// https://syzkaller.appspot.com/bug?id=90a60ac9052c9528d51de6882cfb71ce76234884
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <errno.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#include <linux/genetlink.h>
#include <linux/netlink.h>

static long syz_genetlink_get_family_id(volatile long name)
{
  char buf[512] = {0};
  struct nlmsghdr* hdr = (struct nlmsghdr*)buf;
  struct genlmsghdr* genlhdr = (struct genlmsghdr*)NLMSG_DATA(hdr);
  struct nlattr* attr = (struct nlattr*)(genlhdr + 1);
  hdr->nlmsg_len =
      sizeof(*hdr) + sizeof(*genlhdr) + sizeof(*attr) + GENL_NAMSIZ;
  hdr->nlmsg_type = GENL_ID_CTRL;
  hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
  genlhdr->cmd = CTRL_CMD_GETFAMILY;
  attr->nla_type = CTRL_ATTR_FAMILY_NAME;
  attr->nla_len = sizeof(*attr) + GENL_NAMSIZ;
  strncpy((char*)(attr + 1), (char*)name, GENL_NAMSIZ);
  struct iovec iov = {hdr, hdr->nlmsg_len};
  struct sockaddr_nl addr = {0};
  addr.nl_family = AF_NETLINK;
  int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC);
  if (fd == -1) {
    return -1;
  }
  struct msghdr msg = {&addr, sizeof(addr), &iov, 1, NULL, 0, 0};
  if (sendmsg(fd, &msg, 0) == -1) {
    close(fd);
    return -1;
  }
  ssize_t n = recv(fd, buf, sizeof(buf), 0);
  close(fd);
  if (n <= 0) {
    return -1;
  }
  if (hdr->nlmsg_type != GENL_ID_CTRL) {
    return -1;
  }
  for (; (char*)attr < buf + n;
       attr = (struct nlattr*)((char*)attr + NLMSG_ALIGN(attr->nla_len))) {
    if (attr->nla_type == CTRL_ATTR_FAMILY_ID)
      return *(uint16_t*)(attr + 1);
  }
  return -1;
}

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x32ul, -1, 0ul);
  intptr_t res = 0;
  res = syscall(__NR_socket, 0x10ul, 2ul, 0x10);
  if (res != -1)
    r[0] = res;
  memcpy((void*)0x200000c0, "TIPC\000", 5);
  res = syz_genetlink_get_family_id(0x200000c0);
  if (res != -1)
    r[1] = res;
  *(uint64_t*)0x20000200 = 0;
  *(uint32_t*)0x20000208 = 0;
  *(uint64_t*)0x20000210 = 0x20000100;
  *(uint64_t*)0x20000100 = 0x20001480;
  memcpy((void*)0x20001480, "h\000\000\000", 4);
  *(uint16_t*)0x20001484 = r[1];
  memcpy((void*)0x20001486,
         "\x95\xc4\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x26\x0e\x00\x00\x00"
         "\x00\x09\x41\x00\x00\x00\x4c\x00\x18\x00\x00\x01\x14\x62\x72\x6f\x61"
         "\x64\x63\x61\x73\x74\x2d\x6c\x69\x6e\x6b\x00\x00\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc"
         "\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6f\x0d\xa2\x2f"
         "\x6e\x08\x01\xb6\xcb\x86\x12\xe3\x61\xec\x79\x10\x84\x64\xcf\x82\xc4"
         "\x3e\xd1\x0d\x79\x0a\x3e\x9a\x56\x02\x65\xbf\xa8\x81\xbb\x9a\xe3\x91"
         "\x4f\x9e\x22\x0b\x3c\xdc\x92\x81\xef\x2a\x6b\xef\x33\x92\x4f\x6c\x49"
         "\xa6\x2c\x93\xc8\x85\xe1\xad\xab\xa4\x03\xd6\xee\x9b\x09\x61\xe8\x00"
         "\x00\x00",
         172);
  *(uint64_t*)0x20000108 = 0x68;
  *(uint64_t*)0x20000218 = 1;
  *(uint64_t*)0x20000220 = 0;
  *(uint64_t*)0x20000228 = 0;
  *(uint32_t*)0x20000230 = 0;
  syscall(__NR_sendmsg, r[0], 0x20000200ul, 0ul);
  return 0;
}