// https://syzkaller.appspot.com/bug?id=5a34035b13d7f4215357b46093ca6d5c45c93f93
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

#ifndef __NR_ioctl
#define __NR_ioctl 29
#endif
#ifndef __NR_mmap
#define __NR_mmap 222
#endif
#ifndef __NR_openat
#define __NR_openat 56
#endif

static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2)
{
  if (a0 == 0xc || a0 == 0xb) {
    char buf[128];
    sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block", (uint8_t)a1,
            (uint8_t)a2);
    return open(buf, O_RDWR, 0);
  } else {
    unsigned long nb = a1;
    char buf[1024];
    char* hash;
    strncpy(buf, (char*)a0, sizeof(buf) - 1);
    buf[sizeof(buf) - 1] = 0;
    while ((hash = strchr(buf, '#'))) {
      *hash = '0' + (char)(nb % 10);
      nb /= 10;
    }
    return open(buf, a2 & ~O_CREAT, 0);
  }
}

uint64_t r[4] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
                 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  const char* reason;
  (void)reason;
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  //  openat$cgroup_ro arguments: [
  //    fd: fd_cgroup (resource)
  //    file: ptr[in, buffer] {
  //      buffer: {63 70 75 73 65 74 2e 65 66 66 65 63 74 69 76 65 5f 63 70 75
  //      73 00} (length 0x16)
  //    }
  //    flags: const = 0x275a (4 bytes)
  //    mode: const = 0x0 (2 bytes)
  //  ]
  //  returns fd
  memcpy((void*)0x20000400, "cpuset.effective_cpus\000", 22);
  res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x20000400ul,
                /*flags=*/0x275a, /*mode=*/0);
  if (res != -1)
    r[0] = res;
  //  syz_open_dev$loop arguments: [
  //    dev: ptr[in, buffer] {
  //      buffer: {2f 64 65 76 2f 6c 6f 6f 70 23 00} (length 0xb)
  //    }
  //    id: intptr = 0x8f (8 bytes)
  //    flags: open_flags = 0x40240 (8 bytes)
  //  ]
  //  returns fd_loop
  memcpy((void*)0x20000300, "/dev/loop#\000", 11);
  res = -1;
  res = syz_open_dev(/*dev=*/0x20000300, /*id=*/0x8f,
                     /*flags=O_TRUNC|O_NOATIME|O_CREAT*/ 0x40240);
  if (res != -1)
    r[1] = res;
  //  ioctl$LOOP_CONFIGURE arguments: [
  //    fd: fd_loop (resource)
  //    cmd: const = 0x4c0a (4 bytes)
  //    arg: ptr[in, loop_config] {
  //      loop_config {
  //        fd: fd_loop (resource)
  //        block_size: int32 = 0x0 (4 bytes)
  //        info: loop_info64 {
  //          lo_device: const = 0x2a12 (8 bytes)
  //          lo_inode: const = 0x80010000 (8 bytes)
  //          lo_rdevice: const = 0x0 (8 bytes)
  //          lo_offset: int64 = 0x0 (8 bytes)
  //          lo_sizelimit: int64 = 0x4 (8 bytes)
  //          lo_number: const = 0x0 (4 bytes)
  //          lo_enc_type: lo_encrypt_type = 0x0 (4 bytes)
  //          lo_enc_key_size: int32 = 0xe (4 bytes)
  //          lo_flags: lo_flags = 0x14 (4 bytes)
  //          lo_file_name: buffer: {fe e8 a2 ab 78 fc 17 9f d1 f8 09 00 01 00
  //          ac a7 ca 44 c6 a4 b3 e0 0d 96 83 dd a1 af 01 00 00 00 c0 ff 12 00
  //          10 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00
  //          00 00 00 00 00 00} (length 0x40) lo_crypt_name: buffer: {28 09 e8
  //          db e1 b2 2d 00 00 b4 20 a1 a9 3c 75 40 f4 76 77 9e 01 17 61 3d d4
  //          07 00 00 eb ff 08 00 00 00 00 00 00 00 00 00 02 00 00 00 08 00 00
  //          00 00 fa ff ff ff 00 00 00 00 00 00 00 00 00 00 00} (length 0x40)
  //          lo_enc_key: buffer: {e7 46 00 00 10 20 00 00 00 00 e4 44 00 00 00
  //          20 00 00 00 00 00 00 00 00 00 00 00 8b d0 28 00 00} (length 0x20)
  //          lo_init: array[int64] {
  //            int64 = 0xe0 (8 bytes)
  //            int64 = 0x0 (8 bytes)
  //          }
  //        }
  //        reserved: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //        00 00} (length 0x40)
  //      }
  //    }
  //  ]
  *(uint32_t*)0x20000000 = r[0];
  *(uint32_t*)0x20000004 = 0;
  *(uint64_t*)0x20000008 = 0x2a12;
  *(uint64_t*)0x20000010 = 0x80010000;
  *(uint64_t*)0x20000018 = 0;
  *(uint64_t*)0x20000020 = 0;
  *(uint64_t*)0x20000028 = 4;
  *(uint32_t*)0x20000030 = 0;
  *(uint32_t*)0x20000034 = 0;
  *(uint32_t*)0x20000038 = 0xe;
  *(uint32_t*)0x2000003c = 0x14;
  memcpy((void*)0x20000040,
         "\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\x09\x00\x01\x00\xac\xa7\xca"
         "\x44\xc6\xa4\xb3\xe0\x0d\x96\x83\xdd\xa1\xaf\x01\x00\x00\x00\xc0\xff"
         "\x12\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
         64);
  memcpy((void*)0x20000080,
         "\x28\x09\xe8\xdb\xe1\xb2\x2d\x00\x00\xb4\x20\xa1\xa9\x3c\x75\x40\xf4"
         "\x76\x77\x9e\x01\x17\x61\x3d\xd4\x07\x00\x00\xeb\xff\x08\x00\x00\x00"
         "\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x08\x00\x00\x00\x00\xfa\xff"
         "\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
         64);
  memcpy((void*)0x200000c0,
         "\xe7\x46\x00\x00\x10\x20\x00\x00\x00\x00\xe4\x44\x00\x00\x00\x20\x00"
         "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8b\xd0\x28\x00\x00",
         32);
  *(uint64_t*)0x200000e0 = 0xe0;
  *(uint64_t*)0x200000e8 = 0;
  memset((void*)0x200000f0, 0, 64);
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x4c0a, /*arg=*/0x20000000ul);
  //  syz_open_dev$loop arguments: [
  //    dev: ptr[in, buffer] {
  //      buffer: {2f 64 65 76 2f 6c 6f 6f 70 23 00} (length 0xb)
  //    }
  //    id: intptr = 0x195d (8 bytes)
  //    flags: open_flags = 0xec4d2770249a3ef5 (8 bytes)
  //  ]
  //  returns fd_loop
  memcpy((void*)0x20000240, "/dev/loop#\000", 11);
  res = -1;
  res = syz_open_dev(
      /*dev=*/0x20000240, /*id=*/0x195d,
      /*flags=O_TRUNC|O_SYNC|O_NONBLOCK|O_LARGEFILE|O_EXCL|O_CREAT|0xec4d277024882435*/
      0xec4d2770249a3ef5);
  if (res != -1)
    r[2] = res;
  //  openat$sysfs arguments: [
  //    fd: const = 0xffffffffffffff9c (8 bytes)
  //    dir: ptr[in, buffer] {
  //      buffer: {2f 73 79 73 2f 70 6f 77 65 72 2f 70 6d 5f 66 72 65 65 7a 65
  //      5f 74 69 6d 65 6f 75 74} (length 0x1c)
  //    }
  //    flags: open_flags = 0x82803 (4 bytes)
  //    mode: open_mode = 0x8e (2 bytes)
  //  ]
  //  returns fd
  memcpy((void*)0x20000000, "/sys/power/pm_freeze_timeout", 28);
  res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*dir=*/0x20000000ul,
                /*flags=O_NONBLOCK|O_CLOEXEC|FASYNC|O_RDWR|0x1*/ 0x82803,
                /*mode=S_IWOTH|S_IROTH|S_IXGRP|S_IWUSR*/ 0x8e);
  if (res != -1)
    r[3] = res;
  //  ioctl$LOOP_CHANGE_FD arguments: [
  //    fd: fd_loop (resource)
  //    cmd: const = 0x4c06 (4 bytes)
  //    arg: fd (resource)
  //  ]
  syscall(__NR_ioctl, /*fd=*/r[2], /*cmd=*/0x4c06, /*arg=*/r[3]);
  return 0;
}