// https://syzkaller.appspot.com/bug?id=1df0435f7a67907ac17c2e1da0d502b7897a8e5c
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_memfd_create
#define __NR_memfd_create 319
#endif

uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
          /*offset=*/0ul);
  const char* reason;
  (void)reason;
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  memcpy(
      (void*)0x20000480,
      "\377\000l\036\240</"
      "\000\216O4._\024zC\212\350\340u\340\377\361\262\375\366nz\005-]"
      "\302Vk\256ky\323\203\342\307\323\346M^"
      "\230ox\024\t\351Q1\035K\232\0045\3237\2622\375D("
      "\322\335\240\377\017\000\000\000\000\000\000v\n\330?]"
      "k\024N\030\364\302j\3556g\375\322\324\343\037\246 "
      "\240\215\265\232E<2`]<"
      "\214R\3269\017O\277\303\275\260\226\220\221k\206\032\020\322\365\213\374"
      "\364\320[\022\365+\032S\002/Yx\362jJb\227\234/"
      "\0375i\306\2061\232\377\303\347\277U\325\254\314B="
      "\217\375\204\356pQ\223nn\017\306\251?\255\213~\226@i="
      "G\237t\035\314\306Ys7\177\216hv\323$\023s\240\277i\372FS\251="
      "Xe\370tI\025\2102\213\216-X\270\362\235u\025S^\354\316\372f$"
      "S\237\347Ed\n\204\\ "
      "u\322\026\301\245\240\252\350.i\310\016\vt\342\361lA\223\335\316\217$"
      "\006v\276\347\225nN\305\252\036v\306P\234\\G&y\213YA\303}\331\206["
      "\262\363\017\220%\313\201\350\352\274s\225\351\216XH\031m\337OY\361E9-"
      "\310\347\023^+(\0034\202\257iOO\024\217^\214",
      334);
  res = syscall(__NR_memfd_create, /*name=*/0x20000480ul,
                /*flags=MFD_HUGETLB|MFD_ALLOW_SEALING|MFD_CLOEXEC*/ 7ul);
  if (res != -1)
    r[0] = res;
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x2000ul,
          /*prot=PROT_SEM|PROT_WRITE*/ 0xaul,
          /*flags=MAP_POPULATE|MAP_NORESERVE|MAP_HUGETLB|MAP_FIXED|0x1081*/
          0x4d091ul, /*fd=*/r[0], /*offset=*/0x20000000ul);
  syscall(__NR_fcntl, /*fd=*/r[0], /*cmd=*/0x409ul,
          /*seals=F_SEAL_SHRINK*/ 2ul);
  memcpy((void*)0x20000000, "/dev/udmabuf\000", 13);
  res = syscall(__NR_openat, /*fd=*/0xffffff9cul, /*file=*/0x20000000ul,
                /*flags=*/2, 0);
  if (res != -1)
    r[1] = res;
  *(uint32_t*)0x20000040 = r[0];
  *(uint32_t*)0x20000044 = 1;
  *(uint64_t*)0x20000048 = 0x1000000;
  *(uint64_t*)0x20000050 = 0x100000;
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x40187542, /*arg=*/0x20000040ul);
  return 0;
}