// https://syzkaller.appspot.com/bug?id=ed61486641c6d9d4d16203bd507cd83e44de7634
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2)
{
  if (a0 == 0xc || a0 == 0xb) {
    char buf[128];
    sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
            (uint8_t)a2);
    return open(buf, O_RDWR, 0);
  } else {
    char buf[1024];
    char* hash;
    strncpy(buf, (char*)a0, sizeof(buf) - 1);
    buf[sizeof(buf) - 1] = 0;
    while ((hash = strchr(buf, '#'))) {
      *hash = '0' + (char)(a1 % 10);
      a1 /= 10;
    }
    return open(buf, a2, 0);
  }
}

uint64_t r[6] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
                 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
  syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
  syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
  intptr_t res = 0;
  res = -1;
  res = syz_open_dev(0xc, 4, 1);
  if (res != -1)
    r[0] = res;
  *(uint32_t*)0x20000080 = 0xd;
  syscall(__NR_ioctl, r[0], 0x5423, 0x20000080ul);
  res = -1;
  res = syz_open_dev(0xc, 4, 1);
  if (res != -1)
    r[1] = res;
  res = syscall(__NR_dup, r[1]);
  if (res != -1)
    r[2] = res;
  syscall(__NR_ioctl, r[2], 0x540a, 0ul);
  res = -1;
  res = syz_open_dev(0xc, 4, 1);
  if (res != -1)
    r[3] = res;
  res = syscall(__NR_dup, r[3]);
  if (res != -1)
    r[4] = res;
  *(uint64_t*)0x20000240 = 0x20000000;
  memcpy(
      (void*)0x20000000,
      "\xc9\x7b\x4b\xf5\x8d\x82\x36\xcd\x0b\xf8\xb6\xbb\xff\x57\xc1\x5b\x2e\x04"
      "\x50\xb9\x5c\x2c\x76\xf7\x50\x26\xa2\x46\x88\x09\x86\x1d\x54\x57\x84\x90"
      "\x3b\x73\x36\x82\xe0\x94\xc7\x63\x07\x5f\x61\x63\x3a\x01\xe8\xd3\x3b\xba"
      "\x06\x8c\xeb\x28\xd4\x14\x75\x69\x61\x9a\xda\xd9\x4c\xd3\x8c\xe9\x33\xbe"
      "\x16\x6e\xd5\xb1\x1c\xa3\xbc\xf6\xe0\x1d\x5a\xcd\x78\x7f\x49\x15\xbb\x0d"
      "\xdc\xa0\xe4\x1e\x6c\x12\x95\xbc\x27\xf3\xa1\xd4\xce\xb4\xfe\xca\x6b\xe5"
      "\xfe\xd1\xec\x54\x99\x16\x65\xd2\x0e\xba\xb0\x91\x05\xd8\x88\x56\x49\x9d"
      "\x45\x9f\x7d\xe9\xcd\xbb\x33\xe8\x78\xd7\x93\xe9\xbc\xec\x51\x6b\x3c\xfb"
      "\x0c\x41\xa2\x97\x0e\xc4\x2e\x50\x5a\xc2\x21\x33\xbb\xd8\x2d\x18\x23\x12"
      "\xe1\xa4\x46\x58\xf7\xfe\x2a\xe8\x4b\x23\x19\xd6\xe3\x1d\x84\x86\xc3\x1f"
      "\x2c\x2e\x5e\x98\x5f\x69\x13\xea\x17\x8a\x10\xbb\xe9\x03\x0b\xb4\x66\x8a"
      "\xc5\xfd\x16\xc1\xfe\xe8\xec\x55\xac\xf9\xc4\x59\x64\x0c\xc9\x52\x17\xf3"
      "\x0b\xc8\x58\xa3\xbc\x31\x54\x4c\x3a\xf7\x3f\xcd",
      228);
  *(uint64_t*)0x20000248 = 0xe4;
  *(uint64_t*)0x20000250 = 0;
  *(uint64_t*)0x20000258 = 0;
  *(uint64_t*)0x20000260 = 0;
  *(uint64_t*)0x20000268 = 0;
  syscall(__NR_writev, r[4], 0x20000240ul, 3ul);
  res = -1;
  res = syz_open_dev(0xc, 4, 1);
  if (res != -1)
    r[5] = res;
  syscall(__NR_ioctl, r[5], 0x540a, 1ul);
  return 0;
}