// https://syzkaller.appspot.com/bug?id=907783116308157abad8faf223b82e2c9b593ff4
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <sys/types.h>

#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/endian.h>
#include <sys/resource.h>
#include <sys/syscall.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void sandbox_common()
{
  if (setsid() == -1)
    exit(1);
  struct rlimit rlim;
  rlim.rlim_cur = rlim.rlim_max = 128 << 20;
  setrlimit(RLIMIT_AS, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 8 << 20;
  setrlimit(RLIMIT_MEMLOCK, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 1 << 20;
  setrlimit(RLIMIT_FSIZE, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 1 << 20;
  setrlimit(RLIMIT_STACK, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 0;
  setrlimit(RLIMIT_CORE, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 256;
  setrlimit(RLIMIT_NOFILE, &rlim);
}

static void loop();

static int do_sandbox_none(void)
{
  sandbox_common();
  loop();
  return 0;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  memcpy((void*)0x20000440, "/dev/filemon\000", 13);
  syscall(SYS_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000440ul,
          /*flags=*/0ul, /*mode=*/0ul);
  res = syscall(SYS_socket, /*domain=*/0x1cul, /*type=*/5ul, /*proto=*/0x84);
  if (res != -1)
    r[0] = res;
  syscall(SYS_ktrace, /*path=*/0ul, /*ops=*/0ul, /*trpoints=*/0x400060beul,
          /*pid=*/0);
  res = syscall(SYS_socket, /*domain=*/2ul, /*type=*/1ul, /*proto=*/0);
  if (res != -1)
    r[1] = res;
  memcpy((void*)0x20000080,
         "bbr\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
         "\000\000\000\000\000\000\000\000\000\000\000\000\000",
         32);
  *(uint32_t*)0x200000a0 = 0;
  syscall(SYS_setsockopt, /*fd=*/r[1], /*level=*/6, /*optname=*/0x2000,
          /*optval=*/0x20000080ul, /*optlen=*/0x24ul);
  syscall(SYS_connect, /*fd=*/r[1], /*addr=*/0ul, /*addrlen=*/0ul);
  *(uint64_t*)0x20000100 = 0x200002c0;
  sprintf((char*)0x200002c0, "0x%016llx", (long long)-1);
  *(uint32_t*)0x20000108 = 0xa;
  *(uint64_t*)0x20000110 = 0x20000580;
  *(uint64_t*)0x20000580 = 0;
  *(uint64_t*)0x20000588 = 0;
  *(uint64_t*)0x20000118 = 1;
  *(uint64_t*)0x20000120 = 0x200005c0;
  sprintf((char*)0x200005c0, "0x%016llx", (long long)-1);
  *(uint32_t*)0x200005d2 = -1;
  sprintf((char*)0x200005d6, "%020llu", (long long)-1);
  memcpy(
      (void*)0x200005ea,
      "\xf0\x0f\x37\xf9\xa3\xae\x51\xe9\xf6\x11\x01\xc0\xad\x62\x8a\x45\xaf\xa1"
      "\x69\x91\x94\x71\x29\xd1\x4b\xda\x06\x85\x67\xc6\x6d\x43\xb5\xf2\x26\x45"
      "\x4f\x8c\x5f\x97\x11\xc2\x80\x52\xf4\xdc\x34\xd5\x32\x91\x0f\x23\xca\x2d"
      "\xcf\x0b\xba\x93\x3e\xd2\x86\x7a\x1b\x2d\x66\x7a\xc8\x68\x74\x32\xbd\xea"
      "\x62\x58\xc7\x34\x87\xb0\x77\x57\x7f\xbf\xc0\x7e\x7c\xa7\x6c\x1f\x00\x9d"
      "\x11\x37\x90\x0a\x28\xe7\x75\x54\xdf\xb3\x8e\x74\xf9\x46\x48\x6d\xcb\xa9"
      "\x59\xed\x99\x87\x77\x6b\xd1\x94\x8b\x64\x60\x79\x1a\xb7\x1a\x5c\xd2\x47"
      "\x1c\x4d\x8b\xf1\x5f\x21\x7c\xe4\x49\x98\x93\xd0\x20\x33\x1f\xc2\xd0\x50"
      "\x67\x52\x96\x6e\x6c\x23\xfd\x57\x23\x71\x6e\x23\x12\x29\x73\x5d\x0b\x20"
      "\x51\xfc\x45\x35\x9c\x24\x39\x22\x2b\xe2\x9d\xa9\xbb\xaa\xed\x72\xb9\x15"
      "\x9c\xb9\xb1\x0d\xd9\x7e\x20\x9e\x65\x2f\x2e\xa4\x18\xe1\xe9\x1e\x5e\x51"
      "\x36\x98\x7c\xbd\x7d\x31\x3f\x94\xb4\x82\xd0\xca\x20\xac\x2d\xc6\xd7\x06"
      "\x7f\x61\x35\xb7\x27\xa0\x86\x4f\x5e\xdb\x85\xde\xd1\xc0\x08\x7c\x03\xc7"
      "\xdb\x1e\x47\x7f\x43\xa0\x8a\x89\xd3\x1b\x7f\x91\x08\x94\x95\x51\x93\x8a"
      "\xcc\x24\x67\x6d\x04\x3f\xc7\xe3\x1a\x97\xdf\x38\x70\x88\xbe\x57\xee\x50"
      "\x80\x08\x74\x93\x85\xc7\x71\xb2\x1f\xf8\x1c\xa1\x0e\x34\xc8\x56\x76\xd0"
      "\xb5\xc8\xa7\xe2\x6d\xc9\xc1\xf9\x1b\x86\x3e\x9f\x57\xc8\x89\xa0\x46\x6c"
      "\xef\xf7\x5c\x44\x62\xf0\x40\xcd\x67\x89\x50\x84\xd5\x58\x03\xe6\x8d\xb6"
      "\x6f\xd6\xce\x10\x9a\x80\x22\x32\x6a\x6f\x62\x1e\x29\x33\xfa\xc1\xb2\x66"
      "\x4c\x33\x05\xd9\x98\x0a\xc1\x74\x23\x9b\xc8\x01\x1e\xf3\x1b\xd2\x25\xb9"
      "\x3f\xee\x80\x97\x34\xd1\x34\xda\x21\xb9\xc9\xf8\xf5\x37\x5f\xa6\xee\xdb"
      "\xee\x02\xf6\xc3\x86\x59\x29\xde\x97\x8e\xff\xe4\x30\xa6\xa6\x75\x8e\xf0"
      "\x5e\x52\x4c\xe9\x28\xcb\x89\x9f\xa8\x88\x75\x28\x1b\x3f\x88\xc6\xe3\xf1"
      "\x5e\xee\xbf\x93\x2a\x1d\x5f\x04\x87\xde\x7c\x19\x3e\x08\x40\x06\x7c\x0b"
      "\x18\x95\xa0\xda\x0a\x4c\x9c\xa3\x0e\x1b\x16\xd1\xf7\x62\x3e\x05\xdb\x26"
      "\xca\xbe\xc6\x35\xcc\xea\xb0\x4e\xd7\x2c\xa9\x68\xf8\x3d\x30\xc1\x5d\x55"
      "\xa1\x70\xbc\xa7\x1f\x28\xfd\xa1\x9a\x48\xcc\x89\xf7\x28\xd7\x66\x96\x71"
      "\xd5",
      487);
  *(uint16_t*)0x200007d1 = -1;
  *(uint32_t*)0x200007d3 = -1;
  *(uint32_t*)0x200007d7 = r[1];
  sprintf((char*)0x200007db, "%020llu", (long long)-1);
  *(uint64_t*)0x20000128 = 0xe8;
  *(uint32_t*)0x20000130 = 0;
  syscall(SYS_sendmsg, /*fd=*/-1, /*msg=*/0x20000100ul, /*f=*/0ul);
  memcpy((void*)0x20000240, "./file0\000", 8);
  syscall(SYS_open, /*file=*/0x20000240ul, /*flags=*/0x40000400000002c2ul,
          /*mode=*/0ul);
  syscall(SYS_freebsd11_fstat, /*fd=*/r[0], /*statbuf=*/0x20000080ul);
  syscall(SYS_open, /*file=*/0ul, /*flags=*/0x200ul, /*mode=*/0ul);
  memcpy((void*)0x20000100, "./file1\000", 8);
  syscall(SYS_openat, /*fd=*/0xffffff9c, /*file=*/0x20000100ul,
          /*flags=*/0x80000ul, /*mode=*/0x142ul);
  res = syscall(SYS_socket, /*domain=*/2ul, /*type=*/2ul, /*proto=*/0);
  if (res != -1)
    r[2] = res;
  *(uint8_t*)0x20000140 = 0x10;
  *(uint8_t*)0x20000141 = 2;
  *(uint16_t*)0x20000142 = htobe16(0x4e21 + procid * 4);
  *(uint32_t*)0x20000144 = htobe32(0);
  memset((void*)0x20000148, 0, 8);
  syscall(SYS_bind, /*fd=*/r[2], /*addr=*/0x20000140ul, /*addrlen=*/0x10ul);
  syscall(SYS_procctl, /*idtype=*/2ul, /*id=*/-1, /*cmd=*/4ul,
          /*data=*/0x20000080ul);
  memcpy((void*)0x20000000, "\x0a\x01\x2e\x2f\x66\x29\x68\x65\x30\x25", 10);
  syscall(SYS_bind, /*fd=*/-1, /*addr=*/0x20000000ul, /*addrlen=*/0xaul);
  syscall(SYS_procctl, /*idtype=*/2ul, /*id=*/-1, /*cmd=*/4ul,
          /*data=*/0x20000080ul);
  memcpy((void*)0x20000440, "/dev/filemon\000", 13);
  syscall(SYS_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000440ul,
          /*flags=*/0ul, /*mode=*/0ul);
  syscall(SYS_pipe2, /*pipefd=*/0x20000000ul, /*flags=*/0ul);
  *(uint32_t*)0x20001140 = 0;
  syscall(SYS_ioctl, /*fd=*/-1, /*cmd=*/0xc0045302ul, /*arg=*/0x20001140ul);
  syscall(SYS_ioctl, /*fd=*/-1, /*cmd=*/0xc0045302ul, /*arg=*/0ul);
  syscall(SYS_fork);
  syscall(SYS_getpid);
  syscall(SYS_ioctl, /*fd=*/-1, /*cmd=*/0xc0045302ul, /*arg=*/0ul);
  syscall(SYS_bind, /*fd=*/-1, /*addr=*/0ul, /*addrlen=*/0ul);
  syscall(SYS_open, /*file=*/0ul, /*flags=*/0x40000400000002c2ul, /*mode=*/0ul);
}
int main(void)
{
  syscall(SYS_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul,
          /*flags=*/0x1012ul, /*fd=*/-1, /*offset=*/0ul);
  for (procid = 0; procid < 4; procid++) {
    if (fork() == 0) {
      do_sandbox_none();
    }
  }
  sleep(1000000);
  return 0;
}