// https://syzkaller.appspot.com/bug?id=e2dc9aea0465d1eea101bb24cb463e2a7efe7d17
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <errno.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <sys/prctl.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

__attribute__((noreturn)) static void doexit(int status)
{
  volatile unsigned i;
  syscall(__NR_exit_group, status);
  for (i = 0;; i++) {
  }
}
#include <stdint.h>
#include <string.h>

const int kFailStatus = 67;
const int kRetryStatus = 69;

static void fail(const char* msg, ...)
{
  int e = errno;
  va_list args;
  va_start(args, msg);
  vfprintf(stderr, msg, args);
  va_end(args);
  fprintf(stderr, " (errno %d)\n", e);
  doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus);
}

static uint64_t current_time_ms()
{
  struct timespec ts;

  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    fail("clock_gettime failed");
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void test();

void loop()
{
  int iter;
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      fail("loop fork failed");
    if (pid == 0) {
      prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
      setpgrp();
      test();
      doexit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      int res = waitpid(-1, &status, __WALL | WNOHANG);
      if (res == pid)
        break;
      usleep(1000);
      if (current_time_ms() - start > 5 * 1000) {
        kill(-pid, SIGKILL);
        kill(pid, SIGKILL);
        while (waitpid(-1, &status, __WALL) != pid) {
        }
        break;
      }
    }
  }
}

long r[2];
void test()
{
  memset(r, -1, sizeof(r));
  syscall(__NR_mmap, 0x20000000, 0x5b8000, 3, 0x32, -1, 0);
  r[0] = syscall(__NR_socket, 0x26, 5, 0);
  *(uint16_t*)0x2059b000 = 0x26;
  memcpy((void*)0x2059b002,
         "\x73\x6b\x63\x69\x70\x68\x65\x72\x00\x00\x00\x00\x00\x00", 14);
  *(uint32_t*)0x2059b010 = 0;
  *(uint32_t*)0x2059b014 = 0;
  memcpy((void*)0x2059b018,
         "\x6c\x72\x77\x2d\x74\x77\x6f\x66\x69\x73\x68\x2d\x61\x76\x78\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
         64);
  syscall(__NR_bind, r[0], 0x2059b000, 0x58);
  r[1] = syscall(__NR_accept, r[0], 0, 0);
  memcpy((void*)0x203e0000, "\xd3\xab\x27\x19\x1a\x01\x00\x23\x5f\xba\x60\x2d"
                            "\xff\x05\x00\x0b\xfe\xf9\xf3\xd2\xa4\xb2\x00\xff"
                            "\xff\xff\xff\xff\xff\xff\xfe\x00\x02\x25\x07\x00"
                            "\x97\xc1\x1e\xd4\xc2\xc4\xdc\x42\xff\xa8\x6e\xb9",
         48);
  syscall(__NR_setsockopt, r[0], 0x117, 1, 0x203e0000, 0x30);
  *(uint64_t*)0x205af000 = 0;
  *(uint32_t*)0x205af008 = 0;
  *(uint64_t*)0x205af010 = 0x2008ff80;
  *(uint64_t*)0x205af018 = 1;
  *(uint64_t*)0x205af020 = 0x2031bfd0;
  *(uint64_t*)0x205af028 = 0;
  *(uint32_t*)0x205af030 = 0;
  *(uint64_t*)0x2008ff80 = 0x205b5000;
  *(uint64_t*)0x2008ff88 = 0xe0;
  memcpy((void*)0x205b5000,
         "\x28\x2d\xe8\xb4\x67\xe5\x1d\xfc\x9f\xb5\xef\x4a\x69\xef\x24\x10\x61"
         "\xca\x21\x6a\x10\x14\x7a\x92\x9e\x1c\x28\x37\xd4\xfb\x73\xad\x55\xa7"
         "\x4a\x5f\x21\xf9\xdc\xef\x2d\x36\x3b\x9a\xa3\x68\x05\xd8\xce\xe6\x19"
         "\x58\xed\xb9\xc3\x40\xf0\x57\x28\x19\xda\x98\xed\x45\xd2\x9e\x4e\x29"
         "\xd2\xb2\x26\xee\xf7\x1c\xbc\x04\xf8\x2f\x4d\x35\x4e\x5f\x09\x6f\x37"
         "\xfc\xc1\xf9\xc5\xc6\xd9\x03\x81\xf9\x83\x17\xef\xfd\xf7\x6b\x74\xc9"
         "\x3d\x12\xd1\x66\x9e\x2e\x08\x32\xf8\x99\xa3\x82\x73\x64\xef\x13\xba"
         "\xcf\x78\x20\x6a\xdb\xc4\x99\x98\x34\xfb\xa1\x37\xd7\x8b\x93\xa0\x75"
         "\xd6\x25\x20\x88\x04\x63\x61\xa9\x45\xd5\xf8\x36\xfb\xde\xca\x51\x8a"
         "\x7e\x78\x50\x07\xbd\xed\x4b\xa8\xb0\x9e\xd4\xc0\xe6\x22\x8a\x95\x23"
         "\xd5\x53\x2a\x20\xec\xb0\x82\x74\xf2\x73\xf5\x51\x37\xf2\xca\xa4\xa1"
         "\x56\x6f\x2c\x27\xf3\xc7\xd8\xd5\x87\xda\xd4\x52\xf5\xa5\xb3\x69\x06"
         "\xd9\x86\xc7\x14\x0c\x46\x6f\x66\x11\xe8\x4c\x71\x94\x8e\x00\x84\x6a"
         "\x28\xaf\x02",
         224);
  syscall(__NR_sendmsg, r[1], 0x205af000, 0);
  *(uint64_t*)0x204d6fc8 = 0x205b2fa0;
  *(uint32_t*)0x204d6fd0 = 0x60;
  *(uint64_t*)0x204d6fd8 = 0x20099000;
  *(uint64_t*)0x204d6fe0 = 7;
  *(uint64_t*)0x204d6fe8 = 0x203f6f43;
  *(uint64_t*)0x204d6ff0 = 0;
  *(uint32_t*)0x204d6ff8 = 0;
  *(uint64_t*)0x20099000 = 0x202d7f80;
  *(uint64_t*)0x20099008 = 0x80;
  *(uint64_t*)0x20099010 = 0x205b2000;
  *(uint64_t*)0x20099018 = 0x63;
  *(uint64_t*)0x20099020 = 0x205b3fbd;
  *(uint64_t*)0x20099028 = 0x43;
  *(uint64_t*)0x20099030 = 0x205b4f06;
  *(uint64_t*)0x20099038 = 0xfa;
  *(uint64_t*)0x20099040 = 0x205b5000;
  *(uint64_t*)0x20099048 = 0xc2;
  *(uint64_t*)0x20099050 = 0x2012a000;
  *(uint64_t*)0x20099058 = 0xda;
  *(uint64_t*)0x20099060 = 0x205b6000;
  *(uint64_t*)0x20099068 = 0x60;
  syscall(__NR_recvmsg, r[1], 0x204d6fc8, 0);
}

int main()
{
  for (;;) {
    loop();
  }
}