| // possible deadlock in fifo_open |
| // https://syzkaller.appspot.com/bug?id=bfc3f972760618caea8f21371b32d8071ce0a56a |
| // status:dup |
| // autogenerated by syzkaller (https://github.com/google/syzkaller) |
| |
| #define _GNU_SOURCE |
| |
| #include <endian.h> |
| #include <stdint.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <sys/syscall.h> |
| #include <sys/types.h> |
| #include <unistd.h> |
| |
| uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; |
| |
| int main(void) |
| { |
| syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); |
| long res = 0; |
| res = syscall(__NR_pipe, 0x20000c40); |
| if (res != -1) { |
| r[0] = *(uint32_t*)0x20000c40; |
| r[1] = *(uint32_t*)0x20000c44; |
| } |
| res = syscall(__NR_socket, 2, 2, 0); |
| if (res != -1) |
| r[2] = res; |
| syscall(__NR_close, r[2]); |
| memcpy((void*)0x20000000, "/proc/thread-self/attr/exec\000", 28); |
| syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 2, 0); |
| *(uint32_t*)0x20000040 = r[2]; |
| *(uint16_t*)0x20000044 = -1; |
| sprintf((char*)0x20000046, "%020llu", (long long)-1); |
| sprintf((char*)0x2000005a, "%020llu", (long long)-1); |
| syscall(__NR_write, r[1], 0x20000040, 0x2e); |
| syscall(__NR_splice, r[0], 0, r[2], 0, 0x10005, 0); |
| memcpy((void*)0x20000200, "./file0\000", 8); |
| syscall(__NR_mknod, 0x20000200, 0x1041, 0x4000); |
| memcpy((void*)0x20000480, "./file0\000", 8); |
| syscall(__NR_execve, 0x20000480, 0, 0); |
| return 0; |
| } |
