// https://syzkaller.appspot.com/bug?id=95abfa7feeb1b111f6991798f0587771d69674a5
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms()
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void kill_and_wait(int pid, int* status)
{
  kill(-pid, SIGKILL);
  kill(pid, SIGKILL);
  int i;
  for (i = 0; i < 100; i++) {
    if (waitpid(-1, status, WNOHANG | __WALL) == pid)
      return;
    usleep(1000);
  }
  DIR* dir = opendir("/sys/fs/fuse/connections");
  if (dir) {
    for (;;) {
      struct dirent* ent = readdir(dir);
      if (!ent)
        break;
      if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
        continue;
      char abort[300];
      snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
               ent->d_name);
      int fd = open(abort, O_WRONLY);
      if (fd == -1) {
        continue;
      }
      if (write(fd, abort, 1) < 0) {
      }
      close(fd);
    }
    closedir(dir);
  } else {
  }
  while (waitpid(-1, status, __WALL) != pid) {
  }
}

#define SYZ_HAVE_SETUP_TEST 1
static void setup_test()
{
  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
  setpgrp();
}

#define SYZ_HAVE_RESET_TEST 1
static void reset_test()
{
  int fd;
  for (fd = 3; fd < 30; fd++)
    close(fd);
}

static void execute_one();

#define WAIT_FLAGS __WALL

static void loop()
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      setup_test();
      execute_one();
      reset_test();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

void execute_one()
{
  long res = 0;
  res = syscall(__NR_socket, 0xa, 2, 0);
  if (res != -1)
    r[0] = res;
  *(uint8_t*)0x20007f00 = 0x7f;
  *(uint8_t*)0x20007f01 = 0x45;
  *(uint8_t*)0x20007f02 = 0x4c;
  *(uint8_t*)0x20007f03 = 0x46;
  *(uint8_t*)0x20007f04 = 0x81;
  *(uint8_t*)0x20007f05 = 1;
  *(uint8_t*)0x20007f06 = 0xbf;
  *(uint8_t*)0x20007f07 = 0;
  *(uint64_t*)0x20007f08 = 8;
  *(uint16_t*)0x20007f10 = 3;
  *(uint16_t*)0x20007f12 = 0x3e;
  *(uint32_t*)0x20007f14 = 6;
  *(uint64_t*)0x20007f18 = 0x379;
  *(uint64_t*)0x20007f20 = 0x40;
  *(uint64_t*)0x20007f28 = 0x2b6;
  *(uint32_t*)0x20007f30 = 0xfd;
  *(uint16_t*)0x20007f34 = 9;
  *(uint16_t*)0x20007f36 = 0x38;
  *(uint16_t*)0x20007f38 = 2;
  *(uint16_t*)0x20007f3a = 0xe2e3;
  *(uint16_t*)0x20007f3c = 5;
  *(uint16_t*)0x20007f3e = 1;
  *(uint32_t*)0x20007f40 = 2;
  *(uint32_t*)0x20007f44 = 0x8001;
  *(uint64_t*)0x20007f48 = 6;
  *(uint64_t*)0x20007f50 = 0xa8;
  *(uint64_t*)0x20007f58 = 3;
  *(uint64_t*)0x20007f60 = 5;
  *(uint64_t*)0x20007f68 = 2;
  *(uint64_t*)0x20007f70 = 1;
  *(uint64_t*)0x20007f78 = 0;
  *(uint64_t*)0x20007f80 = 0;
  *(uint64_t*)0x20007f88 = 0;
  *(uint64_t*)0x20007f90 = 0;
  *(uint64_t*)0x20007f98 = 0;
  *(uint64_t*)0x20007fa0 = 0;
  *(uint64_t*)0x20007fa8 = 0;
  *(uint64_t*)0x20007fb0 = 0;
  *(uint64_t*)0x20007fb8 = 0;
  *(uint64_t*)0x20007fc0 = 0;
  *(uint64_t*)0x20007fc8 = 0;
  *(uint64_t*)0x20007fd0 = 0;
  *(uint64_t*)0x20007fd8 = 0;
  *(uint64_t*)0x20007fe0 = 0;
  *(uint64_t*)0x20007fe8 = 0;
  *(uint64_t*)0x20007ff0 = 0;
  *(uint64_t*)0x20007ff8 = 0;
  *(uint64_t*)0x20008000 = 0;
  *(uint64_t*)0x20008008 = 0;
  *(uint64_t*)0x20008010 = 0;
  *(uint64_t*)0x20008018 = 0;
  *(uint64_t*)0x20008020 = 0;
  *(uint64_t*)0x20008028 = 0;
  *(uint64_t*)0x20008030 = 0;
  *(uint64_t*)0x20008038 = 0;
  *(uint64_t*)0x20008040 = 0;
  *(uint64_t*)0x20008048 = 0;
  *(uint64_t*)0x20008050 = 0;
  *(uint64_t*)0x20008058 = 0;
  *(uint64_t*)0x20008060 = 0;
  *(uint64_t*)0x20008068 = 0;
  *(uint64_t*)0x20008070 = 0;
  *(uint64_t*)0x20008078 = 0;
  *(uint64_t*)0x20008080 = 0;
  *(uint64_t*)0x20008088 = 0;
  *(uint64_t*)0x20008090 = 0;
  *(uint64_t*)0x20008098 = 0;
  *(uint64_t*)0x200080a0 = 0;
  *(uint64_t*)0x200080a8 = 0;
  *(uint64_t*)0x200080b0 = 0;
  *(uint64_t*)0x200080b8 = 0;
  *(uint64_t*)0x200080c0 = 0;
  *(uint64_t*)0x200080c8 = 0;
  *(uint64_t*)0x200080d0 = 0;
  *(uint64_t*)0x200080d8 = 0;
  *(uint64_t*)0x200080e0 = 0;
  *(uint64_t*)0x200080e8 = 0;
  *(uint64_t*)0x200080f0 = 0;
  *(uint64_t*)0x200080f8 = 0;
  *(uint64_t*)0x20008100 = 0;
  *(uint64_t*)0x20008108 = 0;
  *(uint64_t*)0x20008110 = 0;
  *(uint64_t*)0x20008118 = 0;
  *(uint64_t*)0x20008120 = 0;
  *(uint64_t*)0x20008128 = 0;
  *(uint64_t*)0x20008130 = 0;
  *(uint64_t*)0x20008138 = 0;
  *(uint64_t*)0x20008140 = 0;
  *(uint64_t*)0x20008148 = 0;
  *(uint64_t*)0x20008150 = 0;
  *(uint64_t*)0x20008158 = 0;
  *(uint64_t*)0x20008160 = 0;
  *(uint64_t*)0x20008168 = 0;
  *(uint64_t*)0x20008170 = 0;
  *(uint64_t*)0x20008178 = 0;
  *(uint64_t*)0x20008180 = 0;
  *(uint64_t*)0x20008188 = 0;
  *(uint64_t*)0x20008190 = 0;
  *(uint64_t*)0x20008198 = 0;
  *(uint64_t*)0x200081a0 = 0;
  *(uint64_t*)0x200081a8 = 0;
  *(uint64_t*)0x200081b0 = 0;
  *(uint64_t*)0x200081b8 = 0;
  *(uint64_t*)0x200081c0 = 0;
  *(uint64_t*)0x200081c8 = 0;
  *(uint64_t*)0x200081d0 = 0;
  *(uint64_t*)0x200081d8 = 0;
  *(uint64_t*)0x200081e0 = 0;
  *(uint64_t*)0x200081e8 = 0;
  *(uint64_t*)0x200081f0 = 0;
  *(uint64_t*)0x200081f8 = 0;
  *(uint64_t*)0x20008200 = 0;
  *(uint64_t*)0x20008208 = 0;
  *(uint64_t*)0x20008210 = 0;
  *(uint64_t*)0x20008218 = 0;
  *(uint64_t*)0x20008220 = 0;
  *(uint64_t*)0x20008228 = 0;
  *(uint64_t*)0x20008230 = 0;
  *(uint64_t*)0x20008238 = 0;
  *(uint64_t*)0x20008240 = 0;
  *(uint64_t*)0x20008248 = 0;
  *(uint64_t*)0x20008250 = 0;
  *(uint64_t*)0x20008258 = 0;
  *(uint64_t*)0x20008260 = 0;
  *(uint64_t*)0x20008268 = 0;
  *(uint64_t*)0x20008270 = 0;
  syscall(__NR_write, r[0], 0x20007f00, 0x378);
  res = syscall(__NR_socket, 0x18, 1, 1);
  if (res != -1)
    r[1] = res;
  *(uint16_t*)0x20000080 = 0x18;
  *(uint32_t*)0x20000082 = 1;
  *(uint32_t*)0x20000086 = 0;
  *(uint32_t*)0x2000008a = r[0];
  *(uint16_t*)0x2000008e = 2;
  *(uint16_t*)0x20000090 = htobe16(0);
  *(uint32_t*)0x20000092 = htobe32(0xe0000002);
  *(uint8_t*)0x20000096 = 0;
  *(uint8_t*)0x20000097 = 0;
  *(uint8_t*)0x20000098 = 0;
  *(uint8_t*)0x20000099 = 0;
  *(uint8_t*)0x2000009a = 0;
  *(uint8_t*)0x2000009b = 0;
  *(uint8_t*)0x2000009c = 0;
  *(uint8_t*)0x2000009d = 0;
  *(uint32_t*)0x2000009e = 4;
  *(uint32_t*)0x200000a2 = 0;
  *(uint32_t*)0x200000a6 = 0;
  *(uint32_t*)0x200000aa = 0;
  syscall(__NR_connect, r[1], 0x20000080, 0x2e);
}
int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}