// https://syzkaller.appspot.com/bug?id=bda19bf6b14e7fddccf28ac6f0205c7df6d8c32e
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <sys/types.h>

#include <pwd.h>
#include <setjmp.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/endian.h>
#include <sys/syscall.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static unsigned long long procid;

static __thread int clone_ongoing;
static __thread int skip_segv;
static __thread jmp_buf segv_env;

static void segv_handler(int sig, siginfo_t* info, void* ctx)
{
  if (__atomic_load_n(&clone_ongoing, __ATOMIC_RELAXED) != 0) {
    exit(sig);
  }
  uintptr_t addr = (uintptr_t)info->si_addr;
  const uintptr_t prog_start = 1 << 20;
  const uintptr_t prog_end = 100 << 20;
  int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0;
  int valid = addr < prog_start || addr > prog_end;
  if (sig == SIGBUS)
    valid = 1;
  if (skip && valid) {
    _longjmp(segv_env, 1);
  }
  exit(sig);
}

static void install_segv_handler(void)
{
  struct sigaction sa;
  memset(&sa, 0, sizeof(sa));
  sa.sa_sigaction = segv_handler;
  sa.sa_flags = SA_NODEFER | SA_SIGINFO;
  sigaction(SIGSEGV, &sa, NULL);
  sigaction(SIGBUS, &sa, NULL);
}

#define NONFAILING(...)                                                        \
  ({                                                                           \
    int ok = 1;                                                                \
    __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST);                       \
    if (_setjmp(segv_env) == 0) {                                              \
      __VA_ARGS__;                                                             \
    } else                                                                     \
      ok = 0;                                                                  \
    __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST);                       \
    ok;                                                                        \
  })

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[9] = {0xffffffffffffffff, 0xffffffffffffffff, 0x0,
                 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
                 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  syscall(SYS_sendmsg, /*fd=*/-1, /*msg=*/0ul, /*f=*/8ul);
  syscall(SYS_symlink, /*old=*/0ul, /*new=*/0ul);
  res = syscall(SYS_socket, /*domain=*/2ul, /*type=*/1ul, /*proto=*/0);
  {
    int i;
    for (i = 0; i < 64; i++) {
      syscall(SYS_socket, /*domain=*/2ul, /*type=*/1ul, /*proto=*/0);
    }
  }
  if (res != -1)
    r[0] = res;
  syscall(SYS_socket, /*domain=*/0x1cul, /*type=*/5ul, /*proto=*/0x84);
  {
    int i;
    for (i = 0; i < 64; i++) {
      syscall(SYS_socket, /*domain=*/0x1cul, /*type=*/5ul, /*proto=*/0x84);
    }
  }
  syscall(SYS_msgctl, /*msqid=*/0, /*cmd=*/1ul, /*buf=*/0ul);
  res = syscall(SYS_fcntl, /*fd=*/-1, /*cmd=*/5ul, 0);
  if (res != -1)
    r[1] = res;
  res = syscall(SYS_fork);
  {
    int i;
    for (i = 0; i < 32; i++) {
      syscall(SYS_fork);
    }
  }
  if (res != -1)
    r[2] = res;
  syscall(SYS_wait4, /*pid=*/r[2], /*status=*/0ul, /*options=*/0ul, /*ru=*/0ul);
  syscall(SYS_sigqueue, /*pid=*/r[2], /*signo=*/3, /*value=*/0ul);
  {
    int i;
    for (i = 0; i < 32; i++) {
      syscall(SYS_sigqueue, /*pid=*/r[2], /*signo=*/3, /*value=*/0ul);
    }
  }
  res = syscall(SYS_socket, /*domain=*/2ul, /*type=*/1ul, /*proto=*/0);
  if (res != -1)
    r[3] = res;
  NONFAILING(
      memcpy((void*)0x20000080,
             "bbr\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
             "\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
             32));
  NONFAILING(*(uint32_t*)0x200000a0 = 0);
  syscall(SYS_setsockopt, /*fd=*/r[3], /*level=*/6, /*optname=*/0x2000,
          /*optval=*/0x20000080ul, /*optlen=*/0x24ul);
  NONFAILING(*(uint8_t*)0x20000240 = 0x10);
  NONFAILING(*(uint8_t*)0x20000241 = 2);
  NONFAILING(*(uint16_t*)0x20000242 = htobe16(0x4e22 + procid * 4));
  NONFAILING(*(uint8_t*)0x20000244 = 0xac);
  NONFAILING(*(uint8_t*)0x20000245 = 0x14);
  NONFAILING(*(uint8_t*)0x20000246 = 0 + procid * 1);
  NONFAILING(*(uint8_t*)0x20000247 = 0xbb);
  NONFAILING(memset((void*)0x20000248, 0, 8));
  syscall(SYS_connect, /*fd=*/r[3], /*addr=*/0x20000240ul, /*addrlen=*/0x10ul);
  NONFAILING(*(uint64_t*)0x20000280 = 0x20000040);
  res = syscall(SYS___semctl, /*semid=*/0, /*semnum=*/0ul, /*cmd=*/0xaul,
                /*arg=*/0x20000280ul);
  {
    int i;
    for (i = 0; i < 64; i++) {
      syscall(SYS___semctl, /*semid=*/0, /*semnum=*/0ul, /*cmd=*/0xaul,
              /*arg=*/0x20000280ul);
    }
  }
  if (res != -1) {
    NONFAILING(r[4] = *(uint32_t*)0x20000040);
    NONFAILING(r[5] = *(uint32_t*)0x20000044);
    NONFAILING(r[6] = *(uint32_t*)0x20000048);
    NONFAILING(r[7] = *(uint32_t*)0x2000004c);
  }
  NONFAILING(*(uint8_t*)0x20000480 = 0x1c);
  NONFAILING(*(uint8_t*)0x20000481 = 0x1c);
  NONFAILING(*(uint16_t*)0x20000482 = htobe16(0x4e22 + procid * 4));
  NONFAILING(*(uint32_t*)0x20000484 = 0xfffffff9);
  NONFAILING(*(uint8_t*)0x20000488 = 0xfe);
  NONFAILING(*(uint8_t*)0x20000489 = 0x80);
  NONFAILING(memset((void*)0x2000048a, 0, 12));
  NONFAILING(*(uint8_t*)0x20000496 = 0 + procid * 1);
  NONFAILING(*(uint8_t*)0x20000497 = 0xaa);
  NONFAILING(*(uint32_t*)0x20000498 = 4);
  syscall(SYS_sendto, /*fd=*/-1, /*buf=*/0ul, /*len=*/0ul, /*f=*/0ul,
          /*addr=*/0x20000480ul, /*addrlen=*/0x1cul);
  syscall(SYS_shutdown, /*fd=*/-1, /*how=*/0ul);
  NONFAILING(memcpy((void*)0x20000000, "/dev/crypto\000", 12));
  res = syscall(SYS_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000000ul,
                /*flags=*/0x100ul, /*mode=*/0ul);
  if (res != -1)
    r[8] = res;
  NONFAILING(*(uint32_t*)0x20000440 = 0x19);
  NONFAILING(*(uint32_t*)0x20000444 = 0);
  NONFAILING(*(uint32_t*)0x20000448 = 0);
  NONFAILING(*(uint64_t*)0x20000450 = 0);
  NONFAILING(*(uint32_t*)0x20000458 = 0);
  NONFAILING(*(uint64_t*)0x20000460 = 0);
  NONFAILING(*(uint32_t*)0x20000468 = 0);
  NONFAILING(*(uint32_t*)0x2000046c = 0xfdffffff);
  NONFAILING(*(uint32_t*)0x20000470 = 0);
  NONFAILING(*(uint32_t*)0x20000474 = 0);
  NONFAILING(*(uint32_t*)0x20000478 = 0);
  NONFAILING(*(uint32_t*)0x2000047c = 0);
  syscall(SYS_ioctl, /*fd=*/r[8], /*cmd=*/0xc040636aul, /*arg=*/0x20000440ul);
  {
    int i;
    for (i = 0; i < 32; i++) {
      syscall(SYS_ioctl, /*fd=*/r[8], /*cmd=*/0xc040636aul,
              /*arg=*/0x20000440ul);
    }
  }
  NONFAILING(*(uint32_t*)0x20000040 = 0);
  NONFAILING(*(uint16_t*)0x20000044 = 2);
  NONFAILING(*(uint16_t*)0x20000046 = 0);
  NONFAILING(*(uint32_t*)0x20000048 = 0);
  NONFAILING(*(uint64_t*)0x20000050 = 0);
  NONFAILING(*(uint64_t*)0x20000058 = 0);
  NONFAILING(*(uint64_t*)0x20000060 = 0x20001480);
  NONFAILING(*(uint64_t*)0x20000068 = 0);
  syscall(SYS_ioctl, /*fd=*/r[8], /*cmd=*/0xc0306367ul, /*arg=*/0x20000040ul);
  {
    int i;
    for (i = 0; i < 32; i++) {
      syscall(SYS_ioctl, /*fd=*/r[8], /*cmd=*/0xc0306367ul,
              /*arg=*/0x20000040ul);
    }
  }
  NONFAILING(*(uint64_t*)0x20000d80 = 0x20003200);
  NONFAILING(*(uint32_t*)0x20000d88 = 0xa);
  NONFAILING(*(uint64_t*)0x20000d90 = 0x200000c0);
  NONFAILING(*(uint64_t*)0x20000d98 = 0);
  NONFAILING(*(uint64_t*)0x20000da0 = 0x20003200);
  NONFAILING(*(uint64_t*)0x20003200 = -1);
  NONFAILING(*(uint8_t*)0x20003208 = r[7]);
  NONFAILING(sprintf((char*)0x20003209, "%020llu", (long long)r[4]));
  NONFAILING(memcpy(
      (void*)0x2000321d,
      "\x5f\x36\xe2\x1a\x20\x28\xba\xd6\xda\x89\x0a\x5b\x24\xde\x0a\x0c\x95\x9e"
      "\x1d\x18\xf5\x57\x8c\xe8\x33\x87\x43\x91\x20\x2c\xa4\x4a\x05\x4d\xda\xa9"
      "\x92\x7b\xfe\x9e\x00\x00\xc9\x84\xf1\x5d\xb9\x40\x4c\xa4\x89\xf1\x88\x4e"
      "\x69\xb5\x6a\x6f\x47\x36\x02\x96\x19\xdc\x5b\xe9\x3e\x43\x75\xe4\x8f\x29"
      "\xea\x94\x18\x25\x0c\x2b\xc5\x00\x00\xbe\xaf\xc0\x84\x90\x27\x77\x7c\x13"
      "\x28\xdb\x96\x4c\xac\xc5\xaf\x6a\x97\xa3\x73\x11\xf5\xe4\x4d\xcd\xa6\x3d"
      "\x7a\x14\x0e\xfd\x2e\x6a\x1f\x53\x86\xf8\x71\xb1\xa6\xe5\x56\x21\xd6\xe4"
      "\xda\x06\x83\x86\x11\xc8\x0c\x6c\xba\x4e\x65\x2c\xbe\xfb\xe0\x15\xe8\x62"
      "\xd2\x03\x57\xd5\xa0\x58\xd0\xe4\x36\x4b\x53\x12\xae\x2d\x97\xe4\x38\x75"
      "\x42\x1d\xf6\xe5\xc9\xee\xdf\x27\xbb\xa6\x1c\x16\x1b\x9a\xff\x7d\x68\x46"
      "\x2d\x66\x2a\xb3\x9c\x1b\x65\x0d\xba\xbd\xe9\xbb\xde\xd5\xc8\x06\x03\x7c"
      "\x3e\xa8\x76\x55\x3d\x12\x78\x0d\x7d\xd6\xd3\x8b\x1c\x26\x30\xb8\x17\xb1"
      "\x01\xdc\xda\xec\x11\x03\xce\xe7\xd4\xab\x22\xa7\xa1\xa6\x05\xb2\xe8\x0c"
      "\x20\x0a\x87\x16\xfa\xeb\x4a\x36\x62\x5f\xa6\x49\xbf\x72\x36\x50\xcc\x5a"
      "\x68\x16\x5c\xbc\x4e\xc6\x02\xd3\x75\x4a\xf4\x49\xe1\x8a\x13\x43\x32\xa9"
      "\x9a\xe2\xe4\x9b\x8c\xe9\x1a\x21\x49\xeb\xfd\x88\xda\x60\x35\x52\x81\x21"
      "\xa5\xc4\x87\x87\xec\x34\x98\xe3\xe6\xee\x0a\x33\xdc\x18\x25\x0e\xf2\x11"
      "\x0d\x8c\x73\x82\x09\x4b\x63\xcd\xc4\xfa\x24\xa5\x1a\xe9\xe9\xc2\x4c\x8c"
      "\x47\xfb\xf0\xdc\x49\xd4\xaa\x47\x32\x28\x68\x91\xbc\xd7\x1b",
      339));
  NONFAILING(*(uint32_t*)0x20003370 = r[5]);
  NONFAILING(sprintf((char*)0x20003374, "%023llo", (long long)r[7]));
  NONFAILING(*(uint64_t*)0x2000338b = -1);
  NONFAILING(*(uint16_t*)0x20003393 = -1);
  NONFAILING(*(uint32_t*)0x20003395 = -1);
  NONFAILING(*(uint8_t*)0x20003399 = r[8]);
  NONFAILING(*(uint32_t*)0x2000339a = r[6]);
  NONFAILING(*(uint8_t*)0x2000339e = -1);
  NONFAILING(sprintf((char*)0x2000339f, "0x%016llx", (long long)-1));
  NONFAILING(sprintf((char*)0x200033b1, "%020llu", (long long)r[5]));
  NONFAILING(*(uint32_t*)0x200033c5 = r[7]);
  NONFAILING(sprintf((char*)0x200033c9, "%020llu", (long long)-1));
  NONFAILING(sprintf((char*)0x200033dd, "%023llo", (long long)r[1]));
  NONFAILING(*(uint64_t*)0x20000da8 = 0xe8);
  NONFAILING(*(uint32_t*)0x20000db0 = 0x20081);
  syscall(SYS_sendmsg, /*fd=*/r[0], /*msg=*/0x20000d80ul, /*f=*/0ul);
  syscall(SYS_shmctl, /*shmid=*/0, /*cmd=*/1ul, /*buf=*/0ul);
  NONFAILING(memcpy((void*)0x20000400, "./file0\000", 8));
  syscall(SYS_freebsd11_lstat, /*file=*/0x20000400ul, /*statbuf=*/0ul);
  NONFAILING(*(uint64_t*)0x20000180 = 0);
  syscall(SYS___semctl, /*semid=*/0, /*semnum=*/1ul, /*cmd=*/0xaul,
          /*arg=*/0x20000180ul);
}
int main(void)
{
  syscall(SYS_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul,
          /*flags=*/0x1012ul, /*fd=*/-1, /*offset=*/0ul);
  install_segv_handler();
  for (procid = 0; procid < 4; procid++) {
    if (fork() == 0) {
      loop();
    }
  }
  sleep(1000000);
  return 0;
}