// https://syzkaller.appspot.com/bug?id=45d463e3ae38f3c38f2c82f0a8c6a2c1c8ce7457
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_socket
#define SYS_socket 394
#endif
#ifndef SYS_write
#define SYS_write 4
#endif

uint64_t r[1] = {0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  res = syscall(SYS_socket, 0x10000000011, 0x8000000003, 0);
  if (res != -1)
    r[0] = res;
  memcpy((void*)0x20000100,
         "\x66\x1d\xd9\xff\x8e\x17\xff\xec\xb3\xae\xa3\xf9\x68\xa1\xa4\x22\x31"
         "\x2a\x03\xcd\x82\xe4\xec\xc3\xa8\x79\x26\xd6\x61\x70\x51\x02\x8d\x27"
         "\x38\xdc\x47\xa1\xc9\xc3\xf0\xfe\xcb\xcf\x40\xf4\x2e\x7e\xcd\x44\xa9"
         "\x2b\xbc\xac\xa8\x05\xc1\x59\x6c\x1f\xa8\xee\xd7\x59\xc5\x03\xb4\x31"
         "\x15\x7c\x02\x91\x24\xeb\x20\x78\x7a\x6f\xef\xf3\xd8\x27\x9d\x14\x52"
         "\xf6\xf6\x82\xb1\xb6\x2a\x9a\x79\x2d\xc7\xbb\x1c\x4e\xb2\x73\xc0\x9b"
         "\xa0\x46\x22\x04\x62\x67\xef\xfd\x07\x55\x19\x8e\x60\xd4\xea\x94\xeb"
         "\xac\x8f\xc9\x0c\x5d\x26\x57\x8e\x79\x7a\xda\xd3\x50\x4b\x61\x0b\x36"
         "\x21\x83\x88\xc8\xfa\xd8\xd3\x98\xaf\xc5\xd4\x73\xb6\xf5\x2f\xc1\x6d"
         "\x8a\x7a\xcf\xd5\xa1\x71\x2c\xc3\xc7\x6a\x0f\x0b\xca\x7c\xb7\x6c\x6f"
         "\xa4\xc1\x2d\x7a\x91\xbf\x2b\x6f\x45\x2c\xb4\x81\xe8\x37\x7f\x91\x9c"
         "\x07\x11\x93\x81\x7f\x08\x55\xa5\x62\x12\x06\x19\xb3\x01\x42\xce\x0d"
         "\x44\xdf\xf8\xd9\x10\xa5\x7c\xd5\xde\x0c\xbd\x45\x38\x8f\x21\x4b\xd7"
         "\x40\xac\xeb\x3f\x04\xa8\x30\x45\xdf\x11\xc7\x03\x3c\xae\xeb\xf2\x6a"
         "\xdd\xff\xa6\xa0\x9f\x32\xd6\xb4\xa9\xde\x63\xfc\x02\x98\xa3\xfd\x60"
         "\xdf\x06\xda\xd0\x3b\xe3\x58\x77\x1a\x38\x06\x9b\x88\xbd\x81\x4c\x61"
         "\x0c\x97\xb4\x71\xf0\xa9\x3b\xfc\x77\x13\xaf\xf1\xe8\x5d\x69\xeb\xa9"
         "\x1f\x3f\x1b\x75\xf9\xac\x84\xc6\x4d\xb1\xc4\xa6\x4b\x59\xf6\x97\x3c"
         "\x18\x99\xcb\x94\x80\x1d\x61\x50\x8e\x5c\x25\xeb\xb8\xb6\x12\xe7\x96"
         "\xf9\x33\x5d\xbf\xa1\x67\x60\x79\xf6\x98\xdd\x9a\x27\xff\x85\xe3\x22"
         "\x1d\x98\xcd\xd4\xda\x2b\x2b\xe8\x5b\x56\xbb\xcb\x3a\x71\xb9\x2c\x30"
         "\x4f\xaf\x29\x22\xc1\x12\x94\x42\x56\x31\x8f\xfe\x41\x17\x94\x72\xf4"
         "\xdd\xd3\x49\x82\xd9\xa4\xa7",
         381);
  syscall(SYS_write, r[0], 0x20000100, 0x70e);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x1012, -1, 0, 0);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      loop();
    }
  }
  sleep(1000000);
  return 0;
}