// https://syzkaller.appspot.com/bug?id=e1fcd6361e5422e5591c59b1d14a4a6c7507d099
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#ifndef __NR_bpf
#define __NR_bpf 321
#endif

uint64_t r[1] = {0xffffffffffffffff};
void loop()
{
  long res = 0;
  *(uint32_t*)0x20000200 = 0xc;
  *(uint32_t*)0x20000204 = 0xe;
  *(uint64_t*)0x20000208 = 0x20000000;
  memcpy((void*)0x20000000,
         "\xb7\x02\x00\x00\x00\x00\x00\x00\xbf\xa3\x00\x00\x00\x00\x00\x00\x07"
         "\x01\x00\x00\x00\xfe\xff\xff\x7a\x0a\xf0\xff\xf8\xff\xff\xff\x79\xa4"
         "\xf0\xff\x00\x00\x00\x00\xb7\x06\x00\x00\xff\xff\xff\xff\x2d\x64\x05"
         "\x00\x00\x00\x00\x00\x65\x04\x04\x00\x01\x00\x00\x00\x04\x04\x00\x00"
         "\x01\x00\x00\x00\xb7\x05\x00\x00\x00\x00\x00\x00\x6a\x0a\x00\xfe\x00"
         "\x00\x00\x00\x85\x00\x00\x00\x28\x00\x00\x00\xb7\x00\x00\x00\x00\x00"
         "\x00\x00\x95\x00\x00\x00\x00\x00\x00\x00",
         112);
  *(uint64_t*)0x20000210 = 0x20000340;
  memcpy((void*)0x20000340, "syzkaller", 10);
  *(uint32_t*)0x20000218 = 0;
  *(uint32_t*)0x2000021c = 0;
  *(uint64_t*)0x20000220 = 0;
  *(uint32_t*)0x20000228 = 0;
  *(uint32_t*)0x2000022c = 0;
  *(uint8_t*)0x20000230 = 0;
  *(uint8_t*)0x20000231 = 0;
  *(uint8_t*)0x20000232 = 0;
  *(uint8_t*)0x20000233 = 0;
  *(uint8_t*)0x20000234 = 0;
  *(uint8_t*)0x20000235 = 0;
  *(uint8_t*)0x20000236 = 0;
  *(uint8_t*)0x20000237 = 0;
  *(uint8_t*)0x20000238 = 0;
  *(uint8_t*)0x20000239 = 0;
  *(uint8_t*)0x2000023a = 0;
  *(uint8_t*)0x2000023b = 0;
  *(uint8_t*)0x2000023c = 0;
  *(uint8_t*)0x2000023d = 0;
  *(uint8_t*)0x2000023e = 0;
  *(uint8_t*)0x2000023f = 0;
  *(uint32_t*)0x20000240 = 0;
  *(uint32_t*)0x20000244 = 0;
  res = syscall(__NR_bpf, 5, 0x20000200, 0x48);
  if (res != -1)
    r[0] = res;
  *(uint32_t*)0x20000180 = r[0];
  *(uint32_t*)0x20000184 = 0;
  *(uint32_t*)0x20000188 = 0xfd;
  *(uint32_t*)0x2000018c = 0x72;
  *(uint64_t*)0x20000190 = 0x20000480;
  memcpy((void*)0x20000480,
         "\xf4\x49\x73\x3d\x72\x3d\xa3\x30\x17\x57\x67\xbe\x45\x28\x66\x7c\x6d"
         "\xa5\xe6\x4b\xe3\xbf\x8a\x94\x09\x20\x9d\x47\x8c\x1e\x00\x4a\xb0\x62"
         "\xc7\xbf\x92\xcd\x24\x0b\x75\x22\x07\x24\x3d\x18\x37\x48\xc0\x12\x31"
         "\xdd\x7e\x4e\x8b\xb6\xd5\x96\x10\xf0\xee\x83\x01\x3c\x24\x66\x75\xc8"
         "\x04\x53\x9f\xb9\x7e\x3e\x99\x9c\x68\xd6\x6a\x53\x2e\x10\x04\x42\x78"
         "\x6f\xf8\x71\x42\x66\x94\xea\x08\x8c\x25\x4e\x6b\xf9\xef\xb4\x6a\x2a"
         "\xda\x3c\x51\xf8\xc4\x1c\x62\x8d\x45\x1e\x96\xa5\x3d\x0b\x55\x6b\x2e"
         "\x38\xc2\x36\x7f\xb0\xd6\xf5\xd4\xe5\x55\x01\x59\x26\xc5\xa8\x3a\xc4"
         "\xbb\x9f\x4b\x62\x38\x5e\x0c\xf4\x67\x21\xa1\x35\xc6\x4b\x86\xb3\x9d"
         "\x9b\x5a\x9f\x98\x2d\xde\x49\x4b\xa4\xf6\x76\x86\xae\x20\xd8\x91\xc2"
         "\xec\x91\xdc\x03\x5b\x35\xe3\xcb\x14\x2d\xf4\xa8\xd4\xd1\xe1\x86\xf1"
         "\x4b\x7f\x88\xa1\xbd\x14\x17\x00\xb4\xb3\xde\x93\x15\xae\xad\x5c\x49"
         "\x53\x3f\x69\x9e\x8c\xa1\xdd\x43\x24\x06\x72\x63\xe0\x43\x09\xc0\xc9"
         "\x18\xfb\x53\x88\xa5\x4d\x46\x07\xf6\x05\xab\x3d\x25\xa9\xc0\x2f\xa9"
         "\xd5\x93\xc2\x76\x25\x36\xb8\x0b\xa6\xd2\xa1\xae\xfc\x4b\x43",
         253);
  *(uint64_t*)0x20000198 = 0x200002c0;
  *(uint32_t*)0x200001a0 = 5;
  *(uint32_t*)0x200001a4 = 0;
  syscall(__NR_bpf, 0xa, 0x20000180, 0x28);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}