// https://syzkaller.appspot.com/bug?id=a3e59bb6d1a60d055b30a9491ce672aac193144a
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_bind
#define __NR_bind 200
#endif
#ifndef __NR_ioctl
#define __NR_ioctl 29
#endif
#ifndef __NR_mmap
#define __NR_mmap 222
#endif
#ifndef __NR_setsockopt
#define __NR_setsockopt 208
#endif

const int kInitNetNsFd = 201;

static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2)
{
  if (a0 == 0xc || a0 == 0xb) {
    char buf[128];
    sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
            (uint8_t)a2);
    return open(buf, O_RDWR, 0);
  } else {
    unsigned long nb = a1;
    char buf[1024];
    char* hash;
    strncpy(buf, (char*)a0, sizeof(buf) - 1);
    buf[sizeof(buf) - 1] = 0;
    while ((hash = strchr(buf, '#'))) {
      *hash = '0' + (char)(nb % 10);
      nb /= 10;
    }
    return open(buf, a2, 0);
  }
}

static long syz_init_net_socket(volatile long domain, volatile long type,
                                volatile long proto)
{
  return syscall(__NR_socket, domain, type, proto);
}

uint64_t r[4] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
                 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  const char* reason;
  (void)reason;
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  res = -1;
  res = syz_init_net_socket(/*domain=*/3, /*type=SOCK_SEQPACKET*/ 5,
                            /*proto=AX25_P_VJUNCOMP*/ 7);
  if (res != -1)
    r[0] = res;
  memcpy((void*)0x20000040, "nr", 2);
  *(uint8_t*)0x20000042 = 0x30;
  *(uint8_t*)0x20000043 = 0;
  syscall(__NR_setsockopt, /*fd=*/r[0], /*level=*/0x101, /*optname=*/0x19,
          /*optval=*/0x20000040ul, /*optlen=*/0x10ul);
  syscall(__NR_ioctl, /*fd=*/(intptr_t)-1, /*cmd=*/0x800442d3, /*arg=*/0ul);
  memcpy((void*)0x20000000, "/dev/snd/controlC#\000", 19);
  syz_open_dev(/*dev=*/0x20000000, /*id=*/1,
               /*flags=O_CLOEXEC|O_APPEND*/ 0x80400);
  res = -1;
  res = syz_init_net_socket(/*fam=*/0x1f, /*type=*/5, /*proto=*/2);
  if (res != -1)
    r[1] = res;
  memcpy((void*)0x20000000,
         "bpq0\000\000\000\000\000\000\000\000\000\000\000\000", 16);
  syscall(__NR_setsockopt, /*fd=*/(intptr_t)-1, /*level=*/0x101,
          /*optname=*/0x19, /*optval=*/0x20000000ul,
          /*optlen=*/0xfffffffffffffe1dul);
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x8914, /*arg=*/0x20000000ul);
  res = -1;
  res = syz_init_net_socket(/*domain=*/3, /*type=SOCK_DGRAM*/ 2,
                            /*proto=AX25_P_FLEXNET*/ 0xce);
  if (res != -1)
    r[2] = res;
  *(uint16_t*)0x20000380 = 3;
  *(uint8_t*)0x20000382 = 0x98;
  *(uint8_t*)0x20000383 = 0x92;
  *(uint8_t*)0x20000384 = 0x9c;
  *(uint8_t*)0x20000385 = 0xaa;
  *(uint8_t*)0x20000386 = 0xb0;
  *(uint8_t*)0x20000387 = 0x40;
  *(uint8_t*)0x20000388 = 2;
  *(uint32_t*)0x2000038c = 2;
  *(uint8_t*)0x20000390 = 0xbb;
  *(uint8_t*)0x20000391 = 0xbb;
  *(uint8_t*)0x20000392 = 0xbb;
  *(uint8_t*)0x20000393 = 1;
  *(uint8_t*)0x20000394 = 0;
  *(uint8_t*)0x20000397 = 0x98;
  *(uint8_t*)0x20000398 = 0x92;
  *(uint8_t*)0x20000399 = 0x9c;
  *(uint8_t*)0x2000039a = 0xaa;
  *(uint8_t*)0x2000039b = 0xb0;
  *(uint8_t*)0x2000039c = 0x40;
  *(uint8_t*)0x2000039d = 2;
  *(uint8_t*)0x2000039e = 0x98;
  *(uint8_t*)0x2000039f = 0x92;
  *(uint8_t*)0x200003a0 = 0x9c;
  *(uint8_t*)0x200003a1 = 0xaa;
  *(uint8_t*)0x200003a2 = 0xb0;
  *(uint8_t*)0x200003a3 = 0x40;
  *(uint8_t*)0x200003a4 = 2;
  *(uint8_t*)0x200003a5 = 0xbb;
  *(uint8_t*)0x200003a6 = 0xbb;
  *(uint8_t*)0x200003a7 = 0xbb;
  *(uint8_t*)0x200003a8 = 0xbb;
  *(uint8_t*)0x200003a9 = 0xbb;
  *(uint8_t*)0x200003aa = 0;
  *(uint8_t*)0x200003ab = 0;
  *(uint8_t*)0x200003ac = 0xbb;
  *(uint8_t*)0x200003ad = 0xbb;
  *(uint8_t*)0x200003ae = 0xbb;
  *(uint8_t*)0x200003af = 1;
  *(uint8_t*)0x200003b0 = 0;
  *(uint8_t*)0x200003b3 = 0xbb;
  *(uint8_t*)0x200003b4 = 0xbb;
  *(uint8_t*)0x200003b5 = 0xbb;
  *(uint8_t*)0x200003b6 = 1;
  *(uint8_t*)0x200003b7 = 0;
  *(uint8_t*)0x200003ba = 0xcc;
  *(uint8_t*)0x200003bb = 0xcc;
  *(uint8_t*)0x200003bc = 0xcc;
  *(uint8_t*)0x200003bd = 0xcc;
  *(uint8_t*)0x200003be = 0xcc;
  *(uint8_t*)0x200003bf = 0xcc;
  *(uint8_t*)0x200003c0 = 2;
  *(uint8_t*)0x200003c1 = 0xa2;
  *(uint8_t*)0x200003c2 = 0xa6;
  *(uint8_t*)0x200003c3 = 0xa8;
  *(uint8_t*)0x200003c4 = 0x40;
  *(uint8_t*)0x200003c5 = 0x40;
  *(uint8_t*)0x200003c6 = 0x40;
  *(uint8_t*)0x200003c7 = 0;
  syscall(__NR_bind, /*fd=*/r[2], /*addr=*/0x20000380ul, /*addrlen=*/0x48ul);
  res = -1;
  res = syz_init_net_socket(/*fam=*/0x1f, /*type=SOCK_STREAM*/ 1, /*proto=*/3);
  if (res != -1)
    r[3] = res;
  memcpy((void*)0x20000180, "bond0\000\000\000\000\000\000\000\000\000\000\000",
         16);
  memcpy((void*)0x20000190, "rose0\000\000\000\000\000\000\000\000\000\000\000",
         16);
  syscall(__NR_ioctl, /*fd=*/r[3], /*cmd=SIOCSHWTSTAMP|0x40*/ 0x89f0,
          /*arg=*/0x20000180ul);
  return 0;
}