// https://syzkaller.appspot.com/bug?id=bda19bf6b14e7fddccf28ac6f0205c7df6d8c32e
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <sys/types.h>

#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/endian.h>
#include <sys/syscall.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      sleep_ms(10);
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      if (current_time_ms() - start < 5000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[8] = {0x0,
                 0xffffffffffffffff,
                 0xffffffffffffffff,
                 0xffffffffffffffff,
                 0xffffffffffffffff,
                 0xffffffffffffffff,
                 0xffffffffffffffff,
                 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  *(uint32_t*)0x20000240 = 0;
  *(uint16_t*)0x20000244 = 0;
  *(uint16_t*)0x20000246 = 2;
  *(uint64_t*)0x20000248 = 5;
  *(uint64_t*)0x20000250 = 0x1a4;
  *(uint32_t*)0x20000300 = 0x18;
  res = syscall(SYS_getsockopt, /*fd=*/0xffffff9c, /*level=*/0x84,
                /*opt=*/0x107, /*val=*/0x20000240ul, /*len=*/0x20000300ul);
  if (res != -1)
    r[0] = *(uint32_t*)0x20000240;
  *(uint32_t*)0x20000280 = r[0];
  *(uint32_t*)0x20000284 = 0xcb9;
  *(uint32_t*)0x200002c0 = 8;
  syscall(SYS_getsockopt, /*fd=*/-1, /*level=*/0x84, /*opt=*/0x29,
          /*val=*/0x20000280ul, /*len=*/0x200002c0ul);
  res = syscall(SYS_socket, /*domain=*/0x1cul, /*type=*/1ul, /*proto=*/0);
  if (res != -1)
    r[1] = res;
  res = syscall(SYS_socket, /*domain=AF_INET6*/ 0x1cul,
                /*type=SOCK_CLOEXEC|SOCK_STREAM*/ 0x10000001ul, /*proto=*/0x84);
  if (res != -1)
    r[2] = res;
  *(uint8_t*)0x20000480 = 0x1c;
  *(uint8_t*)0x20000481 = 0x1c;
  *(uint16_t*)0x20000482 = htobe16(0x4e23);
  *(uint32_t*)0x20000484 = 0;
  *(uint8_t*)0x20000488 = -1;
  *(uint8_t*)0x20000489 = 1;
  memset((void*)0x2000048a, 0, 13);
  *(uint8_t*)0x20000497 = 1;
  *(uint32_t*)0x20000498 = 8;
  syscall(SYS_connect, /*fd=*/r[1], /*addr=*/0x20000480ul, /*addrlen=*/0x1cul);
  syscall(SYS_fcntl, /*fd=*/r[2], /*cmd=*/0x16ul, /*lock=*/0ul);
  *(uint32_t*)0x200000c0 = 0;
  *(uint16_t*)0x200000c4 = 5;
  *(uint8_t*)0x200000c6 = 0;
  *(uint32_t*)0x20000100 = 8;
  syscall(SYS_getsockopt, /*fd=*/-1, /*level=*/0x84, /*opt=*/0x1e,
          /*val=*/0x200000c0ul, /*len=*/0x20000100ul);
  *(uint32_t*)0x20000200 = r[0];
  *(uint32_t*)0x20000204 = 5;
  syscall(SYS_setsockopt, /*fd=*/r[2], /*level=*/0x84, /*opt=*/0x900,
          /*val=*/0x20000200ul, /*len=*/8ul);
  memcpy(
      (void*)0x20001080,
      "\x5d\xec\x1d\x17\xd3\xe2\x63\xda\x64\x58\x27\xae\x95\xdc\xbd\x43\xaf\xd2"
      "\xe7\x37\x72\xcd\x82\xd2\x8e\x79\xac\x07\xff\x3a\x7b\xe9\x83\xeb\x5c\xf6"
      "\x1b\x9e\x42\x6a\x57\x24\x27\x40\x49\xb5\xc4\x1d\xcb\x35\x74\x12\x8d\x3b"
      "\x2c\x1c\x4d\x1d\x4b\x49\x47\xf8\x15\x45\x8a\xb0\x2d\x0f\x16\x05\x03\x6e"
      "\x6b\x16\x76\x2b\x10\x59\x83\x12\x46\x96\xb7\x20\x6e\x6b\x16\xa2\x22\x1d"
      "\x45\x7e\x0a\x4c\x1d\xff\xff\x6f\xa6\x48\xb2\x3c\xc4\x5b\xf3\x9f\xff\xff"
      "\xff\xff\xff\xff\xff\x7f\xde\x33\x46\x5b\xc2\x57\x64\xb1\x71\x62\x5e\x2a"
      "\x22\x24\x8e\x1d\x36\xe6\x6f\xd1\xf3\xb0\x83\x7d\xd9\x0a\x9e\x03\x98\x98"
      "\x16\x4f\x7f\xc0\x0c\x94\xd9\xf4\x90\xcc\xe7\xac\x4a\x19\x22\x21\x0d\x21"
      "\xd2\xa1\x26\xda\x1f\x5d\x68\x2d\x81\x7d\xd1\x4b\x84\x2f\x04\x47\x5d\x24"
      "\x6f\x3a\xd7\xb8\x99\x27\x45\xbd\x5d\xb4\x13\x34\x26\x9d\x94\x4b\x17\x0c"
      "\x89\x2e\x81\xed\xdf\x3f\xdb\xa5\xdc\x2a\xf6\x3c\x3b\x34\x31\x11\xa1\xfd"
      "\xe7\xa6\xad\xc4\x9e\xbc\x40\x45\x0f\x35\x13\x18\x3f\x63\x9a\x29\x4e\x9e"
      "\x6c\x27\xcb\x8a\xf5\x32\xfa\xa3\x59\x34\x99\x4a\x56\x82\x1b\x44\xbe\x6c"
      "\x13\x42\x60\x05\x26\x08\x49\x80\x09\xad\xc5\x32\x92\x9d\xcd\x21\xd2\x8a"
      "\x5f\x90\x9d\xeb\x28\xd5\x19\xbf\xec\xd2\x54\xc2\x56\x25\x62\x55\xfc\x6f"
      "\x73\xf8\xef\xfa\xa9\x1c\xe3\xc9\x9b\xcd\x9e\x8b\x71\xf5\x17\xb6\xb9\x35"
      "\xbe\xdc\xd6\x1f\xee\xaf\xee\x47\x0f\x23\x28\xc9\xea\x5b\xe1\x76\xd8\x84"
      "\xd6\xa7\x6f\xbb\xdc\x0e\xe8\x78\x3e\x72\x69\x90\x4f\x2d\xa8\x97\x04\xd4"
      "\x0a\xb7\x60\x25\x92\xe0\xc6\xbe\x00\x83\xe3\x5b\x30\xf5\x44\x8a\x0a\xe7"
      "\x5d\xd8\x08\x85\xad\x32\x0e\xd8\x69\x20\xaa\xa4\x63\x35\xf8\x0d\xd0\x77"
      "\xe2\x96\x63\x86\x51\x52\x30\x15\xc4\xf3\x05\x06\xec\x61\xad\xf6\x66\x90"
      "\xbf\x17\xd9\xa1\x49\x6e\x89\x09\xe0\x9d\x50\x3b\x98\x1b\xe0\x46\x40\x0b"
      "\x42\x51\x7a\xc9\x6c\x4e\xf7\x19\x36\x66\x3d\xd4\x31\x66\x2b\x72\x2a\xd6"
      "\x98\x1d\x87\x16\x50\xae\x4c\xf7\xc8\xc3\x7f\x83\x4a\x34\xaa\x1d\x1a\xde"
      "\xed\xf1\xfd\xce\xb9\xf2\x5d\x66\x61\xf8\x87\x8f\xad\x49\x97\x8a\xc0\x33"
      "\x27\x61\xb9\x15\x6e\x78\x61\x91\xdf\x62\x44\x9e\x76\xdd\x5a\xe4\xcb\x71"
      "\x7a\x41\xb9\xff\xa7\xc2\x17\x73\x91\xac\x27\xd3\x05\x75\x06\xcb\xc5\x5f"
      "\x68\x4e\x6c\xaa\x4a\x24\x4a\x53\x69\xcf\xdf\x35\x67\x8d\x4e\x13\x7b\x57"
      "\x14\x63\x24\x11\x03\x62\x2e\x81\xb8\xb1\xba\x68\xd7\xb0\x51\xa9\x61\xc3"
      "\x39\x25\x58\x01\xed\x3a\x09\x8b\xab\xce\x7e\x50\xde\xc9\x0e\xdf\xa6\x57"
      "\x3d\xb8\x3c\x34\x76\xbd\xd6\x89\xe1\xa2\x6d\x21\x6a\xbc\xb0\x60\x16\x9c"
      "\x6c\x53\xea\x44\xcd\x97\xd1\xd2\xe0\xa2\x0a\xaa\x69\x92\xfe\x10\x64\x5f"
      "\x5d\x1c\xa5\xa9\x90\xaf\x93\x77\x94\xd2\xaa\x58\x2d\xc6\x7d\x6c\x45\xfc"
      "\x7a\x68\xae\x6e\x0f\x87\xd4\x28\xbc\x84\x01\xb0\x56\xca\x93\xa2\xc3\xc6"
      "\x5d\x99\x61\x0a\xe0\x08\xbf\x28\x1b\x92\xc4\xc6\x17\xc5\x42\xa5\x9f\x4f"
      "\x31\xf7\xb7\x2c\x4b\x28\xa4\x1c\x88\xa5\x27\x51\x2f\x32\x23\x3a\x7e\xf8"
      "\x40\xae\x88\xd4\x5d\x63\x51\x77\x7e\x9f\x0e\xe3\x0b\xbb\x51\x0f\x47\xf0"
      "\xa0\xc3\x1d\x88\xe8\x31\xe9\xdb\xb9\x0d\xbc\x59\x84\x83\x53\x3c\x6f\x68"
      "\xe5\x28\x45\x3e\x65\x39\x01\x15\x09\x3f\x97\x54\x8a\x03\x89\x6b\x45\xd5"
      "\xaf\xf8\x11\x33\x4d\xc0\x25\x1d\xa3\xcf\xc9\xbf\x22\xa9\xb3\x3c\x66\xcd"
      "\x70\x2f\x04\x1a\x12\x3d\x93\x48\x82\x00\x94\x77\xfb\x5a\xee\xf5\x9e\x66"
      "\x79\xa5\x66\x0a\x0e\xa1\xac\xf2\xdc\x3a\x95\x9f\xce\xf9\x75\x2c\x50\x26"
      "\x28\x2d\x8d\xe9\xcb\x3e\xf5\xce\x63\x4f\x9b\xc6\xf3\x4f\x6f\x3e\x46\xe7"
      "\x3b\xc1\x14\x71\x18\x37\x46\x29\xff\xc3\xcc\xd0\xbd\x44\x97\x58\x9e\x30"
      "\xe9\x3d\x68\x16\x4f\x4f\x3e\x28\x6f\x3b\x9d\x4d\xcb\x65\xf7\x8c\x8d\xad"
      "\x9c\xe7\x9d\x4d\xed\x4f\x4c\xb6\x21\x70\xb3\x30\x41\xd9\x49\x36\x46\xa5"
      "\x93\x10\x40\xc5\x87\x83\x8f\x23\x1a\xec\x16\x9e\x0f\x1d\xec\xca\x98\x24"
      "\x18\xae\xdf\x66\xca\x6b\xdb\x23\x00\x01\x00\x00\x00\x00\x00\x00\xb2\xa6"
      "\x41\x5e\x3b\x67\x3a\x03\x31\x66\xac\x36\x7d\xb9\xf3\x74\xa8\x46\xc5\x3c"
      "\xbf\xa6\x90\xf9\x67\x00\x95\x52\xfd\xd7\xdf\xd4\xc7\x83\xa3\xee\xe5\x30"
      "\x54\x8e\x81\x41\x1b\xdf\xf5\x36\x83\x85\x93\x61\x2a\xfd\xf9\x9e\xed\xff"
      "\x48\x67\x71\x7e\x20\xf2\x65\xac\x91\xfa\x0e\x82\x73\x19\x9a\x6b\xe1\xe4"
      "\xef\x0d\xae\xa1\x47\x00\xe4\x18\x26\x2d\x66\xc4\xf5\x19\x32\x8d\x08\x00"
      "\x6e\x7d\x40\x4e\x49\xf0\xe3\xc8\x6f\x4b\x22\xd9\xb6\x79\xeb\xed\x8a\xdb"
      "\xbe\x76\xea\x74\xec\x16\x3a\x39\x22\xd3\x14\x0a\x60\x89\xd7\xfc\x4a\xfd"
      "\xaa\xf0\xd6\x51\xcd\x54\x55\xaa\x59\x73\x8f\xc2\x0b\xd7\xc9\x75",
      1024);
  memcpy((void*)0x20001480,
         "\x95\x80\xb0\x0b\xa3\xde\x3f\xc3\xd8\x64\x07\x10\x2d\xbc\x55\x0f\xc5"
         "\xda\x9c\x1d\x2d\x89\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00",
         32);
  *(uint32_t*)0x200014a0 = 0x40000003;
  *(uint8_t*)0x200014a4 = 8;
  *(uint64_t*)0x200014a8 = 0;
  *(uint64_t*)0x200014b0 = 0xffff;
  *(uint64_t*)0x200014b8 = 0;
  *(uint64_t*)0x200014c0 = 0;
  *(uint64_t*)0x200014c8 = 0x80;
  *(uint64_t*)0x200014d0 = 0;
  *(uint64_t*)0x200014d8 = 9;
  *(uint64_t*)0x200014e0 = 2;
  *(uint32_t*)0x200014e8 = 0x80000;
  syscall(SYS_ioctl, /*fd=*/-1, /*cmd=*/0xc450443cul, /*arg=*/0x20001080ul);
  res = syscall(SYS_socket, /*domain=*/2ul, /*type=*/0ul, /*proto=*/0x84);
  if (res != -1)
    r[3] = res;
  res = syscall(SYS_socket, /*domain=AF_INET*/ 2ul, /*type=SOCK_STREAM*/ 1ul,
                /*proto=*/0);
  if (res != -1)
    r[4] = res;
  res = syscall(SYS_socket, /*domain=AF_INET6*/ 0x1cul,
                /*type=SOCK_STREAM*/ 1ul, /*proto=*/0);
  if (res != -1)
    r[5] = res;
  syscall(SYS_ioctl, /*fd=*/0xffffff9c, /*cmd=*/0x40004519ul, 0);
  *(uint32_t*)0x20000040 = 2;
  syscall(SYS_setsockopt, /*fd=*/r[5], /*level=*/6, /*optname=TCP_LOG*/ 0x22,
          /*optval=*/0x20000040ul, /*optlen=*/4ul);
  *(uint32_t*)0x200003c0 = 4;
  syscall(SYS_getsockopt, /*fd=*/r[4], /*level=*/0x84, /*opt=*/0x104,
          /*val=*/0x20000380ul, /*len=*/0x200003c0ul);
  *(uint8_t*)0x200000c0 = 0x1c;
  *(uint8_t*)0x200000c1 = 0x1c;
  *(uint16_t*)0x200000c2 = htobe16(0x4e20);
  *(uint32_t*)0x200000c4 = 0;
  *(uint64_t*)0x200000c8 = htobe64(0);
  *(uint64_t*)0x200000d0 = htobe64(1);
  *(uint32_t*)0x200000d8 = 0;
  syscall(SYS_bind, /*fd=*/r[5], /*addr=*/0x200000c0ul, /*addrlen=*/0x1cul);
  memcpy((void*)0x20000440,
         "freebsd\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
         "\000\000\000\000\000\000\000\000\000\000",
         32);
  *(uint32_t*)0x20000460 = 0;
  syscall(SYS_setsockopt, /*fd=*/r[5], /*level=*/6, /*optname=*/0x2000,
          /*optval=*/0x20000440ul, /*optlen=*/0x24ul);
  *(uint8_t*)0x20000140 = 0x1c;
  *(uint8_t*)0x20000141 = 0x1c;
  *(uint16_t*)0x20000142 = htobe16(0x4e20);
  *(uint32_t*)0x20000144 = 0;
  memset((void*)0x20000148, 0, 16);
  *(uint32_t*)0x20000158 = 0;
  syscall(SYS_connect, /*fd=*/r[5], /*addr=*/0x20000140ul, /*addrlen=*/0x1cul);
  syscall(SYS_ksem_open, /*idp=*/0ul, /*name=*/0ul,
          /*oflag=O_CREAT|0x100*/ 0x300ul, /*mode=S_IROTH*/ 4ul, /*value=*/0);
  syscall(SYS_socket, /*domain=*/2ul, /*type=SOCK_STREAM*/ 1ul, /*proto=*/0x84);
  res = syscall(SYS_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0ul,
                /*flags=*/0ul, /*mode=*/0ul);
  if (res != -1)
    r[6] = res;
  *(uint32_t*)0x20000000 = r[6];
  syscall(SYS_ioctl, /*fd=*/r[6], /*cmd=*/0xc0045301ul, /*arg=*/0x20000000ul);
  memcpy((void*)0x20000180, "/dev/smbN\000", 10);
  syscall(SYS_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000180ul,
          /*flags=O_EXEC*/ 0x40000ul, /*mode=*/0ul);
  syscall(SYS_profil, /*samples=*/0ul, /*size=*/0ul, /*offt=*/0ul, /*scale=*/1);
  res = syscall(SYS_socket, /*domain=*/2ul, /*type=SOCK_STREAM*/ 1ul,
                /*proto=*/0x84);
  if (res != -1)
    r[7] = res;
  *(uint32_t*)0x200001c0 = 4;
  syscall(SYS_getsockopt, /*fd=*/r[3], /*level=*/0xffff,
          /*optname=SO_REUSEADDR*/ 4, /*optval=*/0x20000080ul,
          /*optlen=*/0x200001c0ul);
  *(uint16_t*)0x20000340 = 0x8003;
  *(uint16_t*)0x20000342 = 0;
  *(uint16_t*)0x20000344 = 0;
  *(uint16_t*)0x20000346 = 0;
  syscall(SYS_setsockopt, /*fd=*/r[7], /*level=*/0x84, /*opt=*/3,
          /*val=*/0x20000340ul, /*len=*/8ul);
  *(uint8_t*)0x20000140 = 0x10;
  *(uint8_t*)0x20000141 = 2;
  *(uint16_t*)0x20000142 = htobe16(0x4e23);
  *(uint32_t*)0x20000144 = htobe32(0xff);
  memset((void*)0x20000148, 0, 8);
  syscall(SYS_connect, /*fd=*/r[7], /*addr=*/0x20000140ul, /*addrlen=*/0x10ul);
}
int main(void)
{
  syscall(SYS_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x1012ul, /*fd=*/-1,
          /*offset=*/0ul);
  const char* reason;
  (void)reason;
  loop();
  return 0;
}