// https://syzkaller.appspot.com/bug?id=566325c29e627765e4f5d223163e5c15191f0f46
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1)

#define BITMASK_LEN_OFF(type, bf_off, bf_len)                                  \
  (type)(BITMASK_LEN(type, (bf_len)) << (bf_off))

#define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len)                      \
  if ((bf_off) == 0 && (bf_len) == 0) {                                        \
    *(type*)(addr) = (type)(val);                                              \
  } else {                                                                     \
    type new_val = *(type*)(addr);                                             \
    new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len));                     \
    new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off);          \
    *(type*)(addr) = new_val;                                                  \
  }

uint64_t r[1] = {0xffffffffffffffff};
void loop()
{
  long res = 0;
  *(uint8_t*)0x20000040 = 0xaa;
  *(uint8_t*)0x20000041 = 0xaa;
  *(uint8_t*)0x20000042 = 0xaa;
  *(uint8_t*)0x20000043 = 0xaa;
  *(uint8_t*)0x20000044 = 0xaa;
  *(uint8_t*)0x20000045 = 0xbb;
  *(uint8_t*)0x20000046 = 0;
  *(uint8_t*)0x20000047 = 0;
  *(uint8_t*)0x20000048 = 0;
  *(uint8_t*)0x20000049 = 0;
  *(uint8_t*)0x2000004a = 0;
  *(uint8_t*)0x2000004b = 0;
  *(uint16_t*)0x2000004c = htobe16(0x8100);
  STORE_BY_BITMASK(uint16_t, 0x2000004e, 0, 0, 3);
  STORE_BY_BITMASK(uint16_t, 0x2000004e, 0, 3, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000004e, 0, 4, 12);
  *(uint16_t*)0x20000050 = htobe16(0x88a8);
  *(uint32_t*)0x20000480 = 0;
  *(uint32_t*)0x20000484 = 0;
  *(uint32_t*)0x20000488 = 0;
  *(uint32_t*)0x2000048c = 0;
  *(uint32_t*)0x20000490 = 0;
  *(uint32_t*)0x20000494 = 0;
  syscall(__NR_mmap, 0x20000000, 0xe3000, 3, 0x32, -1, 0);
  res = syscall(__NR_socket, 0xa, 2, 0);
  if (res != -1)
    r[0] = res;
  *(uint16_t*)0x2000cfe4 = 0xa;
  *(uint16_t*)0x2000cfe6 = htobe16(0x4e20);
  *(uint32_t*)0x2000cfe8 = 0;
  *(uint8_t*)0x2000cfec = 0;
  *(uint8_t*)0x2000cfed = 0;
  *(uint8_t*)0x2000cfee = 0;
  *(uint8_t*)0x2000cfef = 0;
  *(uint8_t*)0x2000cff0 = 0;
  *(uint8_t*)0x2000cff1 = 0;
  *(uint8_t*)0x2000cff2 = 0;
  *(uint8_t*)0x2000cff3 = 0;
  *(uint8_t*)0x2000cff4 = 0;
  *(uint8_t*)0x2000cff5 = 0;
  *(uint8_t*)0x2000cff6 = 0;
  *(uint8_t*)0x2000cff7 = 0;
  *(uint8_t*)0x2000cff8 = 0;
  *(uint8_t*)0x2000cff9 = 0;
  *(uint8_t*)0x2000cffa = 0;
  *(uint8_t*)0x2000cffb = 0;
  *(uint32_t*)0x2000cffc = 0;
  syscall(__NR_connect, r[0], 0x2000cfe4, 0x1c);
  *(uint64_t*)0x200000c0 = 0;
  *(uint32_t*)0x200000c8 = 0;
  *(uint64_t*)0x200000d0 = 0x20000ff0;
  *(uint64_t*)0x20000ff0 = 0x20027000;
  *(uint64_t*)0x20000ff8 = 0;
  *(uint64_t*)0x200000d8 = 1;
  *(uint64_t*)0x200000e0 = 0x20005000;
  *(uint64_t*)0x200000e8 = 0;
  *(uint32_t*)0x200000f0 = 0;
  syscall(__NR_sendmsg, r[0], 0x200000c0, 0xc100);
  *(uint64_t*)0x20000140 = 0;
  *(uint32_t*)0x20000148 = 0;
  *(uint64_t*)0x20000150 = 0x20000100;
  *(uint64_t*)0x20000100 = 0x20000040;
  memcpy((void*)0x20000040,
         "\x90\xb5\x5f\x28\x05\x74\x53\x91\x0b\xd9\x73\x38\x00\xbb\x9b\xc4\x26"
         "\xb2\xb8\x9d\xcd\x1f\xfd\x99\x11\x7f\xed\xad\x20\x52\xf7\x71\x05\xdc"
         "\xaf\xcc\x86\x61\x05\x60\xc2\x84\xfd\x80\xb6\x17\x88\x49\xa0\x58\x96",
         51);
  *(uint64_t*)0x20000108 = 0x33;
  *(uint64_t*)0x20000158 = 1;
  *(uint64_t*)0x20000160 = 0x20002000;
  *(uint64_t*)0x20000168 = 0;
  *(uint32_t*)0x20000170 = 0;
  syscall(__NR_sendmsg, r[0], 0x20000140, 0);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}