// https://syzkaller.appspot.com/bug?id=8edee1de5a64be2c54d28c3a8292737de8a21b1e
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

#define __syscall syscall

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[3] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  *(uint64_t*)0x20000040 = 9;
  *(uint64_t*)0x20000048 = 8;
  *(uint64_t*)0x20000050 = 3;
  *(uint64_t*)0x20000058 = 0xfffffffffffffff7;
  syscall(SYS_setitimer, 1, 0x20000040, 0);
  res = syscall(SYS_dup2, 0xffffff9c, 0xffffff9c);
  if (res != -1)
    r[0] = res;
  syscall(SYS_ioctl, r[0], 0x8058574f, 0);
  res = syscall(SYS_semget, 0x798e2636, 5, 0);
  if (res != -1)
    r[1] = res;
  syscall(SYS_semop, r[1], 0, 0);
  syscall(SYS_msgget, 0, 0);
  syscall(SYS_flock, r[0], 8);
  *(uint32_t*)0x20000800 = 0xfff;
  *(uint32_t*)0x20000804 = 0xf9;
  syscall(SYS_setsockopt, -1, 0xffff, 0x80, 0x20000800, 8);
  memcpy((void*)0x200003c0, "/dev/vmm\000", 9);
  res = syscall(SYS_openat, 0xffffffffffffff9c, 0x200003c0, 0x10, 0);
  if (res != -1)
    r[2] = res;
  *(uint32_t*)0x200000c0 = 1;
  *(uint32_t*)0x200000c4 = 0;
  *(uint64_t*)0x200000c8 = 1;
  *(uint64_t*)0x200000d0 = 0;
  *(uint64_t*)0x200000d8 = 0;
  *(uint64_t*)0x200000e0 = 0;
  *(uint64_t*)0x200000e8 = 0x40000000000;
  *(uint64_t*)0x200000f0 = 0x80000000;
  *(uint64_t*)0x200000f8 = 0;
  *(uint64_t*)0x20000100 = 0;
  *(uint64_t*)0x20000108 = 0xfffffffffffffffc;
  *(uint64_t*)0x20000110 = 0;
  *(uint64_t*)0x20000118 = 0;
  *(uint64_t*)0x20000120 = 0;
  *(uint64_t*)0x20000128 = 0;
  *(uint64_t*)0x20000130 = 0;
  *(uint64_t*)0x20000138 = 0;
  *(uint64_t*)0x20000140 = 0;
  *(uint64_t*)0x20000148 = 0;
  *(uint64_t*)0x20000150 = 0;
  *(uint64_t*)0x20000158 = 0;
  *(uint64_t*)0x20000160 = 0;
  *(uint64_t*)0x20000168 = 0;
  *(uint64_t*)0x20000170 = 0;
  *(uint64_t*)0x20000178 = 0;
  *(uint64_t*)0x20000180 = 0;
  *(uint64_t*)0x20000188 = 0;
  *(uint64_t*)0x20000190 = 0;
  *(uint64_t*)0x20000198 = 0;
  *(uint64_t*)0x200001a0 = 0;
  *(uint64_t*)0x200001a8 = 0;
  *(uint64_t*)0x200001b0 = 0;
  *(uint64_t*)0x200001b8 = 0;
  *(uint64_t*)0x200001c0 = 0;
  *(uint64_t*)0x200001c8 = 0;
  *(uint64_t*)0x200001d0 = 0;
  *(uint64_t*)0x200001d8 = 0;
  *(uint64_t*)0x200001e0 = 0;
  *(uint64_t*)0x200001e8 = 0;
  *(uint64_t*)0x200001f0 = 0;
  *(uint64_t*)0x200001f8 = 0;
  *(uint64_t*)0x20000200 = 0;
  *(uint64_t*)0x20000208 = 0;
  *(uint64_t*)0x20000210 = 0;
  *(uint16_t*)0x20000218 = 0;
  *(uint32_t*)0x2000021c = 0;
  *(uint32_t*)0x20000220 = 0;
  *(uint64_t*)0x20000228 = 0;
  *(uint16_t*)0x20000230 = 0;
  *(uint32_t*)0x20000234 = 0;
  *(uint32_t*)0x20000238 = 0;
  *(uint64_t*)0x20000240 = 0;
  *(uint16_t*)0x20000248 = 0;
  *(uint32_t*)0x2000024c = 0;
  *(uint32_t*)0x20000250 = 0;
  *(uint64_t*)0x20000258 = 0;
  *(uint16_t*)0x20000260 = 0;
  *(uint32_t*)0x20000264 = 0;
  *(uint32_t*)0x20000268 = 0;
  *(uint64_t*)0x20000270 = 0;
  *(uint16_t*)0x20000278 = 0;
  *(uint32_t*)0x2000027c = 0;
  *(uint32_t*)0x20000280 = 0;
  *(uint64_t*)0x20000288 = 0;
  *(uint16_t*)0x20000290 = 0;
  *(uint32_t*)0x20000294 = 0;
  *(uint32_t*)0x20000298 = 0;
  *(uint64_t*)0x200002a0 = 0;
  *(uint16_t*)0x200002a8 = 0;
  *(uint32_t*)0x200002ac = 0;
  *(uint32_t*)0x200002b0 = 0;
  *(uint64_t*)0x200002b8 = 0;
  *(uint16_t*)0x200002c0 = 0;
  *(uint32_t*)0x200002c4 = 0;
  *(uint32_t*)0x200002c8 = 0;
  *(uint64_t*)0x200002d0 = 0;
  *(uint16_t*)0x200002d8 = 0;
  *(uint32_t*)0x200002dc = 0;
  *(uint32_t*)0x200002e0 = 0;
  *(uint64_t*)0x200002e8 = 0;
  *(uint16_t*)0x200002f0 = 0;
  *(uint32_t*)0x200002f4 = 0;
  *(uint32_t*)0x200002f8 = 0;
  *(uint64_t*)0x20000300 = 0;
  syscall(SYS_ioctl, r[2], 0xc5005601, 0x200000c0);
  *(uint64_t*)0x20001f10 = 0;
  syscall(SYS_ioctl, -1, 0xc0185603, 0x20001f00);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x1012, -1, 0, 0);
  loop();
  return 0;
}