// https://syzkaller.appspot.com/bug?id=3b23367047a8212f258b9f4794e58802b771b230
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

#ifndef __NR_io_uring_enter
#define __NR_io_uring_enter 426
#endif
#ifndef __NR_io_uring_setup
#define __NR_io_uring_setup 425
#endif

static void sleep_ms(uint64_t ms)
{
  usleep(ms * 1000);
}

static uint64_t current_time_ms(void)
{
  struct timespec ts;
  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    exit(1);
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

static bool write_file(const char* file, const char* what, ...)
{
  char buf[1024];
  va_list args;
  va_start(args, what);
  vsnprintf(buf, sizeof(buf), what, args);
  va_end(args);
  buf[sizeof(buf) - 1] = 0;
  int len = strlen(buf);
  int fd = open(file, O_WRONLY | O_CLOEXEC);
  if (fd == -1)
    return false;
  if (write(fd, buf, len) != len) {
    int err = errno;
    close(fd);
    errno = err;
    return false;
  }
  close(fd);
  return true;
}

#define SIZEOF_IO_URING_SQE 64
#define SIZEOF_IO_URING_CQE 16
#define SQ_HEAD_OFFSET 0
#define SQ_TAIL_OFFSET 64
#define SQ_RING_MASK_OFFSET 256
#define SQ_RING_ENTRIES_OFFSET 264
#define SQ_FLAGS_OFFSET 276
#define SQ_DROPPED_OFFSET 272
#define CQ_HEAD_OFFSET 128
#define CQ_TAIL_OFFSET 192
#define CQ_RING_MASK_OFFSET 260
#define CQ_RING_ENTRIES_OFFSET 268
#define CQ_RING_OVERFLOW_OFFSET 284
#define CQ_FLAGS_OFFSET 280
#define CQ_CQES_OFFSET 320

struct io_sqring_offsets {
  uint32_t head;
  uint32_t tail;
  uint32_t ring_mask;
  uint32_t ring_entries;
  uint32_t flags;
  uint32_t dropped;
  uint32_t array;
  uint32_t resv1;
  uint64_t resv2;
};

struct io_cqring_offsets {
  uint32_t head;
  uint32_t tail;
  uint32_t ring_mask;
  uint32_t ring_entries;
  uint32_t overflow;
  uint32_t cqes;
  uint64_t resv[2];
};

struct io_uring_params {
  uint32_t sq_entries;
  uint32_t cq_entries;
  uint32_t flags;
  uint32_t sq_thread_cpu;
  uint32_t sq_thread_idle;
  uint32_t features;
  uint32_t resv[4];
  struct io_sqring_offsets sq_off;
  struct io_cqring_offsets cq_off;
};

#define IORING_OFF_SQ_RING 0
#define IORING_OFF_SQES 0x10000000ULL

static long syz_io_uring_setup(volatile long a0, volatile long a1,
                               volatile long a2, volatile long a3,
                               volatile long a4, volatile long a5)
{
  uint32_t entries = (uint32_t)a0;
  struct io_uring_params* setup_params = (struct io_uring_params*)a1;
  void* vma1 = (void*)a2;
  void* vma2 = (void*)a3;
  void** ring_ptr_out = (void**)a4;
  void** sqes_ptr_out = (void**)a5;
  uint32_t fd_io_uring = syscall(__NR_io_uring_setup, entries, setup_params);
  uint32_t sq_ring_sz =
      setup_params->sq_off.array + setup_params->sq_entries * sizeof(uint32_t);
  uint32_t cq_ring_sz = setup_params->cq_off.cqes +
                        setup_params->cq_entries * SIZEOF_IO_URING_CQE;
  uint32_t ring_sz = sq_ring_sz > cq_ring_sz ? sq_ring_sz : cq_ring_sz;
  *ring_ptr_out = mmap(vma1, ring_sz, PROT_READ | PROT_WRITE,
                       MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring,
                       IORING_OFF_SQ_RING);
  uint32_t sqes_sz = setup_params->sq_entries * SIZEOF_IO_URING_SQE;
  *sqes_ptr_out =
      mmap(vma2, sqes_sz, PROT_READ | PROT_WRITE,
           MAP_SHARED | MAP_POPULATE | MAP_FIXED, fd_io_uring, IORING_OFF_SQES);
  return fd_io_uring;
}

static void kill_and_wait(int pid, int* status)
{
  kill(-pid, SIGKILL);
  kill(pid, SIGKILL);
  for (int i = 0; i < 100; i++) {
    if (waitpid(-1, status, WNOHANG | __WALL) == pid)
      return;
    usleep(1000);
  }
  DIR* dir = opendir("/sys/fs/fuse/connections");
  if (dir) {
    for (;;) {
      struct dirent* ent = readdir(dir);
      if (!ent)
        break;
      if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
        continue;
      char abort[300];
      snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
               ent->d_name);
      int fd = open(abort, O_WRONLY);
      if (fd == -1) {
        continue;
      }
      if (write(fd, abort, 1) < 0) {
      }
      close(fd);
    }
    closedir(dir);
  } else {
  }
  while (waitpid(-1, status, __WALL) != pid) {
  }
}

static void setup_test()
{
  prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
  setpgrp();
  write_file("/proc/self/oom_score_adj", "1000");
}

static void execute_one(void);

#define WAIT_FLAGS __WALL

static void loop(void)
{
  int iter = 0;
  for (;; iter++) {
    int pid = fork();
    if (pid < 0)
      exit(1);
    if (pid == 0) {
      setup_test();
      execute_one();
      exit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
        break;
      sleep_ms(1);
      if (current_time_ms() - start < 15000)
        continue;
      kill_and_wait(pid, &status);
      break;
    }
  }
}

uint64_t r[1] = {0xffffffffffffffff};

void execute_one(void)
{
  intptr_t res = 0;
  *(uint32_t*)0x20000244 = 0;
  *(uint32_t*)0x20000248 = 0;
  *(uint32_t*)0x2000024c = 0;
  *(uint32_t*)0x20000250 = 0;
  *(uint32_t*)0x20000258 = -1;
  memset((void*)0x2000025c, 0, 12);
  res = -1;
  res = syz_io_uring_setup(0xcd1, 0x20000240, 0x20003000, 0x20ffe000,
                           0x20000140, 0x20000040);
  if (res != -1)
    r[0] = res;
  *(uint64_t*)0x20002800 = 0;
  *(uint64_t*)0x20002808 = 0;
  *(uint64_t*)0x20002810 = 0;
  *(uint64_t*)0x20002818 = 0;
  memcpy(
      (void*)0x20002820,
      "\xa3\xaa\xcd\xe4\xe0\xda\xd4\x60\xe3\x1b\x49\x25\xc7\x89\x3a\x92\x0c\xa9"
      "\xef\x8f\x3e\x97\x26\x0a\xb0\xc6\xe8\x5d\xed\x03\x9c\x8c\xc1\xe3\x0d\xa9"
      "\xae\xe4\xcf\xa1\x1d\x38\x0f\xd7\x3b\x1e\xc5\x4a\xad\x67\xf6\x66\x77\x98"
      "\xe6\xdc\x56\x7e\xe6\xe6\xce\x2e\xa5\x79\xcd\x0e\xe7\x9c\xf5\xe3\x69\x8e"
      "\xe5\x15\x83\x27\x5e\xc4\x7f\x7d\x17\x07\x0b\xef\x02\x39\x5f\xec\x90\xa5"
      "\xbb\x8f\x12\xbd\x79\xd6\x24\x13\x5c\x60\xda\x32\xfc\x5c\x45\xf2\x3e\xd1"
      "\x83\x7f\xf7\x13\xdb\x68\x60\xfe\xcc\xe2\x97\x64\x06\x85\xcc\x9f\x52\xa6"
      "\xd3\xfe\xfa\xd8\xec\xb3\x0c\x5e\xb0\xe3\xb8\xf9\x9b\xa3\xb0\x77\x9d\xe3"
      "\x8a\xbb\x35\x5a\xa9\xfb\x4a\xcd\x4f\x4c\x6e\x03\x2b\xe8\xaa\xe4\xb9\xae"
      "\x66\x7e\x52\x51\xc3\x4e\x13\xfd\xb0\xf1\xe1\x84\x9d\xd9\x0d\x9f\x93\xc0"
      "\x84\xb3\x91\xea\xb5\x0a\xfa\xaa\x37\x0e\x1e\xb4\xd2\x48\x41\xa7\x51\xf4"
      "\x4d\xb4\x8d\x4a\x59\x1b\x1c\x2d\x00\x91\x31\x1a\x4d\x08\xf5\x25\xf9\x66"
      "\xc3\x5e\x39\xc5\xc5\x93\x40\x9c\x7b\x2b\x62\x3d\xff\x6d\x99\x13\xb7\x63"
      "\xa1\x47\x51\xe2\x21\xec\xd8\x4b\x4b\x93\x71\x2a\xd6\x53\xad\x21\x4e\xf7"
      "\x07\xe3\xb2\x4b\xfa\x0c\x3c\x19\x91\xa5\x86\x1e\x9b\xb1\x57\x6d\xf8\xb7"
      "\x6d\x55\x00\x61\xa1\x71\x4e\xcf\xd4\x58\x9e\xa9\x75\xc3\x83\xcd\x5f\xf4"
      "\x6e\x32\x36\xcc\x8d\xee\x18\x0a\x6a\x8e\x05\x52\xc9\xa3\xfb\x72\x29\xd5"
      "\x23\x60\xfb\xc2\xc7\x5c\xd4\x01\x2d\x6d\x41\x55\x4f\xae\xa6\xf1\x08\xaf"
      "\x5c\xa6\xf8\x8c\x4e\x32\xfc\x27\x43\x68\x6f\xc3\xc7\xdc\x97\x02\x8f\x5d"
      "\x31\x37\x4c\x66\xc3\xe1\xac\x74\xcd\x48\x24\xd2\x42\x7f\x8f\x93\x56\xd0"
      "\x1a\x9d\x5f\xd1\xf5\x65\x3e\x15\x0d\xc4\xae\xdc\xb9\x51\x99\x62\x6c\x2e"
      "\x0a\xd3\xcb\xf7\xc6\xbc\xf2\x8c\x98\x6e\xb1\x51\x51\x58\xa8\x9f\x44\x18"
      "\x60\x11\xee\xb5\x71\xea\x66\x9a\x5f\xe9\x43\xdf\xd8\xe8\xb0\x1d\x7d\x6e"
      "\x16\x95\x86\x29\x75\x5c\xd4\x7a\x25\x4a\x8e\x40\xa3\x6f\x31\x71\xab\xa3"
      "\x1f\x90\x5b\xfb\x55\x6e\xab\xd3\x05\xdf\x6b\x7a\xd2\x7a\x13\x7f\xf7\x97"
      "\xf5\x65\xc8\xdf\x13\xbb\xa6\x63\x96\xfe\x13\x68\xb1\xbb\xd4\xa6\xd7\x1b"
      "\x41\x18\x16\x2d\x50\x21\xb4\x81\xec\x9a\x09\x34\x09\x05\xb2\x63\xef\x2e"
      "\x4c\x69\x99\x0e\xe5\x6a\xea\x3c\xbc\x3b\xb3\x62\x68\xff\x48\xb4\x5f\x13"
      "\x17\xd4\xf1\x00\xea\x66\x61\xb2\x3e\x1d\x5c\x0a\xc5\x52\x4f\x3a\x4f\x3a"
      "\x95\x95\x0e\xfc\x76\xf8\x44\x32\x0c\x1f\x08\x25\x57\xee\x64\xc0\x25\xfc"
      "\x99\x59\xdd\x05\x8c\xc8\xd7\xa9\x7a\x3f\x21\xa8\x41\xac\x1c\x55\x76\x82"
      "\x43\x6c\x40\x60\x40\x2b\x9e\x33\xc0\xe6\x59\x2b\xcb\x6d\x57\xc7\xeb\xed"
      "\x69\x8a\x3d\x97\xa5\x0d\xee\x2f\xb6\xaf\xe6\xbe\x22\xd7\x0b\xac\x88\x84"
      "\xae\x86\xcf\x2d\x61\x76\x6d\x32\x09\x39\xa8\x69\x5a\x13\x6e\x95\xc1\x78"
      "\xdc\x64\xbd\x15\x52\x95\x8b\x8b\x6b\xe7\x06\xda\xf2\x13\x62\x80\x16\xb5"
      "\x9d\x06\x97\x02\xfb\x4d\xd5\x91\xf1\xff\xf9\x1a\x6d\x5d\xc1\x88\xf3\xb6"
      "\x9b\x7b\x05\x46\xf1\x90\x42\x74\x23\xe9\xf2\x10\x06\x97\x2e\xa7\xd7\x8f"
      "\x86\x13\x47\x05\x8a\xbb\xc3\x59\x86\x5b\x7d\xc8\x78\x28\xf5\x5c\x10\x0e"
      "\xe1\xfd\xeb\x2d\x9d\x92\x19\x78\x95\x33\x66\xb5\xef\x49\xcf\xb5\x2d\xab"
      "\x47\xd0\xb6\x7b\xf0\x35\x2d\x52\xca\xf1\xc5\x43\xb0\xee\xfa\xca\x8e\xee"
      "\xe8\x57\x96\xc2\x47\x5f\x43\x19\x40\x72\x02\xe9\xa4\xe6\x67\xab\x93\xc0"
      "\x5a\xe3\x7a\xf2\xfb\xce\x26\xec\xc5\x64\xf8\x8a\x7e\x94\xef\x3e\x5f\x5c"
      "\x5e\x3a\xfc\x9b\xb6\x08\x12\x10\x52\x94\x21\x76\xea\x19\xe0\xba\x51\x0c"
      "\x02\x72\x11\xc7\xc5\xd2\x84\x87\x3f\x6f\x51\xd2\xdd\xe1\xbd\x56\x3c\x04"
      "\x44\x4a\xe5\xcc\xa3\x2d\xb1\x49\x40\x85\xda\x5e\x13\x56\xda\xe4\x38\xbe"
      "\xdc\x42\x2a\x9a\xeb\x0e\x20\xd9\xd0\xcc\xcf\x73\xa5\xe5\x07\x7b\x72\xe2"
      "\xe9\xb7\x1f\xbf\x97\xa3\x9d\x3f\x98\x37\x46\x78\x4a\xfb\x72\x1d\x4f\x78"
      "\xb4\xc3\x39\xb5\x1d\xaf\xc1\x7b\x60\x9b\x50\x04\xa7\xee\xa2\xd4\x22\x05"
      "\xb8\xc4\x9e\x40\x2c\x55\x4c\xfc\x27\xc4\xa0\x01\xf1\x16\xbe\x5b\x74\x10"
      "\x07\x0f\x48\xb1\xbd\x5c\xbe\xc8\x59\x0f\x59\xca\xdb\x75\x0d\x28\xe0\xf0"
      "\x6e\x2e\xc0\x07\x95\x9d\x55\xc5\xf0\xd0\x03\x1b\xd4\x1c\x7b\x69\x1f\x89"
      "\xe5\xc7\xb7\xc8\xe9\x47\x9b\x40\x3f\xe8\x66\x2b\x98\x4f\xb6\xfe\x23\x7d"
      "\xd9\xd4\xb7\xc9\x7b\xb6\xc9\x52\x97\x5b\x5b\x16\xb9\xaf\x00\xc4\x8f\xb8"
      "\x3e\xbd\x82\xaf\x45\x10\x00\xdf\x11\xa8\x0b\xec\x04\x80\x52\x4f\x1b\xc5"
      "\x1b\x6c\xc1\x54\x94\x64\x58\xa9\x87\xc7\xb4\x37\x1f\xd0\x16\x7c\xe6\xc1"
      "\x86\x81\x7a\x81\xc6\x47\x14\x98\xb8\xec\xb9\x85\x8b\x63\xfa\x92\x9b\xd8"
      "\x96\xf9\x5b\xb9\xcd\xbd\xd1\xd4\xb7\xd7\x0a\x42\xd2\x0f\x1f\x04\xbd",
      1025);
  memcpy(
      (void*)0x20002c21,
      "\xd6\x84\x84\x8a\xdb\x59\x78\x44\x81\xfd\x37\x40\x06\x45\x15\x36\x29\xfd"
      "\xdf\x08\x52\x7d\x42\x98\x4d\x97\x07\x37\x06\x47\x37\xa5\xc0\xd1\x11\xe2"
      "\x67\xdb\x48\xf8\x35\x54\xe9\x85\xef\x17\xa1\x1b\x77\x29\x83\x2a\x06\xec"
      "\x3f\xc9\xdd\x34\xce\xf4\x13\xd2\x3d\xc0\xfb\x1b\xdd\x3f\xf3\xec\xe5\x5c"
      "\x1e\xa5\xf2\xd2\x21\x00\xa2\xe6\xf4\xf7\x4a\x5e\x4c\x3b\xfc\x5c\x83\xb0"
      "\x2a\xf3\xe0\x95\xbf\xe2\x01\x10\xb6\xb0\xd5\xe5\x9a\xb6\xeb\x19\xcd\x67"
      "\x38\xc5\xe3\xa7\x66\x83\x44\xb1\xbd\x4d\xc1\x3a\x5b\xce\x1c\x4b\x24\x4c"
      "\xba\x81\x4e\x69\x5a\xfe\x08\xdb\x1e\xcf\x92\x9c\x37\x1c\xd5\x4d\x53\x7e"
      "\x24\x2f\x15\x1a\x33\x60\x0a\xac\x8c\xdb\xbe\x6d\xa5\x12\xb4\x20\x76\x0e"
      "\xb8\x9b\x77\x9e\x87\x0b\x1e\xa7\xed\xc7\x6d\x15\xb2\x67\x7d\x17\x74\x90"
      "\xaf\xe2\x0e\x60\x32\xd6\xc9\x38\xe7\x58\xd3\x38\x7b\x77\xc4\x52\x5a\x1b"
      "\x43\xa9\xa4\x89\x89\x37\x23\x63\x60\x28\x5e\xa8\xf2\x9c\x83\x4d\x9c\xf1"
      "\x57\x0d\x6c\xba\x6f\x02\xc1\x1a\x32\x7a\x7e\x4f\xb3\x25\x16\x08\x0c\x28"
      "\x35\xa9\x6a\x6d\x91\xcc\xdf\x43\x40\x90\x7b\x3f\x98\xd3\x68\x84\x4e\x5f"
      "\x32\x1c\x55\xd8\x81\x45\xe6\xc6\x31\xc8\xe5\xec\x40\xbe\x3c\xbd\x97\xd6"
      "\xdd\x30\x68\x3d\x39\x74\xd4\xab\x0f\xa5\xef\xc9\xce\xee\xbc\xf7\x7b\x43"
      "\x89\xf3\xee\xa5\x4b\x03\x6b\x3c\x62\xdc\x86\xef\x8f\x9d\x09\x7e\x05\x04"
      "\xeb\x52\x55\x6a\xc4\xed\xde\x9c\x00\x7d\x46\x49\xfb\x1c\x0e\x73\xf8\xaa"
      "\x17\xcb\x50\x37\x53\x5b\xc8\xbd\x33\x73\x2f\x9c\xfa\xf7\xb7\x93\x47\x06"
      "\xfd\x37\xf1\x40\x1c\xdc\xec\x02\xbb\xf4\xf2\xf6\x6a\x5c\x26\x11\x0e\x80"
      "\xe4\xc3\x1f\x7c\xc5\xbd\x76\x7d\x39\x3e\x15\xfb\xfa\xba\xb2\x3d\xe3\x9c"
      "\x62\x0e\xed\x12\x23\xf6\xfe\x40\x68\x7c\x6f\x9a\x8f\xec\xd4\x46\xdd\x3c"
      "\x25\xf5\x19\x89\xf5\xf4\x4f\x61\x79\x7b\xbd\x07\x86\xb1\x5b\xce\xbf\x72"
      "\x8c\xec\xb5\x6b\xa8\x5f\x16\xa6\x7e\x5a\x24\x40\x9f\xf7\x22\xc3\xc2\x76"
      "\x9c\xd6\xa9\x08\xa0\x1f\x8c\x29\xe0\x41\xad\xa5\x8b\x0b\x56\xdf\xbd\xc9"
      "\x14\x9c\x55\x4f\xe4\xff\x77\xf1\x31\x3e\x48\xee\x68\x1b\xe9\x38\xd3\x83"
      "\x1b\xb3\x2a\x9d\x73\x80\xff\x96\x60\x04\x54\xcf\x56\x1e\xb0\x88\x39\xd8"
      "\x12\x8d\xc2\x5b\x28\x40\xd7\xea\x6b\xe1\xa3\x17\x42\x35\x18\x9c\x6c\xb2"
      "\x48\x4b\x11\x9c\xd5\x03\xbd\x47\xcb\x02\xc0\x19\x65\x33\x08\x13\x89\x32"
      "\xd7\xe6\xba\x8e\x33\x0f\x88\x81\x09\x75\x7f\x6f\x85\x68\x9b\x86\xcf\x3d"
      "\x9d\xa9\x7e\xe8\x1c\x6c\xbe\x8b\xc3\xf0\x71\x2a\x12\xb0\x1e\x63\x52\x15"
      "\xa1\x02\x0a\x3d\x2b\x0e\x75\x62\x7f\x52\xfd\xe9\x5e\x01\x70\x55\xe4\x1e"
      "\x17\xbd\xf0\xa4\xd7\xe1\xcd\xbf\x80\x79\x75\x96\x77\xa1\x02\xc8\xd9\xe0"
      "\x48\xb0\x82\x21\x0e\x23\x46\x73\x60\x86\x22\xce\xa7\x05\x20\x7e\x82\x93"
      "\xed\xbf\x4a\x7f\x35\x29\x81\x23\x22\x01\x38\xe4\xf1\xd2\xff\xbc\xd9\x68"
      "\xa9\x5c\x18\xeb\xfa\x26\xc3\xfc\x63\x37\x4f\x4b\x20\x7c\xd7\x43\xb2\xe8"
      "\x92\xcc\x22\x52\x26\x8f\x2e\x9b\x20\x81\x6b\x6e\x68\xae\x63\x6d\x20\xa3"
      "\x3b\xf1\x0f\x62\xb5\x14\xa4\xd2\x33\x42\x4d\x5f\xd7\xdc\xad\x78\x83\x7c"
      "\xcf\x62\x58\x80\xe4\x00\xc9\xf4\x9b\x12\x03\x01\x0b\x4f\x34\x7f\x8d\xe2"
      "\xa6\xc3\x87\x52\x87\x7e\xee\x3a\xd5\x77\x42\xad\xa8\xe5\x6a\x6e\xb3\xbc"
      "\x63\x01\x7a\xd2\xea\x17\x89\x3f\xce\x93\x3c\x56\x8a\x02\x70\xb7\x85\x44"
      "\x37\xdc\x5e\x39\x82\xbc\x39\xab\x9c\xd4\xe4\xb4\x83\x78\xfe\x6c\x38\xe4"
      "\xe8\x44\x84\x9f\x69\x80\xc8\xce\x53\x8b\x0b\xe1\xf0\x5b\xb3\xb9\xd4\x9f"
      "\xa8\x8a\x59\x36\x13\x7e\xb1\x88\x6a\x3a\x5e\x40\x93\x6f\xfc\x73\x93\x3b"
      "\xea\x53\x6a\xbe\x3f\x8e\xc6\xae\x86\x4c\xd4\x64\x90\xc3\x18\x2a\xf2\x25"
      "\xbd\xf2\xa1\xfd\xd1\xdd\x91\x0f\x09\x41\xd9\x60\xe2\xc8\x37\x7e\x6a\x8d"
      "\x65\x14\x2f\xd3\x7c\x88\x8d\xde\x33\x8c\x6a\x8c\x7b\x33\x93\xc8\x6e\x02"
      "\x22\xc3\x61\x57\x4e\x6c\xe4\x6f\xb4\x36\x44\xce\xd9\xa8\xb3\xcc\x7a\x84"
      "\x0e\xc0\xa6\x79\x79\x67\x0d\x4e\xe2\x83\x30\xf7\x5c\xff\xfe\x0f\x43\x5a"
      "\xf2\x57\x3e\xfc\x65\x39\x48\x04\x17\x3e\x1b\x9d\x45\xc2\xd8\xe0\x77\x4b"
      "\xbf\x45\xa4\x0c\x39\x9e\xdb\x8a\xc4\xcc\x7b\x69\x3b\x3b\x9d\x76\xe7\x9b"
      "\x31\x91\x84\x93\x49\x68\x9b\x21\xab\x3c\x0e\x19\x2c\x82\x39\xb9\xe6\xb7"
      "\xc8\xe8\x61\x6e\x65\x3e\xff\xaf\x0c\x5b\x66\x7b\x48\x4b\x97\xc8\x1d\xca"
      "\x55\x70\x7f\x8a\x56\x4b\x77\x4e\x5d\xef\x06\xa9\x93\xe7\xc5\x2b\xcb\xf9"
      "\x3d\x03\x60\xe0\x01\x9c\x4e\x82\x39\xa0\x78\xb8\x14\xa5\xbc\x96\xf7\x8e"
      "\x65\xb1\xfd\xcb\x7d\xea\x6c\x7a\x03\x5e\x86\xac\xcf\x61\x4b\xa4\x8c\x65"
      "\xac\xd4\xa5\xb0\x57\x1c\x41\x08\x6e\x94\x79\x5b\x47\x71\xa0\x39\xe3",
      1025);
  *(uint64_t*)0x20003028 = 0;
  *(uint64_t*)0x20003030 = 0;
  *(uint64_t*)0x20003038 = 0;
  *(uint64_t*)0x20003040 = 2;
  *(uint64_t*)0x20003048 = 0;
  *(uint64_t*)0x20003050 = 0;
  *(uint64_t*)0x20003058 = 0;
  *(uint64_t*)0x20003060 = 0;
  *(uint64_t*)0x20003068 = 0;
  *(uint64_t*)0x20003070 = 0;
  *(uint64_t*)0x20003078 = 0;
  *(uint64_t*)0x20003080 = 0x1000;
  *(uint64_t*)0x20003088 = 0;
  *(uint64_t*)0x20003090 = 0;
  *(uint64_t*)0x20003098 = 0;
  *(uint64_t*)0x200030a0 = 0;
  *(uint64_t*)0x200030a8 = 0;
  *(uint64_t*)0x200030b0 = 0;
  *(uint64_t*)0x200030b8 = 0;
  *(uint64_t*)0x200030c0 = 0;
  *(uint64_t*)0x200030c8 = 0;
  *(uint64_t*)0x200030d0 = 0;
  *(uint64_t*)0x200030d8 = 0;
  *(uint64_t*)0x200030e0 = 0;
  *(uint64_t*)0x200030e8 = 0;
  *(uint64_t*)0x200030f0 = 0;
  *(uint64_t*)0x200030f8 = 0;
  *(uint64_t*)0x20003100 = 0;
  *(uint64_t*)0x20003108 = 0;
  *(uint64_t*)0x20003110 = 0;
  *(uint64_t*)0x20003118 = 0;
  *(uint64_t*)0x20003120 = 0;
  *(uint64_t*)0x20003128 = 0;
  *(uint64_t*)0x20003130 = 0;
  *(uint64_t*)0x20003138 = 0;
  *(uint64_t*)0x20003140 = 0;
  *(uint64_t*)0x20003148 = 0;
  *(uint64_t*)0x20003150 = 0;
  *(uint64_t*)0x20003158 = 0;
  *(uint64_t*)0x20003160 = 0;
  *(uint64_t*)0x20003168 = 0;
  *(uint64_t*)0x20003170 = 0;
  *(uint64_t*)0x20003178 = 0;
  *(uint64_t*)0x20003180 = 0;
  *(uint64_t*)0x20003188 = 0;
  *(uint64_t*)0x20003190 = 0;
  *(uint64_t*)0x20003198 = 0;
  *(uint64_t*)0x200031a0 = 0;
  *(uint64_t*)0x200031a8 = 0;
  *(uint64_t*)0x200031b0 = 0;
  *(uint64_t*)0x200031b8 = 0;
  *(uint64_t*)0x200031c0 = 0;
  *(uint64_t*)0x200031c8 = 0;
  *(uint64_t*)0x200031d0 = 0;
  *(uint64_t*)0x200031d8 = 0;
  *(uint64_t*)0x200031e0 = 0;
  *(uint64_t*)0x200031e8 = 0;
  *(uint64_t*)0x200031f0 = 0;
  *(uint64_t*)0x200031f8 = 0;
  *(uint64_t*)0x20003200 = 0;
  *(uint64_t*)0x20003208 = 0;
  *(uint64_t*)0x20003210 = 0;
  *(uint64_t*)0x20003218 = 0;
  *(uint64_t*)0x20003220 = 0;
  syscall(__NR_ioctl, -1, 0xca289435, 0x20002800ul);
  syscall(__NR_io_uring_enter, r[0], 0x700d, 0, 0ul, 0ul, 0ul);
}
int main(void)
{
  syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
  syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
  syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
  loop();
  return 0;
}