// https://syzkaller.appspot.com/bug?id=dd302de76ce71516f929e4504daa4010f033cd9c
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <sys/types.h>

#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/endian.h>
#include <sys/syscall.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[1] = {0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  memcpy((void*)0x200000c0, "/dev/pf\000", 8);
  res = syscall(SYS_openat, 0xffffffffffffff9cul, 0x200000c0ul, 1ul, 0ul);
  if (res != -1)
    r[0] = res;
  memcpy(
      (void*)0x20000980,
      "\x08\x00\x00\x00\x0f\x96\x76\xbe\x65\x1e\x44\x05\x50\x30\xc3\x1a\x9a\xaf"
      "\xd8\x66\xc5\x18\x20\x00\x00\x00\xa8\x70\x73\x68\x77\xa0\xe6\x97\x00\x00"
      "\x07\x00\x00\x00\x00\x00\x00\xff\x09\xdd\x36\xca\x55\xed\x19\xd8\x7a\xb3"
      "\xee\x43\x24\x8a\x63\x5d\xc7\x08\x71\x3b\xf7\xa8\x02\x19\x65\x8b\x97\xd0"
      "\xb3\x01\x36\x09\x92\x8b\x97\x47\x9b\x59\x0d\x61\x0e\x63\x68\xd1\xac\x06"
      "\xb4\xea\x50\xdd\x4e\x55\x42\xad\x21\x4e\xcf\xc9\x70\x6a\xf0\xf6\xbc\x6c"
      "\xdf\xbb\xe8\xb2\x36\x6d\xc0\x44\x97\x04\x03\xdb\xef\x42\x80\x2c\xc9\x11"
      "\x40\x00\x00\xee\xa7\xe7\xc3\xb9\x98\xe4\x08\x22\x4e\x29\x95\x86\x85\x60"
      "\xb8\xcd\xae\xf9\x01\xce\x40\xc5\xbc\x15\x1e\xe9\x92\x5e\x83\x3e\xaf\x00"
      "\x10\x00\x00\xbf\x09\xfa\x4f\x32\x3e\xc6\x8d\x7f\xc9\xdb\x09\x08\xa0\xda"
      "\x7e\x76\x83\x5c\xde\x09\xff\x00\x4f\xc7\x3a\xfe\x70\x07\x00\xdb\x5a\x00"
      "\x01\x00\x00\x3f\x7d\x6b\x6c\x05\x2b\xe4\xe0\x28\x5e\xd3\x3b\xf7\x81\x95"
      "\x39\x00\x12\xda\xd6\xb5\x96\xcf\x1c\x9c\x93\x38\x96\x71\x85\xf0\x9a\xef"
      "\x01\x00\x5a\x6c\x7b\x36\x9d\xb6\x69\xdc\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\xe4\x0c\x33\x77\xb7\x86\x97\x09\x89\xd5\x31\x71\x46\x8b\xa7\x1b\x11"
      "\x06\x40\xb4\x40\xf5\xd6\x82\x2a\xf0\xb7\x5a\x49\xe7\x2c\x77\x43\xb6\x67"
      "\x60\x4b\x2b\xf7\x97\x1d\x34\x4f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x8d\xc1\xa0\x44\x00\x00\x00\x3b\x0c\x77\xd6\xd0\x05\x33\x4f\x3e\x9f"
      "\x56\x2d\xf4\xce\xa8\x1e\x48\x94\xcc\xc5\x61\xd8\x03\xe5\xad\xb6\xac\x41"
      "\xd7\x62\x3f\x58\x9a\x3e\x1b\xef\x59\x55\xd3\x1c\xb9\x9f\xe3\x3d\xa2\x78"
      "\x27\xa5\x69\x4b\xbe\x8e\xe3\x99\xb5\x59\x5b\xc2\xbd\x91\x2a\x32\x41\x94"
      "\x62\x50\x6f\xf7\xc3\x5c\x81\xdc\x3d\xde\x11\xf7\x49\xa6\xa5\xf9\xa8\x90"
      "\x89\xaf\xb3\x3f\xff\xea\x18\x3e\x16\xbb\x2b\x7c\x0d\xab\xf5\xa3\x2c\x23"
      "\x9a\xb8\x5d\x5a\x40\x44\xa9\xad\x2b\x54\x2a\xa6\x12\x89\x08\xf3\xac\xea"
      "\x21\xcd\x9a\x37\x85\x08\x6e\x7d\xc0\xa1\xea\xb7\x1a\x78\xd5\x28\x34\xe4"
      "\x2d\x32\x21\x9b\x50\xeb\x17\xb7\x40\x54\xef\x13\x71\xf2\xde\x26\x59\x81"
      "\x29\x6a\xab\xe9\x02\xd7\x31\xd8\xfc\xf3\x88\x1e\xcd\x1e\x94\x9d\xac\x57"
      "\x68\xe8\x2b\x98\x57\x92\xb9\xab\x8b\x8d\xab\x16\x48\x52\x70\x8e\xad"
      "\x2a",
      504);
  syscall(SYS_connect, -1, 0x20000980ul, 1ul);
  memcpy(
      (void*)0x20000500,
      "\xa3\x37\xd4\x2b\x3a\xa7\x59\xd0\xb2\x6f\x8a\x80\xd5\x86\x2d\x8d\x61\xda"
      "\xfb\x0d\xe0\x89\xc3\xe6\x97\xa0\xcf\xf4\x0f\xa1\xbb\x87\x6a\xbc\xd9\xdf"
      "\xf1\x13\xff\xb2\x91\xe7\xb2\x06\x40\xf1\x5b\x49\x53\x6b\x28\xa5\xf8\x08"
      "\x83\x77\xdf\xe2\xb8\x30\x42\x64\x21\x27\x14\xe3\xfc\xc4\x8c\xa8\xe1\x4e"
      "\x3e\xb6\x83\xd6\x51\x68\x90\x47\xc6\x67\x23\xc5\xe1\xfd\x09\xc7\x1a\xf4"
      "\xaa\x90\x42\x2c\x13\x2c\xe5\x5e\x5d\xb7\x6e\xa1\x03\x91\xec\xd7\x39\xe3"
      "\x90\x5f\x4d\xfe\x21\x67\xa9\x6a\x09\x5e\x48\x57\xb2\xc9\x49\x80\xdf\xe9"
      "\x2c\x66\xa2\x26\x48\xcc\xe2\xb9\xba\x5d\x9e\x29\xab\x68\x54\x0b\xcb\xa2"
      "\x4e\xd1\x64\x19\x19\xd4\x15\x2b\x4f\xb6\x64\xd5\x76\x36\x5f\x2f\x51\xb8"
      "\x60\xc8\x38\x4f\x69\x45\x42\x14\xc8\xe6\xa4\x64\xad\x8c\xc2\x54\x55\xc0"
      "\xaf\x84\xd4\xf8\x92\xbf\x00\x75\x86\x00\xd2\x32\x93\x77\x37\xad\x20\x10"
      "\x86\x27\x78\x1a\xbc\xd1\xcc\x0e\x97\xf1\xa0\x0c\xea\xa5\x41\x9f\x60\xe5"
      "\xdb\xcd\xd6\xd4\x58\x2a\xf0\xe8\xb6\x10\x1a\x86\x56\x99\xac\x96\x44\x36"
      "\x20\xb6\xed\x8f\xd4\xbf\x35\xd4\xae\xad\x54\xc6\x3e\xe0\x16\xee\x54\x58"
      "\xa6\x46\x7f\xef\xa3\xc2\xab\x13\x4d\xc5\xb0\x75\x2e\x6b\xea\x3e\x6d\xe4"
      "\x32\xa5\x4e\xec\x01\x67\x48\x3d\x1c\xe4\xa2\xe3\xfb\x3a\xf5\xe6\xea\xfd"
      "\xe8\xbf\xde\x06\x96\x3a\x76\x88\x1f\x03\x62\xf0\xd8\x3a\x89\x34\xf0\x91"
      "\xc1\x09\x37\x34\x22\x7c\x55\x2e\x05\x86\x13\xa3\xb6\x86\xee\x53\x62\x14"
      "\x67\xe7\xdb\x15\x6e\xc9\xd8\x17\x56\x37\x91\x4d\xe9\x76\x9d\xe0\x9d\x97"
      "\xc1\x6d\xdd\x98\x52\xe1\x62\xb3\x36\x82\x81\x8a\x3e\xec\x71\x24\x69\x59"
      "\xdf\x1e\xf1\x88\x2d\x3c\xae\x4e\xed\xeb\xdb\x88\xed\x40\x45\x6f\xc1\xe7"
      "\xd6\x79\xd3\xd9\x80\x57\x0d\xd7\x51\xef\xb5\x83\xa4\x02\x8a\x4a\xe5\xd1"
      "\x4b\x7d\xfe\x08\xb1\xad\x3b\x04\xbc\x91\x52\xc7\xaf\xec\x92\xb0\xfd\x08"
      "\xf8\xc6\x2b\x33\xb2\x56\x63\x75\x0c\xfd\x48\xd6\xaa\x2e\x20\x17\xf0\xa1"
      "\xd3\x00\x1a\x55\x93\x58\xd0\xd7\xe1\xd8\x76\x01\xfc\x8c\x65\xfd\x59\xae"
      "\xc0\x4d\xb7\xa6\xc2\x5d\x70\x56\xc7\x50\x39\xc4\x1d\x64\x53\x57\xb8\xaf"
      "\x4e\xba\x7c\x44\x86\x47\x89\x34\xbf\x8a\xee\x95\x19\x2f\x85\x8d\xda\x1c"
      "\xa6\xed\x62\xe9\x3b\xf3\x33\xf5\xb0\x52\x6b\x3c\x2b\x87\xe9\xcb\x12\x29"
      "\x21\xd9\xf6\x18\xb5\x5a\xb5\x5a\xc2\x6f\xf7\x18\x0c\xd9\x03\xc1\x85\x0f"
      "\xba\xe9\x75\x9d\x21\xe8\x89\x9b\x36\x4a\x8c\xbd\x5a\x7d\x72\xe3\x0f\xb0"
      "\x4d\xc7\xe3\x07\x54\x09\x32\xdd\xee\xf3\x9b\x65\x16\xff\x68\x35\xb1\x01"
      "\xd5\x4c\x09\xdc\x84\xd2\x5b\x91\x29\x85\x1c\xa4\x14\x85\x59\x16\xde\xe0"
      "\x11\x2d\xd2\xc9\x83\x35\x85\xbd\xa2\xd8\x88\xf6\x68\x73\xdc\x68\x18\x27"
      "\x48\x8f\x40\x98\x5c\x7d\x92\x51\x20\x94\xb7\x20\x08\x7b\x13\x00\x29\xe9"
      "\xc4\x18\x0a\xc6\xcb\xcc\x9b\xec\xf3\xd7\x57\x73\xee\x17\x6a\x2f\x22\xd3"
      "\xc3\x35\x7d\x49\xf8\x39\xfa\x83\xe5\x43\x7a\x28\x36\x6c\xa4\x12\xec\xae"
      "\x71\xc7\xac\x9d\xe0\x91\x7d\x32\xc2\xe3\x19\x8e\x4f\xbe\x2d\x4f\xf9\x93"
      "\x53\x6d\x3d\x26\xf1\xf2\x66\xed\x5a\x34\x44\xd6\x00\x31\xb8\x89\xf6\x97"
      "\xe9\xbd\xaf\x1b\xbb\x06\x44\xef\xff\xd3\x2a\xde\x82\x6f\x9d\xa4\xb8\x73"
      "\xa2\x49\x59\x9c\xfc\x91\xb8\x4f\x70\x25\xc9\x6e\x1e\xb8\xb6\x4c\xe9\xf9"
      "\x4a\x16\xa5\x42\xc8\x05\x78\x26\x76\x89\x2b\xdc\x7c\x89\x7b\x82\x3a\xc9"
      "\x92\x17\xdf\x9f\x73\xdc\x0d\xbe\x96\xf2\x79\x02\x9f\xb6\x7b\xbe\x94\x32"
      "\x1a\x9d\x70\xfb\xae\x11\x6e\x0f\xec\xc5\xb5\xb0\x45\x69\x57\x88\x47\xb8"
      "\x7b\x14\xd6\x41\xe9\x7c\x3f\x3d\x74\x72\x2c\x8f\x7e\x8e\x09\xb2\xab\xee"
      "\x67\xc6\xaf\x1b\xce\x50\x6a\xf7\xbc\xe2\xc6\x27\x32\x43\xce\x74\x04\xc8"
      "\x7d\xbc\x47\x92\xfd\x03\xbe\x41\x99\xd5\x45\x24\xc8\x49\x13\x6b\xc6\xa6"
      "\x16\xc7\xef\x2a\xa5\xb0\x23\x03\x34\xff\x53\xd5\x99\x69\x69\xc5\xfb\x87"
      "\x82\xc9\x1f\x7f\x11\x04\x6e\xd1\x21\x86\x25\xea\x15\xa4\xdb\x0a\x57\xc5"
      "\xa2\x0e\x0d\x53\x8d\x29\x57\x3b\x83\x28\x8c\x96\x1c\xd7\x33\x6b\x6b\xec"
      "\x3b\xb2\x1e\xb4\xa9\xcc\xd0\x03\x00\xbe\x69\x49\x06\x5c\xfa\x01\xba\x21"
      "\xb5\x10\x26\x26\x4a\xe5\x30\xd4\x4e\x69\x4c\xbd\x5b\xd1\x5f\xc8\xba\x8e"
      "\x89\x89\x8f\x0e\x5f\x6d\x0b\xbd\x2a\xcf\x14\x24\x97\x4f\x10\xd1\x44\x9e"
      "\xe5\xca\x64\xdd\xd5\xe9\x44\xe3\x7a\x94\x2a\x08\x82\x31\xc1\xdb\xb9\xa5"
      "\xca\x3c\x07\xab\xa5\x85\x94\x8f\xdf\xc5\x47\x0c\xab\x7b\xcd\x38\xf2\x42"
      "\xa6\x42\xbd\x88\x1a\xa4\x19\xfb\x9a\x6a\xfc\xab\x29\x86\x00\x71\x7f\x65"
      "\x38\x7b\xaa\x48\x1f\x9d\x08\xf3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
      1024);
  memcpy((void*)0x20000900,
         "\xda\xff\x37\xd9\xc4\x5f\x26\xb0\x5a\xe1\x3c\x30\xb3\xa0\x8e\x32\xa0"
         "\x17\x67\xca\x5b\xda\x15\x9b\x1e\xc0\x00\xf5\x4f\xb6\xe0\x3a",
         32);
  *(uint32_t*)0x20000920 = 0;
  *(uint8_t*)0x20000924 = 0x2f;
  *(uint64_t*)0x20000928 = 0;
  *(uint64_t*)0x20000930 = 0;
  *(uint64_t*)0x20000938 = 2;
  *(uint64_t*)0x20000940 = 0;
  *(uint64_t*)0x20000948 = 0;
  *(uint64_t*)0x20000950 = 0;
  *(uint64_t*)0x20000958 = 0;
  *(uint64_t*)0x20000960 = 0x341f;
  *(uint32_t*)0x20000968 = 0;
  syscall(SYS_ioctl, -1, 0xc450443dul, 0x20000500ul);
  syscall(SYS_ioctl, r[0], 0xcbe04404ul, 0x20000100ul);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x1012ul, -1, 0ul);
  loop();
  return 0;
}