// https://syzkaller.appspot.com/bug?id=c7ac769bd7ee15549b8a2be188bcee07d98a5357
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#define __syscall syscall

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul);
  intptr_t res = 0;
  memcpy((void*)0x200001c0, "./bus\000", 6);
  syscall(SYS_mknod, 0x200001c0ul, 0x2000ul,
          0x4086334); /* major = 99, minor = 264244 */
  *(uint32_t*)0x200000c0 = 6;
  *(uint64_t*)0x200000c8 = 0x20000080;
  *(uint16_t*)0x20000080 = 0;
  *(uint8_t*)0x20000082 = 0;
  *(uint8_t*)0x20000083 = 0;
  *(uint32_t*)0x20000084 = 0;
  *(uint16_t*)0x20000088 = 0;
  *(uint8_t*)0x2000008a = 0;
  *(uint8_t*)0x2000008b = 0;
  *(uint32_t*)0x2000008c = 0;
  *(uint16_t*)0x20000090 = 0;
  *(uint8_t*)0x20000092 = 0;
  *(uint8_t*)0x20000093 = 0;
  *(uint32_t*)0x20000094 = 0;
  *(uint16_t*)0x20000098 = 0;
  *(uint8_t*)0x2000009a = 0;
  *(uint8_t*)0x2000009b = 0;
  *(uint32_t*)0x2000009c = 0;
  *(uint16_t*)0x200000a0 = 0;
  *(uint8_t*)0x200000a2 = 0;
  *(uint8_t*)0x200000a3 = 0;
  *(uint32_t*)0x200000a4 = 0;
  *(uint16_t*)0x200000a8 = 0x210;
  *(uint8_t*)0x200000aa = 0;
  *(uint8_t*)0x200000ab = 0;
  *(uint32_t*)0x200000ac = 0;
  syscall(SYS_ioctl, -1, 0x80104277ul, 0x200000c0ul);
  *(uint64_t*)0x200003c0 = 0;
  *(uint32_t*)0x200003c8 = 0;
  *(uint64_t*)0x200003d0 = 0x20000380;
  *(uint64_t*)0x20000380 = 0;
  *(uint64_t*)0x20000388 = 0;
  *(uint64_t*)0x20000390 = 0x20000280;
  memcpy(
      (void*)0x20000280,
      "\x30\x8d\x9a\x77\xa8\xfa\xa7\x05\x51\x34\xf8\x0b\x3e\x4e\x96\x60\x83\xd0"
      "\xea\xa2\x46\xc6\x0c\xcc\x0e\xb1\x72\x47\x6a\x83\x4a\x06\xb6\x66\xa3\x3b"
      "\x7f\x38\x4e\x6f\x57\xde\x02\x0e\x79\x4a\xf7\x80\x9b\x40\xc2\xb0\x9e\x59"
      "\x92\x7b\x08\x97\x2e\x58\xfe\x79\xa7\x35\xab\xa7\x4e\x37\x00\x25\x30\x9e"
      "\xa6\x05\x92\x3f\x04\xb2\x8a\x8b\xfc\xb1\x8c\x0a\x7e\x03\x54\x19\x09\x82"
      "\x23\x95\x53\xa5\x69\xe4\x8a\xd6\xe2\x5f\x0c\xdc\x0f\xd4\x79\x59\x44\x50"
      "\x43\xde\x12\x3e\x22\x6d\x06\x8a\x8c\xc5\x5a\x18\xc3\xd1\x45\x44\xa4\x2b"
      "\x79\x0d\x95\xc0\xad\x70\xd4\x7a\x0a\x80\x6f\x90\x2a\x6d\x21\xb9\x3f\x05"
      "\xe1\xa7\x50\xd2\x49\x46\x63\x10\x6d\xbb\xec\x2b\x5b\x04\x4f\xec\x74\xc7"
      "\x70\xd3\x9b\xac\xf4\x1a\xc7\xf7\xb2\x0a\xf9\xfd\x82\x93\x21\x6b\x33\x1d"
      "\xc8\x0e\x67\xac\x2d\xc1\xcc\xae\x48\xba\x3d\x4c\x05\xa9\xd8\x00\x5c\xaa"
      "\xae\x5e\x06\x33\x70\x5e\x88\x84\xc8\xe6\xaa\x5f\xb4\x41\xec\x40\xc9",
      215);
  *(uint64_t*)0x20000398 = 0xd7;
  *(uint64_t*)0x200003d8 = 2;
  *(uint64_t*)0x200003e0 = 0;
  *(uint64_t*)0x200003e8 = 0;
  *(uint32_t*)0x200003f0 = 0x400;
  syscall(SYS_sendmsg, 0xffffff9c, 0x200003c0ul, 0ul);
  memcpy((void*)0x20000000, "./bus\000", 6);
  res = syscall(SYS_open, 0x20000000ul, 0ul, 0ul);
  if (res != -1)
    r[0] = res;
  *(uint64_t*)0x20000180 = 0;
  *(uint32_t*)0x20000188 = 0;
  *(uint64_t*)0x20000190 = 0;
  *(uint64_t*)0x20000198 = 0;
  *(uint64_t*)0x200001a0 = 0;
  *(uint64_t*)0x200001a8 = 0x210;
  *(uint32_t*)0x200001b0 = 0;
  syscall(SYS_sendmsg, -1, 0x20000180ul, 0ul);
  memcpy((void*)0x20000040, "\x34\xcf\x36\x2b\x3c\xe9\xc9\x3d\x7f", 9);
  syscall(SYS_write, -1, 0x20000040ul, 9ul);
  *(uint32_t*)0x20000040 = 1;
  syscall(SYS_ioctl, r[0], 0x82907003ul, 0x20000040ul);
  return 0;
}