// https://syzkaller.appspot.com/bug?id=6fa55076d9ee446a4942360ccdcfcd578c6e4be1
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <poll.h>
#include <pthread.h>
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/event.h>
#include <sys/ioctl.h>
#include <sys/ktrace.h>
#include <sys/mman.h>
#include <sys/msg.h>
#include <sys/resource.h>
#include <sys/sem.h>
#include <sys/shm.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/sysctl.h>
#include <sys/syslog.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

static void kill_and_wait(int pid, int* status)
{
  kill(pid, SIGKILL);
  while (waitpid(-1, status, 0) != pid) {
  }
}

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static void thread_start(void* (*fn)(void*), void* arg)
{
  pthread_t th;
  pthread_attr_t attr;
  pthread_attr_init(&attr);
  pthread_attr_setstacksize(&attr, 128 << 10);
  int i = 0;
  for (; i < 100; i++) {
    if (pthread_create(&th, &attr, fn, arg) == 0) {
      pthread_attr_destroy(&attr);
      return;
    }
    if (errno == EAGAIN) {
      usleep(50);
      continue;
    }
    break;
  }
  exit(1);
}

typedef struct {
  pthread_mutex_t mu;
  pthread_cond_t cv;
  int state;
} event_t;

static void event_init(event_t* ev)
{
  if (pthread_mutex_init(&ev->mu, 0))
    exit(1);
  if (pthread_cond_init(&ev->cv, 0))
    exit(1);
  ev->state = 0;
}

static void event_reset(event_t* ev)
{
  ev->state = 0;
}

static void event_set(event_t* ev)
{
  pthread_mutex_lock(&ev->mu);
  if (ev->state)
    exit(1);
  ev->state = 1;
  pthread_mutex_unlock(&ev->mu);
  pthread_cond_broadcast(&ev->cv);
}

static void event_wait(event_t* ev)
{
  pthread_mutex_lock(&ev->mu);
  while (!ev->state)
    pthread_cond_wait(&ev->cv, &ev->mu);
  pthread_mutex_unlock(&ev->mu);
}

static int event_isset(event_t* ev)
{
  pthread_mutex_lock(&ev->mu);
  int res = ev->state;
  pthread_mutex_unlock(&ev->mu);
  return res;
}

static int event_timedwait(event_t* ev, uint64_t timeout)
{
  uint64_t start = current_time_ms();
  uint64_t now = start;
  pthread_mutex_lock(&ev->mu);
  for (;;) {
    if (ev->state)
      break;
    uint64_t remain = timeout - (now - start);
    struct timespec ts;
    ts.tv_sec = remain / 1000;
    ts.tv_nsec = (remain % 1000) * 1000 * 1000;
    pthread_cond_timedwait(&ev->cv, &ev->mu, &ts);
    now = current_time_ms();
    if (now - start > timeout)
      break;
  }
  int res = ev->state;
  pthread_mutex_unlock(&ev->mu);
  return res;
}

#define CAST

static void sandbox_common()
{
  struct rlimit rlim;
  rlim.rlim_cur = rlim.rlim_max = 8 << 20;
  setrlimit(RLIMIT_MEMLOCK, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 1 << 20;
  setrlimit(RLIMIT_FSIZE, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 1 << 20;
  setrlimit(RLIMIT_STACK, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 0;
  setrlimit(RLIMIT_CORE, &rlim);
  rlim.rlim_cur = rlim.rlim_max = 256;
  setrlimit(RLIMIT_NOFILE, &rlim);
}

static void loop();

static int do_sandbox_none(void)
{
  sandbox_common();
  loop();
  return 0;
}

struct thread_t {
  int created, call;
  event_t ready, done;
};

static struct thread_t threads[16];
static void execute_call(int call);
static int running;

static void* thr(void* arg)
{
  struct thread_t* th = (struct thread_t*)arg;
  for (;;) {
    event_wait(&th->ready);
    event_reset(&th->ready);
    execute_call(th->call);
    __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED);
    event_set(&th->done);
  }
  return 0;
}

static void execute_one(void)
{
  int i, call, thread;
  for (call = 0; call < 4; call++) {
    for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0]));
         thread++) {
      struct thread_t* th = &threads[thread];
      if (!th->created) {
        th->created = 1;
        event_init(&th->ready);
        event_init(&th->done);
        event_set(&th->done);
        thread_start(thr, th);
      }
      if (!event_isset(&th->done))
        continue;
      event_reset(&th->done);
      th->call = call;
      __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED);
      event_set(&th->ready);
      if (call == 1)
        break;
      event_timedwait(&th->done, 50);
      break;
    }
  }
  for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++)
    sleep_ms(1);
}

static void execute_one(void);

#define WAIT_FLAGS 0

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 5000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

void execute_call(int call)
{
  switch (call) {
  case 0:
    ((intptr_t(*)(intptr_t, intptr_t, intptr_t, intptr_t, intptr_t,
                  intptr_t))CAST(mmap))(0x20001000, 0x3000, 2, 0x11, -1, 0);
    break;
  case 1:
    ((intptr_t(*)(intptr_t, intptr_t, intptr_t))CAST(madvise))(0x2075d000,
                                                               0x2000, 0);
    break;
  case 2:
    *(uint32_t*)0x20000200 = 4;
    *(uint32_t*)0x20000204 = 0x23;
    *(uint32_t*)0x20000208 = 0;
    memcpy(
        (void*)0x20000280,
        "\xac\xff\xc4\x9b\x37\x35\x94\x83\xd4\x24\xc9\x64\xab\x30\xc5\x31\x4f"
        "\xeb\x60\xe5\x55\xc6\x03\xda\x70\xe3\xf6\xfc\xf4\x8c\x53\x63\x8b\x13"
        "\x15\x9d\xa5\xaf\xa2\xc8\xe4\x08\x1b\xa0\x35\x18\x07\xa1\x83\x61\xd6"
        "\x31\x6b\x44\x46\x97\x9c\x28\x17\xb4\x61\xe2\xf5\xc8\x07\x2e\x56\xfd"
        "\x33\xf8\xc3\x53\x21\x11\x05\x69\x61\x6e\xc3\x9d\x45\x9e\xff\x21\x2f"
        "\x48\x8c\x70\xd2\xe2\x6d\xd2\x28\x4c\x1a\x6a\x64\x57\x38\x3f\xab\x45"
        "\x10\x16\x4a\x56\x38\x42\x56\x86\x07\x59\x46\xb6\x03\x64\xcf\xba\x1f"
        "\x91\xf8\x99\xa0\x4f\x94\x8f\x31\x10\x45\x5d\xda\xf4\x2f\x84\xca\x6b"
        "\x20\xf9\xd7\x5d\xfd\xd2\xce\x8b\x71\x56\x94\x26\x61\xb8\xa4\x98\x74"
        "\x5f\x8d\xe2\x57\xd4\xd6\x15\xb6\x7f\x3b\x50\x07\x6b\xe0\xc6\x73\x29"
        "\x2b\xc2\x98\x25\x84\xd8\xa7\x0a\x44\xed\x53\x93\x7e\xfe\xca\x48\xd7"
        "\xd1\xab\xf6\xb0\x90\x1a\x22\x97\x72\xbd\x87\xb5\x91\xcb\xd3\xb2\x3b"
        "\xa2\x89\x40\xff\xcf\x4d\x56\x19\xfc\x29\xa5\x7a\xda\x94\x44\x5b\xe2"
        "\xff\x0d\xdc\x1a\x3e\xd1\xd9\xa8\x96\x6e\xfe\xb2\x97\x44\x87\x94\x7d"
        "\xcf\x1a\xf2\xe2\xd8\xcb\x8d\x75\xa2\xd7\xcb\xb8\x60\x79\xf8\xb0\x6f"
        "\x58\xb5\xd5\x66\x7b\x5e\x9a\xf0\x18\x99\x84\x45\xeb\xdb\x9e\x76\x8e"
        "\xa4\xa4\x49\x3e\x6a\x56\xe0\xbc\x43\x2b\xb7\xa3\x33\x98\x62\xe4\x98"
        "\x7e\x4a\x73\x87\x5f\x68\x2c\xeb\x70\xc6\x2f\x68\xf5\xde\x9f\x18\x67"
        "\xfd\xff\x43\xdc\x1d\x2d\xe9\x31\x88\xe5\xae\x90\x17\x71\x75\x8f\x65"
        "\x31\xca\x0a\xb6\xe2\xc8\x48\xfa\xf1\x32\xed\xe5\xab\x02\x90\xc1\x76"
        "\x3a\xd6\xc1\x63\x0d\x93\x7b\x68\x31\x60\x79\xd1\xed\x08\x28\x16\xa4"
        "\x32\x9b\x96\x4f\x97\x7a\x1d\x0d\x04\xf2\x4e\x18\xaa\x6e\x34\xd4\xe6"
        "\xbd\x90\x63\x74\xd1\xd8\x53\x5e\x45\xd1\x7b\x45\x81\xd3\x07\xce\x32"
        "\xe8\xeb\x51\xf6\xcb\x20\xc1\x82\xee\xaa\x69\x48\x72\x95\x4c\x3e\xee"
        "\x4f\x5e\xfb\x77\xa0\xba\x87\xda\x9f\x99\xd6\xfb\x3e\xf7\xd0\x31\x86"
        "\x67\x51\xc7\x3d\xaf\xa2\x33\xd4\xf0\xdf\xa9\xbc\xa3\x44\xf9\xeb\xf4"
        "\xf1\x7e\x07\x66\x25\xf0\x4d\x7c\xf9\x3f\xf4\x6a\x7d\x73\xbd\x69\xe6"
        "\xe8\x71\xdb\x52\x19\xde\x08\x6d\xca\x55\xb4\xcc\xfc\xeb\xb5\xad\x2e"
        "\xe9\xae\x8e\x09\xfd\xb7\x51\x3b\x21\x6b\xfc\x1e\xd8\x19\x85\x7d\xf5"
        "\x6f\xb8\xc0\x2a\x47\x2f\xb0\xae\xd4\x12\xcc\x42\x9a\xad\xa9\xa2\xfe"
        "\x72\x8e\x1e\xc8\xe4\x94\xbf\xde\x40\x28\xed\xbf\x97\xa3\xc3\x75\x8c"
        "\xc0\x75\x7e\x1b\xf7\xad\xea\x3f\x77\xec\xdc\xfa\x2f\xa8\xed\xa7\x79"
        "\x53\x5b\xcf\x90\xf0\x03\xf3\xf2\x8f\x96\xdc\x70\xe3\xbf\xcd\x46\xa1"
        "\x27\xf9\x95\xf3\x12\x72\x4b\x62\xc9\x59\xe4\x1b\x0b\x6e\x37\x0f\xb8"
        "\xfa\xd5\x93\xd2\xb8\xd6\x22\x54\x6e\x6f\x4c\xe0\xd4\x96\x91\x93\x8d"
        "\x43\xa0\x8d\xe1\xe3\x0e\xcc\x1d\x18\x82\xef\xd7\x92\xab\xc6\x2c\xf8"
        "\xac\xce\x5a\x51\x88\xd7\xf8\x26\x99\xf6\x91\xc9\xbc\x4d\xee\x7d\xdd"
        "\xa8\x0c\x0c\x7a\x46\x93\x6f\xa9\x60\x68\x7d\x61\x2e\x47\x14\xe4\x77"
        "\xaf\xa1\x99\x7f\x15\x06\xf1\x5b\xff\xc9\x32\x51\x77\xed\x18\x4e\x66"
        "\xce\x10\x03\x06\x57\xae\x15\x89\x89\x1c\x00\x66\x7b\x6a\x58\x9f\x5f"
        "\x00\x55\xc8\x5c\xe6\x64\x57\xcd\x78\x9f\xbb\x05\x43\xcb\x68\xa2\x14"
        "\xf4\x3a\x79\x13\x57\x1a\x06\x8a\x0c\x2f\x8b\xef\xcc\xb9\x8f\x4f\x24"
        "\x36\x48\x04\x0f\xc0\x6c\xa6\x51\xe0\xc8\xf9\x14\xfc\x75\x0d\x5d\xb9"
        "\x7a\x77\xa3\xeb\x98\x76\xb9\xfd\x9c\x4e\x1f\x20\xed\xf5\xc3\x12\xaa"
        "\x01\xb8\x39\x00\x60\x92\xde\xb2\xf3\xc6\x03\x70\x7e\x66\xfc\xdd\x52"
        "\xcb\x84\x6f\x40\x65\x97\x36\x1b\x8e\x9a\x86\xf5\x6e\x5c\x45\xce\x26"
        "\xd6\x1a\x99\x62\xb5\x38\x28\x3e\xdd\x0b\x70\xc4\x90\x42\x99\x73\x06"
        "\xa7\xe2\x0c\xf0\xd8\x7f\x62\x7b\x0b\x4b\x9f\x18\x9d\xb8\xe8\xec\x76"
        "\xc6\xa9\x75\xcb\xba\x95\x7e\xcd\x87\xd4\xf2\xbe\x70\xf0\x9b\xe8\x85"
        "\x72\x00\xa2\x2b\x61\x10\x25\xe2\xa7\x51\xed\x61\xeb\x25\x60\x1a\xe8"
        "\x83\x88\x4a\x35\xa9\x84\x8f\x83\xce\x66\x20\xbb\x38\x8a\x6b\xf8\x0e"
        "\xec\xde\x90\xa6\x7b\x67\x53\xb7\xf8\xb7\xf9\x7d\x7c\x37\xf5\x05\x97"
        "\x4e\x8d\x8b\x9d\xc1\x3f\x7a\x2c\xbf\xfb\xda\x29\x47\x06\xc0\x75\xdc"
        "\x45\xd4\xf8\x7d\x40\x75\xfc\x64\x88\xff\x80\xe5\x5f\x2d\x8a\xf0\x02"
        "\xa4\x98\xd3\x21\x65\xc3\x96\x09\xcc\x75\x58\x98\x83\x42\xf8\xcf\x31"
        "\x2e\x17\x0b\xf4\x39\x45\x94\xc1\x8c\x1a\xde\x77\xa0\x52\x2b\xbc\xad"
        "\xf3\x7b\xbd\xf9\xbd\x5f\x36\x44\xd5\xa0\xb5\x60\x37\xdf\x62\xb7\x39"
        "\x8f\x11\x47\x7e\x05\xa6\x32\xb0\xf8\x41\x04\x71\xac\x5d\x1d\x03\x20"
        "\xfc\x8a\xa6\x4a\xe0\x3b\xb1\x28\x24\xe8\x97\x2c\xfc\xe7\xc7\x04\x29"
        "\xd9\x3b\xfa\x91\x95\x01\xbf\x2b\x93\xe8\x8d\x0e\x6f\x4c\xf1\x3a\xb3"
        "\x64\x89\x92\xd9\x9a\x36\x8d\x1d\xaa\xc3\xf8\x8a\xd8\xcf\x2d\x3a\x8c"
        "\xf5\xfe\x58\x5f\x20\x0f\x53\xd9\x60\x88\x86\x7a\xe6\xed\x64\xac\xf4"
        "\x16\x24\x97\x93\xa2\xaa\xa2\xa5\xb2\x9a\x74\x56\xac\x02\x1e\xeb\x8d"
        "\xe4\xaf\x50\xd6\x46\x8c\x4b\x5f\x66\xc0\xf8\xcd\x01\x4b\x47\xf1\xea"
        "\x2e\x18\xe5\x96\x36\xb7\xb4\x57\xe7\x0c\x52\xe8\x2d\x28\xb1\xc5\x30"
        "\xb4\x22\xaf\x76\x3e\x2e\x53\xbf\x90\x50\xf3\xeb\xd4\x79\x43\x29\xff"
        "\x7c\x43\x67\x8b\x5d\x96\x43\x26\x26\x92\xdb\xad\x7b\xad\x08\x87\xef"
        "\xbc\xd6\x1d\x08\x92\x58\x62\x82\x60\xe5\x5f\x72\xd1\xd8\x06\x85\xf5"
        "\x9a\x42\x7f\x1b\x34\x9d\xaf\x5d\xeb\x8d\x42\x7c\x51\x41\x9c\xb4\x88"
        "\x4e\x90\x37\xc2\xd6\x25\x91\x07\xd3\xbf\x0f\x39\xe0\x35\xc0\x5c\xa9"
        "\xd8\xc7\xed\x41\x91\xb1\xa3\x6b\x9f\x5e\x08\xe5\xdc\x23\xcf\xd9\xb2"
        "\x3f\xfb\x34\x24\x77\x28\x1d\x27\x6c\x53\x47\xd6\x23\x6f\xac\xc1\x44"
        "\x84\xeb\xa1\x57\xef\x4e\x28\xf2\x92\xc4\x1e\x92\x08\x44\xeb\xdd\xfd"
        "\xcd\xfe\xbb\xa7\xe7\x82\x08\x61\xf8\x0d\x25\x7b\x21\x4e\xf6\x9d\x19"
        "\x27\xee\xe5\xa6\x13\x13\x8c\x29\x16\x3d\x36\xfe\xfa\x0d\xea\xce\x5c"
        "\xd7\xef\xc5\x84\xae\x96\x67\x3b\x95\xeb\x88\xed\x0e\xc4\x14\x4e\x21"
        "\x17\xbc\x56\x0b\x78\x55\x3b\xd1\xe8\x12\x65\x0c\x7e\x13\x49\x40\x92"
        "\xa6\xfc\x89\x65\x8e\xab\xfe\x20\x93\xef\xd7\xab\xb1\x2f\xf1\x73\x6c"
        "\x60\xbd\x75\x78\x5c\x9b\xbe\x9f\x1b\xbf\xf8\x2e\xd1\x24\xa5\x09\x83"
        "\x04\x9d\xad\xed\x25\x66\xac\x39\x55\x29\xd3\xa2\xcf\xb9\x84\x48\x51"
        "\x7c\x0c\xca\xd8\x5c\x3a\x27\x33\xbd\xe4\xe9\xa5\xb3\xb2\x97\xf1\x2b"
        "\xc8\xea\x3d\x3e\x10\xc4\x23\xc2\x1c\xd5\x1f\x19\xc2\xef\x13\xa6\xdf"
        "\x37\xa4\x81\x44\x97\xce\x5b\xd3\x68\xbf\x06\xe1\x54\x5d\xb9\xf9\x5f"
        "\x6e\x1e\x52\x29\x54\x31\x70\x00\x3b\x49\xd1\xd5\x39\x7a\x4d\xd2\x40"
        "\x8b\x19\x0f\x06\xef\x26\x5b\x1f\x4e\x87\x75\xc7\xee\x52\xe3\xc8\x16"
        "\x99\x73\x72\xde\x14\xc3\x87\x7c\x2d\x34\xda\xf7\xbc\x68\x80\xf6\x06"
        "\x2d\x67\x4a\xbb\xa8\xb2\x6c\xdc\xf5\x0b\x56\x17\xd2\xba\xb4\x76\x55"
        "\x1a\x92\xb2\x2c\xdb\x71\xa6\x99\x5e\x61\x58\xde\x25\xb0\xfa\x49\x82"
        "\x83\xfe\x17\x61\x52\xca\x78\x70\xf9\x52\x3a\xfa\xd7\xdd\x3c\x69\x1d"
        "\x73\xc9\x62\x43\xa7\x67\x68\x67\x8e\x83\xfd\x27\x20\xb9\x22\x18\x02"
        "\xdd\xbe\xf7\xb2\x1b\x6c\xac\x0f\x6b\x0e\x0c\x67\x2d\x12\x18\xdf\x07"
        "\xa1\x6c\xb0\x51\x9f\x8c\x0e\x08\x8d\xc1\xa8\x36\xe0\x89\x82\x0e\x0b"
        "\x80\x4d\x01\x2c\xac\x2e\xb5\x73\xb0\x4b\xca\x9f\x9b\x8f\x5b\xc7\x45"
        "\x39\xd9\xac\x81\xa6\x92\x1d\xab\x7e\xb0\xf3\xf8\xa8\x3c\xd5\x3c\x54"
        "\xa8\x12\xe6\x9a\x70\xf4\xc7\xba\x86\xe3\xc4\x21\x08\x0c\x1f\x36\x9f"
        "\x84\xc3\xc9\x40\xd6\xb2\x75\x1c\x85\x46\x64\x86\x07\x58\x4c\x5d\xe2"
        "\x88\x09\x2a\x75\x9b\x55\xc4\x00\x02\xea\x1e\x76\x9a\xb2\x0b\xf7\x11"
        "\x3b\x1c\xc4\x9d\xc6\x97\x3f\x0a\xaf\x81\x82\x13\x30\xe6\x86\xa6\x48"
        "\x89\xda\x4a\x33\xdf\x0b\x25\x07\xd6\x86\xaa\x93\xc6\x04\xae\x90\x40"
        "\xec\xba\x7e\xb8\xe9\x4c\xff\x72\x4c\x83\x3a\xbc\x04\x51\x5f\xe4\x09"
        "\xf7\x40\x70\xf7\x13\x41\x0e\x89\x48\xff\x4d\xa6\x7c\x10\x01\x59\x06"
        "\x44\xed\x33\x02\x2f\x07\xaf\x5b\xf6\x70\x5d\xda\x73\xff\xd0\x0b\x54"
        "\x9c\x71\x8d\x70\x4d\x84\x5f\xe7\x89\xfe\x92\x45\xd3\xa9\xd8\xbd\x08"
        "\xad\x7d\x15\x12\x11\x3b\xe4\x77\x72\x65\xe7\x4d\x79\x67\x30\x16\x7e"
        "\x20\x33\x5c\x03\xee\x94\x46\xca\xb1\x96\x07\xc2\x49\x68\x14\xff\x3f"
        "\x43\x04\xd1\x36\x03\xb6\xa0\x48\x9c\x4f\xe0\xa6\x00\xe7\xa6\x64\xa9"
        "\xb4\x81\x2a\x96\x10\x24\x52\x88\x33\x3b\xe8\xbe\xa6\x28\x46\x3c\x57"
        "\x30\xbe\x93\x1d\xa4\xe6\x62\x31\x77\x39\x83\xec\xba\xcc\x2b\xd9\xfe"
        "\x5a\xa9\x40\x93\xf0\xca\xc1\xbe\xb7\x9c\x28\xc8\x6c\x99\x4b\x03\xae"
        "\xc8\x41\x3a\xa5\x8e\xcc\x0e\x3e\xf9\x74\x4e\x0c\x1f\x96\x22\x7c\x50"
        "\x68\x35\x3b\xfc\xd7\x97\xf2\xc2\xc7\x71\xb1\x20\xf9\xf7\xd2\xa3\xe5"
        "\x36\xec\xfe\x5e\x2b\x5f\x9f\x83\xe1\x9a\x95\x85\x9e\xc3\xaf\x58\xd6"
        "\x38\xc4\xda\x13\x88\x01\x61\x42\x14\x4c\x2b\xb1\x1d\x96\x3b\x70\x85"
        "\xbd\x39\x3c\x58\x8d\x9e\x42\xf0\x39\xa1\xf5\xee\x74\xee\x5b\xfe\x02"
        "\xe4\x47\x79\x66\xf3\xd7\x3a\xf6\x2c\x7b\x90\x2e\x97\x64\xb1\x9b\xb5"
        "\xa6\x99\xf4\xd3\xe2\xbd\xef\xcf\x2b\xd0\xcb\x8c\x38\x11\x1c\x38\x41"
        "\x43\x1f\x73\x2d\xdb\xfd\xe7\xc2\x3c\xe0\xf1\x79\x6e\x67\x4e\x40\x6a"
        "\xca\x68\xaf\x50\xd8\x4e\x21\x71\x4b\x0a\x17\x3d\x11\x18\x81\x15\xa2"
        "\x23\xf8\x45\xf6\x30\x53\x65\xb4\x45\x43\xf8\xf1\xb4\xf2\xfb\x01\x11"
        "\x3a\x1d\x7d\x50\x5b\xe3\x10\x1e\xf2\xc0\x38\x28\xd9\x92\x77\x36\x05"
        "\xa4\x7c\x53\xaa\x8a\x64\x5c\x35\x1c\x94\x5e\x1d\x5c\xbd\xdb\xf3\x13"
        "\x03\xca\x81\xfe\x6a\xde\xae\x5d\xb1\x1d\x46\xe6\xd4\x67\x32\x62\x0c"
        "\x5b\x21\x5d\x1f\xa1\x67\x3b\x24\x42\xe7\xb1\x3d\xd8\x39\xdb\x72\x18"
        "\xc8\xd6\x58\xf2\x7f\xfd\xc5\x88\xe2\x72\x83\x05\x70\xb9\xe4\x8c\x2c"
        "\xc8\xd3\x19\x3a\xe6\x2a\xc5\x99\x9b\xf4\x05\x46\x3c\x36\xfc\x8e\xaa"
        "\x16\x30\xa9\xc9\x29\x8c\xf3\x2e\xf8\x1b\x8d\x51\xea\xde\x8d\xd4\x97"
        "\xbc\x14\x44\xa7\x0a\xe4\xfe\x20\xd4\xe0\x50\xb8\xc1\x65\xa8\x24\x43"
        "\x71\x44\xf4\x8c\x1f\xd4\x95\x80\x0d\x64\xa9\xa1\x06\xec\xc4\xdc\x04"
        "\x05\xee\x37\x8b\x5e\x53\xa0\xfd\xd2\x6f\x14\x71\xea\xf6\x43\xbd\x16"
        "\x18\xda\xe4\xbb\x09\x80\x96\xeb\x2d\x0f\xdd\x4a\x96\x87\xd4\xf5\x5f"
        "\xf6\xab\x02\x00\x49\xb7\xf9\x42\x03\x4b\xb2\x2f\xb2\x5b\x2d\xf1\x72"
        "\x68\x1b\xb5\x79\x1a\x47\x43\xf6\x28\x78\x2e\xae\x15\x41\x3b\x92\xd4"
        "\x96\x07\x20\x76\x18\xfa\x73\x81\x75\x47\xd7\x02\xb4\x8a\x2c\xec\x06"
        "\x02\x09\x72\x5f\xd1\x5a\x62\x52\x57\xd1\xb0\x60\xc7\xec\x62\xb4\xf4"
        "\xae\x48\xff\x1b\x7d\xdb\xe6\x2c\xb8\xf4\xd3\x38\xde\x6f\x70\xb3\xeb"
        "\x5d\x3a\x90\xc9\xd4\x96\xa0\x14\x70\x52\xa4\x41\x1f\x19\x02\x6e\x4a"
        "\x47\xb3\x06\x9b\xa9\xd8\x0a\xd8\x46\x1e\xee\x64\x62\x49\xf1\xde\x22"
        "\x1b\xb2\x26\x78\x6f\xc8\xb8\x22\x5d\x81\x29\x9b\x83\x45\xf5\xa3\xaf"
        "\x90\xbb\x08\xe6\x1e\x33\xac\x0e\xcd\x1b\xa4\xba\xea\x56\x4e\xed\x84"
        "\x53\xad\x4e\xca\x58\x67\x4a\x3f\xf0\x12\x88\x01\x26\xa4\x15\xe8\x7b"
        "\xc0\x0f\x9d\xcb\xd0\xed\xed\x0f\x01\xaf\xf4\x45\x89\x41\x07\x32\x92"
        "\x61\xb7\x79\x46\x18\x09\x33\xf3\x16\x9e\x80\x36\x05\x6b\x08\x23\xe5"
        "\xbb\x0e\x9d\x78\xe2\xf2\xa3\xa5\x49\x1a\x1c\xa8\xe9\x80\xf8\xc6\xc9"
        "\x29\xd4\x75\x6c\xc5\xa2\xc1\x4f\x4d\x39\x3e\xa7\xfc\xb0\x2c\x58\xcc"
        "\xcf\xc6\xac\xef\x28\x86\x1b\x0d\x97\x1d\x73\xc3\x39\x2c\x31\xe9\x4c"
        "\xe2\x26\x19\xde\x2f\x57\x8d\xb6\x81\x4f\x8b\x2e\xb2\xcb\xc3\xd1\xcd"
        "\xf6\xe9\x6e\xc9\x71\xfa\xd8\xf2\x39\xd6\xef\x97\x66\x9f\x59\x8c\x1d"
        "\xd1\x08\x9f\x96\x14\xaf\xcc\xe2\xba\xd8\xd0\x05\xe6\xd9\x1c\x4e\x1a"
        "\xd5\xf8\x4a\x34\xc2\x44\xab\x91\x17\xb1\xb7\x5d\xc0\xed\xc7\x84\x79"
        "\xa4\x44\xfa\xac\x00\xc7\x49\xd7\x40\xb3\xd0\xb3\x44\x0e\x65\xc8\xa8"
        "\xcc\xe8\x3e\x2c\x97\x0d\x09\x7e\x90\x6a\x90\x89\xdf\x77\x63\x43\x96"
        "\xa8\x4c\x0a\xbb\x9a\x9f\x23\xd8\x26\x8d\x8a\xe6\x84\x3f\x8c\x30\x49"
        "\x48\x2e\x76\x42\x7c\x9a\x51\x78\x40\x94\x5e\x58\x2f\xca\xf9\x41\xb6"
        "\x70\x3d\x24\x71\x82\x86\x05\xca\x3a\xde\x97\xcc\xbe\x7b\x8b\xec\xd3"
        "\x02\xf6\x6f\x4e\x29\x16\x25\x61\x00\xc8\x1c\xb5\xf5\x08\xd3\x9f\x49"
        "\x68\x64\xcb\x41\x8a\x90\x8f\x24\xd1\x67\x49\x8e\xa6\xa2\xf7\xbf\x72"
        "\xdf\x1c\x45\xba\x5f\x2e\x0b\x4a\xcc\xdd\xa2\x07\x49\x54\xc3\x05\x9d"
        "\x70\x0f\x15\x2b\x63\x5e\xf0\x08\x5b\x48\x00\x8c\x92\x27\xc8\x28\xc5"
        "\x4c\xf7\x33\xdf\x60\x94\x30\x7c\xde\x24\x8d\x35\x71\xbf\xd8\xea\x45"
        "\xc6\xef\x5c\x57\xdf\x49\xa8\x31\x08\x31\xc5\x6a\x70\xcf\xc9\x67\x3e"
        "\xf7\x95\x60\x48\xe3\x2e\xcc\x58\x43\x94\xac\x1d\xda\x6a\xd5\xfa\x12"
        "\xd9\xd6\x54\x11\xfa\xbd\xa9\x77\x94\x0e\x23\x23\xeb\xc7\x10\x6a\xdb"
        "\xb1\xf5\x0a\x42\xaa\xc2\xb3\x9a\x57\xe1\xfa\x32\x08\xaa\x94\xe5\xac"
        "\xf1\x66\x89\xac\xfa\xbd\x50\xd3\xce\x7f\xb4\xd5\x0a\xd4\x11\xa7\xac"
        "\x6d\x76\xf5\x1c\xa4\xd6\xb5\x96\x87\x5b\x6f\xce\x75\x9b\xd2\x82\x8d"
        "\xfa\x3b\x30\x27\xbb\xde\x11\xe0\x5e\x15\xa8\x2f\xaa\xf0\x11\x65\x11"
        "\x5f\xc5\x2a\x42\x78\x49\x3d\xbc\xd9\xbe\x5c\x02\xf1\xfb\x2c\xdd\x5d"
        "\xdd\xeb\x43\x32\x34\xc9\x4d\x38\x1a\x61\x1f\x5f\x7c\x8c\x5f\x02\x48"
        "\x43\xbc\xb0\xec\x89\x53\x9d\x05\x02\x6c\x81\x65\x5a\x39\x3d\x58\x13"
        "\x11\xd2\x8f\x7c\x43\x33\xe7\xcc\xb6\x9d\x93\x8b\x7a\x07\x7b\xa6\x69"
        "\xae\xe9\x23\x28\x42\xfd\x4f\x03\xd0\x70\x7c\x07\x13\x30\x98\x9d\x73"
        "\xe0\x08\x79\x3c\x94\x2f\xd1\xaf\x3d\xd4\xd5\x93\xd5\x59\xa8\x93\x68"
        "\x4b\xe9\xf5\x8b\xd8\x4d\x93\x6e\x94\xbd\xbb\xc4\x23\xfb\x7b\x3b\x74"
        "\x65\x28\x31\x72\xad\x8c\xfa\x73\x4d\x50\xec\xb0\x1d\x4d\x30\xae\x47"
        "\xf8\xf8\x05\x01\xfb\x05\x4e\x1b\xd2\x2d\x12\x12\x89\x1e\x0e\xa3\x42"
        "\xad\x11\x2e\x4d\x6a\x68\x4a\xcf\xd5\x1d\x19\x40\x2b\x80\x6d\x95\x37"
        "\x2c\xe5\xa4\x62\xf7\xd8\x73\x56\x99\x4a\xc6\x3e\x7f\x92\xe4\x1b\x12"
        "\x1b\x0c\xca\x6b\xb0\x7a\xf3\xaf\xe2\x9d\x32\x08\xdf\xf9\x64\x89\x4d"
        "\xce\x55\x9a\x53\x5d\xc7\x6a\x9c\x1a\x50\xa7\xc4\x5c\xdd\x20\x00\xab"
        "\x4e\xb2\xb6\xd6\xe6\x39\x65\x4c\x83\xfb\xd7\x80\xa5\xd1\x81\x00\xcf"
        "\x33\x89\x83\x8d\x3a\x17\x99\xef\xc2\xb8\x44\xbc\xb0\x9b\xb4\xb0\xb2"
        "\xe5\x87\xf2\xb1\x76\x47\x0d\xc4\xac\x21\xe6\x75\x25\x93\x5e\xdb\xd7"
        "\x0c\x38\xb8\x64\x18\x67\xe1\xa3\x5b\x33\x4a\x79\xd3\xfa\x9a\xc3\xf1"
        "\x0d\xaa\xce\xfd\x0b\x04\xce\x34\x11\x37\xb0\x3a\x34\x74\xd6\x94\xc5"
        "\x8d\xef\x4d\xc8\x9e\x40\xb0\x5d\xf3\xca\xf0\xfb\x0a\x9f\x34\xe9\x59"
        "\xda\x5b\xa9\xd0\x2f\x14\xe6\x2b\xdb\x1c\x66\x3b\x58\x63\x46\xa8\x3d"
        "\x77\xb8\x68\xb4\x93\xd2\x86\x2f\x7b\x33\xb4\x12\xaf\x60\x3a\x54\x38"
        "\x13\x03\xe1\x9f\xc9\x1e\x15\x56\xee\xca\x04\x1f\xdc\x04\xd0\xeb\x0f"
        "\x03\x9c\x62\x35\x20\x37\xa6\xc3\x38\x8d\xff\x72\x35\x60\x20\xec\xbe"
        "\xfb\x6a\xf3\x6c\x51\x44\x58\xb8\xef\xd8\x3d\xc0\xb3\x14\xbd\x7e\xd8"
        "\x5e\x1e\x5a\x06\xca\x17\xbb\x43\x23\xa5\xcd\x5b\x7a\xed\xea\x4f\x2e"
        "\xd2\x3d\x35\x00\xb4\xb3\xf6\xf0\x72\xcd\xdd\x8c\x20\x47\xc5\x28\xf4"
        "\x66\x38\x2f\x71\x3f\x9a\xdf\xbc\xaa\x5c\x50\x63\xaf\x8f\xa7\x0f\x7e"
        "\x71\x0b\x15\x25\xb4\xb1\x06\x85\xd6\xaa\xc6\xf7\x54\xd6\x2d\x44\xe9"
        "\xe1\xfe\xd1\x79\x78\xeb\xfc\xdb\x5c\xf3\x3a\xed\x8b\x4b\x3a\x78\xe0"
        "\xf4\xf7\xe4\xbf\x07\xab\xa3\xd5\x1c\x4d\x62\x16\x78\x3a\x31\xc9\xe4"
        "\xfe\xff\xe2\xc7\x21\xe6\x35\x73\x59\x97\xb2\x56\x95\x87\xf0\xc6\xaa"
        "\x6f\x8e\xfe\x87\xc0\x9a\x6b\xf8\x8b\xbd\x8c\xc2\x27\x1b\x9e\xa1\x85"
        "\x99\xbf\xd2\x0f\x46\x13\x9a\xe9\x4e\xef\x19\xf6\x6b\x3a\x83\x47\xbe"
        "\xaf\x5e\x7d\x9c\x7c\xbf\xd9\xd9\x09\x23\xdf\x5c\xa8\xaa\x6a\xf3\x39"
        "\x9b\x42\x86\xd4\x23\x0e\x0f\x25\xf9\xc5\x4c\x7e\xf5\x45\xcf\x5b\xa5"
        "\x38\xec\x3c\x08\xe6\xd8\x43\x90\x1c\xec\x82\x78\x9b\x1e\x8e\x88\x20"
        "\x87\xb5\x74\x41\x72\xef\xd5\x78\x2a\xa8\x10\x12\xf0\x9b\xa4\x6d\x88"
        "\x01\x61\x3c\xfb\x00\xe8\x7e\x92\xe2\x4e\xcd\x4d\x63\x98\xb4\xbd\x74"
        "\x63\xa0\xa2\x65\xa1\xa1\x9c\x01\xfc\x76\xe6\x12\x84\x08\xf0\x9c\x30"
        "\xf2\xe2\x37\xa9\x09\xe4\xd0\xd3\xc0\x6b\x7f\xa6\x6f\x9d\x37\xe6\xc1"
        "\xd6\xad\x22\x2a\x77\x46\x1f\xce\x73\xbc\x43\x41\x3c\x83\x66\x26\xe3"
        "\x5d\xa4\xec\x73\xd4\x8a\x46\xcc\x4a\x1a\x61\x46\xd7\x09\x3d\x50\x00"
        "\x42\xfa\xa6\xc3\x2e\xfa\x5f\x03\xb8\x25\x98\xc4\xc8\xd8\xc1\x1a\xbc"
        "\x0a\x6b\x7f\x63\x76\xa0\x61\x24\xd3\x06\x59\x0d\xf0\x4d\xdc\x2e\x3f"
        "\xee\x2f\x1a\xa3\xa7\x8a\xfd\x85\xf9\x6a\x97\x7d\x9b\x9c\x7a\x87\xe2"
        "\x48\x3e\xc7\xba\xdd\x21\xec\xce\x55\x8a\xe2\x9a\x42\x5e\xdf\x93\xc1"
        "\xbc\x71\x55\x7b\x11\xe7\x25\xb5\x06\x3e\xb2\xc5\x72\xa2\x51\x5b\x76"
        "\x24\x62\x3d\xe0\x24\xf3\xa2\x4a\xf1\xef\x46\xd9\x91\x7c\xb5\xf1\xfe"
        "\x4c\x04\x5c\xec\x60\xee\xd7\xf6\xc7\x6e\xf0\xc4\x45\x1e\xf1\x59\x2d"
        "\xf7\x14\xab\x01\x97\x54\x3f\x7f\xaa\x8a\x23\xaf\x90\x31\x2e\xf7\x2d"
        "\x51\x35\x31\x48\x8d\x67\xca\xbf\xc1\xad\x75\xfe\x63\x7d\x37\x81\xd2"
        "\xed\x45\xb0\xe8\x29\xcd\x4e\x69\x24\x7a\xc7\x59\x84\xd3\xd6\xf2\xa0"
        "\x88\x68\x59\xcf\x75\xbd\x69\xa9\x72\xc5\x6c\x02\x20\x9a\x69\xa1\x78"
        "\x8d\xd0\x95\x4e\x33\xb0\x22\xb2\x06\xb9\xe3\x92\xda\x52\xe5\x7c\x5b"
        "\xb5\x14\xfe\x96\x2f\x92\x9d\xa6\xa0\x30\x60\x40\xed\xdf\xb2\xc1\xcc"
        "\x44\xd9\x0d\x12\xc6\x6f\x20\x28\x37\x06\x13\xbd\x1d\x27\x05\xeb\x79"
        "\x94\x5c\xdc\x9d\x5e\x2b\x59\xcf\x2f\xad\x11\x7b\x54\x3f\x64\x06\xef"
        "\x02\x73\xfa\xdb\x3d\xd8\xa9\x22\xd1\x1b\x05\x70\x49\x74\x6c\x72\x70"
        "\x38\xe9\xbd\xdf\x51\x2d\x6c\x95\x63\xd8\x12\x57\xbf\x33\xcb\x2d\x6b"
        "\x01\x63\x24\x6f\x3b\xb3\x61\x14\x38\x90\x85\x31\x6b\x0e\xa7\xe3\xf8"
        "\x57\xaa\x73\x3d\x49\x74\xe6\x78\x73\xe4\xba\xc5\x50\xd8\xd2\x7a\x3b"
        "\x95\x3e\x2f\x39\x87\xba\xae\x0d\x16\x1a\xb2\xd7\x00\x7b\x8d\x50\xd2"
        "\x5c\x9c\x2e\x00\xd8\x62\x4b\xd5\x44\xad\x4d\x31\x36\x7e\xb7\x77\x0f"
        "\x27\x2b\xe8\x13\x8b\xea\xea\xf7\x21\x1f\x34\x30\xba\x8f\x4d\x2f\x69"
        "\xe9\x48\xdf\xb8\xe0\x9a\xdc\x62\x42\x01\xe6\xd0\xb9\x3d\x02\xb0\x61"
        "\xd9\x9b\xe9\xc7\x4e\xfa\x6b\xb8\xb9\xdb\x53\x08\xad\x8f\x13\xf5\x18"
        "\x14\x87\xa9\x8b\xe0\x3f\xbe\x60\x47\xb1\x73\x20\x6e\xf1\x7b\xbe\x41"
        "\x6c\x58\x3d\x3b\xa6\xb5\x8f\x75\x84\xc2\x1c\x4d\xf3\x44\xa6\xe6\x39"
        "\xb4\x22\x52\xa7\xbf\x8e\xb3\xd4\xe3\xf5\x0d\x2a\xb1\x7e\x18\x06\x1e"
        "\x37\x66\xa9\x9e\x71\x12\x0d\xca\x5d\x71\xac\x1c\x2e\x1c\xd9\xba\xa0"
        "\x69\xc4\x3a\xf7\x5b\x7b\x10\x93\xec\x70\x8c\x05\x78\xd9\x1b\xba\xa7"
        "\xa4\x88\x6a\x29\xff\x48\xe7\xbc\x47\xc5\x8e\x33\x44\xd3\x9b\x47\x5e"
        "\x68\x69\xd5\x07\x46\x6e\x3e\x4a\x6a\xd3\x1b\x9a\x7c\xb5\x7b\x60\x06"
        "\xd8\x81\x05\xdd\x2a\x0b\x26\x0c\xbb\x85\xd8\x7a\xd4\xea\x17\xd1\x14"
        "\x12\xd4\xea\xb9\x55\x38\x40\xf0\x9d\x54\x75\x43\x49\xa2\x6a\x75",
        4096);
    *(uint64_t*)0x20001280 = 0xa0960d;
    memcpy((void*)0x20001740,
           "\xe4\xda\xbb\x5a\xd0\xb2\x6f\x76\x46\x07\x19\x30\xd2\x5a\x3f\x76"
           "\x78\xe6\xfa\x8d\xb5\x22\xfb\xda\x0a\x9e\x23\xf5\xc5\x45\x4f\xc6"
           "\xdc\x0b\x79\x54\xe9\x00\x86\x16\x53\x6b\xb3\x1a\xfa\x21\x51\x7f"
           "\xcc\xbb\x9f\xe7\x25\x71",
           54);
    ((intptr_t(*)(intptr_t, intptr_t, intptr_t, intptr_t, intptr_t,
                  intptr_t))CAST(sysctl))(0x20000200, 2, 0x20000280, 0x20001280,
                                          0x20001740, 0x36);
    break;
  case 3:
    ((intptr_t(*)(intptr_t, intptr_t))CAST(munmap))(0x20000000, 0x4000);
    break;
  }
}
int main(void)
{
  ((intptr_t(*)(intptr_t, intptr_t, intptr_t, intptr_t, intptr_t,
                intptr_t))CAST(mmap))(0x20000000, 0x1000000, 3, 0x1012, -1, 0);
  do_sandbox_none();
  return 0;
}