// https://syzkaller.appspot.com/bug?id=51090769c65cf520c04c906adc2ac776b91c792a
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>

static uintptr_t syz_open_procfs(uintptr_t a0, uintptr_t a1)
{

  char buf[128];
  memset(buf, 0, sizeof(buf));
  if (a0 == 0) {
    snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1);
  } else if (a0 == (uintptr_t)-1) {
    snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1);
  } else {
    snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1);
  }
  int fd = open(buf, O_RDWR);
  if (fd == -1)
    fd = open(buf, O_RDONLY);
  return fd;
}

uint64_t r[1] = {0xffffffffffffffff};
void loop()
{
  long res = 0;
  memcpy(
      (void*)0x200004c0,
      "\x73\x74\x61\x63\x6b\x00\xda\x1b\x4b\x54\x7f\x2a\x3b\xcb\xdf\x28\x04\x79"
      "\x62\x41\x2c\xb3\xe8\x9d\x29\x7e\x6d\xac\x7b\x73\xec\x67\x5e\xe9\x19\xb4"
      "\x29\x8d\xa2\xb9\x34\xdd\x67\xf6\x34\x72\x81\xd2\x56\xe6\xe5\xd6\x53\x83"
      "\xf7\x26\x15\x7a\xd2\x2c\xfa\xd7\x8b\x7e\x6e\xad\x78\x7e\xe0\x09\x2d\x81"
      "\x9a\x7a\xa3\x93\x55\x11\x44\x0c\x20\x4c\x59\x6c\xa5\xd5\x66\xd5\x11\x67"
      "\x32\x0b\x40\xa1\x85\xab\x08\x3e\x63\xa8\xbb\xf6\x9c\xf7\xa2\x5b\xb7\xbd"
      "\x32\xcd\xd0\xc6\x78\xaf\xe0\x30\x0f\xa4\xf1\x09\xc1\x60\xaf\x09\x16\xfe"
      "\x1c\x1d\xce\x0d\x7a\x64\x8f\xf6\x94\x20\x72\xb7\xaa\x4d\x90\x08\xc0\x5a"
      "\x2d\xbd\x85\x2c\xe3\x31\xb3\xec\xb6\x46\xe2\x2d\xaa\x0d\x78\xcb\xb1\x71"
      "\xad\xd7\x1f\xf7\x1b\x8f\x9b\x8f\x92\x97\x6e\x57\xe4\x52\xc4\x5b\x9b\xf2"
      "\x9a\xe0\xf2\x23\x33\xe2\xb3\xcd\x5b\xde\xfd\x4a\x55\x67\x2b\x87\x24\xf5"
      "\x41\xd7\xed\x57\x64\x7f\x48\xe7\x30\x04\x5f\xaa\x1d\x0e\x2a\x09\x43\xb2"
      "\xca\x5c\x4d\xf6\x09\x3f\xa9\x1b\x10\x83\xfd\xbe\x1e\x9a\xf7\xa4\x44\x1a"
      "\x07\xb6\xd4\x88\x8f\xd9\x10\x4b\xe4\xb9\xa7\x8d\x08\x2f\x8f\x8a\xc5\x4d"
      "\x04\x42\x43\x35\x81\x8a\x38\x3a\x5b\x59\x8a\xb8\xaa\x91\xb7\x38\xdb\xb6"
      "\x52\x4a\xb1\x44\xa6\x36\x8b\x9a\x90\x87\x51\xb0\x21\x36\x4c\xcf\xd5\xec"
      "\x95\x60\xcc\x60\x38\x7e\x84\x69\x52\x2d\x6c\x49\xb3\x4e\xf5\xf0\x1f\x46"
      "\xc2\xcf\xae\x5a\xcf\xf5\x64\xce\x22\xc2\xf7\x73\x27\xb1\xdd\x04\xcf\x63"
      "\xc6\x16\x61\x5d\x44\x76\x62\xdc\x6f\x38\x04\xc9\x50\x9d\x66\x2e\x3e\x38"
      "\x4d\x09\xd7\x11\x95\xf3\x8e\x53\x94\xaf\xbe\x61\x82\x89\x48\x4b\xe4\xd0"
      "\x4d\x9c\x25\x4d\x8e\x2b\xe4\x00\x79\x94\x5f\x34\x45\x40\xa0\xcc\x65",
      377);
  res = syz_open_procfs(0, 0x200004c0);
  if (res != -1)
    r[0] = res;
  *(uint64_t*)0x20002300 = 0x20000000;
  *(uint64_t*)0x20002308 = 0x60;
  *(uint64_t*)0x20002310 = 0x20002400;
  *(uint64_t*)0x20002318 = 0xf7;
  syscall(__NR_preadv, r[0], 0x20002300, 2, 0);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}