// https://syzkaller.appspot.com/bug?id=2bf7e8a31b3d0f4a606a861ed1e76926d628617f
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  long res = 0;
  res = syscall(__NR_pipe, 0x200000c0);
  if (res != -1) {
    r[0] = *(uint32_t*)0x200000c0;
    r[1] = *(uint32_t*)0x200000c4;
  }
  memcpy((void*)0x20000000,
         "\x08\x93\xb6\x58\x02\x52\xdb\xb4\x83\xb9\x6f\xd8\x09\x88\xdd\x3e\xc8"
         "\xa4\x00\x47\x88\x08\x02\x3b\x37\x02\x12\x84\xb0\x7c\x64\x1a\x97\x08"
         "\xa0\x4f\x66\x54\xe2\x99\xbf\x7c\x1b\x7b\x4a\xf0\x27\x96\x74\x2d\xd9"
         "\x02\x5f\x2b\x38\xa8\x50\x18\x8a\x9a\x9e\x19\xef\xd9\xa6\xdf\xf7\x15"
         "\x9a\x02\x92\xfd\xb0\x3a\x20\x5c\x28\x0a\x41\x04\x7a\xfe\x17\x1a\x03"
         "\xd5\x08\x27\x38\xba\xe0\x02\x1a\x9c\x5c\xca\xd2\x5d\xd6\x8e\x7a\x89"
         "\xac\x92\xee\xa2\x9a\xcf\x18\x05\x8a\x46\xd7\x5f\xd2\x32\xc2\xbf\xbf"
         "\x55\x2b\x37\x30\x74\xa8\x53\xd0\xb5\x40\x35\x19\x82\x86\x47\x68\x6d"
         "\x69\xf5\x19\x56\xa8\xea\xef\xbf\xcb\xed\x1a\xf3\x74\x15\x44\x81\xff"
         "\xc2\x32\xa9\xbe\x8e\x25\x1a\x3f\x3c",
         162);
  syscall(__NR_write, r[1], 0x20000000, 0xa2);
  syscall(__NR_close, r[1]);
  memcpy((void*)0x20000180, "/proc/thread-self/attr/exec", 28);
  syscall(__NR_openat, 0xffffffffffffff9c, 0x20000180, 2, 0);
  syscall(__NR_splice, r[0], 0, r[1], 0, 3, 0);
  memcpy((void*)0x20f80000, "./file0", 8);
  syscall(__NR_mknod, 0x20f80000, 0x1040, 0);
  memcpy((void*)0x20000400, "./file0", 8);
  syscall(__NR_execve, 0x20000400, 0x200003c0, 0x20000600);
  return 0;
}