// https://syzkaller.appspot.com/bug?id=8bf9a9a2638fc9e95348d4398decb1b5c80beecb
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

long r[26];
void loop()
{
  memset(r, -1, sizeof(r));
  r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
                 0xfffffffffffffffful, 0x0ul);
  r[1] = syscall(__NR_pipe, 0x20d20000ul);
  if (r[1] != -1)
    r[2] = *(uint32_t*)0x20d20000;
  if (r[1] != -1)
    r[3] = *(uint32_t*)0x20d20004;
  r[4] = syscall(__NR_socket, 0x2ul, 0x1ul, 0x0ul);
  *(uint64_t*)0x204ca000 = (uint64_t)0x206e0000;
  *(uint64_t*)0x204ca008 = (uint64_t)0x0;
  *(uint64_t*)0x204ca010 = (uint64_t)0x204c0000;
  *(uint64_t*)0x204ca018 = (uint64_t)0x0;
  *(uint64_t*)0x204ca020 = (uint64_t)0x2055a000;
  *(uint64_t*)0x204ca028 = (uint64_t)0x0;
  *(uint64_t*)0x204ca030 = (uint64_t)0x203a8000;
  *(uint64_t*)0x204ca038 = (uint64_t)0x0;
  *(uint64_t*)0x204ca040 = (uint64_t)0x20766f99;
  *(uint64_t*)0x204ca048 = (uint64_t)0x0;
  *(uint64_t*)0x204ca050 = (uint64_t)0x20666000;
  *(uint64_t*)0x204ca058 = (uint64_t)0x0;
  *(uint64_t*)0x204ca060 = (uint64_t)0x20e41000;
  *(uint64_t*)0x204ca068 = (uint64_t)0x0;
  *(uint64_t*)0x204ca070 = (uint64_t)0x20104000;
  *(uint64_t*)0x204ca078 = (uint64_t)0x0;
  *(uint64_t*)0x204ca080 = (uint64_t)0x20650000;
  *(uint64_t*)0x204ca088 = (uint64_t)0xf8;
  memcpy((void*)0x20650000,
         "\x02\x8a\x32\x77\x5e\xe4\x64\x98\x31\x7f\x48\xa9\xdb\xae\xfb"
         "\xae\x20\x04\xed\xff\x2f\x08\x03\xfb\xc4\xb3\xc2\xaf\x7c\xa8"
         "\xaa\x96\x3c\xc6\x55\x86\xae\x0c\x5c\x86\xac\x79\xfb\x3c\xc7"
         "\x2e\x73\xb8\xb6\xfc\x66\xdb\xba\xf8\x78\x35\xee\xf4\xe7\xcc"
         "\x62\xbe\x1a\xa5\x71\x3c\x57\x70\x95\x39\xd2\xd5\x60\xef\xb8"
         "\xdf\x50\x8c\x3a\x41\x04\xf2\x80\x81\xb2\x0e\xa7\x33\xed\xa3"
         "\xdb\x1a\xea\x7c\xe6\xd9\x75\xcd\xa3\xc8\xe1\x3a\x5e\xa5\x66"
         "\xe3\x2c\x07\x69\x4c\xe8\xce\x60\x84\x25\x15\x5f\x54\x59\x0d"
         "\xa8\x86\xc0\xf6\x4c\x3b\x95\xbf\x2e\x74\x26\xf3\x7a\x68\x04"
         "\xc1\x8d\x55\x80\xa7\xed\xd7\xf8\xa9\xc7\x85\x5f\x58\xfd\x9b"
         "\x99\xf3\xec\xfc\xc7\x75\xd0\x48\xdc\xe1\x8f\x6a\x97\x29\x81"
         "\xcc\x4b\x76\xb4\x09\x6c\x59\xbb\xf1\xc9\x79\xc8\x97\xcf\xda"
         "\x9b\x40\x59\x01\xa3\x8d\xba\x1b\x56\x4f\xeb\x3c\xeb\x8a\x7f"
         "\x05\xfa\xb5\x40\xd4\xff\x98\x8e\xc7\x92\x9b\xff\x26\x2b\x06"
         "\x53\xbd\x51\x10\x9d\xeb\x27\x4b\xa5\x4d\xeb\x26\x53\x61\xc8"
         "\xaf\x17\x0c\xef\x81\x30\xf6\xce\x93\x12\x58\xac\xa6\x2f\x58"
         "\x21\xab\x3c\xce\xc6\x24\x16\x21",
         248);
  r[24] = syscall(__NR_writev, r[3], 0x204ca000ul, 0x9ul);
  r[25] = syscall(__NR_splice, r[2], 0x0ul, r[4], 0x0ul, 0x1ful, 0x0ul);
}

int main()
{
  loop();
  return 0;
}