// https://syzkaller.appspot.com/bug?id=61756012ab3a69602c656c3a80f3ef95300231b1
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

#ifndef SYS_connect
#define SYS_connect 98
#endif
#ifndef SYS_dup
#define SYS_dup 41
#endif
#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_recvmsg
#define SYS_recvmsg 27
#endif
#ifndef SYS_socket
#define SYS_socket 394
#endif
#ifndef SYS_writev
#define SYS_writev 121
#endif

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  res = syscall(SYS_socket, 2ul, 0x10000000000003ul, 0);
  if (res != -1)
    r[0] = res;
  memcpy(
      (void*)0x20000200,
      "\x62\x02\x02\x07\xe0\x00\x00\x01\x00\x21\xb4\x03\xd2\x7d\x13\x2f\x33\xd1"
      "\x1b\xdb\xf7\xeb\x24\xb2\x49\x13\x59\x17\x28\x72\x14\xe5\x0a\x90\xbd\xe0"
      "\x00\xe4\x43\x9d\x9f\xc4\xb0\x19\x3d\x6e\x2a\xc6\x89\x4d\x75\xb9\x4c\xc1"
      "\x21\xd3\x13\xe3\x05\x7b\xfa\xfc\x56\xb4\x48\x8a\x38\xf8\x3d\x9e\xd1\xe8"
      "\xfb\xfa\x1d\xd0\x02\xdf\x41\x0a\xda\x4c\x34\x52\xe1\x70\xca\x40\x4e\x7a"
      "\x2c\x94\x05\x37\xb1\xf4\x43\x4c\xf0\x9c\x5f\xd6\x72\xab\x44\x8f\x0b\x19"
      "\x8c\xcb\xd6\x6b\x24\x79\xaa\xf1\x03\xbf\x00\x00\xec\xff\x00\x00\x00\x40"
      "\xa5\x48\x73\x3d\x4a\x64\x1d\x45\xa5\xdb\x5a\x6a\x6f\x1f\x0e\x2d\xa8\xfd"
      "\xfa\x59\xf2\xd8\xb8\xc4\x58\x52\xc0\x43\x47\xc3\xa4\x99\x20\xfe\x83\x5e"
      "\xc2\x34\xab\x7e\x17\x18\xac\x61\xaa\xa9\xe1\x3c\x17\x0a\xb7\x2e\x2f\xe1"
      "\x2c\x95\xd5\xe9\xfb\x57\x92\x81\xd1\xa0\x00\x12\x00\x00\x00\x00\x08\xfc"
      "\x76\x00\x00\x00\x00\x0b\x54\x98\x5e\xc6\x1b\x78\x8c\x22\x28\xca\xa3\x47"
      "\x65\x6a\xe3\xa6\x54\x9a\x6c\x55\x19\x91\x33\x32\x13\x91\x08\xc2\xa1\xba"
      "\x6a\x4b\xe4\x15\x12\x27\x5a\x73\x4c\xac\xc7\xcb\x73\xea\x3f\x6e\xbc\xc0"
      "\xcb\x26\x63\x83\x26\x6a\x93\x4a\xa2\x72\x27\x88\x1c\x03\xec\x56\x64\xd0"
      "\xcd\xf3\xc8\x02\x5c\xda\x4b\xa4\xde\x10\x93\xeb\xe2\x5a\x9b\x56\x3a\xa7"
      "\xc0\x23\xdc\x78\xa2\x16\xb7\xad\xaa\xbf\xf7\x9c\xa9\xc6\x60\xa9\xd0\x17"
      "\x76\xf5\x09\xe6\xb4\x29\x51\x85\x17\xbd\x0b\x13\x09\xa6\x13\x92\x1b\x1b"
      "\x87\x1d\xca\x55\x4b\x08\xf6\x7c\x44\x6e\xa7\xd2\x30\x8b\xf2\x93\x61\xd0"
      "\xd5\x68\x2f\xcd\x8e\x27\x5a\x9b\x0b\xe9\x10\x3a\x85\xd8\x3e\x3a\xa3\xe4"
      "\x9a\x9f\x0f\x46\xd9\x47\x74\xfc\xd1\xb5\xd6\xf5\x78\x38\x63\x67\xc3\x09"
      "\x25\x4c\x1b\xc2\x63\x3b\x99\x4f\xb0\x0d\xa2\x8f\x99\x7a\x96\x7b\xae\x1f"
      "\xa3\xd9\x79\xc4\xe7\x29\xef\x2d\x85\xc6\xca\x7e\x68\x55\x26\x3f\xa0\xba"
      "\x8a\x62\x16\x8b\x4a\xf4\x18\x01\x62\xce\xc5\x79\xd3\xba\x47\xa5\xfb\x57"
      "\xb2\x72\x56\xad\x02\xc4\x7a\xf8\xf1\x47\x62\x3f\xd1\x35\x23\xab\xd0\xb3"
      "\x86\x98\xf9\x37\xdf\x75\xf2\x62\x54\x9a\xe9\xdf\xbd\xe0\x49\x6f\x51\x3a"
      "\xa2\x79\x53\x37\x4f\x39\xb0\xb6\x93\x82\xdd\x07\x0e\x8a\x56\x25\xb9\xb8"
      "\xdb\x45\xa0\x90\xe5\x3f\x47\xf4\x53\x81\x5d\x48\x0a\x42\xe7\xf1\x9f\x5d"
      "\xd4\xa2\xc4\x81\x25\x63\x2b\x3d\x97\x2b\x7a\xda\x9d\x90\x9e\x27\xf8\xc9"
      "\x71\x40\x72\x2b\x0f\xa1\x01\xfb\xba\xf3\x02\x17\xf0\xda\x8d\xa4\x09\x04"
      "\x7c\x08\x7d\x00\x00\x00\x00\x00\x00\x31\x74\xbc\xbd\x22\x13\x27\x85\x86"
      "\x45\x04\x02\xb6\x89\x5c\x49\xff\x47\xe3\x58\x6a\x76\x32\x2b\x18\x60\x84"
      "\x4a\x58\xdc\xa0\x72\x0f\x27\x15\x6c\xaf\x70\xa5\x43\xc7\x3d\x37\xea\x96"
      "\x08\xf1\x73\x95\xa3\x74\xd0\x96\x15\xe0\x57\x52\x80\x7f\xa1\xa5\xe7\x98"
      "\x6f\x38\x0a\xdf\x6a\x96\xf5\x80\x59\x4e\x6d\x04\x52\xfa\x14\xcb\x8d\xc6"
      "\x75\x8b\x21\xca\x48\xfc\x7d\xbd\x5a\x3f\xaf\xba\x6d\xb3\xe5\x8e\xad\xa6"
      "\x26\x8b\xcc\xed",
      652);
  syscall(SYS_connect, r[0], 0x20000200ul, 0x10ul);
  *(uint64_t*)0x200001c0 = 0;
  *(uint64_t*)0x200001c8 = 0;
  syscall(SYS_writev, r[0], 0x200001c0ul, 1ul);
  res = syscall(SYS_socket, 2ul, 0x10000000000003ul, 0);
  if (res != -1)
    r[1] = res;
  res = syscall(SYS_dup, r[1]);
  if (res != -1)
    r[2] = res;
  *(uint64_t*)0x20000f80 = 0;
  *(uint32_t*)0x20000f88 = 0;
  *(uint64_t*)0x20000f90 = 0x20000e40;
  *(uint64_t*)0x20000e40 = 0x20000c80;
  *(uint64_t*)0x20000e48 = 0x65;
  *(uint64_t*)0x20000e50 = 0;
  *(uint64_t*)0x20000e58 = 0;
  *(uint64_t*)0x20000e60 = 0;
  *(uint64_t*)0x20000e68 = 0;
  *(uint64_t*)0x20000e70 = 0;
  *(uint64_t*)0x20000e78 = 0;
  *(uint64_t*)0x20000f98 = 4;
  *(uint64_t*)0x20000fa0 = 0;
  *(uint64_t*)0x20000fa8 = 0;
  *(uint32_t*)0x20000fb0 = 0;
  syscall(SYS_recvmsg, r[2], 0x20000f80ul, 0xc00ul);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      loop();
    }
  }
  sleep(1000000);
  return 0;
}