// https://syzkaller.appspot.com/bug?id=e4d1fe725b6efe5ce4e8e7f84f7462a1128e86ba
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1)

#define BITMASK_LEN_OFF(type, bf_off, bf_len)                                  \
  (type)(BITMASK_LEN(type, (bf_len)) << (bf_off))

#define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len)                      \
  if ((bf_off) == 0 && (bf_len) == 0) {                                        \
    *(type*)(addr) = (type)(val);                                              \
  } else {                                                                     \
    type new_val = *(type*)(addr);                                             \
    new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len));                     \
    new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off);          \
    *(type*)(addr) = new_val;                                                  \
  }

struct csum_inet {
  uint32_t acc;
};

static void csum_inet_init(struct csum_inet* csum)
{
  csum->acc = 0;
}

static void csum_inet_update(struct csum_inet* csum, const uint8_t* data,
                             size_t length)
{
  if (length == 0)
    return;

  size_t i;
  for (i = 0; i < length - 1; i += 2)
    csum->acc += *(uint16_t*)&data[i];

  if (length & 1)
    csum->acc += (uint16_t)data[length - 1];

  while (csum->acc > 0xffff)
    csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16);
}

static uint16_t csum_inet_digest(struct csum_inet* csum)
{
  return ~csum->acc;
}

uint64_t r[1] = {0xffffffffffffffff};
void loop()
{
  long res = 0;
  res = syscall(__NR_socket, 0xa, 3, 0x2c);
  if (res != -1)
    r[0] = res;
  *(uint16_t*)0x20000180 = 0xa;
  *(uint16_t*)0x20000182 = htobe16(0);
  *(uint32_t*)0x20000184 = 0;
  *(uint8_t*)0x20000188 = 0;
  *(uint8_t*)0x20000189 = 0;
  *(uint8_t*)0x2000018a = 0;
  *(uint8_t*)0x2000018b = 0;
  *(uint8_t*)0x2000018c = 0;
  *(uint8_t*)0x2000018d = 0;
  *(uint8_t*)0x2000018e = 0;
  *(uint8_t*)0x2000018f = 0;
  *(uint8_t*)0x20000190 = 0;
  *(uint8_t*)0x20000191 = 0;
  *(uint8_t*)0x20000192 = 0;
  *(uint8_t*)0x20000193 = 0;
  *(uint8_t*)0x20000194 = 0;
  *(uint8_t*)0x20000195 = 0;
  *(uint8_t*)0x20000196 = 0;
  *(uint8_t*)0x20000197 = 0;
  *(uint32_t*)0x20000198 = 0;
  syscall(__NR_connect, r[0], 0x20000180, 0x1c);
  *(uint64_t*)0x20007000 = 0;
  *(uint32_t*)0x20007008 = 0;
  *(uint64_t*)0x20007010 = 0x200000c0;
  *(uint64_t*)0x20007018 = 0;
  *(uint64_t*)0x20007020 = 0x20000100;
  *(uint64_t*)0x20007028 = 0;
  *(uint32_t*)0x20007030 = 0;
  syscall(__NR_sendmsg, r[0], 0x20007000, 0x2000c080);
  *(uint64_t*)0x20001c40 = 0x20000c40;
  memcpy(
      (void*)0x20000c40,
      "\x2e\x8d\x37\xa0\xa4\x68\xa7\x5c\xde\x39\x72\xea\x1b\x98\x04\x77\x16\xf4"
      "\x0b\x14\x5c\x6a\x9b\x70\xc0\x8c\x26\x47\xbd\xcb\xd1\x26\x0b\xe6\xb6\xe9"
      "\x7d\xb5\x87\x5d\x1c\x93\x5b\x2a\x8f\x19\x1f\x27\x32\x5a\x81\x07\x92\x31"
      "\xe1\xee\x6a\xa8\x10\xe2\xf9\x17\x8c\x30\x92\x48\x43\xf8\xdc\x41\x0c\x49"
      "\x41\xb7\xb6\x13\xcf\x33\x97\x94\x3e\xec\x25\x9b\x66\x9b\x99\xee\x25\x77"
      "\xf4\x19\x65\x4c\x2f\xb3\x22\x2f\xb0\xcb\x11\xc1\xa6\xff\x33\xfe\x0b\x9b"
      "\xcb\xd6\xa5\x1f\x4a\xbb\x7f\x02\x4a\x80\xde\x88\xf1\x15\xcb\x20\x62\x94"
      "\x8a\xc4\x8e\xfd\xe8\xd3\x3d\x4b\x86\x55\xff\x1e\x08\x2a\x95\x72\x1e\x86"
      "\xe9\x90\x9d\xdc\xd4\x7a\x67\x56\xa8\x86\xbb\xc6\xdc\x82\xff\xdb\xab\x31"
      "\xed\x0c\xae\xf0\x4e\x4d\x6e\x37\xbb\x06\xce\xb8\xb1\xb3\x42\xca\x95\xda"
      "\xa7\x0b\x0e\x85\xa5\x35\x2f\xaf\x14\xde\x3e\xb2\xed\x31\x83\x8a\xec\x89"
      "\xed\x4f\xc0\x62\xce\x93\x4f\x1a\x35\x95\xbb\x90\x12\x36\xe9\x6f\xb4\x1a"
      "\xf2\x1b\xa3\x19\xfb\x1b\x82\xbf\x3d\xba\xb0\x32\x90\x04\x7e\x70\x56\x1f"
      "\x19\xb5\xd0\xe4\x69\x12\x70\xc9\xad\x2b\x21\xb6\x42\xdd\x2c\x97\x60\xfa"
      "\x79\xd8\x24\xec\x22\x19\x9b\x8d\x94\x6f\x84\x9a\x42\xb2\x93\xe7\x24\xb1"
      "\x8c\x8d\x25\x9f\x93\xf1\x20\xf1\x38\x20\x6c\x7d\xc7\xdc\xde\x23\xf5\x3c"
      "\x4d\x42\x3f\xe0\xce\x9f\xc0\xa3\xb2\xc3\xbe\x29\x6f\xa0\x06\xb0\xeb\x0f"
      "\xb2\x7d\x88\xb5\x68\xb2\xce\x7b\xf5\x9b\x67\xee\x65\x47\xfd\x19\x6c\x6f"
      "\xfd\x70\x70\xbe\x0c\xb1\xcb\x23\x84\x97\xd5\xb7\x7c\x06\x1c\xc4\x8a\x26"
      "\xba\xaf\x0c\x25\x8e\xd2\x5f\x6b\x35\xc3\x54\xb8\xf8\x3b\x3d\x96\x49\xce"
      "\x73\x05\x2a\xcc\x38\x28\x41\xdd\x4a\xd2\x2f\x7c\xd0\xf9\x21\x99\x1e\x90"
      "\xe9\xec\x7a\x82\xee\x26\x87\x2b\xa0\xc7\xc4\x1d\x09\xb8\x17\xcf\xd7\x4d"
      "\x6c\xcb\xab\xc0\x1e\xf8\x17\xcf\x43\x7e\x79\xbf\x03\xa3\x81\x30\xa9\xb2"
      "\x11\xef\xcf\xb4\x74\xe5\x3c\xd5\x48\x61\x3e\xaa\x36\x2b\x60\xcd\x52\xe9"
      "\xcd\xb4\xcf\xd7\xbd\xaf\xdd\x75\x69\x23\x1f\x4c\x4b\x71\xbb\xcf\xf3\xdf"
      "\xb5\x9b\x9c\xbc\x0b\x4e\xb2\xc1\x4a\xa0\xf6\x75\xe1\xe1\x5b\xb1\xa5\x39"
      "\x89\xdb\x07\x66\x6f\x2b\x3f\x64\xe1\xc4\x24\x66\x5d\x73\xf6\xbe\xf0\xcb"
      "\x1f\x35\x9b\x9e\x0c\xaf\x5b\xa3\x0d\x46\x87\xc4\x44\xe2\x95\x66\x10\x99"
      "\x6e\x2c\xa3\xb9\x2a\xf0\x76\x43\x2a\x48\x96\xf5\xe1\x68\x01\xe5\x75\x23"
      "\xbc\xfa\xbe\x84\x41\x7d\x52\xd2\x46\xc0\x4f\xec\x67\x03\xa5\x47\x66\x04"
      "\xff\x75\x98\x86\x8f\x90\xce\x3c\x27\x32\x29\xe2\x63\x5b\x90\x2f\x33\x68"
      "\x4f\x28\xa9\xdd\x0e\xf0\x10\x86\xb6\x7b\xeb\x4b\x07\x17\xe3\x03\x12\x44"
      "\x2b\x7a\x4a\x2b\x55\x2e\xa0\xc4\x5f\x3c\xc1\xab\x28\x7b\x75\x08\x54\xc0"
      "\xd7\x10\x50\xe7\x36\x57\x1b\x71\x19\x91\xdf\x2a\xb0\x04\x45\xb3\xa7\xc0"
      "\x2d\x31\x82\x99\xe8\x7f\x0f\xaa\x6b\x64\xe3\x4b\xb7\x60\xcd\x55\xa6\xd9"
      "\x06\x09\x5b\x99\x4c\xe7\x98\x0a\x4f\x4c\xc3\x00\xbb\xad\x32\x58\x56\x3d"
      "\x2c\x7a\xbb\x79\x06\x99\xa9\x21\x80\x08\x33\x32\xf9\xa6\x0c\x73\x60\x28"
      "\xb1\xd0\x65\xf9\xfc\x3d\x08\x62\xf0\xf3\x10\x50\xc7\xba\x76\xb9\xb6\x51"
      "\x63\x41\x47\x4f\xdc\xf5\x4f\xda\x80\xd5\xc4\x6e\xd8\x32\xc3\x9b\x78\x90"
      "\x81\x75\x18\x7d\x80\xe1\x99\x63\xaf\x10\x73\x75\xbf\xea\x22\xf0\x90\x06"
      "\x8b\x72\xe2\xff\x1b\x7a\x44\xfd\x64\x7d\xe2\xad\x35\x80\x3a\x6f\xde\x43"
      "\x85\xe3\x85\x0f\x30\x06\x85\x78\x55\xd4\xd7\x00\x4b\x0e\xf6\xfb\x4f\xcb"
      "\x39\x57\x21\xc8\xbb\x57\x65\xe9\x32\x5b\x7f\xb9\x78\x74\xd1\xf3\xd3\xe4"
      "\xb4\x7f\xd1\x2a\x32\x71\x72\xdb\xa3\xb9\x0d\xbf\x23\x3e\x01\xf0\xed\xa7"
      "\x1a\xa5\xd3\xd0\xd9\xfc\x36\x2e\xae\xd6\x5d\x32\x49\x3c\x3b\x28\x66\x74"
      "\xdb\xb5\x1e\x35\x0a\x53\x17\xa1\xc7\xb7\xac\xdb\x4c\x1c\xfd\x06\x74\x8b"
      "\x4b\xb5\x27\x8c\xe2\x59\x10\x9f\xf5\x8e\xf7\x0c\x9a\x05\x01\xd7\xfb\x4d"
      "\x15\x82\x0d\xd8\xa6\x6b\xe2\x97\x0b\xcd\x5c\xbf\x36\x3b\x84\x4c\x67\x97"
      "\x22\xef\x4e\x6c\x7f\xd5\x82\x78\x09\xaf\x59\x3d\x43\x6b\xb7\xd5\xa4\xd9"
      "\xa5\xc8\xb2\x65\x51\xef\x17\xb0\x5c\xed\xce\x60\xa1\x31\x8d\xf7\x40\x9c"
      "\xf5\x66\x7c\xb8\xcd\x1a\xc2\xbc\x88\x9e\xba\x3a\x5c\x75\x7e\x43\x62\x9b"
      "\x0a\x24\xb9\x22\x15\x22\x67\x6c\xe0\xa6\x3a\xed\x78\x31\xa3\x6a\x65\x18"
      "\x24\x2b\x4c\x35\x68\x3b\xb1\x79\x44\x24\x26\x7a\x19\xca\x00\xd4\xdf\x05"
      "\x8c\x16\xbd\x99\x05\x9b\x08\xd5\x30\x8d\x70\xca\xa4\x37\x74\x02\xfe\xfc"
      "\xc3\xb9\x6d\xcb\x47\x48\xfa\x50\xda\xba\xfd\xce\xa1\x5d\x61\x39\x6d\x11"
      "\x16\x17\x32\x2b\x3a\xa6\x1d\x25\x33\x5c\xcc\x3b\xcb\x4f\x79\xe0\x41\x58"
      "\x68\xf5\x12\xc8\x61\xfe\xce\x33\xaa\x07\xa9\xff\x87\xe9\xef\x1b\xc2\x6a"
      "\xe0\x8b\xa1\x81\xb9\x60\x72\xf1\x83\xc5\xb7\x85\x44\x4c\x6d\x47\x4c\x8e"
      "\xa2\xb0\x59\x1e\xa2\xf0\x76\x7d\xe2\x2e\xaa\x96\x98\xc2\x5a\xbf\xfa\x0c"
      "\x3f\x9f\x69\x65\x46\xca\x46\xba\xdd\x91\xe0\x54\x10\xe6\x0d\x50\xa3\xab"
      "\x53\xa5\xd9\xbc\x7a\x43\x9b\x68\xc6\x0d\x60\xb7\x83\xcb\x11\xe8\xba\x0a"
      "\xb6\xd0\x2f\x59\xfc\xae\x51\x27\x3b\xa6\x05\x06\x28\x65\x39\x3e\xbf\x2b"
      "\xc7\x71\x90\x3f\xca\xa3\xce\x88\xd4\xe4\x7d\x81\xf0\x18\xb9\xf4\xc0\xc6"
      "\xca\xb9\x6a\x68\xb0\x9d\x58\xe7\xd9\x28\xc0\x70\xb3\x59\xb3\xdb\xf1\x47"
      "\x66\x72\x15\xcd\xfa\xdb\x48\xb5\x4a\xa7\xe0\x8f\x56\x1d\x89\x4a\x0e\x9b"
      "\xe8\x50\x23\xac\xe2\x68\x04\xd4\x31\xa6\xbf\x9a\xe2\xe6\xb5\xa7\xa1\xd3"
      "\x72\x03\x5f\x6a\x61\x7b\xcd\x3d\x9d\xdd\x74\x35\x66\x12\xfd\xc8\x18\xda"
      "\xc2\x81\x8a\x3d\xbd\x2b\x60\x18\x3f\xf6\x2c\xec\xe5\x53\xac\x9c\x64\xe9"
      "\x54\xef\xaf\xf7\x7b\xa0\xe4\xbd\xfc\xd6\x2a\xd7\x67\x77\xd4\xff\xd0\xc0"
      "\xea\x97\x06\x12\x06\x30\xcc\x02\xf5\x2c\xa8\x31\xf8\x2a\x48\x5c\xd6\x68"
      "\xd2\x16\x32\x97\x1f\x65\x5e\x33\x4d\x29\x98\x93\x84\x7d\x0c\x30\x48\x75"
      "\x1e\x49\xbb\x58\xe9\x22\x19\x29\xb9\x45\xed\x60\x58\x0d\x40\xce\x38\xcb"
      "\x10\x12\x45\x61\x61\x65\xf0\x91\x92\x36\x8c\xfb\x55\x38\xfa\x5d\xca\xed"
      "\x28\xe5\xf2\x52\xc0\xcc\x93\x61\xdb\x99\x6d\x72\x34\x35\x08\x7b\xc2\x76"
      "\x39\x3e\x09\xa3\x1d\x4b\x13\x7b\x4b\x80\x2a\xbb\xd4\x65\x38\x95\xf6\x3d"
      "\x57\x29\x24\xa8\x7a\xb1\xbc\xc6\x51\x91\x63\x16\xd8\x99\x0f\xa5\x93\xcc"
      "\x40\x1f\xf3\xe8\x2b\xae\x12\x74\x23\x22\x1a\x0e\x8a\xba\x85\xf9\x90\x6b"
      "\xaf\x31\x06\x6b\x2b\x9e\xff\xee\xe2\xcf\x78\xc1\x8b\x98\x26\xc4\xe8\x93"
      "\xf0\xf6\xf4\x79\x8f\xc7\x9b\xf9\xda\x94\x0f\x3f\x9c\x9b\x25\xd1\x8e\xbd"
      "\x2f\x09\xe9\x2e\x2a\xc2\xa9\x47\xf7\x46\xbb\xbf\x33\x2c\x44\x7d\xaa\x6c"
      "\xa4\x1f\x3a\xdd\xdf\x1a\xb8\x7d\x6e\x05\xac\x2c\xf3\xd5\x1c\xf0\xbe\x5b"
      "\x13\x83\x6a\x7e\xd0\xbb\x29\x97\xb7\x52\x8a\x04\x74\x97\x25\xb4\x7e\x7d"
      "\x9e\x9a\x52\xcc\x30\xe3\x7b\x00\x96\x18\xee\xe4\xd0\xd2\xb4\x97\xb9\xfe"
      "\x8c\x7b\x99\xb0\xdd\x7d\x58\x1c\xd1\x71\xb4\x3c\x73\x20\x3d\xe4\x30\xa1"
      "\x1a\x93\x7d\x72\x35\xc1\x4c\x63\xa6\x4a\x46\x58\xc7\xb3\x56\xb1\x4d\x5d"
      "\x7e\x3d\xd4\xb3\xbc\x6d",
      1536);
  *(uint64_t*)0x20001c48 = 0x600;
  syscall(__NR_writev, r[0], 0x20001c40, 1);
  *(uint8_t*)0x20000000 = -1;
  *(uint8_t*)0x20000001 = -1;
  *(uint8_t*)0x20000002 = -1;
  *(uint8_t*)0x20000003 = -1;
  *(uint8_t*)0x20000004 = -1;
  *(uint8_t*)0x20000005 = -1;
  *(uint8_t*)0x20000006 = 0;
  *(uint8_t*)0x20000007 = 0;
  *(uint8_t*)0x20000008 = 0;
  *(uint8_t*)0x20000009 = 0;
  *(uint8_t*)0x2000000a = 0;
  *(uint8_t*)0x2000000b = 0;
  *(uint16_t*)0x2000000c = htobe16(0x800);
  STORE_BY_BITMASK(uint8_t, 0x2000000e, 5, 0, 4);
  STORE_BY_BITMASK(uint8_t, 0x2000000e, 4, 4, 4);
  STORE_BY_BITMASK(uint8_t, 0x2000000f, 0, 0, 2);
  STORE_BY_BITMASK(uint8_t, 0x2000000f, 0, 2, 6);
  *(uint16_t*)0x20000010 = htobe16(0x1c);
  *(uint16_t*)0x20000012 = htobe16(0);
  *(uint16_t*)0x20000014 = htobe16(0);
  *(uint8_t*)0x20000016 = 0;
  *(uint8_t*)0x20000017 = 0x89;
  *(uint16_t*)0x20000018 = 0;
  *(uint32_t*)0x2000001a = htobe32(0);
  *(uint32_t*)0x2000001e = htobe32(-1);
  *(uint8_t*)0x20000022 = 0;
  *(uint8_t*)0x20000023 = 0;
  *(uint16_t*)0x20000024 = 0;
  *(uint32_t*)0x20000026 = htobe32(0xe0000001);
  *(uint32_t*)0x200000c0 = 1;
  *(uint32_t*)0x200000c4 = 1;
  *(uint32_t*)0x200000c8 = 0;
  *(uint32_t*)0x200000cc = 0;
  *(uint32_t*)0x200000d0 = 0;
  *(uint32_t*)0x200000d4 = 0;
  struct csum_inet csum_1;
  csum_inet_init(&csum_1);
  csum_inet_update(&csum_1, (const uint8_t*)0x20000022, 8);
  *(uint16_t*)0x20000024 = csum_inet_digest(&csum_1);
  struct csum_inet csum_2;
  csum_inet_init(&csum_2);
  csum_inet_update(&csum_2, (const uint8_t*)0x2000000e, 20);
  *(uint16_t*)0x20000018 = csum_inet_digest(&csum_2);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}