// https://syzkaller.appspot.com/bug?id=ed37ff7af4f0cc3ebbad64f58ac3fdd223b42e5f
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  const char* reason;
  (void)reason;
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  //  ioctl$KVM_SET_LAPIC arguments: [
  //    fd: fd_kvmcpu (resource)
  //    cmd: const = 0x4400ae8f (4 bytes)
  //    arg: ptr[in, kvm_lapic_state] {
  //      kvm_lapic_state {
  //        regs: buffer: {43 d0 64 45 5c a7 9c 36 98 dc ca 60 00 5c 1b a1 63 b1
  //        d8 f0 4d 69 d8 73 79 2c 0c bf c9 5d ac c7 cd 39 a4 9d f1 2a 05 2d 0d
  //        8f 1b d0 4b 72 2b 4f 26 24 37 ef c0 30 e7 06 91 6d e6 18 76 3f 46 00
  //        66 0b 41 f3 20 70 6e 06 86 0f e2 9f 1b b4 55 ef 50 71 56 d0 a5 73 8f
  //        13 07 84 a1 aa d9 9f 74 b3 e5 92 25 4e ed e1 4e b1 b6 4a f3 56 cf aa
  //        8f f0 02 c4 de ed 28 99 5d c5 e6 ee 13 c4 a1 b3 9b a7 29 79 c5 f3 ed
  //        91 ff 89 e7 3e 09 f7 f8 8f e5 8b ce 50 5f 05 00 76 4c 95 c8 be d7 49
  //        92 13 d1 07 31 b6 0e d6 c8 80 6a b0 94 84 32 95 ac 02 f0 6d c4 64 85
  //        bb 56 f2 eb 2e b3 c5 ef 1e 50 a2 43 1a 20 82 b5 4c 4b 0e 13 57 da ae
  //        fd 30 e0 83 22 fb 5f 92 2f 6d 9f a3 22 6f af 7a eb 96 30 aa be 81 61
  //        7f e2 84 9d 8a b9 2f b8 0f 07 df a9 d8 31 f4 f7 ef 48 92 3e 28 55 3f
  //        0c 31 cf 13 43 d4 c0 d4 de e9 37 e6 39 67 1e c2 ce ab 9e 50 48 d5 bc
  //        d9 f5 2a 9c 90 dd d1 fe e1 fd a9 0a 11 4f df 72 98 b7 60 7c 52 94 ef
  //        de a0 47 43 a0 04 5e 96 aa e4 96 fc b0 66 36 a8 62 0f 6e 00 7e e5 f5
  //        c2 4a b0 d0 f8 5c fb 3a 78 20 db e2 24 1b 01 7e 91 7e af b2 7d 13 fe
  //        ba 7d e3 a2 8d d4 c2 9c 79 59 ae 5c 07 24 c8 48 f8 96 0f be a5 f7 b7
  //        a3 5a c3 2f a6 bb f8 69 03 0a 1b 61 fb 0d 20 a5 63 1d ce a6 8f fa 7d
  //        45 68 69 c4 e7 9f 60 33 f3 8f a8 8c cd 53 dc 1f eb 53 81 c0 1d d7 1e
  //        c0 44 6e 36 33 27 0b 7f b9 61 e0 4a d7 e1 f4 4e 3f d0 d9 6c 72 44 99
  //        e1 ec 2c ff 23 a3 d5 a9 79 52 ec 0a 44 dd 96 74 91 dc 45 d4 df 48 ad
  //        83 02 7d f0 be 02 e3 5c a4 c1 07 bd f9 57 f4 c7 a8 31 df f8 9f 99 8a
  //        2e 13 02 44 5d c0 2b 5f c3 8f 7c 8a 62 60 72 3e 53 50 62 31 9c b6 8c
  //        b3 09 e9 1b 88 c5 50 14 bb 43 6c 5d 9f 6b f3 5c be 24 60 58 21 ba f9
  //        ea 6a aa 31 cb 2d d7 4e 29 86 3a 0c 71 e3 36 78 46 cf fe 17 c4 a2 9a
  //        76 eb 63 5e 95 c6 d7 f4 d8 46 f3 36 9a ed bf b7 0b 37 16 c1 c0 23 4a
  //        0d eb 9a bf ac 12 68 6d 45 ba 97 95 2e 8a 50 48 0c 5f 44 e0 38 b1 a4
  //        d5 cd 93 01 d0 2b 94 2a fa cf aa 30 b6 ef 31 5d 72 ea f4 1d dd da 49
  //        83 60 8d c2 f5 d5 e9 23 92 a1 41 b0 f2 f8 d3 40 42 d1 a6 cd 45 d9 f9
  //        df 4c 83 b8 c8 b5 59 59 d5 88 43 ab 35 64 d3 f4 9d 81 ed 2c cd 42 bb
  //        8a d9 c8 e4 b9 2c 2d f8 72 c9 38 3c 88 f4 b1 bb af 11 6f ff 23 3f 55
  //        d9 9b 43 67 7e b2 9a d6 3e 00 ea 4e ee 69 c7 2a 60 4b 2c dd 76 41 d9
  //        c6 82 d1 d4 ea 8e 5b d0 de 85 7a c1 a5 5b 2d 63 74 a4 a1 8a f8 f2 78
  //        87 ff b4 b2 16 8e 76 4a 5a a9 b3 03 a3 58 73 d2 17 7d e8 c5 a0 0b e3
  //        97 26 ba a6 d3 36 b6 a3 6b 8e c6 74 34 54 b4 54 2f 3f b3 ca 67 8a 0e
  //        cc a1 7b a7 c2 65 59 31 f3 8e d2 62 19 fd e4 5a b8 46 9d b2 a1 56 95
  //        3b 02 8a be c6 3c 6b 84 1c 8b d9 f9 f0 86 1e 7a eb 81 95 01 34 44 d2
  //        d3 26 ca d5 37 18 e4 0b e0 6a ea 64 45 73 a9 ef 22 b1 36 92 a1 7e d8
  //        a4 51 af 9e 2d e1 5b 4b fc e7 c2 57 06 3e 28 c0 7e 4c 33 01 a1 bf f3
  //        7d 72 ef c1 4d 34 dd ab bb 28 6f 53 26 4e 0c 81 22 f2 15 de 4f 2e 06
  //        f6 e0 47 26 74 c2 47 6a 61 ad 2e 30 9a bf ed 7e 33 67 bc 73 73 87 65
  //        07 76 4e 60 b1 93 e8 c5 ab be 95 f4 2a df c7 4d d2 5c 90 98 df ba 82
  //        72 f7 36 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //        00 00 00 00 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00} (length 0x400)
  //      }
  //    }
  //  ]
  memcpy(
      (void*)0x200000000480,
      "\x43\xd0\x64\x45\x5c\xa7\x9c\x36\x98\xdc\xca\x60\x00\x5c\x1b\xa1\x63\xb1"
      "\xd8\xf0\x4d\x69\xd8\x73\x79\x2c\x0c\xbf\xc9\x5d\xac\xc7\xcd\x39\xa4\x9d"
      "\xf1\x2a\x05\x2d\x0d\x8f\x1b\xd0\x4b\x72\x2b\x4f\x26\x24\x37\xef\xc0\x30"
      "\xe7\x06\x91\x6d\xe6\x18\x76\x3f\x46\x00\x66\x0b\x41\xf3\x20\x70\x6e\x06"
      "\x86\x0f\xe2\x9f\x1b\xb4\x55\xef\x50\x71\x56\xd0\xa5\x73\x8f\x13\x07\x84"
      "\xa1\xaa\xd9\x9f\x74\xb3\xe5\x92\x25\x4e\xed\xe1\x4e\xb1\xb6\x4a\xf3\x56"
      "\xcf\xaa\x8f\xf0\x02\xc4\xde\xed\x28\x99\x5d\xc5\xe6\xee\x13\xc4\xa1\xb3"
      "\x9b\xa7\x29\x79\xc5\xf3\xed\x91\xff\x89\xe7\x3e\x09\xf7\xf8\x8f\xe5\x8b"
      "\xce\x50\x5f\x05\x00\x76\x4c\x95\xc8\xbe\xd7\x49\x92\x13\xd1\x07\x31\xb6"
      "\x0e\xd6\xc8\x80\x6a\xb0\x94\x84\x32\x95\xac\x02\xf0\x6d\xc4\x64\x85\xbb"
      "\x56\xf2\xeb\x2e\xb3\xc5\xef\x1e\x50\xa2\x43\x1a\x20\x82\xb5\x4c\x4b\x0e"
      "\x13\x57\xda\xae\xfd\x30\xe0\x83\x22\xfb\x5f\x92\x2f\x6d\x9f\xa3\x22\x6f"
      "\xaf\x7a\xeb\x96\x30\xaa\xbe\x81\x61\x7f\xe2\x84\x9d\x8a\xb9\x2f\xb8\x0f"
      "\x07\xdf\xa9\xd8\x31\xf4\xf7\xef\x48\x92\x3e\x28\x55\x3f\x0c\x31\xcf\x13"
      "\x43\xd4\xc0\xd4\xde\xe9\x37\xe6\x39\x67\x1e\xc2\xce\xab\x9e\x50\x48\xd5"
      "\xbc\xd9\xf5\x2a\x9c\x90\xdd\xd1\xfe\xe1\xfd\xa9\x0a\x11\x4f\xdf\x72\x98"
      "\xb7\x60\x7c\x52\x94\xef\xde\xa0\x47\x43\xa0\x04\x5e\x96\xaa\xe4\x96\xfc"
      "\xb0\x66\x36\xa8\x62\x0f\x6e\x00\x7e\xe5\xf5\xc2\x4a\xb0\xd0\xf8\x5c\xfb"
      "\x3a\x78\x20\xdb\xe2\x24\x1b\x01\x7e\x91\x7e\xaf\xb2\x7d\x13\xfe\xba\x7d"
      "\xe3\xa2\x8d\xd4\xc2\x9c\x79\x59\xae\x5c\x07\x24\xc8\x48\xf8\x96\x0f\xbe"
      "\xa5\xf7\xb7\xa3\x5a\xc3\x2f\xa6\xbb\xf8\x69\x03\x0a\x1b\x61\xfb\x0d\x20"
      "\xa5\x63\x1d\xce\xa6\x8f\xfa\x7d\x45\x68\x69\xc4\xe7\x9f\x60\x33\xf3\x8f"
      "\xa8\x8c\xcd\x53\xdc\x1f\xeb\x53\x81\xc0\x1d\xd7\x1e\xc0\x44\x6e\x36\x33"
      "\x27\x0b\x7f\xb9\x61\xe0\x4a\xd7\xe1\xf4\x4e\x3f\xd0\xd9\x6c\x72\x44\x99"
      "\xe1\xec\x2c\xff\x23\xa3\xd5\xa9\x79\x52\xec\x0a\x44\xdd\x96\x74\x91\xdc"
      "\x45\xd4\xdf\x48\xad\x83\x02\x7d\xf0\xbe\x02\xe3\x5c\xa4\xc1\x07\xbd\xf9"
      "\x57\xf4\xc7\xa8\x31\xdf\xf8\x9f\x99\x8a\x2e\x13\x02\x44\x5d\xc0\x2b\x5f"
      "\xc3\x8f\x7c\x8a\x62\x60\x72\x3e\x53\x50\x62\x31\x9c\xb6\x8c\xb3\x09\xe9"
      "\x1b\x88\xc5\x50\x14\xbb\x43\x6c\x5d\x9f\x6b\xf3\x5c\xbe\x24\x60\x58\x21"
      "\xba\xf9\xea\x6a\xaa\x31\xcb\x2d\xd7\x4e\x29\x86\x3a\x0c\x71\xe3\x36\x78"
      "\x46\xcf\xfe\x17\xc4\xa2\x9a\x76\xeb\x63\x5e\x95\xc6\xd7\xf4\xd8\x46\xf3"
      "\x36\x9a\xed\xbf\xb7\x0b\x37\x16\xc1\xc0\x23\x4a\x0d\xeb\x9a\xbf\xac\x12"
      "\x68\x6d\x45\xba\x97\x95\x2e\x8a\x50\x48\x0c\x5f\x44\xe0\x38\xb1\xa4\xd5"
      "\xcd\x93\x01\xd0\x2b\x94\x2a\xfa\xcf\xaa\x30\xb6\xef\x31\x5d\x72\xea\xf4"
      "\x1d\xdd\xda\x49\x83\x60\x8d\xc2\xf5\xd5\xe9\x23\x92\xa1\x41\xb0\xf2\xf8"
      "\xd3\x40\x42\xd1\xa6\xcd\x45\xd9\xf9\xdf\x4c\x83\xb8\xc8\xb5\x59\x59\xd5"
      "\x88\x43\xab\x35\x64\xd3\xf4\x9d\x81\xed\x2c\xcd\x42\xbb\x8a\xd9\xc8\xe4"
      "\xb9\x2c\x2d\xf8\x72\xc9\x38\x3c\x88\xf4\xb1\xbb\xaf\x11\x6f\xff\x23\x3f"
      "\x55\xd9\x9b\x43\x67\x7e\xb2\x9a\xd6\x3e\x00\xea\x4e\xee\x69\xc7\x2a\x60"
      "\x4b\x2c\xdd\x76\x41\xd9\xc6\x82\xd1\xd4\xea\x8e\x5b\xd0\xde\x85\x7a\xc1"
      "\xa5\x5b\x2d\x63\x74\xa4\xa1\x8a\xf8\xf2\x78\x87\xff\xb4\xb2\x16\x8e\x76"
      "\x4a\x5a\xa9\xb3\x03\xa3\x58\x73\xd2\x17\x7d\xe8\xc5\xa0\x0b\xe3\x97\x26"
      "\xba\xa6\xd3\x36\xb6\xa3\x6b\x8e\xc6\x74\x34\x54\xb4\x54\x2f\x3f\xb3\xca"
      "\x67\x8a\x0e\xcc\xa1\x7b\xa7\xc2\x65\x59\x31\xf3\x8e\xd2\x62\x19\xfd\xe4"
      "\x5a\xb8\x46\x9d\xb2\xa1\x56\x95\x3b\x02\x8a\xbe\xc6\x3c\x6b\x84\x1c\x8b"
      "\xd9\xf9\xf0\x86\x1e\x7a\xeb\x81\x95\x01\x34\x44\xd2\xd3\x26\xca\xd5\x37"
      "\x18\xe4\x0b\xe0\x6a\xea\x64\x45\x73\xa9\xef\x22\xb1\x36\x92\xa1\x7e\xd8"
      "\xa4\x51\xaf\x9e\x2d\xe1\x5b\x4b\xfc\xe7\xc2\x57\x06\x3e\x28\xc0\x7e\x4c"
      "\x33\x01\xa1\xbf\xf3\x7d\x72\xef\xc1\x4d\x34\xdd\xab\xbb\x28\x6f\x53\x26"
      "\x4e\x0c\x81\x22\xf2\x15\xde\x4f\x2e\x06\xf6\xe0\x47\x26\x74\xc2\x47\x6a"
      "\x61\xad\x2e\x30\x9a\xbf\xed\x7e\x33\x67\xbc\x73\x73\x87\x65\x07\x76\x4e"
      "\x60\xb1\x93\xe8\xc5\xab\xbe\x95\xf4\x2a\xdf\xc7\x4d\xd2\x5c\x90\x98\xdf"
      "\xba\x82\x72\xf7\x36\x1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
      1024);
  syscall(__NR_ioctl, /*fd=*/(intptr_t)-1, /*cmd=*/0x4400ae8f,
          /*arg=*/0x200000000480ul);
  //  openat$kvm arguments: [
  //    fd: const = 0xffffffffffffff9c (8 bytes)
  //    file: ptr[in, buffer] {
  //      buffer: {2f 64 65 76 2f 6b 76 6d 00} (length 0x9)
  //    }
  //    flags: open_flags = 0x0 (4 bytes)
  //    mode: const = 0x0 (2 bytes)
  //  ]
  //  returns fd_kvm
  memcpy((void*)0x200000000000, "/dev/kvm\000", 9);
  res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
                /*file=*/0x200000000000ul, /*flags=*/0, /*mode=*/0);
  if (res != -1)
    r[0] = res;
  //  ioctl$KVM_CREATE_VM arguments: [
  //    fd: fd_kvm (resource)
  //    cmd: const = 0xae01 (4 bytes)
  //    type: intptr = 0x0 (8 bytes)
  //  ]
  //  returns fd_kvmvm
  res = syscall(__NR_ioctl, /*fd=*/r[0], /*cmd=*/0xae01, /*type=*/0ul);
  if (res != -1)
    r[1] = res;
  //  ioctl$KVM_CREATE_IRQCHIP arguments: [
  //    fd: fd_kvmvm (resource)
  //    cmd: const = 0xae60 (4 bytes)
  //  ]
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0xae60, 0);
  //  ioctl$KVM_CREATE_VCPU arguments: [
  //    fd: fd_kvmvm (resource)
  //    cmd: const = 0xae41 (4 bytes)
  //    id: intptr = 0x4 (8 bytes)
  //  ]
  //  returns fd_kvmcpu
  res = syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0xae41, /*id=*/4ul);
  if (res != -1)
    r[2] = res;
  //  ioctl$KVM_SET_VCPU_EVENTS arguments: [
  //    fd: fd_kvmcpu (resource)
  //    cmd: const = 0x4400ae8f (4 bytes)
  //    arg: ptr[in, kvm_vcpu_events] {
  //      union kvm_vcpu_events {
  //        arm64: kvm_vcpu_events_arm64 {
  //          serror_pending: int8 = 0x10 (1 bytes)
  //          serror_has_esr: int8 = 0x2 (1 bytes)
  //          ext_dabt_pending: int8 = 0xb6 (1 bytes)
  //          pad: buffer: {00 00 00 00 00} (length 0x5)
  //          serror_esr: int64 = 0x2 (8 bytes)
  //          reserved: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //          00 00 00 00 00 00 00 00 00 00} (length 0x30)
  //        }
  //      }
  //    }
  //  ]
  *(uint8_t*)0x200000000140 = 0x10;
  *(uint8_t*)0x200000000141 = 2;
  *(uint8_t*)0x200000000142 = 0xb6;
  memset((void*)0x200000000143, 0, 5);
  *(uint64_t*)0x200000000148 = 2;
  memset((void*)0x200000000150, 0, 48);
  syscall(__NR_ioctl, /*fd=*/r[2], /*cmd=*/0x4400ae8f,
          /*arg=*/0x200000000140ul);
  //  ioctl$KVM_RUN arguments: [
  //    fd: fd_kvmcpu (resource)
  //    cmd: const = 0xae80 (4 bytes)
  //    arg: const = 0x0 (8 bytes)
  //  ]
  syscall(__NR_ioctl, /*fd=*/r[2], /*cmd=*/0xae80, /*arg=*/0ul);
  return 0;
}