// https://syzkaller.appspot.com/bug?id=a47a3f854d62145d90529133dd6861b35389e8ba
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#ifndef __NR_openat
#define __NR_openat 295
#endif
#ifndef __NR_ioctl
#define __NR_ioctl 54
#endif
#ifndef __NR_mmap
#define __NR_mmap 192
#endif
#undef __NR_mmap
#define __NR_mmap __NR_mmap2

long r[1];
void loop()
{
  memset(r, -1, sizeof(r));
  syscall(__NR_mmap, 0x20000000, 0x3000, 3, 0x32, -1, 0);
  memcpy((void*)0x20000000, "/dev/ion", 9);
  r[0] = syscall(__NR_openat, 0xffffff9c, 0x20000000, 0, 0);
  memcpy((void*)0x20000fe9, "\x06\xf3\x58\xed\x5d\xa1\xff\xb7\x4f\xc2\xe9\x72"
                            "\x36\x85\x34\x9f\xe9\xe3\x1c\x5b\x52\x14\x04\xcb"
                            "\x84",
         25);
  syscall(__NR_ioctl, r[0], 0xc0184900, 0x20000fe9);
}

int main()
{
  loop();
  return 0;
}