// https://syzkaller.appspot.com/bug?id=176a70590ebfd17c1e3d65c543580943188c20d7
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

void loop()
{
  memcpy((void*)0x20000000,
         "\xf1\x1e\x94\x63\x25\xda\x46\x59\x99\x68\x02\x9f\xf3\xf5\xc8\x71\xce"
         "\x87\x80\xea\xa7\xd4\x18\x26\x20\xa3\x7d\x83\x32\xb9\x14\xa1\x75\x6e"
         "\xd2\xda\xf7\x17\x63\xac\xa0\x8d\xf8\x3f\x5d\x4c\x61\xec\xd7\x87\xdd"
         "\x04\xd4\x83\x82\x8b\x32\x84\x12\x60\xf4\xbd\x92\x33\x46\xdc\x4c\x6e"
         "\x19\x9b\x28\x61\x1a\xc1\xc8\x1c\xf1\x26\xe2\x5d\x82\x47\xf9\x17\xf3"
         "\x6c\x11\xd1\x40\xaf\xa0\xb2\x67\xad\xf7\xec\xde\xd4\xbe\x2a\xfd\x04"
         "\x5c\xcb\x73\x76\xbb\xd5\x52\x16\xc9\xe4\x6a\x4b\xa3\x42\xdb\x3d\x6d"
         "\xa5\xc4\xde\x97\x55\xc7\xf8\x23\xc0\xdd\x9d\x8b\x66\xda\x21\x15\xc2"
         "\xa4\x56\x36\x17\xcb\xac\xe6\xb1\x8f\x61\xa1\x64\x0a\xa7\x0f\x86\x66"
         "\xf4\x24\x35\x9e\x25\xba\x2e\x71\x14\xd4\x16\xf4\x6e\x98\x32\x36\xd4"
         "\x66\xc8\xd2\x69\x59\x6a\xff\x02\x86\x60\x0f\xa7\x87\x90\x80\xa1\xf0"
         "\x1c\xed\x45\xfd\xb2\x14\x45\xee\x31\xf0\xbb\xa4\xb3\x30\xd2\x52\xd2"
         "\xcb\xe7\x0c\xd7\xeb\x88\x05\x2b\x54\xb0\xb0\x96",
         216);
  syscall(SYS_pop_ctx, 0x20000000);
  *(uint32_t*)0x20000480 = -1;
  *(uint32_t*)0x20000484 = 1;
  *(uint32_t*)0x20000488 = 0x100;
  *(uint32_t*)0x2000048c = 0xdc;
  *(uint64_t*)0x20000490 = 0x200002c0;
  *(uint64_t*)0x200002c0 = 0x20000240;
  memcpy((void*)0x20000240,
         "\xda\x17\xb8\x71\xa9\x0f\xa4\xf5\x6c\x76\x3d\xce\x17\x4d\x34\xac\xb1"
         "\x9a\x4f\x2d\x96\x96\x23\x74\xe9\xcd\x7b\xed\x3f\xc2\xb2\x93\x55\x64"
         "\xe1\xdc\x55\x50\xab\xa7\xb1\xb7\x01\x58\xec\xa5\x2f\xf5\x9e\x37\x88"
         "\x03\x21\x5c\x2b\x9c\xd4\x8c\x9e\xeb\xa9\x7c\xd5\x08\x43\xfa\x44\x13"
         "\x0e\x08\x28\xad\x15\x23\x0f\x0e\x66\x25\xbd\x40",
         80);
  *(uint32_t*)0x200002c8 = 1;
  *(uint8_t*)0x200002cc = 0;
  *(uint32_t*)0x200002d0 = 2;
  *(uint64_t*)0x200002d8 = 0x35;
  *(uint64_t*)0x200002e0 = 5;
  *(uint64_t*)0x20000498 = 0;
  *(uint32_t*)0x200004a0 = -1;
  *(uint32_t*)0x200004a4 = 2;
  *(uint32_t*)0x200004a8 = 0x383492c8;
  *(uint32_t*)0x200004ac = 6;
  *(uint64_t*)0x200004b0 = 0x20000380;
  *(uint64_t*)0x20000380 = 0x20000300;
  memcpy((void*)0x20000300,
         "\x4a\xb9\x8a\xf1\xa5\x77\xd0\x97\xdf\x8e\xb2\x62\x0c\xca\xba\x9b\x79"
         "\x8c\x06\x5e\x21\xb0\x0a\x60\xde\x0c\xb0\x84\x1c\x1f\xdb\xe8\xa2\x95"
         "\xcb\xf2\x07\x12\xf0\x4f\xa5\xfd\xda\x97\xc4\x4b\xd6\xcd\xa3\xc4\xd0"
         "\xa2\xf4\xd3\xe3\xcd\xff\x75\xb9\xba\x76\xd5\x26\x02\x95\x48\x89\xd1"
         "\x0e\xd9\x6d\x37\x4d\xef\x5f\xf8\xb6\x41\xfa\x9a",
         80);
  *(uint32_t*)0x20000388 = 0x40;
  *(uint8_t*)0x2000038c = 0;
  *(uint32_t*)0x20000390 = 0x8001;
  *(uint64_t*)0x20000398 = 0x7ff;
  *(uint64_t*)0x200003a0 = 0x608;
  *(uint64_t*)0x200004b8 = 0;
  *(uint32_t*)0x200004c0 = -1;
  *(uint32_t*)0x200004c4 = 2;
  *(uint32_t*)0x200004c8 = 0;
  *(uint32_t*)0x200004cc = -1;
  *(uint64_t*)0x200004d0 = 0x20000440;
  *(uint64_t*)0x20000440 = 0x200003c0;
  memcpy((void*)0x200003c0,
         "\x64\xcc\x18\xf4\x55\x84\x33\x97\xdf\x2a\x32\x89\x72\xbe\xd2\x8e\x02"
         "\x1a\x75\x25\x72\xac\xf8\x73\xa4\x44\x35\x79\x8b\xaa\x0c\x86\x38\x40"
         "\xcb\x53\x3b\x58\x45\x4d\x92\x8c\x80\xc4\x25\x9f\x7f\xe6\xa1\x68\x46"
         "\x53\x52\xc9\xc2\x01\x83\x54\x59\x53\x5f\xde\xe1\x3f\xe6\x31\x30\x8c"
         "\x63\xee\x85\xbe\x4d\xa7\xdb\x95\x0e\x3c\xd9\x62",
         80);
  *(uint32_t*)0x20000448 = 0xc3;
  *(uint8_t*)0x2000044c = 0;
  *(uint32_t*)0x20000450 = 0xfff;
  *(uint64_t*)0x20000458 = 8;
  *(uint64_t*)0x20000460 = 2;
  *(uint64_t*)0x200004d8 = 0;
  syscall(SYS_tap_fds, 0x20000480, 3);
}

int main()
{
  syscall(SYS_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}