diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 1f7763964c..b80448deba 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -2740,3 +2740,25 @@ static void armv7m_nvic_register_types(void)
 }
 
 type_init(armv7m_nvic_register_types)
+
+/* Begin LibAFL instrumentation */
+#include "qemu/main-loop.h"
+void libafl_send_irq(int irqn);
+void libafl_send_irq(int irqn) {
+    bool haslock = qemu_mutex_iothread_locked();
+    if (!haslock) {
+        qemu_mutex_lock_iothread();
+    }
+    CPUState *cpu;
+    CPU_FOREACH(cpu) {
+        CPUARMState* env = cpu->env_ptr;
+        NVICState* nvic = env->nvic;
+        // set_irq_level(nvic, irqn, 1);
+        // set_irq_level(nvic, irqn, 0);
+        armv7m_nvic_set_pending(nvic, irqn+16, false);
+    }
+    if (!haslock) {
+        qemu_mutex_unlock_iothread();
+    }
+}
+/* End LibAFL instrumentation */
\ No newline at end of file
diff --git a/hw/timer/armv7m_systick.c b/hw/timer/armv7m_systick.c
index 5dfe39afe3..b66199dce9 100644
--- a/hw/timer/armv7m_systick.c
+++ b/hw/timer/armv7m_systick.c
@@ -308,3 +308,28 @@ static void armv7m_systick_register_types(void)
 }
 
 type_init(armv7m_systick_register_types)
+
+/* Begin LibAFL instrumentation */
+extern void libafl_send_irq(int irqn);
+volatile unsigned int libafl_int_offset = 0;
+static ptimer_state* mytimer;
+/* This can be moved to a helper function later */
+static void libafl_timed_int_hook(void*);
+static void libafl_timed_int_hook(void* arg)
+{
+    libafl_send_irq(0);
+}
+void libafl_start_int_timer( void );
+void libafl_start_int_timer( void ) {
+    if (libafl_int_offset==0) {return;}
+    if (!mytimer) {
+        mytimer = ptimer_init(&libafl_timed_int_hook, NULL, 0);
+    }
+    ptimer_transaction_begin(mytimer);
+    ptimer_stop(mytimer);
+    ptimer_set_period(mytimer, libafl_int_offset);
+    ptimer_set_count(mytimer, 8);
+    ptimer_run(mytimer, 1);
+    ptimer_transaction_commit(mytimer);
+}
+/* End LibAFL instrumentation */
\ No newline at end of file