xref: /freebsd/tools/test/stress2/misc/syzkaller4.sh (revision 7f658f99f7ed5d1d0e0802073bb22eb8a0a784fb) 
18a272653SPeter Holm#!/bin/sh
28a272653SPeter Holm
38a272653SPeter Holm# panic: Assertion mtx_unowned(m) failed at ../../../kern/kern_mutex.c:1179
48a272653SPeter Holm# cpuid = 2
58a272653SPeter Holm# time = 1581180711
68a272653SPeter Holm# KDB: stack backtrace:
78a272653SPeter Holm# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00e57958c0
88a272653SPeter Holm# vpanic() at vpanic+0x185/frame 0xfffffe00e5795920
98a272653SPeter Holm# panic() at panic+0x43/frame 0xfffffe00e5795980
108a272653SPeter Holm# _mtx_destroy() at _mtx_destroy+0x4c/frame 0xfffffe00e57959a0
118a272653SPeter Holm# solisten_proto() at solisten_proto+0xdb/frame 0xfffffe00e5795a00
128a272653SPeter Holm# tcp6_usr_listen() at tcp6_usr_listen+0x16d/frame 0xfffffe00e5795a60
138a272653SPeter Holm# solisten() at solisten+0x42/frame 0xfffffe00e5795a80
148a272653SPeter Holm# kern_listen() at kern_listen+0x80/frame 0xfffffe00e5795ac0
158a272653SPeter Holm# amd64_syscall() at amd64_syscall+0x2f1/frame 0xfffffe00e5795bf0
168a272653SPeter Holm# fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe00e5795bf0
178a272653SPeter Holm
188a272653SPeter Holm[ `uname -p` = "i386" ] && exit 0
198a272653SPeter Holm
208a272653SPeter Holm. ../default.cfg
218a272653SPeter Holmcat > /tmp/syzkaller4.c <<EOF
228a272653SPeter Holm// https://syzkaller.appspot.com/bug?id=db195d1b0b8ca408a46f301eba33f9457bd2d429
238a272653SPeter Holm// autogenerated by syzkaller (https://github.com/google/syzkaller)
248a272653SPeter Holm
258a272653SPeter Holm#define _GNU_SOURCE
268a272653SPeter Holm
278a272653SPeter Holm#include <sys/types.h>
288a272653SPeter Holm
298a272653SPeter Holm#include <errno.h>
308a272653SPeter Holm#include <pthread.h>
318a272653SPeter Holm#include <pwd.h>
328a272653SPeter Holm#include <signal.h>
338a272653SPeter Holm#include <stdarg.h>
348a272653SPeter Holm#include <stdbool.h>
358a272653SPeter Holm#include <stdint.h>
368a272653SPeter Holm#include <stdio.h>
378a272653SPeter Holm#include <stdlib.h>
388a272653SPeter Holm#include <string.h>
398a272653SPeter Holm#include <sys/endian.h>
408a272653SPeter Holm#include <sys/syscall.h>
418a272653SPeter Holm#include <sys/wait.h>
428a272653SPeter Holm#include <time.h>
438a272653SPeter Holm#include <unistd.h>
448a272653SPeter Holm
458a272653SPeter Holmstatic void kill_and_wait(int pid, int* status)
468a272653SPeter Holm{
478a272653SPeter Holm  kill(pid, SIGKILL);
488a272653SPeter Holm  while (waitpid(-1, status, 0) != pid) {
498a272653SPeter Holm  }
508a272653SPeter Holm}
518a272653SPeter Holm
528a272653SPeter Holmstatic void sleep_ms(uint64_t ms)
538a272653SPeter Holm{
548a272653SPeter Holm  usleep(ms * 1000);
558a272653SPeter Holm}
568a272653SPeter Holm
578a272653SPeter Holmstatic uint64_t current_time_ms(void)
588a272653SPeter Holm{
598a272653SPeter Holm  struct timespec ts;
608a272653SPeter Holm  if (clock_gettime(CLOCK_MONOTONIC, &ts))
618a272653SPeter Holm    exit(1);
628a272653SPeter Holm  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
638a272653SPeter Holm}
648a272653SPeter Holm
658a272653SPeter Holmstatic void thread_start(void* (*fn)(void*), void* arg)
668a272653SPeter Holm{
678a272653SPeter Holm  pthread_t th;
688a272653SPeter Holm  pthread_attr_t attr;
698a272653SPeter Holm  pthread_attr_init(&attr);
708a272653SPeter Holm  pthread_attr_setstacksize(&attr, 128 << 10);
718a272653SPeter Holm  int i;
728a272653SPeter Holm  for (i = 0; i < 100; i++) {
738a272653SPeter Holm    if (pthread_create(&th, &attr, fn, arg) == 0) {
748a272653SPeter Holm      pthread_attr_destroy(&attr);
758a272653SPeter Holm      return;
768a272653SPeter Holm    }
778a272653SPeter Holm    if (errno == EAGAIN) {
788a272653SPeter Holm      usleep(50);
798a272653SPeter Holm      continue;
808a272653SPeter Holm    }
818a272653SPeter Holm    break;
828a272653SPeter Holm  }
838a272653SPeter Holm  exit(1);
848a272653SPeter Holm}
858a272653SPeter Holm
868a272653SPeter Holmtypedef struct {
878a272653SPeter Holm  pthread_mutex_t mu;
888a272653SPeter Holm  pthread_cond_t cv;
898a272653SPeter Holm  int state;
908a272653SPeter Holm} event_t;
918a272653SPeter Holm
928a272653SPeter Holmstatic void event_init(event_t* ev)
938a272653SPeter Holm{
948a272653SPeter Holm  if (pthread_mutex_init(&ev->mu, 0))
958a272653SPeter Holm    exit(1);
968a272653SPeter Holm  if (pthread_cond_init(&ev->cv, 0))
978a272653SPeter Holm    exit(1);
988a272653SPeter Holm  ev->state = 0;
998a272653SPeter Holm}
1008a272653SPeter Holm
1018a272653SPeter Holmstatic void event_reset(event_t* ev)
1028a272653SPeter Holm{
1038a272653SPeter Holm  ev->state = 0;
1048a272653SPeter Holm}
1058a272653SPeter Holm
1068a272653SPeter Holmstatic void event_set(event_t* ev)
1078a272653SPeter Holm{
1088a272653SPeter Holm  pthread_mutex_lock(&ev->mu);
1098a272653SPeter Holm  if (ev->state)
1108a272653SPeter Holm    exit(1);
1118a272653SPeter Holm  ev->state = 1;
1128a272653SPeter Holm  pthread_mutex_unlock(&ev->mu);
1138a272653SPeter Holm  pthread_cond_broadcast(&ev->cv);
1148a272653SPeter Holm}
1158a272653SPeter Holm
1168a272653SPeter Holmstatic void event_wait(event_t* ev)
1178a272653SPeter Holm{
1188a272653SPeter Holm  pthread_mutex_lock(&ev->mu);
1198a272653SPeter Holm  while (!ev->state)
1208a272653SPeter Holm    pthread_cond_wait(&ev->cv, &ev->mu);
1218a272653SPeter Holm  pthread_mutex_unlock(&ev->mu);
1228a272653SPeter Holm}
1238a272653SPeter Holm
1248a272653SPeter Holmstatic int event_isset(event_t* ev)
1258a272653SPeter Holm{
1268a272653SPeter Holm  pthread_mutex_lock(&ev->mu);
1278a272653SPeter Holm  int res = ev->state;
1288a272653SPeter Holm  pthread_mutex_unlock(&ev->mu);
1298a272653SPeter Holm  return res;
1308a272653SPeter Holm}
1318a272653SPeter Holm
1328a272653SPeter Holmstatic int event_timedwait(event_t* ev, uint64_t timeout)
1338a272653SPeter Holm{
1348a272653SPeter Holm  uint64_t start = current_time_ms();
1358a272653SPeter Holm  uint64_t now = start;
1368a272653SPeter Holm  pthread_mutex_lock(&ev->mu);
1378a272653SPeter Holm  for (;;) {
1388a272653SPeter Holm    if (ev->state)
1398a272653SPeter Holm      break;
1408a272653SPeter Holm    uint64_t remain = timeout - (now - start);
1418a272653SPeter Holm    struct timespec ts;
1428a272653SPeter Holm    ts.tv_sec = remain / 1000;
1438a272653SPeter Holm    ts.tv_nsec = (remain % 1000) * 1000 * 1000;
1448a272653SPeter Holm    pthread_cond_timedwait(&ev->cv, &ev->mu, &ts);
1458a272653SPeter Holm    now = current_time_ms();
1468a272653SPeter Holm    if (now - start > timeout)
1478a272653SPeter Holm      break;
1488a272653SPeter Holm  }
1498a272653SPeter Holm  int res = ev->state;
1508a272653SPeter Holm  pthread_mutex_unlock(&ev->mu);
1518a272653SPeter Holm  return res;
1528a272653SPeter Holm}
1538a272653SPeter Holm
1548a272653SPeter Holmstruct thread_t {
1558a272653SPeter Holm  int created, call;
1568a272653SPeter Holm  event_t ready, done;
1578a272653SPeter Holm};
1588a272653SPeter Holm
1598a272653SPeter Holmstatic struct thread_t threads[16];
1608a272653SPeter Holmstatic void execute_call(int call);
1618a272653SPeter Holmstatic int running;
1628a272653SPeter Holm
1638a272653SPeter Holmstatic void* thr(void* arg)
1648a272653SPeter Holm{
1658a272653SPeter Holm  struct thread_t* th = (struct thread_t*)arg;
1668a272653SPeter Holm  for (;;) {
1678a272653SPeter Holm    event_wait(&th->ready);
1688a272653SPeter Holm    event_reset(&th->ready);
1698a272653SPeter Holm    execute_call(th->call);
1708a272653SPeter Holm    __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED);
1718a272653SPeter Holm    event_set(&th->done);
1728a272653SPeter Holm  }
1738a272653SPeter Holm  return 0;
1748a272653SPeter Holm}
1758a272653SPeter Holm
1768a272653SPeter Holmstatic void execute_one(void)
1778a272653SPeter Holm{
1788a272653SPeter Holm  int i, call, thread;
1798a272653SPeter Holm  int collide = 0;
1808a272653SPeter Holmagain:
1818a272653SPeter Holm  for (call = 0; call < 19; call++) {
1828a272653SPeter Holm    for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0]));
1838a272653SPeter Holm         thread++) {
1848a272653SPeter Holm      struct thread_t* th = &threads[thread];
1858a272653SPeter Holm      if (!th->created) {
1868a272653SPeter Holm        th->created = 1;
1878a272653SPeter Holm        event_init(&th->ready);
1888a272653SPeter Holm        event_init(&th->done);
1898a272653SPeter Holm        event_set(&th->done);
1908a272653SPeter Holm        thread_start(thr, th);
1918a272653SPeter Holm      }
1928a272653SPeter Holm      if (!event_isset(&th->done))
1938a272653SPeter Holm        continue;
1948a272653SPeter Holm      event_reset(&th->done);
1958a272653SPeter Holm      th->call = call;
1968a272653SPeter Holm      __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED);
1978a272653SPeter Holm      event_set(&th->ready);
1988a272653SPeter Holm      if (collide && (call % 2) == 0)
1998a272653SPeter Holm        break;
2008a272653SPeter Holm      event_timedwait(&th->done, 45);
2018a272653SPeter Holm      break;
2028a272653SPeter Holm    }
2038a272653SPeter Holm  }
2048a272653SPeter Holm  for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++)
2058a272653SPeter Holm    sleep_ms(1);
2068a272653SPeter Holm  if (!collide) {
2078a272653SPeter Holm    collide = 1;
2088a272653SPeter Holm    goto again;
2098a272653SPeter Holm  }
2108a272653SPeter Holm}
2118a272653SPeter Holm
2128a272653SPeter Holmstatic void execute_one(void);
2138a272653SPeter Holm
2148a272653SPeter Holm#define WAIT_FLAGS 0
2158a272653SPeter Holm
2168a272653SPeter Holmstatic void loop(void)
2178a272653SPeter Holm{
218*7f658f99SPeter Holm  int iter __unused;
2198a272653SPeter Holm  for (iter = 0;; iter++) {
2208a272653SPeter Holm    int pid = fork();
2218a272653SPeter Holm    if (pid < 0)
2228a272653SPeter Holm      exit(1);
2238a272653SPeter Holm    if (pid == 0) {
2248a272653SPeter Holm      execute_one();
2258a272653SPeter Holm      exit(0);
2268a272653SPeter Holm    }
2278a272653SPeter Holm    int status = 0;
2288a272653SPeter Holm    uint64_t start = current_time_ms();
2298a272653SPeter Holm    for (;;) {
2308a272653SPeter Holm      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
2318a272653SPeter Holm        break;
2328a272653SPeter Holm      sleep_ms(1);
2338a272653SPeter Holm      if (current_time_ms() - start < 5 * 1000)
2348a272653SPeter Holm        continue;
2358a272653SPeter Holm      kill_and_wait(pid, &status);
2368a272653SPeter Holm      break;
2378a272653SPeter Holm    }
2388a272653SPeter Holm  }
2398a272653SPeter Holm}
2408a272653SPeter Holm
2418a272653SPeter Holmuint64_t r[6] = {0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff,
2428a272653SPeter Holm                 0x0, 0xffffffffffffffff};
2438a272653SPeter Holm
2448a272653SPeter Holmvoid execute_call(int call)
2458a272653SPeter Holm{
2468a272653SPeter Holm  intptr_t res;
2478a272653SPeter Holm  switch (call) {
2488a272653SPeter Holm  case 0:
2498a272653SPeter Holm    *(uint32_t*)0x20000040 = 0x284002b0;
2508a272653SPeter Holm    *(uint32_t*)0x20000044 = 0;
2518a272653SPeter Holm    *(uint32_t*)0x20000048 = 0;
2528a272653SPeter Holm    *(uint32_t*)0x2000004c = 0;
2538a272653SPeter Holm    *(uint32_t*)0x20000050 = 0;
2548a272653SPeter Holm    *(uint32_t*)0x20000054 = 0;
2558a272653SPeter Holm    *(uint16_t*)0x20000058 = 0;
2568a272653SPeter Holm    *(uint16_t*)0x2000005a = 0;
2578a272653SPeter Holm    *(uint64_t*)0x20000060 = 0;
2588a272653SPeter Holm    *(uint64_t*)0x20000068 = 0;
2598a272653SPeter Holm    *(uint64_t*)0x20000070 = 0;
2608a272653SPeter Holm    *(uint64_t*)0x20000078 = 0;
2618a272653SPeter Holm    *(uint64_t*)0x20000080 = 0;
2628a272653SPeter Holm    *(uint64_t*)0x20000088 = 0;
2638a272653SPeter Holm    *(uint64_t*)0x20000090 = 0;
2648a272653SPeter Holm    syscall(SYS___semctl, 0, 0ul, 0xaul, 0x20000040ul);
2658a272653SPeter Holm    break;
2668a272653SPeter Holm  case 1:
2678a272653SPeter Holm    memcpy(
2688a272653SPeter Holm        (void*)0x20000340,
2698a272653SPeter Holm        "\x82\x02\xf3\x89\x9c\x53\x3e\x9e\x79\x9b\xd7\xc7\x3c\xcc\x8e\xf9\xba"
2708a272653SPeter Holm        "\xb3\x80\xca\x99\xbc\x30\xf1\x8e\x7c\xb0\xc5\x3f\xd6\xa9\xe6\xc6\xa8"
2718a272653SPeter Holm        "\xa8\x85\x82\x5b\xdf\x69\xb0\xb9\xed\x55\x59\xd8\x3d\x18\x64\x0d\x49"
2728a272653SPeter Holm        "\xdd\x0c\x5b\xba\x14\x0e\xe4\x61\xce\xcf\x6c\x04\x6a\xa1\xda\xa6\x9a"
2738a272653SPeter Holm        "\x50\xf8\xa5\xbf\x52\xc2\x63\xf1\x48\xad\xb2\x3e\x5b\x74\xd4\xd3\xe2"
2748a272653SPeter Holm        "\x77\x4e\xe8\xef\x92\x6d\x3e\xf6\x35\x76\x60\x9b\x83\xfd\xbc\x00\x45"
2758a272653SPeter Holm        "\xd8\x01\x38\x8b\x7b\x9f\x82\x1e\xf2\xe6\x42\xd3\x73\x00\x00\xc4\x05"
2768a272653SPeter Holm        "\xc0\xc2\x1a\x82\xc5\x8e\x64\x2d\x07\x86\x09\x4f\xb0\x60\x2a\x5b\xfd"
2778a272653SPeter Holm        "\x33\x73\x24\x41\xb5\xaa\x99\xd6\xdf\xbe\x06\xc7\x27\x48\x7e\x13\xfb"
2788a272653SPeter Holm        "\x57\xd6\x2f\xcb\x0c\xda\x92\xcc\xc7\x0f\xb4\x6f\x95\xcb\x5d\x0c\x28"
2798a272653SPeter Holm        "\x93\x70\xbc\x25\x88\x76\x2f\xd7\x86\x9e\x5e\x03\xfa\x9c\x68\xde\x52"
2808a272653SPeter Holm        "\x23\xc5\xae\xa1\x1c\x58\x79\x1a\x6f\xfa\x52\x31\xfc\x2b\xd5\x33\x3d"
2818a272653SPeter Holm        "\x49\x60\x80\xa0\x31\x16\x7e\xa5\xd5\x09\x94\x53\x1e\x3b\x56\x3f\x1e"
2828a272653SPeter Holm        "\x4d\x95\x76\x44\x9d\x59\x7a\x2d\xbc\xea\xe3\x26\x0d\xf6\x68\xee\xba"
2838a272653SPeter Holm        "\xc3\xbb\x9f\xb6\xf1\xa2\x44\xc2\x96\xd5\xdc\xc4\x1c\xa2\xaf\xeb\x92"
2848a272653SPeter Holm        "\x4e\xaf\xfc\x1d\x5d\xaf\x30\x9b\x0b\xfd\x19\x1c\x40\xf9\xd0\x0d\xf5"
2858a272653SPeter Holm        "\x15\x94\xb7\xe9",
2868a272653SPeter Holm        276);
2878a272653SPeter Holm    syscall(SYS_connect, -1, 0x20000340ul, 0x10ul);
2888a272653SPeter Holm    break;
2898a272653SPeter Holm  case 2:
2908a272653SPeter Holm    res = syscall(SYS_semget, 0ul, 0ul, 0x284ul);
2918a272653SPeter Holm    if (res != -1)
2928a272653SPeter Holm      r[0] = res;
2938a272653SPeter Holm    break;
2948a272653SPeter Holm  case 3:
2958a272653SPeter Holm    res = syscall(SYS_socket, 0x1cul, 1ul, 0ul);
2968a272653SPeter Holm    if (res != -1)
2978a272653SPeter Holm      r[1] = res;
2988a272653SPeter Holm    break;
2998a272653SPeter Holm  case 4:
3008a272653SPeter Holm    syscall(SYS_listen, r[1], 0);
3018a272653SPeter Holm    break;
3028a272653SPeter Holm  case 5:
3038a272653SPeter Holm    res = syscall(SYS_fstat, r[1], 0x20000080ul);
3048a272653SPeter Holm    if (res != -1)
3058a272653SPeter Holm      r[2] = *(uint32_t*)0x200000a0;
3068a272653SPeter Holm    break;
3078a272653SPeter Holm  case 6:
3088a272653SPeter Holm    *(uint32_t*)0x20000180 = 0x2840029c;
3098a272653SPeter Holm    *(uint32_t*)0x20000184 = 0;
3108a272653SPeter Holm    *(uint32_t*)0x20000188 = 0;
3118a272653SPeter Holm    *(uint32_t*)0x2000018c = 0;
3128a272653SPeter Holm    *(uint32_t*)0x20000190 = r[2];
3138a272653SPeter Holm    *(uint32_t*)0x20000194 = 0;
3148a272653SPeter Holm    *(uint16_t*)0x20000198 = 0;
3158a272653SPeter Holm    *(uint16_t*)0x2000019a = 0;
3168a272653SPeter Holm    *(uint64_t*)0x200001a0 = 0;
3178a272653SPeter Holm    *(uint64_t*)0x200001a8 = 0;
3188a272653SPeter Holm    *(uint64_t*)0x200001b0 = 0;
3198a272653SPeter Holm    *(uint64_t*)0x200001b8 = 0;
3208a272653SPeter Holm    *(uint64_t*)0x200001c0 = 0;
3218a272653SPeter Holm    *(uint64_t*)0x200001c8 = 0;
3228a272653SPeter Holm    *(uint64_t*)0x200001d0 = 0;
3238a272653SPeter Holm    syscall(SYS___semctl, r[0], 0ul, 0xaul, 0x20000180ul);
3248a272653SPeter Holm    break;
3258a272653SPeter Holm  case 7:
3268a272653SPeter Holm    res = syscall(SYS_socket, 0x1cul, 1ul, 0x84ul);
3278a272653SPeter Holm    if (res != -1)
3288a272653SPeter Holm      r[3] = res;
3298a272653SPeter Holm    break;
3308a272653SPeter Holm  case 8:
3318a272653SPeter Holm    syscall(SYS_connect, r[3], 0ul, 0ul);
3328a272653SPeter Holm    break;
3338a272653SPeter Holm  case 9:
3348a272653SPeter Holm    syscall(SYS_fcntl, r[3], 5ul, 0);
3358a272653SPeter Holm    break;
3368a272653SPeter Holm  case 10:
3378a272653SPeter Holm    syscall(SYS_getresuid, 0x20000040ul, 0ul, 0ul);
3388a272653SPeter Holm    break;
3398a272653SPeter Holm  case 11:
3408a272653SPeter Holm    syscall(SYS___semctl, 0, 0ul, 0xaul, 0ul);
3418a272653SPeter Holm    break;
3428a272653SPeter Holm  case 12:
3438a272653SPeter Holm    syscall(SYS___semctl, 0, 0ul, 1ul, 0ul);
3448a272653SPeter Holm    break;
3458a272653SPeter Holm  case 13:
3468a272653SPeter Holm    res = syscall(SYS_semget, 0ul, 0ul, 0x284ul);
3478a272653SPeter Holm    if (res != -1)
3488a272653SPeter Holm      r[4] = res;
3498a272653SPeter Holm    break;
3508a272653SPeter Holm  case 14:
3518a272653SPeter Holm    syscall(SYS_freebsd11_fstat, -1, 0ul);
3528a272653SPeter Holm    break;
3538a272653SPeter Holm  case 15:
3548a272653SPeter Holm    syscall(SYS___semctl, r[4], 0ul, 1ul, 0ul);
3558a272653SPeter Holm    break;
3568a272653SPeter Holm  case 16:
3578a272653SPeter Holm    res = syscall(SYS_socket, 0x1cul, 1ul, 0ul);
3588a272653SPeter Holm    if (res != -1)
3598a272653SPeter Holm      r[5] = res;
3608a272653SPeter Holm    break;
3618a272653SPeter Holm  case 17:
3628a272653SPeter Holm    syscall(SYS_listen, r[5], 0);
3638a272653SPeter Holm    break;
3648a272653SPeter Holm  case 18:
3658a272653SPeter Holm    syscall(SYS_fstat, r[5], 0ul);
3668a272653SPeter Holm    break;
3678a272653SPeter Holm  }
3688a272653SPeter Holm}
3698a272653SPeter Holmint main(void)
3708a272653SPeter Holm{
3718a272653SPeter Holm  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul);
3728a272653SPeter Holm  loop();
3738a272653SPeter Holm  return 0;
3748a272653SPeter Holm}
3758a272653SPeter HolmEOF
3768a272653SPeter Holmmycc -o /tmp/syzkaller4 -Wall -Wextra -O2 /tmp/syzkaller4.c -lpthread ||
3778a272653SPeter Holm    exit 1
3788a272653SPeter Holm
3798a272653SPeter Holm(cd /tmp; timeout 5m ./syzkaller4)
3808a272653SPeter Holm
3818a272653SPeter Holmrm -f /tmp/syzkaller4 /tmp/syzkaller4.c
3828a272653SPeter Holmexit 0
383