// https://syzkaller.appspot.com/bug?id=f9c94b10e49ae0433f27c4838c7e0f0a321606f5
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_bind
#define __NR_bind 361
#endif
#ifndef __NR_mmap
#define __NR_mmap 192
#endif
#ifndef __NR_sendmmsg
#define __NR_sendmmsg 345
#endif
#ifndef __NR_sendmsg
#define __NR_sendmsg 370
#endif
#ifndef __NR_sendto
#define __NR_sendto 369
#endif
#ifndef __NR_socket
#define __NR_socket 359
#endif
#undef __NR_mmap
#define __NR_mmap __NR_mmap2

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  long res = 0;
  *(uint32_t*)0x20000180 = 0;
  *(uint32_t*)0x20000184 = 0;
  *(uint32_t*)0x20000188 = 0x20000000;
  *(uint32_t*)0x20000000 = 0x20000100;
  *(uint32_t*)0x20000004 = 0x3c7;
  *(uint32_t*)0x2000018c = 1;
  *(uint32_t*)0x20000190 = 0;
  *(uint32_t*)0x20000194 = 0;
  *(uint32_t*)0x20000198 = 0;
  syscall(__NR_sendmsg, -1, 0x20000180, 0);
  *(uint32_t*)0x200001c0 = 0;
  *(uint32_t*)0x200001c4 = 0;
  *(uint32_t*)0x200001c8 = 0x20000000;
  *(uint32_t*)0x20000000 = 0x20184000;
  memcpy((void*)0x20184000,
         "\x02\x0e\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08"
         "\x00\x12\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x00\x00"
         "\x01\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x03\x00\x06\x00\x00"
         "\x00\x00\x00\x02\x00\x00\x80\xac\x14\xff\xbb\xf0\x00\x00\x00\x00\x00"
         "\x04\x00\x03\x00\x05\x00\x00\x00\x00\x00\x02\x00\x42\x3b\x1d\x63\x2b"
         "\x91\xc5\x20\x00\x00\x00\x00\x00\x00",
         128);
  *(uint32_t*)0x20000004 = 0x80;
  *(uint32_t*)0x200001cc = 1;
  *(uint32_t*)0x200001d0 = 0;
  *(uint32_t*)0x200001d4 = 0;
  *(uint32_t*)0x200001d8 = 0;
  syscall(__NR_sendmsg, -1, 0x200001c0, 0);
  res = syscall(__NR_socket, 0xf, 3, 2);
  if (res != -1)
    r[0] = res;
  syscall(__NR_sendmmsg, (long)r[0], 0x20000180, 0x44b084a6, 0);
  res = syscall(__NR_socket, 0xa, 0x80002, 0x88);
  if (res != -1)
    r[1] = res;
  *(uint16_t*)0x20000080 = 0xa;
  *(uint16_t*)0x20000082 = htobe16(0x4e23);
  *(uint32_t*)0x20000084 = 0;
  *(uint8_t*)0x20000088 = 0;
  *(uint8_t*)0x20000089 = 0;
  *(uint8_t*)0x2000008a = 0;
  *(uint8_t*)0x2000008b = 0;
  *(uint8_t*)0x2000008c = 0;
  *(uint8_t*)0x2000008d = 0;
  *(uint8_t*)0x2000008e = 0;
  *(uint8_t*)0x2000008f = 0;
  *(uint8_t*)0x20000090 = 0;
  *(uint8_t*)0x20000091 = 0;
  *(uint8_t*)0x20000092 = 0;
  *(uint8_t*)0x20000093 = 0;
  *(uint8_t*)0x20000094 = 0;
  *(uint8_t*)0x20000095 = 0;
  *(uint8_t*)0x20000096 = 0;
  *(uint8_t*)0x20000097 = 0;
  *(uint32_t*)0x20000098 = 0;
  syscall(__NR_bind, (long)r[1], 0x20000080, 0x1c);
  *(uint16_t*)0x20000440 = 0xa;
  *(uint16_t*)0x20000442 = htobe16(0x4e23);
  *(uint32_t*)0x20000444 = 0;
  *(uint8_t*)0x20000448 = -1;
  *(uint8_t*)0x20000449 = 2;
  *(uint8_t*)0x2000044a = 0;
  *(uint8_t*)0x2000044b = 0;
  *(uint8_t*)0x2000044c = 0;
  *(uint8_t*)0x2000044d = 0;
  *(uint8_t*)0x2000044e = 0;
  *(uint8_t*)0x2000044f = 0;
  *(uint8_t*)0x20000450 = 0;
  *(uint8_t*)0x20000451 = 0;
  *(uint8_t*)0x20000452 = 0;
  *(uint8_t*)0x20000453 = 0;
  *(uint8_t*)0x20000454 = 0;
  *(uint8_t*)0x20000455 = 0;
  *(uint8_t*)0x20000456 = 0;
  *(uint8_t*)0x20000457 = 1;
  *(uint32_t*)0x20000458 = 0;
  syscall(__NR_sendto, (long)r[1], 0x20000080, 0, 0x4048080, 0x20000440, 0x1c);
  *(uint16_t*)0x20000000 = 0xa;
  *(uint16_t*)0x20000002 = htobe16(0);
  *(uint32_t*)0x20000004 = 0;
  *(uint8_t*)0x20000008 = 0;
  *(uint8_t*)0x20000009 = 0;
  *(uint8_t*)0x2000000a = 0;
  *(uint8_t*)0x2000000b = 0;
  *(uint8_t*)0x2000000c = 0;
  *(uint8_t*)0x2000000d = 0;
  *(uint8_t*)0x2000000e = 0;
  *(uint8_t*)0x2000000f = 0;
  *(uint8_t*)0x20000010 = 0;
  *(uint8_t*)0x20000011 = 0;
  *(uint8_t*)0x20000012 = 0;
  *(uint8_t*)0x20000013 = 0;
  *(uint8_t*)0x20000014 = 0;
  *(uint8_t*)0x20000015 = 0;
  *(uint8_t*)0x20000016 = 0;
  *(uint8_t*)0x20000017 = 0;
  *(uint32_t*)0x20000018 = 0;
  syscall(__NR_sendto, (long)r[1], 0x20000140, 0, 0, 0x20000000, 0x1c);
  return 0;
}