// https://syzkaller.appspot.com/bug?id=f7a58ce0d580d25ffedb3c3176cc506796d6181f
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1)

#define BITMASK_LEN_OFF(type, bf_off, bf_len)                                  \
  (type)(BITMASK_LEN(type, (bf_len)) << (bf_off))

#define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len)                      \
  if ((bf_off) == 0 && (bf_len) == 0) {                                        \
    *(type*)(addr) = (type)(val);                                              \
  } else {                                                                     \
    type new_val = *(type*)(addr);                                             \
    new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len));                     \
    new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off);          \
    *(type*)(addr) = new_val;                                                  \
  }

#ifndef __NR_bpf
#define __NR_bpf 321
#endif

long r[4];
void loop()
{
  memset(r, -1, sizeof(r));
  syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0);
  r[0] = syscall(__NR_socket, 0xf, 3, 2);
  *(uint32_t*)0x20eb0fb8 = 1;
  *(uint32_t*)0x20eb0fbc = 3;
  *(uint64_t*)0x20eb0fc0 = 0x209ff000;
  *(uint64_t*)0x20eb0fc8 = 0x202bf000;
  *(uint32_t*)0x20eb0fd0 = 4;
  *(uint32_t*)0x20eb0fd4 = 0xb7;
  *(uint64_t*)0x20eb0fd8 = 0x20061f49;
  *(uint32_t*)0x20eb0fe0 = 0;
  *(uint32_t*)0x20eb0fe4 = 0;
  *(uint8_t*)0x20eb0fe8 = 0;
  *(uint8_t*)0x20eb0fe9 = 0;
  *(uint8_t*)0x20eb0fea = 0;
  *(uint8_t*)0x20eb0feb = 0;
  *(uint8_t*)0x20eb0fec = 0;
  *(uint8_t*)0x20eb0fed = 0;
  *(uint8_t*)0x20eb0fee = 0;
  *(uint8_t*)0x20eb0fef = 0;
  *(uint8_t*)0x20eb0ff0 = 0;
  *(uint8_t*)0x20eb0ff1 = 0;
  *(uint8_t*)0x20eb0ff2 = 0;
  *(uint8_t*)0x20eb0ff3 = 0;
  *(uint8_t*)0x20eb0ff4 = 0;
  *(uint8_t*)0x20eb0ff5 = 0;
  *(uint8_t*)0x20eb0ff6 = 0;
  *(uint8_t*)0x20eb0ff7 = 0;
  *(uint32_t*)0x20eb0ff8 = 0;
  *(uint8_t*)0x209ff000 = 0x18;
  STORE_BY_BITMASK(uint8_t, 0x209ff001, 0, 0, 4);
  STORE_BY_BITMASK(uint8_t, 0x209ff001, 0, 4, 4);
  *(uint16_t*)0x209ff002 = 0;
  *(uint32_t*)0x209ff004 = 0;
  *(uint8_t*)0x209ff008 = 0;
  *(uint8_t*)0x209ff009 = 0;
  *(uint16_t*)0x209ff00a = 0;
  *(uint32_t*)0x209ff00c = 0;
  *(uint8_t*)0x209ff010 = 0x95;
  *(uint8_t*)0x209ff011 = 0;
  *(uint16_t*)0x209ff012 = 0;
  *(uint32_t*)0x209ff014 = 0;
  memcpy((void*)0x202bf000, "syzkaller", 10);
  r[1] = syscall(__NR_bpf, 5, 0x20eb0fb8, 0x48);
  syscall(__NR_close, r[0]);
  r[2] = syscall(__NR_socket, 0x18, 0, 1);
  *(uint64_t*)0x20004fc4 = 0x20003000;
  *(uint32_t*)0x20004fcc = 0x1c;
  *(uint64_t*)0x20004fd4 = 0x20004fa0;
  *(uint64_t*)0x20004fdc = 1;
  *(uint64_t*)0x20004fe4 = 0x20002d30;
  *(uint64_t*)0x20004fec = 0;
  *(uint32_t*)0x20004ff4 = 0;
  *(uint32_t*)0x20004ffc = 0;
  *(uint16_t*)0x20003000 = 0xa;
  *(uint16_t*)0x20003002 = 0;
  *(uint32_t*)0x20003004 = 0;
  *(uint8_t*)0x20003008 = 0xfe;
  *(uint8_t*)0x20003009 = 0x80;
  *(uint8_t*)0x2000300a = 0;
  *(uint8_t*)0x2000300b = 0;
  *(uint8_t*)0x2000300c = 0;
  *(uint8_t*)0x2000300d = 0;
  *(uint8_t*)0x2000300e = 0;
  *(uint8_t*)0x2000300f = 0;
  *(uint8_t*)0x20003010 = 0;
  *(uint8_t*)0x20003011 = 0;
  *(uint8_t*)0x20003012 = 0;
  *(uint8_t*)0x20003013 = 0;
  *(uint8_t*)0x20003014 = 0;
  *(uint8_t*)0x20003015 = 0;
  *(uint8_t*)0x20003016 = 0;
  *(uint8_t*)0x20003017 = 0xbb;
  *(uint32_t*)0x20003018 = 0;
  *(uint64_t*)0x20004fa0 = 0x20002000;
  *(uint64_t*)0x20004fa8 = 0x1f;
  memcpy((void*)0x20002000, "\x4c\x56\x14\xc0\x04\x01\xa0\xdb\xf8\xa6\x69\xeb"
                            "\xde\xdd\x10\x2c\x4f\x7a\x79\xe6\x06\x45\x7d\xfd"
                            "\xf0\x9e\x2e\xc2\xed\x25\x3b",
         31);
  syscall(__NR_sendmmsg, -1, 0x20004fc4, 1, 0);
  *(uint16_t*)0x20002000 = 0x1f;
  *(uint8_t*)0x20002002 = 1;
  *(uint8_t*)0x20002003 = 0;
  *(uint8_t*)0x20002004 = 0;
  *(uint8_t*)0x20002005 = 0;
  *(uint8_t*)0x20002006 = 0;
  *(uint8_t*)0x20002007 = 0;
  syscall(__NR_connect, r[2], 0x20002000, 0x26);
  r[3] = syscall(__NR_socket, 0x29, 0x400000002, 0);
  *(uint32_t*)0x20186ff8 = r[0];
  *(uint32_t*)0x20186ffc = r[1];
  syscall(__NR_ioctl, r[3], 0x89e0, 0x20186ff8);
  *(uint64_t*)0x201fcfc8 = 0;
  *(uint32_t*)0x201fcfd0 = 0;
  *(uint64_t*)0x201fcfd8 = 0x200cfff0;
  *(uint64_t*)0x201fcfe0 = 1;
  *(uint64_t*)0x201fcfe8 = 0;
  *(uint64_t*)0x201fcff0 = 0;
  *(uint32_t*)0x201fcff8 = 0;
  *(uint64_t*)0x200cfff0 = 0x20e90ff0;
  *(uint64_t*)0x200cfff8 = 0xfd5f;
  *(uint8_t*)0x20e90ff0 = 2;
  *(uint8_t*)0x20e90ff1 = 0;
  *(uint8_t*)0x20e90ff2 = 0;
  *(uint8_t*)0x20e90ff3 = 0;
  *(uint16_t*)0x20e90ff4 = 2;
  *(uint16_t*)0x20e90ff6 = 0;
  *(uint32_t*)0x20e90ff8 = 0;
  *(uint32_t*)0x20e90ffc = 0;
  syscall(__NR_sendmsg, r[3], 0x201fcfc8, 0);
}

int main()
{
  loop();
  return 0;
}