// https://syzkaller.appspot.com/bug?id=8220a8f376ad410bb013c26c6b28f8c03bebb936
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_bpf
#define __NR_bpf 280
#endif
#ifndef __NR_mmap
#define __NR_mmap 222
#endif
#ifndef __NR_openat
#define __NR_openat 56
#endif
#ifndef __NR_write
#define __NR_write 64
#endif

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  const char* reason;
  (void)reason;
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  //  bpf$MAP_CREATE arguments: [
  //    cmd: const = 0x0 (8 bytes)
  //    arg: nil
  //    size: len = 0x0 (8 bytes)
  //  ]
  //  returns fd_bpf_map
  res = syscall(__NR_bpf, /*cmd=*/0ul, /*arg=*/0ul, /*size=*/0ul);
  if (res != -1)
    r[0] = res;
  //  bpf$MAP_UPDATE_BATCH arguments: [
  //    cmd: const = 0x1a (8 bytes)
  //    arg: ptr[in, bpf_map_batch_arg] {
  //      bpf_map_batch_arg {
  //        in_batch: nil
  //        out_batch: nil
  //        key: ptr[in, buffer] {
  //          buffer: {} (length 0x0)
  //        }
  //        val: ptr[in, buffer] {
  //          buffer: {} (length 0x0)
  //        }
  //        count: int32 = 0xb (4 bytes)
  //        map_fd: fd_bpf_map (resource)
  //        elem_flags: bpf_batch_flags = 0x0 (8 bytes)
  //        flags: const = 0x0 (8 bytes)
  //      }
  //    }
  //    size: len = 0x38 (8 bytes)
  //  ]
  *(uint64_t*)0x20000640 = 0;
  *(uint64_t*)0x20000648 = 0;
  *(uint64_t*)0x20000650 = 0x20000000;
  *(uint64_t*)0x20000658 = 0x200002c0;
  *(uint32_t*)0x20000660 = 0xb;
  *(uint32_t*)0x20000664 = r[0];
  *(uint64_t*)0x20000668 = 0;
  *(uint64_t*)0x20000670 = 0;
  syscall(__NR_bpf, /*cmd=*/0x1aul, /*arg=*/0x20000640ul, /*size=*/0x38ul);
  //  openat$cgroup_ro arguments: [
  //    fd: fd_cgroup (resource)
  //    file: ptr[in, buffer] {
  //      buffer: {64 65 76 69 63 65 73 2e 6c 69 73 74 00} (length 0xd)
  //    }
  //    flags: const = 0x275a (4 bytes)
  //    mode: const = 0x0 (2 bytes)
  //  ]
  //  returns fd
  memcpy((void*)0x200001c0, "devices.list\000", 13);
  res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200001c0ul,
                /*flags=*/0x275a, /*mode=*/0);
  if (res != -1)
    r[1] = res;
  //  write$cgroup_subtree arguments: [
  //    fd: fd_cgroup_subtree (resource)
  //    buf: nil
  //    len: bytesize = 0x32600 (8 bytes)
  //  ]
  syscall(__NR_write, /*fd=*/r[1], /*buf=*/0ul, /*len=*/0x32600ul);
  //  mmap arguments: [
  //    addr: VMA[0x3000]
  //    len: len = 0x3000 (8 bytes)
  //    prot: mmap_prot = 0x2000001 (8 bytes)
  //    flags: mmap_flags = 0x12 (8 bytes)
  //    fd: fd (resource)
  //    offset: intptr = 0x0 (8 bytes)
  //  ]
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x3000ul,
          /*prot=PROT_GROWSUP|PROT_READ*/ 0x2000001ul,
          /*flags=MAP_FIXED|MAP_PRIVATE*/ 0x12ul, /*fd=*/r[1], /*offset=*/0ul);
  //  bpf$MAP_LOOKUP_BATCH arguments: [
  //    cmd: const = 0x1b (8 bytes)
  //    arg: nil
  //    size: len = 0x0 (8 bytes)
  //  ]
  syscall(__NR_bpf, /*cmd=*/0x1bul, /*arg=*/0ul, /*size=*/0ul);
  return 0;
}