// https://syzkaller.appspot.com/bug?id=d26cf3b32be016ec7c332ba038bf2d025916cbaa
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mount.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_close_range
#define __NR_close_range 436
#endif
#ifndef __NR_io_uring_register
#define __NR_io_uring_register 427
#endif
#ifndef __NR_io_uring_setup
#define __NR_io_uring_setup 425
#endif
#ifndef __NR_landlock_create_ruleset
#define __NR_landlock_create_ruleset 444
#endif

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  const char* reason;
  (void)reason;
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  //  mmap$auto arguments: [
  //    addr: intptr = 0x0 (8 bytes)
  //    len: intptr = 0x400008 (8 bytes)
  //    prot: intptr = 0xdf (8 bytes)
  //    flags: intptr = 0x9b72 (8 bytes)
  //    fd: fd (resource)
  //    off: intptr = 0x8000 (8 bytes)
  //  ]
  syscall(__NR_mmap, /*addr=*/0ul, /*len=*/0x400008ul, /*prot=*/0xdful,
          /*flags=*/0x9b72ul, /*fd=*/2, /*off=*/0x8000ul);
  //  socket$nl_generic arguments: [
  //    domain: const = 0x10 (8 bytes)
  //    type: const = 0x3 (8 bytes)
  //    proto: const = 0x10 (4 bytes)
  //  ]
  //  returns sock_nl_generic
  res = syscall(__NR_socket, /*domain=*/0x10ul, /*type=*/3ul, /*proto=*/0x10);
  if (res != -1)
    r[0] = res;
  //  openat$auto_dvb_frontend_fops_dvb_frontend arguments: [
  //    fd: const = 0xffffffffffffff9c (8 bytes)
  //    file: ptr[in, buffer] {
  //      buffer: {2f 64 65 76 2f 64 76 62 2f 61 64 61 70 74 65 72 30 2f 66 72
  //      6f 6e 74 65 6e 64 30 00} (length 0x1c)
  //    }
  //    flags: open_flags = 0x1 (4 bytes)
  //    mode: const = 0x0 (2 bytes)
  //  ]
  //  returns fd_dvb_frontend_fops_dvb_frontend
  memcpy((void*)0x200000000000, "/dev/dvb/adapter0/frontend0\000", 28);
  syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul,
          /*flags=O_WRONLY*/ 1, /*mode=*/0);
  //  landlock_create_ruleset$auto arguments: [
  //    attr: ptr[in, landlock_ruleset_attr$auto] {
  //      landlock_ruleset_attr$auto {
  //        handled_access_fs: int64 = 0xd1d (8 bytes)
  //        handled_access_net: int64 = 0x3 (8 bytes)
  //        scoped: int64 = 0x7 (8 bytes)
  //      }
  //    }
  //    size: intptr = 0x0 (8 bytes)
  //    flags: int32 = 0x10000 (4 bytes)
  //  ]
  //  returns fd
  *(uint64_t*)0x200000000000 = 0xd1d;
  *(uint64_t*)0x200000000008 = 3;
  *(uint64_t*)0x200000000010 = 7;
  res = syscall(__NR_landlock_create_ruleset, /*attr=*/0x200000000000ul,
                /*size=*/0ul, /*flags=*/0x10000);
  if (res != -1)
    r[1] = res;
  //  close_range$auto arguments: [
  //    fd: fd (resource)
  //    max_fd: fd (resource)
  //    flags: int32 = 0x0 (4 bytes)
  //  ]
  syscall(__NR_close_range, /*fd=*/2, /*max_fd=*/8, /*flags=*/0);
  //  ioctl$auto_BTRFS_IOC_SEND_32 arguments: [
  //    fd: fd_btrfs_dir_file_operations_inode (resource)
  //    cmd: const = 0x40449426 (4 bytes)
  //    arg: ptr[inout, btrfs_ioctl_send_args_32$auto] {
  //      btrfs_ioctl_send_args_32$auto {
  //        send_fd: union auto_union[fd, int64] {
  //          inferred: fd (resource)
  //        }
  //        clone_sources_count: int64 = 0xc3c (8 bytes)
  //        clone_sources: int32 = 0xca (4 bytes)
  //        parent_root: int64 = 0xd6 (8 bytes)
  //        flags: int64 = 0x100 (8 bytes)
  //        version: int32 = 0x7fffffff (4 bytes)
  //        reserved: buffer: {32 a7 ae 71 84 ac 9a 6f 42 44 0c 5d b5 10 67 9d
  //        a3 dd 6f af a4 41 81 58 e5 02 1f 49} (length 0x1c)
  //      }
  //    }
  //  ]
  *(uint32_t*)0x200000000040 = r[0];
  *(uint64_t*)0x200000000048 = 0xc3c;
  *(uint32_t*)0x200000000050 = 0xca;
  *(uint64_t*)0x200000000054 = 0xd6;
  *(uint64_t*)0x20000000005c = 0x100;
  *(uint32_t*)0x200000000064 = 0x7fffffff;
  memcpy((void*)0x200000000068,
         "\x32\xa7\xae\x71\x84\xac\x9a\x6f\x42\x44\x0c\x5d\xb5\x10\x67\x9d\xa3"
         "\xdd\x6f\xaf\xa4\x41\x81\x58\xe5\x02\x1f\x49",
         28);
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x40449426,
          /*arg=*/0x200000000040ul);
  //  io_uring_setup$auto arguments: [
  //    entries: int32 = 0x6 (4 bytes)
  //    params: nil
  //  ]
  //  returns fd
  syscall(__NR_io_uring_setup, /*entries=*/6, /*params=*/0ul);
  //  io_uring_register$auto arguments: [
  //    fd: fd (resource)
  //    opcode: int32 = 0x0 (4 bytes)
  //    arg: ptr[inout, buffer] {
  //      buffer: {} (length 0x0)
  //    }
  //    nr_args: int32 = 0x1000 (4 bytes)
  //  ]
  syscall(__NR_io_uring_register, /*fd=*/2, /*opcode=*/0,
          /*arg=*/0x200000000000ul, /*nr_args=*/0x1000);
  return 0;
}