1*257a750cSPeter Holm#!/bin/sh 2*257a750cSPeter Holm 3*257a750cSPeter Holm# panic: Assertion !(sb->sb_state & SBS_CANTRCVMORE) failed at ../../../kern/uipc_usrreq.c:1549 4*257a750cSPeter Holm# cpuid = 6 5*257a750cSPeter Holm# time = 1754809105 6*257a750cSPeter Holm# KDB: stack backtrace: 7*257a750cSPeter Holm# db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0176ef6a80 8*257a750cSPeter Holm# vpanic() at vpanic+0x136/frame 0xfffffe0176ef6bb0 9*257a750cSPeter Holm# panic() at panic+0x43/frame 0xfffffe0176ef6c10 10*257a750cSPeter Holm# uipc_soreceive_stream_or_seqpacket() at uipc_soreceive_stream_or_seqpacket+0x968/frame 0xfffffe0176ef6cd0 11*257a750cSPeter Holm# soreceive() at soreceive+0x45/frame 0xfffffe0176ef6cf0 12*257a750cSPeter Holm# kern_recvit() at kern_recvit+0x181/frame 0xfffffe0176ef6da0 13*257a750cSPeter Holm# sys_recvmsg() at sys_recvmsg+0x67/frame 0xfffffe0176ef6e00 14*257a750cSPeter Holm# amd64_syscall() at amd64_syscall+0x169/frame 0xfffffe0176ef6f30 15*257a750cSPeter Holm# fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0176ef6f30 16*257a750cSPeter Holm# --- syscall (0, FreeBSD ELF64, syscall), rip = 0x821d3da8a, rsp = 0x824440f68, rbp = 0x824440f90 --- 17*257a750cSPeter Holm# KDB: enter: panic 18*257a750cSPeter Holm# [ thread pid 17448 tid 292963 ] 19*257a750cSPeter Holm# Stopped at kdb_enter+0x33: movq $0,0x12304a2(%rip) 20*257a750cSPeter Holm# db> x/s version 21*257a750cSPeter Holm# version: FreeBSD 15.0-PRERELEASE #0 main-n279510-db7c0e32a05d-dirty: Sat Aug 9 17:21:54 CEST 2025 22*257a750cSPeter Holm# pho@mercat1.netperf.freebsd.org:/usr/src/sys/amd64/compile/PHO 23*257a750cSPeter Holm# db> 24*257a750cSPeter Holm 25*257a750cSPeter Holm[ `id -u ` -ne 0 ] && echo "Must be root!" && exit 1 26*257a750cSPeter Holm 27*257a750cSPeter Holm. ../default.cfg 28*257a750cSPeter Holmset -u 29*257a750cSPeter Holmprog=$(basename "$0" .sh) 30*257a750cSPeter Holmcat > /tmp/$prog.c <<EOF 31*257a750cSPeter Holm// https://syzkaller.appspot.com/bug?id=79d6de939eb5c7de69e8e4993b6239aa0ae67335 32*257a750cSPeter Holm// autogenerated by syzkaller (https://github.com/google/syzkaller) 33*257a750cSPeter Holm// syzbot+ffcc3612ea266e36604e@syzkaller.appspotmail.com 34*257a750cSPeter Holm 35*257a750cSPeter Holm#define _GNU_SOURCE 36*257a750cSPeter Holm 37*257a750cSPeter Holm#include <sys/types.h> 38*257a750cSPeter Holm 39*257a750cSPeter Holm#include <errno.h> 40*257a750cSPeter Holm#include <pthread.h> 41*257a750cSPeter Holm#include <pwd.h> 42*257a750cSPeter Holm#include <signal.h> 43*257a750cSPeter Holm#include <stdarg.h> 44*257a750cSPeter Holm#include <stdbool.h> 45*257a750cSPeter Holm#include <stdint.h> 46*257a750cSPeter Holm#include <stdio.h> 47*257a750cSPeter Holm#include <stdlib.h> 48*257a750cSPeter Holm#include <string.h> 49*257a750cSPeter Holm#include <sys/endian.h> 50*257a750cSPeter Holm#include <sys/resource.h> 51*257a750cSPeter Holm#include <sys/syscall.h> 52*257a750cSPeter Holm#include <sys/wait.h> 53*257a750cSPeter Holm#include <time.h> 54*257a750cSPeter Holm#include <unistd.h> 55*257a750cSPeter Holm 56*257a750cSPeter Holmstatic unsigned long long procid; 57*257a750cSPeter Holm 58*257a750cSPeter Holmstatic void kill_and_wait(int pid, int* status) 59*257a750cSPeter Holm{ 60*257a750cSPeter Holm kill(pid, SIGKILL); 61*257a750cSPeter Holm while (waitpid(-1, status, 0) != pid) { 62*257a750cSPeter Holm } 63*257a750cSPeter Holm} 64*257a750cSPeter Holm 65*257a750cSPeter Holmstatic void sleep_ms(uint64_t ms) 66*257a750cSPeter Holm{ 67*257a750cSPeter Holm usleep(ms * 1000); 68*257a750cSPeter Holm} 69*257a750cSPeter Holm 70*257a750cSPeter Holmstatic uint64_t current_time_ms(void) 71*257a750cSPeter Holm{ 72*257a750cSPeter Holm struct timespec ts; 73*257a750cSPeter Holm if (clock_gettime(CLOCK_MONOTONIC, &ts)) 74*257a750cSPeter Holm exit(1); 75*257a750cSPeter Holm return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; 76*257a750cSPeter Holm} 77*257a750cSPeter Holm 78*257a750cSPeter Holmstatic void thread_start(void* (*fn)(void*), void* arg) 79*257a750cSPeter Holm{ 80*257a750cSPeter Holm pthread_t th; 81*257a750cSPeter Holm pthread_attr_t attr; 82*257a750cSPeter Holm pthread_attr_init(&attr); 83*257a750cSPeter Holm pthread_attr_setstacksize(&attr, 128 << 10); 84*257a750cSPeter Holm int i = 0; 85*257a750cSPeter Holm for (; i < 100; i++) { 86*257a750cSPeter Holm if (pthread_create(&th, &attr, fn, arg) == 0) { 87*257a750cSPeter Holm pthread_attr_destroy(&attr); 88*257a750cSPeter Holm return; 89*257a750cSPeter Holm } 90*257a750cSPeter Holm if (errno == EAGAIN) { 91*257a750cSPeter Holm usleep(50); 92*257a750cSPeter Holm continue; 93*257a750cSPeter Holm } 94*257a750cSPeter Holm break; 95*257a750cSPeter Holm } 96*257a750cSPeter Holm exit(1); 97*257a750cSPeter Holm} 98*257a750cSPeter Holm 99*257a750cSPeter Holmtypedef struct { 100*257a750cSPeter Holm pthread_mutex_t mu; 101*257a750cSPeter Holm pthread_cond_t cv; 102*257a750cSPeter Holm int state; 103*257a750cSPeter Holm} event_t; 104*257a750cSPeter Holm 105*257a750cSPeter Holmstatic void event_init(event_t* ev) 106*257a750cSPeter Holm{ 107*257a750cSPeter Holm if (pthread_mutex_init(&ev->mu, 0)) 108*257a750cSPeter Holm exit(1); 109*257a750cSPeter Holm if (pthread_cond_init(&ev->cv, 0)) 110*257a750cSPeter Holm exit(1); 111*257a750cSPeter Holm ev->state = 0; 112*257a750cSPeter Holm} 113*257a750cSPeter Holm 114*257a750cSPeter Holmstatic void event_reset(event_t* ev) 115*257a750cSPeter Holm{ 116*257a750cSPeter Holm ev->state = 0; 117*257a750cSPeter Holm} 118*257a750cSPeter Holm 119*257a750cSPeter Holmstatic void event_set(event_t* ev) 120*257a750cSPeter Holm{ 121*257a750cSPeter Holm pthread_mutex_lock(&ev->mu); 122*257a750cSPeter Holm if (ev->state) 123*257a750cSPeter Holm exit(1); 124*257a750cSPeter Holm ev->state = 1; 125*257a750cSPeter Holm pthread_mutex_unlock(&ev->mu); 126*257a750cSPeter Holm pthread_cond_broadcast(&ev->cv); 127*257a750cSPeter Holm} 128*257a750cSPeter Holm 129*257a750cSPeter Holmstatic void event_wait(event_t* ev) 130*257a750cSPeter Holm{ 131*257a750cSPeter Holm pthread_mutex_lock(&ev->mu); 132*257a750cSPeter Holm while (!ev->state) 133*257a750cSPeter Holm pthread_cond_wait(&ev->cv, &ev->mu); 134*257a750cSPeter Holm pthread_mutex_unlock(&ev->mu); 135*257a750cSPeter Holm} 136*257a750cSPeter Holm 137*257a750cSPeter Holmstatic int event_isset(event_t* ev) 138*257a750cSPeter Holm{ 139*257a750cSPeter Holm pthread_mutex_lock(&ev->mu); 140*257a750cSPeter Holm int res = ev->state; 141*257a750cSPeter Holm pthread_mutex_unlock(&ev->mu); 142*257a750cSPeter Holm return res; 143*257a750cSPeter Holm} 144*257a750cSPeter Holm 145*257a750cSPeter Holmstatic int event_timedwait(event_t* ev, uint64_t timeout) 146*257a750cSPeter Holm{ 147*257a750cSPeter Holm uint64_t start = current_time_ms(); 148*257a750cSPeter Holm uint64_t now = start; 149*257a750cSPeter Holm pthread_mutex_lock(&ev->mu); 150*257a750cSPeter Holm for (;;) { 151*257a750cSPeter Holm if (ev->state) 152*257a750cSPeter Holm break; 153*257a750cSPeter Holm uint64_t remain = timeout - (now - start); 154*257a750cSPeter Holm struct timespec ts; 155*257a750cSPeter Holm ts.tv_sec = remain / 1000; 156*257a750cSPeter Holm ts.tv_nsec = (remain % 1000) * 1000 * 1000; 157*257a750cSPeter Holm pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); 158*257a750cSPeter Holm now = current_time_ms(); 159*257a750cSPeter Holm if (now - start > timeout) 160*257a750cSPeter Holm break; 161*257a750cSPeter Holm } 162*257a750cSPeter Holm int res = ev->state; 163*257a750cSPeter Holm pthread_mutex_unlock(&ev->mu); 164*257a750cSPeter Holm return res; 165*257a750cSPeter Holm} 166*257a750cSPeter Holm 167*257a750cSPeter Holmstatic void sandbox_common() 168*257a750cSPeter Holm{ 169*257a750cSPeter Holm struct rlimit rlim; 170*257a750cSPeter Holm rlim.rlim_cur = rlim.rlim_max = 128 << 20; 171*257a750cSPeter Holm setrlimit(RLIMIT_AS, &rlim); 172*257a750cSPeter Holm rlim.rlim_cur = rlim.rlim_max = 8 << 20; 173*257a750cSPeter Holm setrlimit(RLIMIT_MEMLOCK, &rlim); 174*257a750cSPeter Holm rlim.rlim_cur = rlim.rlim_max = 1 << 20; 175*257a750cSPeter Holm setrlimit(RLIMIT_FSIZE, &rlim); 176*257a750cSPeter Holm rlim.rlim_cur = rlim.rlim_max = 1 << 20; 177*257a750cSPeter Holm setrlimit(RLIMIT_STACK, &rlim); 178*257a750cSPeter Holm rlim.rlim_cur = rlim.rlim_max = 0; 179*257a750cSPeter Holm setrlimit(RLIMIT_CORE, &rlim); 180*257a750cSPeter Holm rlim.rlim_cur = rlim.rlim_max = 256; 181*257a750cSPeter Holm setrlimit(RLIMIT_NOFILE, &rlim); 182*257a750cSPeter Holm} 183*257a750cSPeter Holm 184*257a750cSPeter Holmstatic void loop(); 185*257a750cSPeter Holm 186*257a750cSPeter Holmstatic int do_sandbox_none(void) 187*257a750cSPeter Holm{ 188*257a750cSPeter Holm sandbox_common(); 189*257a750cSPeter Holm loop(); 190*257a750cSPeter Holm return 0; 191*257a750cSPeter Holm} 192*257a750cSPeter Holm 193*257a750cSPeter Holmstruct thread_t { 194*257a750cSPeter Holm int created, call; 195*257a750cSPeter Holm event_t ready, done; 196*257a750cSPeter Holm}; 197*257a750cSPeter Holm 198*257a750cSPeter Holmstatic struct thread_t threads[16]; 199*257a750cSPeter Holmstatic void execute_call(int call); 200*257a750cSPeter Holmstatic int running; 201*257a750cSPeter Holm 202*257a750cSPeter Holmstatic void* thr(void* arg) 203*257a750cSPeter Holm{ 204*257a750cSPeter Holm struct thread_t* th = (struct thread_t*)arg; 205*257a750cSPeter Holm for (;;) { 206*257a750cSPeter Holm event_wait(&th->ready); 207*257a750cSPeter Holm event_reset(&th->ready); 208*257a750cSPeter Holm execute_call(th->call); 209*257a750cSPeter Holm __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); 210*257a750cSPeter Holm event_set(&th->done); 211*257a750cSPeter Holm } 212*257a750cSPeter Holm return 0; 213*257a750cSPeter Holm} 214*257a750cSPeter Holm 215*257a750cSPeter Holmstatic void execute_one(void) 216*257a750cSPeter Holm{ 217*257a750cSPeter Holm if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { 218*257a750cSPeter Holm } 219*257a750cSPeter Holm int i, call, thread; 220*257a750cSPeter Holm for (call = 0; call < 4; call++) { 221*257a750cSPeter Holm for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); 222*257a750cSPeter Holm thread++) { 223*257a750cSPeter Holm struct thread_t* th = &threads[thread]; 224*257a750cSPeter Holm if (!th->created) { 225*257a750cSPeter Holm th->created = 1; 226*257a750cSPeter Holm event_init(&th->ready); 227*257a750cSPeter Holm event_init(&th->done); 228*257a750cSPeter Holm event_set(&th->done); 229*257a750cSPeter Holm thread_start(thr, th); 230*257a750cSPeter Holm } 231*257a750cSPeter Holm if (!event_isset(&th->done)) 232*257a750cSPeter Holm continue; 233*257a750cSPeter Holm event_reset(&th->done); 234*257a750cSPeter Holm th->call = call; 235*257a750cSPeter Holm __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); 236*257a750cSPeter Holm event_set(&th->ready); 237*257a750cSPeter Holm event_timedwait(&th->done, 50); 238*257a750cSPeter Holm break; 239*257a750cSPeter Holm } 240*257a750cSPeter Holm } 241*257a750cSPeter Holm for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) 242*257a750cSPeter Holm sleep_ms(1); 243*257a750cSPeter Holm} 244*257a750cSPeter Holm 245*257a750cSPeter Holmstatic void execute_one(void); 246*257a750cSPeter Holm 247*257a750cSPeter Holm#define WAIT_FLAGS 0 248*257a750cSPeter Holm 249*257a750cSPeter Holmstatic void loop(void) 250*257a750cSPeter Holm{ 251*257a750cSPeter Holm// int iter = 0; 252*257a750cSPeter Holm for (;; /*iter++*/) { 253*257a750cSPeter Holm int pid = fork(); 254*257a750cSPeter Holm if (pid < 0) 255*257a750cSPeter Holm exit(1); 256*257a750cSPeter Holm if (pid == 0) { 257*257a750cSPeter Holm execute_one(); 258*257a750cSPeter Holm exit(0); 259*257a750cSPeter Holm } 260*257a750cSPeter Holm int status = 0; 261*257a750cSPeter Holm uint64_t start = current_time_ms(); 262*257a750cSPeter Holm for (;;) { 263*257a750cSPeter Holm sleep_ms(10); 264*257a750cSPeter Holm if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) 265*257a750cSPeter Holm break; 266*257a750cSPeter Holm if (current_time_ms() - start < 5000) 267*257a750cSPeter Holm continue; 268*257a750cSPeter Holm kill_and_wait(pid, &status); 269*257a750cSPeter Holm break; 270*257a750cSPeter Holm } 271*257a750cSPeter Holm } 272*257a750cSPeter Holm} 273*257a750cSPeter Holm 274*257a750cSPeter Holmuint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; 275*257a750cSPeter Holm 276*257a750cSPeter Holmvoid execute_call(int call) 277*257a750cSPeter Holm{ 278*257a750cSPeter Holm intptr_t res = 0; 279*257a750cSPeter Holm switch (call) { 280*257a750cSPeter Holm case 0: 281*257a750cSPeter Holm // socketpair\$unix arguments: [ 282*257a750cSPeter Holm // domain: const = 0x1 (8 bytes) 283*257a750cSPeter Holm // type: unix_socket_type = 0x5 (8 bytes) 284*257a750cSPeter Holm // proto: const = 0x0 (1 bytes) 285*257a750cSPeter Holm // fds: ptr[out, unix_pair] { 286*257a750cSPeter Holm // unix_pair { 287*257a750cSPeter Holm // fd0: sock_unix (resource) 288*257a750cSPeter Holm // fd1: sock_unix (resource) 289*257a750cSPeter Holm // } 290*257a750cSPeter Holm // } 291*257a750cSPeter Holm // ] 292*257a750cSPeter Holm res = syscall(SYS_socketpair, /*domain=*/1ul, /*type=SOCK_SEQPACKET*/ 5ul, 293*257a750cSPeter Holm /*proto=*/0, /*fds=*/0x200000000440ul); 294*257a750cSPeter Holm if (res != -1) { 295*257a750cSPeter Holm r[0] = *(uint32_t*)0x200000000440; 296*257a750cSPeter Holm r[1] = *(uint32_t*)0x200000000444; 297*257a750cSPeter Holm } 298*257a750cSPeter Holm break; 299*257a750cSPeter Holm case 1: 300*257a750cSPeter Holm // sendmsg arguments: [ 301*257a750cSPeter Holm // fd: sock (resource) 302*257a750cSPeter Holm // msg: ptr[in, send_msghdr] { 303*257a750cSPeter Holm // send_msghdr { 304*257a750cSPeter Holm // msg_name: nil 305*257a750cSPeter Holm // msg_namelen: len = 0x0 (4 bytes) 306*257a750cSPeter Holm // pad = 0x0 (4 bytes) 307*257a750cSPeter Holm // msg_iov: nil 308*257a750cSPeter Holm // msg_iovlen: len = 0x0 (8 bytes) 309*257a750cSPeter Holm // msg_control: ptr[inout, array[ANYUNION]] { 310*257a750cSPeter Holm // array[ANYUNION] { 311*257a750cSPeter Holm // union ANYUNION { 312*257a750cSPeter Holm // ANYBLOB: buffer: {04 01 00 00 ff ff 00 00 01} (length 0x9) 313*257a750cSPeter Holm // } 314*257a750cSPeter Holm // } 315*257a750cSPeter Holm // } 316*257a750cSPeter Holm // msg_controllen: bytesize = 0x104 (8 bytes) 317*257a750cSPeter Holm // msg_flags: const = 0x0 (4 bytes) 318*257a750cSPeter Holm // pad = 0x0 (4 bytes) 319*257a750cSPeter Holm // } 320*257a750cSPeter Holm // } 321*257a750cSPeter Holm // f: send_flags = 0x0 (8 bytes) 322*257a750cSPeter Holm // ] 323*257a750cSPeter Holm *(uint64_t*)0x200000000000 = 0; 324*257a750cSPeter Holm *(uint32_t*)0x200000000008 = 0; 325*257a750cSPeter Holm *(uint64_t*)0x200000000010 = 0; 326*257a750cSPeter Holm *(uint64_t*)0x200000000018 = 0; 327*257a750cSPeter Holm *(uint64_t*)0x200000000020 = 0x2000000007c0; 328*257a750cSPeter Holm memcpy((void*)0x2000000007c0, "\x04\x01\x00\x00\xff\xff\x00\x00\x01", 9); 329*257a750cSPeter Holm *(uint64_t*)0x200000000028 = 0x104; 330*257a750cSPeter Holm *(uint32_t*)0x200000000030 = 0; 331*257a750cSPeter Holm syscall(SYS_sendmsg, /*fd=*/r[1], /*msg=*/0x200000000000ul, /*f=*/0ul); 332*257a750cSPeter Holm for (int i = 0; i < 32; i++) { 333*257a750cSPeter Holm syscall(SYS_sendmsg, /*fd=*/r[1], /*msg=*/0x200000000000ul, /*f=*/0ul); 334*257a750cSPeter Holm } 335*257a750cSPeter Holm break; 336*257a750cSPeter Holm case 2: 337*257a750cSPeter Holm // close arguments: [ 338*257a750cSPeter Holm // fd: fd (resource) 339*257a750cSPeter Holm // ] 340*257a750cSPeter Holm syscall(SYS_close, /*fd=*/r[1]); 341*257a750cSPeter Holm break; 342*257a750cSPeter Holm case 3: 343*257a750cSPeter Holm // recvmsg arguments: [ 344*257a750cSPeter Holm // fd: sock (resource) 345*257a750cSPeter Holm // msg: ptr[inout, recv_msghdr] { 346*257a750cSPeter Holm // recv_msghdr { 347*257a750cSPeter Holm // msg_name: nil 348*257a750cSPeter Holm // msg_namelen: len = 0x0 (4 bytes) 349*257a750cSPeter Holm // pad = 0x0 (4 bytes) 350*257a750cSPeter Holm // msg_iov: nil 351*257a750cSPeter Holm // msg_iovlen: len = 0x0 (8 bytes) 352*257a750cSPeter Holm // msg_control: ptr[out, buffer] { 353*257a750cSPeter Holm // buffer: (DirOut) 354*257a750cSPeter Holm // } 355*257a750cSPeter Holm // msg_controllen: len = 0x19 (8 bytes) 356*257a750cSPeter Holm // msg_flags: const = 0x0 (4 bytes) 357*257a750cSPeter Holm // pad = 0x0 (4 bytes) 358*257a750cSPeter Holm // } 359*257a750cSPeter Holm // } 360*257a750cSPeter Holm // f: recv_flags = 0x80 (8 bytes) 361*257a750cSPeter Holm // ] 362*257a750cSPeter Holm *(uint64_t*)0x2000000005c0 = 0; 363*257a750cSPeter Holm *(uint32_t*)0x2000000005c8 = 0; 364*257a750cSPeter Holm *(uint64_t*)0x2000000005d0 = 0; 365*257a750cSPeter Holm *(uint64_t*)0x2000000005d8 = 0; 366*257a750cSPeter Holm *(uint64_t*)0x2000000005e0 = 0x200000000580; 367*257a750cSPeter Holm *(uint64_t*)0x2000000005e8 = 0x19; 368*257a750cSPeter Holm *(uint32_t*)0x2000000005f0 = 0; 369*257a750cSPeter Holm syscall(SYS_recvmsg, /*fd=*/r[0], /*msg=*/0x2000000005c0ul, 370*257a750cSPeter Holm /*f=MSG_DONTWAIT*/ 0x80ul); 371*257a750cSPeter Holm break; 372*257a750cSPeter Holm } 373*257a750cSPeter Holm} 374*257a750cSPeter Holmint main(void) 375*257a750cSPeter Holm{ 376*257a750cSPeter Holm syscall(SYS_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, 377*257a750cSPeter Holm /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, 378*257a750cSPeter Holm /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x1012ul, 379*257a750cSPeter Holm /*fd=*/(intptr_t)-1, /*offset=*/0ul); 380*257a750cSPeter Holm const char* reason; 381*257a750cSPeter Holm (void)reason; 382*257a750cSPeter Holm for (procid = 0; procid < 4; procid++) { 383*257a750cSPeter Holm if (fork() == 0) { 384*257a750cSPeter Holm do_sandbox_none(); 385*257a750cSPeter Holm } 386*257a750cSPeter Holm } 387*257a750cSPeter Holm sleep(1000000); 388*257a750cSPeter Holm return 0; 389*257a750cSPeter Holm} 390*257a750cSPeter HolmEOF 391*257a750cSPeter Holmmycc -o /tmp/$prog -Wall -Wextra -O0 /tmp/$prog.c -pthread || exit 1 392*257a750cSPeter Holm 393*257a750cSPeter Holmwork=/tmp/$prog.dir 394*257a750cSPeter Holmrm -rf $work 395*257a750cSPeter Holmmkdir $work 396*257a750cSPeter Holmcd /tmp/$prog.dir 397*257a750cSPeter Holmkldstat | grep -q sctp || { kldload sctp.ko && loaded=1; } 398*257a750cSPeter Holmtimeout 3m /tmp/$prog > /dev/null 2>&1 399*257a750cSPeter Holm 400*257a750cSPeter Holmrm -rf /tmp/$prog /tmp/$prog.c /tmp/$prog.core $work 401*257a750cSPeter Holm[ $loaded ] && kldunload sctp.ko 402*257a750cSPeter Holmexit 0 403