// https://syzkaller.appspot.com/bug?id=83aa676a823eeb2855ab831541b2c8175904c281
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  const char* reason;
  (void)reason;
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  //  openat$kvm arguments: [
  //    fd: const = 0xffffffffffffff9c (8 bytes)
  //    file: ptr[in, buffer] {
  //      buffer: {2f 64 65 76 2f 6b 76 6d 00} (length 0x9)
  //    }
  //    flags: open_flags = 0x8ab43 (4 bytes)
  //    mode: const = 0x0 (2 bytes)
  //  ]
  //  returns fd_kvm
  memcpy((void*)0x200000000180, "/dev/kvm\000", 9);
  res = syscall(
      __NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000180ul,
      /*flags=O_TRUNC|O_NONBLOCK|O_NOCTTY|O_LARGEFILE|O_CREAT|O_CLOEXEC|0x2003*/
      0x8ab43, /*mode=*/0);
  if (res != -1)
    r[0] = res;
  //  ioctl$KVM_CREATE_VM arguments: [
  //    fd: fd_kvm (resource)
  //    cmd: const = 0xae01 (4 bytes)
  //    type: intptr = 0x0 (8 bytes)
  //  ]
  //  returns fd_kvmvm
  res = syscall(__NR_ioctl, /*fd=*/r[0], /*cmd=*/0xae01, /*type=*/0ul);
  if (res != -1)
    r[1] = res;
  //  ioctl$KVM_CAP_EXIT_HYPERCALL arguments: [
  //    fd: fd_kvmvm (resource)
  //    cmd: const = 0x4068aea3 (4 bytes)
  //    arg: ptr[in, kvm_enable_cap[KVM_CAP_EXIT_HYPERCALL,
  //    flags[kvm_hypercall_exits, int64]]] {
  //      kvm_enable_cap[KVM_CAP_EXIT_HYPERCALL, flags[kvm_hypercall_exits,
  //      int64]] {
  //        cap: const = 0x79 (4 bytes)
  //        flags: const = 0x0 (4 bytes)
  //        args: kvm_hypercall_exits = 0xc (8 bytes)
  //        pad = 0x0 (88 bytes)
  //      }
  //    }
  //  ]
  *(uint32_t*)0x200000000040 = 0x79;
  *(uint32_t*)0x200000000044 = 0;
  *(uint64_t*)0x200000000048 = 0xc;
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x4068aea3,
          /*arg=*/0x200000000040ul);
  //  ioctl$KVM_CREATE_VCPU arguments: [
  //    fd: fd_kvmvm (resource)
  //    cmd: const = 0xae41 (4 bytes)
  //    id: intptr = 0x2 (8 bytes)
  //  ]
  //  returns fd_kvmcpu
  res = syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0xae41, /*id=*/2ul);
  if (res != -1)
    r[2] = res;
  //  ioctl$KVM_SET_LAPIC arguments: [
  //    fd: fd_kvmcpu (resource)
  //    cmd: const = 0x4400ae8f (4 bytes)
  //    arg: ptr[in, kvm_lapic_state] {
  //      kvm_lapic_state {
  //        regs: buffer: {c7 18 ae 3d dd 25 e4 c2 82 64 99 cb 6a 05 5b 56 a5 a7
  //        33 6f 37 7a 55 6f 82 4d b2 8e b6 74 3c f0 45 af d0 e9 32 53 4b 9e b3
  //        40 31 f1 4c f4 97 83 a8 4d 57 cf 17 5a 89 f8 73 3d 74 a1 bd dd cb 0a
  //        6c 3f 75 35 e7 97 6e 79 da 1b 52 de 64 03 f6 71 0d 60 6f af af 68 5e
  //        c1 9f 36 9b 78 29 b1 2a a2 b8 cd 2a b5 2f 9c 68 86 83 97 9c db 95 16
  //        cb 61 f2 ad b9 ae fd 44 fe e3 0b dd b8 1e be fa 81 8f 31 f6 0d 89 a4
  //        e3 90 92 0c 7e d0 e2 51 2f d5 9f 71 de 73 4b 0a 1d 1f 00 00 00 00 54
  //        25 8a 15 85 51 4a ac 0b 00 00 20 73 36 71 e0 54 39 29 c0 6f 72 fc 59
  //        89 39 00 3a c6 77 7f 34 97 52 35 36 fd 25 ac 4f 1e 26 5f 50 38 fa 74
  //        55 f2 cc 61 31 d4 a1 89 a1 6b 0f 0b 89 e6 a4 95 e1 d9 5b 84 0c 36 48
  //        8a dc 22 cb 2d 1b 8a f5 7f 6d ce 72 14 15 2b a1 b3 c0 d3 ad 0a 6d b8
  //        21 51 8e 44 b2 4c b3 6a 02 d7 6e a1 1a 1c 45 87 9f c7 7e 7b b2 af 8c
  //        34 5d dd df 49 f4 12 28 df 21 14 f2 c2 7d 16 49 9f a3 60 97 a5 01 5a
  //        d6 1a 6a 94 84 c0 9e 0a 2d fb 50 f7 b7 ca 71 13 5d c3 28 04 a8 03 80
  //        a6 e2 0e 0a e0 3b e7 75 e4 72 cd 31 d6 a3 1e 61 59 37 c3 8e 74 6a 5c
  //        f6 c9 d8 19 42 42 99 0d d4 97 a2 c5 2a b5 03 00 00 00 00 00 00 00 ce
  //        bb d9 83 c3 f8 6d be 92 c4 b7 51 c0 46 93 cb 09 af 88 52 1a b3 05 ce
  //        ab f6 d2 ba b4 0b b1 b2 19 fb e9 5a ce 2f 6c 49 fe a7 98 e7 6b 4e f3
  //        36 df f5 ac 0f 7a b0 22 b8 00 ac 1a a4 2f d2 31 b5 24 65 a4 10 17 7e
  //        d8 5d cc 9c 6d 79 4e 2a a0 b9 0c dc 40 95 41 aa 85 fa 16 e3 cb c3 a9
  //        d6 c8 3f fd 4d 01 e5 ba 89 85 55 ee ff cc f0 cb 28 ce 5d f0 ba 31 cb
  //        79 36 75 27 61 62 de 2f dc b4 86 45 5b ca 57 ed f4 fb 14 e1 53 35 54
  //        eb 22 52 7d 66 a2 8a 96 0c 43 0f 61 36 92 7f 54 e6 70 c4 62 92 45 4f
  //        e2 84 85 f3 54 05 02 58 44 fd 24 fe 84 6f 66 56 c7 7d 9b 5f 2b 47 50
  //        ac 48 05 89 7b 02 c8 5c ab a8 00 00 bb 96 f7 51 e1 50 7f 88 32 d5 d6
  //        95 28 08 3d 44 54 8e 49 14 77 cd a5 1d 7e 08 3a 13 40 97 43 8e 9d 7e
  //        a3 4e ae 8a 2e 6b 51 63 27 db 93 10 c7 47 8a 37 f5 c5 62 03 71 96 13
  //        1c c7 c8 4f a2 9c 3c 25 76 f2 ac 75 70 b5 a9 8a aa 49 ca 7d df d5 a8
  //        c0 46 ce 82 e4 a2 d0 60 82 ad 7a 3a b0 df be 20 86 30 b1 41 0b 67 47
  //        81 85 57 52 c9 c5 7c a0 a8 da 15 f4 84 1d 66 9b 3a 9c 0d 37 a3 ca 4e
  //        69 8a 79 8a 85 fa f7 f4 f1 dc 02 0b 7d d5 75 00 62 c9 81 0c 4b c1 ad
  //        7a fe 33 8f 2b 0f 29 05 9e 68 4f e1 60 98 eb 30 da 10 5b e0 1c a1 1a
  //        29 36 35 df c6 d2 5e cc 77 0b a7 27 92 fd 3c 68 51 d9 51 b7 70 d0 f9
  //        ed af b1 cb 42 41 35 0d 85 b0 4e d7 37 a9 bf d7 e8 30 1c 43 b6 5a 85
  //        dd a7 6d 68 50 86 0b a3 19 50 40 b1 4c 8a d1 a8 b5 24 72 78 55 21 14
  //        71 82 35 2a 1d bd 93 59 5c bc 26 e8 13 cc d7 5e 16 f9 24 7f e8 2e d1
  //        50 c1 21 f0 04 10 22 52 2e c7 64 76 f0 a9 cf fa 3b e1 d3 ff 18 ff ff
  //        ff ff ff ff 29 35 8b bf d8 b7 a1 2f e9 4a 03 55 be b9 42 0e ee 0a 5c
  //        11 22 01 00 c7 82 b8 9f 94 30 de 84 b2 20 e8 c0 df 4b d4 0b e3 40 0c
  //        58 f1 49 31 9f 89 1f e8 6f ba 75 1d ab 33 26 bf 2d eb 9e 78 2b 37 ec
  //        9c 7a df 36 02 5a 09 1a 4b 36 00 00 00 00 00 00 00 00 00 00 00 00 00
  //        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00
  //        21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  //        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00} (length 0x400)
  //      }
  //    }
  //  ]
  memcpy(
      (void*)0x200000000640,
      "\xc7\x18\xae\x3d\xdd\x25\xe4\xc2\x82\x64\x99\xcb\x6a\x05\x5b\x56\xa5\xa7"
      "\x33\x6f\x37\x7a\x55\x6f\x82\x4d\xb2\x8e\xb6\x74\x3c\xf0\x45\xaf\xd0\xe9"
      "\x32\x53\x4b\x9e\xb3\x40\x31\xf1\x4c\xf4\x97\x83\xa8\x4d\x57\xcf\x17\x5a"
      "\x89\xf8\x73\x3d\x74\xa1\xbd\xdd\xcb\x0a\x6c\x3f\x75\x35\xe7\x97\x6e\x79"
      "\xda\x1b\x52\xde\x64\x03\xf6\x71\x0d\x60\x6f\xaf\xaf\x68\x5e\xc1\x9f\x36"
      "\x9b\x78\x29\xb1\x2a\xa2\xb8\xcd\x2a\xb5\x2f\x9c\x68\x86\x83\x97\x9c\xdb"
      "\x95\x16\xcb\x61\xf2\xad\xb9\xae\xfd\x44\xfe\xe3\x0b\xdd\xb8\x1e\xbe\xfa"
      "\x81\x8f\x31\xf6\x0d\x89\xa4\xe3\x90\x92\x0c\x7e\xd0\xe2\x51\x2f\xd5\x9f"
      "\x71\xde\x73\x4b\x0a\x1d\x1f\x00\x00\x00\x00\x54\x25\x8a\x15\x85\x51\x4a"
      "\xac\x0b\x00\x00\x20\x73\x36\x71\xe0\x54\x39\x29\xc0\x6f\x72\xfc\x59\x89"
      "\x39\x00\x3a\xc6\x77\x7f\x34\x97\x52\x35\x36\xfd\x25\xac\x4f\x1e\x26\x5f"
      "\x50\x38\xfa\x74\x55\xf2\xcc\x61\x31\xd4\xa1\x89\xa1\x6b\x0f\x0b\x89\xe6"
      "\xa4\x95\xe1\xd9\x5b\x84\x0c\x36\x48\x8a\xdc\x22\xcb\x2d\x1b\x8a\xf5\x7f"
      "\x6d\xce\x72\x14\x15\x2b\xa1\xb3\xc0\xd3\xad\x0a\x6d\xb8\x21\x51\x8e\x44"
      "\xb2\x4c\xb3\x6a\x02\xd7\x6e\xa1\x1a\x1c\x45\x87\x9f\xc7\x7e\x7b\xb2\xaf"
      "\x8c\x34\x5d\xdd\xdf\x49\xf4\x12\x28\xdf\x21\x14\xf2\xc2\x7d\x16\x49\x9f"
      "\xa3\x60\x97\xa5\x01\x5a\xd6\x1a\x6a\x94\x84\xc0\x9e\x0a\x2d\xfb\x50\xf7"
      "\xb7\xca\x71\x13\x5d\xc3\x28\x04\xa8\x03\x80\xa6\xe2\x0e\x0a\xe0\x3b\xe7"
      "\x75\xe4\x72\xcd\x31\xd6\xa3\x1e\x61\x59\x37\xc3\x8e\x74\x6a\x5c\xf6\xc9"
      "\xd8\x19\x42\x42\x99\x0d\xd4\x97\xa2\xc5\x2a\xb5\x03\x00\x00\x00\x00\x00"
      "\x00\x00\xce\xbb\xd9\x83\xc3\xf8\x6d\xbe\x92\xc4\xb7\x51\xc0\x46\x93\xcb"
      "\x09\xaf\x88\x52\x1a\xb3\x05\xce\xab\xf6\xd2\xba\xb4\x0b\xb1\xb2\x19\xfb"
      "\xe9\x5a\xce\x2f\x6c\x49\xfe\xa7\x98\xe7\x6b\x4e\xf3\x36\xdf\xf5\xac\x0f"
      "\x7a\xb0\x22\xb8\x00\xac\x1a\xa4\x2f\xd2\x31\xb5\x24\x65\xa4\x10\x17\x7e"
      "\xd8\x5d\xcc\x9c\x6d\x79\x4e\x2a\xa0\xb9\x0c\xdc\x40\x95\x41\xaa\x85\xfa"
      "\x16\xe3\xcb\xc3\xa9\xd6\xc8\x3f\xfd\x4d\x01\xe5\xba\x89\x85\x55\xee\xff"
      "\xcc\xf0\xcb\x28\xce\x5d\xf0\xba\x31\xcb\x79\x36\x75\x27\x61\x62\xde\x2f"
      "\xdc\xb4\x86\x45\x5b\xca\x57\xed\xf4\xfb\x14\xe1\x53\x35\x54\xeb\x22\x52"
      "\x7d\x66\xa2\x8a\x96\x0c\x43\x0f\x61\x36\x92\x7f\x54\xe6\x70\xc4\x62\x92"
      "\x45\x4f\xe2\x84\x85\xf3\x54\x05\x02\x58\x44\xfd\x24\xfe\x84\x6f\x66\x56"
      "\xc7\x7d\x9b\x5f\x2b\x47\x50\xac\x48\x05\x89\x7b\x02\xc8\x5c\xab\xa8\x00"
      "\x00\xbb\x96\xf7\x51\xe1\x50\x7f\x88\x32\xd5\xd6\x95\x28\x08\x3d\x44\x54"
      "\x8e\x49\x14\x77\xcd\xa5\x1d\x7e\x08\x3a\x13\x40\x97\x43\x8e\x9d\x7e\xa3"
      "\x4e\xae\x8a\x2e\x6b\x51\x63\x27\xdb\x93\x10\xc7\x47\x8a\x37\xf5\xc5\x62"
      "\x03\x71\x96\x13\x1c\xc7\xc8\x4f\xa2\x9c\x3c\x25\x76\xf2\xac\x75\x70\xb5"
      "\xa9\x8a\xaa\x49\xca\x7d\xdf\xd5\xa8\xc0\x46\xce\x82\xe4\xa2\xd0\x60\x82"
      "\xad\x7a\x3a\xb0\xdf\xbe\x20\x86\x30\xb1\x41\x0b\x67\x47\x81\x85\x57\x52"
      "\xc9\xc5\x7c\xa0\xa8\xda\x15\xf4\x84\x1d\x66\x9b\x3a\x9c\x0d\x37\xa3\xca"
      "\x4e\x69\x8a\x79\x8a\x85\xfa\xf7\xf4\xf1\xdc\x02\x0b\x7d\xd5\x75\x00\x62"
      "\xc9\x81\x0c\x4b\xc1\xad\x7a\xfe\x33\x8f\x2b\x0f\x29\x05\x9e\x68\x4f\xe1"
      "\x60\x98\xeb\x30\xda\x10\x5b\xe0\x1c\xa1\x1a\x29\x36\x35\xdf\xc6\xd2\x5e"
      "\xcc\x77\x0b\xa7\x27\x92\xfd\x3c\x68\x51\xd9\x51\xb7\x70\xd0\xf9\xed\xaf"
      "\xb1\xcb\x42\x41\x35\x0d\x85\xb0\x4e\xd7\x37\xa9\xbf\xd7\xe8\x30\x1c\x43"
      "\xb6\x5a\x85\xdd\xa7\x6d\x68\x50\x86\x0b\xa3\x19\x50\x40\xb1\x4c\x8a\xd1"
      "\xa8\xb5\x24\x72\x78\x55\x21\x14\x71\x82\x35\x2a\x1d\xbd\x93\x59\x5c\xbc"
      "\x26\xe8\x13\xcc\xd7\x5e\x16\xf9\x24\x7f\xe8\x2e\xd1\x50\xc1\x21\xf0\x04"
      "\x10\x22\x52\x2e\xc7\x64\x76\xf0\xa9\xcf\xfa\x3b\xe1\xd3\xff\x18\xff\xff"
      "\xff\xff\xff\xff\x29\x35\x8b\xbf\xd8\xb7\xa1\x2f\xe9\x4a\x03\x55\xbe\xb9"
      "\x42\x0e\xee\x0a\x5c\x11\x22\x01\x00\xc7\x82\xb8\x9f\x94\x30\xde\x84\xb2"
      "\x20\xe8\xc0\xdf\x4b\xd4\x0b\xe3\x40\x0c\x58\xf1\x49\x31\x9f\x89\x1f\xe8"
      "\x6f\xba\x75\x1d\xab\x33\x26\xbf\x2d\xeb\x9e\x78\x2b\x37\xec\x9c\x7a\xdf"
      "\x36\x02\x5a\x09\x1a\x4b\x36\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\x00\x06\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
      "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
      1024);
  syscall(__NR_ioctl, /*fd=*/r[2], /*cmd=*/0x4400ae8f,
          /*arg=*/0x200000000640ul);
  //  ioctl$KVM_RUN arguments: [
  //    fd: fd_kvmcpu (resource)
  //    cmd: const = 0xae80 (4 bytes)
  //    arg: const = 0x0 (8 bytes)
  //  ]
  syscall(__NR_ioctl, /*fd=*/r[2], /*cmd=*/0xae80, /*arg=*/0ul);
  return 0;
}