// https://syzkaller.appspot.com/bug?id=ba1b33ba3a61e27320b1290c8c9f03691f89545e
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <dirent.h>
#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void use_temporary_dir(void)
{
  char tmpdir_template[] = "./syzkaller.XXXXXX";
  char* tmpdir = mkdtemp(tmpdir_template);
  if (!tmpdir)
    exit(1);
  if (chmod(tmpdir, 0777))
    exit(1);
  if (chdir(tmpdir))
    exit(1);
}

static void remove_dir(const char* dir)
{
  DIR* dp;
  struct dirent* ep;
  dp = opendir(dir);
  if (dp == NULL)
    exit(1);
  while ((ep = readdir(dp))) {
    if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0)
      continue;
    char filename[FILENAME_MAX];
    snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name);
    struct stat st;
    if (lstat(filename, &st))
      exit(1);
    if (S_ISDIR(st.st_mode)) {
      remove_dir(filename);
      continue;
    }
    if (unlink(filename))
      exit(1);
  }
  closedir(dp);
  if (rmdir(dir))
    exit(1);
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    char cwdbuf[32];
    sprintf(cwdbuf, "./%d", iter);
    if (mkdir(cwdbuf, 0777))
      exit(1);
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      if (chdir(cwdbuf))
        exit(1);
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
    remove_dir(cwdbuf);
  }
}

#ifndef SYS_dup2
#define SYS_dup2 90
#endif
#ifndef SYS_fchdir
#define SYS_fchdir 13
#endif
#ifndef SYS_ftruncate
#define SYS_ftruncate 201
#endif
#ifndef SYS_getegid
#define SYS_getegid 43
#endif
#ifndef SYS_getppid
#define SYS_getppid 39
#endif
#ifndef SYS_getsockopt
#define SYS_getsockopt 118
#endif
#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_open
#define SYS_open 5
#endif
#ifndef SYS_pipe
#define SYS_pipe 42
#endif
#ifndef SYS_recvmsg
#define SYS_recvmsg 27
#endif
#ifndef SYS_sendmsg
#define SYS_sendmsg 28
#endif
#ifndef SYS_sendto
#define SYS_sendto 133
#endif
#ifndef SYS_setregid
#define SYS_setregid 127
#endif
#ifndef SYS_setsockopt
#define SYS_setsockopt 105
#endif
#ifndef SYS_socket
#define SYS_socket 394
#endif
#ifndef SYS_socketpair
#define SYS_socketpair 135
#endif

uint64_t r[16] = {0xffffffffffffffff,
                  0xffffffffffffffff,
                  0xffffffffffffffff,
                  0xffffffffffffffff,
                  0x0,
                  0x0,
                  0xffffffffffffffff,
                  0x0,
                  0x0,
                  0xffffffffffffffff,
                  0xffffffffffffffff,
                  0xffffffffffffffff,
                  0xffffffffffffffff,
                  0xffffffffffffffff,
                  0xffffffffffffffff,
                  0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  syscall(SYS_sendto, -1, 0ul, 0ul, 4ul, 0ul, 0ul);
  res = syscall(SYS_socket, 0x18ul, 1ul, 0);
  if (res != -1)
    r[0] = res;
  syscall(SYS_setsockopt, r[0], 0x29, 0xa, 0ul, 0ul);
  res = syscall(SYS_socket, 0x18ul, 1ul, 0);
  if (res != -1)
    r[1] = res;
  syscall(SYS_setsockopt, r[1], 0x29, 0xa, 0ul, 0ul);
  syscall(SYS_socketpair, 0x1ful, 3ul, 9, 0ul);
  syscall(SYS_setsockopt, -1, 0x29, 0xa, 0ul, 0ul);
  syscall(SYS_setsockopt, -1, 0x29, 0xa, 0ul, 0ul);
  res = syscall(SYS_socket, 0x18ul, 1ul, 0);
  if (res != -1)
    r[2] = res;
  syscall(SYS_setsockopt, -1, 0x29, 0xa, 0ul, 0ul);
  res = syscall(SYS_socket, 0x18ul, 1ul, 0);
  if (res != -1)
    r[3] = res;
  syscall(SYS_setsockopt, r[3], 0x29, 0xa, 0ul, 0ul);
  res = syscall(SYS_getsockopt, r[3], 0xfffful, 0x11ul, 0x20000640ul, 0xcul);
  if (res != -1)
    r[4] = *(uint32_t*)0x20000648;
  res = syscall(SYS_getppid);
  if (res != -1)
    r[5] = res;
  res = syscall(SYS_socket, 0x18ul, 1ul, 0);
  if (res != -1)
    r[6] = res;
  syscall(SYS_setsockopt, r[6], 0x29, 0xa, 0ul, 0ul);
  res = syscall(SYS_getsockopt, r[6], 0xfffful, 0x11ul, 0x20000680ul, 0ul);
  if (res != -1)
    r[7] = *(uint32_t*)0x20000684;
  res = syscall(SYS_getegid);
  if (res != -1)
    r[8] = res;
  syscall(SYS_setregid, r[8], -1);
  res = syscall(SYS_socket, 0x18ul, 1ul, 0);
  if (res != -1)
    r[9] = res;
  syscall(SYS_setsockopt, r[9], 0x29, 0xa, 0ul, 0ul);
  res = syscall(SYS_open, 0ul, 0x400000ul, 0x60ul);
  if (res != -1)
    r[10] = res;
  res = syscall(SYS_socket, 0x18ul, 1ul, 0);
  if (res != -1)
    r[11] = res;
  syscall(SYS_setsockopt, r[11], 0x29, 0xa, 0ul, 0ul);
  res = syscall(SYS_pipe, 0x20000740ul);
  if (res != -1)
    r[12] = *(uint32_t*)0x20000744;
  res = syscall(SYS_socket, 0x18ul, 1ul, 0);
  if (res != -1)
    r[13] = res;
  syscall(SYS_setsockopt, r[13], 0x29, 0xa, 0ul, 0ul);
  res = syscall(SYS_open, 0ul, 0x800ul, 0x44ul);
  if (res != -1)
    r[14] = res;
  *(uint64_t*)0x20000900 = 0x200001c0;
  *(uint16_t*)0x200001c0 = 3;
  *(uint8_t*)0x200001c2 = 0;
  *(uint32_t*)0x200001c4 = 0x4e23 + procid * 4;
  *(uint32_t*)0x20000908 = 8;
  *(uint64_t*)0x20000910 = 0x20000500;
  *(uint64_t*)0x20000500 = 0x20000200;
  memcpy((void*)0x20000200,
         "\x4d\xab\x37\x64\x08\xde\x93\x3d\x1d\x06\x40\x53\x4a\x04\x41\xcc\x7e"
         "\x09\xc2\x46\x2a\x12\xf4\x42\x32\xc3\xd0\x0c\x26\x35\x80\x7b\xc1\x1b"
         "\x7f\xec\xcb\xbc\x3c\x31\x15\x8f\xd2\x64\xf0\xcc\xd4\xcf\xd1\x76\x46"
         "\x31\x05\xc4\xd4\xdb\x41\x70\x6e\x1f\x56\x3d\x02\x97\x78\xfc\x42\xa3"
         "\xee\xcd\x8c\xa7\xf9\xd6\x3b\x0f\x7e\xe8\x53\xab\x27\xa6\x75\x69\x30"
         "\x1e\x59\x42\x86\x32\xc8\x99\x14\x2e\x76\x74\x04\x72\x1c\xed\xec\x01"
         "\x43\xe5\xf7\x65\xbd\xc2\x9e\x6d\xe6\x24\x80\x5f\x28\xba\xe3\x35\x24"
         "\xca\x1d\xda\x9c\x69\x91\x03\x32\x9d\xb9\xff\xb4\x9f\x93\x94\xdb\xaa"
         "\x67\x23\xe1\x28\x57\xe3\x65\xad\xd1\xad\xeb\x03\xaa\x50\x66\x31\x2f"
         "\xe1\xd9\x4b\x80\xbd\x27\xa5\x7e\x57\xd6\x66\x4f\x3b\xc4\x93\x6d\xfb"
         "\xc5\x7d\xfe\xd2\x12\x10\x9f\x7a\x2e\x39\x3c\x63\x9e\xe1\x37\xa8\xfa"
         "\x9e\xee\x71\x09\x23\xc2\xf1\x3f\x51\x76\xe6\x85\x7f\xaf\xa2\xc0\x68"
         "\xf7\x86\x03\x88\x42\xd9\xda\x3c\x10\x7b\x8b\x98\x53\x0a\x65\x03\xb5"
         "\xcf\xea\xae\xe0\x7c\x06\xae\x3f\x21\x77\xfd\x11\xf5\x3e\x79\x03\x59"
         "\x11",
         239);
  *(uint64_t*)0x20000508 = 0xef;
  *(uint64_t*)0x20000510 = 0x20000300;
  memcpy((void*)0x20000300,
         "\xd4\x57\x12\x61\xac\xef\x9d\x13\x63\xbd\x1c\xdf\xae\x66\x6f\x18\xc2"
         "\x7b\x78\x4d\x33\x04\xb1\x84\xaf\x64\x0b\x27\xf5\x37\xf6\x19\xad\x48"
         "\x9d\x67\x9d\x78\xee\x97\x7b\x24\x62\x62\x6b\x38\x05\x65\x16\x8b\x8e"
         "\xbf\x2a\x37\xe8\x99\xae\x84\x7a\x5e\x6b\xc1\x17\x15\x62\x2b\x53\x5f"
         "\xf7\xf8\xae\x67\xb0\x94\x77\xf7\xea\xcf\x64\x98\xbb\x5b\x8b\xee\xe5"
         "\xd3\xfa\x07\xf8\xf2\xd2\xea\xd9\x55\xc4\x00\x48\xd4\x4d\x9d\xb0\xe7"
         "\xab\x58\x59\x0d\xfb\x81\xb2\x38\x50\xe1\xb6\xba\x97\x68\xaf\x56\x52"
         "\x96\xec\x54\x97\x3e\x18\xe8\xf6\x86\x64\x30\xe3\x11\x9b\x3c\xf3\xed"
         "\xd5\x6c\xcf\xf6\x2a\x35\x40\x7a\x4e\xc6\x88\x53\xe3\x41\xc3\x8b\x0a"
         "\xd1\xf9\x72\xfd\x40\x8c\xd8\xce\x69\xe0\xee\x33\x25\x1a\x0e\x68\x1a"
         "\x40\x04\xed\x88\x63\x25\x7d\xa0\x1e\x40\x32\xc5\x0f\x4e\xf2\xb3",
         186);
  *(uint64_t*)0x20000518 = 0xba;
  *(uint64_t*)0x20000520 = 0x200003c0;
  *(uint64_t*)0x20000528 = 0;
  *(uint64_t*)0x20000530 = 0x20000400;
  memcpy((void*)0x20000400,
         "\x0b\x53\x53\xf4\x7a\x1e\x1e\xcc\x1c\x22\x20\x04\xf5\xe1\xe4\x99\x71"
         "\x81\xac\x4c\x8a\x97\x7e\xd3\xd3\xc4\x66\xda\x8b\xe5\xcd\x87\xb1\x2e"
         "\x36\x5d\x9b\x4c\x00\x40\x38\xee\x00\xdb\xc4\x5a\xfb\x09\x39\x9d\xa9"
         "\x93\xf6\xe4\xa4\xb0\xab\xb4\x03\x2a\x64\xa0\xb6\xf2\x3f\x21\x8c\x54"
         "\xe4\xfd\xfb\xe4\xe6\x6f\x52\xdd\x85\x44\x44\xf7\x89\x92\x38\xc6\x11"
         "\xed\xb2\xeb\xa1\x49\x19\x41\xba\x65\x68\x17\x13\x5f\x3e\xdf\x43\x5b"
         "\x15\xbb\x63\x51\xa0\xaa\x26\x72\xdb\xa1\x80\x8a\x05\x88\x79\xf6\xb8"
         "\x00\xc4\xd8\x12\x7b\xc1\xe0\x45\x97\x37\xc5\xb7\x8f\xb6\xf2\x2c\xd8"
         "\x86\x49\x4b\xc4\x4e\x55\xae\x9b\xeb\x46\xc7\x35\x3d\x71\x7f\xf2\x02"
         "\x24\xcd\x56\xde\xa7\x67\x3d\xfb\x40\xf6\xb2\x11\x38\xe7\xdd\x50\x08"
         "\x79\xd5\xd9\x27\x00\xfc\x65\x51\xb2\xe1\xda\xcd\xee\xec\xab\xa3\x11"
         "\x3d\x4d\x30\x41\x13\x27\xe1\xcd\x8c\xab\xe1\x1a\x22\xa2\x13\x8a\x17"
         "\xb9\xd9\x03\x76\x73\x2f\xed",
         211);
  *(uint64_t*)0x20000538 = 0xd3;
  *(uint64_t*)0x20000918 = 4;
  *(uint64_t*)0x20000920 = 0x200007c0;
  *(uint64_t*)0x200007c0 = 0x38;
  *(uint32_t*)0x200007c8 = 0xffff;
  *(uint32_t*)0x200007cc = 1;
  *(uint32_t*)0x200007d0 = -1;
  *(uint32_t*)0x200007d4 = -1;
  *(uint32_t*)0x200007d8 = r[1];
  *(uint32_t*)0x200007dc = -1;
  *(uint32_t*)0x200007e0 = -1;
  *(uint32_t*)0x200007e4 = -1;
  *(uint32_t*)0x200007e8 = -1;
  *(uint32_t*)0x200007ec = -1;
  *(uint32_t*)0x200007f0 = -1;
  *(uint64_t*)0x200007f8 = 0x30;
  *(uint32_t*)0x20000800 = 0xffff;
  *(uint32_t*)0x20000804 = 1;
  *(uint32_t*)0x20000808 = -1;
  *(uint32_t*)0x2000080c = r[2];
  *(uint32_t*)0x20000810 = -1;
  *(uint32_t*)0x20000814 = -1;
  *(uint32_t*)0x20000818 = -1;
  *(uint32_t*)0x2000081c = -1;
  *(uint32_t*)0x20000820 = -1;
  *(uint32_t*)0x20000824 = -1;
  *(uint64_t*)0x20000828 = 0x18;
  *(uint32_t*)0x20000830 = 0xffff;
  *(uint32_t*)0x20000834 = 1;
  *(uint32_t*)0x20000838 = -1;
  *(uint32_t*)0x2000083c = -1;
  *(uint64_t*)0x20000840 = 0x18;
  *(uint32_t*)0x20000848 = 0xffff;
  *(uint32_t*)0x2000084c = 1;
  *(uint32_t*)0x20000850 = -1;
  *(uint64_t*)0x20000858 = 0x20;
  *(uint32_t*)0x20000860 = 0xffff;
  *(uint32_t*)0x20000864 = 2;
  *(uint32_t*)0x20000868 = 0;
  *(uint32_t*)0x2000086c = 0;
  *(uint32_t*)0x20000870 = r[4];
  *(uint64_t*)0x20000878 = 0x20;
  *(uint32_t*)0x20000880 = 0xffff;
  *(uint32_t*)0x20000884 = 2;
  *(uint32_t*)0x20000888 = r[5];
  *(uint32_t*)0x2000088c = r[7];
  *(uint32_t*)0x20000890 = r[8];
  *(uint64_t*)0x20000898 = 0x38;
  *(uint32_t*)0x200008a0 = 0xffff;
  *(uint32_t*)0x200008a4 = 1;
  *(uint32_t*)0x200008a8 = 0xffffff9c;
  *(uint32_t*)0x200008ac = r[9];
  *(uint32_t*)0x200008b0 = -1;
  *(uint32_t*)0x200008b4 = r[10];
  *(uint32_t*)0x200008b8 = r[11];
  *(uint32_t*)0x200008bc = r[12];
  *(uint32_t*)0x200008c0 = r[13];
  *(uint32_t*)0x200008c4 = r[14];
  *(uint32_t*)0x200008c8 = -1;
  *(uint32_t*)0x200008cc = -1;
  *(uint64_t*)0x20000928 = 0x110;
  *(uint32_t*)0x20000930 = 8;
  syscall(SYS_sendmsg, r[0], 0x20000900ul, 2ul);
  res = syscall(SYS_dup2, -1, -1);
  if (res != -1)
    r[15] = res;
  syscall(SYS_ftruncate, -1, 0x100000001ul);
  *(uint64_t*)0x20000580 = 0;
  *(uint32_t*)0x20000588 = 0;
  *(uint64_t*)0x20000590 = 0;
  *(uint64_t*)0x20000598 = 0;
  *(uint64_t*)0x200005a0 = 0;
  *(uint64_t*)0x200005a8 = 0xfe22;
  *(uint32_t*)0x200005b0 = 0;
  syscall(SYS_recvmsg, r[15], 0x20000580ul, 1ul);
  syscall(SYS_fchdir, 0xffffff9c);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      use_temporary_dir();
      loop();
    }
  }
  sleep(1000000);
  return 0;
}