// https://syzkaller.appspot.com/bug?id=eacb006878e13eb9f41f1f570454629d15705328
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/resource.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void sandbox_common()
{
  if (setsid() == -1)
    exit(1);
  struct rlimit rlim;
  rlim.rlim_cur = rlim.rlim_max = 8 << 20;
  setrlimit(RLIMIT_MEMLOCK, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 1 << 20;
  setrlimit(RLIMIT_FSIZE, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 1 << 20;
  setrlimit(RLIMIT_STACK, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 0;
  setrlimit(RLIMIT_CORE, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 256;
  setrlimit(RLIMIT_NOFILE, &rlim);
}

static void loop();

static int do_sandbox_none(void)
{
  sandbox_common();
  loop();
  return 0;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5 * 1000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

#ifndef SYS_connect
#define SYS_connect 98
#endif
#ifndef SYS_dup2
#define SYS_dup2 90
#endif
#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_pipe
#define SYS_pipe 42
#endif
#ifndef SYS_sendmsg
#define SYS_sendmsg 28
#endif
#ifndef SYS_setsockopt
#define SYS_setsockopt 105
#endif
#ifndef SYS_socket
#define SYS_socket 394
#endif

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  syscall(SYS_socket, 2ul, 2ul, 0);
  syscall(SYS_pipe, 0ul);
  res = syscall(SYS_socket, 0x10ul, 2ul, 0);
  if (res != -1)
    r[0] = res;
  res = syscall(SYS_socket, 2ul, 2ul, 0);
  if (res != -1)
    r[1] = res;
  syscall(SYS_pipe, 0x200000c0ul);
  *(uint16_t*)0x20000040 = 2;
  *(uint16_t*)0x20000042 = htobe16(0x4e20 + procid * 4);
  *(uint8_t*)0x20000044 = 0;
  *(uint8_t*)0x20000045 = 0;
  *(uint8_t*)0x20000046 = 0;
  *(uint8_t*)0x20000047 = 0;
  *(uint8_t*)0x20000048 = 0;
  *(uint8_t*)0x20000049 = 0;
  *(uint8_t*)0x2000004a = 0;
  *(uint8_t*)0x2000004b = 0;
  syscall(SYS_connect, r[1], 0x20000040ul, 0xcul);
  syscall(SYS_dup2, r[0], -1);
  syscall(SYS_setsockopt, -1, 0ul, 0ul, 0ul, 0ul);
  res = syscall(SYS_socket, 2ul, 2ul, 0);
  if (res != -1)
    r[2] = res;
  *(uint64_t*)0x20000840 = 0x20000100;
  *(uint16_t*)0x20000100 = 0xebf7;
  *(uint8_t*)0x20000102 = 0;
  *(uint32_t*)0x20000104 = 0x4e23 + procid * 4;
  *(uint32_t*)0x20000848 = 8;
  *(uint64_t*)0x20000850 = 0x20000740;
  *(uint64_t*)0x20000740 = 0x20000140;
  memcpy((void*)0x20000140,
         "\xda\x13\x22\xc0\xd2\x9a\xed\xe5\x08\x28\x41\x14\xfb\x66\x9f\x33\xe2"
         "\x2a\x84\x04\xa5\xa9\x9b\x0d\x0e\x3e\xd0\x6f\xd6\x6f\xc1\xc4\xdc\x6f"
         "\x3f\x1f\xaa\xe1\x53\x8f\x5a\x91\x0b\xd8\xdf\xda\x22\xa2\x7d\x67\xd0"
         "\x0f\xea\x13\x80\xc0\xab\xb8\x57\x9b\xdd\xd4\x07\xfd\xd2\xd7\xb2\x72"
         "\xe4\x09\xd0\x2a\x5d\x28\x2b\x20\x61\x22\x9e\x3c\x51\xc6\x0a\x9d\x64"
         "\x32\xed\xd5\xc0\xd9\xa1\xfc\x2f\x9d\xca\x4a\xf9\xfc\xef\x60\x97\xf8"
         "\x71\xe8\x68\xcb\xb5\x6d\x6f\x76\x43\xe9\x75\x81\x55\x0e\x0d\x07\xbc"
         "\x39\x2b\x18\xf7\x25\x15\xff\x34\x95\xac\x01\xd0\x5b\x28\x58\x60\x85"
         "\x4a\x09\x65\x4d\x57\xfd\x5b\xdb\x88\x38\x95\xac\xd2\x56\x03\xd3\xe6"
         "\x1e\xb6\x76\x70\xe6\x37\xe8\xd5",
         161);
  *(uint64_t*)0x20000748 = 0xa1;
  *(uint64_t*)0x20000750 = 0x20000200;
  memcpy((void*)0x20000200,
         "\xda\x82\xe0\x95\xb9\xa2\x93\x97\x58\x54\x77\xb0\x99\xa0\x64\x90\x00"
         "\x53\x53\x6d\xce\xed\x9c\x28\xb6\x88\x86\xed\xd4\x22\x8f\x97\x81\x3a"
         "\x97\x6f\x78\x62\x27\x6a\x16\xa4\x29\xe3\x5e\x6d\xf2\xb3\x3a\x2b\x04"
         "\x70\x0c\x3d\x01\xe6\x57\xb0\x2d\x80\x87\x23\xde\x42\x5e\x4b\x1e\x16"
         "\xf2\x6a\x59\xfa\xad\x79\xda\xc4\xbc\x0a\xd3\x8f\x80\xcc\x12\x2a\x1e"
         "\x5b\x8a\x62\x50\xb1\x79\xef\xd0\x3c\x0b\xc3\x78\x64\xb7\xfe\xa7\xd8"
         "\x68\x5a\xe5\xa5\x1d\x6b\xe6\xe1\x46\xed\x45\xb2\x99\x16\x3f\xf2\x67"
         "\x69\x73\xdf\x5c\xa3\x32\xf1\x1a\x4a\x4a\x7f\xb7\x7f\x46\xec\x20\xf1"
         "\x48\x2b\x5c\x3d\x13\x27\x18\x2f\x02\xe8\xe7\x9a\x6a\xf5\x62\xe1\xda"
         "\xc2\x7c\x1d\xee\x53\xe8\x08\xfa\x60\x86\x55\xaf\x3d\x83\x02\xa6\x5d"
         "\x63\x24\xbd\xd1\x78\x3f\xfb\x4f\xcb\xf3\x66\x92\x90\x3a\x5c\x04\xc5"
         "\x33\xe4\x83\x4d\x73\xa2\xf7\x7b\x45\x4e\x12\x59\xb1\x31\xec\xf3\xc3"
         "\x46\xab\x1b\x4e\x05\x7c\x0b\xc7\xb1\xea\x7b\xd0\x9e\xb1\xa6\x20\xcd"
         "\x2b\x69\x06\x05\xad",
         226);
  *(uint64_t*)0x20000758 = 0xe2;
  *(uint64_t*)0x20000760 = 0x20000300;
  memcpy((void*)0x20000300,
         "\x4b\xa2\xbe\x30\x00\xf7\xf6\xbf\xb8\xb9\x3c\xab\xc3\x8c\x71\x96\x4c"
         "\x0a\xf0\xb3\x0a\xb7\x8f\x68\xfb\x52\x6b\xe9\x6c\xc8\x3f\x1d\xa4\x15"
         "\x20\xdb\xb2\x4b\x49\xbe\x5b\x7e\x75\xc7\x32\x77\xfe\x30\xbf\xab\xfc"
         "\xdf\x76\xe1\xd0\x5e\x07\xa7\x0b\xa6\x3b\xcc\xdb\x65\x47\x5d\x9a\xf4"
         "\x08\x05\xca\xae\x75\x69\xdc\xc9\x5f\xbc\x41\xb7\x0c\xa9\xda\x8c\x9e"
         "\x95\xbe\x7e\x66\x35\xf5\x6d\x75\xeb\x3a\xc0\xdf\xc8\x41\xbb\x28\xa3"
         "\xfc\x99\x66\x7c\x2a\xfa\x6f\x1f\xb6\x8e\x18\x19\xcc\x43\xd8\xab\xe0"
         "\x4f\x12\x1f\x6f\x4f\x38\x3c\x73\x5e\x22\x64\x4a\x0c\x40\x63\xba\x7d"
         "\x1b\x8c\x53\x74\x0a\x26\x40\x7e\xee\x8e\x91\xf7\xc1\x6a\xe3\xcf\x3c"
         "\xf6\x99\xf8\xe6\x55\x9b\x5b\xe5\x43\x61\xed\x2a\xc3\x0a\x9a\x4e\x11"
         "\x71\x93\xc1\xd4\x6f\x4f\xf9\xa9\xbd\x6f\x1a\x21\x77\xd1",
         184);
  *(uint64_t*)0x20000768 = 0xb8;
  *(uint64_t*)0x20000770 = 0;
  *(uint64_t*)0x20000778 = 0;
  *(uint64_t*)0x20000780 = 0x20000540;
  memcpy((void*)0x20000540,
         "\xfd\x57\x61\xd8\x5d\xcc\x9b\x12\x1a\xab\x4b\x2d\x78\x91\x6f\xbc\xb1"
         "\xd7\xc6\xda\xa8\xf3\x57\x36\x4a\xdf\xdd\x82\xa5\xfe\x10\xbb\x51\x7b"
         "\xf8\x4a\x8c\xa8\x8d\xf9\xd5\x57\x5f\xcd\x96\x75\x28\xed\x52\x0d\x1d"
         "\x9c\x64\xda\x8b\xc9\x4c\x85\xe5\x1f\x7e\xcc\xd8\xfd\x73\x00\x73\xc6"
         "\x83\x10\x1a\x6b\xfd\x9f\x6a\x98\x79\xb3\xd2\x72\xd3\xbd\x4b\x76\xa3"
         "\x11\xca\x5b\x7e\x30\xc4\xf7\x4b\xb4\xcc\xae\x16\xf4\x76\x5b\xba\x9e"
         "\x9d\x1d\x27\xde\x42\x77\x70\xa7\x35\xb3\xa0\xdb\x1e\xe9\x8c\x12\x8d"
         "\xdd\xf6\x5c\xbb\x9b\x46\xb2\x26\xed\x11\x6f\x54\x7c\x2a\xfc\xc9\x70"
         "\xd7\x85\x2b\x8c\xa3\xe6\x3c\xaf\x1a\x1b\x90\x9b\x72\x71\xd2\x31\xb0"
         "\x69\x43\xf0\x61\xfc\xc2\x92\x79\xff\xcb\xca\x45\xb6\xca\xcc\x19\x43"
         "\x2e\x82\xbb\xbb\x1b\x62\x13\xb2\x2d\x44\x97\x1b\x9d\x73\x91\x1e\x5e"
         "\x6a\x84\xba\x7d\x54\xc1\x9b\x7b\x54\x56",
         197);
  *(uint64_t*)0x20000788 = 0xc5;
  *(uint64_t*)0x20000790 = 0x200004c0;
  memcpy((void*)0x200004c0, "\x8f\x77\xe2\x1a\x4a\x7e\xfc\x74\x14\xb0", 10);
  *(uint64_t*)0x20000798 = 0xa;
  *(uint64_t*)0x200007a0 = 0x20000640;
  memcpy((void*)0x20000640,
         "\x97\x31\xeb\x73\x3c\xcf\xd4\x44\xed\x0f\x89\x24\xda\x35\x98\x04\x1e"
         "\x8f\xe8\x02\x8c\xe7\x4b\x27\xbf\x49\x5a\x8f\x7e\x0b\x51\xbe\x95\x3f"
         "\x24\xd8\x5d\xdc\xad\x46\xe8\x7c\x6d\x4a\x4e\x31\xab\x4b\x80\xe5\x43"
         "\xcb\xdf\x23\x2f\x87\xb7\x5c\xa5\xb0\x38\x18\x40\xa1\x9e\x87\xc3\xb5"
         "\x17\x44\xb1\xaa\xa2\x8c\xdf\xdc\x68\x66\xdf\xf4\x74\x37\x2f\xe1\x2a"
         "\x2e\xf0\xa1\x14\x4d\x49\xf7\xc4\xda\x1b\xaf\xd6\xb4\xce\x5d\x8f\xd4"
         "\x7a\x59\xea\xe9\x32\x13\x93",
         109);
  *(uint64_t*)0x200007a8 = 0x6d;
  *(uint64_t*)0x200007b0 = 0x200006c0;
  memcpy((void*)0x200006c0, "\xf5\xd2\x4d\x34\x30\x55\x21\x16\x17\xc5\xbe\x53"
                            "\x0e\x5b\x59\x0a\xe4\xfe\x44\x2e\x07\x39\xb9\xaa"
                            "\xeb\x46\x93\x46\x43\x0d\x45\x20\x60\x81\xe5\x7c"
                            "\xf6\x01\x33\x87\x39\xf3\x1e",
         43);
  *(uint64_t*)0x200007b8 = 0x2b;
  *(uint64_t*)0x20000858 = 8;
  *(uint64_t*)0x20000860 = 0x20000800;
  *(uint64_t*)0x20000800 = 0x30;
  *(uint32_t*)0x20000808 = 0xffff;
  *(uint32_t*)0x2000080c = 1;
  *(uint32_t*)0x20000810 = r[2];
  *(uint32_t*)0x20000814 = -1;
  *(uint32_t*)0x20000818 = -1;
  *(uint32_t*)0x2000081c = -1;
  *(uint32_t*)0x20000820 = -1;
  *(uint32_t*)0x20000824 = -1;
  *(uint32_t*)0x20000828 = -1;
  *(uint64_t*)0x20000868 = 0x30;
  *(uint32_t*)0x20000870 = 6;
  syscall(SYS_sendmsg, -1, 0x20000840ul, 1ul);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      do_sandbox_none();
    }
  }
  sleep(1000000);
  return 0;
}