// https://syzkaller.appspot.com/bug?id=3c1f47967b7cbd399d3ba3e65f297a29aa1c5f92
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>

static uintptr_t syz_open_dev(uintptr_t a0, uintptr_t a1, uintptr_t a2)
{
  if (a0 == 0xc || a0 == 0xb) {
    char buf[128];
    sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
            (uint8_t)a2);
    return open(buf, O_RDWR, 0);
  } else {
    char buf[1024];
    char* hash;
    strncpy(buf, (char*)a0, sizeof(buf));
    buf[sizeof(buf) - 1] = 0;
    while ((hash = strchr(buf, '#'))) {
      *hash = '0' + (char)(a1 % 10);
      a1 /= 10;
    }
    return open(buf, a2, 0);
  }
}

#ifndef __NR_readv
#define __NR_readv 145
#endif
#ifndef __NR_mmap
#define __NR_mmap 192
#endif
#ifndef __NR_write
#define __NR_write 4
#endif
#undef __NR_mmap
#define __NR_mmap __NR_mmap2

long r[1];
void loop()
{
  memset(r, -1, sizeof(r));
  syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0);
  memcpy((void*)0x20416ff7, "/dev/sg#", 9);
  r[0] = syz_open_dev(0x20416ff7, 0, 0x806);
  *(uint32_t*)0x20d84f40 = 0;
  *(uint32_t*)0x20d84f44 = 0;
  *(uint16_t*)0x20d84f48 = 3;
  *(uint16_t*)0x20d84f4a = 0xffa6;
  *(uint32_t*)0x20d84f4c = 9;
  *(uint32_t*)0x20d84f50 = 0x77359400;
  *(uint32_t*)0x20d84f54 = 0;
  *(uint16_t*)0x20d84f58 = 0x19;
  *(uint16_t*)0x20d84f5a = 6;
  *(uint32_t*)0x20d84f5c = 4;
  *(uint32_t*)0x20d84f60 = 0;
  *(uint32_t*)0x20d84f64 = 0x2710;
  *(uint16_t*)0x20d84f68 = 0xb28;
  *(uint16_t*)0x20d84f6a = 9;
  *(uint32_t*)0x20d84f6c = 9;
  *(uint32_t*)0x20d84f70 = 0x77359400;
  *(uint32_t*)0x20d84f74 = 0;
  *(uint16_t*)0x20d84f78 = 0x7f;
  *(uint16_t*)0x20d84f7a = 1;
  *(uint32_t*)0x20d84f7c = 0xfff;
  *(uint32_t*)0x20d84f80 = 0;
  *(uint32_t*)0x20d84f84 = 0;
  *(uint16_t*)0x20d84f88 = 0;
  *(uint16_t*)0x20d84f8a = 5;
  *(uint32_t*)0x20d84f8c = 7;
  *(uint32_t*)0x20d84f90 = 0;
  *(uint32_t*)0x20d84f94 = 0;
  *(uint16_t*)0x20d84f98 = 0x24c;
  *(uint16_t*)0x20d84f9a = 3;
  *(uint32_t*)0x20d84f9c = 0x80000000;
  *(uint32_t*)0x20d84fa0 = 0;
  *(uint32_t*)0x20d84fa4 = 0;
  *(uint16_t*)0x20d84fa8 = 6;
  *(uint16_t*)0x20d84faa = 0x13f9;
  *(uint32_t*)0x20d84fac = 0x7ff;
  *(uint32_t*)0x20d84fb0 = 0x77359400;
  *(uint32_t*)0x20d84fb4 = 0;
  *(uint16_t*)0x20d84fb8 = 0xc7;
  *(uint16_t*)0x20d84fba = 9;
  *(uint32_t*)0x20d84fbc = 8;
  syscall(__NR_write, r[0], 0x20d84f40, 0xc0);
  *(uint32_t*)0x20529fc0 = 0x205bcf71;
  *(uint32_t*)0x20529fc4 = 0;
  *(uint32_t*)0x20529fc8 = 0x2009d000;
  *(uint32_t*)0x20529fcc = 0;
  *(uint32_t*)0x20529fd0 = 0x2007a000;
  *(uint32_t*)0x20529fd4 = 0;
  *(uint32_t*)0x20529fd8 = 0x2039cfce;
  *(uint32_t*)0x20529fdc = 0x32;
  syscall(__NR_readv, r[0], 0x20529fc0, 4);
}

int main()
{
  loop();
  return 0;
}