// https://syzkaller.appspot.com/bug?id=0c13eb20d3026cfaa1632f4b45e4a0dd39bb990e
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  intptr_t res = 0;
  res = syscall(__NR_socket, /*domain=*/0xaul, /*type=*/1ul, /*proto=*/0x106);
  if (res != -1)
    r[0] = res;
  res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=SOCK_DGRAM*/ 2ul,
                /*proto=*/4);
  if (res != -1)
    r[1] = res;
  syscall(__NR_listen, /*fd=*/r[0], /*backlog=*/0);
  *(uint64_t*)0x20000040 = 0;
  *(uint32_t*)0x20000048 = 0;
  *(uint64_t*)0x20000050 = 0x20000080;
  *(uint64_t*)0x20000080 = 0x20000200;
  memcpy(
      (void*)0x20000200,
      "\x89\x00\x00\x00\x12\x00\x81\xae\x08\x06\x0c\xdc\x01\x6b\x3f\x08\x7f\x03"
      "\xe3\x0a\x00\x00\x00\x00\x00\xe2\xff\xca\x1b\x1f\x00\x00\x00\x00\x06\xc0"
      "\x0e\x72\xf7\x50\x37\x5e\xd0\x8a\x56\x33\x1d\xbf\x9e\xd7\x81\x5e\x38\x1a"
      "\xd6\xe7\x47\x03\x3a\x00\x93\xb8\x37\xdc\x6c\xc0\x1e\x32\xef\xac\xc8\xc7"
      "\xa6\xec\xbe\xc3\xd3\x53\x00\x12\x08\x00\x03\x00\x06\x01\x00\x00\xbd\xad"
      "\x44\x6b\x9b\xbc\x7a\x46\xe3\x98\x82\x85\xdc\xdf\x12\xf2\x13\x08\xf8\x68"
      "\xfe\xce\x01\x95\x5f\xed\x00\x09\xd7\x8f\x0a\x94\x7e\xe2\xb4\x9e\x33\x53"
      "\x8a\xfa\x8a\xf9\x23\x47\x51\x4f\x0b\x56\xa2",
      137);
  *(uint64_t*)0x20000088 = 0x89;
  *(uint64_t*)0x20000058 = 1;
  *(uint64_t*)0x20000060 = 0;
  *(uint64_t*)0x20000068 = 0;
  *(uint32_t*)0x20000070 = 0;
  syscall(__NR_sendmsg, /*fd=*/r[1], /*msg=*/0x20000040ul, /*f=*/0ul);
  return 0;
}