// https://syzkaller.appspot.com/bug?id=d97ff96e5a38f12752dd53d7a83bfcbdea3fee1b
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <errno.h>
#include <signal.h>
#include <stdarg.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <sys/prctl.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

const int kFailStatus = 67;
const int kRetryStatus = 69;

__attribute__((noreturn)) static void doexit(int status)
{
  volatile unsigned i;
  syscall(__NR_exit_group, status);
  for (i = 0;; i++) {
  }
}

__attribute__((noreturn)) static void fail(const char* msg, ...)
{
  int e = errno;
  fflush(stdout);
  va_list args;
  va_start(args, msg);
  vfprintf(stderr, msg, args);
  va_end(args);
  fprintf(stderr, " (errno %d)\n", e);
  doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus);
}

__attribute__((noreturn)) static void exitf(const char* msg, ...)
{
  int e = errno;
  fflush(stdout);
  va_list args;
  va_start(args, msg);
  vfprintf(stderr, msg, args);
  va_end(args);
  fprintf(stderr, " (errno %d)\n", e);
  doexit(kRetryStatus);
}

static uint64_t current_time_ms()
{
  struct timespec ts;

  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    fail("clock_gettime failed");
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void test();

void loop()
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      fail("clone failed");
    if (pid == 0) {
      prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
      setpgrp();
      test();
      doexit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      int res = waitpid(-1, &status, __WALL | WNOHANG);
      if (res == pid)
        break;
      usleep(1000);
      if (current_time_ms() - start > 5 * 1000) {
        kill(-pid, SIGKILL);
        kill(pid, SIGKILL);
        while (waitpid(-1, &status, __WALL) != pid) {
        }
        break;
      }
    }
  }
}

long r[171];
void test()
{
  memset(r, -1, sizeof(r));
  r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
                 0xfffffffffffffffful, 0x0ul);
  r[1] = syscall(__NR_socket, 0x10ul, 0x3ul, 0x6ul);
  *(uint32_t*)0x20d5bffc = (uint32_t)0x0;
  r[3] =
      syscall(__NR_setsockopt, r[1], 0x1ul, 0x8ul, 0x20d5bffcul, 0x4ul);
  *(uint64_t*)0x20f42000 = (uint64_t)0x20b53b98;
  *(uint32_t*)0x20f42008 = (uint32_t)0xc;
  *(uint64_t*)0x20f42010 = (uint64_t)0x20ced000;
  *(uint64_t*)0x20f42018 = (uint64_t)0x7;
  *(uint64_t*)0x20f42020 = (uint64_t)0x20000000;
  *(uint64_t*)0x20f42028 = (uint64_t)0x0;
  *(uint32_t*)0x20f42030 = (uint32_t)0x51;
  *(uint16_t*)0x20b53b98 = (uint16_t)0x10;
  *(uint16_t*)0x20b53b9a = (uint16_t)0x0;
  *(uint32_t*)0x20b53b9c = (uint32_t)0x0;
  *(uint32_t*)0x20b53ba0 = (uint32_t)0x0;
  *(uint64_t*)0x20ced000 = (uint64_t)0x20fa8000;
  *(uint64_t*)0x20ced008 = (uint64_t)0x10;
  *(uint64_t*)0x20ced010 = (uint64_t)0x20ba2ce4;
  *(uint64_t*)0x20ced018 = (uint64_t)0x30;
  *(uint64_t*)0x20ced020 = (uint64_t)0x2020ce04;
  *(uint64_t*)0x20ced028 = (uint64_t)0x50;
  *(uint64_t*)0x20ced030 = (uint64_t)0x20d19000;
  *(uint64_t*)0x20ced038 = (uint64_t)0xb8;
  *(uint64_t*)0x20ced040 = (uint64_t)0x206bc000;
  *(uint64_t*)0x20ced048 = (uint64_t)0x20;
  *(uint64_t*)0x20ced050 = (uint64_t)0x20b64f50;
  *(uint64_t*)0x20ced058 = (uint64_t)0x30;
  *(uint64_t*)0x20ced060 = (uint64_t)0x20608000;
  *(uint64_t*)0x20ced068 = (uint64_t)0x80;
  *(uint32_t*)0x20fa8000 = (uint32_t)0x10;
  *(uint16_t*)0x20fa8004 = (uint16_t)0xffff;
  *(uint16_t*)0x20fa8006 = (uint16_t)0x4;
  *(uint32_t*)0x20fa8008 = (uint32_t)0x0;
  *(uint32_t*)0x20fa800c = (uint32_t)0x0;
  *(uint32_t*)0x20ba2ce4 = (uint32_t)0x10;
  *(uint16_t*)0x20ba2ce8 = (uint16_t)0x0;
  *(uint16_t*)0x20ba2cea = (uint16_t)0x726;
  *(uint32_t*)0x20ba2cec = (uint32_t)0x0;
  *(uint32_t*)0x20ba2cf0 = (uint32_t)0x0;
  *(uint32_t*)0x20ba2cf4 = (uint32_t)0x10;
  *(uint16_t*)0x20ba2cf8 = (uint16_t)0x0;
  *(uint16_t*)0x20ba2cfa = (uint16_t)0x132;
  *(uint32_t*)0x20ba2cfc = (uint32_t)0xfffffffffffffffc;
  *(uint32_t*)0x20ba2d00 = (uint32_t)0x817;
  *(uint32_t*)0x20ba2d04 = (uint32_t)0x10;
  *(uint16_t*)0x20ba2d08 = (uint16_t)0x4;
  *(uint16_t*)0x20ba2d0a = (uint16_t)0x0;
  *(uint32_t*)0x20ba2d0c = (uint32_t)0x1;
  *(uint32_t*)0x20ba2d10 = (uint32_t)0x1f;
  *(uint32_t*)0x2020ce04 = (uint32_t)0x10;
  *(uint16_t*)0x2020ce08 = (uint16_t)0x7f;
  *(uint16_t*)0x2020ce0a = (uint16_t)0x100;
  *(uint32_t*)0x2020ce0c = (uint32_t)0x1000;
  *(uint32_t*)0x2020ce10 = (uint32_t)0x9;
  *(uint32_t*)0x2020ce14 = (uint32_t)0x10;
  *(uint16_t*)0x2020ce18 = (uint16_t)0xffffffff;
  *(uint16_t*)0x2020ce1a = (uint16_t)0x1;
  *(uint32_t*)0x2020ce1c = (uint32_t)0x1f;
  *(uint32_t*)0x2020ce20 = (uint32_t)0x400;
  *(uint32_t*)0x2020ce24 = (uint32_t)0x10;
  *(uint16_t*)0x2020ce28 = (uint16_t)0x7;
  *(uint16_t*)0x2020ce2a = (uint16_t)0x308;
  *(uint32_t*)0x2020ce2c = (uint32_t)0x2;
  *(uint32_t*)0x2020ce30 = (uint32_t)0x4;
  *(uint32_t*)0x2020ce34 = (uint32_t)0x10;
  *(uint16_t*)0x2020ce38 = (uint16_t)0x15;
  *(uint16_t*)0x2020ce3a = (uint16_t)0x525;
  *(uint32_t*)0x2020ce3c = (uint32_t)0x3;
  *(uint32_t*)0x2020ce40 = (uint32_t)0x1;
  *(uint32_t*)0x2020ce44 = (uint32_t)0x10;
  *(uint16_t*)0x2020ce48 = (uint16_t)0xecb;
  *(uint16_t*)0x2020ce4a = (uint16_t)0x100;
  *(uint32_t*)0x2020ce4c = (uint32_t)0x6;
  *(uint32_t*)0x2020ce50 = (uint32_t)0x6;
  *(uint32_t*)0x20d19000 = (uint32_t)0x68;
  *(uint16_t*)0x20d19004 = (uint16_t)0x2;
  *(uint16_t*)0x20d19006 = (uint16_t)0x8;
  *(uint32_t*)0x20d19008 = (uint32_t)0x1fc0000000000000;
  *(uint32_t*)0x20d1900c = (uint32_t)0x1;
  memcpy((void*)0x20d19010,
         "\x6b\xf8\xdc\x20\x2c\x4c\x8b\x5d\xf3\x3a\x33\x38\x41\xf1\x30"
         "\x82\x84\x77\xd2\xff\x86\x2e\xcc\xad\xe1\x32\xd6\xf4\xa6\x7b"
         "\xd9\xde\x17\xf8\xda\x4b\x2c\x6b\x70\x2f\x6b\xbe\xc1\xda\xf6"
         "\xc6\x66\xcd\x93\x43\x80\x75\x60\x99\xf5\x9f\x2e\x03\xed\xd8"
         "\x54\xc8\xbc\x9c\x52\xe0\x94\xd9\x4b\xdc\x01\x50\x7e\x16\xa8"
         "\xc9\x6d\x01\x48\x27\xff\x74\x55\x05\x6b\xdc",
         86);
  *(uint32_t*)0x20d19068 = (uint32_t)0x10;
  *(uint16_t*)0x20d1906c = (uint16_t)0x6;
  *(uint16_t*)0x20d1906e = (uint16_t)0x600;
  *(uint32_t*)0x20d19070 = (uint32_t)0x10000;
  *(uint32_t*)0x20d19074 = (uint32_t)0x5;
  *(uint32_t*)0x20d19078 = (uint32_t)0x10;
  *(uint16_t*)0x20d1907c = (uint16_t)0xff;
  *(uint16_t*)0x20d1907e = (uint16_t)0x408;
  *(uint32_t*)0x20d19080 = (uint32_t)0x10000;
  *(uint32_t*)0x20d19084 = (uint32_t)0x5;
  *(uint32_t*)0x20d19088 = (uint32_t)0x10;
  *(uint16_t*)0x20d1908c = (uint16_t)0x100;
  *(uint16_t*)0x20d1908e = (uint16_t)0x400;
  *(uint32_t*)0x20d19090 = (uint32_t)0x7;
  *(uint32_t*)0x20d19094 = (uint32_t)0x42852611;
  *(uint32_t*)0x20d19098 = (uint32_t)0x10;
  *(uint16_t*)0x20d1909c = (uint16_t)0x1;
  *(uint16_t*)0x20d1909e = (uint16_t)0x10;
  *(uint32_t*)0x20d190a0 = (uint32_t)0x4fe;
  *(uint32_t*)0x20d190a4 = (uint32_t)0x6;
  *(uint32_t*)0x20d190a8 = (uint32_t)0x10;
  *(uint16_t*)0x20d190ac = (uint16_t)0x2;
  *(uint16_t*)0x20d190ae = (uint16_t)0xc;
  *(uint32_t*)0x20d190b0 = (uint32_t)0x3;
  *(uint32_t*)0x20d190b4 = (uint32_t)0x200;
  *(uint32_t*)0x206bc000 = (uint32_t)0x10;
  *(uint16_t*)0x206bc004 = (uint16_t)0x0;
  *(uint16_t*)0x206bc006 = (uint16_t)0x2;
  *(uint32_t*)0x206bc008 = (uint32_t)0x4;
  *(uint32_t*)0x206bc00c = (uint32_t)0x3f;
  *(uint32_t*)0x206bc010 = (uint32_t)0x10;
  *(uint16_t*)0x206bc014 = (uint16_t)0x1;
  *(uint16_t*)0x206bc016 = (uint16_t)0x6;
  *(uint32_t*)0x206bc018 = (uint32_t)0x713;
  *(uint32_t*)0x206bc01c = (uint32_t)0xfffffffffffffffc;
  *(uint32_t*)0x20b64f50 = (uint32_t)0x10;
  *(uint16_t*)0x20b64f54 = (uint16_t)0x3ff;
  *(uint16_t*)0x20b64f56 = (uint16_t)0x0;
  *(uint32_t*)0x20b64f58 = (uint32_t)0x1f;
  *(uint32_t*)0x20b64f5c = (uint32_t)0xf78;
  *(uint32_t*)0x20b64f60 = (uint32_t)0x10;
  *(uint16_t*)0x20b64f64 = (uint16_t)0xffffffffffff7fff;
  *(uint16_t*)0x20b64f66 = (uint16_t)0x201;
  *(uint32_t*)0x20b64f68 = (uint32_t)0x1;
  *(uint32_t*)0x20b64f6c = (uint32_t)0x0;
  *(uint32_t*)0x20b64f70 = (uint32_t)0x10;
  *(uint16_t*)0x20b64f74 = (uint16_t)0x100000001;
  *(uint16_t*)0x20b64f76 = (uint16_t)0x800;
  *(uint32_t*)0x20b64f78 = (uint32_t)0x4;
  *(uint32_t*)0x20b64f7c = (uint32_t)0x7;
  *(uint32_t*)0x20608000 = (uint32_t)0x10;
  *(uint16_t*)0x20608004 = (uint16_t)0x80000000;
  *(uint16_t*)0x20608006 = (uint16_t)0x120;
  *(uint32_t*)0x20608008 = (uint32_t)0x2;
  *(uint32_t*)0x2060800c = (uint32_t)0xfff;
  *(uint32_t*)0x20608010 = (uint32_t)0x10;
  *(uint16_t*)0x20608014 = (uint16_t)0xff;
  *(uint16_t*)0x20608016 = (uint16_t)0x0;
  *(uint32_t*)0x20608018 = (uint32_t)0x0;
  *(uint32_t*)0x2060801c = (uint32_t)0x100000000;
  *(uint32_t*)0x20608020 = (uint32_t)0x10;
  *(uint16_t*)0x20608024 = (uint16_t)0xffffffffffff8001;
  *(uint16_t*)0x20608026 = (uint16_t)0x4fd;
  *(uint32_t*)0x20608028 = (uint32_t)0x1f;
  *(uint32_t*)0x2060802c = (uint32_t)0x6;
  *(uint32_t*)0x20608030 = (uint32_t)0x10;
  *(uint16_t*)0x20608034 = (uint16_t)0x100;
  *(uint16_t*)0x20608036 = (uint16_t)0x310;
  *(uint32_t*)0x20608038 = (uint32_t)0x9;
  *(uint32_t*)0x2060803c = (uint32_t)0x80000001;
  *(uint32_t*)0x20608040 = (uint32_t)0x10;
  *(uint16_t*)0x20608044 = (uint16_t)0x6;
  *(uint16_t*)0x20608046 = (uint16_t)0x301;
  *(uint32_t*)0x20608048 = (uint32_t)0x4;
  *(uint32_t*)0x2060804c = (uint32_t)0x5;
  *(uint32_t*)0x20608050 = (uint32_t)0x10;
  *(uint16_t*)0x20608054 = (uint16_t)0x4;
  *(uint16_t*)0x20608056 = (uint16_t)0x200;
  *(uint32_t*)0x20608058 = (uint32_t)0x3;
  *(uint32_t*)0x2060805c = (uint32_t)0x1;
  *(uint32_t*)0x20608060 = (uint32_t)0x10;
  *(uint16_t*)0x20608064 = (uint16_t)0x9;
  *(uint16_t*)0x20608066 = (uint16_t)0x400;
  *(uint32_t*)0x20608068 = (uint32_t)0x0;
  *(uint32_t*)0x2060806c = (uint32_t)0x828;
  *(uint32_t*)0x20608070 = (uint32_t)0x10;
  *(uint16_t*)0x20608074 = (uint16_t)0x2;
  *(uint16_t*)0x20608076 = (uint16_t)0x602;
  *(uint32_t*)0x20608078 = (uint32_t)0x4;
  *(uint32_t*)0x2060807c = (uint32_t)0x9;
  r[170] = syscall(__NR_sendmsg, r[1], 0x20f42000ul, 0x800ul);
}

int main()
{
  loop();
  return 0;
}