm_write(mach_task_self(), (vm_address_t)bt_page,
	    (vm_offset_t)&(int){ 12345 }, sizeof(int));
	T_ASSERT_MACH_SUCCESS(kr,
	    "should succeed in writing to backtrace page");
	kr = vm_write(mach_task_self(), (vm_address_t)guard_page,
	    (vm_offset_t)&(int){ 12345 }, sizeof(int));
	T_ASSERT_NE(kr, KERN_SUCCESS, "should fail to write to guard page");

	// Ask the kernel to write the backtrace just before the guard page.
	bt_start = (char *)guard_page - (kword_size * bt_filled);
	bt_filled_after = bt_filled;

	error = sysctlbyname("kern.backtrace.user", bt_start, &bt_filled_after,
	    NULL, 0);
	T_EXPECT_POSIX_SUCCESS(error,
	    "sysctlbyname(\"kern.backtrace.user\") just before guard page");
	T_EXPECT_EQ(bt_filled, bt_filled_after,
	    "both calls to backtrace should have filled in the same number of "
	    "frames");

	// Expect the kernel to fault when writing too far.
	bt_start = (char *)bt_start + 1;
	bt_filled_after = bt_filled;
	error = sysctlbyname("kern.backtrace.user", bt_start, &bt_filled_after,
	    NULL, 0);
	T_EXPECT_POSIX_FAILURE(error, EFAULT,
	    "sysctlbyname(\"kern.backtrace.user\") should fault one byte into "
	    "guard page");
}
Commit	Line	Data
f427ee49	1	// Copyright (c) 2016-2020 Apple Computer, Inc. All rights reserved.
0a7de745	2
39037602 A	3	#include <CoreSymbolication/CoreSymbolication.h>
	4	#include <darwintest.h>
	5	#include <dispatch/dispatch.h>
	6	#include <execinfo.h>
	7	#include <pthread.h>
0a7de745 A	8	#include <mach/mach.h>
0a7de745 A	9	#include <sys/mman.h>
39037602 A	10	#include <sys/sysctl.h>
39037602 A	11
cb323159 A	12	T_GLOBAL_META(T_META_RUN_CONCURRENTLY(true));
cb323159 A	13
39037602	14	#define USER_FRAMES (12)
f427ee49 A	15	#define MAX_SYSCALL_SETUP_FRAMES (2)
f427ee49 A	16	#define NON_RECURSE_FRAMES (2)
39037602 A	17
39037602 A	18	static const char *user_bt[USER_FRAMES] = {
0a7de745 A	19	"backtrace_thread",
0a7de745 A	20	"recurse_a", "recurse_b", "recurse_a", "recurse_b",
cb323159	21	"recurse_a", "recurse_b", "recurse_a", "recurse_b",
f427ee49 A	22	"recurse_a", "recurse_b", "expect_callstack",
	23	};
	24
	25	struct callstack_exp {
	26	bool in_syscall_setup;
	27	unsigned int syscall_frames;
	28	const char **callstack;
	29	size_t callstack_len;
	30	unsigned int nchecked;
39037602 A	31	};
	32
	33	static void
f427ee49 A	34	expect_frame(struct callstack_exp *cs, CSSymbolRef symbol,
f427ee49 A	35	unsigned long addr, unsigned int bt_idx)
39037602	36	{
cb323159	37	if (CSIsNull(symbol)) {
f427ee49 A	38	if (!cs->in_syscall_setup) {
	39	T_FAIL("invalid symbol for address %#lx at frame %d", addr,
	40	bt_idx);
	41	}
0a7de745 A	42	return;
	43	}
	44
f427ee49 A	45	const char *name = CSSymbolGetName(symbol);
	46	if (name) {
	47	if (cs->in_syscall_setup) {
	48	if (strcmp(name, cs->callstack[cs->callstack_len - 1]) == 0) {
	49	cs->in_syscall_setup = false;
	50	cs->syscall_frames = bt_idx;
	51	T_LOG("found start of controlled stack at frame %u, expected "
	52	"index %zu", cs->syscall_frames, cs->callstack_len - 1);
	53	} else {
	54	T_LOG("found syscall setup symbol %s at frame %u", name,
	55	bt_idx);
	56	}
	57	}
	58	if (!cs->in_syscall_setup) {
	59	if (cs->nchecked >= cs->callstack_len) {
	60	T_LOG("frame %2u: skipping system frame %s", bt_idx, name);
	61	} else {
	62	size_t frame_idx = cs->callstack_len - cs->nchecked - 1;
	63	T_EXPECT_EQ_STR(name, cs->callstack[frame_idx],
	64	"frame %2zu: saw '%s', expected '%s'",
	65	frame_idx, name, cs->callstack[frame_idx]);
	66	}
	67	cs->nchecked++;
	68	}
	69	} else {
	70	if (!cs->in_syscall_setup) {
	71	T_ASSERT_NOTNULL(name, NULL, "symbol should not be NULL");
	72	}
0a7de745	73	}
39037602 A	74	}
39037602 A	75
0a7de745 A	76	static bool
	77	is_kernel_64_bit(void)
	78	{
	79	static dispatch_once_t k64_once;
	80	static bool k64 = false;
	81	dispatch_once(&k64_once, ^{
	82	int errb;
	83	int mib[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, 0 /* kernproc */ };
	84
	85	struct kinfo_proc kp;
	86	size_t len = sizeof(kp);
	87
	88	errb = sysctl(mib, sizeof(mib) / sizeof(mib[0]), &kp, &len, NULL, 0);
	89	T_QUIET; T_ASSERT_POSIX_SUCCESS(errb,
	90	"sysctl({ CTL_KERN, KERN_PROC, KERN_PROC_PID, 0})");
	91
	92	k64 = kp.kp_proc.p_flag & P_LP64;
	93	T_LOG("executing with a %s-bit kernel", k64 ? "64" : "32");
	94	});
	95	return k64;
	96	}
	97
f427ee49 A	98	// Use an extra, non-inlineable function so that any frames after expect_stack
	99	// can be safely ignored. This insulates the test from changes in how syscalls
	100	// are called by Libc and the kernel.
	101	static int __attribute__((noinline, not_tail_called))
	102	backtrace_current_thread_wrapper(uint64_t bt, size_t bt_filled)
	103	{
	104	int ret = sysctlbyname("kern.backtrace.user", bt, bt_filled, NULL, 0);
	105	getpid(); // Really prevent tail calls.
	106	return ret;
	107	}
	108
0a7de745	109	static void __attribute__((noinline, not_tail_called))
f427ee49	110	expect_callstack(void)
39037602	111	{
f427ee49	112	uint64_t bt[USER_FRAMES + MAX_SYSCALL_SETUP_FRAMES] = { 0 };
0a7de745 A	113
	114	static CSSymbolicatorRef user_symb;
	115	static dispatch_once_t expect_stack_once;
	116	dispatch_once(&expect_stack_once, ^{
	117	user_symb = CSSymbolicatorCreateWithTask(mach_task_self());
	118	T_QUIET; T_ASSERT_FALSE(CSIsNull(user_symb), NULL);
	119	T_QUIET; T_ASSERT_TRUE(CSSymbolicatorIsTaskValid(user_symb), NULL);
	120	});
	121
f427ee49 A	122	size_t bt_filled = USER_FRAMES + MAX_SYSCALL_SETUP_FRAMES;
	123	int ret = backtrace_current_thread_wrapper(bt, &bt_filled);
	124	if (ret == -1 && errno == ENOENT) {
0a7de745 A	125	T_SKIP("release kernel: kern.backtrace.user sysctl returned ENOENT");
0a7de745 A	126	}
f427ee49 A	127	T_ASSERT_POSIX_SUCCESS(ret, "sysctlbyname(\"kern.backtrace.user\")");
	128	T_LOG("kernel returned %zu frame backtrace", bt_filled);
	129
	130	unsigned int bt_len = (unsigned int)bt_filled;
	131	T_EXPECT_GE(bt_len, (unsigned int)USER_FRAMES,
	132	"at least %u frames should be present in backtrace", USER_FRAMES);
	133	T_EXPECT_LE(bt_len, (unsigned int)USER_FRAMES + MAX_SYSCALL_SETUP_FRAMES,
	134	"at most %u frames should be present in backtrace",
	135	USER_FRAMES + MAX_SYSCALL_SETUP_FRAMES);
	136
	137	struct callstack_exp callstack = {
	138	.in_syscall_setup = true,
	139	.syscall_frames = 0,
	140	.callstack = user_bt,
	141	.callstack_len = USER_FRAMES,
	142	.nchecked = 0,
	143	};
0a7de745 A	144	for (unsigned int i = 0; i < bt_len; i++) {
0a7de745 A	145	uintptr_t addr;
39037602	146	#if !defined(__LP64__)
f427ee49 A	147	// Backtrace frames come out as kernel words; convert them back to user
	148	// uintptr_t for 32-bit processes.
	149	if (is_kernel_64_bit()) {
0a7de745 A	150	addr = (uintptr_t)(bt[i]);
	151	} else {
	152	addr = (uintptr_t)(((uint32_t *)bt)[i]);
	153	}
f427ee49	154	#else // defined(__LP32__)
0a7de745	155	addr = (uintptr_t)bt[i];
f427ee49	156	#endif // defined(__LP32__)
39037602	157
0a7de745 A	158	CSSymbolRef symbol = CSSymbolicatorGetSymbolWithAddressAtTime(
0a7de745 A	159	user_symb, addr, kCSNow);
f427ee49	160	expect_frame(&callstack, symbol, addr, i);
0a7de745	161	}
f427ee49 A	162
	163	T_EXPECT_GE(callstack.nchecked, USER_FRAMES,
	164	"checked enough frames for correct symbols");
39037602 A	165	}
39037602 A	166
0a7de745	167	static int __attribute__((noinline, not_tail_called))
39037602	168	recurse_a(unsigned int frames);
0a7de745	169	static int __attribute__((noinline, not_tail_called))
39037602 A	170	recurse_b(unsigned int frames);
39037602 A	171
0a7de745	172	static int __attribute__((noinline, not_tail_called))
39037602 A	173	recurse_a(unsigned int frames)
39037602 A	174	{
0a7de745	175	if (frames == 1) {
f427ee49 A	176	expect_callstack();
f427ee49 A	177	getpid(); // Really prevent tail calls.
0a7de745 A	178	return 0;
0a7de745 A	179	}
39037602	180
0a7de745	181	return recurse_b(frames - 1) + 1;
39037602 A	182	}
39037602 A	183
0a7de745	184	static int __attribute__((noinline, not_tail_called))
39037602 A	185	recurse_b(unsigned int frames)
39037602 A	186	{
0a7de745	187	if (frames == 1) {
f427ee49 A	188	expect_callstack();
f427ee49 A	189	getpid(); // Really prevent tail calls.
0a7de745 A	190	return 0;
0a7de745 A	191	}
39037602	192
0a7de745	193	return recurse_a(frames - 1) + 1;
39037602 A	194	}
	195
	196	static void *
	197	backtrace_thread(void *arg)
	198	{
	199	#pragma unused(arg)
0a7de745 A	200	unsigned int calls;
0a7de745 A	201
f427ee49 A	202	// backtrace_thread, recurse_a, recurse_b, ..., __sysctlbyname
	203	//
	204	// Always make one less call for this frame (backtrace_thread).
0a7de745 A	205	calls = USER_FRAMES - NON_RECURSE_FRAMES;
	206
	207	T_LOG("backtrace thread calling into %d frames (already at %d frames)",
	208	calls, NON_RECURSE_FRAMES);
	209	(void)recurse_a(calls);
	210	return NULL;
39037602 A	211	}
	212
	213	T_DECL(backtrace_user, "test that the kernel can backtrace user stacks",
813fb2f6	214	T_META_CHECK_LEAKS(false), T_META_ALL_VALID_ARCHS(true))
39037602	215	{
0a7de745 A	216	pthread_t thread;
0a7de745 A	217
f427ee49 A	218	// Run the test from a different thread to insulate it from libdarwintest
f427ee49 A	219	// setup.
0a7de745 A	220	T_QUIET; T_ASSERT_POSIX_ZERO(pthread_create(&thread, NULL, backtrace_thread,
	221	NULL), "create additional thread to backtrace");
	222
	223	T_QUIET; T_ASSERT_POSIX_ZERO(pthread_join(thread, NULL), NULL);
	224	}
	225
	226	T_DECL(backtrace_user_bounds,
	227	"test that the kernel doesn't write frames out of expected bounds")
	228	{
	229	uint64_t bt_init[USER_FRAMES] = {};
	230	size_t bt_filled = USER_FRAMES, bt_filled_after = 0;
	231	int error = 0;
	232	kern_return_t kr = KERN_FAILURE;
	233	void *bt_page = NULL;
	234	void *guard_page = NULL;
	235	void *bt_start = NULL;
	236
f427ee49	237	// The backtrace addresses come back as kernel words.
0a7de745 A	238	size_t kword_size = is_kernel_64_bit() ? 8 : 4;
0a7de745 A	239
f427ee49 A	240	// Get an idea of how many frames to expect.
	241	int ret = sysctlbyname("kern.backtrace.user", bt_init, &bt_filled, NULL, 0);
	242	if (ret == -1 && errno == ENOENT) {
0a7de745 A	243	T_SKIP("release kernel: kern.backtrace.user missing");
	244	}
	245	T_ASSERT_POSIX_SUCCESS(error, "sysctlbyname(\"kern.backtrace.user\")");
	246
f427ee49 A	247	// Allocate two pages -- a first one that's valid and a second that
f427ee49 A	248	// will be non-writeable to catch a copyout that's too large.
0a7de745 A	249	bt_page = mmap(NULL, vm_page_size * 2, PROT_READ \| PROT_WRITE,
	250	MAP_ANON \| MAP_PRIVATE, -1, 0);
	251	T_WITH_ERRNO;
	252	T_ASSERT_NE(bt_page, MAP_FAILED, "allocated backtrace pages");
	253	guard_page = (char *)bt_page + vm_page_size;
	254
	255	error = mprotect(guard_page, vm_page_size, PROT_READ);
	256	T_ASSERT_POSIX_SUCCESS(error, "mprotect(..., PROT_READ) guard page");
	257
f427ee49	258	// Ensure the pages are set up as expected.
0a7de745 A	259	kr = vm_write(mach_task_self(), (vm_address_t)bt_page,
	260	(vm_offset_t)&(int){ 12345 }, sizeof(int));
	261	T_ASSERT_MACH_SUCCESS(kr,
	262	"should succeed in writing to backtrace page");
0a7de745 A	263	kr = vm_write(mach_task_self(), (vm_address_t)guard_page,
	264	(vm_offset_t)&(int){ 12345 }, sizeof(int));
	265	T_ASSERT_NE(kr, KERN_SUCCESS, "should fail to write to guard page");
	266
f427ee49	267	// Ask the kernel to write the backtrace just before the guard page.
0a7de745 A	268	bt_start = (char )guard_page - (kword_size bt_filled);
	269	bt_filled_after = bt_filled;
	270
	271	error = sysctlbyname("kern.backtrace.user", bt_start, &bt_filled_after,
	272	NULL, 0);
	273	T_EXPECT_POSIX_SUCCESS(error,
	274	"sysctlbyname(\"kern.backtrace.user\") just before guard page");
	275	T_EXPECT_EQ(bt_filled, bt_filled_after,
	276	"both calls to backtrace should have filled in the same number of "
	277	"frames");
39037602	278
f427ee49	279	// Expect the kernel to fault when writing too far.
0a7de745 A	280	bt_start = (char *)bt_start + 1;
	281	bt_filled_after = bt_filled;
	282	error = sysctlbyname("kern.backtrace.user", bt_start, &bt_filled_after,
	283	NULL, 0);
	284	T_EXPECT_POSIX_FAILURE(error, EFAULT,
	285	"sysctlbyname(\"kern.backtrace.user\") should fault one byte into "
	286	"guard page");
39037602	287	}