// https://syzkaller.appspot.com/bug?id=e94de72534b46ee21d40a7f3cd90793f97754b49
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_socket
#define SYS_socket 394
#endif
#ifndef SYS_writev
#define SYS_writev 121
#endif

static unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[1] = {0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  res = syscall(SYS_socket, 0x11ul, 3ul, 0);
  if (res != -1)
    r[0] = res;
  *(uint64_t*)0x20000600 = 0x20000140;
  memcpy((void*)0x20000140,
         "\x1a\x52\xdb\xa5\x92\xd4\x20\x08\xe8\x0e\x75\x47\x60\xb8\x79\x9e\x0e"
         "\x73\x73\x92\xd3\x57\x64\x28\xc5\x3e\xd7\x40\x66\xcd\x7a\x6e\x71\x63"
         "\xc6\x2b\xc6\xf4\x4e\x09\x61\xf4\x91\xf3\x8e\x65\xf6\xe4\xee\x51\xa7"
         "\xd1\xcb\x92\xda\x66\x55\x20\xbe\x56\xe2\xe8\x41\xa8\x7f\x5c\xc1\x56"
         "\xf5\x2e\x7a\x24\xb7\xc2\x01\x57\xe6\xdf\x1f\xb0\x23\x1c\xd9\xe2\xd5"
         "\x98\xdf\x38\x9d\x7e\x54\x05\xbf\xe2\x51\x4e\x1c\xff\x86\xa2\xac\x87"
         "\x51\xc8\x34\x42\x9f\xbe\x89\x10\x9a\x2a\x3b\xb5\xf6\x41\x85\x62\x39"
         "\x4b\x8b\x49\xe0\x1d\x4b\x32\xf9\xe0\x31\x78\x85\x01\x17\x8b\xee\xfa"
         "\x6a\xa2\xd6\x4d\x3d\xdd\x66\x34\x94\x56\x48\xfd\x12\xe8\xfc\x2f\xb9"
         "\x02\x95\x7e\xc3\x92\xe4\x41\x84\x05\x14\x42\x33\x51\x98\xa1\xc9\x6b"
         "\xc4\xee\xf4\x59\x99\x9e\xa4\xa1\xb7\x38\x5f\xb3\xeb\x34\xe0\x06\x43"
         "\x7c\xb8\x34\xbd\x58\x1d\x46\x76\x51\xbf\xa3\x4e\x90\x58\x66\x25\xd1"
         "\x3f\x2f\x7e\x21\x72\x22\x6a\x2a\x10\x0f\x2b\x06\x86\xc7\x23\x51\x9b"
         "\xad\xf8\x94\xcb\x64\x77\xd2\x2c\x0f\x3b\xb5\x86\xfa\x77\xb7\x8e\xe1"
         "\x21\xb9\x06\x7f\xa1\x8f\xab\xbe\xab\x5c\xc7\x7f\xd7\x35\xf2\xa4\x49",
         255);
  *(uint64_t*)0x20000608 = 0xff;
  *(uint64_t*)0x20000610 = 0;
  *(uint64_t*)0x20000618 = 0;
  *(uint64_t*)0x20000620 = 0x20000080;
  memcpy((void*)0x20000080,
         "\x26\xe0\x41\x70\xf5\xcb\x3b\x34\x72\x1f\x3c\xe2\x9a\xdc\x9c\xad\x5f"
         "\x32\x18\x4a\x89\xc7\xb5\x4c\x32\x8a\xdd\xf6\x29\x5a\x25\xda\x2d\x77"
         "\x06\xe8\x71\x46\x4c\xff\xd8\x62\x12\xc2\xdd\x31\xab\x8c\xce\x3f\x65"
         "\x62\xad\x3d\x0b\xee\x86\xf0\x88\x9e\x9f\xb3\x2a\xe2\xe7\xbd\x46\x20"
         "\x38\x18\x18\x79\x84\x2e\xe4",
         75);
  *(uint64_t*)0x20000628 = 0x4b;
  *(uint64_t*)0x20000630 = 0x20000240;
  memcpy(
      (void*)0x20000240,
      "\x5b\x39\x08\xfb\xb7\x5b\xfc\x6d\x9e\xc1\x1e\xb6\x83\xae\x69\xc1\xfd\xd2"
      "\x69\x87\xf7\x3b\x42\x0e\x6d\xdb\x36\x1b\xa3\x11\xe5\xf2\x1e\xb0\x46\x09"
      "\x10\xf1\xb5\xa6\xf2\x86\xac\xef\x6d\xc6\xb7\x8f\x0a\x39\xd3\x43\xf3\x8d"
      "\xf2\xe8\x67\x5b\xc9\x21\x82\xa7\xb6\x51\x7f\x0f\x60\x6a\x33\xb2\xfb\x15"
      "\x80\xb1\xf5\xfa\xdd\x66\x9b\x31\xb4\x6d\x2a\xe9\x62\x26\xd3\x96\x59\x88"
      "\xa3\x73\x67\x55\x63\xcc\x09\x2b\xfb\x32\x2e\x65\xc4\xad\x75\x8c\x8f\x47"
      "\xe2\xc1\x2d\x17\x78\x0d\x2b\xc7\xd5\xcf\x8c\x1d\x8e\xf0\x63\x8b\x35\xa0"
      "\x20\xb5\xa8\x83\x17\xf2\x19\xd7\x4a\x59\xad\x0d\x13\x79",
      140);
  *(uint64_t*)0x20000638 = 0x8c;
  *(uint64_t*)0x20000640 = 0;
  *(uint64_t*)0x20000648 = 0;
  *(uint64_t*)0x20000650 = 0x20000340;
  memcpy((void*)0x20000340,
         "\xcd\x28\x29\xf2\x39\x1d\xa0\x30\xeb\xd4\x29\x60\x83\xf5\xcc\x71\x03"
         "\x14\x5e\xde\x03\xae\x75\xe5\x23\x52\x0e\x4d\x13\x3c\x12\x4a\xf3\xe3"
         "\xd5\x51\x40\x98\xd7\x5d\x9e\xae\xc5\xd1\xb4\x2b\xa7\x73\x51\x8b\x9b"
         "\x80\x64\xf7\xe0\xb6\x6d\x8d\x31\x71\x9c\xf0\xbd\x7a\xf7\xe2\xa7\xc2"
         "\xfc\xf6\xbe\x7b\xfa\x1e\xe3\x14\x74\x71\x04\x6e\xb3\x45\x35\xc2\x62"
         "\xd8\xf5\x58\x20\x00\x87\xf9\x75\x44\x8b\x5d\x2a\x69\xad\x7b\x8e\x8a"
         "\xb3\x61\x95\x64\x00\xf6\xf6\xe9\x7c\xe3\x30\x6e\x36\x30\xb3\xbe\x30"
         "\x91\x18\xcf\xd0\xc8\x0f\x31\x76\xdb\xd6\x0d\x01\xee\xda\xdc\x84\x8f"
         "\x0d\x47\xa7\x6b\x46\x50\xaf\xf8\x38\x89\x95\x94\x99\xe8\xbb\x6c\x0d"
         "\x1e\x1e\xca\x79\x68\x87\xd5\x01\xa2\x2b\x3a\x4d\x08\x4b\xda\x4d\x1d"
         "\x2f\x4a\x00\x9d\x49\xed\x80\xd0\x6d\xb0\x8b\x0e\xad\x25\x5e\x8e\xca",
         187);
  *(uint64_t*)0x20000658 = 0xbb;
  *(uint64_t*)0x20000660 = 0x20000400;
  memcpy(
      (void*)0x20000400,
      "\x66\xfd\xf6\x44\xe0\xf2\x73\xb4\xc7\xfd\xf9\x01\xd5\x70\x64\x2e\xf3\x26"
      "\xf8\xaa\x85\xb0\xc8\xed\x5b\x7a\x18\xf9\x92\x3a\xd9\x72\x7e\x86\xea\x3c"
      "\xd9\x60\xef\x2c\xc0\x47\x88\x67\x0f\xa8\xf8\x69\x94\x02\xe2\xf3\x72\x71"
      "\x5c\x93\xd0\xed\xaf\xaa\xb1\x7e\x99\xe0\x2b\x9a\x5c\x62\x83\xfd\x88\x84"
      "\xd4\xb3\xab\x53\xbb\xfa\xcc\x4f\x6d\x04\x13\xeb\x6f\x9f\x43\xf8\xc0\xee"
      "\xc0\x43\x3b\x4f\x32\xc3\x25\x4a\x92\x75\x36\xc9\x08\x14\xbd\xa0\xeb\xaa"
      "\x1a\x31\x9e\xae\xe9\x0b\xdf\xbe\x47\x4d\x23\x6d\xa8\x13\x12\x25\xa9\x3c"
      "\x88\x43\x0c\xc8\x2c\x57\x0b\x3c\x10\x10\xb5\x8c\x13\x34\x0c\x08\xa6\x8e"
      "\x95\x06\x7e\xa8\xed\x92\x1f\x33\x37\xbe\x79\x15\xbb\x11\x86\xdf\xc7\x01"
      "\xb9\xda\x25\x76\x33\x57\xa4\x30\x8d\x92\x20\xc3\xdb\x10\x21\x27\x0a\x89"
      "\x9b\xc5\xc6\x18\x51\x69\xad\xc7\xef\xde\xed\x1f\x44\xa2\xbe\x5d\xe6\x3c"
      "\x18\x24\x04\x7d\x90\xf0\x32\xe3\x8a\xec\x63\x22\x67\xa4\x4d\x67\x50\x88"
      "\x19\x8f\x7d\x93\x37\x2f\x09\xe5\x04\xd9\xda\x20\x46\xdb\xb5\xd1\x00\xd4"
      "\xe6\x91\x4d\x03\x9d\x5c\xf4",
      241);
  *(uint64_t*)0x20000668 = 0xf1;
  *(uint64_t*)0x20000670 = 0;
  *(uint64_t*)0x20000678 = 0;
  *(uint64_t*)0x20000680 = 0;
  *(uint64_t*)0x20000688 = 0;
  *(uint64_t*)0x20000690 = 0;
  *(uint64_t*)0x20000698 = 0;
  syscall(SYS_writev, r[0], 0x20000600ul, 0xaul);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      loop();
    }
  }
  sleep(1000000);
  return 0;
}