// https://syzkaller.appspot.com/bug?id=45d463e3ae38f3c38f2c82f0a8c6a2c1c8ce7457
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_sendto
#define SYS_sendto 133
#endif
#ifndef SYS_socket
#define SYS_socket 394
#endif

uint64_t r[1] = {0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  res = syscall(SYS_socket, 0x11, 3, 0);
  if (res != -1)
    r[0] = res;
  memcpy((void*)0x20000500,
         "\x94\x01\x05\x01\x38\xa8\x5a\x80\xb1\xb0\x78\x27\x97\x88\x8f\xd1\xf8"
         "\x38\xa3\x11\x00\x00\x00\x00\x00\x00\xb1\x38\x86\xca\x38\x49\x45\x1a"
         "\xe3\xc3\x05\x10\x20\x74\x10\x38\xf5\x53\x85\x51\xf3\x0c\xe3\x90\x50"
         "\x0e\x08\xfe\xce\xa1\x1e\xa8\xfe\xf9\x6e\x4f\xc7\x48\xe9\x3f\x0b\x78"
         "\x04\x86\xae\xbd\xbe\x78\x1e\x4d\x8f\x5e\xef\x91\x87\xa8\x69\xa4\xd3"
         "\xa4\xcb\xba\x98\x2f\xd8\x25\x58\x2f\xe2\xaa\x79\x23\xed\x00\xf4\xc8"
         "\xb2\xca\x3e\xbb\xc2\x59\x69\x9a\x1f\x13\x2e\x27\xac\xb5\xd6\x29\x34"
         "\xe4\xfd\x89\x07\x00\x00\x00\x00\x00\x00\x00\x70\xc1\xf5\xa8\x72\xc8"
         "\x8d\xff\x7c\xc5\x3c\x89\x43\x03\xb2\xa0\xa8\x5f\xf3\xfa\xa8\x00\x00"
         "\x00\x00\x00\x9e\xc7\xab\x3a\x34\xc2\x90\x00\x00\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x2d\x7e\x4a\x5d\x76\xcc\x3f\x9c\xff\x2e"
         "\xd2\x24\x3e\x56\xfa\x27\x76\x03\xc5\xcc\x1e\x04\x73\x26\xbc\xf6\xb6"
         "\x7b\x75\xd0\x0b\xf6\xee\x33\x0b\x6a\x80\xaa\x4b\x00\xcd\x0b\xa1\x87"
         "\x02\x15\x60\x7b\xb9\x12\xe3\xd7\x32\x51\x83\xce\x69\x45\x6b\x4b\x6c"
         "\xa9\x27\x87\x1c\x81\x67\x2a\x54\xec\x69\x5c\x5b\xde\xb8\x42\x83\x66"
         "\x56\xf9\x17\x94\x5c\xc0\x76\xf8\x7d\xc7\x14\xdf\xe0\xaa\x29\x47\x25"
         "\x2d\xf3\x50\x70\x7b\x22\x88\x4a\x77\x30\xcb\x6d\xba\x87\x42\x11\x0f"
         "\xbe\x9e\xc7\x48\x18\x85\x27\x43\x87\xe0\xb1\xdb\xe5\x69\x51\x22\x60"
         "\x48\x19\xb0\xb2\x29\x4b\x7b\x20\x72\x6a\x5d\x4f\xcb\x44\xf6\x2d\x00"
         "\xfa\xbb\x2f\x24\x7a\x16\x6d\x8d\x79\xd0\x5b\x8c\xc3\x70\xf5\xc1\x1d"
         "\xb5\x8a\xed\xca\x63\x2a\x6b\xf5\x40\xbe\x78\x70\x1c\x73\x0d\x0b\x0c"
         "\xa5\xab\x83\xac\xd5\x8f\xf0\xea\x0a\x3d\xca\x58\xcc\xb0\x3c\xce\x46"
         "\x6c\xda\x73\x50\x17\x19\x6f\xf3\x46\xc3\x27\x17\x39\x7d\x6e\xc6\x95"
         "\x2e\xc9\x0d\xe8\x1e\xd2\x97\xb2\x31\x9e\x13\x0f\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00",
         417);
  syscall(SYS_sendto, r[0], 0x20000500, 0x399, 0, 0, 0);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x1012, -1, 0, 0);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      loop();
    }
  }
  sleep(1000000);
  return 0;
}