// https://syzkaller.appspot.com/bug?id=f1f8862259d2cffb304012de69a37f84f5dcd0fe
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <termios.h>
#include <unistd.h>
#include <util.h>

#define __syscall syscall

static uintptr_t syz_open_pts(void)
{
  int master, slave;
  if (openpty(&master, &slave, NULL, NULL, NULL) == -1)
    return -1;
  if (dup2(master, master + 100) != -1)
    close(master);
  return slave;
}

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  intptr_t res = 0;
  *(uint64_t*)0x20000000 = 8;
  *(uint64_t*)0x20000008 = 0x95;
  syscall(SYS_setrlimit, 8ul, 0x20000000ul);
  res = syz_open_pts();
  if (res != -1)
    r[0] = res;
  syscall(SYS_close, r[0]);
  syz_open_pts();
  *(uint32_t*)0x20000040 = 0;
  *(uint32_t*)0x20000044 = 0xcb;
  *(uint32_t*)0x20000048 = 5;
  *(uint32_t*)0x2000004c = 0xffff64ad;
  memcpy((void*)0x20000050,
         "\x92\x54\x75\x44\x7d\xc5\xff\x4f\x9a\x89\x33\xec\x72\x54\xa4\x00\x00"
         "\x00\x00\x00",
         20);
  *(uint32_t*)0x20000064 = 0;
  *(uint32_t*)0x20000068 = 0;
  syscall(SYS_ioctl, r[0], 0x802c7414ul, 0x20000040ul);
  *(uint64_t*)0x20000200 = 0x20000380;
  memcpy(
      (void*)0x20000380,
      "\x03\x5d\xf5\xa7\x2e\xe8\x41\x5f\xdf\x13\xd3\x82\x5b\xf2\x0d\x06\xf5\x63"
      "\x24\xa7\x08\xbf\x0b\x88\x0a\x60\x55\x65\x25\x2d\x40\x64\x3b\x62\x1e\x14"
      "\x55\x11\xa1\xe8\x9d\x7c\xb1\x5b\x7b\x4f\xc8\x87\xc9\xe3\x8e\x10\xa9\x51"
      "\xe0\xeb\x6f\xd2\x80\x4a\xec\x72\x63\x1a\xdc\x30\x1f\x42\x59\x47\x75\xe9"
      "\xc1\xb5\xec\x25\xd2\xe3\xd5\x10\x27\x04\xa0\x1c\x85\x49\x71\x85\xe6\x4e"
      "\x1d\xe6\xb0\x9c\x41\x87\xe7\x1a\x86\xdf\xa1\x47\x97\xa4\x97\x08\x18\xdf"
      "\xad\xc4\x81\x96\xb4\x05\x69\x92\x0a\xdf\xd2\x05\xbf\xa0\x95\x61\x54\x17"
      "\x34\xa9\x88\xf0\x52\xad\x99\x72\x04\x73\xa2\x11\xbb\xd9\xf8\x6a\x4c\xdf"
      "\x08\x68\x0d\x0d\xda\x06\xd9\x07\x15\x4f\xb0\x7f\x46\xa0\x46\xcd\xf0\x13"
      "\x94\xba\xf4\x11\x4d\x4d\x5d\x5b\xeb\x82\xe9\x09\x6e\x8e\xa1\x70\x40\x78"
      "\x05\xaf\xd8\x91\x87\x6d\x2b\x78\x7a\x69\xac\xc0\xcb\x81\x22\x3b\x19\x65"
      "\x6d\x8a\xe1\x8e\x98\xa9\x2e\xf3\x62\x87\xd8\x44\x3d\xc8\xda\x00\xc0\x59"
      "\x86\xfc\x07\x3e\x7a\xc6\x92\x25\x11\x57\x33\x0e\xe8\x42\x5f\xae\xcf\xf6"
      "\x87\xc0\xe0\x28\xdb\xc1\xce\x95\x99\xfb\x80\x2a\x64\xdd\x7b\x47\x3c\x93"
      "\x25\x53\x05\xab\x85\xe6\x82\xde\xa1\x3e\x2d\xe6\xef\xb4\xcf\xfb\xe1\x5c"
      "\x45\xed\x08\x1d\x20\x98\x22\xe5\x4a\xf9\x50\xc6\x83\x83\x76\x50\xb4\xa6"
      "\xcd\x81\x2f\x16\xc3\x82\xfc\x62\x52\x26\x3a\x09\xda\x43\x66\x75\xa8\xcc"
      "\x1c\x99\x99\x15\x65\xf7\xaa\x87\xf9\xdb\x21\x7b\xad\x08\x60\x13\x67\x68"
      "\x28",
      325);
  *(uint64_t*)0x20000208 = 0xffffff35;
  syscall(SYS_writev, r[0], 0x20000200ul, 1ul);
  return 0;
}