// https://syzkaller.appspot.com/bug?id=14177cd007e876c70445b10912cfab974e43657c // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include #include #include #include #include #include #include #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* uctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { _longjmp(segv_env, 1); } doexit(sig); } static void install_segv_handler() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ } static void use_temporary_dir() { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) fail("failed to mkdtemp"); if (chmod(tmpdir, 0777)) fail("failed to chmod"); if (chdir(tmpdir)) fail("failed to chdir"); } static void vsnprintf_check(char* str, size_t size, const char* format, va_list args) { int rv; rv = vsnprintf(str, size, format, args); if (rv < 0) fail("tun: snprintf failed"); if ((size_t)rv >= size) fail("tun: string '%s...' doesn't fit into buffer", str); } static void snprintf_check(char* str, size_t size, const char* format, ...) { va_list args; va_start(args, format); vsnprintf_check(str, size, format, args); va_end(args); } #define COMMAND_MAX_LEN 128 #define PATH_PREFIX \ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin " #define PATH_PREFIX_LEN (sizeof(PATH_PREFIX) - 1) static void execute_command(bool panic, const char* format, ...) { va_list args; char command[PATH_PREFIX_LEN + COMMAND_MAX_LEN]; int rv; va_start(args, format); memcpy(command, PATH_PREFIX, PATH_PREFIX_LEN); vsnprintf_check(command + PATH_PREFIX_LEN, COMMAND_MAX_LEN, format, args); rv = system(command); if (panic && rv != 0) fail("tun: command \"%s\" failed with code %d", &command[0], rv); va_end(args); } static int tunfd = -1; static int tun_frags_enabled; #define SYZ_TUN_MAX_PACKET_SIZE 1000 #define MAX_PIDS 32 #define ADDR_MAX_LEN 32 #define LOCAL_MAC "aa:aa:aa:aa:%02hx:aa" #define REMOTE_MAC "aa:aa:aa:aa:%02hx:bb" #define LOCAL_IPV4 "172.20.%d.170" #define REMOTE_IPV4 "172.20.%d.187" #define LOCAL_IPV6 "fe80::%02hx:aa" #define REMOTE_IPV6 "fe80::%02hx:bb" #define IFF_NAPI 0x0010 #define IFF_NAPI_FRAGS 0x0020 static void initialize_tun(int id) { if (id >= MAX_PIDS) fail("tun: no more than %d executors", MAX_PIDS); tunfd = open("/dev/net/tun", O_RDWR | O_NONBLOCK); if (tunfd == -1) { printf("tun: can't open /dev/net/tun: please enable CONFIG_TUN=y\n"); printf("otherwise fuzzing or reproducing might not work as intended\n"); return; } char iface[IFNAMSIZ]; snprintf_check(iface, sizeof(iface), "syz%d", id); struct ifreq ifr; memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, iface, IFNAMSIZ); ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_NAPI | IFF_NAPI_FRAGS; if (ioctl(tunfd, TUNSETIFF, (void*)&ifr) < 0) { ifr.ifr_flags = IFF_TAP | IFF_NO_PI; if (ioctl(tunfd, TUNSETIFF, (void*)&ifr) < 0) fail("tun: ioctl(TUNSETIFF) failed"); } if (ioctl(tunfd, TUNGETIFF, (void*)&ifr) < 0) fail("tun: ioctl(TUNGETIFF) failed"); tun_frags_enabled = (ifr.ifr_flags & IFF_NAPI_FRAGS) != 0; char local_mac[ADDR_MAX_LEN]; snprintf_check(local_mac, sizeof(local_mac), LOCAL_MAC, id); char remote_mac[ADDR_MAX_LEN]; snprintf_check(remote_mac, sizeof(remote_mac), REMOTE_MAC, id); char local_ipv4[ADDR_MAX_LEN]; snprintf_check(local_ipv4, sizeof(local_ipv4), LOCAL_IPV4, id); char remote_ipv4[ADDR_MAX_LEN]; snprintf_check(remote_ipv4, sizeof(remote_ipv4), REMOTE_IPV4, id); char local_ipv6[ADDR_MAX_LEN]; snprintf_check(local_ipv6, sizeof(local_ipv6), LOCAL_IPV6, id); char remote_ipv6[ADDR_MAX_LEN]; snprintf_check(remote_ipv6, sizeof(remote_ipv6), REMOTE_IPV6, id); execute_command(1, "sysctl -w net.ipv6.conf.%s.accept_dad=0", iface); execute_command(1, "sysctl -w net.ipv6.conf.%s.router_solicitations=0", iface); execute_command(1, "ip link set dev %s address %s", iface, local_mac); execute_command(1, "ip addr add %s/24 dev %s", local_ipv4, iface); execute_command(1, "ip -6 addr add %s/120 dev %s", local_ipv6, iface); execute_command(1, "ip neigh add %s lladdr %s dev %s nud permanent", remote_ipv4, remote_mac, iface); execute_command(1, "ip -6 neigh add %s lladdr %s dev %s nud permanent", remote_ipv6, remote_mac, iface); execute_command(1, "ip link set dev %s up", iface); } #define DEV_IPV4 "172.20.%d.%d" #define DEV_IPV6 "fe80::%02hx:%02hx" #define DEV_MAC "aa:aa:aa:aa:%02hx:%02hx" static void initialize_netdevices(int id) { unsigned i; const char* devtypes[] = {"ip6gretap", "bridge", "vcan"}; const char* devnames[] = {"lo", "sit0", "bridge0", "vcan0", "tunl0", "gre0", "gretap0", "ip_vti0", "ip6_vti0", "ip6tnl0", "ip6gre0", "ip6gretap0", "erspan0"}; for (i = 0; i < sizeof(devtypes) / (sizeof(devtypes[0])); i++) execute_command(0, "ip link add dev %s0 type %s", devtypes[i], devtypes[i]); for (i = 0; i < sizeof(devnames) / (sizeof(devnames[0])); i++) { char addr[ADDR_MAX_LEN]; snprintf_check(addr, sizeof(addr), DEV_IPV4, id, id + 10); execute_command(0, "ip -4 addr add %s/24 dev %s", addr, devnames[i]); snprintf_check(addr, sizeof(addr), DEV_IPV6, id, id + 10); execute_command(0, "ip -6 addr add %s/120 dev %s", addr, devnames[i]); snprintf_check(addr, sizeof(addr), DEV_MAC, id, id + 10); execute_command(0, "ip link set dev %s address %s", devnames[i], addr); execute_command(0, "ip link set dev %s up", devnames[i]); } } static void setup_tun(uint64_t pid, bool enable_tun) { if (enable_tun) { initialize_tun(pid); initialize_netdevices(pid); } } static int read_tun(char* data, int size) { if (tunfd < 0) return -1; int rv = read(tunfd, data, size); if (rv < 0) { if (errno == EAGAIN) return -1; if (errno == EBADFD) return -1; fail("tun: read failed with %d", rv); } return rv; } struct ipv6hdr { __u8 priority : 4, version : 4; __u8 flow_lbl[3]; __be16 payload_len; __u8 nexthdr; __u8 hop_limit; struct in6_addr saddr; struct in6_addr daddr; }; struct tcp_resources { uint32_t seq; uint32_t ack; }; static uintptr_t syz_extract_tcp_res(uintptr_t a0, uintptr_t a1, uintptr_t a2) { if (tunfd < 0) return (uintptr_t)-1; char data[SYZ_TUN_MAX_PACKET_SIZE]; int rv = read_tun(&data[0], sizeof(data)); if (rv == -1) return (uintptr_t)-1; size_t length = rv; struct tcphdr* tcphdr; if (length < sizeof(struct ethhdr)) return (uintptr_t)-1; struct ethhdr* ethhdr = (struct ethhdr*)&data[0]; if (ethhdr->h_proto == htons(ETH_P_IP)) { if (length < sizeof(struct ethhdr) + sizeof(struct iphdr)) return (uintptr_t)-1; struct iphdr* iphdr = (struct iphdr*)&data[sizeof(struct ethhdr)]; if (iphdr->protocol != IPPROTO_TCP) return (uintptr_t)-1; if (length < sizeof(struct ethhdr) + iphdr->ihl * 4 + sizeof(struct tcphdr)) return (uintptr_t)-1; tcphdr = (struct tcphdr*)&data[sizeof(struct ethhdr) + iphdr->ihl * 4]; } else { if (length < sizeof(struct ethhdr) + sizeof(struct ipv6hdr)) return (uintptr_t)-1; struct ipv6hdr* ipv6hdr = (struct ipv6hdr*)&data[sizeof(struct ethhdr)]; if (ipv6hdr->nexthdr != IPPROTO_TCP) return (uintptr_t)-1; if (length < sizeof(struct ethhdr) + sizeof(struct ipv6hdr) + sizeof(struct tcphdr)) return (uintptr_t)-1; tcphdr = (struct tcphdr*)&data[sizeof(struct ethhdr) + sizeof(struct ipv6hdr)]; } struct tcp_resources* res = (struct tcp_resources*)a0; NONFAILING(res->seq = htonl((ntohl(tcphdr->seq) + (uint32_t)a1))); NONFAILING(res->ack = htonl((ntohl(tcphdr->ack_seq) + (uint32_t)a2))); return 0; } long r[1]; void loop() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 0xa, 3, 4); NONFAILING(memcpy((void*)0x2015ac60, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x2015ac80 = 0xe); NONFAILING(*(uint32_t*)0x2015ac84 = 4); NONFAILING(*(uint32_t*)0x2015ac88 = 0x340); NONFAILING(*(uint32_t*)0x2015ac8c = -1); NONFAILING(*(uint32_t*)0x2015ac90 = 0); NONFAILING(*(uint32_t*)0x2015ac94 = 0); NONFAILING(*(uint32_t*)0x2015ac98 = 0xd0); NONFAILING(*(uint32_t*)0x2015ac9c = -1); NONFAILING(*(uint32_t*)0x2015aca0 = -1); NONFAILING(*(uint32_t*)0x2015aca4 = 0x270); NONFAILING(*(uint32_t*)0x2015aca8 = 0x270); NONFAILING(*(uint32_t*)0x2015acac = 0x270); NONFAILING(*(uint32_t*)0x2015acb0 = -1); NONFAILING(*(uint32_t*)0x2015acb4 = 4); NONFAILING(*(uint64_t*)0x2015acb8 = 0x20f92000); NONFAILING(*(uint8_t*)0x2015acc0 = 0); NONFAILING(*(uint8_t*)0x2015acc1 = 0); NONFAILING(*(uint8_t*)0x2015acc2 = 0); NONFAILING(*(uint8_t*)0x2015acc3 = 0); NONFAILING(*(uint8_t*)0x2015acc4 = 0); NONFAILING(*(uint8_t*)0x2015acc5 = 0); NONFAILING(*(uint8_t*)0x2015acc6 = 0); NONFAILING(*(uint8_t*)0x2015acc7 = 0); NONFAILING(*(uint8_t*)0x2015acc8 = 0); NONFAILING(*(uint8_t*)0x2015acc9 = 0); NONFAILING(*(uint8_t*)0x2015acca = 0); NONFAILING(*(uint8_t*)0x2015accb = 0); NONFAILING(*(uint8_t*)0x2015accc = 0); NONFAILING(*(uint8_t*)0x2015accd = 0); NONFAILING(*(uint8_t*)0x2015acce = 0); NONFAILING(*(uint8_t*)0x2015accf = 0); NONFAILING(*(uint8_t*)0x2015acd0 = 0); NONFAILING(*(uint8_t*)0x2015acd1 = 0); NONFAILING(*(uint8_t*)0x2015acd2 = 0); NONFAILING(*(uint8_t*)0x2015acd3 = 0); NONFAILING(*(uint8_t*)0x2015acd4 = 0); NONFAILING(*(uint8_t*)0x2015acd5 = 0); NONFAILING(*(uint8_t*)0x2015acd6 = 0); NONFAILING(*(uint8_t*)0x2015acd7 = 0); NONFAILING(*(uint8_t*)0x2015acd8 = 0); NONFAILING(*(uint8_t*)0x2015acd9 = 0); NONFAILING(*(uint8_t*)0x2015acda = 0); NONFAILING(*(uint8_t*)0x2015acdb = 0); NONFAILING(*(uint8_t*)0x2015acdc = 0); NONFAILING(*(uint8_t*)0x2015acdd = 0); NONFAILING(*(uint8_t*)0x2015acde = 0); NONFAILING(*(uint8_t*)0x2015acdf = 0); NONFAILING(*(uint8_t*)0x2015ace0 = 0); NONFAILING(*(uint8_t*)0x2015ace1 = 0); NONFAILING(*(uint8_t*)0x2015ace2 = 0); NONFAILING(*(uint8_t*)0x2015ace3 = 0); NONFAILING(*(uint8_t*)0x2015ace4 = 0); NONFAILING(*(uint8_t*)0x2015ace5 = 0); NONFAILING(*(uint8_t*)0x2015ace6 = 0); NONFAILING(*(uint8_t*)0x2015ace7 = 0); NONFAILING(*(uint8_t*)0x2015ace8 = 0); NONFAILING(*(uint8_t*)0x2015ace9 = 0); NONFAILING(*(uint8_t*)0x2015acea = 0); NONFAILING(*(uint8_t*)0x2015aceb = 0); NONFAILING(*(uint8_t*)0x2015acec = 0); NONFAILING(*(uint8_t*)0x2015aced = 0); NONFAILING(*(uint8_t*)0x2015acee = 0); NONFAILING(*(uint8_t*)0x2015acef = 0); NONFAILING(*(uint8_t*)0x2015acf0 = 0); NONFAILING(*(uint8_t*)0x2015acf1 = 0); NONFAILING(*(uint8_t*)0x2015acf2 = 0); NONFAILING(*(uint8_t*)0x2015acf3 = 0); NONFAILING(*(uint8_t*)0x2015acf4 = 0); NONFAILING(*(uint8_t*)0x2015acf5 = 0); NONFAILING(*(uint8_t*)0x2015acf6 = 0); NONFAILING(*(uint8_t*)0x2015acf7 = 0); NONFAILING(*(uint8_t*)0x2015acf8 = 0); NONFAILING(*(uint8_t*)0x2015acf9 = 0); NONFAILING(*(uint8_t*)0x2015acfa = 0); NONFAILING(*(uint8_t*)0x2015acfb = 0); NONFAILING(*(uint8_t*)0x2015acfc = 0); NONFAILING(*(uint8_t*)0x2015acfd = 0); NONFAILING(*(uint8_t*)0x2015acfe = 0); NONFAILING(*(uint8_t*)0x2015acff = 0); NONFAILING(*(uint8_t*)0x2015ad00 = 0); NONFAILING(*(uint8_t*)0x2015ad01 = 0); NONFAILING(*(uint8_t*)0x2015ad02 = 0); NONFAILING(*(uint8_t*)0x2015ad03 = 0); NONFAILING(*(uint8_t*)0x2015ad04 = 0); NONFAILING(*(uint8_t*)0x2015ad05 = 0); NONFAILING(*(uint8_t*)0x2015ad06 = 0); NONFAILING(*(uint8_t*)0x2015ad07 = 0); NONFAILING(*(uint8_t*)0x2015ad08 = 0); NONFAILING(*(uint8_t*)0x2015ad09 = 0); NONFAILING(*(uint8_t*)0x2015ad0a = 0); NONFAILING(*(uint8_t*)0x2015ad0b = 0); NONFAILING(*(uint8_t*)0x2015ad0c = 0); NONFAILING(*(uint8_t*)0x2015ad0d = 0); NONFAILING(*(uint8_t*)0x2015ad0e = 0); NONFAILING(*(uint8_t*)0x2015ad0f = 0); NONFAILING(*(uint8_t*)0x2015ad10 = 0); NONFAILING(*(uint8_t*)0x2015ad11 = 0); NONFAILING(*(uint8_t*)0x2015ad12 = 0); NONFAILING(*(uint8_t*)0x2015ad13 = 0); NONFAILING(*(uint8_t*)0x2015ad14 = 0); NONFAILING(*(uint8_t*)0x2015ad15 = 0); NONFAILING(*(uint8_t*)0x2015ad16 = 0); NONFAILING(*(uint8_t*)0x2015ad17 = 0); NONFAILING(*(uint8_t*)0x2015ad18 = 0); NONFAILING(*(uint8_t*)0x2015ad19 = 0); NONFAILING(*(uint8_t*)0x2015ad1a = 0); NONFAILING(*(uint8_t*)0x2015ad1b = 0); NONFAILING(*(uint8_t*)0x2015ad1c = 0); NONFAILING(*(uint8_t*)0x2015ad1d = 0); NONFAILING(*(uint8_t*)0x2015ad1e = 0); NONFAILING(*(uint8_t*)0x2015ad1f = 0); NONFAILING(*(uint8_t*)0x2015ad20 = 0); NONFAILING(*(uint8_t*)0x2015ad21 = 0); NONFAILING(*(uint8_t*)0x2015ad22 = 0); NONFAILING(*(uint8_t*)0x2015ad23 = 0); NONFAILING(*(uint8_t*)0x2015ad24 = 0); NONFAILING(*(uint8_t*)0x2015ad25 = 0); NONFAILING(*(uint8_t*)0x2015ad26 = 0); NONFAILING(*(uint8_t*)0x2015ad27 = 0); NONFAILING(*(uint8_t*)0x2015ad28 = 0); NONFAILING(*(uint8_t*)0x2015ad29 = 0); NONFAILING(*(uint8_t*)0x2015ad2a = 0); NONFAILING(*(uint8_t*)0x2015ad2b = 0); NONFAILING(*(uint8_t*)0x2015ad2c = 0); NONFAILING(*(uint8_t*)0x2015ad2d = 0); NONFAILING(*(uint8_t*)0x2015ad2e = 0); NONFAILING(*(uint8_t*)0x2015ad2f = 0); NONFAILING(*(uint8_t*)0x2015ad30 = 0); NONFAILING(*(uint8_t*)0x2015ad31 = 0); NONFAILING(*(uint8_t*)0x2015ad32 = 0); NONFAILING(*(uint8_t*)0x2015ad33 = 0); NONFAILING(*(uint8_t*)0x2015ad34 = 0); NONFAILING(*(uint8_t*)0x2015ad35 = 0); NONFAILING(*(uint8_t*)0x2015ad36 = 0); NONFAILING(*(uint8_t*)0x2015ad37 = 0); NONFAILING(*(uint8_t*)0x2015ad38 = 0); NONFAILING(*(uint8_t*)0x2015ad39 = 0); NONFAILING(*(uint8_t*)0x2015ad3a = 0); NONFAILING(*(uint8_t*)0x2015ad3b = 0); NONFAILING(*(uint8_t*)0x2015ad3c = 0); NONFAILING(*(uint8_t*)0x2015ad3d = 0); NONFAILING(*(uint8_t*)0x2015ad3e = 0); NONFAILING(*(uint8_t*)0x2015ad3f = 0); NONFAILING(*(uint8_t*)0x2015ad40 = 0); NONFAILING(*(uint8_t*)0x2015ad41 = 0); NONFAILING(*(uint8_t*)0x2015ad42 = 0); NONFAILING(*(uint8_t*)0x2015ad43 = 0); NONFAILING(*(uint8_t*)0x2015ad44 = 0); NONFAILING(*(uint8_t*)0x2015ad45 = 0); NONFAILING(*(uint8_t*)0x2015ad46 = 0); NONFAILING(*(uint8_t*)0x2015ad47 = 0); NONFAILING(*(uint32_t*)0x2015ad48 = 0); NONFAILING(*(uint16_t*)0x2015ad4c = 0xa8); NONFAILING(*(uint16_t*)0x2015ad4e = 0xd0); NONFAILING(*(uint32_t*)0x2015ad50 = 0); NONFAILING(*(uint64_t*)0x2015ad58 = 0); NONFAILING(*(uint64_t*)0x2015ad60 = 0); NONFAILING(*(uint16_t*)0x2015ad68 = 0x28); NONFAILING(memcpy((void*)0x2015ad6a, "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00", 29)); NONFAILING(*(uint8_t*)0x2015ad87 = 0); NONFAILING(*(uint32_t*)0x2015ad88 = 0xfffffffc); NONFAILING(*(uint8_t*)0x2015ad90 = 0); NONFAILING(*(uint8_t*)0x2015ad91 = 0); NONFAILING(*(uint8_t*)0x2015ad92 = 0); NONFAILING(*(uint8_t*)0x2015ad93 = 0); NONFAILING(*(uint8_t*)0x2015ad94 = 0); NONFAILING(*(uint8_t*)0x2015ad95 = 0); NONFAILING(*(uint8_t*)0x2015ad96 = 0); NONFAILING(*(uint8_t*)0x2015ad97 = 0); NONFAILING(*(uint8_t*)0x2015ad98 = 0); NONFAILING(*(uint8_t*)0x2015ad99 = 0); NONFAILING(*(uint8_t*)0x2015ad9a = 0); NONFAILING(*(uint8_t*)0x2015ad9b = 0); NONFAILING(*(uint8_t*)0x2015ad9c = 0); NONFAILING(*(uint8_t*)0x2015ad9d = 0); NONFAILING(*(uint8_t*)0x2015ad9e = 0); NONFAILING(*(uint8_t*)0x2015ad9f = 0); NONFAILING(*(uint8_t*)0x2015ada0 = 0); NONFAILING(*(uint8_t*)0x2015ada1 = 0); NONFAILING(*(uint8_t*)0x2015ada2 = 0); NONFAILING(*(uint8_t*)0x2015ada3 = 0); NONFAILING(*(uint8_t*)0x2015ada4 = 0); NONFAILING(*(uint8_t*)0x2015ada5 = 0); NONFAILING(*(uint8_t*)0x2015ada6 = 0); NONFAILING(*(uint8_t*)0x2015ada7 = 0); NONFAILING(*(uint8_t*)0x2015ada8 = 0); NONFAILING(*(uint8_t*)0x2015ada9 = 0); NONFAILING(*(uint8_t*)0x2015adaa = 0); NONFAILING(*(uint8_t*)0x2015adab = 0); NONFAILING(*(uint8_t*)0x2015adac = 0); NONFAILING(*(uint8_t*)0x2015adad = 0); NONFAILING(*(uint8_t*)0x2015adae = 0); NONFAILING(*(uint8_t*)0x2015adaf = 0); NONFAILING(*(uint8_t*)0x2015adb0 = 0); NONFAILING(*(uint8_t*)0x2015adb1 = 0); NONFAILING(*(uint8_t*)0x2015adb2 = 0); NONFAILING(*(uint8_t*)0x2015adb3 = 0); NONFAILING(*(uint8_t*)0x2015adb4 = 0); NONFAILING(*(uint8_t*)0x2015adb5 = 0); NONFAILING(*(uint8_t*)0x2015adb6 = 0); NONFAILING(*(uint8_t*)0x2015adb7 = 0); NONFAILING(*(uint8_t*)0x2015adb8 = 0); NONFAILING(*(uint8_t*)0x2015adb9 = 0); NONFAILING(*(uint8_t*)0x2015adba = 0); NONFAILING(*(uint8_t*)0x2015adbb = 0); NONFAILING(*(uint8_t*)0x2015adbc = 0); NONFAILING(*(uint8_t*)0x2015adbd = 0); NONFAILING(*(uint8_t*)0x2015adbe = 0); NONFAILING(*(uint8_t*)0x2015adbf = 0); NONFAILING(*(uint8_t*)0x2015adc0 = 0); NONFAILING(*(uint8_t*)0x2015adc1 = 0); NONFAILING(*(uint8_t*)0x2015adc2 = 0); NONFAILING(*(uint8_t*)0x2015adc3 = 0); NONFAILING(*(uint8_t*)0x2015adc4 = 0); NONFAILING(*(uint8_t*)0x2015adc5 = 0); NONFAILING(*(uint8_t*)0x2015adc6 = 0); NONFAILING(*(uint8_t*)0x2015adc7 = 0); NONFAILING(*(uint8_t*)0x2015adc8 = 0); NONFAILING(*(uint8_t*)0x2015adc9 = 0); NONFAILING(*(uint8_t*)0x2015adca = 0); NONFAILING(*(uint8_t*)0x2015adcb = 0); NONFAILING(*(uint8_t*)0x2015adcc = 0); NONFAILING(*(uint8_t*)0x2015adcd = 0); NONFAILING(*(uint8_t*)0x2015adce = 0); NONFAILING(*(uint8_t*)0x2015adcf = 0); NONFAILING(*(uint8_t*)0x2015add0 = 0); NONFAILING(*(uint8_t*)0x2015add1 = 0); NONFAILING(*(uint8_t*)0x2015add2 = 0); NONFAILING(*(uint8_t*)0x2015add3 = 0); NONFAILING(*(uint8_t*)0x2015add4 = 0); NONFAILING(*(uint8_t*)0x2015add5 = 0); NONFAILING(*(uint8_t*)0x2015add6 = 0); NONFAILING(*(uint8_t*)0x2015add7 = 0); NONFAILING(*(uint8_t*)0x2015add8 = 0); NONFAILING(*(uint8_t*)0x2015add9 = 0); NONFAILING(*(uint8_t*)0x2015adda = 0); NONFAILING(*(uint8_t*)0x2015addb = 0); NONFAILING(*(uint8_t*)0x2015addc = 0); NONFAILING(*(uint8_t*)0x2015addd = 0); NONFAILING(*(uint8_t*)0x2015adde = 0); NONFAILING(*(uint8_t*)0x2015addf = 0); NONFAILING(*(uint8_t*)0x2015ade0 = 0); NONFAILING(*(uint8_t*)0x2015ade1 = 0); NONFAILING(*(uint8_t*)0x2015ade2 = 0); NONFAILING(*(uint8_t*)0x2015ade3 = 0); NONFAILING(*(uint8_t*)0x2015ade4 = 0); NONFAILING(*(uint8_t*)0x2015ade5 = 0); NONFAILING(*(uint8_t*)0x2015ade6 = 0); NONFAILING(*(uint8_t*)0x2015ade7 = 0); NONFAILING(*(uint8_t*)0x2015ade8 = 0); NONFAILING(*(uint8_t*)0x2015ade9 = 0); NONFAILING(*(uint8_t*)0x2015adea = 0); NONFAILING(*(uint8_t*)0x2015adeb = 0); NONFAILING(*(uint8_t*)0x2015adec = 0); NONFAILING(*(uint8_t*)0x2015aded = 0); NONFAILING(*(uint8_t*)0x2015adee = 0); NONFAILING(*(uint8_t*)0x2015adef = 0); NONFAILING(*(uint8_t*)0x2015adf0 = 0); NONFAILING(*(uint8_t*)0x2015adf1 = 0); NONFAILING(*(uint8_t*)0x2015adf2 = 0); NONFAILING(*(uint8_t*)0x2015adf3 = 0); NONFAILING(*(uint8_t*)0x2015adf4 = 0); NONFAILING(*(uint8_t*)0x2015adf5 = 0); NONFAILING(*(uint8_t*)0x2015adf6 = 0); NONFAILING(*(uint8_t*)0x2015adf7 = 0); NONFAILING(*(uint8_t*)0x2015adf8 = 0); NONFAILING(*(uint8_t*)0x2015adf9 = 0); NONFAILING(*(uint8_t*)0x2015adfa = 0); NONFAILING(*(uint8_t*)0x2015adfb = 0); NONFAILING(*(uint8_t*)0x2015adfc = 0); NONFAILING(*(uint8_t*)0x2015adfd = 0); NONFAILING(*(uint8_t*)0x2015adfe = 0); NONFAILING(*(uint8_t*)0x2015adff = 0); NONFAILING(*(uint8_t*)0x2015ae00 = 0); NONFAILING(*(uint8_t*)0x2015ae01 = 0); NONFAILING(*(uint8_t*)0x2015ae02 = 0); NONFAILING(*(uint8_t*)0x2015ae03 = 0); NONFAILING(*(uint8_t*)0x2015ae04 = 0); NONFAILING(*(uint8_t*)0x2015ae05 = 0); NONFAILING(*(uint8_t*)0x2015ae06 = 0); NONFAILING(*(uint8_t*)0x2015ae07 = 0); NONFAILING(*(uint8_t*)0x2015ae08 = 0); NONFAILING(*(uint8_t*)0x2015ae09 = 0); NONFAILING(*(uint8_t*)0x2015ae0a = 0); NONFAILING(*(uint8_t*)0x2015ae0b = 0); NONFAILING(*(uint8_t*)0x2015ae0c = 0); NONFAILING(*(uint8_t*)0x2015ae0d = 0); NONFAILING(*(uint8_t*)0x2015ae0e = 0); NONFAILING(*(uint8_t*)0x2015ae0f = 0); NONFAILING(*(uint8_t*)0x2015ae10 = 0); NONFAILING(*(uint8_t*)0x2015ae11 = 0); NONFAILING(*(uint8_t*)0x2015ae12 = 0); NONFAILING(*(uint8_t*)0x2015ae13 = 0); NONFAILING(*(uint8_t*)0x2015ae14 = 0); NONFAILING(*(uint8_t*)0x2015ae15 = 0); NONFAILING(*(uint8_t*)0x2015ae16 = 0); NONFAILING(*(uint8_t*)0x2015ae17 = 0); NONFAILING(*(uint32_t*)0x2015ae18 = 0); NONFAILING(*(uint16_t*)0x2015ae1c = 0xa8); NONFAILING(*(uint16_t*)0x2015ae1e = 0xd0); NONFAILING(*(uint32_t*)0x2015ae20 = 0); NONFAILING(*(uint64_t*)0x2015ae28 = 0); NONFAILING(*(uint64_t*)0x2015ae30 = 0); NONFAILING(*(uint16_t*)0x2015ae38 = 0x28); NONFAILING(memcpy((void*)0x2015ae3a, "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00", 29)); NONFAILING(*(uint8_t*)0x2015ae57 = 0); NONFAILING(*(uint32_t*)0x2015ae58 = 0); NONFAILING(*(uint8_t*)0x2015ae60 = 0); NONFAILING(*(uint8_t*)0x2015ae61 = 0); NONFAILING(*(uint8_t*)0x2015ae62 = 0); NONFAILING(*(uint8_t*)0x2015ae63 = 0); NONFAILING(*(uint8_t*)0x2015ae64 = 0); NONFAILING(*(uint8_t*)0x2015ae65 = 0); NONFAILING(*(uint8_t*)0x2015ae66 = 0); NONFAILING(*(uint8_t*)0x2015ae67 = 0); NONFAILING(*(uint8_t*)0x2015ae68 = 0); NONFAILING(*(uint8_t*)0x2015ae69 = 0); NONFAILING(*(uint8_t*)0x2015ae6a = 0); NONFAILING(*(uint8_t*)0x2015ae6b = 0); NONFAILING(*(uint8_t*)0x2015ae6c = 0); NONFAILING(*(uint8_t*)0x2015ae6d = 0); NONFAILING(*(uint8_t*)0x2015ae6e = 0); NONFAILING(*(uint8_t*)0x2015ae6f = 0); NONFAILING(*(uint8_t*)0x2015ae70 = 0); NONFAILING(*(uint8_t*)0x2015ae71 = 0); NONFAILING(*(uint8_t*)0x2015ae72 = 0); NONFAILING(*(uint8_t*)0x2015ae73 = 0); NONFAILING(*(uint8_t*)0x2015ae74 = 0); NONFAILING(*(uint8_t*)0x2015ae75 = 0); NONFAILING(*(uint8_t*)0x2015ae76 = 0); NONFAILING(*(uint8_t*)0x2015ae77 = 0); NONFAILING(*(uint8_t*)0x2015ae78 = 0); NONFAILING(*(uint8_t*)0x2015ae79 = 0); NONFAILING(*(uint8_t*)0x2015ae7a = 0); NONFAILING(*(uint8_t*)0x2015ae7b = 0); NONFAILING(*(uint8_t*)0x2015ae7c = 0); NONFAILING(*(uint8_t*)0x2015ae7d = 0); NONFAILING(*(uint8_t*)0x2015ae7e = 0); NONFAILING(*(uint8_t*)0x2015ae7f = 0); NONFAILING(*(uint8_t*)0x2015ae80 = 0); NONFAILING(*(uint8_t*)0x2015ae81 = 0); NONFAILING(*(uint8_t*)0x2015ae82 = 0); NONFAILING(*(uint8_t*)0x2015ae83 = 0); NONFAILING(*(uint8_t*)0x2015ae84 = 0); NONFAILING(*(uint8_t*)0x2015ae85 = 0); NONFAILING(*(uint8_t*)0x2015ae86 = 0); NONFAILING(*(uint8_t*)0x2015ae87 = 0); NONFAILING(*(uint8_t*)0x2015ae88 = 0); NONFAILING(*(uint8_t*)0x2015ae89 = 0); NONFAILING(*(uint8_t*)0x2015ae8a = 0); NONFAILING(*(uint8_t*)0x2015ae8b = 0); NONFAILING(*(uint8_t*)0x2015ae8c = 0); NONFAILING(*(uint8_t*)0x2015ae8d = 0); NONFAILING(*(uint8_t*)0x2015ae8e = 0); NONFAILING(*(uint8_t*)0x2015ae8f = 0); NONFAILING(*(uint8_t*)0x2015ae90 = 0); NONFAILING(*(uint8_t*)0x2015ae91 = 0); NONFAILING(*(uint8_t*)0x2015ae92 = 0); NONFAILING(*(uint8_t*)0x2015ae93 = 0); NONFAILING(*(uint8_t*)0x2015ae94 = 0); NONFAILING(*(uint8_t*)0x2015ae95 = 0); NONFAILING(*(uint8_t*)0x2015ae96 = 0); NONFAILING(*(uint8_t*)0x2015ae97 = 0); NONFAILING(*(uint8_t*)0x2015ae98 = 0); NONFAILING(*(uint8_t*)0x2015ae99 = 0); NONFAILING(*(uint8_t*)0x2015ae9a = 0); NONFAILING(*(uint8_t*)0x2015ae9b = 0); NONFAILING(*(uint8_t*)0x2015ae9c = 0); NONFAILING(*(uint8_t*)0x2015ae9d = 0); NONFAILING(*(uint8_t*)0x2015ae9e = 0); NONFAILING(*(uint8_t*)0x2015ae9f = 0); NONFAILING(*(uint8_t*)0x2015aea0 = 0); NONFAILING(*(uint8_t*)0x2015aea1 = 0); NONFAILING(*(uint8_t*)0x2015aea2 = 0); NONFAILING(*(uint8_t*)0x2015aea3 = 0); NONFAILING(*(uint8_t*)0x2015aea4 = 0); NONFAILING(*(uint8_t*)0x2015aea5 = 0); NONFAILING(*(uint8_t*)0x2015aea6 = 0); NONFAILING(*(uint8_t*)0x2015aea7 = 0); NONFAILING(*(uint8_t*)0x2015aea8 = 0); NONFAILING(*(uint8_t*)0x2015aea9 = 0); NONFAILING(*(uint8_t*)0x2015aeaa = 0); NONFAILING(*(uint8_t*)0x2015aeab = 0); NONFAILING(*(uint8_t*)0x2015aeac = 0); NONFAILING(*(uint8_t*)0x2015aead = 0); NONFAILING(*(uint8_t*)0x2015aeae = 0); NONFAILING(*(uint8_t*)0x2015aeaf = 0); NONFAILING(*(uint8_t*)0x2015aeb0 = 0); NONFAILING(*(uint8_t*)0x2015aeb1 = 0); NONFAILING(*(uint8_t*)0x2015aeb2 = 0); NONFAILING(*(uint8_t*)0x2015aeb3 = 0); NONFAILING(*(uint8_t*)0x2015aeb4 = 0); NONFAILING(*(uint8_t*)0x2015aeb5 = 0); NONFAILING(*(uint8_t*)0x2015aeb6 = 0); NONFAILING(*(uint8_t*)0x2015aeb7 = 0); NONFAILING(*(uint8_t*)0x2015aeb8 = 0); NONFAILING(*(uint8_t*)0x2015aeb9 = 0); NONFAILING(*(uint8_t*)0x2015aeba = 0); NONFAILING(*(uint8_t*)0x2015aebb = 0); NONFAILING(*(uint8_t*)0x2015aebc = 0); NONFAILING(*(uint8_t*)0x2015aebd = 0); NONFAILING(*(uint8_t*)0x2015aebe = 0); NONFAILING(*(uint8_t*)0x2015aebf = 0); NONFAILING(*(uint8_t*)0x2015aec0 = 0); NONFAILING(*(uint8_t*)0x2015aec1 = 0); NONFAILING(*(uint8_t*)0x2015aec2 = 0); NONFAILING(*(uint8_t*)0x2015aec3 = 0); NONFAILING(*(uint8_t*)0x2015aec4 = 0); NONFAILING(*(uint8_t*)0x2015aec5 = 0); NONFAILING(*(uint8_t*)0x2015aec6 = 0); NONFAILING(*(uint8_t*)0x2015aec7 = 0); NONFAILING(*(uint8_t*)0x2015aec8 = 0); NONFAILING(*(uint8_t*)0x2015aec9 = 0); NONFAILING(*(uint8_t*)0x2015aeca = 0); NONFAILING(*(uint8_t*)0x2015aecb = 0); NONFAILING(*(uint8_t*)0x2015aecc = 0); NONFAILING(*(uint8_t*)0x2015aecd = 0); NONFAILING(*(uint8_t*)0x2015aece = 0); NONFAILING(*(uint8_t*)0x2015aecf = 0); NONFAILING(*(uint8_t*)0x2015aed0 = 0); NONFAILING(*(uint8_t*)0x2015aed1 = 0); NONFAILING(*(uint8_t*)0x2015aed2 = 0); NONFAILING(*(uint8_t*)0x2015aed3 = 0); NONFAILING(*(uint8_t*)0x2015aed4 = 0); NONFAILING(*(uint8_t*)0x2015aed5 = 0); NONFAILING(*(uint8_t*)0x2015aed6 = 0); NONFAILING(*(uint8_t*)0x2015aed7 = 0); NONFAILING(*(uint8_t*)0x2015aed8 = 0); NONFAILING(*(uint8_t*)0x2015aed9 = 0); NONFAILING(*(uint8_t*)0x2015aeda = 0); NONFAILING(*(uint8_t*)0x2015aedb = 0); NONFAILING(*(uint8_t*)0x2015aedc = 0); NONFAILING(*(uint8_t*)0x2015aedd = 0); NONFAILING(*(uint8_t*)0x2015aede = 0); NONFAILING(*(uint8_t*)0x2015aedf = 0); NONFAILING(*(uint8_t*)0x2015aee0 = 0); NONFAILING(*(uint8_t*)0x2015aee1 = 0); NONFAILING(*(uint8_t*)0x2015aee2 = 0); NONFAILING(*(uint8_t*)0x2015aee3 = 0); NONFAILING(*(uint8_t*)0x2015aee4 = 0); NONFAILING(*(uint8_t*)0x2015aee5 = 0); NONFAILING(*(uint8_t*)0x2015aee6 = 0); NONFAILING(*(uint8_t*)0x2015aee7 = 0); NONFAILING(*(uint32_t*)0x2015aee8 = 0); NONFAILING(*(uint16_t*)0x2015aeec = 0xa8); NONFAILING(*(uint16_t*)0x2015aeee = 0xd0); NONFAILING(*(uint32_t*)0x2015aef0 = 0); NONFAILING(*(uint64_t*)0x2015aef8 = 0); NONFAILING(*(uint64_t*)0x2015af00 = 0); NONFAILING(*(uint16_t*)0x2015af08 = 0x28); NONFAILING(memcpy((void*)0x2015af0a, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00", 29)); NONFAILING(*(uint8_t*)0x2015af27 = 0); NONFAILING(*(uint32_t*)0x2015af28 = 0); NONFAILING(*(uint8_t*)0x2015af30 = 0); NONFAILING(*(uint8_t*)0x2015af31 = 0); NONFAILING(*(uint8_t*)0x2015af32 = 0); NONFAILING(*(uint8_t*)0x2015af33 = 0); NONFAILING(*(uint8_t*)0x2015af34 = 0); NONFAILING(*(uint8_t*)0x2015af35 = 0); NONFAILING(*(uint8_t*)0x2015af36 = 0); NONFAILING(*(uint8_t*)0x2015af37 = 0); NONFAILING(*(uint8_t*)0x2015af38 = 0); NONFAILING(*(uint8_t*)0x2015af39 = 0); NONFAILING(*(uint8_t*)0x2015af3a = 0); NONFAILING(*(uint8_t*)0x2015af3b = 0); NONFAILING(*(uint8_t*)0x2015af3c = 0); NONFAILING(*(uint8_t*)0x2015af3d = 0); NONFAILING(*(uint8_t*)0x2015af3e = 0); NONFAILING(*(uint8_t*)0x2015af3f = 0); NONFAILING(*(uint8_t*)0x2015af40 = 0); NONFAILING(*(uint8_t*)0x2015af41 = 0); NONFAILING(*(uint8_t*)0x2015af42 = 0); NONFAILING(*(uint8_t*)0x2015af43 = 0); NONFAILING(*(uint8_t*)0x2015af44 = 0); NONFAILING(*(uint8_t*)0x2015af45 = 0); NONFAILING(*(uint8_t*)0x2015af46 = 0); NONFAILING(*(uint8_t*)0x2015af47 = 0); NONFAILING(*(uint8_t*)0x2015af48 = 0); NONFAILING(*(uint8_t*)0x2015af49 = 0); NONFAILING(*(uint8_t*)0x2015af4a = 0); NONFAILING(*(uint8_t*)0x2015af4b = 0); NONFAILING(*(uint8_t*)0x2015af4c = 0); NONFAILING(*(uint8_t*)0x2015af4d = 0); NONFAILING(*(uint8_t*)0x2015af4e = 0); NONFAILING(*(uint8_t*)0x2015af4f = 0); NONFAILING(*(uint8_t*)0x2015af50 = 0); NONFAILING(*(uint8_t*)0x2015af51 = 0); NONFAILING(*(uint8_t*)0x2015af52 = 0); NONFAILING(*(uint8_t*)0x2015af53 = 0); NONFAILING(*(uint8_t*)0x2015af54 = 0); NONFAILING(*(uint8_t*)0x2015af55 = 0); NONFAILING(*(uint8_t*)0x2015af56 = 0); NONFAILING(*(uint8_t*)0x2015af57 = 0); NONFAILING(*(uint8_t*)0x2015af58 = 0); NONFAILING(*(uint8_t*)0x2015af59 = 0); NONFAILING(*(uint8_t*)0x2015af5a = 0); NONFAILING(*(uint8_t*)0x2015af5b = 0); NONFAILING(*(uint8_t*)0x2015af5c = 0); NONFAILING(*(uint8_t*)0x2015af5d = 0); NONFAILING(*(uint8_t*)0x2015af5e = 0); NONFAILING(*(uint8_t*)0x2015af5f = 0); NONFAILING(*(uint8_t*)0x2015af60 = 0); NONFAILING(*(uint8_t*)0x2015af61 = 0); NONFAILING(*(uint8_t*)0x2015af62 = 0); NONFAILING(*(uint8_t*)0x2015af63 = 0); NONFAILING(*(uint8_t*)0x2015af64 = 0); NONFAILING(*(uint8_t*)0x2015af65 = 0); NONFAILING(*(uint8_t*)0x2015af66 = 0); NONFAILING(*(uint8_t*)0x2015af67 = 0); NONFAILING(*(uint8_t*)0x2015af68 = 0); NONFAILING(*(uint8_t*)0x2015af69 = 0); NONFAILING(*(uint8_t*)0x2015af6a = 0); NONFAILING(*(uint8_t*)0x2015af6b = 0); NONFAILING(*(uint8_t*)0x2015af6c = 0); NONFAILING(*(uint8_t*)0x2015af6d = 0); NONFAILING(*(uint8_t*)0x2015af6e = 0); NONFAILING(*(uint8_t*)0x2015af6f = 0); NONFAILING(*(uint8_t*)0x2015af70 = 0); NONFAILING(*(uint8_t*)0x2015af71 = 0); NONFAILING(*(uint8_t*)0x2015af72 = 0); NONFAILING(*(uint8_t*)0x2015af73 = 0); NONFAILING(*(uint8_t*)0x2015af74 = 0); NONFAILING(*(uint8_t*)0x2015af75 = 0); NONFAILING(*(uint8_t*)0x2015af76 = 0); NONFAILING(*(uint8_t*)0x2015af77 = 0); NONFAILING(*(uint8_t*)0x2015af78 = 0); NONFAILING(*(uint8_t*)0x2015af79 = 0); NONFAILING(*(uint8_t*)0x2015af7a = 0); NONFAILING(*(uint8_t*)0x2015af7b = 0); NONFAILING(*(uint8_t*)0x2015af7c = 0); NONFAILING(*(uint8_t*)0x2015af7d = 0); NONFAILING(*(uint8_t*)0x2015af7e = 0); NONFAILING(*(uint8_t*)0x2015af7f = 0); NONFAILING(*(uint8_t*)0x2015af80 = 0); NONFAILING(*(uint8_t*)0x2015af81 = 0); NONFAILING(*(uint8_t*)0x2015af82 = 0); NONFAILING(*(uint8_t*)0x2015af83 = 0); NONFAILING(*(uint8_t*)0x2015af84 = 0); NONFAILING(*(uint8_t*)0x2015af85 = 0); NONFAILING(*(uint8_t*)0x2015af86 = 0); NONFAILING(*(uint8_t*)0x2015af87 = 0); NONFAILING(*(uint8_t*)0x2015af88 = 0); NONFAILING(*(uint8_t*)0x2015af89 = 0); NONFAILING(*(uint8_t*)0x2015af8a = 0); NONFAILING(*(uint8_t*)0x2015af8b = 0); NONFAILING(*(uint8_t*)0x2015af8c = 0); NONFAILING(*(uint8_t*)0x2015af8d = 0); NONFAILING(*(uint8_t*)0x2015af8e = 0); NONFAILING(*(uint8_t*)0x2015af8f = 0); NONFAILING(*(uint8_t*)0x2015af90 = 0); NONFAILING(*(uint8_t*)0x2015af91 = 0); NONFAILING(*(uint8_t*)0x2015af92 = 0); NONFAILING(*(uint8_t*)0x2015af93 = 0); NONFAILING(*(uint8_t*)0x2015af94 = 0); NONFAILING(*(uint8_t*)0x2015af95 = 0); NONFAILING(*(uint8_t*)0x2015af96 = 0); NONFAILING(*(uint8_t*)0x2015af97 = 0); NONFAILING(*(uint8_t*)0x2015af98 = 0); NONFAILING(*(uint8_t*)0x2015af99 = 0); NONFAILING(*(uint8_t*)0x2015af9a = 0); NONFAILING(*(uint8_t*)0x2015af9b = 0); NONFAILING(*(uint8_t*)0x2015af9c = 0); NONFAILING(*(uint8_t*)0x2015af9d = 0); NONFAILING(*(uint8_t*)0x2015af9e = 0); NONFAILING(*(uint8_t*)0x2015af9f = 0); NONFAILING(*(uint8_t*)0x2015afa0 = 0); NONFAILING(*(uint8_t*)0x2015afa1 = 0); NONFAILING(*(uint8_t*)0x2015afa2 = 0); NONFAILING(*(uint8_t*)0x2015afa3 = 0); NONFAILING(*(uint8_t*)0x2015afa4 = 0); NONFAILING(*(uint8_t*)0x2015afa5 = 0); NONFAILING(*(uint8_t*)0x2015afa6 = 0); NONFAILING(*(uint8_t*)0x2015afa7 = 0); NONFAILING(*(uint8_t*)0x2015afa8 = 0); NONFAILING(*(uint8_t*)0x2015afa9 = 0); NONFAILING(*(uint8_t*)0x2015afaa = 0); NONFAILING(*(uint8_t*)0x2015afab = 0); NONFAILING(*(uint8_t*)0x2015afac = 0); NONFAILING(*(uint8_t*)0x2015afad = 0); NONFAILING(*(uint8_t*)0x2015afae = 0); NONFAILING(*(uint8_t*)0x2015afaf = 0); NONFAILING(*(uint8_t*)0x2015afb0 = 0); NONFAILING(*(uint8_t*)0x2015afb1 = 0); NONFAILING(*(uint8_t*)0x2015afb2 = 0); NONFAILING(*(uint8_t*)0x2015afb3 = 0); NONFAILING(*(uint8_t*)0x2015afb4 = 0); NONFAILING(*(uint8_t*)0x2015afb5 = 0); NONFAILING(*(uint8_t*)0x2015afb6 = 0); NONFAILING(*(uint8_t*)0x2015afb7 = 0); NONFAILING(*(uint32_t*)0x2015afb8 = 0); NONFAILING(*(uint16_t*)0x2015afbc = 0xa8); NONFAILING(*(uint16_t*)0x2015afbe = 0xd0); NONFAILING(*(uint32_t*)0x2015afc0 = 0); NONFAILING(*(uint64_t*)0x2015afc8 = 0); NONFAILING(*(uint64_t*)0x2015afd0 = 0); NONFAILING(*(uint16_t*)0x2015afd8 = 0x28); NONFAILING(memcpy((void*)0x2015afda, "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00", 29)); NONFAILING(*(uint8_t*)0x2015aff7 = 0); NONFAILING(*(uint32_t*)0x2015aff8 = 0xfffffffe); syscall(__NR_setsockopt, r[0], 0x29, 0x40, 0x2015ac60, 0x3a0); syz_extract_tcp_res(0x200a8ff8, 1, 0); } int main() { install_segv_handler(); use_temporary_dir(); setup_tun(0, true); loop(); return 0; }