// https://syzkaller.appspot.com/bug?id=2c595167294aa449aaa72ecf3cac3357318b4ccb
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1)

#define BITMASK_LEN_OFF(type, bf_off, bf_len)                                  \
  (type)(BITMASK_LEN(type, (bf_len)) << (bf_off))

#define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len)                      \
  if ((bf_off) == 0 && (bf_len) == 0) {                                        \
    *(type*)(addr) = (type)(val);                                              \
  } else {                                                                     \
    type new_val = *(type*)(addr);                                             \
    new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len));                     \
    new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off);          \
    *(type*)(addr) = new_val;                                                  \
  }

long r[2];
void loop()
{
  memset(r, -1, sizeof(r));
  syscall(__NR_mmap, 0x20000000, 0xe75000, 3, 0x32, -1, 0);
  *(uint8_t*)0x20000000 = 0xaa;
  *(uint8_t*)0x20000001 = 0xaa;
  *(uint8_t*)0x20000002 = 0xaa;
  *(uint8_t*)0x20000003 = 0xaa;
  *(uint8_t*)0x20000004 = 0;
  *(uint8_t*)0x20000005 = 0xbb;
  *(uint8_t*)0x20000006 = 0;
  *(uint8_t*)0x20000007 = 0;
  *(uint8_t*)0x20000008 = 0;
  *(uint8_t*)0x20000009 = 0;
  *(uint8_t*)0x2000000a = 0;
  *(uint8_t*)0x2000000b = 0;
  *(uint16_t*)0x2000000c = htobe16(0x9100);
  STORE_BY_BITMASK(uint16_t, 0x2000000e, 0, 0, 3);
  STORE_BY_BITMASK(uint16_t, 0x2000000e, 0, 3, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000000e, 0, 4, 12);
  *(uint16_t*)0x20000010 = htobe16(0x8100);
  STORE_BY_BITMASK(uint16_t, 0x20000012, 0, 0, 3);
  STORE_BY_BITMASK(uint16_t, 0x20000012, 0, 3, 1);
  STORE_BY_BITMASK(uint16_t, 0x20000012, 0, 4, 12);
  *(uint16_t*)0x20000014 = htobe16(0xd);
  STORE_BY_BITMASK(uint32_t, 0x20000016, 0, 0, 29);
  STORE_BY_BITMASK(uint32_t, 0x20000016, 0, 29, 1);
  STORE_BY_BITMASK(uint32_t, 0x20000016, 0x4b7, 30, 1);
  STORE_BY_BITMASK(uint32_t, 0x20000016, 0, 31, 1);
  *(uint8_t*)0x2000001a = 0;
  *(uint8_t*)0x2000001b = 0;
  *(uint8_t*)0x2000001c = 0;
  *(uint8_t*)0x2000001d = 0;
  memcpy((void*)0x2000001e,
         "\x98\x38\x4b\xf4\x19\x00\x65\xdb\x70\xa7\xe8\xfb\x3a\xee\xf8\x4c\x59"
         "\x5d\x5b\xec\x5a\xee\xa6\x7b\xd4\x27\x9e\x5b\x61\x85\x90\x35\x0e\x1f"
         "\x71\x03\xcf\x44\xc1\xa5\xc9\xdb\x6b\x66\xd7\x50\x57\x76\xcc\xaf\xfc"
         "\x31\xd9\xab\x72\x19\x84\x22\x8c\x52\x1d\x73\x15\xf6",
         64);
  *(uint32_t*)0x20000ff4 = 0;
  *(uint32_t*)0x20000ff8 = 1;
  *(uint32_t*)0x20000ffc = 0;
  memcpy((void*)0x207b8000, "/selinux/member", 16);
  syscall(__NR_openat, 0xffffffffffffff9c, 0x207b8000, 2, 0);
  r[0] = syscall(__NR_socket, 0xa, 2, 0);
  *(uint16_t*)0x20d4c000 = 0xa;
  *(uint16_t*)0x20d4c002 = htobe16(0x4e21);
  *(uint32_t*)0x20d4c004 = 7;
  *(uint64_t*)0x20d4c008 = htobe64(0);
  *(uint64_t*)0x20d4c010 = htobe64(1);
  *(uint32_t*)0x20d4c018 = 0x1c28;
  syscall(__NR_connect, r[0], 0x20d4c000, 0x1c);
  *(uint16_t*)0x20e6f000 = 0xa;
  *(uint16_t*)0x20e6f002 = htobe16(0x4e22);
  *(uint32_t*)0x20e6f004 = 0;
  *(uint8_t*)0x20e6f008 = 0;
  *(uint8_t*)0x20e6f009 = 0;
  *(uint8_t*)0x20e6f00a = 0;
  *(uint8_t*)0x20e6f00b = 0;
  *(uint8_t*)0x20e6f00c = 0;
  *(uint8_t*)0x20e6f00d = 0;
  *(uint8_t*)0x20e6f00e = 0;
  *(uint8_t*)0x20e6f00f = 0;
  *(uint8_t*)0x20e6f010 = 0;
  *(uint8_t*)0x20e6f011 = 0;
  *(uint8_t*)0x20e6f012 = -1;
  *(uint8_t*)0x20e6f013 = -1;
  *(uint8_t*)0x20e6f014 = 0xac;
  *(uint8_t*)0x20e6f015 = 0x14;
  *(uint8_t*)0x20e6f016 = 0;
  *(uint8_t*)0x20e6f017 = 0xaa;
  *(uint32_t*)0x20e6f018 = 1;
  syscall(__NR_connect, r[0], 0x20e6f000, 0x1c);
  r[1] = syscall(__NR_socket, 0x18, 1, 1);
  *(uint16_t*)0x205fafd2 = 0x18;
  *(uint32_t*)0x205fafd4 = 1;
  *(uint32_t*)0x205fafd8 = 0;
  *(uint32_t*)0x205fafdc = r[0];
  *(uint16_t*)0x205fafe0 = 2;
  *(uint16_t*)0x205fafe2 = htobe16(0x4e21);
  *(uint32_t*)0x205fafe4 = htobe32(0xe0000002);
  *(uint8_t*)0x205fafe8 = 0;
  *(uint8_t*)0x205fafe9 = 0;
  *(uint8_t*)0x205fafea = 0;
  *(uint8_t*)0x205fafeb = 0;
  *(uint8_t*)0x205fafec = 0;
  *(uint8_t*)0x205fafed = 0;
  *(uint8_t*)0x205fafee = 0;
  *(uint8_t*)0x205fafef = 0;
  *(uint32_t*)0x205faff0 = 4;
  *(uint32_t*)0x205faff4 = 0;
  *(uint32_t*)0x205faff8 = 2;
  *(uint32_t*)0x205faffc = 0;
  syscall(__NR_connect, r[1], 0x205fafd2, 0x2e);
  *(uint64_t*)0x2037ffc8 = 0x209dd000;
  *(uint32_t*)0x2037ffd0 = 0xc;
  *(uint64_t*)0x2037ffd8 = 0x202ceff0;
  *(uint64_t*)0x2037ffe0 = 1;
  *(uint64_t*)0x2037ffe8 = 0;
  *(uint64_t*)0x2037fff0 = 0;
  *(uint32_t*)0x2037fff8 = 0x8820;
  *(uint16_t*)0x209dd000 = 0x10;
  *(uint16_t*)0x209dd002 = 0;
  *(uint32_t*)0x209dd004 = 0;
  *(uint32_t*)0x209dd008 = 2;
  *(uint64_t*)0x202ceff0 = 0x2097b000;
  *(uint64_t*)0x202ceff8 = 0xfff1;
  *(uint32_t*)0x2097b000 = 0x10;
  *(uint16_t*)0x2097b004 = 0x14;
  *(uint16_t*)0x2097b006 = 0x200;
  *(uint32_t*)0x2097b008 = 0x70bd26;
  *(uint32_t*)0x2097b00c = 0x25dfdbfe;
  syscall(__NR_sendmsg, r[1], 0x2037ffc8, 0x81);
}

int main()
{
  loop();
  return 0;
}