// https://syzkaller.appspot.com/bug?id=3c1f47967b7cbd399d3ba3e65f297a29aa1c5f92
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>

static uintptr_t syz_open_dev(uintptr_t a0, uintptr_t a1, uintptr_t a2)
{
  if (a0 == 0xc || a0 == 0xb) {
    char buf[128];
    sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
            (uint8_t)a2);
    return open(buf, O_RDWR, 0);
  } else {
    char buf[1024];
    char* hash;
    strncpy(buf, (char*)a0, sizeof(buf));
    buf[sizeof(buf) - 1] = 0;
    while ((hash = strchr(buf, '#'))) {
      *hash = '0' + (char)(a1 % 10);
      a1 /= 10;
    }
    return open(buf, a2, 0);
  }
}

uint64_t r[1] = {0xffffffffffffffff};
void loop()
{
  long res;
  memcpy((void*)0x20265ff7, "/dev/sg#", 9);
  res = syz_open_dev(0x20265ff7, 0, 2);
  if (res != -1)
    r[0] = res;
  memcpy((void*)0x20000340,
         "\x50\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07"
         "\x00\x00\x9b\x9e\x00\x00\xc0\xc7\x56\x65\xc1\xcf\xee\x1a\xe7\xf3\xc6"
         "\xc7\xce\x9f\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x00"
         "\x91\xaf\xa0\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00"
         "\x3e\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa6\x78\xea\x99\xef\xb9\xb8"
         "\x2d\x7a\xf1\x28\xe5\x7e\xf8\x03\x79\x18\xf5\xe0\x5e\xa0\xec\xac\x53"
         "\x4b\xc6\x31\xfe\x62\xfb\x68\xdd\x2e\x4b\x9a\xe4\x57\x8c\x46\x56\xf2"
         "\x0a\xfe\x4c\xe9\xc9\xe0\xc4\xbd\x0c\xbd\xf6\xf6\x57\x4c\xf0\x25\xfe"
         "\xa8\x4c\x48\x1d\xe0\x80\xc5\x33\x7b\x21\x87\xd9\xfa\x4b\x25\x9f\x02"
         "\xc6\x96\x51\xcd\x60\xb0\x75\x87\x01\xed\xce\x88\x38\x01\x39\xf9\xab"
         "\x49\x67\xf3\x07\x58\xa3\xfe\x87\x22\x98\xc5\xfb\x4c\x3e\x9d\x21\x8d"
         "\xf7\x9a\x46\x6c\xe2\x9d\x53\x0d\xb8\xb5\x6c\x31\xc9\xf0\xdc\x4c\x36"
         "\xf0\x6a\x97\xd8\xaa\x40\xf8\x92\x0a\xd5\x2c\xc0\x25\x30\x71\x51\x30"
         "\xad\xa8\x08\xdb\xfe\xff\x92\x3c\x9d\xda\xbe\xbf\x4b\x25\x46\x43\x9e"
         "\x51\x1c\x28\x9c\x5e\x2d\xc7\x70\xb1\x00\xe6\x8a\xc5\xd1\xab\x8c\x3f"
         "\x48\x3e\xb2\x11\x3a\xff\xa2\x11\xf3\x6e\xf0\x1e\x27\xf6\xef\x21\x85"
         "\xaf\x24\xdd\x63\x1b\xc5\xa0\x6d\xc0\x73\xb2\x73\x73\x65\x4c\x94\xaf"
         "\x56\x1a\x8e\xa3\x2d\x02\x8e\xe3\x7e\x69\xc7\xca\x8a\x1c\x83\xde\xea"
         "\xf3\xb1\x4b\x8a\xd3\x34\x29\xcf\xca\x04\x98\xcb\x4b\x0b\x64\x98\x19"
         "\x15\xa3\x1a\xde\x18\x66\xcd\x9d\x0d\x63\x77\xa1\x4b\xee\xb3\x97\xce"
         "\xf7\x12\xbd\xd0\xa3\x53\xd2\x77\x69\xe0\x19\x23\x9b\x32\x5d\xf0\xde"
         "\xfa\xd6\x6b\xa3\x6a\x93\x57\x83\x99\x22\x38\xdd\xd0",
         370);
  syscall(__NR_write, r[0], 0x20000340, 0x172);
  syscall(__NR_read, r[0], 0x20000100, 0x316);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  loop();
  return 0;
}