// https://syzkaller.appspot.com/bug?id=edc4bdcf9437492a8287e70f7c3c4231511fe690
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5000) {
        continue;
      }
      kill_and_wait(pid, &status);
      break;
    }
  }
}

#ifndef SYS_compat_50_mknod
#define SYS_compat_50_mknod 14
#endif
#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_open
#define SYS_open 5
#endif
#ifndef SYS_pwritev
#define SYS_pwritev 290
#endif

uint64_t r[1] = {0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  memcpy((void*)0x20000180, "./file0\000", 8);
  syscall(SYS_compat_50_mknod, 0x20000180ul, 0x2000ul, 0x400);
  memcpy((void*)0x20000040, "./file0\000", 8);
  res = syscall(SYS_open, 0x20000040ul, 2ul, 0ul);
  if (res != -1)
    r[0] = res;
  *(uint64_t*)0x200003c0 = 0;
  *(uint64_t*)0x200003c8 = 0;
  *(uint64_t*)0x200003d0 = 0x20000080;
  memcpy((void*)0x20000080,
         "\x01\xdf\xa1\x14\x5b\xcc\x70\xeb\x99\x95\x7d\x51\x25\xde\x34\xe2\x64"
         "\x0f\x2b\xca\x59\x62\x82\x9f\x5f\xd6\x58\x78\xb9\x2b\x4e\xfa\x73\x1a"
         "\x02\x9b\x56\xbf\x32\xfd\x2c\xe0\xf1\x14\xee\xe0\x81\x93\x7e\x8f\x11"
         "\xd5\xd7\x60\xb8\xb3\x3e\xc2\x34\xce\x85\x77\x0f\x62\x94\x72\x04\xcb"
         "\xb0\xdb\xa1\x4a\x39\xd5\x8f\x01\x6f\x91\x1b\x40\x46\x55\xc5\x08\x08"
         "\x00\x10\x06\x66\x30\x29\x66\x20\x0b\x5a\xc2\x23\x23\x00\xcf\xcb\x5f"
         "\x32\x9d\xbf\xe2\xce\x38",
         108);
  *(uint64_t*)0x200003d8 = 0x6c;
  *(uint64_t*)0x200003e0 = 0x20000100;
  memcpy((void*)0x20000100,
         "\x4f\x6c\x5c\x70\x50\xc9\x76\xa0\x18\x9e\x97\x17\x2d\x9d\x68\xef\x43"
         "\xa8\x8b\x09\xf2\x2b\x8b\x7d\x5d\x22\x50\xde\xd1\x4f\x6d\xb2\xc3\x33"
         "\x16\xfe\x60\xd7\x6b\x30\x10\xa3\x0c\x90\x7f\xe5\x4a\xbf\xe3\x68\xcb"
         "\x00\xfb\x80\xa9\xe9\x79\x6a\x62\x9c\xb7\x2a\xab\x7d\xb9\x36\x89\xb5"
         "\x7b\x1a\xfc\xe9\x71\x42\xa0\x9a\xa3\x4b\x49\x87\xa4\x40\xff\xff\x6d",
         85);
  *(uint64_t*)0x200003e8 = 0x55;
  *(uint64_t*)0x200003f0 = 0;
  *(uint64_t*)0x200003f8 = 0;
  *(uint64_t*)0x20000400 = 0;
  *(uint64_t*)0x20000408 = 0;
  *(uint64_t*)0x20000410 = 0;
  *(uint64_t*)0x20000418 = 0;
  syscall(SYS_pwritev, r[0], 0x200003c0ul, 6ul, 8ul);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      loop();
    }
  }
  sleep(1000000);
  return 0;
}