// https://syzkaller.appspot.com/bug?id=059cee5623ce519359e7440ba6d0d6af8b82694e
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#ifndef __NR_bpf
#define __NR_bpf 321
#endif

uint64_t r[1] = {0xffffffffffffffff};
void loop()
{
  long res = 0;
  *(uint32_t*)0x20000200 = 0xc;
  *(uint32_t*)0x20000204 = 0xe;
  *(uint64_t*)0x20000208 = 0x20000000;
  memcpy((void*)0x20000000,
         "\xb7\x02\x00\x00\x02\x00\x00\x00\xbf\xa3\x00\x00\x00\x00\x00\x00\x07"
         "\x03\x00\x00\x00\xfe\xff\xff\x7a\x0a\xf0\xff\xf8\xff\xff\xff\x79\xa4"
         "\xf0\xff\x00\x00\x00\x00\xb7\x06\x00\x00\xff\xff\xff\xff\x2d\x64\x05"
         "\x00\x00\x00\x00\x00\x65\x04\x04\x00\x01\x00\x00\x00\x04\x04\x00\x00"
         "\x01\x00\x00\x00\xb7\x03\x00\x00\x00\x00\x00\x00\x6a\x0a\x00\xfe\x00"
         "\x00\x00\x00\x85\x00\x00\x00\x2b\x00\x00\x00\xb7\x00\x00\x00\x00\x00"
         "\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00",
         112);
  *(uint64_t*)0x20000210 = 0x20000340;
  memcpy((void*)0x20000340, "syzkaller", 10);
  *(uint32_t*)0x20000218 = 0;
  *(uint32_t*)0x2000021c = 0;
  *(uint64_t*)0x20000220 = 0;
  *(uint32_t*)0x20000228 = 0;
  *(uint32_t*)0x2000022c = 0;
  *(uint8_t*)0x20000230 = 0;
  *(uint8_t*)0x20000231 = 0;
  *(uint8_t*)0x20000232 = 0;
  *(uint8_t*)0x20000233 = 0;
  *(uint8_t*)0x20000234 = 0;
  *(uint8_t*)0x20000235 = 0;
  *(uint8_t*)0x20000236 = 0;
  *(uint8_t*)0x20000237 = 0;
  *(uint8_t*)0x20000238 = 0;
  *(uint8_t*)0x20000239 = 0;
  *(uint8_t*)0x2000023a = 0;
  *(uint8_t*)0x2000023b = 0;
  *(uint8_t*)0x2000023c = 0;
  *(uint8_t*)0x2000023d = 0;
  *(uint8_t*)0x2000023e = 0;
  *(uint8_t*)0x2000023f = 0;
  *(uint32_t*)0x20000240 = 0;
  *(uint32_t*)0x20000244 = 0;
  res = syscall(__NR_bpf, 5, 0x20000200, 0x48);
  if (res != -1)
    r[0] = res;
  *(uint32_t*)0x20000180 = r[0];
  *(uint32_t*)0x20000184 = 0;
  *(uint32_t*)0x20000188 = 0xea;
  *(uint32_t*)0x2000018c = 0x5f;
  *(uint64_t*)0x20000190 = 0x20000480;
  memcpy((void*)0x20000480,
         "\x7d\x7e\x89\x4c\xd2\x4c\x34\x37\x46\x1b\x49\x19\x55\x40\x15\x9e\xcf"
         "\x94\x58\x16\xc9\x4e\x7d\x30\x67\xca\x18\x7c\xac\x92\x41\x53\xb4\x62"
         "\x0a\x28\x59\x92\xd4\x20\x05\x3a\xca\xa2\x75\xad\x73\xac\xe8\x98\x9d"
         "\x8e\x43\x1e\x8c\x78\xcd\x17\x13\xab\x2c\x03\x27\x50\xab\xff\x02\xed"
         "\x83\x10\xbe\x33\x83\x36\x8d\x08\xa8\xcf\x4d\x78\xd4\xb3\x14\xb6\x9e"
         "\x56\xbe\xe9\xb3\x7a\x23\x83\xf8\x23\xd6\x93\x15\xc2\x8e\x12\x1b\x16"
         "\x4b\x51\x58\xed\x5d\xee\x21\x3d\xed\x98\x96\x96\xb5\x70\x16\x11\x1e"
         "\xcb\x16\xd2\xd4\x91\x89\x72\x2d\x72\xe8\xb6\xfa\xcf\x61\x3c\xb3\xae"
         "\x26\xad\x34\x3e\x74\x95\xdc\x49\x32\x6b\x17\xc8\x31\xb8\xa8\xf7\x03"
         "\xe9\x7b\xb7\xc3\x08\x28\x42\xe2\x0a\xee\x40\xf9\x2d\xec\x57\xd5\x2e"
         "\x3c\x56\xbf\x4b\xfb\x5e\x40\xce\xf2\x22\xcf\xdb\x35\x3f\x18\xbf\xb4"
         "\x12\xe1\x06\x5d\x6c\x6f\xc6\xf1\x63\x91\xf2\x5f\xad\xfd\xe5\x89\xca"
         "\x4f\x9b\x70\x65\x11\xf0\x19\x0e\xe4\xe1\x34\xd2\xe7\xa6\x2c\xd1\xb8"
         "\x09\x8c\x2a\x4c\x53\xa3\x07\x82\x22\x5b\xc5\xb9\xce",
         234);
  *(uint64_t*)0x20000198 = 0x200000c0;
  *(uint32_t*)0x200001a0 = 0x3ff;
  *(uint32_t*)0x200001a4 = 0;
  syscall(__NR_bpf, 0xa, 0x20000180, 0x28);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}