// https://syzkaller.appspot.com/bug?id=acc91fc5738dacbfaa1163219fc6bf0685224b60
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static bool write_file(const char* file, const char* what, ...)
{
  char buf[1024];
  va_list args;
  va_start(args, what);
  vsnprintf(buf, sizeof(buf), what, args);
  va_end(args);
  buf[sizeof(buf) - 1] = 0;
  int len = strlen(buf);
  int fd = open(file, O_WRONLY | O_CLOEXEC);
  if (fd == -1)
    return false;
  if (write(fd, buf, len) != len) {
    int err = errno;
    close(fd);
    errno = err;
    return false;
  }
  close(fd);
  return true;
}

static void kill_and_wait(int pid, int* status)
{
  kill(-pid, SIGKILL);
  kill(pid, SIGKILL);
  for (int i = 0; i < 100; i++) {
    if (waitpid(-1, status, WNOHANG | __WALL) == pid)
      return;
    usleep(1000);
  }
  DIR* dir = opendir("/sys/fs/fuse/connections");
  if (dir) {
    for (;;) {
      struct dirent* ent = readdir(dir);
      if (!ent)
        break;
      if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
        continue;
      char abort[300];
      snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
               ent->d_name);
      int fd = open(abort, O_WRONLY);
      if (fd == -1) {
        continue;
      }
      if (write(fd, abort, 1) < 0) {
      }
      close(fd);
    }
    closedir(dir);
  } else {
  }
  while (waitpid(-1, status, __WALL) != pid) {
  }
}

static void setup_test()
{
  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
  setpgrp();
  write_file("/proc/self/oom_score_adj", "1000");
}

static void execute_one(void);

#define WAIT_FLAGS __WALL

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      setup_test();
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 15000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[1] = {0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  memcpy((void*)0x20000100, "/dev/ptmx\000", 10);
  res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20000100ul, 0x4202ul, 0ul);
  if (res != -1)
    r[0] = res;
  memcpy(
      (void*)0x200003c0,
      "\xee\xfd\x3a\x2c\x2f\xd4\x99\x91\x27\xa5\x49\xfa\x13\xb5\xbf\xd2\x20\x34"
      "\x97\x5f\xa5\x1a\x7a\x0c\x8b\x16\xfe\x69\x7b\xa6\x7c\x89\xa6\x4c\x12\xba"
      "\xa3\xd1\x6b\x08\xce\x91\x23\x6e\x9b\xd4\x84\x84\x4f\x7c\x40\xb7\x91\x1d"
      "\x7e\x91\x33\x2a\xdf\x08\xcf\x56\x78\x83\xba\xc0\xb9\x1e\xa7\xfa\x58\x2b"
      "\xee\x2c\x1b\x0e\x2f\xdf\xb5\xd9\xef\xf0\x50\x3a\x4f\xf1\x69\x3b\xbd\x55"
      "\x31\xea\x14\x79\xe8\xe3\x54\xa0\x1f\xc5\x30\x80\xf9\xde\x36\xae\x3f\xb5"
      "\xb6\xe7\x9e\xa8\x9f\xf4\xe6\x5f\x51\xe6\xfa\x14\x3a\xd8\x26\xc3\x4b\xae"
      "\x8b\xe2\xd0\x6b\x39\x70\x47\xb8\x84\xa9\x3f\x6a\x37\x19\x3e\x05\x7f\xcd"
      "\xe4\x66\x17\xe4\xb1\xd6\xc1\x36\x83\x03\x71\x03\x80\x8a\xfb\xb2\x3d\x35"
      "\x28\xb8\xae\x5a\xf6\x43\x83\x37\xa8\xab\xb9\x0f\xf6\x11\x37\x50\x05\x9b"
      "\x53\x30\xff\xe5\xfe\xf5\xc5\x8d\x3e\x7f\x3b\x91\x90\xb7\xd5\xc0\x8a\x4b"
      "\x2a\x61\xe0\x80\xb7\xcd\x3b\x02\x99\x4f\x08\x9f\x97\x72\x51\x53\xa9\x4c"
      "\x59\x25\x77\xbb\xb1\x95\xd2\x1e\x39\x24\x8a\x1d\x6a\x3b\xb2\xa0\x8b\x87"
      "\x09\x4f\x11\xae\xe2\xba\x96\x18\x9f\x3d\x75\x2f\x90\xdc\xce\xa7\x12\x43"
      "\x40\x55\x28\xeb\x0b\x9f\xca\xc9\x39\x2f\x82\x1f\xa2\x23\x09\x06\x54\xe5"
      "\xb2\xad\x9a\x86\x44\x75\x29\x35\xd2\xbc\xef\x08\xc4\x24\x55\xe4\x43\x52"
      "\xdb\x4c\xc1\x5d\x50\x3f\x87\xed\x2d\xcf\xe0\x2b\xea\x1c\x0e\x3d\x8d\x3e"
      "\xa8\x85\x98\x1d\x2a\xa1\x9c\x43\x14\x84\xf5\x90\x9e\xe5\xb1\x59\x85\x63"
      "\x08\xe9\xc0\x4e\x5f\x34\x31\xba\xa8\x2b\x4a\xcc\xfd\x83\xfb\x1f\x81\x13"
      "\x84\x91\x27\x86\x25\xa7\x1c\x05\x10\x7c\x5c\x7a\x45\xee\x79\x23\x6b\x5b"
      "\xd1\xba\x50\x92\x7b\xe8\x7f\xd3\x29\xc1\x03\x5f\x17\x3a\xca\xe1\x04\x14"
      "\xc8\x4a\xbd\x78\x21\xf5\xb1\x5b\xc2\x31\x7b\xad\xfe\x8c\xc2\xbf\x8a\x68"
      "\x36\x9d\x99\xe4\xd8\xb9\xac\x25\x1e\xc3\x2c\xe6\x64\x44\xe2\x3a\x26\x3c"
      "\xe6\x17\x46\x05\x12\x03\xc5\xd0\x3e\xd2\xae\x32\x36\x4c\x8b\x20\xf2\x58"
      "\xc0\x05\x0e\xd4\xac\x0d\xb7\x45\x6e\xe2\xb8\xf1\xa0\xe3\xdd\x63\xdb\x51"
      "\x27\x12\x46\xd7\x74\x71\x23\x6d\xef\xb4\xa3\x14\xdb\x27\x09\x03\x30\x7f"
      "\x39\x5b\xd3\x91\xc2\x96\xc2\x5d\x67\x09\xa1\xc7\xfe\xc8\x72\xb6\xf7\xd7"
      "\x63\x84\xcb\xed\xa4\xfc\x33\x77\xdb\xe3\x81\x00\x12\xfa\xa6\x5b\x46\x3c"
      "\xad\xa9\x9b\x87\x3a\x61\x04\x20\xa8\x5c\x76\xe2\x27\x41\x8d\xe3\xaa\x0b"
      "\x71\xfa\x77\x36\xc4\x20\x54\xe7\x65\x09\xa4\xe9\x57\xf3\xbb\x77\xe2\xbc"
      "\x9e\xd7\xd2\xc7\xe3\xa6\xe6\xa7\x18\xe3\x81\xf4\xcb\x38\xa0\x3e\x67\x97"
      "\x3f\xf5\x3d\xe4\x9b\x47\xc7\xf3\x3f\x85\x15\xff\xf5\x6a\x2f\x7f\x9c\xe8"
      "\xf4\x99\x82\xd3\x39\x80\x02\x3a\xaf\x6f\xf1\x57\x3f\x5c\xf3\xd9\xed\x23"
      "\x8c\x35\x06\x28\x2f\xda\xc5\x25\x27\x89\x47\xd7\x87\x38\xc9\x37\xaf\x2a"
      "\xf4\x1b\xa5\xac\x37\x71\x80\x38\x5d\xdc\xd8\x30\xb0\xf4\xd9\xea\x08\xf4"
      "\x2f\xf6\x72\xcf\x24\xcc\x38\xf7\x71\x26\x1f\x3b\x7c\xa6\x30\x83\x42\x99"
      "\x72\x28\x83\x64\x1e\x42\xfc\x71\x71\xf1\x13\x54\x4f\xfa\x3e\x32\xb7\xa1"
      "\xc8\x59\xbf\xaf\x21\x54\xa5\x91\xd7\x53\x20\x76\xee\x1b\x12\x7f\x53\x12"
      "\x19\xdb\x15\xd6\x08\x96\x40\x62\xf4\x2e\x0c\xfc\x28\xdf\x1c\x4a\xc6\x74"
      "\x04\x47\xf9\xe0\xca\x3e\x55\xa6\xeb\xed\xf3\xae\x98\x6f\xd9\x3e\x8b\x7d"
      "\x58\xc2\xb0\x78\xf9\x41\xeb\xaf\x4a\x4a\x31\x3b\x63\x2f\xf6\xab\x92\x43"
      "\x73\x78\x38\xbd\x05\x13\xfb\xfa\xaf\x00\x62\xe7\xd7\x85\x2e\x16\xad\x23"
      "\x8d\xb8\x0e\xe7\x87\x3d\xf0\x25\x86\x2e\x2a\x19\x18\xa9\xb9\xc0\x54\x9c"
      "\x9f\xc9\x73\x55\x54\x55\x97\x30\x72\x3b\x70\xad\xf7\xc9\x13\x26\x26\x8b"
      "\xd8\x70\x98\xaf\x79\xb3\xc8\x54\xd7\x2a\xa8\xf0\x54\xce\x4b\x37\x73\x73"
      "\x45\x1d\xbe\x37\x26\xdb\x66\x7a\x19\x38\xfa\xc2\x2f\xda\x1a\x42\xf4\x51"
      "\xd4\x3a\xb6\x78\x1a\xc8\x02\x05\x83\x7a\x94\xcb\x0d\x1f\x4f\x07\x19\x12"
      "\x39\x33\x00\x94\xd6\xf7\x03\xca\x5d\xd0\xe1\xc2\xb3\x31\xad\x67\x48\xfe"
      "\x79\xb8\xed\xc5\x64\x89\x48\xd2\xfe\xcf\x2b\x7b\x6f\xf9\x85\x22\xbf\x0d"
      "\xad\xd9\x5f\xc6\xd7\x95\xb4\xfb\x95\xd6\x1d\xa0\x2e\xb3\x7d\x72\x51\x2a"
      "\x29\x90\xe2\x5d\xc6\x53\xfa\x0e\xe9\x46\x35\xfe\x64\xc7\xc1\x14\xc3\x5b"
      "\x24\xde\xdc\x86\xac\x79\xf4\xbc\x27\xae\xcb\xf7\x55\x1c\x3e\x10\x48\x9e"
      "\x66\xe8\x5b\x70\x84\x09\x7b\x1e\xd7\xa0\xb1\x58\x67\xa4\x08\x16\xa2\x37"
      "\x27\x6f\x18\x2a\x57\x71\x50\x4d\x84\xb9\x86\x5f\x8a\xdd\xb7\x78\x71\x97"
      "\x33\x46\x47\x2d\x08\xfc\x40\xe2\x78\x20\x87\xf0\x02\xbc\xf8\x55\xe7\xfb"
      "\x34\x3d\xd9\x1b\xf4\x2b\x25\xf8\xcd\xad\x6f\xd4\xb2\x67\xd8\xfd\x14\xcf"
      "\x64\x3f\x68\x92\x3b\x64\xa4\x69\x58\xde\x35\xd5\x3c\x48\xfe\x1d\x8b\x41"
      "\x1a\x72\xf4\xcb\x8b\xbc\x19\xbd\x89\x7c\x46\x79\x87\xeb\x1e\x26\x7e\x65"
      "\xcd\x0b\xe2\x0d\xac\x2b\x47\xf5\x38\x75\x93\x4d\x8c\x97\xbf\x3e\xa1\x87"
      "\x98\x49\xf9\xc8\x25\x3c\xc4\x54\xda\xd1\x57\x08\xa9\xe1\x4b\x27\x60\x0e"
      "\xcd\x36\xd0\xac\x27\x60\xff\x25\xa4\xd8\x31\x10\x10\x5e\x46\xfb\xc8\xbf"
      "\x3f\x27\xc9\xaf\x1d\x38\x79\x2c\xc2\xa8\x61\xc9\xb6\x42\x74\xa9\xa7\x89"
      "\x68\x1d\x32\xe2\x90\x76\x76\xfd\x39\x90\xad\x08\xdc\x52\xbc\x2b\x67\x72"
      "\x88\x9c\xe6\xde\xc1\x91\xaf\xbb\x7c\x04\x4a\xe1\x8c\xca\x53\x41\xc1\x68"
      "\xc9\xa6\xb5\xc6\xbd\xe0\xbb\xa2\xcd\x55\x3a\xfd\x6d\x5c\x96\x6c\x98\x18"
      "\xb9\x19\x1e\x69\x16\xf7\x5c\xbc\xbd\x29\x8e\x85\x2e\x29\x97\xe7\x9b\xfb"
      "\x94\xc6\x95\xd4\x4e\xce\xde\xec\xd5\xe8\x96\x15\xd1\x57\x2c\x5c\x45\x6d"
      "\xea\x0e\xc3\x8d\x71\xa3\x48\x0c\x41\x44\x56\x87\xcb\xa5\x73\x0d\x50\x3f"
      "\x87\x22\x70\x85\x4b\xf0\x5a\x07\x65\x2a\x38\x8d\xae\xb6\x56\xfc\xac\xdb"
      "\x44\xa9\x8f\xa5\x6c\x66\x69\x84\xa2\x71\x65\xbb\xb9\xf9\x18\x85\x20\x16"
      "\x98\xe4\x6c\xa6\x2e\xed\x6f\x43\x25\x64\x2a\x85\x4f\x37\x2d\x72\x17\xf9"
      "\x51\xba\x60\x3c\x93\x88\x08\x2a\x80\xb6\xe9\xab\xf0\x4e\xb0\x52\x1f\x07"
      "\xb4\xcb\xa3\x0e\xa1\x00\xc8\xb3\x9c\x35\x08\x50\xf1\x4a\xc0\x80\xcc\xe9"
      "\x65\xd4\x0c\xb9\xf9\xd6\xbb\x44\x9b\x21\x34\xc3\xf3\xeb\x10\x3d\x10\xb9"
      "\x7f\x8c\x37\xe2\x94\x2a\x03\x88\x6c\xbb\x00\x6d\x15\xcb\x80\xe1\x9f\x50"
      "\x3b\x5b\x09\x7c\x36\x33\x94\xff\xe6\x2e\x3c\x52\xfc\xbe\xc9\x1e\x45\xce"
      "\x38\xb9\xe4\xc6\x55\xf4\xc8\x35\xe2\x32\xec\x16\x45\x01\x93\x2a\x98\xc9"
      "\xfe\x3e\xb9\xda\x59\xa2\x8f\x88\x40\x89\x24\x60\x1b\x86\x78\x74\x02\x36"
      "\xde\x2f\xc6\x5f\xc6\x8e\xcf\x15\x60\xfb\xf2\xf0\x78\x8f\xfe\x4b\x02\x79"
      "\x1d\x27\xe3\xe2\xde\xb0\x88\xed\xbb\xd5\xe5\xc1\xa6\x0e\x37\x24\xd4\xb0"
      "\x35\x9a\x1e\x3d\x94\xb2\x34\x23\x17\xab\xc3\xd7\x3b\xc8\xb9\x2f\xbd\x6e"
      "\xdf\x9e\xc5\xf1\x96\x77\x96\x02\xff\x8b\x54\x1e\xe7\x0f\xcd\xbe\x1d\x91"
      "\xe5\x8d\x40\xe9\xde\xef\x09\xe1\x9c\xcd\x2e\x01\x52\x04\x60\x2b\x6c\x4b"
      "\xa2\x05\x3a\x1d\xf9\x8d\x26\x7a\xa4\xd7\x79\xb7\x55\x61\x1d\x90\x13\x1d"
      "\x4f\xa7\xea\x2d\xf0\xc4\xa4\xd1\x2e\x2a\x98\x66\xcc\x89\x9a\x96\x7f\xc5"
      "\xfe\x15\xd3\xbf\x92\x37\x9e\x84\x09\xad\x54\x6e\x02\x91\x6d\xab\xa7\xb2"
      "\x7b\x93\x18\x28\x5b\x11\x95\xfa\x2d\x10\x40\x22\xee\x11\x1a\x08\x79\x08"
      "\xc4\x6f\x54\x39\x85\x2a\x6e\x2b\xdd\x7f\x2c\x0d\xcd\x3b\x96\x38\x78\xc8"
      "\x7d\x0c\xcb\xde\xf4\x93\xa9\xfc\x93\xb4\x9a\x82\x1d\x69\x00\xcc\x07\x04"
      "\x68\x36\xb1\x4d\x3a\xa6\xb6\x47\x91\xdc\x85\x81\x8a\x64\xac\x7d\x5e\xbc"
      "\x46\x43\xba\x93\x3a\x3e\x51\x73\x7b\x92\x1d\x72\x6f\x56\xc4\xf0\x8a\x55"
      "\xdb\x5f\x8b\xc2\x36\x2b\x3f\xdd\xdf\xe7\x5c\x61\x98\xba\x22\x27\x0e\x3f"
      "\x56\xdf\xbf\x37\xb4\x4d\x28\xe5\x3a\x4f\xc6\xe1\x11\xbd\xaa\x14\x4e\x9e"
      "\xb1\xc6\x8a\xb9\x01\x1e\x68\x70\x70\x1a\x3d\xc0\x09\xc0\x26\x49\x3c\x26"
      "\xac\x01\x9f\xc2\x00\x14\xf3\xef\x0f\xcf\xe8\x83\x94\x25\xe8\x70\xbe\x54"
      "\x5c\x4e\xdc\xf7\x42\x80\x06\x4a\xf4\xa9\xcd\xbe\x34\x2b\xf4\x6d\xab\x49"
      "\xa6\x34\x6b\x19\x2e\x73\xfa\x72\xca\x52\x2d\x67\xfd\xdc\xba\xcd\xee\x8e"
      "\x50\xcd\x4c\x62\x92\x8a\xca\x6a\xb9\x5c\x23\x5e\x35\xf7\xa7\x08\xca\x1d"
      "\x0c\x27\xee\x70\x5a\x75\x1a\x67\xe9\xbc\xe6\x3c\xf0\x33\xd0\x73\xca\x33"
      "\x87\x6f\xd9\x0d\xd1\x79\xb3\x1e\xee\x3c\xb9\xc9\x26\x2d\x2c\x61\x5e\xe8"
      "\x64\x5e\xb1\xd4\xfe\x69\xd5\x64\x8f\xcb\xe1\x4e\x1b\x3e\x7c\xc6\x1e\xdf"
      "\x4e\xef\xbe\xbd\xd7\x6f\xaf\x26\xb6\x09\x08\x7e\x50\xc7\x44\x5e\x96\x65"
      "\xf9\xd3\x10\x2a\x9a\x8c\xc6\x33\xe0\xc4\x27\x8a\x5b\x70\xb7\x5d\xe1\x03"
      "\x9f\xe1\x4c\x20\x7d\x31\x9a\xae\x8d\xc1\x82\xb4\xca\x32\x67\x8a\x0f\x2f"
      "\xba\x76\x48\x8e\x9a\xdc\xd2\x89\xdd\xe4\xb9\xa9\xd6\xd6\x3b\xea\xa0\x40"
      "\x06\x67\xe6\xc6\xfa\xa3\x3f\x2a\x8d\x02\xc6\x9a\x99\xd1\x3e\x13\x65\x65"
      "\xf1\x52\x08\x77\x95\x94\x12\x27\x75\xff\x5d\xab\xd0\xc2\x35\xa4\x73\x1c"
      "\xfd\xca\x84\xf1\x01\xf3\xfa\xa7\x39\x38\x22\x4a\x09\x46\x6e\x48\x9f\x3e"
      "\x3e\x51\x27\x1d\x81\x8a\x27\x17\xea\xe9\x52\x10\x6b\x78\x1c\x12\x3c\x5c"
      "\x7c\xd0\x25\x92\x2f\xdc\x14\xfd\xd2\xbc\x0d\x54\x9d\x21\x3d\x79\xeb\x3e"
      "\x64\x87\x8a\x3e\x80\xc9\x0e\x88\x81\x9a\x75\x8c\x72\xcb\xfd\xee\x06\x4d"
      "\x10\x3b\xd1\xe7\xbe\x90\x79\x4a\xf9\x73\xe7\xcc\x88\x0c\x97\xc4\x3c\x81"
      "\x5c\xbd\xa3\xb0\xc8\x3f\x52\x0b\x19\xc8\xb6\xbb\xd6\x40\x85\x19\xda\x85"
      "\xb9\x53\x0a",
      2037);
  syscall(__NR_write, r[0], 0x200003c0ul, 0x7f5ul);
}
int main(void)
{
  syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
  syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
  syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
  loop();
  return 0;
}