// https://syzkaller.appspot.com/bug?id=76e1ca0ed8893fcd1c960eb2d322809b83c90ac7
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <string.h>
#include <sys/syscall.h>
#include <unistd.h>

long r[1];
void loop()
{
  memset(r, -1, sizeof(r));
  syscall(__NR_mmap, 0x20000000, 0xc000, 3, 0x32, -1, 0);
  memcpy((void*)0x20005ff7, "/dev/ion", 9);
  r[0] = syscall(__NR_openat, 0xffffffffffffff9c, 0x20005ff7, 0, 0);
  *(uint32_t*)0x20001000 = 0;
  *(uint16_t*)0x20001008 = 0xa;
  *(uint16_t*)0x2000100a = htobe16(0x4e20);
  *(uint32_t*)0x2000100c = 0;
  *(uint8_t*)0x20001010 = -1;
  *(uint8_t*)0x20001011 = 2;
  *(uint8_t*)0x20001012 = 0;
  *(uint8_t*)0x20001013 = 0;
  *(uint8_t*)0x20001014 = 0;
  *(uint8_t*)0x20001015 = 0;
  *(uint8_t*)0x20001016 = 0;
  *(uint8_t*)0x20001017 = 0;
  *(uint8_t*)0x20001018 = 0;
  *(uint8_t*)0x20001019 = 0;
  *(uint8_t*)0x2000101a = 0;
  *(uint8_t*)0x2000101b = 0;
  *(uint8_t*)0x2000101c = 0;
  *(uint8_t*)0x2000101d = 0;
  *(uint8_t*)0x2000101e = 0;
  *(uint8_t*)0x2000101f = 1;
  *(uint32_t*)0x20001020 = 0;
  *(uint64_t*)0x20001028 = 0;
  *(uint64_t*)0x20001030 = 0;
  *(uint64_t*)0x20001038 = 0;
  *(uint64_t*)0x20001040 = 0;
  *(uint64_t*)0x20001048 = 0;
  *(uint64_t*)0x20001050 = 0;
  *(uint64_t*)0x20001058 = 0;
  *(uint64_t*)0x20001060 = 0;
  *(uint64_t*)0x20001068 = 0;
  *(uint64_t*)0x20001070 = 0;
  *(uint64_t*)0x20001078 = 0;
  *(uint64_t*)0x20001080 = 0;
  *(uint16_t*)0x20001090 = 0;
  *(uint16_t*)0x20001092 = 0xfff;
  *(uint32_t*)0x20005000 = 0x98;
  syscall(__NR_getsockopt, -1, 0x84, 0x1f, 0x20001000, 0x20005000);
  syscall(__NR_ioctl, r[0], 0xc0184908, 0x20001000);
}

int main()
{
  loop();
  return 0;
}