// https://syzkaller.appspot.com/bug?id=5b9d1e3232dc19d61832a76821bc5fc9b914b4cd // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } #define XT_TABLE_SIZE 1536 #define XT_MAX_ENTRIES 10 struct xt_counters { uint64_t pcnt, bcnt; }; struct ipt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_entries; unsigned int size; }; struct ipt_get_entries { char name[32]; unsigned int size; void* entrytable[XT_TABLE_SIZE / sizeof(void*)]; }; struct ipt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_counters; struct xt_counters* counters; char entrytable[XT_TABLE_SIZE]; }; struct ipt_table_desc { const char* name; struct ipt_getinfo info; struct ipt_replace replace; }; static struct ipt_table_desc ipv4_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; static struct ipt_table_desc ipv6_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; #define IPT_BASE_CTL 64 #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) #define IPT_SO_GET_INFO (IPT_BASE_CTL) #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) struct arpt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[3]; unsigned int underflow[3]; unsigned int num_entries; unsigned int size; }; struct arpt_get_entries { char name[32]; unsigned int size; void* entrytable[XT_TABLE_SIZE / sizeof(void*)]; }; struct arpt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[3]; unsigned int underflow[3]; unsigned int num_counters; struct xt_counters* counters; char entrytable[XT_TABLE_SIZE]; }; struct arpt_table_desc { const char* name; struct arpt_getinfo info; struct arpt_replace replace; }; static struct arpt_table_desc arpt_tables[] = { {.name = "filter"}, }; #define ARPT_BASE_CTL 96 #define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables, int family, int level) { struct ipt_get_entries entries; socklen_t optlen; int fd, i; fd = socket(family, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family); for (i = 0; i < num_tables; i++) { struct ipt_table_desc* table = &tables[i]; strcpy(table->info.name, table->name); strcpy(table->replace.name, table->name); optlen = sizeof(table->info); if (getsockopt(fd, level, IPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } fail("getsockopt(IPT_SO_GET_INFO)"); } if (table->info.size > sizeof(table->replace.entrytable)) fail("table size is too large: %u", table->info.size); if (table->info.num_entries > XT_MAX_ENTRIES) fail("too many counters: %u", table->info.num_entries); memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size; if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, entries.entrytable, table->info.size); } close(fd); } static void reset_iptables(struct ipt_table_desc* tables, int num_tables, int family, int level) { struct xt_counters counters[XT_MAX_ENTRIES]; struct ipt_get_entries entries; struct ipt_getinfo info; socklen_t optlen; int fd, i; fd = socket(family, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family); for (i = 0; i < num_tables; i++) { struct ipt_table_desc* table = &tables[i]; if (table->info.valid_hooks == 0) continue; memset(&info, 0, sizeof(info)); strcpy(info.name, table->name); optlen = sizeof(info); if (getsockopt(fd, level, IPT_SO_GET_INFO, &info, &optlen)) fail("getsockopt(IPT_SO_GET_INFO)"); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); if (memcmp(table->replace.entrytable, entries.entrytable, table->info.size) == 0) continue; } table->replace.num_counters = info.num_entries; table->replace.counters = counters; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, level, IPT_SO_SET_REPLACE, &table->replace, optlen)) fail("setsockopt(IPT_SO_SET_REPLACE)"); } close(fd); } static void checkpoint_arptables(void) { struct arpt_get_entries entries; socklen_t optlen; unsigned i; int fd; fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) { struct arpt_table_desc* table = &arpt_tables[i]; strcpy(table->info.name, table->name); strcpy(table->replace.name, table->name); optlen = sizeof(table->info); if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } fail("getsockopt(ARPT_SO_GET_INFO)"); } if (table->info.size > sizeof(table->replace.entrytable)) fail("table size is too large: %u", table->info.size); if (table->info.num_entries > XT_MAX_ENTRIES) fail("too many counters: %u", table->info.num_entries); memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size; if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(ARPT_SO_GET_ENTRIES)"); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, entries.entrytable, table->info.size); } close(fd); } static void reset_arptables() { struct xt_counters counters[XT_MAX_ENTRIES]; struct arpt_get_entries entries; struct arpt_getinfo info; socklen_t optlen; unsigned i; int fd; fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) { struct arpt_table_desc* table = &arpt_tables[i]; if (table->info.valid_hooks == 0) continue; memset(&info, 0, sizeof(info)); strcpy(info.name, table->name); optlen = sizeof(info); if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &info, &optlen)) fail("getsockopt(ARPT_SO_GET_INFO)"); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { memset(&entries, 0, sizeof(entries)); strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(ARPT_SO_GET_ENTRIES)"); if (memcmp(table->replace.entrytable, entries.entrytable, table->info.size) == 0) continue; } table->replace.num_counters = info.num_entries; table->replace.counters = counters; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, SOL_IP, ARPT_SO_SET_REPLACE, &table->replace, optlen)) fail("setsockopt(ARPT_SO_SET_REPLACE)"); } close(fd); } static void checkpoint_net_namespace(void) { checkpoint_arptables(); checkpoint_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP); checkpoint_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]), AF_INET6, SOL_IPV6); } static void reset_net_namespace(void) { reset_arptables(); reset_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]), AF_INET, SOL_IP); reset_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]), AF_INET6, SOL_IPV6); } static void test(); void loop() { int iter; checkpoint_net_namespace(); for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) fail("loop fork failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } reset_net_namespace(); } } long r[2]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 2, 0x40000000001, 0); *(uint32_t*)0x20bc9f70 = 7; *(uint16_t*)0x20bc9f78 = 2; *(uint16_t*)0x20bc9f7a = 0; *(uint32_t*)0x20bc9f7c = htobe32(0xe0000002); *(uint8_t*)0x20bc9f80 = 0; *(uint8_t*)0x20bc9f81 = 0; *(uint8_t*)0x20bc9f82 = 0; *(uint8_t*)0x20bc9f83 = 0; *(uint8_t*)0x20bc9f84 = 0; *(uint8_t*)0x20bc9f85 = 0; *(uint8_t*)0x20bc9f86 = 0; *(uint8_t*)0x20bc9f87 = 0; *(uint64_t*)0x20bc9f88 = 0; *(uint64_t*)0x20bc9f90 = 0; *(uint64_t*)0x20bc9f98 = 0; *(uint64_t*)0x20bc9fa0 = 0; *(uint64_t*)0x20bc9fa8 = 0; *(uint64_t*)0x20bc9fb0 = 0; *(uint64_t*)0x20bc9fb8 = 0; *(uint64_t*)0x20bc9fc0 = 0; *(uint64_t*)0x20bc9fc8 = 0; *(uint64_t*)0x20bc9fd0 = 0; *(uint64_t*)0x20bc9fd8 = 0; *(uint64_t*)0x20bc9fe0 = 0; *(uint64_t*)0x20bc9fe8 = 0; *(uint64_t*)0x20bc9ff0 = 0; *(uint64_t*)0x20bc9ff8 = 0; syscall(__NR_setsockopt, r[0], 0, 0x2a, 0x20bc9f70, 0x90); r[1] = syscall(__NR_socket, 2, 0x200000000000003, 6); memcpy((void*)0x20347000, "\x6d\x61\x6e\x67\x6c\x65\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20347020 = 0x1f; *(uint32_t*)0x20347024 = 6; *(uint32_t*)0x20347028 = 0x400; *(uint32_t*)0x2034702c = 0x238; *(uint32_t*)0x20347030 = 0; *(uint32_t*)0x20347034 = 0xb8; *(uint32_t*)0x20347038 = 0x238; *(uint32_t*)0x2034703c = 0; *(uint32_t*)0x20347040 = 0x368; *(uint32_t*)0x20347044 = 0x368; *(uint32_t*)0x20347048 = 0x368; *(uint32_t*)0x2034704c = 0x368; *(uint32_t*)0x20347050 = 0x368; *(uint32_t*)0x20347054 = 6; *(uint64_t*)0x20347058 = 0x20369000; *(uint8_t*)0x20347060 = 0; *(uint8_t*)0x20347061 = 0; *(uint8_t*)0x20347062 = 0; *(uint8_t*)0x20347063 = 0; *(uint8_t*)0x20347064 = 0; *(uint8_t*)0x20347065 = 0; *(uint8_t*)0x20347066 = 0; *(uint8_t*)0x20347067 = 0; *(uint8_t*)0x20347068 = 0; *(uint8_t*)0x20347069 = 0; *(uint8_t*)0x2034706a = 0; *(uint8_t*)0x2034706b = 0; *(uint8_t*)0x2034706c = 0; *(uint8_t*)0x2034706d = 0; *(uint8_t*)0x2034706e = 0; *(uint8_t*)0x2034706f = 0; *(uint8_t*)0x20347070 = 0; *(uint8_t*)0x20347071 = 0; *(uint8_t*)0x20347072 = 0; *(uint8_t*)0x20347073 = 0; *(uint8_t*)0x20347074 = 0; *(uint8_t*)0x20347075 = 0; *(uint8_t*)0x20347076 = 0; *(uint8_t*)0x20347077 = 0; *(uint8_t*)0x20347078 = 0; *(uint8_t*)0x20347079 = 0; *(uint8_t*)0x2034707a = 0; *(uint8_t*)0x2034707b = 0; *(uint8_t*)0x2034707c = 0; *(uint8_t*)0x2034707d = 0; *(uint8_t*)0x2034707e = 0; *(uint8_t*)0x2034707f = 0; *(uint8_t*)0x20347080 = 0; *(uint8_t*)0x20347081 = 0; *(uint8_t*)0x20347082 = 0; *(uint8_t*)0x20347083 = 0; *(uint8_t*)0x20347084 = 0; *(uint8_t*)0x20347085 = 0; *(uint8_t*)0x20347086 = 0; *(uint8_t*)0x20347087 = 0; *(uint8_t*)0x20347088 = 0; *(uint8_t*)0x20347089 = 0; *(uint8_t*)0x2034708a = 0; *(uint8_t*)0x2034708b = 0; *(uint8_t*)0x2034708c = 0; *(uint8_t*)0x2034708d = 0; *(uint8_t*)0x2034708e = 0; *(uint8_t*)0x2034708f = 0; *(uint8_t*)0x20347090 = 0; *(uint8_t*)0x20347091 = 0; *(uint8_t*)0x20347092 = 0; *(uint8_t*)0x20347093 = 0; *(uint8_t*)0x20347094 = 0; *(uint8_t*)0x20347095 = 0; *(uint8_t*)0x20347096 = 0; *(uint8_t*)0x20347097 = 0; *(uint8_t*)0x20347098 = 0; *(uint8_t*)0x20347099 = 0; *(uint8_t*)0x2034709a = 0; *(uint8_t*)0x2034709b = 0; *(uint8_t*)0x2034709c = 0; *(uint8_t*)0x2034709d = 0; *(uint8_t*)0x2034709e = 0; *(uint8_t*)0x2034709f = 0; *(uint8_t*)0x203470a0 = 0; *(uint8_t*)0x203470a1 = 0; *(uint8_t*)0x203470a2 = 0; *(uint8_t*)0x203470a3 = 0; *(uint8_t*)0x203470a4 = 0; *(uint8_t*)0x203470a5 = 0; *(uint8_t*)0x203470a6 = 0; *(uint8_t*)0x203470a7 = 0; *(uint8_t*)0x203470a8 = 0; *(uint8_t*)0x203470a9 = 0; *(uint8_t*)0x203470aa = 0; *(uint8_t*)0x203470ab = 0; *(uint8_t*)0x203470ac = 0; *(uint8_t*)0x203470ad = 0; *(uint8_t*)0x203470ae = 0; *(uint8_t*)0x203470af = 0; *(uint8_t*)0x203470b0 = 0; *(uint8_t*)0x203470b1 = 0; *(uint8_t*)0x203470b2 = 0; *(uint8_t*)0x203470b3 = 0; *(uint32_t*)0x203470b4 = 0; *(uint16_t*)0x203470b8 = 0x70; *(uint16_t*)0x203470ba = 0xb8; *(uint32_t*)0x203470bc = 0; *(uint64_t*)0x203470c0 = 0; *(uint64_t*)0x203470c8 = 0; *(uint16_t*)0x203470d0 = 0x48; memcpy((void*)0x203470d2, "\x54\x45\x45\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x203470ef = 1; *(uint8_t*)0x203470f0 = 0xfe; *(uint8_t*)0x203470f1 = 0x80; *(uint8_t*)0x203470f2 = 0; *(uint8_t*)0x203470f3 = 0; *(uint8_t*)0x203470f4 = 0; *(uint8_t*)0x203470f5 = 0; *(uint8_t*)0x203470f6 = 0; *(uint8_t*)0x203470f7 = 0; *(uint8_t*)0x203470f8 = 0; *(uint8_t*)0x203470f9 = 0; *(uint8_t*)0x203470fa = 0; *(uint8_t*)0x203470fb = 0; *(uint8_t*)0x203470fc = 0; *(uint8_t*)0x203470fd = 0; *(uint8_t*)0x203470fe = 0; *(uint8_t*)0x203470ff = 0xaa; memcpy((void*)0x20347100, "\x69\x70\x64\x64\x70\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint64_t*)0x20347110 = 0; *(uint32_t*)0x20347118 = htobe32(0xe0000002); *(uint32_t*)0x2034711c = htobe32(0xe0000001); *(uint32_t*)0x20347120 = htobe32(0); *(uint32_t*)0x20347124 = htobe32(0); memcpy((void*)0x20347128, "\xe9\x0e\x2c\x66\x9d\xce\xd8\xe4\x10\x24\xb4\xf1\xb1\x79\x84\x0c", 16); memcpy((void*)0x20347138, "\x79\x61\x6d\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20347148 = 0; *(uint8_t*)0x20347149 = 0; *(uint8_t*)0x2034714a = 0; *(uint8_t*)0x2034714b = 0; *(uint8_t*)0x2034714c = 0; *(uint8_t*)0x2034714d = 0; *(uint8_t*)0x2034714e = 0; *(uint8_t*)0x2034714f = 0; *(uint8_t*)0x20347150 = 0; *(uint8_t*)0x20347151 = 0; *(uint8_t*)0x20347152 = 0; *(uint8_t*)0x20347153 = 0; *(uint8_t*)0x20347154 = 0; *(uint8_t*)0x20347155 = 0; *(uint8_t*)0x20347156 = 0; *(uint8_t*)0x20347157 = 0; *(uint8_t*)0x20347158 = 0; *(uint8_t*)0x20347159 = 0; *(uint8_t*)0x2034715a = 0; *(uint8_t*)0x2034715b = 0; *(uint8_t*)0x2034715c = 0; *(uint8_t*)0x2034715d = 0; *(uint8_t*)0x2034715e = 0; *(uint8_t*)0x2034715f = 0; *(uint8_t*)0x20347160 = 0; *(uint8_t*)0x20347161 = 0; *(uint8_t*)0x20347162 = 0; *(uint8_t*)0x20347163 = 0; *(uint8_t*)0x20347164 = 0; *(uint8_t*)0x20347165 = 0; *(uint8_t*)0x20347166 = 0; *(uint8_t*)0x20347167 = 0; *(uint16_t*)0x20347168 = 0; *(uint8_t*)0x2034716a = 0; *(uint8_t*)0x2034716b = 0; *(uint32_t*)0x2034716c = 0; *(uint16_t*)0x20347170 = 0x98; *(uint16_t*)0x20347172 = 0xc0; *(uint32_t*)0x20347174 = 0; *(uint64_t*)0x20347178 = 0; *(uint64_t*)0x20347180 = 0; *(uint16_t*)0x20347188 = 0x28; memcpy((void*)0x2034718a, "\x74\x74\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x203471a7 = 0; *(uint8_t*)0x203471a8 = 0; *(uint8_t*)0x203471a9 = 0; *(uint16_t*)0x203471b0 = 0x28; memcpy((void*)0x203471b2, "\x43\x48\x45\x43\x4b\x53\x55\x4d\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x203471cf = 0; *(uint8_t*)0x203471d0 = 1; *(uint8_t*)0x203471d8 = 0; *(uint8_t*)0x203471d9 = 0; *(uint8_t*)0x203471da = 0; *(uint8_t*)0x203471db = 0; *(uint8_t*)0x203471dc = 0; *(uint8_t*)0x203471dd = 0; *(uint8_t*)0x203471de = 0; *(uint8_t*)0x203471df = 0; *(uint8_t*)0x203471e0 = 0; *(uint8_t*)0x203471e1 = 0; *(uint8_t*)0x203471e2 = 0; *(uint8_t*)0x203471e3 = 0; *(uint8_t*)0x203471e4 = 0; *(uint8_t*)0x203471e5 = 0; *(uint8_t*)0x203471e6 = 0; *(uint8_t*)0x203471e7 = 0; *(uint8_t*)0x203471e8 = 0; *(uint8_t*)0x203471e9 = 0; *(uint8_t*)0x203471ea = 0; *(uint8_t*)0x203471eb = 0; *(uint8_t*)0x203471ec = 0; *(uint8_t*)0x203471ed = 0; *(uint8_t*)0x203471ee = 0; *(uint8_t*)0x203471ef = 0; *(uint8_t*)0x203471f0 = 0; *(uint8_t*)0x203471f1 = 0; *(uint8_t*)0x203471f2 = 0; *(uint8_t*)0x203471f3 = 0; *(uint8_t*)0x203471f4 = 0; *(uint8_t*)0x203471f5 = 0; *(uint8_t*)0x203471f6 = 0; *(uint8_t*)0x203471f7 = 0; *(uint8_t*)0x203471f8 = 0; *(uint8_t*)0x203471f9 = 0; *(uint8_t*)0x203471fa = 0; *(uint8_t*)0x203471fb = 0; *(uint8_t*)0x203471fc = 0; *(uint8_t*)0x203471fd = 0; *(uint8_t*)0x203471fe = 0; *(uint8_t*)0x203471ff = 0; *(uint8_t*)0x20347200 = 0; *(uint8_t*)0x20347201 = 0; *(uint8_t*)0x20347202 = 0; *(uint8_t*)0x20347203 = 0; *(uint8_t*)0x20347204 = 0; *(uint8_t*)0x20347205 = 0; *(uint8_t*)0x20347206 = 0; *(uint8_t*)0x20347207 = 0; *(uint8_t*)0x20347208 = 0; *(uint8_t*)0x20347209 = 0; *(uint8_t*)0x2034720a = 0; *(uint8_t*)0x2034720b = 0; *(uint8_t*)0x2034720c = 0; *(uint8_t*)0x2034720d = 0; *(uint8_t*)0x2034720e = 0; *(uint8_t*)0x2034720f = 0; *(uint8_t*)0x20347210 = 0; *(uint8_t*)0x20347211 = 0; *(uint8_t*)0x20347212 = 0; *(uint8_t*)0x20347213 = 0; *(uint8_t*)0x20347214 = 0; *(uint8_t*)0x20347215 = 0; *(uint8_t*)0x20347216 = 0; *(uint8_t*)0x20347217 = 0; *(uint8_t*)0x20347218 = 0; *(uint8_t*)0x20347219 = 0; *(uint8_t*)0x2034721a = 0; *(uint8_t*)0x2034721b = 0; *(uint8_t*)0x2034721c = 0; *(uint8_t*)0x2034721d = 0; *(uint8_t*)0x2034721e = 0; *(uint8_t*)0x2034721f = 0; *(uint8_t*)0x20347220 = 0; *(uint8_t*)0x20347221 = 0; *(uint8_t*)0x20347222 = 0; *(uint8_t*)0x20347223 = 0; *(uint8_t*)0x20347224 = 0; *(uint8_t*)0x20347225 = 0; *(uint8_t*)0x20347226 = 0; *(uint8_t*)0x20347227 = 0; *(uint8_t*)0x20347228 = 0; *(uint8_t*)0x20347229 = 0; *(uint8_t*)0x2034722a = 0; *(uint8_t*)0x2034722b = 0; *(uint32_t*)0x2034722c = 0; *(uint16_t*)0x20347230 = 0x98; *(uint16_t*)0x20347232 = 0xc0; *(uint32_t*)0x20347234 = 0; *(uint64_t*)0x20347238 = 0; *(uint64_t*)0x20347240 = 0; *(uint16_t*)0x20347248 = 0x28; memcpy((void*)0x2034724a, "\x74\x74\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20347267 = 0; *(uint8_t*)0x20347268 = 0; *(uint8_t*)0x20347269 = 0; *(uint16_t*)0x20347270 = 0x28; memcpy((void*)0x20347272, "\x44\x53\x43\x50\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2034728f = 0; *(uint8_t*)0x20347290 = 0; *(uint8_t*)0x20347298 = 0; *(uint8_t*)0x20347299 = 0; *(uint8_t*)0x2034729a = 0; *(uint8_t*)0x2034729b = 0; *(uint8_t*)0x2034729c = 0; *(uint8_t*)0x2034729d = 0; *(uint8_t*)0x2034729e = 0; *(uint8_t*)0x2034729f = 0; *(uint8_t*)0x203472a0 = 0; *(uint8_t*)0x203472a1 = 0; *(uint8_t*)0x203472a2 = 0; *(uint8_t*)0x203472a3 = 0; *(uint8_t*)0x203472a4 = 0; *(uint8_t*)0x203472a5 = 0; *(uint8_t*)0x203472a6 = 0; *(uint8_t*)0x203472a7 = 0; *(uint8_t*)0x203472a8 = 0; *(uint8_t*)0x203472a9 = 0; *(uint8_t*)0x203472aa = 0; *(uint8_t*)0x203472ab = 0; *(uint8_t*)0x203472ac = 0; *(uint8_t*)0x203472ad = 0; *(uint8_t*)0x203472ae = 0; *(uint8_t*)0x203472af = 0; *(uint8_t*)0x203472b0 = 0; *(uint8_t*)0x203472b1 = 0; *(uint8_t*)0x203472b2 = 0; *(uint8_t*)0x203472b3 = 0; *(uint8_t*)0x203472b4 = 0; *(uint8_t*)0x203472b5 = 0; *(uint8_t*)0x203472b6 = 0; *(uint8_t*)0x203472b7 = 0; *(uint8_t*)0x203472b8 = 0; *(uint8_t*)0x203472b9 = 0; *(uint8_t*)0x203472ba = 0; *(uint8_t*)0x203472bb = 0; *(uint8_t*)0x203472bc = 0; *(uint8_t*)0x203472bd = 0; *(uint8_t*)0x203472be = 0; *(uint8_t*)0x203472bf = 0; *(uint8_t*)0x203472c0 = 0; *(uint8_t*)0x203472c1 = 0; *(uint8_t*)0x203472c2 = 0; *(uint8_t*)0x203472c3 = 0; *(uint8_t*)0x203472c4 = 0; *(uint8_t*)0x203472c5 = 0; *(uint8_t*)0x203472c6 = 0; *(uint8_t*)0x203472c7 = 0; *(uint8_t*)0x203472c8 = 0; *(uint8_t*)0x203472c9 = 0; *(uint8_t*)0x203472ca = 0; *(uint8_t*)0x203472cb = 0; *(uint8_t*)0x203472cc = 0; *(uint8_t*)0x203472cd = 0; *(uint8_t*)0x203472ce = 0; *(uint8_t*)0x203472cf = 0; *(uint8_t*)0x203472d0 = 0; *(uint8_t*)0x203472d1 = 0; *(uint8_t*)0x203472d2 = 0; *(uint8_t*)0x203472d3 = 0; *(uint8_t*)0x203472d4 = 0; *(uint8_t*)0x203472d5 = 0; *(uint8_t*)0x203472d6 = 0; *(uint8_t*)0x203472d7 = 0; *(uint8_t*)0x203472d8 = 0; *(uint8_t*)0x203472d9 = 0; *(uint8_t*)0x203472da = 0; *(uint8_t*)0x203472db = 0; *(uint8_t*)0x203472dc = 0; *(uint8_t*)0x203472dd = 0; *(uint8_t*)0x203472de = 0; *(uint8_t*)0x203472df = 0; *(uint8_t*)0x203472e0 = 0; *(uint8_t*)0x203472e1 = 0; *(uint8_t*)0x203472e2 = 0; *(uint8_t*)0x203472e3 = 0; *(uint8_t*)0x203472e4 = 0; *(uint8_t*)0x203472e5 = 0; *(uint8_t*)0x203472e6 = 0; *(uint8_t*)0x203472e7 = 0; *(uint8_t*)0x203472e8 = 0; *(uint8_t*)0x203472e9 = 0; *(uint8_t*)0x203472ea = 0; *(uint8_t*)0x203472eb = 0; *(uint32_t*)0x203472ec = 0; *(uint16_t*)0x203472f0 = 0x70; *(uint16_t*)0x203472f2 = 0x98; *(uint32_t*)0x203472f4 = 0; *(uint64_t*)0x203472f8 = 0; *(uint64_t*)0x20347300 = 0; *(uint16_t*)0x20347308 = 0x28; memcpy((void*)0x2034730a, "\x54\x54\x4c\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20347327 = 0; *(uint8_t*)0x20347328 = 2; *(uint8_t*)0x20347329 = 2; *(uint32_t*)0x20347330 = htobe32(0); *(uint8_t*)0x20347334 = 0xac; *(uint8_t*)0x20347335 = 0x14; *(uint8_t*)0x20347336 = 0; *(uint8_t*)0x20347337 = 0xaa; *(uint32_t*)0x20347338 = htobe32(0); *(uint32_t*)0x2034733c = htobe32(0); *(uint8_t*)0x20347340 = 0x73; *(uint8_t*)0x20347341 = 0x79; *(uint8_t*)0x20347342 = 0x7a; *(uint8_t*)0x20347343 = 0; *(uint8_t*)0x20347344 = 0; memcpy((void*)0x20347350, "\xa3\x6c\xdf\xe8\xc2\x8e\xd7\xe6\x38\x72\xf2\xc2\x62\x13\xd4\x9e", 16); *(uint8_t*)0x20347360 = 0; *(uint8_t*)0x20347361 = 0; *(uint8_t*)0x20347362 = 0; *(uint8_t*)0x20347363 = 0; *(uint8_t*)0x20347364 = 0; *(uint8_t*)0x20347365 = 0; *(uint8_t*)0x20347366 = 0; *(uint8_t*)0x20347367 = 0; *(uint8_t*)0x20347368 = 0; *(uint8_t*)0x20347369 = 0; *(uint8_t*)0x2034736a = 0; *(uint8_t*)0x2034736b = 0; *(uint8_t*)0x2034736c = 0; *(uint8_t*)0x2034736d = 0; *(uint8_t*)0x2034736e = 0; *(uint8_t*)0x2034736f = 0; *(uint8_t*)0x20347370 = 0; *(uint8_t*)0x20347371 = 0; *(uint8_t*)0x20347372 = 0; *(uint8_t*)0x20347373 = 0; *(uint8_t*)0x20347374 = 0; *(uint8_t*)0x20347375 = 0; *(uint8_t*)0x20347376 = 0; *(uint8_t*)0x20347377 = 0; *(uint8_t*)0x20347378 = 0; *(uint8_t*)0x20347379 = 0; *(uint8_t*)0x2034737a = 0; *(uint8_t*)0x2034737b = 0; *(uint8_t*)0x2034737c = 0; *(uint8_t*)0x2034737d = 0; *(uint8_t*)0x2034737e = 0; *(uint8_t*)0x2034737f = 0; *(uint16_t*)0x20347380 = 0; *(uint8_t*)0x20347382 = 0; *(uint8_t*)0x20347383 = 0; *(uint32_t*)0x20347384 = 0; *(uint16_t*)0x20347388 = 0x70; *(uint16_t*)0x2034738a = 0x98; *(uint32_t*)0x2034738c = 0; *(uint64_t*)0x20347390 = 0; *(uint64_t*)0x20347398 = 0; *(uint16_t*)0x203473a0 = 0x28; memcpy((void*)0x203473a2, "\x43\x48\x45\x43\x4b\x53\x55\x4d\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x203473bf = 0; *(uint8_t*)0x203473c0 = 1; *(uint8_t*)0x203473c8 = 0; *(uint8_t*)0x203473c9 = 0; *(uint8_t*)0x203473ca = 0; *(uint8_t*)0x203473cb = 0; *(uint8_t*)0x203473cc = 0; *(uint8_t*)0x203473cd = 0; *(uint8_t*)0x203473ce = 0; *(uint8_t*)0x203473cf = 0; *(uint8_t*)0x203473d0 = 0; *(uint8_t*)0x203473d1 = 0; *(uint8_t*)0x203473d2 = 0; *(uint8_t*)0x203473d3 = 0; *(uint8_t*)0x203473d4 = 0; *(uint8_t*)0x203473d5 = 0; *(uint8_t*)0x203473d6 = 0; *(uint8_t*)0x203473d7 = 0; *(uint8_t*)0x203473d8 = 0; *(uint8_t*)0x203473d9 = 0; *(uint8_t*)0x203473da = 0; *(uint8_t*)0x203473db = 0; *(uint8_t*)0x203473dc = 0; *(uint8_t*)0x203473dd = 0; *(uint8_t*)0x203473de = 0; *(uint8_t*)0x203473df = 0; *(uint8_t*)0x203473e0 = 0; *(uint8_t*)0x203473e1 = 0; *(uint8_t*)0x203473e2 = 0; *(uint8_t*)0x203473e3 = 0; *(uint8_t*)0x203473e4 = 0; *(uint8_t*)0x203473e5 = 0; *(uint8_t*)0x203473e6 = 0; *(uint8_t*)0x203473e7 = 0; *(uint8_t*)0x203473e8 = 0; *(uint8_t*)0x203473e9 = 0; *(uint8_t*)0x203473ea = 0; *(uint8_t*)0x203473eb = 0; *(uint8_t*)0x203473ec = 0; *(uint8_t*)0x203473ed = 0; *(uint8_t*)0x203473ee = 0; *(uint8_t*)0x203473ef = 0; *(uint8_t*)0x203473f0 = 0; *(uint8_t*)0x203473f1 = 0; *(uint8_t*)0x203473f2 = 0; *(uint8_t*)0x203473f3 = 0; *(uint8_t*)0x203473f4 = 0; *(uint8_t*)0x203473f5 = 0; *(uint8_t*)0x203473f6 = 0; *(uint8_t*)0x203473f7 = 0; *(uint8_t*)0x203473f8 = 0; *(uint8_t*)0x203473f9 = 0; *(uint8_t*)0x203473fa = 0; *(uint8_t*)0x203473fb = 0; *(uint8_t*)0x203473fc = 0; *(uint8_t*)0x203473fd = 0; *(uint8_t*)0x203473fe = 0; *(uint8_t*)0x203473ff = 0; *(uint8_t*)0x20347400 = 0; *(uint8_t*)0x20347401 = 0; *(uint8_t*)0x20347402 = 0; *(uint8_t*)0x20347403 = 0; *(uint8_t*)0x20347404 = 0; *(uint8_t*)0x20347405 = 0; *(uint8_t*)0x20347406 = 0; *(uint8_t*)0x20347407 = 0; *(uint8_t*)0x20347408 = 0; *(uint8_t*)0x20347409 = 0; *(uint8_t*)0x2034740a = 0; *(uint8_t*)0x2034740b = 0; *(uint8_t*)0x2034740c = 0; *(uint8_t*)0x2034740d = 0; *(uint8_t*)0x2034740e = 0; *(uint8_t*)0x2034740f = 0; *(uint8_t*)0x20347410 = 0; *(uint8_t*)0x20347411 = 0; *(uint8_t*)0x20347412 = 0; *(uint8_t*)0x20347413 = 0; *(uint8_t*)0x20347414 = 0; *(uint8_t*)0x20347415 = 0; *(uint8_t*)0x20347416 = 0; *(uint8_t*)0x20347417 = 0; *(uint8_t*)0x20347418 = 0; *(uint8_t*)0x20347419 = 0; *(uint8_t*)0x2034741a = 0; *(uint8_t*)0x2034741b = 0; *(uint32_t*)0x2034741c = 0; *(uint16_t*)0x20347420 = 0x70; *(uint16_t*)0x20347422 = 0x98; *(uint32_t*)0x20347424 = 0; *(uint64_t*)0x20347428 = 0; *(uint64_t*)0x20347430 = 0; *(uint16_t*)0x20347438 = 0x28; memcpy((void*)0x2034743a, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20347457 = 0; *(uint32_t*)0x20347458 = 0xfffffffe; syscall(__NR_setsockopt, r[1], 0, 0x40, 0x20347000, 0x460); } int main() { for (;;) { loop(); } }