// https://syzkaller.appspot.com/bug?id=202f8d9e3f611eee81261f8c66e225e215480c3b
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_listen
#define __NR_listen 201
#endif
#ifndef __NR_mmap
#define __NR_mmap 222
#endif
#ifndef __NR_sendmsg
#define __NR_sendmsg 211
#endif
#ifndef __NR_socket
#define __NR_socket 198
#endif

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  intptr_t res = 0;
  res = syscall(__NR_socket, /*domain=*/2ul, /*type=*/1ul, /*proto=*/0x106);
  if (res != -1)
    r[0] = res;
  syscall(__NR_listen, /*fd=*/r[0], /*backlog=*/0);
  res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=SOCK_DGRAM*/ 2ul,
                /*proto=*/4);
  if (res != -1)
    r[1] = res;
  *(uint64_t*)0x20000240 = 0;
  *(uint32_t*)0x20000248 = 0;
  *(uint64_t*)0x20000250 = 0x20000140;
  *(uint64_t*)0x20000140 = 0x20000280;
  memcpy(
      (void*)0x20000280,
      "\x89\x00\x00\x00\x12\x00\x81\xae\x08\x06\x0c\xdc\x03\x00\x00\x00\x7f\x03"
      "\xe3\xca\x00\x00\x00\x00\x00\xe2\xff\xca\x1b\x1f\x00\x00\x00\x00\x04\xc0"
      "\x0e\x72\xf7\x50\x37\x5e\xd0\x8a\x56\x33\x1d\xbf\x9e\xd7\x81\x5e\x38\x1a"
      "\xd6\xe7\x47\x03\x3a\x00\x93\xb8\x37\xdc\x6c\xc0\x1e\x32\xef\xae\xc8\xc7"
      "\xa6\xec\x00\x12\x08\x6e\x00\x00\x06\x01\x00\x00\xbd\xad\x44\x6b\x9b\xbc"
      "\x7a\x46\xe3\x98\x82\x85\xdc\xdf\x12\xf2\x13\x08\xf8\x68\xfe\xce\x01\x95"
      "\x5f\xed\x00\x09\xd7\x8f\x0a\x94\x7e\xe2\xb4\x9e\x33\x53\x8a\xfa\x8a\xf9"
      "\x23\x47\x51\x4f\x0b\x56\xa2\x0f\xf2\x7f\xff",
      137);
  *(uint64_t*)0x20000148 = 0x89;
  *(uint64_t*)0x20000258 = 1;
  *(uint64_t*)0x20000260 = 0;
  *(uint64_t*)0x20000268 = 0;
  *(uint32_t*)0x20000270 = 0;
  syscall(__NR_sendmsg, /*fd=*/r[1], /*msg=*/0x20000240ul, /*f=*/0ul);
  return 0;
}