// https://syzkaller.appspot.com/bug?id=401730da81cc65b97da6fa48aa9c0d392463f1b5
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <errno.h>
#include <errno.h>
#include <fcntl.h>
#include <fcntl.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdio.h>
#include <sys/stat.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

__attribute__((noreturn)) static void doexit(int status)
{
  volatile unsigned i;
  syscall(__NR_exit_group, status);
  for (i = 0;; i++) {
  }
}
#include <errno.h>
#include <stdarg.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>

const int kFailStatus = 67;
const int kRetryStatus = 69;

static void exitf(const char* msg, ...)
{
  int e = errno;
  va_list args;
  va_start(args, msg);
  vfprintf(stderr, msg, args);
  va_end(args);
  fprintf(stderr, " (errno %d)\n", e);
  doexit(kRetryStatus);
}

static bool write_file(const char* file, const char* what, ...)
{
  char buf[1024];
  va_list args;
  va_start(args, what);
  vsnprintf(buf, sizeof(buf), what, args);
  va_end(args);
  buf[sizeof(buf) - 1] = 0;
  int len = strlen(buf);

  int fd = open(file, O_WRONLY | O_CLOEXEC);
  if (fd == -1)
    return false;
  if (write(fd, buf, len) != len) {
    int err = errno;
    close(fd);
    errno = err;
    return false;
  }
  close(fd);
  return true;
}

static int inject_fault(int nth)
{
  int fd;
  char buf[16];

  fd = open("/proc/thread-self/fail-nth", O_RDWR);
  if (fd == -1)
    exitf("failed to open /proc/thread-self/fail-nth");
  sprintf(buf, "%d", nth + 1);
  if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf))
    exitf("failed to write /proc/thread-self/fail-nth");
  return fd;
}

void loop()
{
  memcpy((void*)0x20000000,
         "\x61\x73\x79\x6d\x6d\x65\x74\x72\x69\x63\x00\x8e\xe0\x6c\x59\x73\x7f"
         "\x7a\x8a\x96\xa1\x83\x95\xa2\xb4\x7e\xf8\xca\x4f\x0d\x8c\xa8\x63\xae"
         "\xa7\x8e\xdb\xca\xcf\xf7\x0b\x69\xd8\xbd\xfd\x4d\xdd\x5c\x8d\xd8\xdf"
         "\xaa\x62\xca\xc2\xba\x5c\xaa\x4b\x8d\x68\x80\xcc\xfe\xe0\xe3\x05\x7f"
         "\x5d\xd3\xae\x1c\x73\xa1\xf5\x60\x4f\x55\xd4\x5d\x42\xc6\x49\x79\xcf"
         "\x76\x53\x82\x9e\xaa\x76\xd4\xad\x77\x2e\x11\xeb\xe8\x40\x18\xa6\x3c"
         "\x03\xb2\x82\xaf\x9a\x1c\xfe\xd6\x64\x3a\x68\x3e\x71\x6c\xa6\x5a\xc2"
         "\x92\x06\x6e\xbe\x24\x93\x33\xc4\x7c\x33\x76\x66\xb5\x08\xec\xcb\x91"
         "\xff\x79\x33\xfa\x30\x4c\x4b\x6a\x18\x97\xbb\xfc\xd3\x67\x0e\x59\xaa"
         "\x6b\x78\x56\xad\x03\xd9\x06\x69\x13\xa2\x62\xda\xc8\xcf\x36\x97\xd2"
         "\x94\x7d\x1d\x01\xc1\xfe\x35\xe5\x6e\x0c\x31\x78\x6c\x1e\x5f\xb9\x65"
         "\x67\xb8\x2f\x93\x40\x24\x7a\x1a\x32\xfd\x18\x43\x4e\x14\x38\xd6\x7a"
         "\x01\x5d\x1c\xa4\x95\x6e\x1f\xd0\xa2\xc6\xd6\x26\x91\x93\x11\x51\x4a"
         "\xe2\x20\xfa\x0b\x6e\xe9\x13\xc5\x4a\x67\x6e\xbd\xec\x45\xad\x6d\x1d"
         "\x26\x44\x32\x74\x35\x52\x99\xa3\x4a\x62\x6b\x38\xcb\xdc\xce\xe3\x53"
         "\xe1\x42\x44\xb9\x20\x18\xa2\xc0\x05\x95\xb3\x18\x73\x35\xa6\xab\xe8"
         "\x64\x44\x82\xa3\x9c\x6c\x52\xc2\x0b\x19\x08\x2b\x00\x50\xe3\x9c\xd1"
         "\xc5\x22\x15\x3a\x0b\xb0\xdc\x15\xfc\x43\x21\x91\xc5\xb7\xb5\x0e\x13"
         "\xbf\xe9\xf9\xd9\x28\x0b\x0f\x62\x43\xb7\x60\x57\x69\x16\x64\xa0\xe6"
         "\x9f\x42\x60",
         326);
  *(uint8_t*)0x20001ffb = 0x73;
  *(uint8_t*)0x20001ffc = 0x79;
  *(uint8_t*)0x20001ffd = 0x7a;
  *(uint8_t*)0x20001ffe = 0;
  *(uint8_t*)0x20001fff = 0;
  memcpy((void*)0x20001fee, ":trusteduserVexf(", 18);
  write_file("/sys/kernel/debug/failslab/ignore-gfp-wait", "N");
  write_file("/sys/kernel/debug/fail_futex/ignore-private", "N");
  inject_fault(0);
  syscall(__NR_request_key, 0x20000000, 0x20001ffb, 0x20001fee, 0);
}

int main()
{
  write_file("/sys/kernel/debug/failslab/ignore-gfp-wait", "N");
  write_file("/sys/kernel/debug/fail_futex/ignore-private", "N");
  inject_fault(0);
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}