// https://syzkaller.appspot.com/bug?id=0d259373da8be7356652213543e1efc254a5abf0
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#define _GNU_SOURCE
#include <sys/syscall.h>
#include <unistd.h>
#include <stdint.h>
#include <string.h>
long r[3];
void loop()
{
memset(r, -1, sizeof(r));
syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
0xfffffffffffffffful, 0x0ul);
memcpy((void*)0x20fcbff7, "/dev/kvm", 9);
r[0] = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20fcbff7ul, 0x0ul,
0x0ul);
r[1] = syscall(__NR_ioctl, r[0], 0xae01ul, 0x0ul);
r[2] = syscall(__NR_ioctl, r[1], 0xae41ul, 0x0ul);
*(uint64_t*)0x20c2a000 = (uint64_t)0x107002;
*(uint32_t*)0x20c2a008 = (uint32_t)0x1000;
*(uint16_t*)0x20c2a00c = (uint16_t)0x0;
*(uint8_t*)0x20c2a00e = (uint8_t)0x80;
*(uint8_t*)0x20c2a00f = (uint8_t)0xf319;
*(uint8_t*)0x20c2a010 = (uint8_t)0x2;
*(uint8_t*)0x20c2a011 = (uint8_t)0x100000000;
*(uint8_t*)0x20c2a012 = (uint8_t)0x6;
*(uint8_t*)0x20c2a013 = (uint8_t)0x5;
*(uint8_t*)0x20c2a014 = (uint8_t)0xfffffffffffffbff;
*(uint8_t*)0x20c2a015 = (uint8_t)0xb5f;
*(uint8_t*)0x20c2a016 = (uint8_t)0x401;
*(uint8_t*)0x20c2a017 = (uint8_t)0x0;
*(uint64_t*)0x20c2a018 = (uint64_t)0x15000;
*(uint32_t*)0x20c2a020 = (uint32_t)0x5000;
*(uint16_t*)0x20c2a024 = (uint16_t)0xd;
*(uint8_t*)0x20c2a026 = (uint8_t)0x1;
*(uint8_t*)0x20c2a027 = (uint8_t)0xb2;
*(uint8_t*)0x20c2a028 = (uint8_t)0x2;
*(uint8_t*)0x20c2a029 = (uint8_t)0x38;
*(uint8_t*)0x20c2a02a = (uint8_t)0x0;
*(uint8_t*)0x20c2a02b = (uint8_t)0x8001;
*(uint8_t*)0x20c2a02c = (uint8_t)0x1;
*(uint8_t*)0x20c2a02d = (uint8_t)0x6;
*(uint8_t*)0x20c2a02e = (uint8_t)0x80;
*(uint8_t*)0x20c2a02f = (uint8_t)0x0;
*(uint64_t*)0x20c2a030 = (uint64_t)0x1;
*(uint32_t*)0x20c2a038 = (uint32_t)0x102001;
*(uint16_t*)0x20c2a03c = (uint16_t)0x4;
*(uint8_t*)0x20c2a03e = (uint8_t)0x1;
*(uint8_t*)0x20c2a03f = (uint8_t)0x1;
*(uint8_t*)0x20c2a040 = (uint8_t)0x3;
*(uint8_t*)0x20c2a041 = (uint8_t)0x8;
*(uint8_t*)0x20c2a042 = (uint8_t)0x0;
*(uint8_t*)0x20c2a043 = (uint8_t)0x6;
*(uint8_t*)0x20c2a044 = (uint8_t)0xa3d9;
*(uint8_t*)0x20c2a045 = (uint8_t)0x8;
*(uint8_t*)0x20c2a046 = (uint8_t)0x6;
*(uint8_t*)0x20c2a047 = (uint8_t)0x0;
*(uint64_t*)0x20c2a048 = (uint64_t)0x4;
*(uint32_t*)0x20c2a050 = (uint32_t)0x1;
*(uint16_t*)0x20c2a054 = (uint16_t)0x19;
*(uint8_t*)0x20c2a056 = (uint8_t)0x5f5;
*(uint8_t*)0x20c2a057 = (uint8_t)0xd7;
*(uint8_t*)0x20c2a058 = (uint8_t)0x7fff;
*(uint8_t*)0x20c2a059 = (uint8_t)0x2;
*(uint8_t*)0x20c2a05a = (uint8_t)0x4ab;
*(uint8_t*)0x20c2a05b = (uint8_t)0x3;
*(uint8_t*)0x20c2a05c = (uint8_t)0xd024;
*(uint8_t*)0x20c2a05d = (uint8_t)0x3000000000000;
*(uint8_t*)0x20c2a05e = (uint8_t)0x57;
*(uint8_t*)0x20c2a05f = (uint8_t)0x0;
*(uint64_t*)0x20c2a060 = (uint64_t)0x11000;
*(uint32_t*)0x20c2a068 = (uint32_t)0x100001;
*(uint16_t*)0x20c2a06c = (uint16_t)0xb;
*(uint8_t*)0x20c2a06e = (uint8_t)0x0;
*(uint8_t*)0x20c2a06f = (uint8_t)0x1000;
*(uint8_t*)0x20c2a070 = (uint8_t)0xffffffffffffff01;
*(uint8_t*)0x20c2a071 = (uint8_t)0xa7c5;
*(uint8_t*)0x20c2a072 = (uint8_t)0x3;
*(uint8_t*)0x20c2a073 = (uint8_t)0x2b;
*(uint8_t*)0x20c2a074 = (uint8_t)0x7;
*(uint8_t*)0x20c2a075 = (uint8_t)0x80;
*(uint8_t*)0x20c2a076 = (uint8_t)0x2;
*(uint8_t*)0x20c2a077 = (uint8_t)0x0;
*(uint64_t*)0x20c2a078 = (uint64_t)0x10003;
*(uint32_t*)0x20c2a080 = (uint32_t)0x7000;
*(uint16_t*)0x20c2a084 = (uint16_t)0xc;
*(uint8_t*)0x20c2a086 = (uint8_t)0x7;
*(uint8_t*)0x20c2a087 = (uint8_t)0x81;
*(uint8_t*)0x20c2a088 = (uint8_t)0x7f;
*(uint8_t*)0x20c2a089 = (uint8_t)0xff;
*(uint8_t*)0x20c2a08a = (uint8_t)0x18000;
*(uint8_t*)0x20c2a08b = (uint8_t)0xfffffffffffff801;
*(uint8_t*)0x20c2a08c = (uint8_t)0x770a796d;
*(uint8_t*)0x20c2a08d = (uint8_t)0x80;
*(uint8_t*)0x20c2a08e = (uint8_t)0x0;
*(uint8_t*)0x20c2a08f = (uint8_t)0x0;
*(uint64_t*)0x20c2a090 = (uint64_t)0x0;
*(uint32_t*)0x20c2a098 = (uint32_t)0x5000;
*(uint16_t*)0x20c2a09c = (uint16_t)0x4;
*(uint8_t*)0x20c2a09e = (uint8_t)0x9;
*(uint8_t*)0x20c2a09f = (uint8_t)0x9;
*(uint8_t*)0x20c2a0a0 = (uint8_t)0x6;
*(uint8_t*)0x20c2a0a1 = (uint8_t)0x5;
*(uint8_t*)0x20c2a0a2 = (uint8_t)0x3ae;
*(uint8_t*)0x20c2a0a3 = (uint8_t)0x6;
*(uint8_t*)0x20c2a0a4 = (uint8_t)0x566a;
*(uint8_t*)0x20c2a0a5 = (uint8_t)0x312f7907;
*(uint8_t*)0x20c2a0a6 = (uint8_t)0xff;
*(uint8_t*)0x20c2a0a7 = (uint8_t)0x0;
*(uint64_t*)0x20c2a0a8 = (uint64_t)0x10000;
*(uint32_t*)0x20c2a0b0 = (uint32_t)0x1f000;
*(uint16_t*)0x20c2a0b4 = (uint16_t)0xd;
*(uint8_t*)0x20c2a0b6 = (uint8_t)0x1;
*(uint8_t*)0x20c2a0b7 = (uint8_t)0xbbf1;
*(uint8_t*)0x20c2a0b8 = (uint8_t)0x60;
*(uint8_t*)0x20c2a0b9 = (uint8_t)0x70000000;
*(uint8_t*)0x20c2a0ba = (uint8_t)0x8;
*(uint8_t*)0x20c2a0bb = (uint8_t)0x4;
*(uint8_t*)0x20c2a0bc = (uint8_t)0x7;
*(uint8_t*)0x20c2a0bd = (uint8_t)0x0;
*(uint8_t*)0x20c2a0be = (uint8_t)0x7fffffff;
*(uint8_t*)0x20c2a0bf = (uint8_t)0x0;
*(uint64_t*)0x20c2a0c0 = (uint64_t)0xd000;
*(uint16_t*)0x20c2a0c8 = (uint16_t)0x2;
*(uint16_t*)0x20c2a0ca = (uint16_t)0x0;
*(uint16_t*)0x20c2a0cc = (uint16_t)0x0;
*(uint16_t*)0x20c2a0ce = (uint16_t)0x0;
*(uint64_t*)0x20c2a0d0 = (uint64_t)0x0;
*(uint16_t*)0x20c2a0d8 = (uint16_t)0x101004;
*(uint16_t*)0x20c2a0da = (uint16_t)0x0;
*(uint16_t*)0x20c2a0dc = (uint16_t)0x0;
*(uint16_t*)0x20c2a0de = (uint16_t)0x0;
*(uint64_t*)0x20c2a0e0 = (uint64_t)0x0;
*(uint64_t*)0x20c2a0e8 = (uint64_t)0x0;
*(uint64_t*)0x20c2a0f0 = (uint64_t)0x0;
*(uint64_t*)0x20c2a0f8 = (uint64_t)0x4020;
*(uint64_t*)0x20c2a100 = (uint64_t)0x3;
*(uint64_t*)0x20c2a108 = (uint64_t)0x100;
*(uint64_t*)0x20c2a110 = (uint64_t)0x0;
*(uint64_t*)0x20c2a118 = (uint64_t)0xffffffffffffff80;
*(uint64_t*)0x20c2a120 = (uint64_t)0x4;
*(uint64_t*)0x20c2a128 = (uint64_t)0x8;
*(uint64_t*)0x20c2a130 = (uint64_t)0xd9;
syscall(__NR_ioctl, r[2], 0x4138ae84ul, 0x20c2a000ul);
}
int main()
{
loop();
return 0;
}