// https://syzkaller.appspot.com/bug?id=e6d1ed219bd92dd9b3e653eda032852996a9b457
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>

static uintptr_t syz_open_procfs(uintptr_t a0, uintptr_t a1)
{

  char buf[128];
  memset(buf, 0, sizeof(buf));
  if (a0 == 0) {
    snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1);
  } else if (a0 == (uintptr_t)-1) {
    snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1);
  } else {
    snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1);
  }
  int fd = open(buf, O_RDWR);
  if (fd == -1)
    fd = open(buf, O_RDONLY);
  return fd;
}

uint64_t r[4] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
                 0x0};
void loop()
{
  long res = 0;
  memcpy((void*)0x200000c0,
         "\x2f\x65\x78\x65\x00\x00\x00\x00\x00\x04\x09\x00\x4b\xdd\xd9\xde\x91"
         "\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0f\x79\x80\x58\x43\x9e\xd5\x54\xfa"
         "\x07\x42\x4a\xde\xe9\x01\xd2\xda\x75\xaf\x30\x02\x00\xf5\xab\xfb\x98"
         "\x45\xf9\xe1\x98\x59\xc9\x69\x32\x06\xf2\xc6\x0b\x00\x00\x00\x07\x19"
         "\xe1\xd6\x6e\x97\x01\x23\xd8\x93\xd9\x74\xe5\xb9\xc3\x28\x56\x77\xb2"
         "\x13\x98\x23\xe5\x50\x0c\x92\xab\x5b\x94\xda\x3a\x7d\xe1\x9f\x06\x3b"
         "\xb7\x65\xb0\x2b\xd5\xb6\x60\xfb\x7f\xa8\x98\xc6\xf5\xc6\x36\x9c\x3f"
         "\x36\x30\x68\xd1\x0a\xf8\x33\xf6\x47\x5b\xbe\x8b\x79\x67\x25\x5b\x17"
         "\x76\x07\xba\x10\x0f\x6c\x46\x54\x71\x82\x32\xdb\xda\x64\xaa\x1f\x69"
         "\xcf\x9a\xb5\xb3\xea\x3e\xd6\x34\x52\xb7\xeb\xd3\x7c\x9d\xae\x66\x4e"
         "\x32\x2e\x08\xad\x8f\x60\x29\xfe\x8f\xd0\xb3\x4c\x71\x17\x48\x04\x71"
         "\xae\xca\x0a\x3f\xc9\xec\xeb\x28\x50\x9c\xa8\xa8\x3e\x4f\x8b\x85\x13"
         "\x18\x08\xbc\x5c\xfb\x4c\xc2\x4e\x19\x01\x76\x9c\x08\x4c\x08\x27\x12"
         "\xb4\x70\x66\x6b\x6d\xdd\xf7\x4c\xed\x69\x39\x73\xba\x1d\xed\x8b",
         237);
  res = syz_open_procfs(0, 0x200000c0);
  if (res != -1)
    r[0] = res;
  syscall(__NR_ftruncate, r[0], 0x4d);
  memcpy((void*)0x20000500, "./file0", 8);
  syscall(__NR_creat, 0x20000500, 1);
  syscall(__NR_socket, 0xa, 1, 0);
  *(uint64_t*)0x200000c0 = 0x20000080;
  *(uint64_t*)0x20000080 = 0;
  *(uint32_t*)0x20000088 = 0;
  *(uint32_t*)0x2000008c = 0;
  *(uint16_t*)0x20000090 = 7;
  *(uint16_t*)0x20000092 = 0x7fff;
  *(uint32_t*)0x20000094 = -1;
  *(uint64_t*)0x20000098 = 0x20000100;
  *(uint64_t*)0x200000a0 = 0;
  *(uint64_t*)0x200000a8 = 7;
  *(uint64_t*)0x200000b0 = 0;
  *(uint32_t*)0x200000b8 = 0x10435006;
  *(uint32_t*)0x200000bc = -1;
  syscall(__NR_io_submit, 0, 1, 0x200000c0);
  *(uint16_t*)0x20000000 = 0x21;
  *(uint32_t*)0x20000004 = htobe32(2);
  *(uint16_t*)0x20000008 = htobe16(0x4e21);
  *(uint32_t*)0x2000000c = 0;
  memcpy((void*)0x20000010,
         "\x6c\x62\x6c\x63\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
         16);
  *(uint32_t*)0x20000020 = 1;
  *(uint32_t*)0x20000024 = 0x7fffffff;
  *(uint32_t*)0x20000028 = htobe32(0x2f);
  *(uint32_t*)0x2000002c = htobe32(0x7f000001);
  *(uint16_t*)0x20000030 = htobe16(0x4e24);
  *(uint32_t*)0x20000034 = 3;
  *(uint32_t*)0x20000038 = 6;
  *(uint32_t*)0x2000003c = 0xaca;
  *(uint32_t*)0x20000040 = 0xfff;
  syscall(__NR_setsockopt, -1, 0, 0x487, 0x20000000, 0x44);
  *(uint32_t*)0x20005ac0 = 4;
  *(uint32_t*)0x20005ac4 = 7;
  *(uint32_t*)0x20005ac8 = 0x80;
  *(uint32_t*)0x20005acc = 0xc521;
  *(uint8_t*)0x20005ad0 = 0x9a;
  *(uint8_t*)0x20005ad1 = 0x32;
  *(uint8_t*)0x20005ad2 = 6;
  *(uint8_t*)0x20005ad3 = 4;
  *(uint32_t*)0x20005ad4 = 0x1ff;
  *(uint32_t*)0x20005ad8 = 0xadd;
  *(uint32_t*)0x20005adc = 4;
  *(uint32_t*)0x20005ae0 = 0x400;
  syscall(__NR_ioctl, -1, 0x5402, 0x20005ac0);
  syscall(__NR_io_submit, 0, 0x1ffffffffffffe87, 0x20000000);
  memcpy((void*)0x20000040, "/dev/full", 10);
  syscall(__NR_openat, 0xffffffffffffff9c, 0x20000040, 0x80000, 0);
  syscall(__NR_socket, 0x10, 3, 0);
  syscall(__NR_madvise, 0x20ffc000, 0x1000, 0xf);
  res = syscall(__NR_socketpair, 3, 7, 8, 0x200026c0);
  if (res != -1)
    r[1] = *(uint32_t*)0x200026c0;
  syscall(__NR_ioctl, r[1], 0x5411, 0x20002700);
  *(uint32_t*)0x20000300 = 0x6e;
  syscall(__NR_accept4, 0xffffff9c, 0x20000280, 0x20000300, 0x80000);
  res = syscall(__NR_dup3, 0xffffff9c, -1, 0x80000);
  if (res != -1)
    r[2] = res;
  res = syscall(__NR_io_setup, 7, 0x20000180);
  if (res != -1)
    r[3] = *(uint64_t*)0x20000180;
  *(uint64_t*)0x200004c0 = 0x20000240;
  *(uint64_t*)0x20000240 = 0;
  *(uint32_t*)0x20000248 = 0;
  *(uint32_t*)0x2000024c = 0;
  *(uint16_t*)0x20000250 = 6;
  *(uint16_t*)0x20000252 = 0xfffb;
  *(uint32_t*)0x20000254 = r[2];
  *(uint64_t*)0x20000258 = 0x200001c0;
  *(uint64_t*)0x20000260 = 0;
  *(uint64_t*)0x20000268 = 5;
  *(uint64_t*)0x20000270 = 0;
  *(uint32_t*)0x20000278 = 1;
  *(uint32_t*)0x2000027c = -1;
  *(uint64_t*)0x200004c8 = 0x20000380;
  *(uint64_t*)0x20000380 = 0;
  *(uint32_t*)0x20000388 = 0;
  *(uint32_t*)0x2000038c = 0;
  *(uint16_t*)0x20000390 = 2;
  *(uint16_t*)0x20000392 = 3;
  *(uint32_t*)0x20000394 = -1;
  *(uint64_t*)0x20000398 = 0x20000280;
  memcpy((void*)0x20000280,
         "\xb4\x03\x33\x21\x6b\x33\x3d\x68\x8b\xc4\x58\x12\x03\x83\xec\x98\xe7"
         "\x80\x86\x5f\xf7\x4f\xf1\x6c\x4a\x05\x5c\x00\x59\xae\x89\x2f\x80\x53"
         "\x8e\x9e\x49\xde\x94\x97\xf6\x2e\x5d\xfc\x21\x16\x7c\xe7\x9e\x82\xf2"
         "\x68\x9c\x15\xff\x27\x7d\xa7\xe8\xf4\xbd\xf4\x05\x99\x9c\x57\x85\xbf"
         "\xaf\x7a\xf3\x30\xa3\x10\xa8\xcf\xd6\x63\x90\x5b\x5e\x2a\x08\xec\x12"
         "\x15\x86\xa7\x78\x6b\xee\x6b\xd2\xe4\x88\xd7\x24\x48\xaa\xdb\x85\x4b"
         "\xdf\x62\xde\xd6\x45\x12\xb0\x5d\x52\xcf\x67\x6d\x80\xb7\x22\x32\xa7"
         "\x14\xa9\x9d\x95\xc3\x4f\x44\x28\x8e\xb2\xb1\x83\x43\xa6\xe7\x33\x06"
         "\x01\xf0\xbc\x09\xc1\xf0\xdd\xdf\xbb\x11\xc1\x90\x7b\x27\x09\xd8\xd0"
         "\x22\xa9\xc5\x54\xa2\xeb\x21\x54\xa1\x80\x50\x8d\x5b\xc7\x76\x48\x2c"
         "\x22\x16\xac\xcc\xee\x9c\x92\x4a\xfa\x1d\x62\xc1\xb6\xed\x13\x28\x52"
         "\xb9\x60\xf0\x62\xc6\x0a\x44\x58\x45\x63\x2e\xb9\xab\x28\x04\x66\x99"
         "\x48",
         205);
  *(uint64_t*)0x200003a0 = 0xcd;
  *(uint64_t*)0x200003a8 = 3;
  *(uint64_t*)0x200003b0 = 0;
  *(uint32_t*)0x200003b8 = 1;
  *(uint32_t*)0x200003bc = r[2];
  *(uint64_t*)0x200004d0 = 0x20000400;
  *(uint64_t*)0x20000400 = 0;
  *(uint32_t*)0x20000408 = 0;
  *(uint32_t*)0x2000040c = 0;
  *(uint16_t*)0x20000410 = 1;
  *(uint16_t*)0x20000412 = 0;
  *(uint32_t*)0x20000414 = r[2];
  *(uint64_t*)0x20000418 = 0x200003c0;
  *(uint64_t*)0x20000420 = 0;
  *(uint64_t*)0x20000428 = 0xfffffffffffffff8;
  *(uint64_t*)0x20000430 = 0;
  *(uint32_t*)0x20000438 = 0;
  *(uint32_t*)0x2000043c = -1;
  *(uint64_t*)0x200004d8 = 0x20000480;
  *(uint64_t*)0x20000480 = 0;
  *(uint32_t*)0x20000488 = 0;
  *(uint32_t*)0x2000048c = 0;
  *(uint16_t*)0x20000490 = 8;
  *(uint16_t*)0x20000492 = 0x91c;
  *(uint32_t*)0x20000494 = r[2];
  *(uint64_t*)0x20000498 = 0x20000440;
  memcpy((void*)0x20000440, "\xc3\xd4\x41\xc2\x60\xd3\x65\xf9\x58\x3f\x00\xe0"
                            "\xb0\xf0\xbd\x22\xc4\x1a\x94\x60\x3b\x97\x29\xda"
                            "\x5c\x4d\x2a\xfb\x7b\xd3\x8f\xb7\x3a\x36",
         34);
  *(uint64_t*)0x200004a0 = 0x22;
  *(uint64_t*)0x200004a8 = 0x878a;
  *(uint64_t*)0x200004b0 = 0;
  *(uint32_t*)0x200004b8 = 0;
  *(uint32_t*)0x200004bc = -1;
  syscall(__NR_io_submit, r[3], 4, 0x200004c0);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}