// https://syzkaller.appspot.com/bug?id=5fcd04dcb33baf80f736b53e5cd18328fa3ca0b0
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE 

#include <dirent.h>
#include <endian.h>
#include <fcntl.h>
#include <poll.h>
#include <pwd.h>
#include <setjmp.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/event.h>
#include <sys/ioctl.h>
#include <sys/ktrace.h>
#include <sys/mman.h>
#include <sys/msg.h>
#include <sys/resource.h>
#include <sys/sem.h>
#include <sys/shm.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/sysctl.h>
#include <sys/syslog.h>
#include <unistd.h>

static __thread int clone_ongoing;
static __thread int skip_segv;
static __thread jmp_buf segv_env;

static void segv_handler(int sig, siginfo_t* info, void* ctx)
{
	if (__atomic_load_n(&clone_ongoing, __ATOMIC_RELAXED) != 0) {
		exit(sig);
	}
	uintptr_t addr = (uintptr_t)info->si_addr;
	const uintptr_t prog_start = 1 << 20;
	const uintptr_t prog_end = 100 << 20;
	int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0;
	int valid = addr < prog_start || addr > prog_end;
	if (skip && valid) {
		_longjmp(segv_env, 1);
	}
	exit(sig);
}

static void install_segv_handler(void)
{
	struct sigaction sa;
	memset(&sa, 0, sizeof(sa));
	sa.sa_sigaction = segv_handler;
	sa.sa_flags = SA_NODEFER | SA_SIGINFO;
	sigaction(SIGSEGV, &sa, NULL);
	sigaction(SIGBUS, &sa, NULL);
}

#define NONFAILING(...) ({ int ok = 1; __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); if (_setjmp(segv_env) == 0) { __VA_ARGS__; } else ok = 0; __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); ok; })

static void use_temporary_dir(void)
{
	char tmpdir_template[] = "./syzkaller.XXXXXX";
	char* tmpdir = mkdtemp(tmpdir_template);
	if (!tmpdir)
	exit(1);
	if (chmod(tmpdir, 0777))
	exit(1);
	if (chdir(tmpdir))
	exit(1);
}

#define CAST 

static void sandbox_common()
{
		if (setsid() == -1)
	exit(1);
	struct rlimit rlim;
	rlim.rlim_cur = rlim.rlim_max = 8 << 20;
	setrlimit(RLIMIT_MEMLOCK, &rlim);
	rlim.rlim_cur = rlim.rlim_max = 1 << 20;
	setrlimit(RLIMIT_FSIZE, &rlim);
	rlim.rlim_cur = rlim.rlim_max = 1 << 20;
	setrlimit(RLIMIT_STACK, &rlim);
	rlim.rlim_cur = rlim.rlim_max = 0;
	setrlimit(RLIMIT_CORE, &rlim);
	rlim.rlim_cur = rlim.rlim_max = 256;
	setrlimit(RLIMIT_NOFILE, &rlim);
}

static void loop();

static int do_sandbox_none(void)
{
	sandbox_common();
	loop();
	return 0;
}

uint64_t r[1] = {0xffffffffffffffff};

void loop(void)
{
		intptr_t res = 0;
	res = -1;
	NONFAILING(res = ((intptr_t(*)(intptr_t,intptr_t,intptr_t))CAST(socket))(/*domain=*/0x11, /*type=*/3, /*proto=*/0));
	if (res != -1)
		r[0] = res;
	NONFAILING(memcpy((void*)0x200000c0, "\xb1\x00\x05\x01\x60\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x33\x18\x13\xfe\xce\xa1\x05\x00\xfe\xf9\x6e\xcf\xc7\x2f\xd3\x35\x7a\xe3\x20\xb3\x7b\x67\x30\x39\xd2\xd2\x36\xac\xf2\x0b\x78\x04\xbe\x38\x16\x49\x91\xf7\xc8\xcf\x5f\x88\x2b\x29\x7b\xe1\xaa\x5b\x23\x6d\xeb\x51\xe2\xf0\xac\x3e\xbb\xc2\x57\x69\x9a\x5f\x13\x9b\x67\x2f\x4d\x33\x5d\x22\x3e\x7d\x02\x6b\xa8\xb8\x7c\x00\x37\x28\x21\x02\x00\x00\x00\x72\x0f\xd3\x8b\xfb\xb7\x70\xc1\xf5\xa8\x72\xc8\x81\xea\x6e\x69\xe0\xbb\x76\xd9\x07\xc4\x00\x00\x02\x00\x36\x1b\x12\x57\xae\xa8\xc5\x00\x00\x20\x02\xfb\x00\x00\x00\x00\x00\x8a\xbf\xba\x09\x00\x00\x00\xec\x29\xdf\xf8\xf8\x34\x37\x12\x05\x1e\xad\xb7\x1d\x89\xe0\x00\x04\x07\x81\xe4\xb2\xff\xf0\x00\x00\x00", 177));
	NONFAILING(((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(sendto))(/*fd=*/r[0], /*buf=*/0x200000c0, /*len=*/0xb1, /*f=*/0, /*addr=*/0, /*addrlen=*/0xfffffffffffffdf9));

}
int main(void)
{
		NONFAILING(((intptr_t(*)(intptr_t,intptr_t,intptr_t,intptr_t,intptr_t,intptr_t))CAST(mmap))(/*addr=*/0x20000000, /*len=*/0x1000000, /*prot=*/3, /*flags=*/0x1012, /*fd=*/-1, /*offset=*/0));
	install_segv_handler();
			use_temporary_dir();
			do_sandbox_none();
	return 0;
}