// https://syzkaller.appspot.com/bug?id=41a2e2ef8ce81f8985ce80329bffd9549ce206c8
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <sys/syscall.h>
#include <unistd.h>

#include <stdint.h>
#include <string.h>

long r[28];
void loop()
{
  memset(r, -1, sizeof(r));
  r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
                 0xfffffffffffffffful, 0x0ul);
  memcpy((void*)0x2052dff7, "\x2f\x64\x65\x76\x2f\x6b\x76\x6d\x00", 9);
  r[2] = syscall(__NR_openat, 0xffffffffffffff9cul, 0x2052dff7ul,
                 0x402ul, 0x0ul);
  r[3] = syscall(__NR_ioctl, r[2], 0xae01ul, 0x0ul);
  r[4] = syscall(__NR_ioctl, r[3], 0xae41ul, 0x0ul);
  *(uint32_t*)0x20ccbfe3 = (uint32_t)0x2;
  *(uint32_t*)0x20ccbfe7 = (uint32_t)0x0;
  *(uint32_t*)0x20ccbfeb = (uint32_t)0x6;
  *(uint32_t*)0x20ccbfef = (uint32_t)0xfffffffffffff000;
  *(uint32_t*)0x20ccbff3 = (uint32_t)0x4;
  *(uint32_t*)0x20ccbff7 = (uint32_t)0x3;
  *(uint32_t*)0x20ccbffb = (uint32_t)0xb9;
  *(uint32_t*)0x20ccbfff = (uint32_t)0x43b7;
  *(uint32_t*)0x20ccc003 = (uint32_t)0x83;
  *(uint32_t*)0x20ccc007 = (uint32_t)0x0;
  *(uint32_t*)0x20ccc00b = (uint32_t)0x0;
  *(uint32_t*)0x20ccc00f = (uint32_t)0x0;
  *(uint32_t*)0x20ccc013 = (uint32_t)0xc0000007;
  *(uint32_t*)0x20ccc017 = (uint32_t)0xffffffffe0e66363;
  *(uint32_t*)0x20ccc01b = (uint32_t)0x2;
  *(uint32_t*)0x20ccc01f = (uint32_t)0x7;
  *(uint32_t*)0x20ccc023 = (uint32_t)0x0;
  *(uint32_t*)0x20ccc027 = (uint32_t)0x9;
  *(uint32_t*)0x20ccc02b = (uint32_t)0x7ab;
  *(uint32_t*)0x20ccc02f = (uint32_t)0x0;
  *(uint32_t*)0x20ccc033 = (uint32_t)0x0;
  *(uint32_t*)0x20ccc037 = (uint32_t)0x0;
  r[27] = syscall(__NR_ioctl, r[4], 0x4008ae90ul, 0x20ccbfe3ul);
}

int main()
{
  loop();
  return 0;
}