// https://syzkaller.appspot.com/bug?id=7bd6fc42489ba2eb2a9e44977633abd1c2fe0624
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1)

#define BITMASK_LEN_OFF(type, bf_off, bf_len)                          \
  (type)(BITMASK_LEN(type, (bf_len)) << (bf_off))

#define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len)              \
  if ((bf_off) == 0 && (bf_len) == 0) {                                \
    *(type*)(addr) = (type)(val);                                      \
  } else {                                                             \
    type new_val = *(type*)(addr);                                     \
    new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len));             \
    new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off);  \
    *(type*)(addr) = new_val;                                          \
  }

struct csum_inet {
  uint32_t acc;
};

static void csum_inet_init(struct csum_inet* csum)
{
  csum->acc = 0;
}

static void csum_inet_update(struct csum_inet* csum,
                             const uint8_t* data, size_t length)
{
  if (length == 0)
    return;

  size_t i;
  for (i = 0; i < length - 1; i += 2)
    csum->acc += *(uint16_t*)&data[i];

  if (length & 1)
    csum->acc += (uint16_t)data[length - 1];

  while (csum->acc > 0xffff)
    csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16);
}

static uint16_t csum_inet_digest(struct csum_inet* csum)
{
  return ~csum->acc;
}

#ifndef __NR_mmap
#define __NR_mmap 90
#endif
#ifndef __NR_socket
#define __NR_socket 359
#endif
#ifndef __NR_setsockopt
#define __NR_setsockopt 366
#endif
#ifndef __NR_sendto
#define __NR_sendto 369
#endif
#undef __NR_mmap
#define __NR_mmap __NR_mmap2

long r[130];
void loop()
{
  memset(r, -1, sizeof(r));
  r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
                 0xfffffffffffffffful, 0x0ul);
  r[1] = syscall(__NR_socket, 0x2ul, 0x3ul, 0x4ul);
  *(uint32_t*)0x20000000 = (uint32_t)0x0;
  *(uint8_t*)0x20000010 = (uint8_t)0xac;
  *(uint8_t*)0x20000011 = (uint8_t)0x14;
  *(uint8_t*)0x20000012 = (uint8_t)0x0;
  *(uint8_t*)0x20000013 = (uint8_t)0xbb;
  *(uint16_t*)0x20000020 = (uint16_t)0x204e;
  *(uint16_t*)0x20000022 = (uint16_t)0x0;
  *(uint16_t*)0x20000024 = (uint16_t)0x204e;
  *(uint16_t*)0x20000026 = (uint16_t)0x0;
  *(uint16_t*)0x20000028 = (uint16_t)0x2;
  *(uint8_t*)0x2000002a = (uint8_t)0x0;
  *(uint8_t*)0x2000002b = (uint8_t)0x0;
  *(uint8_t*)0x2000002c = (uint8_t)0x0;
  *(uint32_t*)0x20000030 = (uint32_t)0x0;
  *(uint32_t*)0x20000034 = (uint32_t)0x0;
  *(uint64_t*)0x20000038 = (uint64_t)0x0;
  *(uint64_t*)0x20000040 = (uint64_t)0x0;
  *(uint64_t*)0x20000048 = (uint64_t)0xfffffffffffffffc;
  *(uint64_t*)0x20000050 = (uint64_t)0x0;
  *(uint64_t*)0x20000058 = (uint64_t)0x0;
  *(uint64_t*)0x20000060 = (uint64_t)0x0;
  *(uint64_t*)0x20000068 = (uint64_t)0x0;
  *(uint64_t*)0x20000070 = (uint64_t)0x0;
  *(uint64_t*)0x20000078 = (uint64_t)0x0;
  *(uint64_t*)0x20000080 = (uint64_t)0x0;
  *(uint64_t*)0x20000088 = (uint64_t)0x0;
  *(uint64_t*)0x20000090 = (uint64_t)0x0;
  *(uint32_t*)0x20000098 = (uint32_t)0x0;
  *(uint32_t*)0x2000009c = (uint32_t)0x0;
  *(uint8_t*)0x200000a0 = (uint8_t)0x1;
  *(uint8_t*)0x200000a1 = (uint8_t)0x0;
  *(uint8_t*)0x200000a2 = (uint8_t)0x0;
  *(uint8_t*)0x200000a3 = (uint8_t)0x0;
  *(uint64_t*)0x200000a8 = (uint64_t)0x0;
  *(uint64_t*)0x200000b0 = (uint64_t)0x100000000000000;
  *(uint32_t*)0x200000b8 = (uint32_t)0x0;
  *(uint8_t*)0x200000bc = (uint8_t)0x81;
  *(uint16_t*)0x200000c0 = (uint16_t)0xa;
  *(uint64_t*)0x200000c4 = (uint64_t)0x0;
  *(uint64_t*)0x200000cc = (uint64_t)0x100000000000000;
  *(uint32_t*)0x200000d4 = (uint32_t)0x8000000;
  *(uint8_t*)0x200000d8 = (uint8_t)0x0;
  *(uint8_t*)0x200000d9 = (uint8_t)0x0;
  *(uint8_t*)0x200000da = (uint8_t)0x0;
  *(uint32_t*)0x200000dc = (uint32_t)0x0;
  *(uint32_t*)0x200000e0 = (uint32_t)0x0;
  *(uint32_t*)0x200000e4 = (uint32_t)0x0;
  r[49] = syscall(__NR_setsockopt, r[1], 0x0ul, 0x11ul, 0x20000000ul,
                  0xe8ul);
  *(uint16_t*)0x2000e000 = (uint16_t)0x2;
  *(uint16_t*)0x2000e002 = (uint16_t)0x204e;
  *(uint8_t*)0x2000e004 = (uint8_t)0xac;
  *(uint8_t*)0x2000e005 = (uint8_t)0x14;
  *(uint8_t*)0x2000e006 = (uint8_t)0x0;
  *(uint8_t*)0x2000e007 = (uint8_t)0xaa;
  *(uint8_t*)0x2000e008 = (uint8_t)0x0;
  *(uint8_t*)0x2000e009 = (uint8_t)0x0;
  *(uint8_t*)0x2000e00a = (uint8_t)0x0;
  *(uint8_t*)0x2000e00b = (uint8_t)0x0;
  *(uint8_t*)0x2000e00c = (uint8_t)0x0;
  *(uint8_t*)0x2000e00d = (uint8_t)0x0;
  *(uint8_t*)0x2000e00e = (uint8_t)0x0;
  *(uint8_t*)0x2000e00f = (uint8_t)0x0;
  r[64] = syscall(__NR_sendto, r[1], 0x2089b000ul, 0x0ul, 0x0ul,
                  0x2000e000ul, 0x10ul);
  memcpy((void*)0x20e7e000, "\xef\xa1\x06\xa7\x29\x0c", 6);
  *(uint8_t*)0x20e7e006 = (uint8_t)0xaa;
  *(uint8_t*)0x20e7e007 = (uint8_t)0xaa;
  *(uint8_t*)0x20e7e008 = (uint8_t)0xaa;
  *(uint8_t*)0x20e7e009 = (uint8_t)0xaa;
  *(uint8_t*)0x20e7e00a = (uint8_t)0xaa;
  *(uint8_t*)0x20e7e00b = (uint8_t)0x0;
  *(uint16_t*)0x20e7e00c = (uint16_t)0x8;
  STORE_BY_BITMASK(uint8_t, 0x20e7e00e, 0x5, 0, 4);
  STORE_BY_BITMASK(uint8_t, 0x20e7e00e, 0x4, 4, 4);
  STORE_BY_BITMASK(uint8_t, 0x20e7e00f, 0x0, 0, 2);
  STORE_BY_BITMASK(uint8_t, 0x20e7e00f, 0xfffffffffffffffd, 2, 6);
  *(uint16_t*)0x20e7e010 = (uint16_t)0x5400;
  *(uint16_t*)0x20e7e012 = (uint16_t)0x6400;
  *(uint16_t*)0x20e7e014 = (uint16_t)0x0;
  *(uint8_t*)0x20e7e016 = (uint8_t)0x0;
  *(uint8_t*)0x20e7e017 = (uint8_t)0x400000000001;
  *(uint16_t*)0x20e7e018 = (uint16_t)0x0;
  *(uint8_t*)0x20e7e01a = (uint8_t)0xac;
  *(uint8_t*)0x20e7e01b = (uint8_t)0x14;
  *(uint8_t*)0x20e7e01c = (uint8_t)0x0;
  *(uint8_t*)0x20e7e01d = (uint8_t)0xbb;
  *(uint8_t*)0x20e7e01e = (uint8_t)0xac;
  *(uint8_t*)0x20e7e01f = (uint8_t)0x14;
  *(uint8_t*)0x20e7e020 = (uint8_t)0x0;
  *(uint8_t*)0x20e7e021 = (uint8_t)0xaa;
  *(uint8_t*)0x20e7e022 = (uint8_t)0x3;
  *(uint8_t*)0x20e7e023 = (uint8_t)0x0;
  *(uint16_t*)0x20e7e024 = (uint16_t)0x0;
  *(uint8_t*)0x20e7e026 = (uint8_t)0x0;
  *(uint8_t*)0x20e7e027 = (uint8_t)0x0;
  *(uint16_t*)0x20e7e028 = (uint16_t)0x0;
  STORE_BY_BITMASK(uint8_t, 0x20e7e02a, 0xe, 0, 4);
  STORE_BY_BITMASK(uint8_t, 0x20e7e02a, 0x4, 4, 4);
  STORE_BY_BITMASK(uint8_t, 0x20e7e02b, 0x6, 0, 2);
  STORE_BY_BITMASK(uint8_t, 0x20e7e02b, 0x0, 2, 6);
  *(uint16_t*)0x20e7e02c = (uint16_t)0x0;
  *(uint16_t*)0x20e7e02e = (uint16_t)0x6400;
  *(uint16_t*)0x20e7e030 = (uint16_t)0x0;
  *(uint8_t*)0x20e7e032 = (uint8_t)0x0;
  *(uint8_t*)0x20e7e033 = (uint8_t)0x6;
  *(uint16_t*)0x20e7e034 = (uint16_t)0x0;
  *(uint8_t*)0x20e7e036 = (uint8_t)0xac;
  *(uint8_t*)0x20e7e037 = (uint8_t)0x14;
  *(uint8_t*)0x20e7e038 = (uint8_t)0x0;
  *(uint8_t*)0x20e7e039 = (uint8_t)0xaa;
  *(uint32_t*)0x20e7e03a = (uint32_t)0x100007f;
  *(uint8_t*)0x20e7e03e = (uint8_t)0x89;
  *(uint8_t*)0x20e7e03f = (uint8_t)0x1b;
  *(uint8_t*)0x20e7e040 = (uint8_t)0x7fffffff;
  *(uint32_t*)0x20e7e041 = (uint32_t)0x0;
  *(uint32_t*)0x20e7e045 = (uint32_t)0x10000e0;
  *(uint32_t*)0x20e7e049 = (uint32_t)0xffffffff;
  *(uint8_t*)0x20e7e04d = (uint8_t)0xac;
  *(uint8_t*)0x20e7e04e = (uint8_t)0x14;
  *(uint8_t*)0x20e7e04f = (uint8_t)0x0;
  *(uint8_t*)0x20e7e050 = (uint8_t)0xaa;
  *(uint32_t*)0x20e7e051 = (uint32_t)0x0;
  *(uint32_t*)0x20e7e055 = (uint32_t)0x10000e0;
  *(uint8_t*)0x20e7e059 = (uint8_t)0x86;
  *(uint8_t*)0x20e7e05a = (uint8_t)0x6;
  *(uint32_t*)0x20e7e05b = (uint32_t)0x0;
  struct csum_inet csum_127;
  csum_inet_init(&csum_127);
  csum_inet_update(&csum_127, (const uint8_t*)0x20e7e022, 64);
  *(uint16_t*)0x20e7e024 = csum_inet_digest(&csum_127);
  struct csum_inet csum_128;
  csum_inet_init(&csum_128);
  csum_inet_update(&csum_128, (const uint8_t*)0x20e7e00e, 20);
  *(uint16_t*)0x20e7e018 = csum_inet_digest(&csum_128);
}

int main()
{
  loop();
  return 0;
}