// https://syzkaller.appspot.com/bug?id=a00045da49fb33bdf540daa67eff8debcde502f8
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

static bool write_file(const char* file, const char* what, ...)
{
  char buf[1024];
  va_list args;
  va_start(args, what);
  vsnprintf(buf, sizeof(buf), what, args);
  va_end(args);
  buf[sizeof(buf) - 1] = 0;
  int len = strlen(buf);
  int fd = open(file, O_WRONLY | O_CLOEXEC);
  if (fd == -1)
    return false;
  if (write(fd, buf, len) != len) {
    int err = errno;
    close(fd);
    errno = err;
    return false;
  }
  close(fd);
  return true;
}

static int inject_fault(int nth)
{
  int fd;
  fd = open("/proc/thread-self/fail-nth", O_RDWR);
  if (fd == -1)
    exit(1);
  char buf[16];
  sprintf(buf, "%d", nth + 1);
  if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf))
    exit(1);
  return fd;
}

static void setup_fault()
{
  static struct {
    const char* file;
    const char* val;
    bool fatal;
  } files[] = {
      {"/sys/kernel/debug/failslab/ignore-gfp-wait", "N", true},
      {"/sys/kernel/debug/fail_futex/ignore-private", "N", false},
      {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", "N", false},
      {"/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", "N", false},
      {"/sys/kernel/debug/fail_page_alloc/min-order", "0", false},
  };
  unsigned i;
  for (i = 0; i < sizeof(files) / sizeof(files[0]); i++) {
    if (!write_file(files[i].file, files[i].val)) {
      if (files[i].fatal)
        exit(1);
    }
  }
}

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
  inject_fault(2);
  syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
  syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
  setup_fault();
  intptr_t res = 0;
  memcpy((void*)0x20000080, "/proc/thread-self/attr/exec\000", 28);
  res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20000080ul, 2ul, 0ul);
  if (res != -1)
    r[0] = res;
  memcpy((void*)0x20000200, "exec ", 5);
  memcpy((void*)0x20000205,
         ":\000\000\000\000\000\000\000\0000I\016\'/"
         "6;4\td\037(\032\\\2468\217&\234\031\204\034p\232\266\234h\003 "
         "\312\032C\264\210\244\233\227\222\236\203\304\b\253\373\250\262e\3564"
         "\005\2270w\336\352\326:%}@\235\230\223\353F "
         "\226mG\246.\347\230z\315\270\0049\037);"
         "\343\236\242\256\264\320ae\0035\032?dY\005\24210?"
         "\274\002\257n\264\374\316%X\272\016\376z\371\037<"
         "\221\350\314N\036\301\212\244\350\231\203_&\033?"
         "\252\r\271\263\234\375Z5\347\325YV\344\317I\330J\2376\207\026\346q"
         "\275s7\255\311}"
         "\032\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000L\317"
         "\304\0311\243fS\206.\371:\031)\t\266,\353p%,J\266lJ\336\205\327p%"
         "\365GYh\244d\003xz\220\353\360\317\242\303\361\376&g\227\341\001\315?"
         "\026|\345\360\317\002~{\353<\034Md\3029\376\335\254\243g\255^,"
         "\023UL4\331\315\025\300\376\260U\a\277\031&"
         "U\236R\b\234\023\022\215\343$i\366kX\003M\223^vG\215\312U\231",
         301);
  inject_fault(2);
  syscall(__NR_write, r[0], 0x20000200ul, 0x132ul);
  return 0;
}