// https://syzkaller.appspot.com/bug?id=a74718ca902617e6aa7327aa008b25844eccf2d3
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <termios.h>
#include <unistd.h>
#include <util.h>

#define __syscall syscall

static uintptr_t syz_open_pts(void)
{
  int master, slave;
  if (openpty(&master, &slave, NULL, NULL, NULL) == -1)
    return -1;
  if (dup2(master, master + 100) != -1)
    close(master);
  return slave;
}

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul);
  intptr_t res = 0;
  syscall(SYS_close, -1);
  res = syz_open_pts();
  if (res != -1)
    r[0] = res;
  syscall(SYS_kqueue);
  *(uint64_t*)0x20000300 = 0x20000100;
  memcpy(
      (void*)0x20000100,
      "\x54\x9c\x1e\xae\x43\x30\xb8\x29\x0d\xef\x6c\x88\x53\xb7\xee\xe7\xc5\x2d"
      "\x2f\x3c\x14\xbe\x54\x49\xe3\x40\x06\xfc\xa8\xe2\x03\xd2\x6a\x95\x8e\x92"
      "\xd9\x43\x56\xbc\xa4\x03\xa4\x3a\x71\xfc\xa2\x2f\x74\xe3\x45\x00\x08\xa0"
      "\x33\x22\xe4\xf6\x16\x82\x25\x34\xc1\xd4\x3e\xc7\x01\x86\x08\x1b\x19\xed"
      "\x61\x55\xa0\x7f\x8c\xfc\xae\x2a\xc0\xb7\xea\xcf\x0b\x99\xcf\x96\x5d\x61"
      "\x94\x9d\xe0\xa6\x00\x94\x73\xbe\x5a\xc5\xf7\x1d\xa9\xc3\x86\x57\xda\xd6"
      "\x14\x95\x91\xb9\xe6\x4f\xc6\x15\x05\x1a\x0d\xf3\x16\x40\xc0\xe0\x2f\xb0"
      "\x97\x11\xf1\x03\xa5\x4d\xaf\x22\xa8\x0f\x4d\xcd\x30\x1c\xc7\x4f\x1d\x74"
      "\x39\x4d\x14\xd1\xcf\x16\xbe\x64\x58\xce\xa3\xc3\x54\x8d\x5e\x6e\x23\x7d"
      "\x09\x49\x87\x66\x11\x91\x7b\xea\x41\xe7\x9e\xf7\x1a\xb9\xb9\xf8\x0c\x94"
      "\xa8\x4b\xb6\x8b\x97\x7e\xca\x30\xf6\xb6\xfa\x05",
      192);
  *(uint64_t*)0x20000308 = 0xc0;
  *(uint64_t*)0x20000310 = 0;
  *(uint64_t*)0x20000318 = 0;
  *(uint64_t*)0x20000320 = 0;
  *(uint64_t*)0x20000328 = 0;
  syscall(SYS_writev, r[0], 0x20000300ul, 3ul);
  return 0;
}