// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE 

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2)
{
	if (a0 == 0xc || a0 == 0xb) {
		char buf[128];
		sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1, (uint8_t)a2);
		return open(buf, O_RDWR, 0);
	} else {
		char buf[1024];
		char* hash;
		strncpy(buf, (char*)a0, sizeof(buf) - 1);
		buf[sizeof(buf) - 1] = 0;
		while ((hash = strchr(buf, '#'))) {
			*hash = '0' + (char)(a1 % 10);
			a1 /= 10;
		}
		return open(buf, a2, 0);
	}
}

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
		syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
	syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul);
	syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul);
				intptr_t res = 0;
	res = -1;
res = syz_open_dev(0xc, 4, 1);
	if (res != -1)
		r[0] = res;
*(uint8_t*)0x20000000 = 2;
*(uint8_t*)0x20000001 = 2;
*(uint16_t*)0x20000002 = 0;
*(uint16_t*)0x20000004 = 0;
*(uint16_t*)0x20000006 = 0;
*(uint16_t*)0x20000008 = 0x300;
*(uint16_t*)0x2000000a = 0;
	syscall(__NR_ioctl, r[0], 0x541c, 0x20000000ul);
	res = -1;
res = syz_open_dev(0xc, 4, 1);
	if (res != -1)
		r[1] = res;
*(uint32_t*)0x20000480 = 0;
*(uint32_t*)0x20000484 = 0;
*(uint32_t*)0x20000488 = 3;
*(uint32_t*)0x2000048c = 0x1b;
*(uint32_t*)0x20000490 = 0x200;
*(uint64_t*)0x20000498 = 0x20000040;
memcpy((void*)0x20000040, "\x11\x6a\x9c\xaf\xf7\x3a\x85\x29\x62\x2e\x69\x8f\x1e\xf3\xfa\x4e\x3b\xb4\x95\x29\x22\x28\x7b\xf4\xd4\xdb\x58\x01\x0b\x0c\x93\x12\x7b\xd5\xa1\x8d\xbd\x09\xe7\xdf\x91\x90\xc1\x72\x96\x29\xd0\x0f\x2d\xc5\xc8\x4f\x82\xea\xec\xd3\x50\xc6\xca\x4e\x70\x46\x88\x19\xde\x14\xe3\xd0\xe4\x91\x5c\x5d\x8d\x6a\xbf\x71\xee\xd2\xd4\x06\x95\xc5\x5c\x78\x1d\xca\xf8\x0a\x4a\x26\x9e\x1c\x43\xc7\xed\x9e\xd5\xe5\xe3\x86\xa2\x90\x24\x2a\x8b\x00\x70\xa7\xc0\x09\x23\x41\x0a\xe2\xf9\x51\xad\x46\x59\x3b\xe8\xb5\x03\x00\x00\x00\xaf\xa7\xcd\x0f\xc2\xea\x46\xb4\x21\xa4\xaa\x74\x1c\x80\x85\xfd\x17\xd5\xd9\x9c\x82\x92\x59\x18\x29\x39\x01\x46\x1b\xf7\x08\x9c\x38\x0e\x12\x7f\x8d\xe6\x87\x58\x11\x32\xc7\x30\xde\xf2\x66\x54\x4b\xbb\xc6\x0d\x21\xe8\x9d\x64\x79\x5d\xe7\x9b\x55\xbb\x1e\xd9\xd8\x7a\xa9\xf3\xa3\xd5\x01\x05\x91\xf8\x6f\x6a\x52\x50\x38\xee\x6c\xd8\xe6\x92\x0c\x3f\x6e\xdb\xc4\x04\x16\xe0\x45\x35\xdb\x71\x88\x2a\xa5\x82\xde\x9f\x25\x5e\xaf\x5e\xc5\x74\xe4\x63\x3c\x8d\x41\x97\x17\x8d\xa4\x9d\xb2\xab\xb0\xc4\x39\x98\x31\x6b\xbf\x1d\xc6\x9a\x79\x0c\xc9\x5a\x93\x7e\x09\x78\xc5\x38\x29\x17\x04\xdf\x87\x69\xce\xe5\xb1\xf3\x02\x41\x92\x0a\x72\xef\xbc\xcc\xeb\x61\x30\xfa\x88\xdb\x0e\x50\x1e\x3f\x58\x87\x45\x9d\xb4\xb7\x7c\x15\x81\xf6\xd5\x8a\x3a\x1e\x47\x00\x18\x8a\x88\x47\x52\xb2\xaf\xc2\xc8\x0e\x7b\xc3\xc3\xfc\xe7\x84\xf6\x70\xaa\x01\x33\x1e\xee\x95\x4d\x0c\x93\xbb\x66\x45\xff\xf3\xe3\xfa\xfb\xd8\x28\xaa\x12\xb7\xe4\x96\xa5\xac\x39\x47\xa3\xee\xec\x9c\x74\xa0\x4a\x14\x34\x0c\x8a\xb6\x7c\x14\xab\x34\x40\x20\x99\x6f\x21\x13\x6b\x46\x9b\x8b\xe0\x95\x8d\x7e\x8b\xcc\x32\x49\x0b\x70\x74\xc5\xe3\x44\xe0\x0b\x6e\xd2\xe2\xeb\xf4\xc9\xa3\xac\x9b\x6f\x74\xd3\xd7\xe7\xd3\xef\x76\xc7\xa7\x89\xa9\x2d\xde\xed\x72\x19\xf0\xbf\xac\x7c\x7a\xce\x85\x8e\xc5\x43\x11\xce\x32\x0f\x12\x61\x5a\xcb\x40\x8d\x58\xc6\x2e\xa3\x63\x94\xdd\xf2\x1f\x0d\x47\xe0\x6e\x88\x15\x4b\xa2\x63\xd2\xa9\x50\xc1\x88\xc9\xcb\x99\xdd\x95\x05\xfa\x7d\xfa\xe0\x8e\xd8\xf6\x8f\xb8\x2e\x94\xcb\x8d\x2f\x1a\x36\xef\x6c\x3c\x9c\x5d\x22\x01\xfe\x53\x8b\x4e\x01\x30\x30\xd2\xf2\x87\x1a\xbb\x04\xd6\xc6\x71\xcb\x37\x8f\xd0\xda\x22\x03\x4f\x28\x0f\xa8\x15\xde\x50\xc4\x2f\x25\xc3\x93\xbc\xdc\xf7\x51\x70\xc7\xa0\xdd\x2b\x9b\x22\xa7\xea\xdf\xbb\x9b\x5e\xa2\xd3\x58\x84\x38\x5e\x20\x45\xbf\xe9\xf3\x88\x03\xda\xf1\x6f\x33\x71\xb3\x8a\xc1\x09\xf0\x8c\x49\x58\x24\x2a\x9d\x21\xa9\xe0\xc1\x2c\xaf\xb3\x5f\xd7\xf4\x39\xc1\xd0\xac\xbe\xc0\x37\xe8\x38\xcc\x3f\x67\x46\x13\xb7\x5f\xb3\x78\xd7\x9c\x5e\x76\x30\x6b\x5e\x7f\x84\x1d\x46\x28\x64\x68\x46\x9d\x0d\x05\x1f\x4a\x3b\xd5\x5b\x6f\x1e\xe3\xc1\x77\xcc\xa1\x56\x21\xc7\x1e\x06\x8b\x1d\xa2\x69\x3d\x28\x00\x2b\x00\xe3\x85\x02\x6f\x6b\x9a\x0d\x5b\x55\xcd\x0e\xb7\x1e\x1d\x5c\x37\x3e\x14\x54\x8b\x69\x25\x4d\xe6\xc5\xbc\xd9\x5b\xff\x09\x29\xd9\x34\x44\xc5\xb9\xa7\xf6\x0c\x8c\x04\x01\xc6\xf8\xd6\xf8\xbc\x3f\x8f\xdb\xf0\x44\x68\x6c\x5b\x74\xa9\xca\xb3\x5f\x56\x3a\x9e\x61\xca\x72\x01\x96\x7c\x08\x39\x86\x5c\xe5\x8b\x38\x79\x49\x30\x95\x54\xc2\x2a\xb5\x51\x0b\xa0\xb9\x13\xac\xcf\x7d\xec\x3e\x88\x0a\x22\x7a\x02\xf8\xf7\x64\xb1\x93\x11\x4a\x88\xad\xf4\xc6\x30\x60\x51\xe6\x74\xd9\xd4\x6b\x35\x80\x8b\x39\x12\xa7\x13\x63\xf8\x02\xd1\x79\x80\x0f\x4f\x91\x8c\x7f\xec\x20\x2c\x35\x54\x7f\xea\xea\x7d\xca\xc7\xee\xb6\xca\x6e\x23\xc8\x99\x95\xc1\x6d\xef\xc0\xda\x19\xf0\x15\x1a\x07\xfa\x8d\x7d\xec\xfa\x09\x39\x66\xd7\x6f\x64\x7e\x93\xfc\xb6\x47\x14\x99\x0a\xe1\x79\x16\xce\xe2\xd0\x79\xfe\xa6\x6c\x2d\x1a\x8a\xf0\x3b\xb8\x42\xbe\x5b\x8b\x72\xf1\xe9\x4c\x91\x42\xb4\x56\x87\x6b\x26\xca\x89\x91\x7c\xb6\xd6\xb7\x2c\x7e\x3c\xce\x64\x93\x00\x40\x6a\x44\x28\x23\x6e\xa0\x12\x8f\x8f\x35\xe4\x30\x53\xa8\xce\x08\x8d\xfa\x59\x8b\xf3\x9b\xc8\xa6\x28\x5f\x2c\x83\x1e\x6b\xa2\xbe\xf3\x91\xc6\x3c\xe9\x69\x56\xb2\x89\x72\x52\x95\x34\xc4\x38\x79\x15\xd0\x1e\x51\xb5\x92\xad\x8e\xc8\x5d\x6a\x5d\x02\xe9\xd8\x75\xb8\x08\x4d\x0b\xbc\xcc\x3f\xf9\x05\x01\x01\xde\x57\x7d\x9e\x3d\x9b\xb8\xc6\x4b\xa4\xb4\xe5\x73\x6c\x5d\x89\xa3\x10\xfc\xce\x1e\xe9\x6f\x1f\xdd\x0a\xd4\xf8\xc5\x5c\xb1\xcd\x10\x0d\x8c\x77\x12\x95\xb7\x12\x29\x18\xd5\x43\xea\xbd\xf6\x78\x98\xa3\x36\x23\x23\xed\x8c\xad\xdd\x4f\x7b\x19\x5b\xb3\x5b\xe1\x09\x4e\xf2\x6e\xbe\x0b", 1024);
	syscall(__NR_ioctl, r[1], 0x4b72, 0x20000480ul);
	return 0;
}