// https://syzkaller.appspot.com/bug?id=2e84ac2704e45601307d5e6c228082e9f343f062
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

static long syz_open_procfs(volatile long a0, volatile long a1)
{
  char buf[128];
  memset(buf, 0, sizeof(buf));
  if (a0 == 0) {
    snprintf(buf, sizeof(buf), "/proc/self/%s", (char*)a1);
  } else if (a0 == -1) {
    snprintf(buf, sizeof(buf), "/proc/thread-self/%s", (char*)a1);
  } else {
    snprintf(buf, sizeof(buf), "/proc/self/task/%d/%s", (int)a0, (char*)a1);
  }
  int fd = open(buf, O_RDWR);
  if (fd == -1)
    fd = open(buf, O_RDONLY);
  return fd;
}

#ifndef __NR_execveat
#define __NR_execveat 322
#endif

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  intptr_t res = 0;
  memcpy((void*)0x20000500, "./file1\000", 8);
  syscall(__NR_mkdir, 0x20000500, 0);
  memcpy((void*)0x20000340, "./file0\000", 8);
  syscall(__NR_mkdir, 0x20000340, 0);
  memcpy((void*)0x20000300, "./file0\000", 8);
  memcpy((void*)0x20000180, "overlay\000", 8);
  memcpy((void*)0x200002c0, "upperdir=./file0,lowerdir=.:file0,workdir=./file1",
         49);
  syscall(__NR_mount, 0x400000, 0x20000300, 0x20000180, 0, 0x200002c0);
  memcpy((void*)0x20000080, "./file0\000", 8);
  res = syscall(__NR_open, 0x20000080, 0, 0);
  if (res != -1)
    r[0] = res;
  memcpy((void*)0x20000700, "./file1/../file0\000", 17);
  memcpy((void*)0x20000740, "system.posix_acl_access\000", 24);
  *(uint32_t*)0x20000e80 = 2;
  *(uint16_t*)0x20000e84 = 1;
  *(uint16_t*)0x20000e86 = 0;
  *(uint32_t*)0x20000e88 = 0;
  *(uint16_t*)0x20000e8c = 4;
  *(uint16_t*)0x20000e8e = 0;
  *(uint32_t*)0x20000e90 = 0;
  *(uint16_t*)0x20000e94 = 0x10;
  *(uint16_t*)0x20000e96 = 1;
  *(uint32_t*)0x20000e98 = 0;
  *(uint16_t*)0x20000e9c = 0x20;
  *(uint16_t*)0x20000e9e = 7;
  *(uint32_t*)0x20000ea0 = 0;
  syscall(__NR_setxattr, 0x20000700, 0x20000740, 0x20000e80, 0x24, 0);
  memcpy((void*)0x20000000, "./file1\000", 8);
  syscall(__NR_execveat, r[0], 0x20000000, 0, 0, 0);
  memcpy((void*)0x20000080, "io\000", 3);
  res = syz_open_procfs(-1, 0x20000080);
  if (res != -1)
    r[1] = res;
  memcpy((void*)0x20000440, "./bus\000", 6);
  res = syscall(__NR_open, 0x20000440, 0x141042, 0);
  if (res != -1)
    r[2] = res;
  syscall(__NR_sendfile, r[2], r[1], 0, 2);
  return 0;
}