// https://syzkaller.appspot.com/bug?id=05f03388c24d0f36bbde57a0b3afa290d7c59d95
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

#define __syscall syscall

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[1] = {0xffffffffffffffff};

void execute_one(void)
{
  long res = 0;
  res = syscall(SYS_socket, 0x11, 3, 0);
  if (res != -1)
    r[0] = res;
  syscall(SYS_msgget, 0, 0x1fd);
  memcpy(
      (void*)0x20000000,
      "\xb1\x00\x05\x01\x05\x00\x00\x00\x01\x00\x00\xb1\xff\xff\x02\x00\x49\x45"
      "\x1a\xe3\xd3\x05\x10\x20\x74\x10\x38\xf5\x3e\x85\x51\xf3\x0c\xe3\x90\x50"
      "\x0e\x08\xfe\xce\xa1\x1e\xa8\xfe\xf9\x6e\x4f\x96\x79\xd5\xc4\xc2\xa7\x37"
      "\x64\xae\xbd\xbe\x78\x1e\x4d\x8f\x6a\xef\x91\x87\xa8\x69\xa4\xd3\x72\x2c"
      "\x91\xf7\x50\x73\xa1\xeb\xe2\xa4\xcb\xba\x98\x2f\xd8\x25\x58\x2f\xe2\xaa"
      "\x79\x23\xed\x00\xf4\xc8\xb2\xca\x3e\xbb\xc2\x59\x69\x9a\x1f\x13\x2e\x27"
      "\xac\xb5\xd6\x02\x00\x0d\x7d\x02\x6b\xa8\xaf\x63\xff\x37\x28\x29\x34\xe4"
      "\xfd\x89\x04\x0f\xd3\x87\x2b\xab\xfb\xb7\x70\xc1\xf5\xa8\x72\xc8\x81\xff"
      "\x7c\xc5\x3c\x89\x43\x03\xb2\x98\xa8\x5f\xf3\xfa\xa8\xd9\x21\x18\x30\xe0"
      "\xf2\xf0\xc9\xf6\x9e\xc7\xab\x3a\x34\xc2\x90\x00\x00\x00\x00",
      177);
  syscall(SYS_sendto, r[0], 0x20000000, 0xb1, 0, 0, 0);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x1012, -1, 0, 0);
  loop();
  return 0;
}