// https://syzkaller.appspot.com/bug?id=17535f4bf5b322437f7c639b59161ce343fc55a9
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

static long syz_open_dev(long a0, long a1, long a2)
{
  if (a0 == 0xc || a0 == 0xb) {
    char buf[128];
    sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
            (uint8_t)a2);
    return open(buf, O_RDWR, 0);
  } else {
    char buf[1024];
    char* hash;
    strncpy(buf, (char*)a0, sizeof(buf) - 1);
    buf[sizeof(buf) - 1] = 0;
    while ((hash = strchr(buf, '#'))) {
      *hash = '0' + (char)(a1 % 10);
      a1 /= 10;
    }
    return open(buf, a2, 0);
  }
}

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  long res = 0;
  memcpy((void*)0x200000c0, "/dev/swradio#", 14);
  res = syz_open_dev(0x200000c0, 0, 2);
  if (res != -1)
    r[0] = res;
  *(uint32_t*)0x20000240 = 0;
  *(uint32_t*)0x20000244 = 9;
  *(uint32_t*)0x20000248 = 1;
  *(uint32_t*)0x20000250 = 0xb;
  *(uint32_t*)0x20000258 = 0;
  *(uint32_t*)0x2000025c = 0x1f;
  *(uint32_t*)0x20000260 = 0;
  *(uint32_t*)0x20000264 = 0;
  *(uint32_t*)0x20000268 = 0;
  *(uint32_t*)0x2000026c = 0;
  *(uint32_t*)0x20000270 = 0;
  *(uint32_t*)0x20000274 = 0;
  *(uint32_t*)0x20000278 = 0;
  *(uint32_t*)0x2000027c = 0;
  *(uint32_t*)0x20000280 = 0;
  *(uint32_t*)0x20000284 = 0;
  *(uint32_t*)0x20000320 = 0;
  *(uint32_t*)0x20000324 = 0;
  *(uint32_t*)0x20000328 = 0;
  *(uint32_t*)0x2000032c = 0;
  *(uint32_t*)0x20000330 = 0;
  *(uint32_t*)0x20000334 = 0;
  *(uint32_t*)0x20000338 = 0;
  *(uint32_t*)0x2000033c = 0;
  syscall(__NR_ioctl, r[0], 0xc100565c, 0x20000240);
  *(uint32_t*)0x20000100 = 2;
  *(uint32_t*)0x20000104 = 0x7fff;
  *(uint32_t*)0x20000108 = 4;
  *(uint32_t*)0x20000110 = 0xb;
  *(uint32_t*)0x20000118 = 0x30383653;
  *(uint32_t*)0x2000011c = 0xfc;
  *(uint8_t*)0x20000120 = 0;
  *(uint8_t*)0x20000121 = 0;
  *(uint8_t*)0x20000122 = 0;
  *(uint8_t*)0x20000123 = 0;
  *(uint8_t*)0x20000124 = 0;
  *(uint8_t*)0x20000125 = 0;
  *(uint8_t*)0x20000126 = 0;
  *(uint8_t*)0x20000127 = 0;
  *(uint8_t*)0x20000128 = 0;
  *(uint8_t*)0x20000129 = 0;
  *(uint8_t*)0x2000012a = 0;
  *(uint8_t*)0x2000012b = 0;
  *(uint8_t*)0x2000012c = 0;
  *(uint8_t*)0x2000012d = 0;
  *(uint8_t*)0x2000012e = 0;
  *(uint8_t*)0x2000012f = 0;
  *(uint8_t*)0x20000130 = 0;
  *(uint8_t*)0x20000131 = 0;
  *(uint8_t*)0x20000132 = 0;
  *(uint8_t*)0x20000133 = 0;
  *(uint8_t*)0x20000134 = 0;
  *(uint8_t*)0x20000135 = 0;
  *(uint8_t*)0x20000136 = 0;
  *(uint8_t*)0x20000137 = 0;
  *(uint32_t*)0x200001e0 = 0;
  *(uint32_t*)0x200001e4 = 0;
  *(uint32_t*)0x200001e8 = 0;
  *(uint32_t*)0x200001ec = 0;
  *(uint32_t*)0x200001f0 = 0;
  *(uint32_t*)0x200001f4 = 0;
  *(uint32_t*)0x200001f8 = 0;
  *(uint32_t*)0x200001fc = 0;
  syscall(__NR_ioctl, r[0], 0xc100565c, 0x20000100);
  return 0;
}