// https://syzkaller.appspot.com/bug?id=3bec9db77ab10a575ad4084574811ba07f8020dc
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_io_uring_setup
#define __NR_io_uring_setup 425
#endif

static long syz_open_procfs(volatile long a0, volatile long a1)
{
  char buf[128];
  memset(buf, 0, sizeof(buf));
  if (a0 == 0) {
    snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1);
  } else if (a0 == -1) {
    snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1);
  } else {
    snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1);
  }
  int fd = open(buf, O_RDWR);
  if (fd == -1)
    fd = open(buf, O_RDONLY);
  return fd;
}

uint64_t r[1] = {0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  const char* reason;
  (void)reason;
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  //  prctl$PR_SET_MM_MAP arguments: [
  //    option: const = 0x23 (8 bytes)
  //    opt: const = 0xe (8 bytes)
  //    arg: ptr[in, prctl_mm_map] {
  //      prctl_mm_map {
  //        start_code: VMA[0x1000]
  //        end_code: VMA[0x3000]
  //        start_data: VMA[0x4000]
  //        end_data: VMA[0x4000]
  //        start_brk: VMA[0x4000]
  //        brk: VMA[0x3000]
  //        start_stack: VMA[0x4000]
  //        arg_start: VMA[0x1000]
  //        arg_end: VMA[0x3000]
  //        env_start: VMA[0x1000]
  //        env_end: VMA[0x2000]
  //        auxv: nil
  //        auxv_size: bytesize = 0x0 (4 bytes)
  //        exe_fd: fd (resource)
  //      }
  //    }
  //    len: bytesize = 0x68 (8 bytes)
  //  ]
  *(uint64_t*)0x200000000080 = 0x200000ff0000;
  *(uint64_t*)0x200000000088 = 0x200000ffd000;
  *(uint64_t*)0x200000000090 = 0x200000ffc000;
  *(uint64_t*)0x200000000098 = 0x200000ffc000;
  *(uint64_t*)0x2000000000a0 = 0x200000ff8000;
  *(uint64_t*)0x2000000000a8 = 0x200000ff8000;
  *(uint64_t*)0x2000000000b0 = 0x200000ffa000;
  *(uint64_t*)0x2000000000b8 = 0x200000ff2000;
  *(uint64_t*)0x2000000000c0 = 0x200000ffc000;
  *(uint64_t*)0x2000000000c8 = 0x200000ffa000;
  *(uint64_t*)0x2000000000d0 = 0x200000ffa000;
  *(uint64_t*)0x2000000000d8 = 0;
  *(uint32_t*)0x2000000000e0 = 0;
  *(uint32_t*)0x2000000000e4 = -1;
  syscall(__NR_prctl, /*option=*/0x23ul, /*opt=*/0xeul,
          /*arg=*/0x200000000080ul, /*len=*/0x68ul, 0);
  //  sendmsg$NFT_BATCH arguments: [
  //    fd: sock_nl_netfilter (resource)
  //    msg: ptr[in, msghdr_netlink[nft_batch_msg]] {
  //      msghdr_netlink[nft_batch_msg] {
  //        addr: nil
  //        addrlen: len = 0x0 (4 bytes)
  //        pad = 0x0 (4 bytes)
  //        vec: nil
  //        vlen: const = 0x1 (8 bytes)
  //        ctrl: const = 0x0 (8 bytes)
  //        ctrllen: const = 0x0 (8 bytes)
  //        f: send_flags = 0x0 (4 bytes)
  //        pad = 0x0 (4 bytes)
  //      }
  //    }
  //    f: send_flags = 0x0 (8 bytes)
  //  ]
  *(uint64_t*)0x200000000080 = 0;
  *(uint32_t*)0x200000000088 = 0;
  *(uint64_t*)0x200000000090 = 0;
  *(uint64_t*)0x200000000098 = 1;
  *(uint64_t*)0x2000000000a0 = 0;
  *(uint64_t*)0x2000000000a8 = 0;
  *(uint32_t*)0x2000000000b0 = 0;
  syscall(__NR_sendmsg, /*fd=*/(intptr_t)-1, /*msg=*/0x200000000080ul,
          /*f=*/0ul);
  //  io_uring_setup arguments: [
  //    entries: int32 = 0x7 (4 bytes)
  //    params: ptr[inout, io_uring_params] {
  //      io_uring_params {
  //        sq_entries: int32 = 0x0 (4 bytes)
  //        cq_entries: int32 = 0xc8a1 (4 bytes)
  //        flags: io_uring_setup_flags = 0x4000 (4 bytes)
  //        sq_thread_cpu: int32 = 0x8 (4 bytes)
  //        sq_thread_idle: int32 = 0xc1 (4 bytes)
  //        features: int32 = 0x0 (4 bytes)
  //        wq_fd: fd_io_uring (resource)
  //        resv: buffer: {00 00 00 00 00 00 00 00 00 00 00 00} (length 0xc)
  //        sq_off: array[int32] {
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //        }
  //        cq_off: array[int32] {
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //          int32 = 0x0 (4 bytes)
  //        }
  //      }
  //    }
  //  ]
  //  returns fd_io_uring
  *(uint32_t*)0x200000000044 = 0xc8a1;
  *(uint32_t*)0x200000000048 = 0x4000;
  *(uint32_t*)0x20000000004c = 8;
  *(uint32_t*)0x200000000050 = 0xc1;
  *(uint32_t*)0x200000000058 = -1;
  memset((void*)0x20000000005c, 0, 12);
  syscall(__NR_io_uring_setup, /*entries=*/7, /*params=*/0x200000000040ul);
  //  syz_open_procfs arguments: [
  //    pid: pid (resource)
  //    file: ptr[in, buffer] {
  //      buffer: {66 64 69 6e 66 6f 2f 33 00} (length 0x9)
  //    }
  //  ]
  //  returns fd
  memcpy((void*)0x200000000000, "fdinfo/3\000", 9);
  res = -1;
  res = syz_open_procfs(/*pid=*/-1, /*file=*/0x200000000000);
  if (res != -1)
    r[0] = res;
  //  preadv arguments: [
  //    fd: fd (resource)
  //    vec: ptr[in, array[iovec[out, array[int8]]]] {
  //      array[iovec[out, array[int8]]] {
  //        iovec[out, array[int8]] {
  //          addr: ptr[out, buffer] {
  //            buffer: (DirOut)
  //          }
  //          len: len = 0xc4 (8 bytes)
  //        }
  //      }
  //    }
  //    vlen: len = 0x1 (8 bytes)
  //    off_low: int32 = 0x8 (4 bytes)
  //    off_high: int32 = 0xffffffff (4 bytes)
  //  ]
  *(uint64_t*)0x2000000005c0 = 0x200000000280;
  *(uint64_t*)0x2000000005c8 = 0xc4;
  syscall(__NR_preadv, /*fd=*/r[0], /*vec=*/0x2000000005c0ul, /*vlen=*/1ul,
          /*off_low=*/8, /*off_high=*/(intptr_t)-1);
  return 0;
}