// https://syzkaller.appspot.com/bug?id=c7ac769bd7ee15549b8a2be188bcee07d98a5357
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <pwd.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

#define __syscall syscall

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul);
  intptr_t res = 0;
  memcpy((void*)0x20000140, "./bus\000", 6);
  syscall(SYS_mknod, 0x20000140ul, 0x2000ul,
          0x4086337); /* major = 99, minor = 264247 */
  *(uint32_t*)0x200000c0 = 6;
  *(uint64_t*)0x200000c8 = 0x20000080;
  *(uint16_t*)0x20000080 = 0;
  *(uint8_t*)0x20000082 = 0;
  *(uint8_t*)0x20000083 = 0;
  *(uint32_t*)0x20000084 = 0;
  *(uint16_t*)0x20000088 = 0;
  *(uint8_t*)0x2000008a = 0;
  *(uint8_t*)0x2000008b = 0;
  *(uint32_t*)0x2000008c = 0;
  *(uint16_t*)0x20000090 = 0;
  *(uint8_t*)0x20000092 = 0;
  *(uint8_t*)0x20000093 = 0;
  *(uint32_t*)0x20000094 = 0;
  *(uint16_t*)0x20000098 = 0;
  *(uint8_t*)0x2000009a = 0;
  *(uint8_t*)0x2000009b = 0;
  *(uint32_t*)0x2000009c = 0xfffffffe;
  *(uint16_t*)0x200000a0 = 0x2b0;
  *(uint8_t*)0x200000a2 = 0;
  *(uint8_t*)0x200000a3 = 0;
  *(uint32_t*)0x200000a4 = 0;
  *(uint16_t*)0x200000a8 = 0x210;
  *(uint8_t*)0x200000aa = 0;
  *(uint8_t*)0x200000ab = 0;
  *(uint32_t*)0x200000ac = 0;
  syscall(SYS_ioctl, -1, 0x80104277ul, 0x200000c0ul);
  memcpy((void*)0x20000000, "./bus\000", 6);
  res = syscall(SYS_open, 0x20000000ul, 0ul, 0ul);
  if (res != -1)
    r[0] = res;
  *(uint64_t*)0x20000180 = 0;
  *(uint32_t*)0x20000188 = 0;
  *(uint64_t*)0x20000190 = 0;
  *(uint64_t*)0x20000198 = 0;
  *(uint64_t*)0x200001a0 = 0;
  *(uint64_t*)0x200001a8 = 0x210;
  *(uint32_t*)0x200001b0 = 0;
  syscall(SYS_sendmsg, -1, 0x20000180ul, 0ul);
  *(uint32_t*)0x20000040 = 0;
  *(uint32_t*)0x20000044 = 0;
  *(uint32_t*)0x20000048 = 0xfffffffe;
  *(uint32_t*)0x2000004c = 0;
  memset((void*)0x20000050, 0, 20);
  *(uint32_t*)0x20000064 = 2;
  *(uint32_t*)0x20000068 = 0;
  syscall(SYS_ioctl, r[0], 0x802c7416ul, 0x20000040ul);
  memcpy((void*)0x20000280,
         "\x44\xa2\xb2\xf1\xd4\x27\x81\xb6\xde\xdd\x97\x87\x04\xac\xa6\x2e\xc3"
         "\xc9\x7e\x02\xce\xc7\x28\xb1\x1f\x2d\x78\xf2\x5c\x96\xeb\x9f\x92\x7d"
         "\x8c\xd8\x41\x18\x79\x4a\xed\x4a\xed\x11\x2a\x70\x0f\x11\xd3\x4e\x35"
         "\xe1\xa3\x36\x3d\x3c\x80\xb9\xcd\x07\x37\x81\x4b\x44\x71\x90\x15\x88"
         "\x35\x66\x7c\x94\x26\x3c\x5e\x0c\x14\xdc\x7e\x91\xf2\xa3\x96\x97\x64"
         "\x9a\xe1\x65\xd6\x89\x82\xd4\x9d\x9e\x8c\xfe\xc7\xcb\x6d\x29\x9a\xf8"
         "\xe4\xdc\x64\xf6\xbf\x23\xc6\xff\xbe\xa7\x1a\x46\x6b\x6e\xc6\xcf\x6f"
         "\xae\x10\xf4\x29\xa0\x20\xab\xa9\xb3\x33\x4a\xd8\xc5\x87\xf1\xc3\x97"
         "\xf5\x8c\x68\xdc\xfc\x32\x54\xef\x57\x7c\x7f\x9c\xf3\x86\x7f\x1e\xa3"
         "\x83\x82\x2c\xcf\x2f\x56\x73\xd8\x57\x0c\xde\x6d\xff\x77\x16\xd3\xb5"
         "\xef\x8f\x20\xa4\x9b\x73\x3f\x3d\x87\xdf\x90\xc3\x82\xf3\xcf\x8a\x6e"
         "\x51\xbf\x8d\xb6\x6e\xe2\xb8\x46\x34\x0a\x0e\xac\xfa\x01\xf9\xa4\x60"
         "\x86\xe5\x0b\x60\x7f\x7e\x49\x95\x6b\x16\xa6\x7e\x96",
         217);
  syscall(SYS_write, -1, 0x20000280ul, 0xd9ul);
  *(uint32_t*)0x20000040 = 2;
  syscall(SYS_ioctl, r[0], 0x82907003ul, 0x20000040ul);
  return 0;
}