// https://syzkaller.appspot.com/bug?id=efb172979756a82d2d1429c667c30a0a10b492d4
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <parlib/parlib.h>
#include <ros/syscall.h>
#include <setjmp.h>
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>

static __thread int skip_segv;
static __thread jmp_buf segv_env;

static void recover(void)
{
  _longjmp(segv_env, 1);
}

static void segv_handler(int sig, siginfo_t* info, void* ctx)
{
  uintptr_t addr = (uintptr_t)info->si_addr;
  const uintptr_t prog_start = 1 << 20;
  const uintptr_t prog_end = 100 << 20;
  int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0;
  int valid = addr < prog_start || addr > prog_end;
  if (skip && valid) {
    struct user_context* uctx = (struct user_context*)ctx;
    uctx->tf.hw_tf.tf_rip = (long)(void*)recover;
    return;
  }
  exit(sig);
}

static void install_segv_handler(void)
{
  struct sigaction sa;
  memset(&sa, 0, sizeof(sa));
  sa.sa_sigaction = segv_handler;
  sa.sa_flags = SA_NODEFER | SA_SIGINFO;
  sigaction(SIGSEGV, &sa, NULL);
  sigaction(SIGBUS, &sa, NULL);
}

#define NONFAILING(...)                                                        \
  {                                                                            \
    __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST);                       \
    if (_setjmp(segv_env) == 0) {                                              \
      __VA_ARGS__;                                                             \
    }                                                                          \
    __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST);                       \
  }

static void use_temporary_dir(void)
{
  char tmpdir_template[] = "./syzkaller.XXXXXX";
  char* tmpdir = mkdtemp(tmpdir_template);
  if (!tmpdir)
    exit(1);
  if (chmod(tmpdir, 0777))
    exit(1);
  if (chdir(tmpdir))
    exit(1);
}

static void loop();
static int do_sandbox_none(void)
{
  loop();
  return 0;
}

uint64_t r[1] = {0xffffffffffffffff};

void loop(void)
{
  intptr_t res = 0;
  NONFAILING(memcpy((void*)0x20000200, "/dev/.empty\000", 12));
  res =
      syscall(SYS_openat, 0xffffffffffffff9cul, 0x20000200ul, 0xcul, 3ul, 0ul);
  if (res != -1)
    r[0] = res;
  NONFAILING(memcpy(
      (void*)0x20000240,
      "\x91\x0b\x11\x21\x25\x24\x30\xf6\x5c\x65\xc1\xb8\xde\x05\xd5\x60\xa1\x76"
      "\xfe\x86\x1a\x81\x6c\x86\x1a\xd1\x91\x90\x58\xbb\x92\x96\xe3\x68\xf4\x3c"
      "\xe7\xef\xf2\x04\x14\x17\x85\x76\xe1\xe9\x0b\xc2\x07\x5c\x03\xb7\xde\x31"
      "\x79\x02\xc2\x5c\xd5\x36\x68\xa0\xe7\x21\x4f\xcc\x44\xaf\x42\xc7\xe0\xef"
      "\xf3\x4c\x16\x23\x28\xc9\x87\x27\xb8\x4d\x4a\x42\xb1\x58\x48\xc9\xf0\x3c"
      "\xbb\x68\xc1\x83\xd6\x27\x32\xf2\x66\xfc\xe2\x24\xbc\xec\xab\x66\xfa\xb0"
      "\x0b\xbc\x31\x98\xe9\xa0\x58\x86\xe4\x63\xc8\xd9\xa4\xa1\x39\x5c\x49\xbb"
      "\x8f\xde\x6a\x30\x2f\xca\x1b\xd0\xc0\x27\xf4\xcf\x61\xaa\xaa\xc1\x16\x9f"
      "\x50\xb1\x9c\x1a\x43\x2d\x6e\x25\x35\x05\x26\x09\x8b\x29\x4e\xdf\x15\x5b"
      "\x46\x1c\xba\x46\xc7\x80\x82\xd0\x90\xf1\x5d\x11\xfc\x8b\xcc\xce\xa5\x3e"
      "\x9d\xd5\xce\xca\x8e\x62\xf9\x15\x52\x69\x97\x02\xf5\xba\x2c\x98\x7a\xa2"
      "\x18\x42\x45\x7d\x2a\xf4\x00\x00\x00\x00\x00\xb9\x85\x3f\x1b\xfa\x8a\x49"
      "\xe7\x31\x2b\xde\xa1\x66\xc7\x33\x47\xa7\x0a\x16\x82\xca\x83\xbe\xb5\xe2"
      "\x52\xca\xc6\x0c\x03\x21\xb7\x7d\xbe\xb0\x05\x9b\x67\x24\x52\x86\x56\x43"
      "\x98\x9b\x06\x5b\xdf\x63\xe8\xf3\xba\x56\x37\x06\xa8\x26\x89\xad\x1c\xe8"
      "\x59\x42\xc5\xac\xc4\x2f\x6f\x53\x75\x0b\x6c\x4b\xb0\x62\x64\xa6\xc0\xc9"
      "\x9e\x79\x58\xae\xfa\xf1\x81\xbf\x95\x3e\x38\x78\xda\x78\xd7\xe7\x9d\x43"
      "\xfd\x99\x70\xde\x8c\xbc\x47\x1b\x45\x09\xbe\x7f\x14\xbf\x04\x61\x2c\x0e"
      "\x43\xf7\xdb\x7e\x8c\x59\xdc\xf4\x3a\xe9\xf9\xf0\xd7\x05\xf9\x12\xe6\xd7"
      "\x91\xf8\xfb\x93\x72\x11\x79\x02\x92\xc9\xcb\x92\x6e\xe5\x32\xd3\xfb\x64"
      "\xa4\x54\xc0\x82\xdf\x77\x17\x0b\xf2\x54\xce\xa0\x6b\x39\xd6\xae\x06\x60"
      "\x32\x2f\x86\x64\x1c\xa6\x35\x6f\x75\x80\xa0\x87\xec\x7a\x48\x37\x2b\xbc"
      "\x83\x2d\x72\x0d\x6f\x95\x05\x24\xf0\xc2\x13\x1f\x09\xa1\x89\x32\x10",
      413));
  syscall(SYS_write, r[0], 0x20000240ul, 0xfffffffcul);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
  install_segv_handler();
  use_temporary_dir();
  do_sandbox_none();
  return 0;
}