// https://syzkaller.appspot.com/bug?id=a7b1b5472279cda10aa7957cabf6f1d6d7e6fa2a // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } struct ipt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_entries; unsigned int size; }; struct ipt_get_entries { char name[32]; unsigned int size; void* entrytable[1024 / sizeof(void*)]; }; struct xt_counters { uint64_t pcnt, bcnt; }; struct ipt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_counters; struct xt_counters* counters; char entrytable[1024]; }; struct ipt_table_desc { const char* name; struct ipt_getinfo info; struct ipt_get_entries entries; struct ipt_replace replace; struct xt_counters counters[10]; }; static struct ipt_table_desc ipv4_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; #define IPT_BASE_CTL 64 #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) #define IPT_SO_GET_INFO (IPT_BASE_CTL) #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) static void checkpoint_net_namespace(void) { socklen_t optlen; unsigned i; int fd; fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(ipv4_tables) / sizeof(ipv4_tables[0]); i++) { struct ipt_table_desc* table = &ipv4_tables[i]; strcpy(table->info.name, table->name); strcpy(table->entries.name, table->name); strcpy(table->replace.name, table->name); optlen = sizeof(table->info); if (getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } fail("getsockopt(IPT_SO_GET_INFO)"); } if (table->info.size > sizeof(table->entries.entrytable)) fail("table size is too large: %u", table->info.size); if (table->info.num_entries > sizeof(table->counters) / sizeof(table->counters[0])) fail("too many counters: %u", table->info.num_entries); table->entries.size = table->info.size; optlen = sizeof(table->entries) - sizeof(table->entries.entrytable) + table->info.size; if (getsockopt(fd, SOL_IP, IPT_SO_GET_ENTRIES, &table->entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.counters = table->counters; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, table->entries.entrytable, table->info.size); } close(fd); } static void reset_net_namespace(void) { struct ipt_get_entries entries; struct ipt_getinfo info; socklen_t optlen; unsigned i; int fd; memset(&info, 0, sizeof(info)); memset(&entries, 0, sizeof(entries)); fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(ipv4_tables) / sizeof(ipv4_tables[0]); i++) { struct ipt_table_desc* table = &ipv4_tables[i]; if (table->info.valid_hooks == 0) continue; strcpy(info.name, table->name); optlen = sizeof(info); if (getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &info, &optlen)) fail("getsockopt(IPT_SO_GET_INFO)"); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, SOL_IP, IPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); if (memcmp(&table->entries, &entries, optlen) == 0) continue; } table->replace.num_counters = info.num_entries; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, SOL_IP, IPT_SO_SET_REPLACE, &table->replace, optlen)) fail("setsockopt(IPT_SO_SET_REPLACE)"); } close(fd); } static void test(); void loop() { int iter; checkpoint_net_namespace(); for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) fail("loop fork failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } reset_net_namespace(); } } long r[2]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0xa, 2, 0); memcpy((void*)0x20004c28, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20004c48 = 0xe; *(uint32_t*)0x20004c4c = 4; *(uint32_t*)0x20004c50 = 0x360; *(uint32_t*)0x20004c54 = -1; *(uint32_t*)0x20004c58 = 0; *(uint32_t*)0x20004c5c = 0; *(uint32_t*)0x20004c60 = 0; *(uint32_t*)0x20004c64 = -1; *(uint32_t*)0x20004c68 = -1; *(uint32_t*)0x20004c6c = 0; *(uint32_t*)0x20004c70 = 0; *(uint32_t*)0x20004c74 = 0; *(uint32_t*)0x20004c78 = -1; *(uint32_t*)0x20004c7c = 4; *(uint64_t*)0x20004c80 = 0x20012000; *(uint8_t*)0x20004c88 = 0; *(uint8_t*)0x20004c89 = 0; *(uint8_t*)0x20004c8a = 0; *(uint8_t*)0x20004c8b = 0; *(uint8_t*)0x20004c8c = 0; *(uint8_t*)0x20004c8d = 0; *(uint8_t*)0x20004c8e = 0; *(uint8_t*)0x20004c8f = 0; *(uint8_t*)0x20004c90 = 0; *(uint8_t*)0x20004c91 = 0; *(uint8_t*)0x20004c92 = 0; *(uint8_t*)0x20004c93 = 0; *(uint8_t*)0x20004c94 = 0; *(uint8_t*)0x20004c95 = 0; *(uint8_t*)0x20004c96 = 0; *(uint8_t*)0x20004c97 = 0; *(uint8_t*)0x20004c98 = 0; *(uint8_t*)0x20004c99 = 0; *(uint8_t*)0x20004c9a = 0; *(uint8_t*)0x20004c9b = 0; *(uint8_t*)0x20004c9c = 0; *(uint8_t*)0x20004c9d = 0; *(uint8_t*)0x20004c9e = 0; *(uint8_t*)0x20004c9f = 0; *(uint8_t*)0x20004ca0 = 0; *(uint8_t*)0x20004ca1 = 0; *(uint8_t*)0x20004ca2 = 0; *(uint8_t*)0x20004ca3 = 0; *(uint8_t*)0x20004ca4 = 0; *(uint8_t*)0x20004ca5 = 0; *(uint8_t*)0x20004ca6 = 0; *(uint8_t*)0x20004ca7 = 0; *(uint8_t*)0x20004ca8 = 0; *(uint8_t*)0x20004ca9 = 0; *(uint8_t*)0x20004caa = 0; *(uint8_t*)0x20004cab = 0; *(uint8_t*)0x20004cac = 0; *(uint8_t*)0x20004cad = 0; *(uint8_t*)0x20004cae = 0; *(uint8_t*)0x20004caf = 0; *(uint8_t*)0x20004cb0 = 0; *(uint8_t*)0x20004cb1 = 0; *(uint8_t*)0x20004cb2 = 0; *(uint8_t*)0x20004cb3 = 0; *(uint8_t*)0x20004cb4 = 0; *(uint8_t*)0x20004cb5 = 0; *(uint8_t*)0x20004cb6 = 0; *(uint8_t*)0x20004cb7 = 0; *(uint8_t*)0x20004cb8 = 0; *(uint8_t*)0x20004cb9 = 0; *(uint8_t*)0x20004cba = 0; *(uint8_t*)0x20004cbb = 0; *(uint8_t*)0x20004cbc = 0; *(uint8_t*)0x20004cbd = 0; *(uint8_t*)0x20004cbe = 0; *(uint8_t*)0x20004cbf = 0; *(uint8_t*)0x20004cc0 = 0; *(uint8_t*)0x20004cc1 = 0; *(uint8_t*)0x20004cc2 = 0; *(uint8_t*)0x20004cc3 = 0; *(uint8_t*)0x20004cc4 = 0; *(uint8_t*)0x20004cc5 = 0; *(uint8_t*)0x20004cc6 = 0; *(uint8_t*)0x20004cc7 = 0; *(uint8_t*)0x20004cc8 = 0; *(uint8_t*)0x20004cc9 = 0; *(uint8_t*)0x20004cca = 0; *(uint8_t*)0x20004ccb = 0; *(uint8_t*)0x20004ccc = 0; *(uint8_t*)0x20004ccd = 0; *(uint8_t*)0x20004cce = 0; *(uint8_t*)0x20004ccf = 0; *(uint8_t*)0x20004cd0 = 0; *(uint8_t*)0x20004cd1 = 0; *(uint8_t*)0x20004cd2 = 0; *(uint8_t*)0x20004cd3 = 0; *(uint8_t*)0x20004cd4 = 0; *(uint8_t*)0x20004cd5 = 0; *(uint8_t*)0x20004cd6 = 0; *(uint8_t*)0x20004cd7 = 0; *(uint8_t*)0x20004cd8 = 0; *(uint8_t*)0x20004cd9 = 0; *(uint8_t*)0x20004cda = 0; *(uint8_t*)0x20004cdb = 0; *(uint8_t*)0x20004cdc = 0; *(uint8_t*)0x20004cdd = 0; *(uint8_t*)0x20004cde = 0; *(uint8_t*)0x20004cdf = 0; *(uint8_t*)0x20004ce0 = 0; *(uint8_t*)0x20004ce1 = 0; *(uint8_t*)0x20004ce2 = 0; *(uint8_t*)0x20004ce3 = 0; *(uint8_t*)0x20004ce4 = 0; *(uint8_t*)0x20004ce5 = 0; *(uint8_t*)0x20004ce6 = 0; *(uint8_t*)0x20004ce7 = 0; *(uint8_t*)0x20004ce8 = 0; *(uint8_t*)0x20004ce9 = 0; *(uint8_t*)0x20004cea = 0; *(uint8_t*)0x20004ceb = 0; *(uint8_t*)0x20004cec = 0; *(uint8_t*)0x20004ced = 0; *(uint8_t*)0x20004cee = 0; *(uint8_t*)0x20004cef = 0; *(uint8_t*)0x20004cf0 = 0; *(uint8_t*)0x20004cf1 = 0; *(uint8_t*)0x20004cf2 = 0; *(uint8_t*)0x20004cf3 = 0; *(uint8_t*)0x20004cf4 = 0; *(uint8_t*)0x20004cf5 = 0; *(uint8_t*)0x20004cf6 = 0; *(uint8_t*)0x20004cf7 = 0; *(uint8_t*)0x20004cf8 = 0; *(uint8_t*)0x20004cf9 = 0; *(uint8_t*)0x20004cfa = 0; *(uint8_t*)0x20004cfb = 0; *(uint8_t*)0x20004cfc = 0; *(uint8_t*)0x20004cfd = 0; *(uint8_t*)0x20004cfe = 0; *(uint8_t*)0x20004cff = 0; *(uint8_t*)0x20004d00 = 0; *(uint8_t*)0x20004d01 = 0; *(uint8_t*)0x20004d02 = 0; *(uint8_t*)0x20004d03 = 0; *(uint8_t*)0x20004d04 = 0; *(uint8_t*)0x20004d05 = 0; *(uint8_t*)0x20004d06 = 0; *(uint8_t*)0x20004d07 = 0; *(uint8_t*)0x20004d08 = 0; *(uint8_t*)0x20004d09 = 0; *(uint8_t*)0x20004d0a = 0; *(uint8_t*)0x20004d0b = 0; *(uint8_t*)0x20004d0c = 0; *(uint8_t*)0x20004d0d = 0; *(uint8_t*)0x20004d0e = 0; *(uint8_t*)0x20004d0f = 0; *(uint32_t*)0x20004d10 = 0; *(uint16_t*)0x20004d14 = 0xa8; *(uint16_t*)0x20004d16 = 0xd0; *(uint32_t*)0x20004d18 = 0; *(uint64_t*)0x20004d20 = 0; *(uint64_t*)0x20004d28 = 0; *(uint16_t*)0x20004d30 = 0x28; memcpy((void*)0x20004d32, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20004d4f = 0; *(uint32_t*)0x20004d50 = 0xfffffffe; *(uint8_t*)0x20004d58 = 0; *(uint8_t*)0x20004d59 = 0; *(uint8_t*)0x20004d5a = 0; *(uint8_t*)0x20004d5b = 0; *(uint8_t*)0x20004d5c = 0; *(uint8_t*)0x20004d5d = 0; *(uint8_t*)0x20004d5e = 0; *(uint8_t*)0x20004d5f = 0; *(uint8_t*)0x20004d60 = 0; *(uint8_t*)0x20004d61 = 0; *(uint8_t*)0x20004d62 = 0; *(uint8_t*)0x20004d63 = 0; *(uint8_t*)0x20004d64 = 0; *(uint8_t*)0x20004d65 = 0; *(uint8_t*)0x20004d66 = 0; *(uint8_t*)0x20004d67 = 0; *(uint8_t*)0x20004d68 = 0; *(uint8_t*)0x20004d69 = 0; *(uint8_t*)0x20004d6a = 0; *(uint8_t*)0x20004d6b = 0; *(uint8_t*)0x20004d6c = 0; *(uint8_t*)0x20004d6d = 0; *(uint8_t*)0x20004d6e = 0; *(uint8_t*)0x20004d6f = 0; *(uint8_t*)0x20004d70 = 0; *(uint8_t*)0x20004d71 = 0; *(uint8_t*)0x20004d72 = 0; *(uint8_t*)0x20004d73 = 0; *(uint8_t*)0x20004d74 = 0; *(uint8_t*)0x20004d75 = 0; *(uint8_t*)0x20004d76 = 0; *(uint8_t*)0x20004d77 = 0; *(uint8_t*)0x20004d78 = 0; *(uint8_t*)0x20004d79 = 0; *(uint8_t*)0x20004d7a = 0; *(uint8_t*)0x20004d7b = 0; *(uint8_t*)0x20004d7c = 0; *(uint8_t*)0x20004d7d = 0; *(uint8_t*)0x20004d7e = 0; *(uint8_t*)0x20004d7f = 0; *(uint8_t*)0x20004d80 = 0; *(uint8_t*)0x20004d81 = 0; *(uint8_t*)0x20004d82 = 0; *(uint8_t*)0x20004d83 = 0; *(uint8_t*)0x20004d84 = 0; *(uint8_t*)0x20004d85 = 0; *(uint8_t*)0x20004d86 = 0; *(uint8_t*)0x20004d87 = 0; *(uint8_t*)0x20004d88 = 0; *(uint8_t*)0x20004d89 = 0; *(uint8_t*)0x20004d8a = 0; *(uint8_t*)0x20004d8b = 0; *(uint8_t*)0x20004d8c = 0; *(uint8_t*)0x20004d8d = 0; *(uint8_t*)0x20004d8e = 0; *(uint8_t*)0x20004d8f = 0; *(uint8_t*)0x20004d90 = 0; *(uint8_t*)0x20004d91 = 0; *(uint8_t*)0x20004d92 = 0; *(uint8_t*)0x20004d93 = 0; *(uint8_t*)0x20004d94 = 0; *(uint8_t*)0x20004d95 = 0; *(uint8_t*)0x20004d96 = 0; *(uint8_t*)0x20004d97 = 0; *(uint8_t*)0x20004d98 = 0; *(uint8_t*)0x20004d99 = 0; *(uint8_t*)0x20004d9a = 0; *(uint8_t*)0x20004d9b = 0; *(uint8_t*)0x20004d9c = 0; *(uint8_t*)0x20004d9d = 0; *(uint8_t*)0x20004d9e = 0; *(uint8_t*)0x20004d9f = 0; *(uint8_t*)0x20004da0 = 0; *(uint8_t*)0x20004da1 = 0; *(uint8_t*)0x20004da2 = 0; *(uint8_t*)0x20004da3 = 0; *(uint8_t*)0x20004da4 = 0xe4; *(uint8_t*)0x20004da5 = 0; *(uint8_t*)0x20004da6 = 0; *(uint8_t*)0x20004da7 = 0; *(uint8_t*)0x20004da8 = 0; *(uint8_t*)0x20004da9 = 0; *(uint8_t*)0x20004daa = 0; *(uint8_t*)0x20004dab = 0; *(uint8_t*)0x20004dac = 0; *(uint8_t*)0x20004dad = 0; *(uint8_t*)0x20004dae = 0; *(uint8_t*)0x20004daf = 0; *(uint8_t*)0x20004db0 = 0; *(uint8_t*)0x20004db1 = 0; *(uint8_t*)0x20004db2 = 0; *(uint8_t*)0x20004db3 = 0; *(uint8_t*)0x20004db4 = 0; *(uint8_t*)0x20004db5 = 0; *(uint8_t*)0x20004db6 = 0; *(uint8_t*)0x20004db7 = 0; *(uint8_t*)0x20004db8 = 0; *(uint8_t*)0x20004db9 = 0; *(uint8_t*)0x20004dba = 0; *(uint8_t*)0x20004dbb = 0; *(uint8_t*)0x20004dbc = 0; *(uint8_t*)0x20004dbd = 0; *(uint8_t*)0x20004dbe = 0; *(uint8_t*)0x20004dbf = 0; *(uint8_t*)0x20004dc0 = 0; *(uint8_t*)0x20004dc1 = 0; *(uint8_t*)0x20004dc2 = 0; *(uint8_t*)0x20004dc3 = 0; *(uint8_t*)0x20004dc4 = 0; *(uint8_t*)0x20004dc5 = 0; *(uint8_t*)0x20004dc6 = 0; *(uint8_t*)0x20004dc7 = 0; *(uint8_t*)0x20004dc8 = 0; *(uint8_t*)0x20004dc9 = 0; *(uint8_t*)0x20004dca = 0; *(uint8_t*)0x20004dcb = 0; *(uint8_t*)0x20004dcc = 0; *(uint8_t*)0x20004dcd = 0; *(uint8_t*)0x20004dce = 0; *(uint8_t*)0x20004dcf = 0; *(uint8_t*)0x20004dd0 = 0; *(uint8_t*)0x20004dd1 = 0; *(uint8_t*)0x20004dd2 = 0; *(uint8_t*)0x20004dd3 = 0; *(uint8_t*)0x20004dd4 = 0; *(uint8_t*)0x20004dd5 = 0; *(uint8_t*)0x20004dd6 = 0; *(uint8_t*)0x20004dd7 = 0; *(uint8_t*)0x20004dd8 = 0; *(uint8_t*)0x20004dd9 = 0; *(uint8_t*)0x20004dda = 0; *(uint8_t*)0x20004ddb = 0; *(uint8_t*)0x20004ddc = 0; *(uint8_t*)0x20004ddd = 0; *(uint8_t*)0x20004dde = 0; *(uint8_t*)0x20004ddf = 0; *(uint32_t*)0x20004de0 = 0; *(uint16_t*)0x20004de4 = 0xa8; *(uint16_t*)0x20004de6 = 0xf0; *(uint32_t*)0x20004de8 = 0; *(uint64_t*)0x20004dec = 0; *(uint64_t*)0x20004df4 = 0; *(uint16_t*)0x20004e00 = 0x48; memcpy((void*)0x20004e02, "\x54\x45\x45\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20004e1f = 1; *(uint8_t*)0x20004e20 = 0xfe; *(uint8_t*)0x20004e21 = 0x80; *(uint8_t*)0x20004e22 = 0; *(uint8_t*)0x20004e23 = 0; *(uint8_t*)0x20004e24 = 0; *(uint8_t*)0x20004e25 = 0; *(uint8_t*)0x20004e26 = 0; *(uint8_t*)0x20004e27 = 0; *(uint8_t*)0x20004e28 = 0; *(uint8_t*)0x20004e29 = 0; *(uint8_t*)0x20004e2a = 0; *(uint8_t*)0x20004e2b = 0; *(uint8_t*)0x20004e2c = 0; *(uint8_t*)0x20004e2d = 0; *(uint8_t*)0x20004e2e = 0; *(uint8_t*)0x20004e2f = 0xaa; *(uint8_t*)0x20004e30 = 0x73; *(uint8_t*)0x20004e31 = 0x79; *(uint8_t*)0x20004e32 = 0x7a; *(uint8_t*)0x20004e33 = 0; *(uint8_t*)0x20004e34 = 0; *(uint64_t*)0x20004e40 = 0; *(uint8_t*)0x20004e48 = 0xfe; *(uint8_t*)0x20004e49 = 0x80; *(uint8_t*)0x20004e4a = 0; *(uint8_t*)0x20004e4b = 0; *(uint8_t*)0x20004e4c = 0; *(uint8_t*)0x20004e4d = 0; *(uint8_t*)0x20004e4e = 0; *(uint8_t*)0x20004e4f = 0; *(uint8_t*)0x20004e50 = 0; *(uint8_t*)0x20004e51 = 0; *(uint8_t*)0x20004e52 = 0; *(uint8_t*)0x20004e53 = 0; *(uint8_t*)0x20004e54 = 0; *(uint8_t*)0x20004e55 = 0; *(uint8_t*)0x20004e56 = 0; *(uint8_t*)0x20004e57 = 0xbb; *(uint8_t*)0x20004e58 = 0; *(uint8_t*)0x20004e59 = 0; *(uint8_t*)0x20004e5a = 0; *(uint8_t*)0x20004e5b = 0; *(uint8_t*)0x20004e5c = 0; *(uint8_t*)0x20004e5d = 0; *(uint8_t*)0x20004e5e = 0; *(uint8_t*)0x20004e5f = 0; *(uint8_t*)0x20004e60 = 0; *(uint8_t*)0x20004e61 = 0; *(uint8_t*)0x20004e62 = 0; *(uint8_t*)0x20004e63 = 0; *(uint8_t*)0x20004e64 = 0; *(uint8_t*)0x20004e65 = 0; *(uint8_t*)0x20004e66 = 0; *(uint8_t*)0x20004e67 = 0; *(uint32_t*)0x20004e68 = htobe32(0); *(uint32_t*)0x20004e6c = htobe32(0); *(uint32_t*)0x20004e70 = htobe32(0); *(uint32_t*)0x20004e74 = htobe32(0); *(uint32_t*)0x20004e78 = htobe32(0); *(uint32_t*)0x20004e7c = htobe32(0xfffffffc); *(uint32_t*)0x20004e80 = htobe32(0); *(uint32_t*)0x20004e84 = htobe32(0); memcpy((void*)0x20004e88, "\x28\x44\x63\x31\x60\x5b\xfe\xfb\x40\xec\x55\xd8\x9c\xce\xfc\xf6", 16); memcpy((void*)0x20004e98, "\x21\xbc\xf3\x5d\x5f\x3f\x02\xf3\x97\xf4\x12\x52\x77\xfa\xaf\x31", 16); *(uint8_t*)0x20004ea8 = 0; *(uint8_t*)0x20004ea9 = 0; *(uint8_t*)0x20004eaa = 0; *(uint8_t*)0x20004eab = 0; *(uint8_t*)0x20004eac = 0; *(uint8_t*)0x20004ead = 0; *(uint8_t*)0x20004eae = 0; *(uint8_t*)0x20004eaf = 0; *(uint8_t*)0x20004eb0 = 0; *(uint8_t*)0x20004eb1 = 0; *(uint8_t*)0x20004eb2 = 0; *(uint8_t*)0x20004eb3 = 0; *(uint8_t*)0x20004eb4 = 0; *(uint8_t*)0x20004eb5 = 0; *(uint8_t*)0x20004eb6 = 0; *(uint8_t*)0x20004eb7 = 0; *(uint8_t*)0x20004eb8 = 0; *(uint8_t*)0x20004eb9 = 0; *(uint8_t*)0x20004eba = 0; *(uint8_t*)0x20004ebb = 0; *(uint8_t*)0x20004ebc = 0; *(uint8_t*)0x20004ebd = 0; *(uint8_t*)0x20004ebe = 0; *(uint8_t*)0x20004ebf = 0; *(uint8_t*)0x20004ec0 = 0; *(uint8_t*)0x20004ec1 = 0; *(uint8_t*)0x20004ec2 = 0; *(uint8_t*)0x20004ec3 = 0; *(uint8_t*)0x20004ec4 = 0; *(uint8_t*)0x20004ec5 = 0; *(uint8_t*)0x20004ec6 = 0; *(uint8_t*)0x20004ec7 = 0; *(uint16_t*)0x20004ec8 = 0; *(uint8_t*)0x20004eca = 0; *(uint8_t*)0x20004ecb = 0; *(uint8_t*)0x20004ecc = 0; *(uint32_t*)0x20004ed0 = 0; *(uint16_t*)0x20004ed4 = 0xa8; *(uint16_t*)0x20004ed6 = 0xd0; *(uint32_t*)0x20004ed8 = 0; *(uint64_t*)0x20004edc = 0; *(uint64_t*)0x20004ee4 = 0; *(uint16_t*)0x20004ef0 = 0x28; memcpy((void*)0x20004ef2, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20004f0f = 0; *(uint32_t*)0x20004f10 = 0; *(uint8_t*)0x20004f18 = 0; *(uint8_t*)0x20004f19 = 0; *(uint8_t*)0x20004f1a = 0; *(uint8_t*)0x20004f1b = 0; *(uint8_t*)0x20004f1c = 0; *(uint8_t*)0x20004f1d = 0; *(uint8_t*)0x20004f1e = 0; *(uint8_t*)0x20004f1f = 0; *(uint8_t*)0x20004f20 = 0; *(uint8_t*)0x20004f21 = 0; *(uint8_t*)0x20004f22 = 0; *(uint8_t*)0x20004f23 = 0; *(uint8_t*)0x20004f24 = 0; *(uint8_t*)0x20004f25 = 0; *(uint8_t*)0x20004f26 = 0; *(uint8_t*)0x20004f27 = 0; *(uint8_t*)0x20004f28 = 0; *(uint8_t*)0x20004f29 = 0; *(uint8_t*)0x20004f2a = 0; *(uint8_t*)0x20004f2b = 0; *(uint8_t*)0x20004f2c = 0; *(uint8_t*)0x20004f2d = 0; *(uint8_t*)0x20004f2e = 0; *(uint8_t*)0x20004f2f = 0; *(uint8_t*)0x20004f30 = 0; *(uint8_t*)0x20004f31 = 0; *(uint8_t*)0x20004f32 = 0; *(uint8_t*)0x20004f33 = 0; *(uint8_t*)0x20004f34 = 0; *(uint8_t*)0x20004f35 = 0; *(uint8_t*)0x20004f36 = 0; *(uint8_t*)0x20004f37 = 0; *(uint8_t*)0x20004f38 = 0; *(uint8_t*)0x20004f39 = 0; *(uint8_t*)0x20004f3a = 0; *(uint8_t*)0x20004f3b = 0; *(uint8_t*)0x20004f3c = 0; *(uint8_t*)0x20004f3d = 0; *(uint8_t*)0x20004f3e = 0; *(uint8_t*)0x20004f3f = 0; *(uint8_t*)0x20004f40 = 0; *(uint8_t*)0x20004f41 = 0; *(uint8_t*)0x20004f42 = 0; *(uint8_t*)0x20004f43 = 0; *(uint8_t*)0x20004f44 = 0; *(uint8_t*)0x20004f45 = 0; *(uint8_t*)0x20004f46 = 0; *(uint8_t*)0x20004f47 = 0; *(uint8_t*)0x20004f48 = 0; *(uint8_t*)0x20004f49 = 0; *(uint8_t*)0x20004f4a = 0; *(uint8_t*)0x20004f4b = 0; *(uint8_t*)0x20004f4c = 0; *(uint8_t*)0x20004f4d = 0; *(uint8_t*)0x20004f4e = 0; *(uint8_t*)0x20004f4f = 0; *(uint8_t*)0x20004f50 = 0; *(uint8_t*)0x20004f51 = 0; *(uint8_t*)0x20004f52 = 0; *(uint8_t*)0x20004f53 = 0; *(uint8_t*)0x20004f54 = 0; *(uint8_t*)0x20004f55 = 0; *(uint8_t*)0x20004f56 = 0; *(uint8_t*)0x20004f57 = 0; *(uint8_t*)0x20004f58 = 0; *(uint8_t*)0x20004f59 = 0; *(uint8_t*)0x20004f5a = 0; *(uint8_t*)0x20004f5b = 0; *(uint8_t*)0x20004f5c = 0; *(uint8_t*)0x20004f5d = 0; *(uint8_t*)0x20004f5e = 0; *(uint8_t*)0x20004f5f = 0; *(uint8_t*)0x20004f60 = 0; *(uint8_t*)0x20004f61 = 0; *(uint8_t*)0x20004f62 = 0; *(uint8_t*)0x20004f63 = 0; *(uint8_t*)0x20004f64 = 0; *(uint8_t*)0x20004f65 = 0; *(uint8_t*)0x20004f66 = 0; *(uint8_t*)0x20004f67 = 0; *(uint8_t*)0x20004f68 = 0; *(uint8_t*)0x20004f69 = 0; *(uint8_t*)0x20004f6a = 0; *(uint8_t*)0x20004f6b = 0; *(uint8_t*)0x20004f6c = 0; *(uint8_t*)0x20004f6d = 0; *(uint8_t*)0x20004f6e = 0; *(uint8_t*)0x20004f6f = 0; *(uint8_t*)0x20004f70 = 0; *(uint8_t*)0x20004f71 = 0; *(uint8_t*)0x20004f72 = 0; *(uint8_t*)0x20004f73 = 0; *(uint8_t*)0x20004f74 = 0; *(uint8_t*)0x20004f75 = 0; *(uint8_t*)0x20004f76 = 0; *(uint8_t*)0x20004f77 = 0; *(uint8_t*)0x20004f78 = 0; *(uint8_t*)0x20004f79 = 0; *(uint8_t*)0x20004f7a = 0; *(uint8_t*)0x20004f7b = 0; *(uint8_t*)0x20004f7c = 0; *(uint8_t*)0x20004f7d = 0; *(uint8_t*)0x20004f7e = 0; *(uint8_t*)0x20004f7f = 0; *(uint8_t*)0x20004f80 = 0; *(uint8_t*)0x20004f81 = 0; *(uint8_t*)0x20004f82 = 0; *(uint8_t*)0x20004f83 = 0; *(uint8_t*)0x20004f84 = 0; *(uint8_t*)0x20004f85 = 0; *(uint8_t*)0x20004f86 = 0; *(uint8_t*)0x20004f87 = 0; *(uint8_t*)0x20004f88 = 0; *(uint8_t*)0x20004f89 = 0; *(uint8_t*)0x20004f8a = 0; *(uint8_t*)0x20004f8b = 0; *(uint8_t*)0x20004f8c = 0; *(uint8_t*)0x20004f8d = 0; *(uint8_t*)0x20004f8e = 0; *(uint8_t*)0x20004f8f = 0; *(uint8_t*)0x20004f90 = 0; *(uint8_t*)0x20004f91 = 0; *(uint8_t*)0x20004f92 = 0; *(uint8_t*)0x20004f93 = 0; *(uint8_t*)0x20004f94 = 0; *(uint8_t*)0x20004f95 = 0; *(uint8_t*)0x20004f96 = 0; *(uint8_t*)0x20004f97 = 0; *(uint8_t*)0x20004f98 = 0; *(uint8_t*)0x20004f99 = 0; *(uint8_t*)0x20004f9a = 0; *(uint8_t*)0x20004f9b = 0; *(uint8_t*)0x20004f9c = 0; *(uint8_t*)0x20004f9d = 0; *(uint8_t*)0x20004f9e = 0; *(uint8_t*)0x20004f9f = 0; *(uint32_t*)0x20004fa0 = 0; *(uint16_t*)0x20004fa4 = 0xa8; *(uint16_t*)0x20004fa6 = 0xd0; *(uint32_t*)0x20004fa8 = 0; *(uint64_t*)0x20004fac = 0; *(uint64_t*)0x20004fb4 = 0; *(uint16_t*)0x20004fc0 = 0x28; memcpy((void*)0x20004fc2, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20004fdf = 0; *(uint32_t*)0x20004fe0 = 0; *(uint64_t*)0x20012000 = 0; *(uint64_t*)0x20012008 = 0; *(uint64_t*)0x20012010 = 0; *(uint64_t*)0x20012018 = 0; *(uint64_t*)0x20012020 = 0; *(uint64_t*)0x20012028 = 0; *(uint64_t*)0x20012030 = 0; *(uint64_t*)0x20012038 = 0; syscall(__NR_setsockopt, r[0], 0x29, 0x40, 0x20004c28, 0x3c0); r[1] = syscall(__NR_socket, 2, 3, 8); syscall(__NR_setsockopt, r[1], 0, 0x23, 0x20745fa8, 0); } int main() { for (;;) { loop(); } }