// https://syzkaller.appspot.com/bug?id=28bc35dd6f026b2878e30804670f6f0c39932f16
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static bool write_file(const char* file, const char* what, ...)
{
  char buf[1024];
  va_list args;
  va_start(args, what);
  vsnprintf(buf, sizeof(buf), what, args);
  va_end(args);
  buf[sizeof(buf) - 1] = 0;
  int len = strlen(buf);
  int fd = open(file, O_WRONLY | O_CLOEXEC);
  if (fd == -1)
    return false;
  if (write(fd, buf, len) != len) {
    int err = errno;
    close(fd);
    errno = err;
    return false;
  }
  close(fd);
  return true;
}

static void kill_and_wait(int pid, int* status)
{
  kill(-pid, SIGKILL);
  kill(pid, SIGKILL);
  int i;
  for (i = 0; i < 100; i++) {
    if (waitpid(-1, status, WNOHANG | __WALL) == pid)
      return;
    usleep(1000);
  }
  DIR* dir = opendir("/sys/fs/fuse/connections");
  if (dir) {
    for (;;) {
      struct dirent* ent = readdir(dir);
      if (!ent)
        break;
      if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
        continue;
      char abort[300];
      snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
               ent->d_name);
      int fd = open(abort, O_WRONLY);
      if (fd == -1) {
        continue;
      }
      if (write(fd, abort, 1) < 0) {
      }
      close(fd);
    }
    closedir(dir);
  } else {
  }
  while (waitpid(-1, status, __WALL) != pid) {
  }
}

static void setup_test()
{
  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
  setpgrp();
  write_file("/proc/self/oom_score_adj", "1000");
}

static void execute_one(void);

#define WAIT_FLAGS __WALL

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      setup_test();
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  memcpy((void*)0x200003c0, "./cgroup\000", 9);
  res = syscall(__NR_openat, 0xffffffffffffff9c, 0x200003c0, 0x200002, 0);
  if (res != -1)
    r[0] = res;
  syscall(__NR_fchdir, r[0]);
  memcpy((void*)0x20000000, "./file1\000", 8);
  res = syscall(__NR_creat, 0x20000000, 4);
  if (res != -1)
    r[1] = res;
  memcpy((void*)0x20000100, "./file1\000", 8);
  res = syscall(__NR_creat, 0x20000100, 0);
  if (res != -1)
    r[2] = res;
  memcpy((void*)0x20000140,
         "\x0b\xa9\xab\xb1\x60\x38\xf2\xa2\xb2\x6b\xb1\xa2\xb8\x49\x05\x75\x98"
         "\xd1\x21\xf7\xf8\xd7\x55\x90\x6d\x0f\xad\x86\xc7\x0b\x84\x27\x76\x63"
         "\x2e\x19\xd6\x7c\xcf\x5d\x86\xb9\xd1\x45\xf1\xa4\x48\x0d\xe6\x37\x00"
         "\xe3\xd8\x33\xd5\x62\x59\x3d\xde\x1a\x51\xd1\x93\xdc\xc7\x5f\x46\xd6"
         "\x97\x4b\x76\x96\xfe\xea\x29\xa5\x54\xa6\x88\xa3\x89\x8a\x21\x23\x32"
         "\xf7\x09\xa4\x9a\x4e\xcb\x07\x1c\x5e\x17\x4e\x90\xb4\x51\x5c\xcb\x1b"
         "\x43\x76\xf5\xcb\xeb\x36\xe8\x23\x11\xf2\xb1\xa2\xfa\x57\x09\x92\xc2"
         "\x58\xbd\x59\x6a\x1e\x11\x0d\x14\x06\x00\x00\x00\x00\x00\x00\x00\xa1"
         "\xf7\x77\x04\xb5\xb2\x39\x1f\x32\xfa\xac\xc0\x6c\x5d\x59\x52\x56\x7e"
         "\x77\xe1\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\x13\x78\x92\xbf\x2b"
         "\xdc\xac\xf9\x09\x77\xc4\xd1\x40\x7c\x2b\x37\xd3\xca\x0b\x92\xef\x69"
         "\x51\x18\x49\x25\x48\xcd\x33\x32\x59\xa5\x48\x97\xe1\xa9\x32\x32\x36"
         "\xb5\x58\x7b\x5a\xbc\xce\x9a\xaa\xd7\x2b\x9b\x40\xea\x36\x54\x4c\x3d"
         "\xd5\x5f\xda\x90\xdc\x37\x2a\xeb\xfd\xe5\x54\x91\x4b\x97\x01\x8f\x5c"
         "\x21\xe6\x33\xee\xba\x16\x05\x9a\x00\x80\x1d\x47\xa6\x2c\x41\x16\x27"
         "\x6d\x84\x70\xb1\xaa\x74\x88\x99\xb1\x51\x96\x5c\xd5\x8b\xbe\x42\x02"
         "\x8f\x89\x52\x0f\xb4\x16\x14\x08\x3e\x30\x6c\x0b\x6d\x2b\x87\x41\xd1"
         "\x4a\x75\x6e\x30\x13\x4d\xa8\x68\x66\xcc\xd8\xbe\x9c\x6b\xf3\x8a\x82"
         "\xd4\xcd\x57\xec\x6a\x7d\x12\x4c\x0b\x81\x40\x5d\x90\x0a\x12\x25\x09"
         "\x0a\x8c\x35\x3c\x78\xe3\xa5\x21\x33\x6a\xc5\x78\xcc\xd4\x0f\xb7\x35"
         "\x7d\x1a\x1d\x3d\x5f\x76\xc5\xbf\xc0\x07\x66\x26\x0e\xd7\x03\x3c\x02"
         "\x08\xf7\xe3\x5e\x7d\x69\xa8\xf2\x4e\x3d\xe4\xa9\x7e\xe4\xa8\x2d\xc1"
         "\x94\xad\x08\xee\xaa\x70\x13\xd0\x50\x44\x99\x8e\x65\x7c\x89\x40\x0b"
         "\xa1\x10\xa8\x50\x1b\x42\xdb\x66\x48\xff\x21\xb5\x8a\xda\x19\x92\x4c"
         "\x46\x64\xe7\x85\xce\x27\x40\x3c\x3d\xaa\x6d\x40\x29\x8a\xab\x84\xd0"
         "\xd8\x1d\x32\x29\x6e\xaf\xf3\x57\x6b\x8d\xb7\x04\xe9\xe2\x95\x08\x4c"
         "\x48\x11\xc7\x67\xbc\x44\x4b\xd4\x46\xf2\xf2\x83\xd7\xe5\x9f\x24\x20"
         "\x1f\xe5\xb2\xbf\x8b\x9d\x6b\x21\x78\x16\x1e\xfb\xbc\xaf\x25\xd4\xf3"
         "\x4c\x7c\x35\xd2\xea\xeb\xc7\xcb\x27\x12\x2c\x33\x12\x7b\x13",
         491);
  syscall(__NR_write, r[2], 0x20000140, 1);
  syscall(__NR_fallocate, r[1], 0x20, 0, 0x80000008000);
  syscall(__NR_lseek, r[1], 0, 3);
}
int main(void)
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}