#define _GNU_SOURCE

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

static long syz_mod_dev(volatile long a0, volatile long a1, volatile long a2,
                        volatile long a3, volatile long a4, volatile long a5)
{
  int fd, sysfd;
  char buf[1024], sysbuf[1024], input[1024];
  char* hash;
  char dev_num;
  dev_num = 0;
  strncpy(buf, (char*)a0, sizeof(buf) - 1);
  buf[sizeof(buf) - 1] = 0;
  while ((hash = strchr(buf, '#'))) {
    *hash = '0' + (char)(a1 % 10);
    a1 /= 10;
    if (dev_num == 0)
      dev_num = *hash;
  }
  fd = open(buf, a2, 0);
  strncpy(sysbuf, (char*)a3, sizeof(sysbuf) - 1);
  sysbuf[sizeof(sysbuf) - 1] = 0;
  if ((hash = strchr(sysbuf, '#'))) {
    *hash = dev_num;
    while ((hash = strchr(sysbuf, '#'))) {
      *hash = '0' + (char)(a1 % 10);
      a1 /= 10;
    }
  }
  sysfd = open(sysbuf, O_RDWR, 0);
  strncpy(input, (char*)a4, sizeof(input) - 1);
  input[sizeof(input) - 1] = 0;
  hash = strchr(input, '\0');
  sysfd = write(sysfd, input, hash - input + 1);
  return fd;
}

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  intptr_t res = 0;
  memcpy((void*)0x20000340, "/dev/nvme-fabrics\000", 18);
  memcpy((void*)0x20000380,
         "/sys/devices/virtual/workqueue/nvme-delete-wq/cpumask\000", 54);
  memcpy((void*)0x200003c0, "2\000", 2);
  syz_mod_dev(/*dev=*/0x20000340, /*id=*/0, /*flags=*/0, /*file=*/0x20000380,
              /*buf=*/0x200003c0, /*fd=*/-1);
  memcpy((void*)0x20000040, "/sys/devices/system/cpu/cpu1/online\000", 36);
  res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000040ul,
                /*flags=*/2ul, /*mode=*/0ul);
  if (res != -1)
    r[0] = res;
  sprintf((char*)0x20002780, "%020llu", (long long)0);
  *(uint8_t*)0x20002794 = 0;
  syscall(__NR_write, /*fd=*/r[0], /*buf=*/0x20002780ul, /*len=*/0x15ul);
  return 0;
}