// https://syzkaller.appspot.com/bug?id=1b62e3827b44b41fe3faf54a5bb7bf273580af98
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <setjmp.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

static __thread int skip_segv;
static __thread jmp_buf segv_env;

static void segv_handler(int sig, siginfo_t* info, void* ctx)
{
  uintptr_t addr = (uintptr_t)info->si_addr;
  const uintptr_t prog_start = 1 << 20;
  const uintptr_t prog_end = 100 << 20;
  int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0;
  int valid = addr < prog_start || addr > prog_end;
  if (skip && valid) {
    _longjmp(segv_env, 1);
  }
  exit(sig);
}

static void install_segv_handler(void)
{
  struct sigaction sa;
  memset(&sa, 0, sizeof(sa));
  sa.sa_sigaction = segv_handler;
  sa.sa_flags = SA_NODEFER | SA_SIGINFO;
  sigaction(SIGSEGV, &sa, NULL);
  sigaction(SIGBUS, &sa, NULL);
}

#define NONFAILING(...)                                                        \
  ({                                                                           \
    int ok = 1;                                                                \
    __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST);                       \
    if (_setjmp(segv_env) == 0) {                                              \
      __VA_ARGS__;                                                             \
    } else                                                                     \
      ok = 0;                                                                  \
    __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST);                       \
    ok;                                                                        \
  })

#define __syscall syscall

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  install_segv_handler();
  intptr_t res = 0;
  NONFAILING(memcpy(
      (void*)0x200000c0,
      "\xb1\x00\x05\x04\x60\x00\x00\x00\x00\x00\x08\x00\x01\x01\x00\x00\x00\x00"
      "\x00\x00\xce\xa1\xfe\xa7\xfe\xf9\x6e\xcf\xc7\x3f\xd3\x35\x7a\xe2\x6c\xaa"
      "\x04\x16\xfa\x4f\x37\x63\x36\xac\xf0\x0b\x78\x04\xbe\x78\x1e\x49\x91\xf7"
      "\xc8\xdf\x5f\x88\x2b\x29\x7b\xe1\xaa\x5b\x01\x00\x00\x00\x01\x00\x00\x00"
      "\xbb\xc2\x57\x69\x9a\x1f\x13\x2e\x27\xac\xb5\xd6\x02\x00\x0d\x7d\x02\x6b"
      "\xa8\xaf\x63\xff\xff\x07\x29\x18\xe4\xfd\x89\x72\x0f\xd3\x87",
      105));
  syscall(SYS_sendto, -1, 0x200000c0ul, 0x69ul, 0ul, 0ul, 0ul);
  NONFAILING(memcpy((void*)0x200000c0, "\xb1\x00\x05\x03", 4));
  syscall(SYS_sendto, -1, 0x200000c0ul, 4ul, 0ul, 0ul, 0ul);
  syscall(SYS_mprotect, 0x20000000ul, 0x800000ul, 5ul);
  res = syscall(SYS_socket, 0x11ul, 3ul, 0);
  if (res != -1)
    r[0] = res;
  NONFAILING(memcpy(
      (void*)0x200000c0,
      "\xb1\x00\x05\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\x00\x00\x00"
      "\x00\x00\xce\xa1\xfe\xa7\xfe\xf9\x6e\xcf\xc7\x3f\xd3\x35\x7a\xe2\x6c\xaa"
      "\x04\x16\xfa\x4f\x37\x3f\x00\xac\xf0\x0b\x78\x04\xbe\x78\x1e\x49\x91\xf7"
      "\xc8\xdf\x5f\x88\x2b\x29\x7b\xe1\xab\x5b\x23\xed\x00\xf4\xc8\x07\x00\x00"
      "\x00\x00\x00\x00\x00\x1f\x13\x2e\x27\xac\xbd\xd6\x02\x00\x0d\x7d\x02\x6b"
      "\xa8\xaf\x63\xff\x37\x28\x29\x02\xe4\xfd\x89\x72\x0f\xd3\x87\x2b\xab\xfb"
      "\xb7\x70\xc1\xff\xff\x00\x00\x0f\x90\x00\x6e\xe0\x1b\xc4\x3e\xae\xac\xc5"
      "\x00\x00\xfa\x02\x00\x00\x00\x00\x00\x00\x02\x02\x08\xa3\x71\xa3\xf8\x00"
      "\x04\x00\x00\x00\x04\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00",
      164));
  syscall(SYS_sendto, r[0], 0x200000c0ul, 0xb1ul, 0ul, 0ul,
          0xfffffffffffffd41ul);
  return 0;
}