// https://syzkaller.appspot.com/bug?id=edc4bdcf9437492a8287e70f7c3c4231511fe690
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

#ifndef SYS_compat_50_mknod
#define SYS_compat_50_mknod 14
#endif
#ifndef SYS_mmap
#define SYS_mmap 197
#endif
#ifndef SYS_open
#define SYS_open 5
#endif
#ifndef SYS_pwritev
#define SYS_pwritev 290
#endif

static unsigned long long procid;

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[1] = {0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  memcpy((void*)0x20000000, "./file0\000", 8);
  syscall(SYS_compat_50_mknod, 0x20000000ul, 0x2001ul, 0x400);
  memcpy((void*)0x20000000, "./file0\000", 8);
  res = syscall(SYS_open, 0x20000000ul, 2ul, 0ul);
  if (res != -1)
    r[0] = res;
  *(uint64_t*)0x200014c0 = 0x20000040;
  memcpy((void*)0x20000040,
         "\xc1\xfc\x6e\x28\x54\x2b\xe3\xc4\x2e\x46\x4d\x39\xf7\xa5\x26\xcd\x06"
         "\x32\x3e\x56\x9b\x89\x90\x38\xa6\x22\xba\x97\x45\xc0\x6e\x08\xfe\x67"
         "\x9f\x0f\x64\x16\xb5\x0a\xb6\xd4\x40\x6b\x3d\xd7\x06\xeb\xf4\xdd\x45"
         "\xa1\x66\xdc\x7c\x98\xd7\x02\xb3\x5b\xd1\x9e\xdb\x92\xcb\xfd\x90\x2c"
         "\x00\xce\x3a\xa5\x45\x52\xa2\xf9\xa0\xfb\x2c\x60\x5d\xc7\xa7\x81\xe3"
         "\x11\x60\x07\xfb\x7b\xc8\xa5\x06\x3f\x3b\xb2\x08\x00\xb7\x6b\xac\xa4"
         "\x59\x58\xa9\x7d\x1e\xb2\x37\xf6\xba\x55\x0f\x4b\xa5\xe1\x68\x5d\xf1"
         "\x19\x88\x74\x31\x8d\x22\xbd\x91\xfb\x08\xd7\xae\xbb\x72\x27\x4e\x04"
         "\xe8\x44\xac\x90\x10\x89\xb9\x92\xa3\x2a\x20\x45\xbd\x71\x0b\x38\xf3"
         "\x5a\x42\xc9\xb1\x11\x77\xe8\xea\x7a\xad\xc5\x90\xa3\xaf\xfc\xf9\x52"
         "\xa2\x86\x2a\x4c\x33\x2d\xeb\x6d\x12\x9f\x2e\xf0\x36\xd2\x2d\xdf\x06"
         "\xe7\x1d\x40\x91\x60\x7c\xaf\xc6\x89\xfc\x26",
         198);
  *(uint64_t*)0x200014c8 = 0xc6;
  *(uint64_t*)0x200014d0 = 0x20000180;
  memcpy((void*)0x20000180,
         "\xf6\xc5\x2d\x5d\xcd\x7e\x43\x83\x33\xc2\x38\xe3\x45\xb1\xc7\x60\xd8"
         "\x0a\x8a\x9f\x0c\x6c\x8c\xc9\xad\x3d\xaf\xb7\xdc\x20\x7d\xdf\x22\xa3"
         "\xf3\xba\x8a\x93\xec\xc9\x75\x00\x49\x36\xc7\x42\xcd\xc1\x77\x1a\x26"
         "\x2f\xc0\xd2\x13\x41\x95\x44\x6e\x7a\xff\x55\xe4\xcf\x2d\x8c\xbe\x65"
         "\xba\x65\xf3\xc6\xb4\xa8\xa8\x94\x83\xfd\x4d\xf3\x8d\x0a\x24\x73\xd6"
         "\x88\xc6\x5e\x82\xd2\x44\x50\x5a\x63\x02\x2e\x5c\x1d\x87\x90\xa6\x5e"
         "\x42\xa5\x5f\x81\xa0\x57\x00\x60\xb8\x43\x5e\xe4\xfd\xad\x18\xf3\x22"
         "\x20\x1e\xb6\x0b\x81\x28\x8a\x52\x91\x61\xe2\x3e\x8e\xd2\xcf\x31\x11"
         "\xb7\x33\x70\x00\xfc\xf7\xf3\xea\x78\xfd\x0a\x07\x94\xe4\x64\x2e\x3c"
         "\x8f\x01\x79\xb6\xc1\x78\x02\xa4\xfe\xc0\xdd\xf3\x45\xb0\xae\x8d\x9b"
         "\x75\x65\x24\xac\x7f\xf9\xd2\xa9\xac\x2c\x94\x09\xf1\x5d\x9b\x80\xe8"
         "\x0b\xc9\x92\x32\x97\x60\x92\x76\x19\x69\x17\x19\xa8\x0f\x65\xae\x70"
         "\xef\xd0\x1b\x46\x38\x9c\x54\x56\xbe\x44\x93\x30\xd6\x85\x47\x9d\xd9"
         "\x33\x8c\x3a\xf2\xce\x8f\x1b\x64\x1a\xca\x7b\x31\xef\x4d\x95\xbe\xa1"
         "\xae\xaa\x1f\xcb\xce\x74\x66\x6a\xcf\x6f\x15\xfa\x16\xd5\xf5\xa3\x4c",
         255);
  *(uint64_t*)0x200014d8 = 0xff;
  *(uint64_t*)0x200014e0 = 0;
  *(uint64_t*)0x200014e8 = 0;
  *(uint64_t*)0x200014f0 = 0;
  *(uint64_t*)0x200014f8 = 0;
  *(uint64_t*)0x20001500 = 0;
  *(uint64_t*)0x20001508 = 0;
  *(uint64_t*)0x20001510 = 0;
  *(uint64_t*)0x20001518 = 0;
  syscall(SYS_pwritev, r[0], 0x200014c0ul, 6ul, 0ul);
}
int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  for (procid = 0; procid < 6; procid++) {
    if (fork() == 0) {
      loop();
    }
  }
  sleep(1000000);
  return 0;
}