// https://syzkaller.appspot.com/bug?id=8f063539d4ecf1faf3132624b57a641e923ee25a
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

static long syz_open_dev(long a0, long a1, long a2)
{
  if (a0 == 0xc || a0 == 0xb) {
    char buf[128];
    sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
            (uint8_t)a2);
    return open(buf, O_RDWR, 0);
  } else {
    char buf[1024];
    char* hash;
    strncpy(buf, (char*)a0, sizeof(buf) - 1);
    buf[sizeof(buf) - 1] = 0;
    while ((hash = strchr(buf, '#'))) {
      *hash = '0' + (char)(a1 % 10);
      a1 /= 10;
    }
    return open(buf, a2, 0);
  }
}

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  long res = 0;
  memcpy((void*)0x20000080, "/dev/kvm", 9);
  res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000080, 0, 0);
  if (res != -1)
    r[0] = res;
  res = syscall(__NR_ioctl, r[0], 0xae01, 0);
  if (res != -1)
    r[1] = res;
  res = syscall(__NR_ioctl, r[1], 0xae41, 0);
  if (res != -1)
    r[2] = res;
  syscall(__NR_ioctl, r[2], 0xc080aebe, 0x20000100);
  *(uint32_t*)0x20000140 = 0x52;
  *(uint8_t*)0x20000144 = 0x7d;
  *(uint16_t*)0x20000145 = 1;
  *(uint16_t*)0x20000147 = 0;
  *(uint16_t*)0x20000149 = 0x4b;
  *(uint16_t*)0x2000014b = 0xfff9;
  *(uint32_t*)0x2000014d = 3;
  *(uint8_t*)0x20000151 = 0;
  *(uint32_t*)0x20000152 = 1;
  *(uint64_t*)0x20000156 = 1;
  *(uint32_t*)0x2000015e = 0x1000000;
  *(uint32_t*)0x20000162 = 3;
  *(uint32_t*)0x20000166 = 8;
  *(uint64_t*)0x2000016a = 7;
  *(uint16_t*)0x20000172 = 8;
  memcpy((void*)0x20000174, "+ppp1+%{", 8);
  *(uint16_t*)0x2000017c = 0xd;
  memcpy((void*)0x2000017e, "nodeveth0em0)", 13);
  *(uint16_t*)0x2000018b = 0;
  *(uint16_t*)0x2000018d = 3;
  memcpy((void*)0x2000018f, "lo/", 3);
  syscall(__NR_write, -1, 0x20000140, 0x52);
  syscall(__NR_getsockopt, -1, 1, 0x19, 0x20000080, 0x10);
  memcpy((void*)0x200003c0, "./file0", 8);
  syscall(__NR_stat, 0x200003c0, 0x20000400);
  memcpy((void*)0x200015c0,
         "\x76\x65\x74\x68\x31\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00",
         16);
  syscall(__NR_setsockopt, -1, 1, 0x19, 0x200015c0, 0xb);
  memcpy((void*)0x20000040,
         "\x76\x65\x74\x68\x31\x5f\x74\x6f\x5f\x62\x6f\x6e\x64\x00\x00\x00",
         16);
  syscall(__NR_setsockopt, -1, 1, 0x19, 0x20000040, 0x10);
  memcpy((void*)0x20000000, "/dev/dsp#", 10);
  syz_open_dev(0x20000000, 7, 0x4080);
  *(uint32_t*)0x20000100 = 8;
  syscall(__NR_getsockopt, -1, 0x84, 2, 0x200000c0, 0x20000100);
  *(uint32_t*)0x200001c0 = 0;
  *(uint32_t*)0x200001c4 = 0x64;
  *(uint64_t*)0x200001c8 = 0x20000140;
  *(uint16_t*)0x20000140 = 0xa;
  *(uint16_t*)0x20000142 = htobe16(0x4e24);
  *(uint32_t*)0x20000144 = 0xffffff00;
  *(uint8_t*)0x20000148 = 0xfe;
  *(uint8_t*)0x20000149 = 0x80;
  *(uint8_t*)0x2000014a = 0;
  *(uint8_t*)0x2000014b = 0;
  *(uint8_t*)0x2000014c = 0;
  *(uint8_t*)0x2000014d = 0;
  *(uint8_t*)0x2000014e = 0;
  *(uint8_t*)0x2000014f = 0;
  *(uint8_t*)0x20000150 = 0;
  *(uint8_t*)0x20000151 = 0;
  *(uint8_t*)0x20000152 = 0;
  *(uint8_t*)0x20000153 = 0;
  *(uint8_t*)0x20000154 = 0;
  *(uint8_t*)0x20000155 = 0;
  *(uint8_t*)0x20000156 = 0;
  *(uint8_t*)0x20000157 = 0x1b;
  *(uint32_t*)0x20000158 = 6;
  *(uint16_t*)0x2000015c = 2;
  *(uint16_t*)0x2000015e = htobe16(0x4e21);
  *(uint32_t*)0x20000160 = htobe32(-1);
  *(uint8_t*)0x20000164 = 0;
  *(uint8_t*)0x20000165 = 0;
  *(uint8_t*)0x20000166 = 0;
  *(uint8_t*)0x20000167 = 0;
  *(uint8_t*)0x20000168 = 0;
  *(uint8_t*)0x20000169 = 0;
  *(uint8_t*)0x2000016a = 0;
  *(uint8_t*)0x2000016b = 0;
  *(uint16_t*)0x2000016c = 0xa;
  *(uint16_t*)0x2000016e = htobe16(0x4e22);
  *(uint32_t*)0x20000170 = 0xfffffe00;
  *(uint8_t*)0x20000174 = 0xfe;
  *(uint8_t*)0x20000175 = 0x80;
  *(uint8_t*)0x20000176 = 0;
  *(uint8_t*)0x20000177 = 0;
  *(uint8_t*)0x20000178 = 0;
  *(uint8_t*)0x20000179 = 0;
  *(uint8_t*)0x2000017a = 0;
  *(uint8_t*)0x2000017b = 0;
  *(uint8_t*)0x2000017c = 0;
  *(uint8_t*)0x2000017d = 0;
  *(uint8_t*)0x2000017e = 0;
  *(uint8_t*)0x2000017f = 0;
  *(uint8_t*)0x20000180 = 0;
  *(uint8_t*)0x20000181 = 0;
  *(uint8_t*)0x20000182 = 0;
  *(uint8_t*)0x20000183 = 0x1f;
  *(uint32_t*)0x20000184 = 0x20;
  *(uint16_t*)0x20000188 = 0xa;
  *(uint16_t*)0x2000018a = htobe16(0x4e24);
  *(uint32_t*)0x2000018c = 6;
  *(uint8_t*)0x20000190 = -1;
  *(uint8_t*)0x20000191 = 1;
  *(uint8_t*)0x20000192 = 0;
  *(uint8_t*)0x20000193 = 0;
  *(uint8_t*)0x20000194 = 0;
  *(uint8_t*)0x20000195 = 0;
  *(uint8_t*)0x20000196 = 0;
  *(uint8_t*)0x20000197 = 0;
  *(uint8_t*)0x20000198 = 0;
  *(uint8_t*)0x20000199 = 0;
  *(uint8_t*)0x2000019a = 0;
  *(uint8_t*)0x2000019b = 0;
  *(uint8_t*)0x2000019c = 0;
  *(uint8_t*)0x2000019d = 0;
  *(uint8_t*)0x2000019e = 0;
  *(uint8_t*)0x2000019f = 1;
  *(uint32_t*)0x200001a0 = 6;
  *(uint32_t*)0x20000200 = 0x10;
  syscall(__NR_getsockopt, -1, 0x84, 0x6f, 0x200001c0, 0x20000200);
  memcpy((void*)0x20001500, "/dev/infiniband/rdma_cm", 24);
  syscall(__NR_openat, 0xffffffffffffff9c, 0x20001500, 2, 0);
  return 0;
}