// https://syzkaller.appspot.com/bug?id=3bceb46d41d762943e66c17156fd647fe2e933d3
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <sys/syscall.h>
#include <unistd.h>

__attribute__((noreturn)) static void doexit(int status)
{
  volatile unsigned i;
  syscall(__NR_exit_group, status);
  for (i = 0;; i++) {
  }
}
#include <errno.h>
#include <stdarg.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>

const int kFailStatus = 67;
const int kRetryStatus = 69;

static void fail(const char* msg, ...)
{
  int e = errno;
  va_list args;
  va_start(args, msg);
  vfprintf(stderr, msg, args);
  va_end(args);
  fprintf(stderr, " (errno %d)\n", e);
  doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus);
}

static void use_temporary_dir()
{
  char tmpdir_template[] = "./syzkaller.XXXXXX";
  char* tmpdir = mkdtemp(tmpdir_template);
  if (!tmpdir)
    fail("failed to mkdtemp");
  if (chmod(tmpdir, 0777))
    fail("failed to chmod");
  if (chdir(tmpdir))
    fail("failed to chdir");
}

static void execute_one();
extern unsigned long long procid;

void loop()
{
  while (1) {
    execute_one();
  }
}

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};
void execute_one()
{
  long res = 0;
  res = syscall(__NR_socket, 0x26, 5, 0);
  if (res != -1)
    r[0] = res;
  *(uint16_t*)0x20001280 = 0x26;
  memcpy((void*)0x20001282,
         "\x68\x61\x73\x68\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 14);
  *(uint32_t*)0x20001290 = 0;
  *(uint32_t*)0x20001294 = 0;
  memcpy((void*)0x20001298,
         "\x73\x68\x61\x33\x2d\x35\x31\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
         64);
  syscall(__NR_bind, r[0], 0x20001280, 0x58);
  *(uint32_t*)0x20000300 = 0xab2539e6;
  res = syscall(__NR_accept, r[0], 0, 0x20000300);
  if (res != -1)
    r[1] = res;
  memcpy((void*)0x20000000,
         "\x54\xbd\x94\xb1\x40\x4e\x11\x41\xe2\xde\x72\xd9\x5a\xec\x4b\x4d\xa8"
         "\x60\x85\x18\x24\x83\x56\x20\x29\x22\x6c\xb1\xb5\xd0\xb2\x9d\xe6\x90"
         "\x69\x33\x92\x70\x00\x11\xac\xec\xf3\x7a\x71\x20\x1b\x08\xe3\x7e\xbe"
         "\x1d\x04\xcb\xbb\x16\xcd\xca\x85\xd3\x61\x5f\xa2\x36\x39\x71\x50\x90"
         "\x24\x14\xf2\xfc\x4b\xa7\x0d\x87\x58\xfc\xa6\xf4\xc9\xad\x66\x3c\x8e"
         "\x19\x74\x4d\xec\x29\xfc\x21\xee\x7e\xa5\xe8\xa9\x41\xcd\xfc\x03\x45"
         "\xf1\x5d\x9f\xb5\xf4\xb9\x37\x36\x88\x86\x28\x4e\x42\xd8\x79\x23\xf5"
         "\xd9\xde\x38\xb5\x70\x54\xd2\xfe\xb0\xff\xba\x8e\x3c\x1e\x65\x1e\xb9"
         "\xa1\x0d\xa4\xad\x04\xb1\xa1\x1d\x39\x1d\xea\x7f\xc1\xb0\xbd\xe8\x46"
         "\x6c\x48\x26\x96\xa9\x6e\x15\xad\xb5\xf0\xfa\xcb\x89\xfc\x83\xdc\x14"
         "\x78",
         171);
  *(uint16_t*)0x20000240 = 2;
  *(uint16_t*)0x20000242 = htobe16(0xfffe);
  *(uint32_t*)0x20000244 = htobe32(0xe0000002);
  *(uint8_t*)0x20000248 = 0;
  *(uint8_t*)0x20000249 = 0;
  *(uint8_t*)0x2000024a = 0;
  *(uint8_t*)0x2000024b = 0;
  *(uint8_t*)0x2000024c = 0;
  *(uint8_t*)0x2000024d = 0;
  *(uint8_t*)0x2000024e = 0;
  *(uint8_t*)0x2000024f = 0;
  syscall(__NR_sendto, r[1], 0x20000000, 0xab, 0, 0x20000240, 0x10);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  char* cwd = get_current_dir_name();
  for (;;) {
    if (chdir(cwd))
      fail("failed to chdir");
    use_temporary_dir();
    loop();
  }
}