// autogenerated by syzkaller (http://github.com/google/syzkaller)

#ifndef __NR_mmap
#define __NR_mmap 9
#endif
#ifndef __NR_socket
#define __NR_socket 41
#endif
#ifndef __NR_ioctl
#define __NR_ioctl 16
#endif
#ifndef __NR_setsockopt
#define __NR_setsockopt 54
#endif

#define _GNU_SOURCE

#include <sys/ioctl.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>

#include <arpa/inet.h>
#include <linux/capability.h>
#include <linux/if.h>
#include <linux/if_ether.h>
#include <linux/if_tun.h>
#include <linux/ip.h>
#include <linux/kvm.h>
#include <linux/sched.h>
#include <linux/tcp.h>
#include <net/if_arp.h>

#include <assert.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <grp.h>
#include <pthread.h>
#include <setjmp.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

static uintptr_t execute_syscall(int nr, uintptr_t a0, uintptr_t a1,
                                 uintptr_t a2, uintptr_t a3,
                                 uintptr_t a4, uintptr_t a5,
                                 uintptr_t a6, uintptr_t a7,
                                 uintptr_t a8)
{
  switch (nr) {
  default:
    return syscall(nr, a0, a1, a2, a3, a4, a5);
  }
}

long r[115];

void main()
{
  memset(r, -1, sizeof(r));
  r[0] = execute_syscall(__NR_mmap, 0x20000000ul, 0xe91000ul, 0x3ul,
                         0x32ul, 0xfffffffffffffffful, 0x0ul, 0, 0, 0);
  r[1] = execute_syscall(__NR_socket, 0xaul, 0x6ul, 0x0ul, 0, 0, 0, 0,
                         0, 0);
  (*(uint8_t*)0x20000000 = (uint8_t)0xfd);
  (*(uint8_t*)0x20000001 = (uint8_t)0x0);
  (*(uint8_t*)0x20000002 = (uint8_t)0x0);
  (*(uint8_t*)0x20000003 = (uint8_t)0x0);
  (*(uint8_t*)0x20000004 = (uint8_t)0x0);
  (*(uint8_t*)0x20000005 = (uint8_t)0x0);
  (*(uint8_t*)0x20000006 = (uint8_t)0x0);
  (*(uint8_t*)0x20000007 = (uint8_t)0x0);
  (*(uint8_t*)0x20000008 = (uint8_t)0x0);
  (*(uint8_t*)0x20000009 = (uint8_t)0x0);
  (*(uint8_t*)0x2000000a = (uint8_t)0x0);
  (*(uint8_t*)0x2000000b = (uint8_t)0x0);
  (*(uint8_t*)0x2000000c = (uint8_t)0x0);
  (*(uint8_t*)0x2000000d = (uint8_t)0x0);
  (*(uint8_t*)0x2000000e = (uint8_t)0x0);
  (*(uint8_t*)0x2000000f = (uint8_t)0xbb);
  (*(uint8_t*)0x20000010 = (uint8_t)0xfd);
  (*(uint8_t*)0x20000011 = (uint8_t)0x0);
  (*(uint8_t*)0x20000012 = (uint8_t)0x0);
  (*(uint8_t*)0x20000013 = (uint8_t)0x0);
  (*(uint8_t*)0x20000014 = (uint8_t)0x0);
  (*(uint8_t*)0x20000015 = (uint8_t)0x0);
  (*(uint8_t*)0x20000016 = (uint8_t)0x0);
  (*(uint8_t*)0x20000017 = (uint8_t)0x0);
  (*(uint8_t*)0x20000018 = (uint8_t)0x0);
  (*(uint8_t*)0x20000019 = (uint8_t)0x0);
  (*(uint8_t*)0x2000001a = (uint8_t)0x0);
  (*(uint8_t*)0x2000001b = (uint8_t)0x0);
  (*(uint8_t*)0x2000001c = (uint8_t)0x0);
  (*(uint8_t*)0x2000001d = (uint8_t)0x0);
  (*(uint8_t*)0x2000001e = (uint8_t)0x0);
  (*(uint8_t*)0x2000001f = (uint8_t)0xaa);
  (*(uint8_t*)0x20000020 = (uint8_t)0x0);
  (*(uint8_t*)0x20000021 = (uint8_t)0x0);
  (*(uint8_t*)0x20000022 = (uint8_t)0x0);
  (*(uint8_t*)0x20000023 = (uint8_t)0x0);
  (*(uint8_t*)0x20000024 = (uint8_t)0x0);
  (*(uint8_t*)0x20000025 = (uint8_t)0x0);
  (*(uint8_t*)0x20000026 = (uint8_t)0x0);
  (*(uint8_t*)0x20000027 = (uint8_t)0x0);
  (*(uint8_t*)0x20000028 = (uint8_t)0x0);
  (*(uint8_t*)0x20000029 = (uint8_t)0x0);
  (*(uint8_t*)0x2000002a = (uint8_t)0x0);
  (*(uint8_t*)0x2000002b = (uint8_t)0x0);
  (*(uint8_t*)0x2000002c = (uint8_t)0x0);
  (*(uint8_t*)0x2000002d = (uint8_t)0x0);
  (*(uint8_t*)0x2000002e = (uint8_t)0x0);
  (*(uint8_t*)0x2000002f = (uint8_t)0x0);
  (*(uint32_t*)0x20000030 = (uint32_t)0x0);
  (*(uint16_t*)0x20000034 = (uint16_t)0x0);
  (*(uint16_t*)0x20000036 = (uint16_t)0x0);
  (*(uint32_t*)0x20000038 = (uint32_t)0xffffffffffffffff);
  (*(uint64_t*)0x20000040 = (uint64_t)0x0);
  (*(uint32_t*)0x20000048 = (uint32_t)0x3fffffff);
  (*(uint32_t*)0x2000004c = (uint32_t)0x0);
  r[57] = execute_syscall(__NR_ioctl, r[1], 0x890bul, 0x20000000ul, 0,
                          0, 0, 0, 0, 0);
  r[58] = execute_syscall(__NR_socket, 0x2ul, 0x1ul, 0x0ul, 0, 0, 0, 0,
                          0, 0);
  (*(uint16_t*)0x208e3000 = (uint16_t)0xa);
  (*(uint16_t*)0x208e3002 = (uint16_t)0x204e);
  (*(uint32_t*)0x208e3004 = (uint32_t)0x0);
  (*(uint8_t*)0x208e3008 = (uint8_t)0xfd);
  (*(uint8_t*)0x208e3009 = (uint8_t)0x0);
  (*(uint8_t*)0x208e300a = (uint8_t)0x0);
  (*(uint8_t*)0x208e300b = (uint8_t)0x0);
  (*(uint8_t*)0x208e300c = (uint8_t)0x0);
  (*(uint8_t*)0x208e300d = (uint8_t)0x0);
  (*(uint8_t*)0x208e300e = (uint8_t)0x0);
  (*(uint8_t*)0x208e300f = (uint8_t)0x0);
  (*(uint8_t*)0x208e3010 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3011 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3012 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3013 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3014 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3015 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3016 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3017 = (uint8_t)0xaa);
  (*(uint32_t*)0x208e3018 = (uint32_t)0x0);
  (*(uint16_t*)0x208e301c = (uint16_t)0xa);
  (*(uint16_t*)0x208e301e = (uint16_t)0x214e);
  (*(uint32_t*)0x208e3020 = (uint32_t)0x2);
  (*(uint8_t*)0x208e3024 = (uint8_t)0xfd);
  (*(uint8_t*)0x208e3025 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3026 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3027 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3028 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3029 = (uint8_t)0x0);
  (*(uint8_t*)0x208e302a = (uint8_t)0x0);
  (*(uint8_t*)0x208e302b = (uint8_t)0x0);
  (*(uint8_t*)0x208e302c = (uint8_t)0x0);
  (*(uint8_t*)0x208e302d = (uint8_t)0x0);
  (*(uint8_t*)0x208e302e = (uint8_t)0x0);
  (*(uint8_t*)0x208e302f = (uint8_t)0x0);
  (*(uint8_t*)0x208e3030 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3031 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3032 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3033 = (uint8_t)0xaa);
  (*(uint32_t*)0x208e3034 = (uint32_t)0x8);
  (*(uint16_t*)0x208e3038 = (uint16_t)0x2);
  (*(uint16_t*)0x208e303a = (uint16_t)0x204e);
  (*(uint32_t*)0x208e303c = (uint32_t)0x20000e0);
  (*(uint8_t*)0x208e3040 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3041 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3042 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3043 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3044 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3045 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3046 = (uint8_t)0x0);
  (*(uint8_t*)0x208e3047 = (uint8_t)0x0);
  r[110] =
      execute_syscall(__NR_setsockopt, 0xfffffffffffffffful, 0x84ul,
                      0x65ul, 0x208e3000ul, 0x3ul, 0, 0, 0, 0);
  (memcpy((void*)0x2036afd8,
                    "\x69\x70\x36\x67\x72\x65\x30\x00\x00\x00\x00\x00"
                    "\x00\x00\x00\x00",
                    16));
  (*(uint64_t*)0x2036afe8 = (uint64_t)0x208e2fe0);
  (memcpy((void*)0x208e2fe0,
                    "\x22\xc6\x75\x26\x0c\xc0\x64\xb4\x75\x69\x48\xed"
                    "\xac\x6e\x9b\x34\x00\x00\x09\x00\xa9\x44\x5e\x96"
                    "\x6f\x34\x04\x20\xff\xff\xff\xb5",
                    32));
  r[114] = execute_syscall(__NR_ioctl, r[58], 0x89f1ul, 0x2036afd8ul, 0,
                           0, 0, 0, 0, 0);
}