// https://syzkaller.appspot.com/bug?id=319d600149b51a6469bb9813513414e4a983e63e // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1) #define BITMASK_LEN_OFF(type, bf_off, bf_len) \ (type)(BITMASK_LEN(type, (bf_len)) << (bf_off)) #define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len) \ if ((bf_off) == 0 && (bf_len) == 0) { \ *(type*)(addr) = (type)(val); \ } else { \ type new_val = *(type*)(addr); \ new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len)); \ new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off); \ *(type*)(addr) = new_val; \ } struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i; for (i = 0; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += (uint16_t)data[length - 1]; while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void test(); void loop() { while (1) { test(); } } long r[1]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); *(uint8_t*)0x209b4000 = 1; *(uint8_t*)0x209b4001 = 0x80; *(uint8_t*)0x209b4002 = 0xc2; *(uint8_t*)0x209b4003 = 0; *(uint8_t*)0x209b4004 = 0; *(uint8_t*)0x209b4005 = 0; *(uint8_t*)0x209b4006 = 0xaa; *(uint8_t*)0x209b4007 = 0xaa; *(uint8_t*)0x209b4008 = 0xaa; *(uint8_t*)0x209b4009 = 0xaa; *(uint8_t*)0x209b400a = 0; *(uint8_t*)0x209b400b = 0; *(uint16_t*)0x209b400c = htobe16(0x8847); STORE_BY_BITMASK(uint8_t, 0x209b400e, 5, 0, 4); STORE_BY_BITMASK(uint8_t, 0x209b400e, 4, 4, 4); STORE_BY_BITMASK(uint8_t, 0x209b400f, 0, 0, 2); STORE_BY_BITMASK(uint8_t, 0x209b400f, 0, 2, 6); *(uint16_t*)0x209b4010 = htobe16(0x24); *(uint16_t*)0x209b4012 = 0; *(uint16_t*)0x209b4014 = htobe16(0); *(uint8_t*)0x209b4016 = 0; *(uint8_t*)0x209b4017 = 0; *(uint16_t*)0x209b4018 = 0; *(uint32_t*)0x209b401a = htobe32(0); *(uint8_t*)0x209b401e = 0xac; *(uint8_t*)0x209b401f = 0x14; *(uint8_t*)0x209b4020 = 0; *(uint8_t*)0x209b4021 = 0xbb; *(uint16_t*)0x209b4022 = 0; *(uint16_t*)0x209b4024 = 0; *(uint8_t*)0x209b4026 = 4; STORE_BY_BITMASK(uint8_t, 0x209b4027, 1, 0, 4); STORE_BY_BITMASK(uint8_t, 0x209b4027, 0, 4, 4); *(uint16_t*)0x209b4028 = 0; STORE_BY_BITMASK(uint8_t, 0x209b402a, 0, 0, 1); STORE_BY_BITMASK(uint8_t, 0x209b402a, 0, 1, 4); STORE_BY_BITMASK(uint8_t, 0x209b402a, 0, 5, 3); memcpy((void*)0x209b402b, "\x0c\x35\x94", 3); *(uint8_t*)0x209b402e = 0; memcpy((void*)0x209b402f, "\xfe\x78\x8a", 3); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x209b401a, 4); csum_inet_update(&csum_1, (const uint8_t*)0x209b401e, 4); uint16_t csum_1_chunk_2 = 0x2100; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 2); uint16_t csum_1_chunk_3 = 0x1000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 2); csum_inet_update(&csum_1, (const uint8_t*)0x209b4022, 16); *(uint16_t*)0x209b4028 = csum_inet_digest(&csum_1); struct csum_inet csum_2; csum_inet_init(&csum_2); csum_inet_update(&csum_2, (const uint8_t*)0x209b400e, 20); *(uint16_t*)0x209b4018 = csum_inet_digest(&csum_2); r[0] = syscall(__NR_socket, 0xa, 0x801, 0x84); memcpy((void*)0x20023000, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20023020 = 0xe; *(uint32_t*)0x20023024 = 4; *(uint32_t*)0x20023028 = 0x3d8; *(uint32_t*)0x2002302c = -1; *(uint32_t*)0x20023030 = 0x98; *(uint32_t*)0x20023034 = 0; *(uint32_t*)0x20023038 = 0x98; *(uint32_t*)0x2002303c = -1; *(uint32_t*)0x20023040 = -1; *(uint32_t*)0x20023044 = 0x340; *(uint32_t*)0x20023048 = 0x340; *(uint32_t*)0x2002304c = 0x340; *(uint32_t*)0x20023050 = -1; *(uint32_t*)0x20023054 = 4; *(uint64_t*)0x20023058 = 0x20032fc0; *(uint8_t*)0x20023060 = 0; *(uint8_t*)0x20023061 = 0; *(uint8_t*)0x20023062 = 0; *(uint8_t*)0x20023063 = 0; *(uint8_t*)0x20023064 = 0; *(uint8_t*)0x20023065 = 0; *(uint8_t*)0x20023066 = 0; *(uint8_t*)0x20023067 = 0; *(uint8_t*)0x20023068 = 0; *(uint8_t*)0x20023069 = 0; *(uint8_t*)0x2002306a = 0; *(uint8_t*)0x2002306b = 0; *(uint8_t*)0x2002306c = 0; *(uint8_t*)0x2002306d = 0; *(uint8_t*)0x2002306e = 0; *(uint8_t*)0x2002306f = 0; *(uint8_t*)0x20023070 = 0; *(uint8_t*)0x20023071 = 0; *(uint8_t*)0x20023072 = 0; *(uint8_t*)0x20023073 = 0; *(uint8_t*)0x20023074 = 0; *(uint8_t*)0x20023075 = 0; *(uint8_t*)0x20023076 = 0; *(uint8_t*)0x20023077 = 0; *(uint8_t*)0x20023078 = 0; *(uint8_t*)0x20023079 = 0; *(uint8_t*)0x2002307a = 0; *(uint8_t*)0x2002307b = 0; *(uint8_t*)0x2002307c = 0; *(uint8_t*)0x2002307d = 0; *(uint8_t*)0x2002307e = 0; *(uint8_t*)0x2002307f = 0; *(uint8_t*)0x20023080 = 0; *(uint8_t*)0x20023081 = 0; *(uint8_t*)0x20023082 = 0; *(uint8_t*)0x20023083 = 0; *(uint8_t*)0x20023084 = 0; *(uint8_t*)0x20023085 = 0; *(uint8_t*)0x20023086 = 0; *(uint8_t*)0x20023087 = 0; *(uint8_t*)0x20023088 = 0; *(uint8_t*)0x20023089 = 0; *(uint8_t*)0x2002308a = 0; *(uint8_t*)0x2002308b = 0; *(uint8_t*)0x2002308c = 0; *(uint8_t*)0x2002308d = 0; *(uint8_t*)0x2002308e = 0; *(uint8_t*)0x2002308f = 0; *(uint8_t*)0x20023090 = 0; *(uint8_t*)0x20023091 = 0; *(uint8_t*)0x20023092 = 0; *(uint8_t*)0x20023093 = 0; *(uint8_t*)0x20023094 = 0; *(uint8_t*)0x20023095 = 0; *(uint8_t*)0x20023096 = 0; *(uint8_t*)0x20023097 = 0; *(uint8_t*)0x20023098 = 0; *(uint8_t*)0x20023099 = 0; *(uint8_t*)0x2002309a = 0; *(uint8_t*)0x2002309b = 0; *(uint8_t*)0x2002309c = 0; *(uint8_t*)0x2002309d = 0; *(uint8_t*)0x2002309e = 0; *(uint8_t*)0x2002309f = 0; *(uint8_t*)0x200230a0 = 0; *(uint8_t*)0x200230a1 = 0; *(uint8_t*)0x200230a2 = 0; *(uint8_t*)0x200230a3 = 0; *(uint8_t*)0x200230a4 = 0; *(uint8_t*)0x200230a5 = 0; *(uint8_t*)0x200230a6 = 0; *(uint8_t*)0x200230a7 = 0; *(uint8_t*)0x200230a8 = 0; *(uint8_t*)0x200230a9 = 0; *(uint8_t*)0x200230aa = 0; *(uint8_t*)0x200230ab = 0; *(uint8_t*)0x200230ac = 0; *(uint8_t*)0x200230ad = 0; *(uint8_t*)0x200230ae = 0; *(uint8_t*)0x200230af = 0; *(uint8_t*)0x200230b0 = 0; *(uint8_t*)0x200230b1 = 0; *(uint8_t*)0x200230b2 = 0; *(uint8_t*)0x200230b3 = 0; *(uint32_t*)0x200230b4 = 0; *(uint16_t*)0x200230b8 = 0x70; *(uint16_t*)0x200230ba = 0x98; *(uint32_t*)0x200230bc = 0; *(uint64_t*)0x200230c0 = 0; *(uint64_t*)0x200230c8 = 0; *(uint16_t*)0x200230d0 = 0x28; memcpy((void*)0x200230d2, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200230ef = 0; *(uint32_t*)0x200230f0 = 0; *(uint8_t*)0x200230f8 = 0; *(uint8_t*)0x200230f9 = 0; *(uint8_t*)0x200230fa = 0; *(uint8_t*)0x200230fb = 0; *(uint8_t*)0x200230fc = 0; *(uint8_t*)0x200230fd = 0; *(uint8_t*)0x200230fe = 0; *(uint8_t*)0x200230ff = 0; *(uint8_t*)0x20023100 = 0; *(uint8_t*)0x20023101 = 0; *(uint8_t*)0x20023102 = 0; *(uint8_t*)0x20023103 = 0; *(uint8_t*)0x20023104 = 0; *(uint8_t*)0x20023105 = 0; *(uint8_t*)0x20023106 = 0; *(uint8_t*)0x20023107 = 0; *(uint8_t*)0x20023108 = 0; *(uint8_t*)0x20023109 = 0; *(uint8_t*)0x2002310a = 0; *(uint8_t*)0x2002310b = 0; *(uint8_t*)0x2002310c = 0; *(uint8_t*)0x2002310d = 0; *(uint8_t*)0x2002310e = 0; *(uint8_t*)0x2002310f = 0; *(uint8_t*)0x20023110 = 0; *(uint8_t*)0x20023111 = 0; *(uint8_t*)0x20023112 = 0; *(uint8_t*)0x20023113 = 0; *(uint8_t*)0x20023114 = 0; *(uint8_t*)0x20023115 = 0; *(uint8_t*)0x20023116 = 0; *(uint8_t*)0x20023117 = 0; *(uint8_t*)0x20023118 = 0; *(uint8_t*)0x20023119 = 0; *(uint8_t*)0x2002311a = 0; *(uint8_t*)0x2002311b = 0; *(uint8_t*)0x2002311c = 0; *(uint8_t*)0x2002311d = 0; *(uint8_t*)0x2002311e = 0; *(uint8_t*)0x2002311f = 0; *(uint8_t*)0x20023120 = 0; *(uint8_t*)0x20023121 = 0; *(uint8_t*)0x20023122 = 0; *(uint8_t*)0x20023123 = 0; *(uint8_t*)0x20023124 = 0; *(uint8_t*)0x20023125 = 0; *(uint8_t*)0x20023126 = 0; *(uint8_t*)0x20023127 = 0; *(uint8_t*)0x20023128 = 0; *(uint8_t*)0x20023129 = 0; *(uint8_t*)0x2002312a = 0; *(uint8_t*)0x2002312b = 0; *(uint8_t*)0x2002312c = 0; *(uint8_t*)0x2002312d = 0; *(uint8_t*)0x2002312e = 0; *(uint8_t*)0x2002312f = 0; *(uint8_t*)0x20023130 = 0; *(uint8_t*)0x20023131 = 0; *(uint8_t*)0x20023132 = 0; *(uint8_t*)0x20023133 = 0; *(uint8_t*)0x20023134 = 0; *(uint8_t*)0x20023135 = 0; *(uint8_t*)0x20023136 = 0; *(uint8_t*)0x20023137 = 0; *(uint8_t*)0x20023138 = 0; *(uint8_t*)0x20023139 = 0; *(uint8_t*)0x2002313a = 0; *(uint8_t*)0x2002313b = 0; *(uint8_t*)0x2002313c = 0; *(uint8_t*)0x2002313d = 0; *(uint8_t*)0x2002313e = 0; *(uint8_t*)0x2002313f = 0; *(uint8_t*)0x20023140 = 0; *(uint8_t*)0x20023141 = 0; *(uint8_t*)0x20023142 = 0; *(uint8_t*)0x20023143 = 0; *(uint8_t*)0x20023144 = 0; *(uint8_t*)0x20023145 = 0; *(uint8_t*)0x20023146 = 0; *(uint8_t*)0x20023147 = 0; *(uint8_t*)0x20023148 = 0; *(uint8_t*)0x20023149 = 0; *(uint8_t*)0x2002314a = 0; *(uint8_t*)0x2002314b = 0; *(uint32_t*)0x2002314c = 0; *(uint16_t*)0x20023150 = 0x1c0; *(uint16_t*)0x20023152 = 0x1e8; *(uint32_t*)0x20023154 = 0; *(uint64_t*)0x20023158 = 0; *(uint64_t*)0x20023160 = 0; *(uint16_t*)0x20023168 = 0x150; memcpy((void*)0x2002316a, "\x68\x61\x73\x68\x6c\x69\x6d\x69\x74\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20023187 = 2; memcpy((void*)0x20023188, "\x62\x63\x73\x68\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 255); *(uint64_t*)0x20023288 = 0; *(uint64_t*)0x20023290 = 0x1f; *(uint32_t*)0x20023298 = 0x42; *(uint32_t*)0x2002329c = 0; *(uint32_t*)0x200232a0 = 0; *(uint32_t*)0x200232a4 = 0x3f; *(uint32_t*)0x200232a8 = 4; *(uint8_t*)0x200232ac = 0; *(uint8_t*)0x200232ad = 0; *(uint64_t*)0x200232b0 = 0; *(uint16_t*)0x200232b8 = 0x28; memcpy((void*)0x200232ba, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200232d7 = 0; *(uint32_t*)0x200232d8 = 0; *(uint32_t*)0x200232e0 = htobe32(0x7f000001); *(uint8_t*)0x200232e4 = 0xac; *(uint8_t*)0x200232e5 = 0x14; *(uint8_t*)0x200232e6 = 0; *(uint8_t*)0x200232e7 = 0xbb; *(uint32_t*)0x200232e8 = htobe32(0); *(uint32_t*)0x200232ec = htobe32(0); memcpy((void*)0x200232f0, "\x64\x75\x6d\x6d\x79\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20023300 = 0x73; *(uint8_t*)0x20023301 = 0x79; *(uint8_t*)0x20023302 = 0x7a; *(uint8_t*)0x20023303 = 0; *(uint8_t*)0x20023304 = 0; *(uint8_t*)0x20023310 = 0; *(uint8_t*)0x20023311 = 0; *(uint8_t*)0x20023312 = 0; *(uint8_t*)0x20023313 = 0; *(uint8_t*)0x20023314 = 0; *(uint8_t*)0x20023315 = 0; *(uint8_t*)0x20023316 = 0; *(uint8_t*)0x20023317 = 0; *(uint8_t*)0x20023318 = 0; *(uint8_t*)0x20023319 = 0; *(uint8_t*)0x2002331a = 0; *(uint8_t*)0x2002331b = 0; *(uint8_t*)0x2002331c = 0; *(uint8_t*)0x2002331d = 0; *(uint8_t*)0x2002331e = 0; *(uint8_t*)0x2002331f = 0; *(uint8_t*)0x20023320 = 0; *(uint8_t*)0x20023321 = 0; *(uint8_t*)0x20023322 = 0; *(uint8_t*)0x20023323 = 0; *(uint8_t*)0x20023324 = 0; *(uint8_t*)0x20023325 = 0; *(uint8_t*)0x20023326 = 0; *(uint8_t*)0x20023327 = 0; *(uint8_t*)0x20023328 = 0; *(uint8_t*)0x20023329 = 0; *(uint8_t*)0x2002332a = 0; *(uint8_t*)0x2002332b = 0; *(uint8_t*)0x2002332c = 0; *(uint8_t*)0x2002332d = 0; *(uint8_t*)0x2002332e = 0; *(uint8_t*)0x2002332f = 0; *(uint16_t*)0x20023330 = 0; *(uint8_t*)0x20023332 = 0; *(uint8_t*)0x20023333 = 0; *(uint32_t*)0x20023334 = 0; *(uint16_t*)0x20023338 = 0x98; *(uint16_t*)0x2002333a = 0xc0; *(uint32_t*)0x2002333c = 0; *(uint64_t*)0x20023340 = 0; *(uint64_t*)0x20023348 = 0; *(uint16_t*)0x20023350 = 0x28; memcpy((void*)0x20023352, "\x74\x74\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2002336f = 0; *(uint8_t*)0x20023370 = 0; *(uint8_t*)0x20023371 = 0; *(uint16_t*)0x20023378 = 0x28; memcpy((void*)0x2002337a, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20023397 = 0; *(uint32_t*)0x20023398 = 0; *(uint8_t*)0x200233a0 = 0; *(uint8_t*)0x200233a1 = 0; *(uint8_t*)0x200233a2 = 0; *(uint8_t*)0x200233a3 = 0; *(uint8_t*)0x200233a4 = 0; *(uint8_t*)0x200233a5 = 0; *(uint8_t*)0x200233a6 = 0; *(uint8_t*)0x200233a7 = 0; *(uint8_t*)0x200233a8 = 0; *(uint8_t*)0x200233a9 = 0; *(uint8_t*)0x200233aa = 0; *(uint8_t*)0x200233ab = 0; *(uint8_t*)0x200233ac = 0; *(uint8_t*)0x200233ad = 0; *(uint8_t*)0x200233ae = 0; *(uint8_t*)0x200233af = 0; *(uint8_t*)0x200233b0 = 0; *(uint8_t*)0x200233b1 = 0; *(uint8_t*)0x200233b2 = 0; *(uint8_t*)0x200233b3 = 0; *(uint8_t*)0x200233b4 = 0; *(uint8_t*)0x200233b5 = 0; *(uint8_t*)0x200233b6 = 0; *(uint8_t*)0x200233b7 = 0; *(uint8_t*)0x200233b8 = 0; *(uint8_t*)0x200233b9 = 0; *(uint8_t*)0x200233ba = 0; *(uint8_t*)0x200233bb = 0; *(uint8_t*)0x200233bc = 0; *(uint8_t*)0x200233bd = 0; *(uint8_t*)0x200233be = 0; *(uint8_t*)0x200233bf = 0; *(uint8_t*)0x200233c0 = 0; *(uint8_t*)0x200233c1 = 0; *(uint8_t*)0x200233c2 = 0; *(uint8_t*)0x200233c3 = 0; *(uint8_t*)0x200233c4 = 0; *(uint8_t*)0x200233c5 = 0; *(uint8_t*)0x200233c6 = 0; *(uint8_t*)0x200233c7 = 0; *(uint8_t*)0x200233c8 = 0; *(uint8_t*)0x200233c9 = 0; *(uint8_t*)0x200233ca = 0; *(uint8_t*)0x200233cb = 0; *(uint8_t*)0x200233cc = 0; *(uint8_t*)0x200233cd = 0; *(uint8_t*)0x200233ce = 0; *(uint8_t*)0x200233cf = 0; *(uint8_t*)0x200233d0 = 0; *(uint8_t*)0x200233d1 = 0; *(uint8_t*)0x200233d2 = 0; *(uint8_t*)0x200233d3 = 0; *(uint8_t*)0x200233d4 = 0; *(uint8_t*)0x200233d5 = 0; *(uint8_t*)0x200233d6 = 0; *(uint8_t*)0x200233d7 = 0; *(uint8_t*)0x200233d8 = 0; *(uint8_t*)0x200233d9 = 0; *(uint8_t*)0x200233da = 0; *(uint8_t*)0x200233db = 0; *(uint8_t*)0x200233dc = 0; *(uint8_t*)0x200233dd = 0; *(uint8_t*)0x200233de = 0; *(uint8_t*)0x200233df = 0; *(uint8_t*)0x200233e0 = 0; *(uint8_t*)0x200233e1 = 0; *(uint8_t*)0x200233e2 = 0; *(uint8_t*)0x200233e3 = 0; *(uint8_t*)0x200233e4 = 0; *(uint8_t*)0x200233e5 = 0; *(uint8_t*)0x200233e6 = 0; *(uint8_t*)0x200233e7 = 0; *(uint8_t*)0x200233e8 = 0; *(uint8_t*)0x200233e9 = 0; *(uint8_t*)0x200233ea = 0; *(uint8_t*)0x200233eb = 0; *(uint8_t*)0x200233ec = 0; *(uint8_t*)0x200233ed = 0; *(uint8_t*)0x200233ee = 0; *(uint8_t*)0x200233ef = 0; *(uint8_t*)0x200233f0 = 0; *(uint8_t*)0x200233f1 = 0; *(uint8_t*)0x200233f2 = 0; *(uint8_t*)0x200233f3 = 0; *(uint32_t*)0x200233f4 = 0; *(uint16_t*)0x200233f8 = 0x70; *(uint16_t*)0x200233fa = 0x98; *(uint32_t*)0x200233fc = 0; *(uint64_t*)0x20023400 = 0; *(uint64_t*)0x20023408 = 0; *(uint16_t*)0x20023410 = 0x28; memcpy((void*)0x20023412, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2002342f = 0; *(uint32_t*)0x20023430 = 0xfffffffe; syscall(__NR_setsockopt, r[0], 0, 0x40, 0x20023000, 0x438); *(uint16_t*)0x20003ff0 = 2; *(uint16_t*)0x20003ff2 = 0; *(uint8_t*)0x20003ff4 = 0xac; *(uint8_t*)0x20003ff5 = 0x14; *(uint8_t*)0x20003ff6 = 0; *(uint8_t*)0x20003ff7 = 0; *(uint8_t*)0x20003ff8 = 0; *(uint8_t*)0x20003ff9 = 0; *(uint8_t*)0x20003ffa = 0; *(uint8_t*)0x20003ffb = 0; *(uint8_t*)0x20003ffc = 0; *(uint8_t*)0x20003ffd = 0; *(uint8_t*)0x20003ffe = 0; *(uint8_t*)0x20003fff = 0; syscall(__NR_connect, r[0], 0x20003ff0, 0x10); } int main() { for (;;) { loop(); } }