// https://syzkaller.appspot.com/bug?id=9c557bdc7328e1ab4f0325699da821c22e47ab93
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

long r[22];
void loop()
{
  memset(r, -1, sizeof(r));
  r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
                 0xfffffffffffffffful, 0x0ul);
  r[1] = syscall(__NR_pipe, 0x20d20000ul);
  if (r[1] != -1)
    r[2] = *(uint32_t*)0x20d20000;
  if (r[1] != -1)
    r[3] = *(uint32_t*)0x20d20004;
  r[4] = syscall(__NR_socket, 0x2ul, 0x1ul, 0x0ul);
  *(uint64_t*)0x20b9cf90 = (uint64_t)0x20fd6000;
  *(uint64_t*)0x20b9cf98 = (uint64_t)0x0;
  *(uint64_t*)0x20b9cfa0 = (uint64_t)0x20e2b000;
  *(uint64_t*)0x20b9cfa8 = (uint64_t)0x0;
  *(uint64_t*)0x20b9cfb0 = (uint64_t)0x200c7000;
  *(uint64_t*)0x20b9cfb8 = (uint64_t)0x0;
  *(uint64_t*)0x20b9cfc0 = (uint64_t)0x202af000;
  *(uint64_t*)0x20b9cfc8 = (uint64_t)0x0;
  *(uint64_t*)0x20b9cfd0 = (uint64_t)0x20ad4f27;
  *(uint64_t*)0x20b9cfd8 = (uint64_t)0x0;
  *(uint64_t*)0x20b9cfe0 = (uint64_t)0x20a07000;
  *(uint64_t*)0x20b9cfe8 = (uint64_t)0x0;
  *(uint64_t*)0x20b9cff0 = (uint64_t)0x20dc9000;
  *(uint64_t*)0x20b9cff8 = (uint64_t)0xe8;
  memcpy((void*)0x20dc9000,
         "\xf6\xe5\xbe\x28\x43\x23\xe1\x23\x85\xfd\x96\x53\x99\x11\x7c"
         "\xcc\xf5\x42\xda\x7a\x81\xab\xcb\x65\x97\x09\xf4\x19\x1d\xe1"
         "\xd1\x96\x27\x38\x27\x73\x19\x48\x85\xaa\xef\xca\x84\x6d\xa3"
         "\x1c\x3a\xd4\xab\x1a\x2d\x92\x34\x3d\x00\x26\xcf\xc9\xa8\x4a"
         "\x35\x9d\xde\xb5\xa4\xab\x47\xaf\x45\x3d\xc5\x7f\x1c\x25\x5a"
         "\xfe\x49\x6b\x79\x8b\xf7\x20\x36\x2d\xd1\x6f\x4b\x94\x66\x25"
         "\xbc\x40\x49\x74\x8d\xd5\x26\x93\x00\xa9\xc0\x2b\x30\x0a\x77"
         "\x40\x8d\x9c\xd1\x5e\x00\x8d\x70\xa5\x43\x47\x4b\x91\xd5\x71"
         "\xf4\x6c\x67\xe8\x33\xff\xac\xfd\x9a\x63\xfe\x6f\xc7\x7f\xf3"
         "\xa8\xdb\xef\x6e\x21\x2a\x0a\xd6\x46\x20\xe2\x4c\x2a\xb4\xcc"
         "\xd4\x77\x44\x95\x29\x51\x2b\xa4\x3b\x6c\x05\x0e\xe5\xff\x8a"
         "\xe8\xa2\xab\x4d\x53\x77\x71\x69\x7c\xe3\x69\x98\x29\xf4\x51"
         "\xf6\x1d\xf9\xaa\xba\x17\x48\x7e\x13\x1e\x6c\xb3\x31\x85\x8f"
         "\xf1\xab\x2a\xfc\x30\x16\x19\x10\x40\x5b\x21\xec\x14\xb1\x58"
         "\x6d\xf8\xe7\x11\x13\x22\xda\xde\x27\x19\x80\x43\x83\x15\xb1"
         "\x0a\xd7\xd1\x70\x3d\x2e\x85",
         232);
  r[20] = syscall(__NR_vmsplice, r[3], 0x20b9cf90ul, 0x7ul, 0x2ul);
  r[21] = syscall(__NR_splice, r[2], 0x0ul, r[4], 0x0ul, 0x1ful, 0x0ul);
}

int main()
{
  loop();
  return 0;
}