// https://syzkaller.appspot.com/bug?id=5b9d1e3232dc19d61832a76821bc5fc9b914b4cd // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } #define XT_TABLE_SIZE 1536 #define XT_MAX_ENTRIES 10 struct xt_counters { uint64_t pcnt, bcnt; }; struct ipt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_entries; unsigned int size; }; struct ipt_get_entries { char name[32]; unsigned int size; void* entrytable[XT_TABLE_SIZE / sizeof(void*)]; }; struct ipt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_counters; struct xt_counters* counters; char entrytable[XT_TABLE_SIZE]; }; struct ipt_table_desc { const char* name; struct ipt_getinfo info; struct ipt_replace replace; }; static struct ipt_table_desc ipv4_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; static struct ipt_table_desc ipv6_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; #define IPT_BASE_CTL 64 #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) #define IPT_SO_GET_INFO (IPT_BASE_CTL) #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) struct arpt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[3]; unsigned int underflow[3]; unsigned int num_entries; unsigned int size; }; struct arpt_get_entries { char name[32]; unsigned int size; void* entrytable[XT_TABLE_SIZE / sizeof(void*)]; }; struct arpt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[3]; unsigned int underflow[3]; unsigned int num_counters; struct xt_counters* counters; char entrytable[XT_TABLE_SIZE]; }; struct arpt_table_desc { const char* name; struct arpt_getinfo info; struct arpt_replace replace; }; static struct arpt_table_desc arpt_tables[] = { {.name = "filter"}, }; #define ARPT_BASE_CTL 96 #define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables, int family, int level) { struct ipt_get_entries entries; socklen_t optlen; int fd, i; fd = socket(family, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family); for (i = 0; i < num_tables; i++) { struct ipt_table_desc* table = &tables[i]; strcpy(table->info.name, table->name); strcpy(table->replace.name, table->name); optlen = sizeof(table->info); if (getsockopt(fd, level, IPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } fail("getsockopt(IPT_SO_GET_INFO)"); } if (table->info.size > sizeof(table->replace.entrytable)) fail("table size is too large: %u", table->info.size); if (table->info.num_entries > XT_MAX_ENTRIES) fail("too many counters: %u", table->info.num_entries); memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size; if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, entries.entrytable, table->info.size); } close(fd); } static void reset_iptables(struct ipt_table_desc* tables, int num_tables, int family, int level) { struct xt_counters counters[XT_MAX_ENTRIES]; struct ipt_get_entries entries; struct ipt_getinfo info; socklen_t optlen; int fd, i; fd = socket(family, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family); for (i = 0; i < num_tables; i++) { struct ipt_table_desc* table = &tables[i]; if (table->info.valid_hooks == 0) continue; memset(&info, 0, sizeof(info)); strcpy(info.name, table->name); optlen = sizeof(info); if (getsockopt(fd, level, IPT_SO_GET_INFO, &info, &optlen)) fail("getsockopt(IPT_SO_GET_INFO)"); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); if (memcmp(table->replace.entrytable, entries.entrytable, table->info.size) == 0) continue; } table->replace.num_counters = info.num_entries; table->replace.counters = counters; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, level, IPT_SO_SET_REPLACE, &table->replace, optlen)) fail("setsockopt(IPT_SO_SET_REPLACE)"); } close(fd); } static void checkpoint_arptables(void) { struct arpt_get_entries entries; socklen_t optlen; unsigned i; int fd; fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) { struct arpt_table_desc* table = &arpt_tables[i]; strcpy(table->info.name, table->name); strcpy(table->replace.name, table->name); optlen = sizeof(table->info); if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } fail("getsockopt(ARPT_SO_GET_INFO)"); } if (table->info.size > sizeof(table->replace.entrytable)) fail("table size is too large: %u", table->info.size); if (table->info.num_entries > XT_MAX_ENTRIES) fail("too many counters: %u", table->info.num_entries); memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size; if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(ARPT_SO_GET_ENTRIES)"); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, entries.entrytable, table->info.size); } close(fd); } static void reset_arptables() { struct xt_counters counters[XT_MAX_ENTRIES]; struct arpt_get_entries entries; struct arpt_getinfo info; socklen_t optlen; unsigned i; int fd; fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) { struct arpt_table_desc* table = &arpt_tables[i]; if (table->info.valid_hooks == 0) continue; memset(&info, 0, sizeof(info)); strcpy(info.name, table->name); optlen = sizeof(info); if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &info, &optlen)) fail("getsockopt(ARPT_SO_GET_INFO)"); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(ARPT_SO_GET_ENTRIES)"); if (memcmp(table->replace.entrytable, entries.entrytable, table->info.size) == 0) continue; } table->replace.num_counters = info.num_entries; table->replace.counters = counters; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, SOL_IP, ARPT_SO_SET_REPLACE, &table->replace, optlen)) fail("setsockopt(ARPT_SO_SET_REPLACE)"); } close(fd); } static void checkpoint_net_namespace(void) { checkpoint_arptables(); checkpoint_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP); checkpoint_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]), AF_INET6, SOL_IPV6); } static void reset_net_namespace(void) { reset_arptables(); reset_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP); reset_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]), AF_INET6, SOL_IPV6); } static void test(); void loop() { int iter; checkpoint_net_namespace(); for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) fail("loop fork failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } reset_net_namespace(); } } long r[2]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 2, 1, 0); *(uint32_t*)0x20a87ff4 = htobe32(0xe0000002); *(uint32_t*)0x20a87ff8 = htobe32(0x7f000001); *(uint32_t*)0x20a87ffc = htobe32(0xe0000002); syscall(__NR_setsockopt, r[0], 0, 0x27, 0x20a87ff4, 0xc); r[1] = syscall(__NR_socket, 0xa, 0x801, 0x84); memcpy((void*)0x20031c98, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20031cb8 = 0xe; *(uint32_t*)0x20031cbc = 4; *(uint32_t*)0x20031cc0 = 0x308; *(uint32_t*)0x20031cc4 = -1; *(uint32_t*)0x20031cc8 = 0x190; *(uint32_t*)0x20031ccc = 0x190; *(uint32_t*)0x20031cd0 = 0; *(uint32_t*)0x20031cd4 = -1; *(uint32_t*)0x20031cd8 = -1; *(uint32_t*)0x20031cdc = 0x270; *(uint32_t*)0x20031ce0 = 0x270; *(uint32_t*)0x20031ce4 = 0x270; *(uint32_t*)0x20031ce8 = -1; *(uint32_t*)0x20031cec = 4; *(uint64_t*)0x20031cf0 = 0x20003fc0; *(uint8_t*)0x20031cf8 = 0; *(uint8_t*)0x20031cf9 = 0; *(uint8_t*)0x20031cfa = 0; *(uint8_t*)0x20031cfb = 0; *(uint8_t*)0x20031cfc = 0; *(uint8_t*)0x20031cfd = 0; *(uint8_t*)0x20031cfe = 0; *(uint8_t*)0x20031cff = 0; *(uint8_t*)0x20031d00 = 0; *(uint8_t*)0x20031d01 = 0; *(uint8_t*)0x20031d02 = 0; *(uint8_t*)0x20031d03 = 0; *(uint8_t*)0x20031d04 = 0; *(uint8_t*)0x20031d05 = 0; *(uint8_t*)0x20031d06 = 0; *(uint8_t*)0x20031d07 = 0; *(uint8_t*)0x20031d08 = 0; *(uint8_t*)0x20031d09 = 0; *(uint8_t*)0x20031d0a = 0; *(uint8_t*)0x20031d0b = 0; *(uint8_t*)0x20031d0c = 0; *(uint8_t*)0x20031d0d = 0; *(uint8_t*)0x20031d0e = 0; *(uint8_t*)0x20031d0f = 0; *(uint8_t*)0x20031d10 = 0; *(uint8_t*)0x20031d11 = 0; *(uint8_t*)0x20031d12 = 0; *(uint8_t*)0x20031d13 = 0; *(uint8_t*)0x20031d14 = 0; *(uint8_t*)0x20031d15 = 0; *(uint8_t*)0x20031d16 = 0; *(uint8_t*)0x20031d17 = 0; *(uint8_t*)0x20031d18 = 0; *(uint8_t*)0x20031d19 = 0; *(uint8_t*)0x20031d1a = 0; *(uint8_t*)0x20031d1b = 0; *(uint8_t*)0x20031d1c = 0; *(uint8_t*)0x20031d1d = 0; *(uint8_t*)0x20031d1e = 0; *(uint8_t*)0x20031d1f = 0; *(uint8_t*)0x20031d20 = 0; *(uint8_t*)0x20031d21 = 0; *(uint8_t*)0x20031d22 = 0; *(uint8_t*)0x20031d23 = 0; *(uint8_t*)0x20031d24 = 0; *(uint8_t*)0x20031d25 = 0; *(uint8_t*)0x20031d26 = 0; *(uint8_t*)0x20031d27 = 0; *(uint8_t*)0x20031d28 = 0; *(uint8_t*)0x20031d29 = 0; *(uint8_t*)0x20031d2a = 0; *(uint8_t*)0x20031d2b = 0; *(uint8_t*)0x20031d2c = 0; *(uint8_t*)0x20031d2d = 0; *(uint8_t*)0x20031d2e = 0; *(uint8_t*)0x20031d2f = 0; *(uint8_t*)0x20031d30 = 0; *(uint8_t*)0x20031d31 = 0; *(uint8_t*)0x20031d32 = 0; *(uint8_t*)0x20031d33 = 0; *(uint8_t*)0x20031d34 = 0; *(uint8_t*)0x20031d35 = 0; *(uint8_t*)0x20031d36 = 0; *(uint8_t*)0x20031d37 = 0; *(uint8_t*)0x20031d38 = 0; *(uint8_t*)0x20031d39 = 0; *(uint8_t*)0x20031d3a = 0; *(uint8_t*)0x20031d3b = 0; *(uint8_t*)0x20031d3c = 0; *(uint8_t*)0x20031d3d = 0; *(uint8_t*)0x20031d3e = 0; *(uint8_t*)0x20031d3f = 0; *(uint8_t*)0x20031d40 = 0; *(uint8_t*)0x20031d41 = 0; *(uint8_t*)0x20031d42 = 0; *(uint8_t*)0x20031d43 = 0; *(uint8_t*)0x20031d44 = 0; *(uint8_t*)0x20031d45 = 0; *(uint8_t*)0x20031d46 = 0; *(uint8_t*)0x20031d47 = 0; *(uint8_t*)0x20031d48 = 0; *(uint8_t*)0x20031d49 = 0; *(uint8_t*)0x20031d4a = 0; *(uint8_t*)0x20031d4b = 0; *(uint32_t*)0x20031d4c = 0; *(uint16_t*)0x20031d50 = 0x70; *(uint16_t*)0x20031d52 = 0x98; *(uint32_t*)0x20031d54 = 0; *(uint64_t*)0x20031d58 = 0; *(uint64_t*)0x20031d60 = 0; *(uint16_t*)0x20031d68 = 0x28; memcpy((void*)0x20031d6a, "\x41\x55\x44\x49\x54\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20031d87 = 0; *(uint8_t*)0x20031d88 = 0; *(uint8_t*)0x20031d90 = 0; *(uint8_t*)0x20031d91 = 0; *(uint8_t*)0x20031d92 = 0; *(uint8_t*)0x20031d93 = 0; *(uint8_t*)0x20031d94 = 0; *(uint8_t*)0x20031d95 = 0; *(uint8_t*)0x20031d96 = 0; *(uint8_t*)0x20031d97 = 0; *(uint8_t*)0x20031d98 = 0; *(uint8_t*)0x20031d99 = 0; *(uint8_t*)0x20031d9a = 0; *(uint8_t*)0x20031d9b = 0; *(uint8_t*)0x20031d9c = 0; *(uint8_t*)0x20031d9d = 0; *(uint8_t*)0x20031d9e = 0; *(uint8_t*)0x20031d9f = 0; *(uint8_t*)0x20031da0 = 0; *(uint8_t*)0x20031da1 = 0; *(uint8_t*)0x20031da2 = 0; *(uint8_t*)0x20031da3 = 0; *(uint8_t*)0x20031da4 = 0; *(uint8_t*)0x20031da5 = 0; *(uint8_t*)0x20031da6 = 0; *(uint8_t*)0x20031da7 = 0; *(uint8_t*)0x20031da8 = 0; *(uint8_t*)0x20031da9 = 0; *(uint8_t*)0x20031daa = 0; *(uint8_t*)0x20031dab = 0; *(uint8_t*)0x20031dac = 0; *(uint8_t*)0x20031dad = 0; *(uint8_t*)0x20031dae = 0; *(uint8_t*)0x20031daf = 0; *(uint8_t*)0x20031db0 = 0; *(uint8_t*)0x20031db1 = 0; *(uint8_t*)0x20031db2 = 0; *(uint8_t*)0x20031db3 = 0; *(uint8_t*)0x20031db4 = 0; *(uint8_t*)0x20031db5 = 0; *(uint8_t*)0x20031db6 = 0; *(uint8_t*)0x20031db7 = 0; *(uint8_t*)0x20031db8 = 0; *(uint8_t*)0x20031db9 = 0; *(uint8_t*)0x20031dba = 0; *(uint8_t*)0x20031dbb = 0; *(uint8_t*)0x20031dbc = 0; *(uint8_t*)0x20031dbd = 0; *(uint8_t*)0x20031dbe = 0; *(uint8_t*)0x20031dbf = 0; *(uint8_t*)0x20031dc0 = 0; *(uint8_t*)0x20031dc1 = 0; *(uint8_t*)0x20031dc2 = 0; *(uint8_t*)0x20031dc3 = 0; *(uint8_t*)0x20031dc4 = 0; *(uint8_t*)0x20031dc5 = 0; *(uint8_t*)0x20031dc6 = 0; *(uint8_t*)0x20031dc7 = 0; *(uint8_t*)0x20031dc8 = 0; *(uint8_t*)0x20031dc9 = 0; *(uint8_t*)0x20031dca = 0; *(uint8_t*)0x20031dcb = 0; *(uint8_t*)0x20031dcc = 0; *(uint8_t*)0x20031dcd = 0; *(uint8_t*)0x20031dce = 0; *(uint8_t*)0x20031dcf = 0; *(uint8_t*)0x20031dd0 = 0; *(uint8_t*)0x20031dd1 = 0; *(uint8_t*)0x20031dd2 = 0; *(uint8_t*)0x20031dd3 = 0; *(uint8_t*)0x20031dd4 = 0; *(uint8_t*)0x20031dd5 = 0; *(uint8_t*)0x20031dd6 = 0; *(uint8_t*)0x20031dd7 = 0; *(uint8_t*)0x20031dd8 = 0; *(uint8_t*)0x20031dd9 = 0; *(uint8_t*)0x20031dda = 0; *(uint8_t*)0x20031ddb = 0; *(uint8_t*)0x20031ddc = 0; *(uint8_t*)0x20031ddd = 0; *(uint8_t*)0x20031dde = 0; *(uint8_t*)0x20031ddf = 0; *(uint8_t*)0x20031de0 = 0; *(uint8_t*)0x20031de1 = 0; *(uint8_t*)0x20031de2 = 0; *(uint8_t*)0x20031de3 = 0; *(uint32_t*)0x20031de4 = 0; *(uint16_t*)0x20031de8 = 0xc8; *(uint16_t*)0x20031dea = 0xf8; *(uint32_t*)0x20031dec = 0; *(uint64_t*)0x20031df0 = 0; *(uint64_t*)0x20031df8 = 0; *(uint16_t*)0x20031e00 = 0x28; memcpy((void*)0x20031e02, "\x63\x67\x72\x6f\x75\x70\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20031e1f = 0; *(uint32_t*)0x20031e20 = 0; *(uint32_t*)0x20031e24 = 0; *(uint16_t*)0x20031e28 = 0x30; memcpy((void*)0x20031e2a, "\x63\x6f\x6e\x6e\x6d\x61\x72\x6b\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20031e47 = 1; *(uint32_t*)0x20031e48 = 1; *(uint32_t*)0x20031e4c = 0; *(uint32_t*)0x20031e50 = 1; *(uint16_t*)0x20031e58 = 0x30; memcpy((void*)0x20031e5a, "\x43\x4f\x4e\x4e\x4d\x41\x52\x4b\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20031e77 = 1; *(uint32_t*)0x20031e78 = 0; *(uint32_t*)0x20031e7c = 0; *(uint32_t*)0x20031e80 = 0; *(uint8_t*)0x20031e84 = 0; *(uint8_t*)0x20031e88 = 0; *(uint8_t*)0x20031e89 = 0; *(uint8_t*)0x20031e8a = 0; *(uint8_t*)0x20031e8b = 0; *(uint8_t*)0x20031e8c = 0; *(uint8_t*)0x20031e8d = 0; *(uint8_t*)0x20031e8e = 0; *(uint8_t*)0x20031e8f = 0; *(uint8_t*)0x20031e90 = 0; *(uint8_t*)0x20031e91 = 0; *(uint8_t*)0x20031e92 = 0; *(uint8_t*)0x20031e93 = 0; *(uint8_t*)0x20031e94 = 0; *(uint8_t*)0x20031e95 = 0; *(uint8_t*)0x20031e96 = 0; *(uint8_t*)0x20031e97 = 0; *(uint8_t*)0x20031e98 = 0; *(uint8_t*)0x20031e99 = 0; *(uint8_t*)0x20031e9a = 0; *(uint8_t*)0x20031e9b = 0; *(uint8_t*)0x20031e9c = 0; *(uint8_t*)0x20031e9d = 0; *(uint8_t*)0x20031e9e = 0; *(uint8_t*)0x20031e9f = 0; *(uint8_t*)0x20031ea0 = 0; *(uint8_t*)0x20031ea1 = 0; *(uint8_t*)0x20031ea2 = 0; *(uint8_t*)0x20031ea3 = 0; *(uint8_t*)0x20031ea4 = 0; *(uint8_t*)0x20031ea5 = 0; *(uint8_t*)0x20031ea6 = 0; *(uint8_t*)0x20031ea7 = 0; *(uint8_t*)0x20031ea8 = 0; *(uint8_t*)0x20031ea9 = 0; *(uint8_t*)0x20031eaa = 0; *(uint8_t*)0x20031eab = 0; *(uint8_t*)0x20031eac = 0; *(uint8_t*)0x20031ead = 0; *(uint8_t*)0x20031eae = 0; *(uint8_t*)0x20031eaf = 0; *(uint8_t*)0x20031eb0 = 0; *(uint8_t*)0x20031eb1 = 0; *(uint8_t*)0x20031eb2 = 0; *(uint8_t*)0x20031eb3 = 0; *(uint8_t*)0x20031eb4 = 0; *(uint8_t*)0x20031eb5 = 0; *(uint8_t*)0x20031eb6 = 0; *(uint8_t*)0x20031eb7 = 0; *(uint8_t*)0x20031eb8 = 0; *(uint8_t*)0x20031eb9 = 0; *(uint8_t*)0x20031eba = 0; *(uint8_t*)0x20031ebb = 0; *(uint8_t*)0x20031ebc = 0; *(uint8_t*)0x20031ebd = 0; *(uint8_t*)0x20031ebe = 0; *(uint8_t*)0x20031ebf = 0; *(uint8_t*)0x20031ec0 = 0; *(uint8_t*)0x20031ec1 = 0; *(uint8_t*)0x20031ec2 = 0; *(uint8_t*)0x20031ec3 = 0; *(uint8_t*)0x20031ec4 = 0; *(uint8_t*)0x20031ec5 = 0; *(uint8_t*)0x20031ec6 = 0; *(uint8_t*)0x20031ec7 = 0; *(uint8_t*)0x20031ec8 = 0; *(uint8_t*)0x20031ec9 = 0; *(uint8_t*)0x20031eca = 0; *(uint8_t*)0x20031ecb = 0; *(uint8_t*)0x20031ecc = 0; *(uint8_t*)0x20031ecd = 0; *(uint8_t*)0x20031ece = 0; *(uint8_t*)0x20031ecf = 0; *(uint8_t*)0x20031ed0 = 0; *(uint8_t*)0x20031ed1 = 0; *(uint8_t*)0x20031ed2 = 0; *(uint8_t*)0x20031ed3 = 0; *(uint8_t*)0x20031ed4 = 0; *(uint8_t*)0x20031ed5 = 0; *(uint8_t*)0x20031ed6 = 0; *(uint8_t*)0x20031ed7 = 0; *(uint8_t*)0x20031ed8 = 0; *(uint8_t*)0x20031ed9 = 0; *(uint8_t*)0x20031eda = 0; *(uint8_t*)0x20031edb = 0; *(uint32_t*)0x20031edc = 0; *(uint16_t*)0x20031ee0 = 0x98; *(uint16_t*)0x20031ee2 = 0xe0; *(uint32_t*)0x20031ee4 = 0; *(uint64_t*)0x20031ee8 = 0; *(uint64_t*)0x20031ef0 = 0; *(uint16_t*)0x20031ef8 = 0x28; memcpy((void*)0x20031efa, "\x63\x6f\x6e\x6e\x6c\x61\x62\x65\x6c\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20031f17 = 0; *(uint16_t*)0x20031f18 = 0; *(uint16_t*)0x20031f1a = 0; *(uint16_t*)0x20031f20 = 0x48; memcpy((void*)0x20031f22, "\x54\x45\x45\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20031f3f = 1; *(uint8_t*)0x20031f40 = 0xfe; *(uint8_t*)0x20031f41 = 0x80; *(uint8_t*)0x20031f42 = 0; *(uint8_t*)0x20031f43 = 0; *(uint8_t*)0x20031f44 = 0; *(uint8_t*)0x20031f45 = 0; *(uint8_t*)0x20031f46 = 0; *(uint8_t*)0x20031f47 = 0; *(uint8_t*)0x20031f48 = 0; *(uint8_t*)0x20031f49 = 0; *(uint8_t*)0x20031f4a = 0; *(uint8_t*)0x20031f4b = 0; *(uint8_t*)0x20031f4c = 0; *(uint8_t*)0x20031f4d = 0; *(uint8_t*)0x20031f4e = 0; *(uint8_t*)0x20031f4f = 0xbb; *(uint8_t*)0x20031f50 = 0x73; *(uint8_t*)0x20031f51 = 0x79; *(uint8_t*)0x20031f52 = 0x7a; *(uint8_t*)0x20031f53 = 0; *(uint8_t*)0x20031f54 = 0; *(uint64_t*)0x20031f60 = 0; *(uint8_t*)0x20031f68 = 0; *(uint8_t*)0x20031f69 = 0; *(uint8_t*)0x20031f6a = 0; *(uint8_t*)0x20031f6b = 0; *(uint8_t*)0x20031f6c = 0; *(uint8_t*)0x20031f6d = 0; *(uint8_t*)0x20031f6e = 0; *(uint8_t*)0x20031f6f = 0; *(uint8_t*)0x20031f70 = 0; *(uint8_t*)0x20031f71 = 0; *(uint8_t*)0x20031f72 = 0; *(uint8_t*)0x20031f73 = 0; *(uint8_t*)0x20031f74 = 0; *(uint8_t*)0x20031f75 = 0; *(uint8_t*)0x20031f76 = 0; *(uint8_t*)0x20031f77 = 0; *(uint8_t*)0x20031f78 = 0; *(uint8_t*)0x20031f79 = 0; *(uint8_t*)0x20031f7a = 0; *(uint8_t*)0x20031f7b = 0; *(uint8_t*)0x20031f7c = 0; *(uint8_t*)0x20031f7d = 0; *(uint8_t*)0x20031f7e = 0; *(uint8_t*)0x20031f7f = 0; *(uint8_t*)0x20031f80 = 0; *(uint8_t*)0x20031f81 = 0; *(uint8_t*)0x20031f82 = 0; *(uint8_t*)0x20031f83 = 0; *(uint8_t*)0x20031f84 = 0; *(uint8_t*)0x20031f85 = 0; *(uint8_t*)0x20031f86 = 0; *(uint8_t*)0x20031f87 = 0; *(uint8_t*)0x20031f88 = 0; *(uint8_t*)0x20031f89 = 0; *(uint8_t*)0x20031f8a = 0; *(uint8_t*)0x20031f8b = 0; *(uint8_t*)0x20031f8c = 0; *(uint8_t*)0x20031f8d = 0; *(uint8_t*)0x20031f8e = 0; *(uint8_t*)0x20031f8f = 0; *(uint8_t*)0x20031f90 = 0; *(uint8_t*)0x20031f91 = 0; *(uint8_t*)0x20031f92 = 0; *(uint8_t*)0x20031f93 = 0; *(uint8_t*)0x20031f94 = 0; *(uint8_t*)0x20031f95 = 0; *(uint8_t*)0x20031f96 = 0; *(uint8_t*)0x20031f97 = 0; *(uint8_t*)0x20031f98 = 0; *(uint8_t*)0x20031f99 = 0; *(uint8_t*)0x20031f9a = 0; *(uint8_t*)0x20031f9b = 0; *(uint8_t*)0x20031f9c = 0; *(uint8_t*)0x20031f9d = 0; *(uint8_t*)0x20031f9e = 0; *(uint8_t*)0x20031f9f = 0; *(uint8_t*)0x20031fa0 = 0; *(uint8_t*)0x20031fa1 = 0; *(uint8_t*)0x20031fa2 = 0; *(uint8_t*)0x20031fa3 = 0; *(uint8_t*)0x20031fa4 = 0; *(uint8_t*)0x20031fa5 = 0; *(uint8_t*)0x20031fa6 = 0; *(uint8_t*)0x20031fa7 = 0; *(uint8_t*)0x20031fa8 = 0; *(uint8_t*)0x20031fa9 = 0; *(uint8_t*)0x20031faa = 0; *(uint8_t*)0x20031fab = 0; *(uint8_t*)0x20031fac = 0; *(uint8_t*)0x20031fad = 0; *(uint8_t*)0x20031fae = 0; *(uint8_t*)0x20031faf = 0; *(uint8_t*)0x20031fb0 = 0; *(uint8_t*)0x20031fb1 = 0; *(uint8_t*)0x20031fb2 = 0; *(uint8_t*)0x20031fb3 = 0; *(uint8_t*)0x20031fb4 = 0; *(uint8_t*)0x20031fb5 = 0; *(uint8_t*)0x20031fb6 = 0; *(uint8_t*)0x20031fb7 = 0; *(uint8_t*)0x20031fb8 = 0; *(uint8_t*)0x20031fb9 = 0; *(uint8_t*)0x20031fba = 0; *(uint8_t*)0x20031fbb = 0; *(uint32_t*)0x20031fbc = 0; *(uint16_t*)0x20031fc0 = 0x70; *(uint16_t*)0x20031fc2 = 0x98; *(uint32_t*)0x20031fc4 = 0; *(uint64_t*)0x20031fc8 = 0; *(uint64_t*)0x20031fd0 = 0; *(uint16_t*)0x20031fd8 = 0x28; memcpy((void*)0x20031fda, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20031ff7 = 0; *(uint32_t*)0x20031ff8 = 0xfffffffe; syscall(__NR_setsockopt, r[1], 0, 0x40, 0x20031c98, 0x368); } int main() { for (;;) { loop(); } }