// https://syzkaller.appspot.com/bug?id=1ab305cca8d64e81becc4d53b88ae15c2c7bf49a
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <pthread.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

static void test();

void loop()
{
  while (1) {
    test();
  }
}

long r[140];
void* thr(void* arg)
{
  switch ((long)arg) {
  case 0:
    r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
                   r[0], 0x0ul);
    break;
  case 1:
    r[1] = syscall(__NR_socket, 0xaul, 0x2ul, 0x0ul);
    break;
  case 2:
    *(uint8_t*)0x20000f18 = (uint8_t)0x0;
    *(uint8_t*)0x20000f19 = (uint8_t)0x0;
    *(uint8_t*)0x20000f1a = (uint8_t)0x0;
    *(uint8_t*)0x20000f1b = (uint8_t)0x0;
    *(uint8_t*)0x20000f1c = (uint8_t)0x0;
    *(uint8_t*)0x20000f1d = (uint8_t)0x0;
    *(uint8_t*)0x20000f1e = (uint8_t)0x0;
    *(uint8_t*)0x20000f1f = (uint8_t)0x0;
    *(uint8_t*)0x20000f20 = (uint8_t)0x0;
    *(uint8_t*)0x20000f21 = (uint8_t)0x0;
    *(uint8_t*)0x20000f22 = (uint8_t)0x0;
    *(uint8_t*)0x20000f23 = (uint8_t)0x0;
    *(uint8_t*)0x20000f24 = (uint8_t)0x0;
    *(uint8_t*)0x20000f25 = (uint8_t)0x0;
    *(uint8_t*)0x20000f26 = (uint8_t)0x0;
    *(uint8_t*)0x20000f27 = (uint8_t)0x0;
    *(uint64_t*)0x20000f28 = (uint64_t)0x0;
    *(uint64_t*)0x20000f30 = (uint64_t)0x100000000000000;
    *(uint16_t*)0x20000f38 = (uint16_t)0x204e;
    *(uint16_t*)0x20000f3a = (uint16_t)0xfffffffffffffffe;
    *(uint16_t*)0x20000f3c = (uint16_t)0x204e;
    *(uint16_t*)0x20000f3e = (uint16_t)0x0;
    *(uint16_t*)0x20000f40 = (uint16_t)0xa;
    *(uint8_t*)0x20000f42 = (uint8_t)0x0;
    *(uint8_t*)0x20000f43 = (uint8_t)0x2;
    *(uint8_t*)0x20000f44 = (uint8_t)0x10000000000000;
    *(uint32_t*)0x20000f48 = r[0];
    *(uint32_t*)0x20000f4c = r[0];
    *(uint64_t*)0x20000f50 = (uint64_t)0x0;
    *(uint64_t*)0x20000f58 = (uint64_t)0x0;
    *(uint64_t*)0x20000f60 = (uint64_t)0xfff;
    *(uint64_t*)0x20000f68 = (uint64_t)0x0;
    *(uint64_t*)0x20000f70 = (uint64_t)0x0;
    *(uint64_t*)0x20000f78 = (uint64_t)0x0;
    *(uint64_t*)0x20000f80 = (uint64_t)0x0;
    *(uint64_t*)0x20000f88 = (uint64_t)0x0;
    *(uint64_t*)0x20000f90 = (uint64_t)0x0;
    *(uint64_t*)0x20000f98 = (uint64_t)0x0;
    *(uint64_t*)0x20000fa0 = (uint64_t)0x0;
    *(uint64_t*)0x20000fa8 = (uint64_t)0x0;
    *(uint32_t*)0x20000fb0 = (uint32_t)0x0;
    *(uint32_t*)0x20000fb4 = (uint32_t)0x0;
    *(uint8_t*)0x20000fb8 = (uint8_t)0x1;
    *(uint8_t*)0x20000fb9 = (uint8_t)0x0;
    *(uint8_t*)0x20000fba = (uint8_t)0x20;
    *(uint8_t*)0x20000fbb = (uint8_t)0x2;
    *(uint32_t*)0x20000fc0 = (uint32_t)0x20000e0;
    *(uint32_t*)0x20000fd0 = (uint32_t)0x4;
    *(uint8_t*)0x20000fd4 = (uint8_t)0x1;
    *(uint16_t*)0x20000fd8 = (uint16_t)0xa;
    *(uint32_t*)0x20000fdc = (uint32_t)0x100007f;
    *(uint32_t*)0x20000fec = (uint32_t)0x21a9336f;
    *(uint8_t*)0x20000ff0 = (uint8_t)0x6;
    *(uint8_t*)0x20000ff1 = (uint8_t)0x0;
    *(uint8_t*)0x20000ff2 = (uint8_t)0xff;
    *(uint32_t*)0x20000ff4 = (uint32_t)0x7fff;
    *(uint32_t*)0x20000ff8 = (uint32_t)0x1;
    *(uint32_t*)0x20000ffc = (uint32_t)0x401;
    r[60] = syscall(__NR_setsockopt, r[1], 0x29ul, 0x23ul, 0x20000f18ul,
                    0xe8ul);
    break;
  case 3:
    *(uint64_t*)0x2013e000 = (uint64_t)0x2035f000;
    *(uint32_t*)0x2013e008 = (uint32_t)0x10;
    *(uint64_t*)0x2013e010 = (uint64_t)0x201cdf90;
    *(uint64_t*)0x2013e018 = (uint64_t)0x7;
    *(uint64_t*)0x2013e020 = (uint64_t)0x20ce6000;
    *(uint64_t*)0x2013e028 = (uint64_t)0x6;
    *(uint32_t*)0x2013e030 = (uint32_t)0x800;
    *(uint32_t*)0x2013e038 = (uint32_t)0x56;
    *(uint64_t*)0x2013e040 = (uint64_t)0x20000000;
    *(uint32_t*)0x2013e048 = (uint32_t)0x0;
    *(uint64_t*)0x2013e050 = (uint64_t)0x20945fd0;
    *(uint64_t*)0x2013e058 = (uint64_t)0x3;
    *(uint64_t*)0x2013e060 = (uint64_t)0x20f3f000;
    *(uint64_t*)0x2013e068 = (uint64_t)0x3;
    *(uint32_t*)0x2013e070 = (uint32_t)0x8000;
    *(uint32_t*)0x2013e078 = (uint32_t)0x5;
    *(uint16_t*)0x2035f000 = (uint16_t)0x2;
    *(uint16_t*)0x2035f002 = (uint16_t)0x234e;
    *(uint8_t*)0x2035f004 = (uint8_t)0xac;
    *(uint8_t*)0x2035f005 = (uint8_t)0x14;
    *(uint8_t*)0x2035f006 = (uint8_t)0x0;
    *(uint8_t*)0x2035f007 = (uint8_t)0xaa;
    *(uint8_t*)0x2035f008 = (uint8_t)0x0;
    *(uint8_t*)0x2035f009 = (uint8_t)0x0;
    *(uint8_t*)0x2035f00a = (uint8_t)0x0;
    *(uint8_t*)0x2035f00b = (uint8_t)0x0;
    *(uint8_t*)0x2035f00c = (uint8_t)0x0;
    *(uint8_t*)0x2035f00d = (uint8_t)0x0;
    *(uint8_t*)0x2035f00e = (uint8_t)0x0;
    *(uint8_t*)0x2035f00f = (uint8_t)0x0;
    *(uint64_t*)0x201cdf90 = (uint64_t)0x2007dfcc;
    *(uint64_t*)0x201cdf98 = (uint64_t)0x0;
    *(uint64_t*)0x201cdfa0 = (uint64_t)0x20491fa7;
    *(uint64_t*)0x201cdfa8 = (uint64_t)0x0;
    *(uint64_t*)0x201cdfb0 = (uint64_t)0x205d2000;
    *(uint64_t*)0x201cdfb8 = (uint64_t)0x0;
    *(uint64_t*)0x201cdfc0 = (uint64_t)0x20a93000;
    *(uint64_t*)0x201cdfc8 = (uint64_t)0x0;
    *(uint64_t*)0x201cdfd0 = (uint64_t)0x2040df43;
    *(uint64_t*)0x201cdfd8 = (uint64_t)0x0;
    *(uint64_t*)0x201cdfe0 = (uint64_t)0x20c26000;
    *(uint64_t*)0x201cdfe8 = (uint64_t)0x0;
    *(uint64_t*)0x201cdff0 = (uint64_t)0x20c97000;
    *(uint64_t*)0x201cdff8 = (uint64_t)0x0;
    *(uint64_t*)0x20ce6000 = (uint64_t)0x10;
    *(uint32_t*)0x20ce6008 = (uint32_t)0x10e;
    *(uint32_t*)0x20ce600c = (uint32_t)0x6;
    *(uint64_t*)0x20ce6010 = (uint64_t)0x10;
    *(uint32_t*)0x20ce6018 = (uint32_t)0xff;
    *(uint32_t*)0x20ce601c = (uint32_t)0x2;
    *(uint64_t*)0x20ce6020 = (uint64_t)0x10;
    *(uint32_t*)0x20ce6028 = (uint32_t)0x107;
    *(uint32_t*)0x20ce602c = (uint32_t)0x20000000;
    *(uint64_t*)0x20ce6030 = (uint64_t)0x10;
    *(uint32_t*)0x20ce6038 = (uint32_t)0x29;
    *(uint32_t*)0x20ce603c = (uint32_t)0x2;
    *(uint64_t*)0x20ce6040 = (uint64_t)0x10;
    *(uint32_t*)0x20ce6048 = (uint32_t)0x10f;
    *(uint32_t*)0x20ce604c = (uint32_t)0xfffffffffffffffd;
    *(uint64_t*)0x20ce6050 = (uint64_t)0x10;
    *(uint32_t*)0x20ce6058 = (uint32_t)0xff;
    *(uint32_t*)0x20ce605c = (uint32_t)0x32f36437;
    *(uint64_t*)0x20945fd0 = (uint64_t)0x20c0ff6b;
    *(uint64_t*)0x20945fd8 = (uint64_t)0x0;
    *(uint64_t*)0x20945fe0 = (uint64_t)0x20952fe8;
    *(uint64_t*)0x20945fe8 = (uint64_t)0x0;
    *(uint64_t*)0x20945ff0 = (uint64_t)0x20399000;
    *(uint64_t*)0x20945ff8 = (uint64_t)0x0;
    *(uint64_t*)0x20f3f000 = (uint64_t)0x10;
    *(uint32_t*)0x20f3f008 = (uint32_t)0x29;
    *(uint32_t*)0x20f3f00c = (uint32_t)0xc8cbef1;
    *(uint64_t*)0x20f3f010 = (uint64_t)0x10;
    *(uint32_t*)0x20f3f018 = (uint32_t)0x13f;
    *(uint32_t*)0x20f3f01c = (uint32_t)0x5;
    *(uint64_t*)0x20f3f020 = (uint64_t)0x10;
    *(uint32_t*)0x20f3f028 = (uint32_t)0x1ff;
    *(uint32_t*)0x20f3f02c = (uint32_t)0xffff;
    r[138] =
        syscall(__NR_sendmmsg, r[1], 0x2013e000ul, 0x2ul, 0xc040ul);
    break;
  case 4:
    break;
  }
  return 0;
}

void test()
{
  long i;
  pthread_t th[10];

  memset(r, -1, sizeof(r));
  for (i = 0; i < 5; i++) {
    pthread_create(&th[i], 0, thr, (void*)i);
    usleep(rand() % 10000);
  }
  usleep(rand() % 100000);
}

int main()
{
  loop();
  return 0;
}