// https://syzkaller.appspot.com/bug?id=6408a8ba0fa0e3940c5c2dfa40e808cbf4228689
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_close
#define __NR_close 6
#endif
#ifndef __NR_io_setup
#define __NR_io_setup 245
#endif
#ifndef __NR_io_submit
#define __NR_io_submit 248
#endif
#ifndef __NR_ioctl
#define __NR_ioctl 54
#endif
#ifndef __NR_mmap
#define __NR_mmap 192
#endif
#ifndef __NR_read
#define __NR_read 3
#endif
#ifndef __NR_socketpair
#define __NR_socketpair 360
#endif
#ifndef __NR_userfaultfd
#define __NR_userfaultfd 374
#endif
#undef __NR_mmap
#define __NR_mmap __NR_mmap2

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0x0};

int main(void)
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  long res = 0;
  res = syscall(__NR_userfaultfd, 0x80800);
  if (res != -1)
    r[0] = res;
  *(uint64_t*)0x20000040 = 0xaa;
  *(uint64_t*)0x20000048 = 0x72;
  *(uint64_t*)0x20000050 = 0;
  syscall(__NR_ioctl, (long)r[0], 0xc018aa3f, 0x20000040);
  syscall(__NR_read, (long)r[0], 0x20009f9c, 0x64);
  res = syscall(__NR_socketpair, 1, 1, 0, 0x20000140);
  if (res != -1)
    r[1] = *(uint32_t*)0x20000144;
  res = syscall(__NR_io_setup, 8, 0x20000100);
  if (res != -1)
    r[2] = *(uint32_t*)0x20000100;
  syscall(__NR_close, (long)r[1]);
  syscall(__NR_userfaultfd, 0);
  *(uint32_t*)0x20000600 = 0x20000180;
  *(uint64_t*)0x20000180 = 0;
  *(uint32_t*)0x20000188 = 0;
  *(uint32_t*)0x2000018c = 0;
  *(uint16_t*)0x20000190 = 5;
  *(uint16_t*)0x20000192 = 0;
  *(uint32_t*)0x20000194 = r[1];
  *(uint64_t*)0x20000198 = 0;
  *(uint64_t*)0x200001a0 = 0;
  *(uint64_t*)0x200001a8 = 0;
  *(uint64_t*)0x200001b0 = 0;
  *(uint32_t*)0x200001b8 = 0;
  *(uint32_t*)0x200001bc = -1;
  syscall(__NR_io_submit, (long)r[2], 1, 0x20000600);
  return 0;
}