// https://syzkaller.appspot.com/bug?id=8f063539d4ecf1faf3132624b57a641e923ee25a
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

static long syz_open_dev(long a0, long a1, long a2)
{
  if (a0 == 0xc || a0 == 0xb) {
    char buf[128];
    sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
            (uint8_t)a2);
    return open(buf, O_RDWR, 0);
  } else {
    char buf[1024];
    char* hash;
    strncpy(buf, (char*)a0, sizeof(buf) - 1);
    buf[sizeof(buf) - 1] = 0;
    while ((hash = strchr(buf, '#'))) {
      *hash = '0' + (char)(a1 % 10);
      a1 /= 10;
    }
    return open(buf, a2, 0);
  }
}

#ifndef __NR_bpf
#define __NR_bpf 321
#endif

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  long res = 0;
  memcpy((void*)0x20000000, "/dev/kvm", 9);
  res = syscall(__NR_openat, 0xffffffffffffff9c, 0x20000000, 0, 0);
  if (res != -1)
    r[0] = res;
  res = syscall(__NR_ioctl, r[0], 0xae01, 0);
  if (res != -1)
    r[1] = res;
  res = syscall(__NR_ioctl, r[1], 0xae41, 0);
  if (res != -1)
    r[2] = res;
  *(uint32_t*)0x200000c0 = 0x7b;
  *(uint32_t*)0x200000c4 = 0xbff;
  *(uint64_t*)0x200000c8 = 0xc2;
  *(uint64_t*)0x200000d0 = 0;
  *(uint64_t*)0x200000d8 = 0x40000105;
  *(uint64_t*)0x200000e0 = 0;
  *(uint8_t*)0x200000e8 = 0;
  *(uint8_t*)0x200000e9 = 0;
  *(uint8_t*)0x200000ea = 0;
  *(uint8_t*)0x200000eb = 0;
  *(uint8_t*)0x200000ec = 0;
  *(uint8_t*)0x200000ed = 0;
  *(uint8_t*)0x200000ee = 0;
  *(uint8_t*)0x200000ef = 0;
  *(uint8_t*)0x200000f0 = 0;
  *(uint8_t*)0x200000f1 = 0;
  *(uint8_t*)0x200000f2 = 0;
  *(uint8_t*)0x200000f3 = 0;
  *(uint8_t*)0x200000f4 = 0;
  *(uint8_t*)0x200000f5 = 0;
  *(uint8_t*)0x200000f6 = 0;
  *(uint8_t*)0x200000f7 = 0;
  *(uint8_t*)0x200000f8 = 0;
  *(uint8_t*)0x200000f9 = 0;
  *(uint8_t*)0x200000fa = 0;
  *(uint8_t*)0x200000fb = 0;
  *(uint8_t*)0x200000fc = 0;
  *(uint8_t*)0x200000fd = 0;
  *(uint8_t*)0x200000fe = 0;
  *(uint8_t*)0x200000ff = 0;
  *(uint8_t*)0x20000100 = 0;
  *(uint8_t*)0x20000101 = 0;
  *(uint8_t*)0x20000102 = 0;
  *(uint8_t*)0x20000103 = 0;
  *(uint8_t*)0x20000104 = 0;
  *(uint8_t*)0x20000105 = 0;
  *(uint8_t*)0x20000106 = 0;
  *(uint8_t*)0x20000107 = 0;
  *(uint8_t*)0x20000108 = 0;
  *(uint8_t*)0x20000109 = 0;
  *(uint8_t*)0x2000010a = 0;
  *(uint8_t*)0x2000010b = 0;
  *(uint8_t*)0x2000010c = 0;
  *(uint8_t*)0x2000010d = 0;
  *(uint8_t*)0x2000010e = 0;
  *(uint8_t*)0x2000010f = 0;
  *(uint8_t*)0x20000110 = 0;
  *(uint8_t*)0x20000111 = 0;
  *(uint8_t*)0x20000112 = 0;
  *(uint8_t*)0x20000113 = 0;
  *(uint8_t*)0x20000114 = 0;
  *(uint8_t*)0x20000115 = 0;
  *(uint8_t*)0x20000116 = 0;
  *(uint8_t*)0x20000117 = 0;
  *(uint8_t*)0x20000118 = 0;
  *(uint8_t*)0x20000119 = 0;
  *(uint8_t*)0x2000011a = 0;
  *(uint8_t*)0x2000011b = 0;
  *(uint8_t*)0x2000011c = 0;
  *(uint8_t*)0x2000011d = 0;
  *(uint8_t*)0x2000011e = 0;
  *(uint8_t*)0x2000011f = 0;
  *(uint8_t*)0x20000120 = 0;
  *(uint8_t*)0x20000121 = 0;
  *(uint8_t*)0x20000122 = 0;
  *(uint8_t*)0x20000123 = 0;
  *(uint8_t*)0x20000124 = 0;
  *(uint8_t*)0x20000125 = 0;
  *(uint8_t*)0x20000126 = 0;
  *(uint8_t*)0x20000127 = 0;
  syscall(__NR_ioctl, r[2], 0x4080aebf, 0x200000c0);
  syscall(__NR_socket, 0x26, 5, 0);
  *(uint16_t*)0x20000140 = 0x91d;
  *(uint16_t*)0x20000142 = 0x1ff;
  *(uint16_t*)0x20000144 = 0x651;
  *(uint16_t*)0x20000146 = 1;
  *(uint8_t*)0x20000148 = 7;
  *(uint8_t*)0x20000149 = 3;
  *(uint8_t*)0x2000014a = 0xf8;
  *(uint8_t*)0x2000014b = 0x7f;
  *(uint32_t*)0x2000014c = 0xffe;
  *(uint8_t*)0x20000150 = 0;
  syscall(__NR_ioctl, -1, 0x5406, 0x20000140);
  *(uint64_t*)0x20000380 = 0x20000140;
  *(uint16_t*)0x20000140 = 4;
  *(uint16_t*)0x20000142 = htobe16(1);
  *(uint32_t*)0x20000144 = htobe32(0);
  memcpy((void*)0x20000148, "\x09\x50\xfe\x4a\xdb\xa7", 6);
  *(uint8_t*)0x2000014e = 0;
  *(uint8_t*)0x2000014f = 0;
  *(uint32_t*)0x20000388 = 0x16;
  *(uint64_t*)0x20000390 = 0x20000000;
  *(uint64_t*)0x20000398 = 0;
  *(uint64_t*)0x200003a0 = 0x20000240;
  *(uint64_t*)0x200003a8 = 0;
  *(uint32_t*)0x200003b0 = 0;
  syscall(__NR_sendmsg, -1, 0x20000380, 0);
  syscall(__NR_fstat, -1, 0x20000000);
  syscall(__NR_fchown, -1, 0, 0);
  *(uint32_t*)0x20000340 = 6;
  *(uint32_t*)0x20000344 = 4;
  *(uint32_t*)0x20000348 = 0x84;
  *(uint32_t*)0x2000034c = 9;
  *(uint32_t*)0x20000350 = 0;
  *(uint32_t*)0x20000354 = -1;
  *(uint32_t*)0x20000358 = 0;
  *(uint8_t*)0x2000035c = 0;
  *(uint8_t*)0x2000035d = 0;
  *(uint8_t*)0x2000035e = 0;
  *(uint8_t*)0x2000035f = 0;
  *(uint8_t*)0x20000360 = 0;
  *(uint8_t*)0x20000361 = 0;
  *(uint8_t*)0x20000362 = 0;
  *(uint8_t*)0x20000363 = 0;
  *(uint8_t*)0x20000364 = 0;
  *(uint8_t*)0x20000365 = 0;
  *(uint8_t*)0x20000366 = 0;
  *(uint8_t*)0x20000367 = 0;
  *(uint8_t*)0x20000368 = 0;
  *(uint8_t*)0x20000369 = 0;
  *(uint8_t*)0x2000036a = 0;
  *(uint8_t*)0x2000036b = 0;
  syscall(__NR_bpf, 0, 0x20000340, 0x2c);
  memcpy((void*)0x20000080, "/dev/dmmidi#", 13);
  syz_open_dev(0x20000080, 5, 0x40);
  *(uint32_t*)0x20002780 = 0xe8;
  syscall(__NR_getsockopt, -1, 0x29, 0x22, 0x20002680, 0x20002780);
  syscall(__NR_getgid);
  memcpy((void*)0x20003c80, "./file0", 8);
  syscall(__NR_lstat, 0x20003c80, 0x20003cc0);
  memcpy((void*)0x20003f00, "./file0", 8);
  syscall(__NR_lstat, 0x20003f00, 0x20003f40);
  *(uint32_t*)0x20000800 = 0xc;
  syscall(__NR_getsockopt, -1, 0, 0x27, 0x200007c0, 0x20000800);
  syscall(__NR_ioctl, -1, 0x200000000008912, 0x20000080);
  *(uint64_t*)0x203bbfc8 = 0x20fdbf80;
  *(uint16_t*)0x20fdbf80 = 0x1e;
  memcpy((void*)0x20fdbf82,
         "\x02\xff\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0a\xe7\x7f"
         "\x5b\xf8\x6c\x48\x02\x00\x02\x00\x00\x00\xf1\xff\xff\xff\x00\x9a\x48"
         "\x00\x75\xe6\xa5\x00\x00\xde\x01\x03\x00\x00\x00\x00\xe4\xff\x06\x4b"
         "\x3f\x01\x3a\x00\x00\x00\x08\x00\x00\x00\x8f\x00\x00\x00\x00\xac\x50"
         "\xd5\xfe\x32\xc4\x00\x00\x00\x00\x7f\xff\xff\xff\x6a\x00\x83\x56\xed"
         "\xb9\xa6\x34\x1c\x1f\xd4\x56\x24\x28\x1e\x00\x07\x0e\xcd\xdd\x02\x06"
         "\xc3\x97\x50\xc4\x00\x00\xfd\x00\x00\x09\x00\x00\x00\x00\x00\x0b\x00"
         "\x00\xdb\x00\x00\x04\xda\x36",
         126);
  *(uint32_t*)0x203bbfd0 = 0x2ef;
  *(uint64_t*)0x203bbfd8 = 0x20d1b000;
  *(uint64_t*)0x203bbfe0 = 0;
  *(uint64_t*)0x203bbfe8 = 0x2012e000;
  *(uint64_t*)0x203bbff0 = 0;
  *(uint32_t*)0x203bbff8 = 0;
  syscall(__NR_sendmsg, -1, 0x203bbfc8, 0);
  *(uint32_t*)0x20000080 = 0xc;
  *(uint16_t*)0x20000084 = 8;
  *(uint16_t*)0x20000086 = 0xfa00;
  *(uint64_t*)0x20000088 = 0x20000380;
  syscall(__NR_write, -1, 0x20000080, 0xffffff01);
  *(uint16_t*)0x20000000 = 0x11;
  *(uint16_t*)0x20000002 = htobe16(0xc);
  *(uint32_t*)0x20000004 = 0;
  *(uint16_t*)0x20000008 = 1;
  *(uint8_t*)0x2000000a = 0;
  *(uint8_t*)0x2000000b = 6;
  *(uint8_t*)0x2000000c = 0;
  *(uint8_t*)0x2000000d = 0;
  *(uint8_t*)0x2000000e = 0;
  *(uint8_t*)0x2000000f = 0;
  *(uint8_t*)0x20000010 = 0;
  *(uint8_t*)0x20000011 = 0;
  *(uint8_t*)0x20000012 = 0;
  *(uint8_t*)0x20000013 = 0;
  syscall(__NR_bind, -1, 0x20000000, 0x14);
  *(uint32_t*)0x200000c0 = 0;
  *(uint16_t*)0x200000c4 = 5;
  *(uint16_t*)0x200000c6 = -1;
  syscall(__NR_setsockopt, -1, 0x84, 0x79, 0x200000c0, 8);
  memcpy((void*)0x20000000, "/dev/loop#", 11);
  syz_open_dev(0x20000000, 0, 0);
  syscall(__NR_ioctl, -1, 0xaf01, 0);
  syscall(__NR_ioctl, -1, 0xae41, 0);
  syscall(__NR_ioctl, -1, 0x4004556a, 0x104);
  return 0;
}