// https://syzkaller.appspot.com/bug?id=570ad5df4e292a8e59885152e98f0ce0fdbd8a3a
// autogenerated by syzkaller (https://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

uint64_t r[4] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
                 0xffffffffffffffff};

int main(void)
{
  syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
          /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
          /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
          /*fd=*/(intptr_t)-1, /*offset=*/0ul);
  const char* reason;
  (void)reason;
  intptr_t res = 0;
  if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
  }
  //  openat$kvm arguments: [
  //    fd: const = 0xffffffffffffff9c (8 bytes)
  //    file: ptr[in, buffer] {
  //      buffer: {2f 64 65 76 2f 6b 76 6d 00} (length 0x9)
  //    }
  //    flags: open_flags = 0x0 (4 bytes)
  //    mode: const = 0x0 (2 bytes)
  //  ]
  //  returns fd_kvm
  memcpy((void*)0x200000000240, "/dev/kvm\000", 9);
  res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
                /*file=*/0x200000000240ul, /*flags=*/0, /*mode=*/0);
  if (res != -1)
    r[0] = res;
  //  ioctl$KVM_CREATE_VM arguments: [
  //    fd: fd_kvm (resource)
  //    cmd: const = 0xae01 (4 bytes)
  //    type: intptr = 0x0 (8 bytes)
  //  ]
  //  returns fd_kvmvm
  res = syscall(__NR_ioctl, /*fd=*/r[0], /*cmd=*/0xae01, /*type=*/0ul);
  if (res != -1)
    r[1] = res;
  //  ioctl$KVM_CREATE_IRQCHIP arguments: [
  //    fd: fd_kvmvm (resource)
  //    cmd: const = 0xae60 (4 bytes)
  //  ]
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0xae60, 0);
  //  openat$cgroup_ro arguments: [
  //    fd: fd_cgroup (resource)
  //    file: ptr[in, buffer] {
  //      buffer: {63 70 75 61 63 63 74 2e 75 73 61 67 65 5f 70 65 72 63 70 75
  //      00} (length 0x15)
  //    }
  //    flags: const = 0x275a (4 bytes)
  //    mode: const = 0x0 (2 bytes)
  //  ]
  //  returns fd
  memcpy((void*)0x200000000280, "cpuacct.usage_percpu\000", 21);
  res = syscall(__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000280ul,
                /*flags=*/0x275a, /*mode=*/0);
  if (res != -1)
    r[2] = res;
  //  write$UHID_CREATE2 arguments: [
  //    fd: fd_uhid (resource)
  //    data: ptr[inout, array[ANYUNION]] {
  //      array[ANYUNION] {
  //      }
  //    }
  //    len: len = 0x118 (8 bytes)
  //  ]
  syscall(__NR_write, /*fd=*/r[2], /*data=*/0x200000000040ul, /*len=*/0x118ul);
  //  mmap arguments: [
  //    addr: VMA[0x2000]
  //    len: len = 0x2000 (8 bytes)
  //    prot: mmap_prot = 0x88fd537e5e114b6f (8 bytes)
  //    flags: mmap_flags = 0x12 (8 bytes)
  //    fd: fd (resource)
  //    offset: intptr = 0x0 (8 bytes)
  //  ]
  syscall(
      __NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x2000ul,
      /*prot=PROT_GROWSUP|PROT_SEM|PROT_WRITE|PROT_READ|PROT_EXEC|0x88fd537e5c114b60*/
      0x88fd537e5e114b6ful, /*flags=MAP_FIXED|MAP_PRIVATE*/ 0x12ul, /*fd=*/r[2],
      /*offset=*/0ul);
  //  ioctl$KVM_CREATE_VCPU arguments: [
  //    fd: fd_kvmvm (resource)
  //    cmd: const = 0xae41 (4 bytes)
  //    id: intptr = 0x0 (8 bytes)
  //  ]
  //  returns fd_kvmcpu
  res = syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0xae41, /*id=*/0ul);
  if (res != -1)
    r[3] = res;
  //  ioctl$KVM_SET_USER_MEMORY_REGION arguments: [
  //    fd: fd_kvmvm (resource)
  //    cmd: const = 0x4020ae46 (4 bytes)
  //    arg: ptr[in, kvm_userspace_memory_region] {
  //      kvm_userspace_memory_region {
  //        slot: kvm_mem_slots = 0x0 (4 bytes)
  //        flags: kvm_mem_region_flags = 0x0 (4 bytes)
  //        paddr: kvm_guest_addrs = 0x0 (8 bytes)
  //        size: len = 0x2000 (8 bytes)
  //        addr: VMA[0x2000]
  //      }
  //    }
  //  ]
  *(uint32_t*)0x200000000180 = 0;
  *(uint32_t*)0x200000000184 = 0;
  *(uint64_t*)0x200000000188 = 0;
  *(uint64_t*)0x200000000190 = 0x2000;
  *(uint64_t*)0x200000000198 = 0x200000000000;
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x4020ae46,
          /*arg=*/0x200000000180ul);
  //  ioctl$KVM_SET_IRQCHIP arguments: [
  //    fd: fd_kvmvm (resource)
  //    cmd: const = 0x8208ae63 (4 bytes)
  //    arg: ptr[in, kvm_irqchip] {
  //      kvm_irqchip {
  //        chipid: kvm_chip_id = 0x0 (4 bytes)
  //        pad: const = 0x0 (4 bytes)
  //        chip: union kvm_irq_chip {
  //          pic: kvm_pic_state {
  //            lastirr: int8 = 0x2c (1 bytes)
  //            irr: int8 = 0xc0 (1 bytes)
  //            imr: int8 = 0x7 (1 bytes)
  //            isr: int8 = 0x6 (1 bytes)
  //            padd: int8 = 0xfb (1 bytes)
  //            irqbase: int8 = 0x2 (1 bytes)
  //            readreg: int8 = 0xf (1 bytes)
  //            poll: int8 = 0x4 (1 bytes)
  //            special: int8 = 0x3 (1 bytes)
  //            initst: int8 = 0x0 (1 bytes)
  //            autoeoi: int8 = 0x3 (1 bytes)
  //            rotate: int8 = 0x58 (1 bytes)
  //            nestedm: int8 = 0x9e (1 bytes)
  //            init4: int8 = 0x6 (1 bytes)
  //            elcr: int8 = 0x6 (1 bytes)
  //            elcrmas: int8 = 0x7f (1 bytes)
  //          }
  //        }
  //      }
  //    }
  //  ]
  *(uint32_t*)0x200000000880 = 0;
  *(uint32_t*)0x200000000884 = 0;
  *(uint8_t*)0x200000000888 = 0x2c;
  *(uint8_t*)0x200000000889 = 0xc0;
  *(uint8_t*)0x20000000088a = 7;
  *(uint8_t*)0x20000000088b = 6;
  *(uint8_t*)0x20000000088c = 0xfb;
  *(uint8_t*)0x20000000088d = 2;
  *(uint8_t*)0x20000000088e = 0xf;
  *(uint8_t*)0x20000000088f = 4;
  *(uint8_t*)0x200000000890 = 3;
  *(uint8_t*)0x200000000891 = 0;
  *(uint8_t*)0x200000000892 = 3;
  *(uint8_t*)0x200000000893 = 0x58;
  *(uint8_t*)0x200000000894 = 0x9e;
  *(uint8_t*)0x200000000895 = 6;
  *(uint8_t*)0x200000000896 = 6;
  *(uint8_t*)0x200000000897 = 0x7f;
  syscall(__NR_ioctl, /*fd=*/r[1], /*cmd=*/0x8208ae63,
          /*arg=*/0x200000000880ul);
  //  ioctl$KVM_SET_REGS arguments: [
  //    fd: fd_kvmcpu (resource)
  //    cmd: const = 0x4090ae82 (4 bytes)
  //    arg: ptr[in, kvm_regs] {
  //      kvm_regs {
  //        gp: array[int64] {
  //          int64 = 0x35 (8 bytes)
  //          int64 = 0xfff (8 bytes)
  //          int64 = 0x0 (8 bytes)
  //          int64 = 0x180 (8 bytes)
  //          int64 = 0x4 (8 bytes)
  //          int64 = 0x14 (8 bytes)
  //          int64 = 0xf1 (8 bytes)
  //          int64 = 0x0 (8 bytes)
  //          int64 = 0x7fffffffffffe (8 bytes)
  //          int64 = 0x7 (8 bytes)
  //          int64 = 0x5 (8 bytes)
  //          int64 = 0x3 (8 bytes)
  //          int64 = 0xfffffffffffffffe (8 bytes)
  //          int64 = 0x45 (8 bytes)
  //          int64 = 0x4 (8 bytes)
  //          int64 = 0xbdb (8 bytes)
  //        }
  //        rip: kvm_guest_addrs = 0x1 (8 bytes)
  //        rflags: kvm_x86_rflags = 0x1c4213 (8 bytes)
  //      }
  //    }
  //  ]
  *(uint64_t*)0x200000000000 = 0x35;
  *(uint64_t*)0x200000000008 = 0xfff;
  *(uint64_t*)0x200000000010 = 0;
  *(uint64_t*)0x200000000018 = 0x180;
  *(uint64_t*)0x200000000020 = 4;
  *(uint64_t*)0x200000000028 = 0x14;
  *(uint64_t*)0x200000000030 = 0xf1;
  *(uint64_t*)0x200000000038 = 0;
  *(uint64_t*)0x200000000040 = 0x7fffffffffffe;
  *(uint64_t*)0x200000000048 = 7;
  *(uint64_t*)0x200000000050 = 5;
  *(uint64_t*)0x200000000058 = 3;
  *(uint64_t*)0x200000000060 = 0xfffffffffffffffe;
  *(uint64_t*)0x200000000068 = 0x45;
  *(uint64_t*)0x200000000070 = 4;
  *(uint64_t*)0x200000000078 = 0xbdb;
  *(uint64_t*)0x200000000080 = 1;
  *(uint64_t*)0x200000000088 = 0x1c4213;
  syscall(__NR_ioctl, /*fd=*/r[3], /*cmd=*/0x4090ae82,
          /*arg=*/0x200000000000ul);
  //  openat$kvm arguments: [
  //    fd: const = 0xffffffffffffff9c (8 bytes)
  //    file: ptr[in, buffer] {
  //      buffer: {2f 64 65 76 2f 6b 76 6d 00} (length 0x9)
  //    }
  //    flags: open_flags = 0x0 (4 bytes)
  //    mode: const = 0x0 (2 bytes)
  //  ]
  //  returns fd_kvm
  memcpy((void*)0x200000000000, "/dev/kvm\000", 9);
  syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x200000000000ul,
          /*flags=*/0, /*mode=*/0);
  //  ioctl$KVM_RUN arguments: [
  //    fd: fd_kvmcpu (resource)
  //    cmd: const = 0xae80 (4 bytes)
  //    arg: const = 0x0 (8 bytes)
  //  ]
  syscall(__NR_ioctl, /*fd=*/r[3], /*cmd=*/0xae80, /*arg=*/0ul);
  return 0;
}