// https://syzkaller.appspot.com/bug?id=cb09a3a32f659fe737e7629d3187cd64832a2314
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <pthread.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

static void test();

void loop()
{
  while (1) {
    test();
  }
}

long r[10];
void* thr(void* arg)
{
  switch ((long)arg) {
  case 0:
    r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
                   r[0], 0x0ul);
    break;
  case 1:
    memcpy((void*)0x20b3d000,
           "\x2f\x64\x65\x76\x2f\x6b\x65\x79\x63\x68\x6f\x72\x64\x00",
           14);
    r[2] = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20b3d000ul,
                   0x2002ul, 0x0ul);
    break;
  case 2:
    *(uint8_t*)0x2026a000 = (uint8_t)0x1;
    *(uint8_t*)0x2026a001 = (uint8_t)0x0;
    *(uint16_t*)0x2026a002 = (uint16_t)0x0;
    *(uint16_t*)0x2026a004 = (uint16_t)0x2;
    *(uint16_t*)0x2026a006 = (uint16_t)0x2;
    *(uint16_t*)0x2026a008 = (uint16_t)0x0;
    r[9] = syscall(__NR_write, r[2], 0x2026a000ul, 0xaul);
    break;
  }
  return 0;
}

void test()
{
  long i;
  pthread_t th[6];

  memset(r, -1, sizeof(r));
  srand(getpid());
  for (i = 0; i < 3; i++) {
    pthread_create(&th[i], 0, thr, (void*)i);
    usleep(rand() % 10000);
  }
  for (i = 0; i < 3; i++) {
    pthread_create(&th[3 + i], 0, thr, (void*)i);
    if (rand() % 2)
      usleep(rand() % 10000);
  }
  usleep(rand() % 100000);
}

int main()
{
  loop();
  return 0;
}