// https://syzkaller.appspot.com/bug?id=f7f812378588f2927ab6fa0aabaab423430cca15
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

#ifndef __NR_bpf
#define __NR_bpf 321
#endif

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static bool write_file(const char* file, const char* what, ...)
{
  char buf[1024];
  va_list args;
  va_start(args, what);
  vsnprintf(buf, sizeof(buf), what, args);
  va_end(args);
  buf[sizeof(buf) - 1] = 0;
  int len = strlen(buf);
  int fd = open(file, O_WRONLY | O_CLOEXEC);
  if (fd == -1)
    return false;
  if (write(fd, buf, len) != len) {
    int err = errno;
    close(fd);
    errno = err;
    return false;
  }
  close(fd);
  return true;
}

static void kill_and_wait(int pid, int* status)
{
  kill(-pid, SIGKILL);
  kill(pid, SIGKILL);
  for (int i = 0; i < 100; i++) {
    if (waitpid(-1, status, WNOHANG | __WALL) == pid)
      return;
    usleep(1000);
  }
  DIR* dir = opendir("/sys/fs/fuse/connections");
  if (dir) {
    for (;;) {
      struct dirent* ent = readdir(dir);
      if (!ent)
        break;
      if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
        continue;
      char abort[300];
      snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
               ent->d_name);
      int fd = open(abort, O_WRONLY);
      if (fd == -1) {
        continue;
      }
      if (write(fd, abort, 1) < 0) {
      }
      close(fd);
    }
    closedir(dir);
  } else {
  }
  while (waitpid(-1, status, __WALL) != pid) {
  }
}

static void setup_test()
{
  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
  setpgrp();
  write_file("/proc/self/oom_score_adj", "1000");
}

static void execute_one(void);

#define WAIT_FLAGS __WALL

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      setup_test();
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

void execute_one(void)
{
  *(uint32_t*)0x200054c0 = 2;
  *(uint32_t*)0x200054c4 = 0x16;
  *(uint64_t*)0x200054c8 = 0x20000140;
  memcpy(
      (void*)0x20000140,
      "\x61\x12\x8c\x00\x00\x00\x00\x00\x61\x13\x8c\x00\x00\x00\x00\x00\xbf\x20"
      "\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x08\x14\x00\x00\x2d\x03\x01\x00"
      "\x00\x00\x00\x00\x95\x00\x00\x07\x00\x00\x00\x00\x69\x16\x60\x00\x00\x00"
      "\x00\x00\xbf\x67\x00\x00\x00\x00\x00\x00\x26\x06\x00\x00\x0f\xff\x07\x10"
      "\x67\x06\x00\x00\x07\x00\x00\x00\x17\x03\x00\x00\x0e\xe6\x00\xa8\xbf\x05"
      "\x00\x00\x00\x00\x00\x00\x1d\x36\x00\x00\x00\x00\x00\x00\x65\x07\xf9\xff"
      "\x01\x00\x00\x00\x07\x03\x00\x00\x4c\x00\x00\x80\xcc\x75\x00\x00\x00\x00"
      "\x00\x00\xbf\x54\x00\x00\x00\x00\x00\x00\x07\x04\x00\x00\x04\x00\xf9\xff"
      "\xad\x43\x01\x00\x00\x00\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00\x05\x00"
      "\x00\x00\x00\x00\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00\x32\xff\x7f\x5b"
      "\xe9\x5e\x09\xb6\x77\x54\xbb\x12\xfe\xff\xff\xff\x8e\xcf\x26\x4e\x0f\x84"
      "\xf9\xf1\x7d\x3c\x51\xe3\xc7\xbd\xd2\xd1\x7f\x2f\x17\x54\x55\x8f\x22\x78"
      "\xaf\x6d\x71\xd7\x9a\x5e\x12\x81\x4c\xb1\xd8\xa5\xd4\x60\x1d\x29\x5c\x45"
      "\xa6\xa0\xb9\xbd\xb7\xdd\x39\x97\x03\xd6\xc4\xf6\xf3\xbe\x5b\x36\x92\x89"
      "\xaa\x68\x12\xb8\xe0\x07\xe7\x33\xa9\xa4\xf1\x6d\x0a\xbb\xd5\xad\x93\x81"
      "\x80\x6e\xf0\x85\x13\xe3\xd3\x77\x8a\x81\x42\x61\xbd\xb9\x4a\x05\x00\x00"
      "\x00\xc6\xc6\x0b\xf7\x0d\x74\x2a\x81\x76\x2b\xab\x83\x95\xfa\x64\x81\x0b"
      "\x5b\x40\xd8\x93\xea\x8f\xe0\x1c\x54\x73\xd5\x1b\x54\x6c\xad\x5b\x80\x33"
      "\x06\xb1\x7c\xf4\xef\x3f\x1d\x45\xf6\x57\x27\x54\x6e\x7c\x95\x5c\xce\xfa"
      "\x1f\x6a\xb6\x89\xfd\xe4\xde\x4e\x63\xed\xf1\x02\x71\xa5\x14\x4d\xdc\x8d"
      "\xa3\xaa\x5b\x0a\xb7\x33\xa1\xb9\x01\x62\x7b\x56\x2e\xd0\x4a\xe7\x60\x02"
      "\xd4\x51\x9a\xf6\x19\xe3\xa2\xa4\xd6\x9e\x0d\xee\x5e\xb1\x06\x77\x4a\x8f"
      "\x3e\x69\x16\xdf\xec\x88\xb5\x63\x4e\xf7\x9b\x02\xd2\xca\x8f\xf5\x4c\x15"
      "\x8f\x02\x00\x00\x00\x00\xea\xfb\x73\x5f\xd5\x52\xbd\xc2\x06\x00\x4a\xeb"
      "\x07\x43\xeb\x2d\xc8\x19\xcf\x5c\x8a\xc8\x6d\x8a\x29\x7d\xff\x04\x45\xa1"
      "\x3d\x00\xdc\xe4\x31\xe5\x67\x23\x88\x8f\xb1\x26\xa1\x63\xf1\x6f\xb2\xad"
      "\x9b\xc1\x17\x2b\xa7\xcb\xeb\xe1\x74\xce\xca\xc4\xd0\x37\x23\xf1\xc9\x32"
      "\xb3\xfa\xff\xff\xff\xff\xff\xff\xff\x5f\xc9\x98\xe1\x3b\x67\x0e\x37\x3e"
      "\x3e\x58\x97\xf7\xad\x2e\x99\xe0\xe6\x7a\x99\x37\x16\xdb\xf5\x80\x46\x9f"
      "\x0f\x53\xac\xbb\x40\xb4\x01\xe3\x73\x82\x70\xb3\x15\xd3\x62\xed\x83\x4f"
      "\x2a\x07\x00\x00\x00\x96\x64\x9a\x46\x2e\x7e\xe4\xbc\xf8\xb0\x7a\x10\x1c"
      "\x87\x97\x30\xbe\xb4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\xbc\x00\xf6\x74\x62\x97\x09\xe7\xe7\x8f\x4d\xdc\x3d\x1b\xc3\xeb"
      "\xf0\xbd\x9d\x42\xca\x01\x9d\xd5\xd0\x22\xcf\x74\x68\x65\x9f\xbe\x25\x62"
      "\x67\x1c\xd4\x78\x40\xa7\xaf\xaa\xb4\x31\x76\xe6\x5e\xc1\x11\x8d\x46\xd1"
      "\xe8\x27\xf3\x47\x2f\x44\x45\xd2\x53\x88\x7a\x5a\xd1\x03\x64\x9a\xfa\x17"
      "\x69\x08\x84\xf8\x00\x03\x1e\x03\xa6\x51\xbb\x96\x58\x9a\x7e\xab\x04\x87"
      "\x1b\xc4\x72\x87\xcd\x31\x3f\x3b\xea\x78\x8e\xa2\xbc\xdc\x34\x0f\xfb\x56"
      "\x7b\x40\x40\x7d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5f"
      "\x37\xd8\x3f\x84\xe9\x8a\x52\x3d\x80\xbd\x0d\x0d\x70\x3f\x37\x67\xce\x60"
      "\x3c\x9d\x48\xca\xc0\x52\xca\x36\x3f\x60\x1a\xe8\x99\xa5\x3f\x67\xb6\x3d"
      "\x20\xa2\x68\xbb\x9f\x15\xa0\xa6\xe6\x6c\xe4\x66\x0f\xbe\xe9\x16\x29\xab"
      "\x02\x8a\xcf\xc1\xd9\x26\x0e\x96\x59\xa0\xf6\xa5\x48\x0a\x55\xc2\x2f\xe3"
      "\xae\x5f\x56\x2d\x0a\xe5\x20\xc3\x8d\x2b\xab\x65\x28\x00\x00\x00\x59\x6f"
      "\xb7\x3a\x96\xb3\x3c\x81\xcd\xbb\xd4\x21\xa2\x7f\x7f\x1d\xb0\x54\xcc\x7a"
      "\x0a\x4d\x37\x28\x49\xc9\x9a\x98\x82\x21\x03\xb9\x85\x1d\x92\x4b\x85\xb1"
      "\xca\x4b\x21\xb1\x87\xdb\x00\x00\x00\x00\x00\x00\x00\x06\x6d\xea\xd3\xb9"
      "\x67\x0a\x76\x04\xa5\xdd\xd0\xfd\x2e\x4f\xb8\xa5\x74\x9a\x8a\x8a\xd7\x84"
      "\x54\xba\x1e\xeb\xef\xf1\xb5\x28\xda\x29\x42\x47\xd2\x94\xd2\x48\x7b\xab"
      "\xb1\x76\xfd\xfa\xfe\xb3\xd4\x92\xa3\x25\x67\x1e\x6b\x91\xaf\xb4\x1f\x87"
      "\xfe\xda\x4c\xe2\xf4\x68\xa3\x75\x87\x50\xc0\xb8\xf1\x51\xd4\xd8\x57\x4b"
      "\xbb\xe0\x27\x68\x7a\x0e\x12\x31\x1c\xdf\x33\x84\xa2\x6e\xe3\xf6\xf2\x42"
      "\x4b\x92\xe5\xbe\x98\xef\x1f\x8f\x2d\xb9\xa4\x99\x1e\x23\x4f\x9f\x44\x7e"
      "\x17\x30\xce\xaf\x54\xcf\x25\xc0\xe3\xad\x7c\xbb\x0d\xe0\x6d\x55\xdb\x89"
      "\xd1\x54\xc9\xd3\xfc\xd0\x1c\x55\x1b\x0e\xf5\xd5\x30\x58\x45\xb9\xa8\x76"
      "\x3b\x26\x4e\x8f\x0b\xcd\x0f\x60\x6f\xe9\x2e\x51\x1f\x12\x23\x25\xeb\xc5"
      "\xfe\xf1\xb6\x78\x45\xd0\xeb\x8b\x8a\x4f\x97\xf8\x34\x24\x22\x1e\x94\xa5"
      "\xc4\x62\x3f\xeb\x7e\x96\xcc\xdb\xc5\x5b\x27\x77\x3b\xf1\xb3\xe6\xa9\x1a"
      "\x20\xe0\xc2\x7f\xc8\x02\x62\x64\x7f\x88\xd8\xd1\x12\x3d\x19\x9b\x2c\x77"
      "\x29\xbb\x77\x00\xe8\x87\xea\x96\x3f\x00\x00\x4a\x1d\x08\x51\xdb\xfb\x93"
      "\x08\xd1\x6c\xad\xcc\x7b\x47\x7c\x9a\x84\xe3\xd6\xbd\x82\x52\x68\x98\x73"
      "\x55\x52\xa2\x03\xc4\x79\x72\x28\x53\x3b\x1a\x73\xab\x44\xaa\x11\x51\x36"
      "\x35\x39\x64\x64\x8a\xbc\xc4\xad\xbe\x76\x55\x56\x64\x38\x42\x29\x0a\x92"
      "\xea\xfe\xa0\xec\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x6e\x3d\x53\x76\x00"
      "\x00\x00\xe1\xf3\x51\x8d\xc3\xfc\x2b\xbe\xfe\x04\x38\x04\xac\x1b\x6b\x1c"
      "\x8b\x7e\x3a\xfe\xd0\x45\xa3\xa8\x08\x70\x0b\xca\x61\xa3\x9d\x5b\xfa\x83"
      "\x87\x78\x03\x01\x3e\x2d\x14\x5e\x64\x22\x53\x63\x2f\x3a\x28\x3c\x6e\xee"
      "\x0e\x22\xcb\x69\xfe\x7f\x94\x78\x62\x20\xc3\x1e\x9b\x2a\x82\xa9\x85\x6e"
      "\x94\x7b\xac\xe7\x49\x23\xe4\x74\x0b\xf1\xc1\x7c\xb4\x1e\xf1\x91\x61\xc3"
      "\xd4\x17\x65\x55\x17\xc2\x8b\xd0\x8d\xee\x32\xd7\x7a\x40\xb8\x34\xba\x7a"
      "\x12\x22\x33\x54\xe9\x32\x1b\x83\x00\xf7\xd5\xd6\x3f\xa0\xe8\xf0\x74\xad"
      "\xc1\x76\x28\x5a\x8f\x41\x60\x9c\xe0\x40\xce\xc9\x99\x43\x79\x2f\x54\x43"
      "\xca\x52\x92\x44\x7b\x0f\x0f\x24\x07\x43\xc4\xb2\xb8\x14\x2c\xe0\xb4\x3d"
      "\x4d\x17\x31\xce\x11\x53\x3f\x61\xef\x24\x1c\x83\x55\x7f\x5a\xae\x58\xa8"
      "\x48\xb5\xcc\xce\x86\xb8\xb0\xfb\x21\xfe\x36\x9c\x90\xf0\x6e\x2d\x96\x80"
      "\x00\x3d\xf7\x2f\x3f\x00\x60\xe6\xc3\x41\x5c\xc1\x02\x6d\x34\x20\x03\xbe"
      "\xce\x09\xfb\xfd\x06\x2e\xfd\xd9\xb4\x83\x77\x33\x59\x03\xf3\xb4\xe8\x73"
      "\x86\x91\x5e\x3a\xc4\x29\xa4\xdb\x64\x6d\xa1\xcc\x6e\x29\xad\x86\x50\xf4"
      "\xda\x32\x6c\xbf\xdc\xe1\x2c\x8d\x5d\xeb\xa3\x25\x49\xd6\xae\xfe\x42\x2e"
      "\x0d\x66\x5d\x62\x32\x5c\x73\x7f\xe7\x6e\xc1\xf3\xc3\x67\x0e\xd9\x6f\x86"
      "\x73\x8a\x2c\xf1\xc5\x9b\x5f\x9b\x84\xff\xd0\x68\xf7\xb4\x50\x9f\x53\x61"
      "\x79\x10\xa4\x1b\x81\x1a\x3f\x7c\xd6\x25\x1f\x81\x00\x00\x81\x33\xaf\x11"
      "\xa4\xdb\x2d\x00\xc0\xad\x86\xce\x9f\x40\xf3\xe0\x6b\x41\xb4\x5f\x72",
      1493);
  *(uint64_t*)0x200054d0 = 0x20000100;
  memcpy((void*)0x20000100, "GPL\000", 4);
  *(uint32_t*)0x200054d8 = 0;
  *(uint32_t*)0x200054dc = 0;
  *(uint64_t*)0x200054e0 = 0;
  *(uint32_t*)0x200054e8 = 0;
  *(uint32_t*)0x200054ec = 0;
  memset((void*)0x200054f0, 0, 16);
  *(uint32_t*)0x20005500 = 0;
  *(uint32_t*)0x20005504 = 0;
  *(uint32_t*)0x20005508 = -1;
  *(uint32_t*)0x2000550c = 8;
  *(uint64_t*)0x20005510 = 0x20000000;
  *(uint32_t*)0x20000000 = 0;
  *(uint32_t*)0x20000004 = 0;
  *(uint32_t*)0x20005518 = 0;
  *(uint32_t*)0x2000551c = 0x10;
  *(uint64_t*)0x20005520 = 0x20000000;
  *(uint32_t*)0x20000000 = 0;
  *(uint32_t*)0x20000004 = 0;
  *(uint32_t*)0x20000008 = 0;
  *(uint32_t*)0x2000000c = 0;
  *(uint32_t*)0x20005528 = 0xf000000;
  *(uint32_t*)0x2000552c = 0;
  *(uint32_t*)0x20005530 = -1;
  *(uint32_t*)0x20005534 = 0;
  *(uint64_t*)0x20005538 = 0;
  *(uint64_t*)0x20005540 = 0;
  *(uint32_t*)0x20005548 = 0x10;
  *(uint32_t*)0x2000554c = 0;
  syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x200054c0ul, /*size=*/0x48ul);
}
int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul,
          /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul);
  loop();
  return 0;
}