// https://syzkaller.appspot.com/bug?id=edc4bdcf9437492a8287e70f7c3c4231511fe690
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

#ifndef SYS_compat_50_mknod
#define SYS_compat_50_mknod 14
#endif
#ifndef SYS_dup2
#define SYS_dup2 90
#endif
#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_open
#define SYS_open 5
#endif
#ifndef SYS_writev
#define SYS_writev 121
#endif

static unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  memcpy((void*)0x20000000, "./file0\000", 8);
  syscall(SYS_compat_50_mknod, 0x20000000ul, 0x2001ul, 0x400);
  memcpy((void*)0x20000000, "./file0\000", 8);
  res = syscall(SYS_open, 0x20000000ul, 2ul, 0ul);
  if (res != -1)
    r[0] = res;
  memcpy((void*)0x20000000, "./file0\000", 8);
  res = syscall(SYS_open, 0x20000000ul, 0ul, 0ul);
  if (res != -1)
    r[1] = res;
  syscall(SYS_dup2, r[0], r[1]);
  *(uint64_t*)0x20000800 = 0x20000040;
  memcpy((void*)0x20000040,
         "\x8c\x18\x31\x2f\x49\x89\xb6\xe2\x63\xe9\xd0\x65\x39\xf8\x86\x5b\x10"
         "\x13\x33\x44\xa9\x89\x1f\xa5\x87\xf2\x00\xf1\xb2\xeb\xaa\x5a\xf1\xf4"
         "\xad\xec\x18\xbc\xd6\xff\xbe\x36\x9d\xad\xee\x94\x49\xf2\x93\x7c\xa3"
         "\x78\xf4\x65\x6b\xd2\xbd\xbc\xd5\xaa\x1d\xf9\x69\x2a\x0f\x8b\x17\x2d"
         "\x4e\x6d\xbc\x92\x31\x0f\xcc\xd7\x87\x9d\x99\x12\xe0\x78\xea\xed\xec"
         "\x66\xf8\xcc\x1e\x9a\xe7\xbb\x68\x88\x6c\x7e\xc0\x25\x7e\x41\xb9\x47"
         "\xa1\x5b\x28\xa0\x1c\xd8\x1d\xd8\x85\x53\x29\xa8\x98\x9a\x6f\x53\x35"
         "\xa8\xa4\x26\x64\xe3\x23\x16\x49\xd3\x52\xa6\x55\x8e\x3e\x48\x04\xca"
         "\x8d\x30\xfb\xfc\xa9\xba\xc1\x42\x68\xcd\xa8\x84\xc5",
         149);
  *(uint64_t*)0x20000808 = 0x95;
  *(uint64_t*)0x20000810 = 0x20000100;
  memcpy((void*)0x20000100,
         "\x8c\x0d\x3c\x0a\xc8\xb3\x87\x2c\x11\xb4\xc8\x52\x10\xde\xbc\x47\xc3"
         "\x9c\xce\x1c\xf2\xf8\xcf\x94\xba\x17\x57\xef\x21\x2a\xd8\x23\xe3\x17"
         "\x0e\x70\x7a\xcf\x2f\x8a\x6f\xe0\x62\xef\xaf\xb5\xab\xbb\xc2\x44\x6b",
         51);
  *(uint64_t*)0x20000818 = 0x33;
  *(uint64_t*)0x20000820 = 0;
  *(uint64_t*)0x20000828 = 0;
  *(uint64_t*)0x20000830 = 0;
  *(uint64_t*)0x20000838 = 0;
  *(uint64_t*)0x20000840 = 0;
  *(uint64_t*)0x20000848 = 0;
  *(uint64_t*)0x20000850 = 0;
  *(uint64_t*)0x20000858 = 0;
  *(uint64_t*)0x20000860 = 0;
  *(uint64_t*)0x20000868 = 0;
  *(uint64_t*)0x20000870 = 0;
  *(uint64_t*)0x20000878 = 0;
  *(uint64_t*)0x20000880 = 0;
  *(uint64_t*)0x20000888 = 0;
  syscall(SYS_writev, r[1], 0x20000800ul, 9ul);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      loop();
    }
  }
  sleep(1000000);
  return 0;
}