// https://syzkaller.appspot.com/bug?id=ce57f74fa1e7f614f7e4ef0ca5dc96fd2d6f14f3 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include #include #include #include #include #include #include #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* uctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; if (__atomic_load_n(&skip_segv, __ATOMIC_RELAXED) && (addr < prog_start || addr > prog_end)) { _longjmp(segv_env, 1); } doexit(sig); } static void install_segv_handler() { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_handler = SIG_IGN; syscall(SYS_rt_sigaction, 0x20, &sa, NULL, 8); syscall(SYS_rt_sigaction, 0x21, &sa, NULL, 8); memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) \ { \ __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); \ if (_setjmp(segv_env) == 0) { \ __VA_ARGS__; \ } \ __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); \ } static void use_temporary_dir() { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) fail("failed to mkdtemp"); if (chmod(tmpdir, 0777)) fail("failed to chmod"); if (chdir(tmpdir)) fail("failed to chdir"); } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); setsid(); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 128 << 20; setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); #define CLONE_NEWCGROUP 0x02000000 if (unshare(CLONE_NEWNS)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(CLONE_NEWCGROUP)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } } static int do_sandbox_none(int executor_pid, bool enable_tun) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid < 0) fail("sandbox fork failed"); if (pid) return pid; sandbox_common(); if (unshare(CLONE_NEWNET)) { } loop(); doexit(1); } static void test(); void loop() { while (1) { test(); } } long r[1]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 2, 1, 0); NONFAILING(memcpy((void*)0x20fb1000, "\x62\x72\x6f\x75\x74\x65\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x20fb1020 = 0x20); NONFAILING(*(uint32_t*)0x20fb1024 = 2); NONFAILING(*(uint32_t*)0x20fb1028 = 0xd08); NONFAILING(*(uint64_t*)0x20fb1030 = 0); NONFAILING(*(uint64_t*)0x20fb1038 = 0); NONFAILING(*(uint64_t*)0x20fb1040 = 0); NONFAILING(*(uint64_t*)0x20fb1048 = 0); NONFAILING(*(uint64_t*)0x20fb1050 = 0); NONFAILING(*(uint64_t*)0x20fb1058 = 0x205ce2f8); NONFAILING(*(uint32_t*)0x20fb1060 = 0); NONFAILING(*(uint64_t*)0x20fb1068 = 0x20c7bff0); NONFAILING(*(uint64_t*)0x20fb1070 = 0x205ce2f8); NONFAILING(*(uint32_t*)0x205ce2f8 = 0); NONFAILING(memcpy((void*)0x205ce2fc, "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205ce31c = 0); NONFAILING(*(uint32_t*)0x205ce320 = -1); NONFAILING(*(uint32_t*)0x205ce324 = 0); NONFAILING(*(uint32_t*)0x205ce328 = 0); NONFAILING(memcpy((void*)0x205ce32c, "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205ce34c = 0); NONFAILING(*(uint32_t*)0x205ce350 = 0xfffffffc); NONFAILING(*(uint32_t*)0x205ce354 = 0); NONFAILING(*(uint32_t*)0x205ce358 = 0); NONFAILING(memcpy((void*)0x205ce35c, "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205ce37c = 0); NONFAILING(*(uint32_t*)0x205ce380 = 0xfffffffe); NONFAILING(*(uint32_t*)0x205ce384 = 2); NONFAILING(*(uint32_t*)0x205ce388 = 9); NONFAILING(*(uint32_t*)0x205ce38c = 0); NONFAILING(*(uint16_t*)0x205ce390 = htobe16(0)); NONFAILING(*(uint8_t*)0x205ce392 = 0x73); NONFAILING(*(uint8_t*)0x205ce393 = 0x79); NONFAILING(*(uint8_t*)0x205ce394 = 0x7a); NONFAILING(*(uint8_t*)0x205ce395 = 0x30); NONFAILING(*(uint8_t*)0x205ce396 = 0); NONFAILING(memcpy( (void*)0x205ce3a2, "\x69\x70\x36\x67\x72\x65\x74\x61\x70\x30\x00\x00\x00\x00\x00\x00", 16)); NONFAILING(memcpy( (void*)0x205ce3b2, "\x76\x63\x61\x6e\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16)); NONFAILING(memcpy( (void*)0x205ce3c2, "\x85\xf9\xf4\xb9\x22\x06\x95\x46\x97\xb9\x62\x71\xda\x9c\xc4\xc1", 16)); NONFAILING(memcpy((void*)0x205ce3d2, "\x6b\x33\x4d\xa2\x84\x9a", 6)); NONFAILING(*(uint8_t*)0x205ce3d8 = 0); NONFAILING(*(uint8_t*)0x205ce3d9 = -1); NONFAILING(*(uint8_t*)0x205ce3da = -1); NONFAILING(*(uint8_t*)0x205ce3db = -1); NONFAILING(*(uint8_t*)0x205ce3dc = -1); NONFAILING(*(uint8_t*)0x205ce3dd = 0); NONFAILING(memcpy((void*)0x205ce3de, "\x09\x62\xa5\x25\x0c\x9f", 6)); NONFAILING(*(uint8_t*)0x205ce3e4 = 0); NONFAILING(*(uint8_t*)0x205ce3e5 = -1); NONFAILING(*(uint8_t*)0x205ce3e6 = 0); NONFAILING(*(uint8_t*)0x205ce3e7 = -1); NONFAILING(*(uint8_t*)0x205ce3e8 = 0); NONFAILING(*(uint8_t*)0x205ce3e9 = -1); NONFAILING(*(uint32_t*)0x205ce3ec = 0x948); NONFAILING(*(uint32_t*)0x205ce3f0 = 0x9c0); NONFAILING(*(uint32_t*)0x205ce3f4 = 0x9f0); NONFAILING(memcpy((void*)0x205ce3f8, "\x61\x6d\x6f\x6e\x67\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205ce418 = 0x870); NONFAILING(*(uint32_t*)0x205ce420 = 9); NONFAILING(*(uint32_t*)0x205ce424 = 0x8001); NONFAILING(*(uint32_t*)0x205ce428 = 7); NONFAILING(*(uint32_t*)0x205ce42c = 9); NONFAILING(*(uint32_t*)0x205ce430 = 9); NONFAILING(*(uint32_t*)0x205ce434 = 0xc9de); NONFAILING(*(uint32_t*)0x205ce438 = 4); NONFAILING(*(uint32_t*)0x205ce43c = 4); NONFAILING(*(uint32_t*)0x205ce440 = 0x8000); NONFAILING(*(uint32_t*)0x205ce444 = 0x81); NONFAILING(*(uint32_t*)0x205ce448 = 5); NONFAILING(*(uint32_t*)0x205ce44c = 6); NONFAILING(*(uint32_t*)0x205ce450 = 0x8ca5); NONFAILING(*(uint32_t*)0x205ce454 = 0); NONFAILING(*(uint32_t*)0x205ce458 = 0x80000000); NONFAILING(*(uint32_t*)0x205ce45c = 4); NONFAILING(*(uint32_t*)0x205ce460 = 2); NONFAILING(*(uint32_t*)0x205ce464 = 5); NONFAILING(*(uint32_t*)0x205ce468 = 1); NONFAILING(*(uint32_t*)0x205ce46c = 0x7fffffff); NONFAILING(*(uint32_t*)0x205ce470 = 8); NONFAILING(*(uint32_t*)0x205ce474 = 2); NONFAILING(*(uint32_t*)0x205ce478 = 1); NONFAILING(*(uint32_t*)0x205ce47c = 6); NONFAILING(*(uint32_t*)0x205ce480 = 8); NONFAILING(*(uint32_t*)0x205ce484 = 0x6a); NONFAILING(*(uint32_t*)0x205ce488 = 0x276f); NONFAILING(*(uint32_t*)0x205ce48c = 0x7f); NONFAILING(*(uint32_t*)0x205ce490 = 0xfff); NONFAILING(*(uint32_t*)0x205ce494 = 4); NONFAILING(*(uint32_t*)0x205ce498 = 6); NONFAILING(*(uint32_t*)0x205ce49c = 0xa87); NONFAILING(*(uint32_t*)0x205ce4a0 = 0x5f5e); NONFAILING(*(uint32_t*)0x205ce4a4 = 6); NONFAILING(*(uint32_t*)0x205ce4a8 = 0x79c); NONFAILING(*(uint32_t*)0x205ce4ac = 0x7ff); NONFAILING(*(uint32_t*)0x205ce4b0 = 0x400); NONFAILING(*(uint32_t*)0x205ce4b4 = 0x7fff); NONFAILING(*(uint32_t*)0x205ce4b8 = 6); NONFAILING(*(uint32_t*)0x205ce4bc = 2); NONFAILING(*(uint32_t*)0x205ce4c0 = 4); NONFAILING(*(uint32_t*)0x205ce4c4 = 9); NONFAILING(*(uint32_t*)0x205ce4c8 = 5); NONFAILING(*(uint32_t*)0x205ce4cc = 6); NONFAILING(*(uint32_t*)0x205ce4d0 = 0xa54); NONFAILING(*(uint32_t*)0x205ce4d4 = 0xffffff41); NONFAILING(*(uint32_t*)0x205ce4d8 = 3); NONFAILING(*(uint32_t*)0x205ce4dc = 1); NONFAILING(*(uint32_t*)0x205ce4e0 = 4); NONFAILING(*(uint32_t*)0x205ce4e4 = 0x1f); NONFAILING(*(uint32_t*)0x205ce4e8 = 0xffff); NONFAILING(*(uint32_t*)0x205ce4ec = 3); NONFAILING(*(uint32_t*)0x205ce4f0 = 0xff); NONFAILING(*(uint32_t*)0x205ce4f4 = 0x80); NONFAILING(*(uint32_t*)0x205ce4f8 = 3); NONFAILING(*(uint32_t*)0x205ce4fc = 7); NONFAILING(*(uint32_t*)0x205ce500 = 0x8000); NONFAILING(*(uint32_t*)0x205ce504 = 9); NONFAILING(*(uint32_t*)0x205ce508 = 7); NONFAILING(*(uint32_t*)0x205ce50c = 0xfffffff8); NONFAILING(*(uint32_t*)0x205ce510 = 9); NONFAILING(*(uint32_t*)0x205ce514 = 6); NONFAILING(*(uint32_t*)0x205ce518 = 0x543f); NONFAILING(*(uint32_t*)0x205ce51c = 6); NONFAILING(*(uint32_t*)0x205ce520 = 0xa9); NONFAILING(*(uint32_t*)0x205ce524 = 0x8000); NONFAILING(*(uint32_t*)0x205ce528 = 0x682f); NONFAILING(*(uint32_t*)0x205ce52c = 0x7fff); NONFAILING(*(uint32_t*)0x205ce530 = 0x1ff); NONFAILING(*(uint32_t*)0x205ce534 = 0xf8); NONFAILING(*(uint32_t*)0x205ce538 = 0xbae); NONFAILING(*(uint32_t*)0x205ce53c = 0); NONFAILING(*(uint32_t*)0x205ce540 = 0xff); NONFAILING(*(uint32_t*)0x205ce544 = 7); NONFAILING(*(uint32_t*)0x205ce548 = 0x400); NONFAILING(*(uint32_t*)0x205ce54c = 0x81); NONFAILING(*(uint32_t*)0x205ce550 = 0x80); NONFAILING(*(uint32_t*)0x205ce554 = 0); NONFAILING(*(uint32_t*)0x205ce558 = 9); NONFAILING(*(uint32_t*)0x205ce55c = 8); NONFAILING(*(uint32_t*)0x205ce560 = 2); NONFAILING(*(uint32_t*)0x205ce564 = 8); NONFAILING(*(uint32_t*)0x205ce568 = 0x8000); NONFAILING(*(uint32_t*)0x205ce56c = 2); NONFAILING(*(uint32_t*)0x205ce570 = 0xfff); NONFAILING(*(uint32_t*)0x205ce574 = 0xffff); NONFAILING(*(uint32_t*)0x205ce578 = 0x10001); NONFAILING(*(uint32_t*)0x205ce57c = 9); NONFAILING(*(uint32_t*)0x205ce580 = 7); NONFAILING(*(uint32_t*)0x205ce584 = 3); NONFAILING(*(uint32_t*)0x205ce588 = 0x38); NONFAILING(*(uint32_t*)0x205ce58c = 0x40); NONFAILING(*(uint32_t*)0x205ce590 = 2); NONFAILING(*(uint32_t*)0x205ce594 = 0x3f); NONFAILING(*(uint32_t*)0x205ce598 = 0x101); NONFAILING(*(uint32_t*)0x205ce59c = 0); NONFAILING(*(uint32_t*)0x205ce5a0 = 6); NONFAILING(*(uint32_t*)0x205ce5a4 = 1); NONFAILING(*(uint32_t*)0x205ce5a8 = 7); NONFAILING(*(uint32_t*)0x205ce5ac = 0xd6); NONFAILING(*(uint32_t*)0x205ce5b0 = 6); NONFAILING(*(uint32_t*)0x205ce5b4 = 0x2f); NONFAILING(*(uint32_t*)0x205ce5b8 = 2); NONFAILING(*(uint32_t*)0x205ce5bc = 8); NONFAILING(*(uint32_t*)0x205ce5c0 = 7); NONFAILING(*(uint32_t*)0x205ce5c4 = 0); NONFAILING(*(uint32_t*)0x205ce5c8 = 0x1ff); NONFAILING(*(uint32_t*)0x205ce5cc = 0xfff); NONFAILING(*(uint32_t*)0x205ce5d0 = 1); NONFAILING(*(uint32_t*)0x205ce5d4 = 6); NONFAILING(*(uint32_t*)0x205ce5d8 = 3); NONFAILING(*(uint32_t*)0x205ce5dc = 0); NONFAILING(*(uint32_t*)0x205ce5e0 = 0x2f); NONFAILING(*(uint32_t*)0x205ce5e4 = 2); NONFAILING(*(uint32_t*)0x205ce5e8 = 3); NONFAILING(*(uint32_t*)0x205ce5ec = 0x8001); NONFAILING(*(uint32_t*)0x205ce5f0 = 0x6ec); NONFAILING(*(uint32_t*)0x205ce5f4 = 0); NONFAILING(*(uint32_t*)0x205ce5f8 = 0); NONFAILING(*(uint32_t*)0x205ce5fc = 0xffffffd3); NONFAILING(*(uint32_t*)0x205ce600 = 0xff); NONFAILING(*(uint32_t*)0x205ce604 = 0x40); NONFAILING(*(uint32_t*)0x205ce608 = 1); NONFAILING(*(uint32_t*)0x205ce60c = 3); NONFAILING(*(uint32_t*)0x205ce610 = 9); NONFAILING(*(uint32_t*)0x205ce614 = 0); NONFAILING(*(uint32_t*)0x205ce618 = 0xfffffc00); NONFAILING(*(uint32_t*)0x205ce61c = 2); NONFAILING(*(uint32_t*)0x205ce620 = 0xff); NONFAILING(*(uint32_t*)0x205ce624 = 5); NONFAILING(*(uint32_t*)0x205ce628 = 2); NONFAILING(*(uint32_t*)0x205ce62c = 0xe39c); NONFAILING(*(uint32_t*)0x205ce630 = 4); NONFAILING(*(uint32_t*)0x205ce634 = 0x400); NONFAILING(*(uint32_t*)0x205ce638 = 9); NONFAILING(*(uint32_t*)0x205ce63c = 1); NONFAILING(*(uint32_t*)0x205ce640 = 0x101); NONFAILING(*(uint32_t*)0x205ce644 = 3); NONFAILING(*(uint32_t*)0x205ce648 = 3); NONFAILING(*(uint32_t*)0x205ce64c = 4); NONFAILING(*(uint32_t*)0x205ce650 = 0x1ffc0); NONFAILING(*(uint32_t*)0x205ce654 = 0x9b59); NONFAILING(*(uint32_t*)0x205ce658 = 0x7f); NONFAILING(*(uint32_t*)0x205ce65c = 0x100); NONFAILING(*(uint32_t*)0x205ce660 = 0xfffff643); NONFAILING(*(uint32_t*)0x205ce664 = 9); NONFAILING(*(uint32_t*)0x205ce668 = 0x1b); NONFAILING(*(uint32_t*)0x205ce66c = 0); NONFAILING(*(uint32_t*)0x205ce670 = 0x1550); NONFAILING(*(uint32_t*)0x205ce674 = 8); NONFAILING(*(uint32_t*)0x205ce678 = 7); NONFAILING(*(uint32_t*)0x205ce67c = 4); NONFAILING(*(uint32_t*)0x205ce680 = 0xaa88); NONFAILING(*(uint32_t*)0x205ce684 = 0x7ff); NONFAILING(*(uint32_t*)0x205ce688 = 7); NONFAILING(*(uint32_t*)0x205ce68c = 3); NONFAILING(*(uint32_t*)0x205ce690 = 0); NONFAILING(*(uint32_t*)0x205ce694 = 3); NONFAILING(*(uint32_t*)0x205ce698 = 0xf38); NONFAILING(*(uint32_t*)0x205ce69c = 0xffff); NONFAILING(*(uint32_t*)0x205ce6a0 = 0x1ff); NONFAILING(*(uint32_t*)0x205ce6a4 = 0xfffff1d4); NONFAILING(*(uint32_t*)0x205ce6a8 = 9); NONFAILING(*(uint32_t*)0x205ce6ac = 9); NONFAILING(*(uint32_t*)0x205ce6b0 = 2); NONFAILING(*(uint32_t*)0x205ce6b4 = 3); NONFAILING(*(uint32_t*)0x205ce6b8 = 0x101); NONFAILING(*(uint32_t*)0x205ce6bc = 4); NONFAILING(*(uint32_t*)0x205ce6c0 = 0x800); NONFAILING(*(uint32_t*)0x205ce6c4 = 4); NONFAILING(*(uint32_t*)0x205ce6c8 = 0x13e); NONFAILING(*(uint32_t*)0x205ce6cc = 2); NONFAILING(*(uint32_t*)0x205ce6d0 = 7); NONFAILING(*(uint32_t*)0x205ce6d4 = 9); NONFAILING(*(uint32_t*)0x205ce6d8 = 7); NONFAILING(*(uint32_t*)0x205ce6dc = 4); NONFAILING(*(uint32_t*)0x205ce6e0 = 2); NONFAILING(*(uint32_t*)0x205ce6e4 = 0xa021); NONFAILING(*(uint32_t*)0x205ce6e8 = 0x1ff); NONFAILING(*(uint32_t*)0x205ce6ec = 0x1ff); NONFAILING(*(uint32_t*)0x205ce6f0 = -1); NONFAILING(*(uint32_t*)0x205ce6f4 = 6); NONFAILING(*(uint32_t*)0x205ce6f8 = 0); NONFAILING(*(uint32_t*)0x205ce6fc = 5); NONFAILING(*(uint32_t*)0x205ce700 = 0x80000000); NONFAILING(*(uint32_t*)0x205ce704 = 9); NONFAILING(*(uint32_t*)0x205ce708 = 2); NONFAILING(*(uint32_t*)0x205ce70c = 0x80); NONFAILING(*(uint32_t*)0x205ce710 = 0x7fffffff); NONFAILING(*(uint32_t*)0x205ce714 = 4); NONFAILING(*(uint32_t*)0x205ce718 = 7); NONFAILING(*(uint32_t*)0x205ce71c = 9); NONFAILING(*(uint32_t*)0x205ce720 = 2); NONFAILING(*(uint32_t*)0x205ce724 = 5); NONFAILING(*(uint32_t*)0x205ce728 = 6); NONFAILING(*(uint32_t*)0x205ce72c = 0x1f); NONFAILING(*(uint32_t*)0x205ce730 = 8); NONFAILING(*(uint32_t*)0x205ce734 = 0x7fffffff); NONFAILING(*(uint32_t*)0x205ce738 = 0x400); NONFAILING(*(uint32_t*)0x205ce73c = 2); NONFAILING(*(uint32_t*)0x205ce740 = 8); NONFAILING(*(uint32_t*)0x205ce744 = 2); NONFAILING(*(uint32_t*)0x205ce748 = 1); NONFAILING(*(uint32_t*)0x205ce74c = 0xd945); NONFAILING(*(uint32_t*)0x205ce750 = 1); NONFAILING(*(uint32_t*)0x205ce754 = 0x200); NONFAILING(*(uint32_t*)0x205ce758 = 0xfffffffe); NONFAILING(*(uint32_t*)0x205ce75c = 5); NONFAILING(*(uint32_t*)0x205ce760 = 9); NONFAILING(*(uint32_t*)0x205ce764 = 9); NONFAILING(*(uint32_t*)0x205ce768 = 6); NONFAILING(*(uint32_t*)0x205ce76c = 0x4d5); NONFAILING(*(uint32_t*)0x205ce770 = -1); NONFAILING(*(uint32_t*)0x205ce774 = 0x8001); NONFAILING(*(uint32_t*)0x205ce778 = 0xc4); NONFAILING(*(uint32_t*)0x205ce77c = 0x10001); NONFAILING(*(uint32_t*)0x205ce780 = 0); NONFAILING(*(uint32_t*)0x205ce784 = 0xff); NONFAILING(*(uint32_t*)0x205ce788 = 0x10001); NONFAILING(*(uint32_t*)0x205ce78c = 5); NONFAILING(*(uint32_t*)0x205ce790 = 0x1000); NONFAILING(*(uint32_t*)0x205ce794 = 0x194da0f9); NONFAILING(*(uint32_t*)0x205ce798 = 7); NONFAILING(*(uint32_t*)0x205ce79c = 5); NONFAILING(*(uint32_t*)0x205ce7a0 = 0x92); NONFAILING(*(uint32_t*)0x205ce7a4 = 8); NONFAILING(*(uint32_t*)0x205ce7a8 = 0x10000); NONFAILING(*(uint32_t*)0x205ce7ac = 0x8000); NONFAILING(*(uint32_t*)0x205ce7b0 = 0x80000000); NONFAILING(*(uint32_t*)0x205ce7b4 = 0x2beb); NONFAILING(*(uint32_t*)0x205ce7b8 = 8); NONFAILING(*(uint32_t*)0x205ce7bc = 0x10001); NONFAILING(*(uint32_t*)0x205ce7c0 = 0x2000000); NONFAILING(*(uint32_t*)0x205ce7c4 = 0xe5a); NONFAILING(*(uint32_t*)0x205ce7c8 = 4); NONFAILING(*(uint32_t*)0x205ce7cc = 9); NONFAILING(*(uint32_t*)0x205ce7d0 = 8); NONFAILING(*(uint32_t*)0x205ce7d4 = 6); NONFAILING(*(uint32_t*)0x205ce7d8 = 4); NONFAILING(*(uint32_t*)0x205ce7dc = 0x8e); NONFAILING(*(uint32_t*)0x205ce7e0 = 0xffff); NONFAILING(*(uint32_t*)0x205ce7e4 = 0xfff); NONFAILING(*(uint32_t*)0x205ce7e8 = 8); NONFAILING(*(uint32_t*)0x205ce7ec = 4); NONFAILING(*(uint32_t*)0x205ce7f0 = -1); NONFAILING(*(uint32_t*)0x205ce7f4 = 8); NONFAILING(*(uint32_t*)0x205ce7f8 = 0x80); NONFAILING(*(uint32_t*)0x205ce7fc = 3); NONFAILING(*(uint32_t*)0x205ce800 = 2); NONFAILING(*(uint32_t*)0x205ce804 = 4); NONFAILING(*(uint32_t*)0x205ce808 = 0); NONFAILING(*(uint32_t*)0x205ce80c = 8); NONFAILING(*(uint32_t*)0x205ce810 = 0x20); NONFAILING(*(uint32_t*)0x205ce814 = 8); NONFAILING(*(uint32_t*)0x205ce818 = 4); NONFAILING(*(uint32_t*)0x205ce81c = 4); NONFAILING(*(uint32_t*)0x205ce820 = 0x100); NONFAILING(*(uint32_t*)0x205ce824 = 0x3f); NONFAILING(*(uint32_t*)0x205ce828 = 8); NONFAILING(*(uint32_t*)0x205ce82c = 1); NONFAILING(*(uint32_t*)0x205ce830 = 4); NONFAILING(*(uint32_t*)0x205ce834 = 9); NONFAILING(*(uint32_t*)0x205ce838 = 7); NONFAILING(*(uint32_t*)0x205ce83c = htobe32(0x7f000001)); NONFAILING(*(uint32_t*)0x205ce840 = 9); NONFAILING(*(uint32_t*)0x205ce844 = 0); NONFAILING(*(uint32_t*)0x205ce848 = htobe32(-1)); NONFAILING(*(uint32_t*)0x205ce84c = 1); NONFAILING(*(uint32_t*)0x205ce850 = 9); NONFAILING(*(uint32_t*)0x205ce854 = htobe32(0xe0000002)); NONFAILING(*(uint32_t*)0x205ce858 = 0x1f); NONFAILING(*(uint32_t*)0x205ce85c = 0x40); NONFAILING(*(uint8_t*)0x205ce860 = 0xac); NONFAILING(*(uint8_t*)0x205ce861 = 0x14); NONFAILING(*(uint8_t*)0x205ce862 = 0); NONFAILING(*(uint8_t*)0x205ce863 = 0x15); NONFAILING(*(uint32_t*)0x205ce864 = 0xcbe); NONFAILING(*(uint32_t*)0x205ce868 = 0xffffff38); NONFAILING(*(uint32_t*)0x205ce86c = 1); NONFAILING(*(uint32_t*)0x205ce870 = 5); NONFAILING(*(uint32_t*)0x205ce874 = 9); NONFAILING(*(uint32_t*)0x205ce878 = 1); NONFAILING(*(uint32_t*)0x205ce87c = 8); NONFAILING(*(uint32_t*)0x205ce880 = 9); NONFAILING(*(uint32_t*)0x205ce884 = 0xfffff001); NONFAILING(*(uint32_t*)0x205ce888 = 0x532d69d6); NONFAILING(*(uint32_t*)0x205ce88c = 0x80); NONFAILING(*(uint32_t*)0x205ce890 = 0); NONFAILING(*(uint32_t*)0x205ce894 = 9); NONFAILING(*(uint32_t*)0x205ce898 = 2); NONFAILING(*(uint32_t*)0x205ce89c = 7); NONFAILING(*(uint32_t*)0x205ce8a0 = 0x40); NONFAILING(*(uint32_t*)0x205ce8a4 = 0); NONFAILING(*(uint32_t*)0x205ce8a8 = 9); NONFAILING(*(uint32_t*)0x205ce8ac = 0xfa4); NONFAILING(*(uint32_t*)0x205ce8b0 = 5); NONFAILING(*(uint32_t*)0x205ce8b4 = 6); NONFAILING(*(uint32_t*)0x205ce8b8 = 0x8000); NONFAILING(*(uint32_t*)0x205ce8bc = 4); NONFAILING(*(uint32_t*)0x205ce8c0 = 0x900); NONFAILING(*(uint32_t*)0x205ce8c4 = 0x7ff); NONFAILING(*(uint32_t*)0x205ce8c8 = 5); NONFAILING(*(uint32_t*)0x205ce8cc = 0x80); NONFAILING(*(uint32_t*)0x205ce8d0 = 2); NONFAILING(*(uint32_t*)0x205ce8d4 = 0); NONFAILING(*(uint32_t*)0x205ce8d8 = 7); NONFAILING(*(uint32_t*)0x205ce8dc = 0xf24); NONFAILING(*(uint32_t*)0x205ce8e0 = 4); NONFAILING(*(uint32_t*)0x205ce8e4 = 2); NONFAILING(*(uint32_t*)0x205ce8e8 = 5); NONFAILING(*(uint32_t*)0x205ce8ec = 7); NONFAILING(*(uint32_t*)0x205ce8f0 = 2); NONFAILING(*(uint32_t*)0x205ce8f4 = 0x7ff); NONFAILING(*(uint32_t*)0x205ce8f8 = 6); NONFAILING(*(uint32_t*)0x205ce8fc = 0x401); NONFAILING(*(uint32_t*)0x205ce900 = 7); NONFAILING(*(uint32_t*)0x205ce904 = 6); NONFAILING(*(uint32_t*)0x205ce908 = 0x800); NONFAILING(*(uint32_t*)0x205ce90c = -1); NONFAILING(*(uint32_t*)0x205ce910 = 1); NONFAILING(*(uint32_t*)0x205ce914 = 0x28); NONFAILING(*(uint32_t*)0x205ce918 = 0x6b); NONFAILING(*(uint32_t*)0x205ce91c = 0x7f); NONFAILING(*(uint32_t*)0x205ce920 = 0xc6); NONFAILING(*(uint32_t*)0x205ce924 = 1); NONFAILING(*(uint32_t*)0x205ce928 = 4); NONFAILING(*(uint32_t*)0x205ce92c = 4); NONFAILING(*(uint32_t*)0x205ce930 = 1); NONFAILING(*(uint32_t*)0x205ce934 = 0); NONFAILING(*(uint32_t*)0x205ce938 = 3); NONFAILING(*(uint32_t*)0x205ce93c = 0xfff); NONFAILING(*(uint32_t*)0x205ce940 = 4); NONFAILING(*(uint32_t*)0x205ce944 = 0x4f); NONFAILING(*(uint32_t*)0x205ce948 = 0x40); NONFAILING(*(uint32_t*)0x205ce94c = 6); NONFAILING(*(uint32_t*)0x205ce950 = 0); NONFAILING(*(uint32_t*)0x205ce954 = 6); NONFAILING(*(uint32_t*)0x205ce958 = 0x20); NONFAILING(*(uint32_t*)0x205ce95c = 5); NONFAILING(*(uint32_t*)0x205ce960 = 8); NONFAILING(*(uint32_t*)0x205ce964 = 7); NONFAILING(*(uint32_t*)0x205ce968 = 0x7f); NONFAILING(*(uint32_t*)0x205ce96c = 0x691); NONFAILING(*(uint32_t*)0x205ce970 = 0xfff); NONFAILING(*(uint32_t*)0x205ce974 = 0x40); NONFAILING(*(uint32_t*)0x205ce978 = 0x7fff); NONFAILING(*(uint32_t*)0x205ce97c = 0x40); NONFAILING(*(uint32_t*)0x205ce980 = 0); NONFAILING(*(uint32_t*)0x205ce984 = 0x401); NONFAILING(*(uint32_t*)0x205ce988 = 0x5a); NONFAILING(*(uint32_t*)0x205ce98c = 0x7f); NONFAILING(*(uint32_t*)0x205ce990 = 0xa9); NONFAILING(*(uint32_t*)0x205ce994 = 0x1f); NONFAILING(*(uint32_t*)0x205ce998 = 2); NONFAILING(*(uint32_t*)0x205ce99c = 1); NONFAILING(*(uint32_t*)0x205ce9a0 = 8); NONFAILING(*(uint32_t*)0x205ce9a4 = 8); NONFAILING(*(uint32_t*)0x205ce9a8 = 0x7fffffff); NONFAILING(*(uint32_t*)0x205ce9ac = 0x6ebdff8b); NONFAILING(*(uint32_t*)0x205ce9b0 = 0x3ff); NONFAILING(*(uint32_t*)0x205ce9b4 = 0x3f); NONFAILING(*(uint32_t*)0x205ce9b8 = 5); NONFAILING(*(uint32_t*)0x205ce9bc = 0); NONFAILING(*(uint32_t*)0x205ce9c0 = 0x8001); NONFAILING(*(uint32_t*)0x205ce9c4 = 0xfffffffc); NONFAILING(*(uint32_t*)0x205ce9c8 = 6); NONFAILING(*(uint32_t*)0x205ce9cc = 6); NONFAILING(*(uint32_t*)0x205ce9d0 = 0x9c0); NONFAILING(*(uint32_t*)0x205ce9d4 = 0x80); NONFAILING(*(uint32_t*)0x205ce9d8 = 0xffff); NONFAILING(*(uint32_t*)0x205ce9dc = 0xf69); NONFAILING(*(uint32_t*)0x205ce9e0 = 8); NONFAILING(*(uint32_t*)0x205ce9e4 = 7); NONFAILING(*(uint32_t*)0x205ce9e8 = 0x7f); NONFAILING(*(uint32_t*)0x205ce9ec = 2); NONFAILING(*(uint32_t*)0x205ce9f0 = 7); NONFAILING(*(uint32_t*)0x205ce9f4 = 0x8000); NONFAILING(*(uint32_t*)0x205ce9f8 = 0); NONFAILING(*(uint32_t*)0x205ce9fc = 9); NONFAILING(*(uint32_t*)0x205cea00 = 6); NONFAILING(*(uint32_t*)0x205cea04 = 0x8001); NONFAILING(*(uint32_t*)0x205cea08 = 4); NONFAILING(*(uint32_t*)0x205cea0c = 9); NONFAILING(*(uint32_t*)0x205cea10 = 9); NONFAILING(*(uint32_t*)0x205cea14 = 3); NONFAILING(*(uint32_t*)0x205cea18 = 0); NONFAILING(*(uint32_t*)0x205cea1c = 8); NONFAILING(*(uint32_t*)0x205cea20 = 9); NONFAILING(*(uint32_t*)0x205cea24 = 1); NONFAILING(*(uint32_t*)0x205cea28 = 0xe05); NONFAILING(*(uint32_t*)0x205cea2c = 0xff); NONFAILING(*(uint32_t*)0x205cea30 = 0x1000); NONFAILING(*(uint32_t*)0x205cea34 = 0); NONFAILING(*(uint32_t*)0x205cea38 = 3); NONFAILING(*(uint32_t*)0x205cea3c = 0x40); NONFAILING(*(uint32_t*)0x205cea40 = 9); NONFAILING(*(uint32_t*)0x205cea44 = 0x3ff); NONFAILING(*(uint32_t*)0x205cea48 = 8); NONFAILING(*(uint32_t*)0x205cea4c = 3); NONFAILING(*(uint32_t*)0x205cea50 = 6); NONFAILING(*(uint32_t*)0x205cea54 = 0x3ff); NONFAILING(*(uint32_t*)0x205cea58 = 4); NONFAILING(*(uint32_t*)0x205cea5c = 6); NONFAILING(*(uint32_t*)0x205cea60 = 7); NONFAILING(*(uint32_t*)0x205cea64 = 0); NONFAILING(*(uint32_t*)0x205cea68 = 0x3ff); NONFAILING(*(uint32_t*)0x205cea6c = 1); NONFAILING(*(uint32_t*)0x205cea70 = 0x1ff); NONFAILING(*(uint32_t*)0x205cea74 = 0x5ec3); NONFAILING(*(uint32_t*)0x205cea78 = 7); NONFAILING(*(uint32_t*)0x205cea7c = 0xfffffffe); NONFAILING(*(uint32_t*)0x205cea80 = 3); NONFAILING(*(uint32_t*)0x205cea84 = 0xfffffffb); NONFAILING(*(uint32_t*)0x205cea88 = 6); NONFAILING(*(uint32_t*)0x205cea8c = 0); NONFAILING(*(uint32_t*)0x205cea90 = 0x8000000); NONFAILING(*(uint32_t*)0x205cea94 = 0x10001); NONFAILING(*(uint32_t*)0x205cea98 = 0); NONFAILING(*(uint32_t*)0x205cea9c = 6); NONFAILING(*(uint32_t*)0x205ceaa0 = 0x200); NONFAILING(*(uint32_t*)0x205ceaa4 = 0xfffff5c4); NONFAILING(*(uint32_t*)0x205ceaa8 = 7); NONFAILING(*(uint32_t*)0x205ceaac = 3); NONFAILING(*(uint32_t*)0x205ceab0 = 4); NONFAILING(*(uint32_t*)0x205ceab4 = 0x7c4); NONFAILING(*(uint32_t*)0x205ceab8 = 0x10001); NONFAILING(*(uint32_t*)0x205ceabc = 6); NONFAILING(*(uint32_t*)0x205ceac0 = 1); NONFAILING(*(uint32_t*)0x205ceac4 = 6); NONFAILING(*(uint32_t*)0x205ceac8 = 0xb55c); NONFAILING(*(uint32_t*)0x205ceacc = 1); NONFAILING(*(uint32_t*)0x205cead0 = 9); NONFAILING(*(uint32_t*)0x205cead4 = 0xa2); NONFAILING(*(uint32_t*)0x205cead8 = 6); NONFAILING(*(uint32_t*)0x205ceadc = 4); NONFAILING(*(uint32_t*)0x205ceae0 = 3); NONFAILING(*(uint32_t*)0x205ceae4 = 1); NONFAILING(*(uint32_t*)0x205ceae8 = 4); NONFAILING(*(uint32_t*)0x205ceaec = 1); NONFAILING(*(uint32_t*)0x205ceaf0 = 0xfffffff9); NONFAILING(*(uint32_t*)0x205ceaf4 = 3); NONFAILING(*(uint32_t*)0x205ceaf8 = 8); NONFAILING(*(uint32_t*)0x205ceafc = -1); NONFAILING(*(uint32_t*)0x205ceb00 = 0x3ff); NONFAILING(*(uint32_t*)0x205ceb04 = 5); NONFAILING(*(uint32_t*)0x205ceb08 = 2); NONFAILING(*(uint32_t*)0x205ceb0c = 0x8001); NONFAILING(*(uint32_t*)0x205ceb10 = 3); NONFAILING(*(uint32_t*)0x205ceb14 = 3); NONFAILING(*(uint32_t*)0x205ceb18 = 0x99); NONFAILING(*(uint32_t*)0x205ceb1c = 0x81); NONFAILING(*(uint32_t*)0x205ceb20 = 0x69d); NONFAILING(*(uint32_t*)0x205ceb24 = 8); NONFAILING(*(uint32_t*)0x205ceb28 = 0); NONFAILING(*(uint32_t*)0x205ceb2c = 3); NONFAILING(*(uint32_t*)0x205ceb30 = 0xffff); NONFAILING(*(uint32_t*)0x205ceb34 = 5); NONFAILING(*(uint32_t*)0x205ceb38 = 0x1ff); NONFAILING(*(uint32_t*)0x205ceb3c = 0xfffffffc); NONFAILING(*(uint32_t*)0x205ceb40 = 0x101); NONFAILING(*(uint32_t*)0x205ceb44 = 0x4ee); NONFAILING(*(uint32_t*)0x205ceb48 = 0xfff); NONFAILING(*(uint32_t*)0x205ceb4c = 1); NONFAILING(*(uint32_t*)0x205ceb50 = 0xfff); NONFAILING(*(uint32_t*)0x205ceb54 = 0xffffffcd); NONFAILING(*(uint32_t*)0x205ceb58 = 0x7f); NONFAILING(*(uint32_t*)0x205ceb5c = 0x8000); NONFAILING(*(uint32_t*)0x205ceb60 = 0x1ff); NONFAILING(*(uint32_t*)0x205ceb64 = 0xdf); NONFAILING(*(uint32_t*)0x205ceb68 = 0x7fffffff); NONFAILING(*(uint32_t*)0x205ceb6c = 0x8001); NONFAILING(*(uint32_t*)0x205ceb70 = 0x7f); NONFAILING(*(uint32_t*)0x205ceb74 = 1); NONFAILING(*(uint32_t*)0x205ceb78 = 2); NONFAILING(*(uint32_t*)0x205ceb7c = 7); NONFAILING(*(uint32_t*)0x205ceb80 = 6); NONFAILING(*(uint32_t*)0x205ceb84 = 8); NONFAILING(*(uint32_t*)0x205ceb88 = 9); NONFAILING(*(uint32_t*)0x205ceb8c = 0x200); NONFAILING(*(uint32_t*)0x205ceb90 = 0x1000); NONFAILING(*(uint32_t*)0x205ceb94 = 5); NONFAILING(*(uint32_t*)0x205ceb98 = 0xff); NONFAILING(*(uint32_t*)0x205ceb9c = 0x25c); NONFAILING(*(uint32_t*)0x205ceba0 = 0x8001); NONFAILING(*(uint32_t*)0x205ceba4 = 0x7fffffff); NONFAILING(*(uint32_t*)0x205ceba8 = 0xcf); NONFAILING(*(uint32_t*)0x205cebac = 3); NONFAILING(*(uint32_t*)0x205cebb0 = 0x1ff); NONFAILING(*(uint32_t*)0x205cebb4 = 7); NONFAILING(*(uint32_t*)0x205cebb8 = 1); NONFAILING(*(uint32_t*)0x205cebbc = 0x43c5); NONFAILING(*(uint32_t*)0x205cebc0 = 0x80); NONFAILING(*(uint32_t*)0x205cebc4 = 0x7fffffff); NONFAILING(*(uint32_t*)0x205cebc8 = 0x424a); NONFAILING(*(uint32_t*)0x205cebcc = 0x61e); NONFAILING(*(uint32_t*)0x205cebd0 = 3); NONFAILING(*(uint32_t*)0x205cebd4 = 9); NONFAILING(*(uint32_t*)0x205cebd8 = 6); NONFAILING(*(uint32_t*)0x205cebdc = 0x80000000); NONFAILING(*(uint32_t*)0x205cebe0 = 4); NONFAILING(*(uint32_t*)0x205cebe4 = 0x71a3); NONFAILING(*(uint32_t*)0x205cebe8 = 0x3ff); NONFAILING(*(uint32_t*)0x205cebec = 0x1ff); NONFAILING(*(uint32_t*)0x205cebf0 = 4); NONFAILING(*(uint32_t*)0x205cebf4 = 0x10000); NONFAILING(*(uint32_t*)0x205cebf8 = 0x6a); NONFAILING(*(uint32_t*)0x205cebfc = 8); NONFAILING(*(uint32_t*)0x205cec00 = 2); NONFAILING(*(uint32_t*)0x205cec04 = 6); NONFAILING(*(uint32_t*)0x205cec08 = 7); NONFAILING(*(uint32_t*)0x205cec0c = 0x100); NONFAILING(*(uint32_t*)0x205cec10 = 5); NONFAILING(*(uint32_t*)0x205cec14 = 1); NONFAILING(*(uint32_t*)0x205cec18 = 0x80000000); NONFAILING(*(uint32_t*)0x205cec1c = 1); NONFAILING(*(uint32_t*)0x205cec20 = 0x8001); NONFAILING(*(uint32_t*)0x205cec24 = 9); NONFAILING(*(uint32_t*)0x205cec28 = 4); NONFAILING(*(uint32_t*)0x205cec2c = 9); NONFAILING(*(uint32_t*)0x205cec30 = 9); NONFAILING(*(uint32_t*)0x205cec34 = 0xe680486d); NONFAILING(*(uint32_t*)0x205cec38 = 6); NONFAILING(*(uint32_t*)0x205cec3c = 2); NONFAILING(*(uint32_t*)0x205cec40 = 0xd3); NONFAILING(*(uint32_t*)0x205cec44 = 9); NONFAILING(*(uint32_t*)0x205cec48 = 8); NONFAILING(*(uint32_t*)0x205cec4c = 0xff); NONFAILING(*(uint32_t*)0x205cec50 = 3); NONFAILING(*(uint32_t*)0x205cec54 = 0x682); NONFAILING(*(uint32_t*)0x205cec58 = 8); NONFAILING(*(uint32_t*)0x205cec5c = 0x3ff); NONFAILING(*(uint32_t*)0x205cec60 = 8); NONFAILING(*(uint32_t*)0x205cec64 = 4); NONFAILING(*(uint32_t*)0x205cec68 = 3); NONFAILING(*(uint32_t*)0x205cec6c = 0); NONFAILING(*(uint32_t*)0x205cec70 = 7); NONFAILING(*(uint32_t*)0x205cec74 = htobe32(0)); NONFAILING(*(uint32_t*)0x205cec78 = 1); NONFAILING(*(uint32_t*)0x205cec7c = 6); NONFAILING(*(uint8_t*)0x205cec80 = 0xac); NONFAILING(*(uint8_t*)0x205cec81 = 0x14); NONFAILING(*(uint8_t*)0x205cec82 = 0); NONFAILING(*(uint8_t*)0x205cec83 = 0xe); NONFAILING(*(uint32_t*)0x205cec84 = 0x6c401d72); NONFAILING(*(uint32_t*)0x205cec88 = 0x3f); NONFAILING(*(uint32_t*)0x205cec8c = htobe32(0x7f000001)); NONFAILING(memcpy((void*)0x205cec90, "\x63\x6f\x6e\x6e\x62\x79\x74\x65\x73" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205cecb0 = 0x18); NONFAILING(*(uint64_t*)0x205cecb8 = 0xeb22); NONFAILING(*(uint64_t*)0x205cecc0 = 7); NONFAILING(*(uint8_t*)0x205cecc8 = 3); NONFAILING(*(uint8_t*)0x205cecc9 = 3); NONFAILING(memcpy((void*)0x205cecd0, "\x52\x41\x54\x45\x45\x53\x54\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205cecf0 = 0x20); NONFAILING(memcpy( (void*)0x205cecf8, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16)); NONFAILING(*(uint8_t*)0x205ced08 = 2); NONFAILING(*(uint8_t*)0x205ced09 = 1); NONFAILING(*(uint64_t*)0x205ced10 = 8); NONFAILING(memcpy((void*)0x205ced18, "\x41\x55\x44\x49\x54\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205ced38 = 8); NONFAILING(*(uint8_t*)0x205ced40 = 1); NONFAILING(memcpy((void*)0x205ced48, "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205ced68 = 8); NONFAILING(*(uint32_t*)0x205ced70 = -1); NONFAILING(*(uint32_t*)0x205ced78 = 0xd); NONFAILING(*(uint32_t*)0x205ced7c = 0x1d); NONFAILING(*(uint16_t*)0x205ced80 = htobe16(7)); NONFAILING(memcpy( (void*)0x205ced82, "\xae\x92\x00\x55\x03\xc1\xb5\x24\xa2\xaa\x50\xd3\x03\xf0\x55\x69", 16)); NONFAILING(*(uint8_t*)0x205ced92 = 0x73); NONFAILING(*(uint8_t*)0x205ced93 = 0x79); NONFAILING(*(uint8_t*)0x205ced94 = 0x7a); NONFAILING(*(uint8_t*)0x205ced95 = 0x30); NONFAILING(*(uint8_t*)0x205ced96 = 0); NONFAILING(memcpy( (void*)0x205ceda2, "\x65\x71\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16)); NONFAILING(memcpy( (void*)0x205cedb2, "\x63\x03\x3b\x0d\x3b\x33\x33\x35\x88\x32\xd0\x2c\x3a\xcc\x87\x3d", 16)); NONFAILING(memcpy((void*)0x205cedc2, "\x6b\xa6\xea\x06\x18\x01", 6)); NONFAILING(*(uint8_t*)0x205cedc8 = 0); NONFAILING(*(uint8_t*)0x205cedc9 = -1); NONFAILING(*(uint8_t*)0x205cedca = -1); NONFAILING(*(uint8_t*)0x205cedcb = 0); NONFAILING(*(uint8_t*)0x205cedcc = 0); NONFAILING(*(uint8_t*)0x205cedcd = -1); NONFAILING(*(uint8_t*)0x205cedce = 0xaa); NONFAILING(*(uint8_t*)0x205cedcf = 0xaa); NONFAILING(*(uint8_t*)0x205cedd0 = 0xaa); NONFAILING(*(uint8_t*)0x205cedd1 = 0xaa); NONFAILING(*(uint8_t*)0x205cedd2 = 0); NONFAILING(*(uint8_t*)0x205cedd3 = 0xbb); NONFAILING(*(uint8_t*)0x205cedd4 = 0); NONFAILING(*(uint8_t*)0x205cedd5 = -1); NONFAILING(*(uint8_t*)0x205cedd6 = -1); NONFAILING(*(uint8_t*)0x205cedd7 = -1); NONFAILING(*(uint8_t*)0x205cedd8 = -1); NONFAILING(*(uint8_t*)0x205cedd9 = -1); NONFAILING(*(uint32_t*)0x205ceddc = 0x208); NONFAILING(*(uint32_t*)0x205cede0 = 0x240); NONFAILING(*(uint32_t*)0x205cede4 = 0x288); NONFAILING(memcpy((void*)0x205cede8, "\x63\x6f\x6d\x6d\x65\x6e\x74\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205cee08 = 0x100); NONFAILING(*(uint8_t*)0x205cee10 = 0); NONFAILING(*(uint8_t*)0x205cee11 = 0); NONFAILING(*(uint8_t*)0x205cee12 = 0); NONFAILING(*(uint8_t*)0x205cee13 = 0); NONFAILING(*(uint8_t*)0x205cee14 = 0); NONFAILING(*(uint8_t*)0x205cee15 = 0); NONFAILING(*(uint8_t*)0x205cee16 = 0); NONFAILING(*(uint8_t*)0x205cee17 = 0); NONFAILING(*(uint8_t*)0x205cee18 = 0); NONFAILING(*(uint8_t*)0x205cee19 = 0); NONFAILING(*(uint8_t*)0x205cee1a = 0); NONFAILING(*(uint8_t*)0x205cee1b = 0); NONFAILING(*(uint8_t*)0x205cee1c = 0); NONFAILING(*(uint8_t*)0x205cee1d = 0); NONFAILING(*(uint8_t*)0x205cee1e = 0); NONFAILING(*(uint8_t*)0x205cee1f = 0); NONFAILING(*(uint8_t*)0x205cee20 = 0); NONFAILING(*(uint8_t*)0x205cee21 = 0); NONFAILING(*(uint8_t*)0x205cee22 = 0); NONFAILING(*(uint8_t*)0x205cee23 = 0); NONFAILING(*(uint8_t*)0x205cee24 = 0); NONFAILING(*(uint8_t*)0x205cee25 = 0); NONFAILING(*(uint8_t*)0x205cee26 = 0); NONFAILING(*(uint8_t*)0x205cee27 = 0); NONFAILING(*(uint8_t*)0x205cee28 = 0); NONFAILING(*(uint8_t*)0x205cee29 = 0); NONFAILING(*(uint8_t*)0x205cee2a = 0); NONFAILING(*(uint8_t*)0x205cee2b = 0); NONFAILING(*(uint8_t*)0x205cee2c = 0); NONFAILING(*(uint8_t*)0x205cee2d = 0); NONFAILING(*(uint8_t*)0x205cee2e = 0); NONFAILING(*(uint8_t*)0x205cee2f = 0); NONFAILING(*(uint8_t*)0x205cee30 = 0); NONFAILING(*(uint8_t*)0x205cee31 = 0); NONFAILING(*(uint8_t*)0x205cee32 = 0); NONFAILING(*(uint8_t*)0x205cee33 = 0); NONFAILING(*(uint8_t*)0x205cee34 = 0); NONFAILING(*(uint8_t*)0x205cee35 = 0); NONFAILING(*(uint8_t*)0x205cee36 = 0); NONFAILING(*(uint8_t*)0x205cee37 = 0); NONFAILING(*(uint8_t*)0x205cee38 = 0); NONFAILING(*(uint8_t*)0x205cee39 = 0); NONFAILING(*(uint8_t*)0x205cee3a = 0); NONFAILING(*(uint8_t*)0x205cee3b = 0); NONFAILING(*(uint8_t*)0x205cee3c = 0); NONFAILING(*(uint8_t*)0x205cee3d = 0); NONFAILING(*(uint8_t*)0x205cee3e = 0); NONFAILING(*(uint8_t*)0x205cee3f = 0); NONFAILING(*(uint8_t*)0x205cee40 = 0); NONFAILING(*(uint8_t*)0x205cee41 = 0); NONFAILING(*(uint8_t*)0x205cee42 = 0); NONFAILING(*(uint8_t*)0x205cee43 = 0); NONFAILING(*(uint8_t*)0x205cee44 = 0); NONFAILING(*(uint8_t*)0x205cee45 = 0); NONFAILING(*(uint8_t*)0x205cee46 = 0); NONFAILING(*(uint8_t*)0x205cee47 = 0); NONFAILING(*(uint8_t*)0x205cee48 = 0); NONFAILING(*(uint8_t*)0x205cee49 = 0); NONFAILING(*(uint8_t*)0x205cee4a = 0); NONFAILING(*(uint8_t*)0x205cee4b = 0); NONFAILING(*(uint8_t*)0x205cee4c = 0); NONFAILING(*(uint8_t*)0x205cee4d = 0); NONFAILING(*(uint8_t*)0x205cee4e = 0); NONFAILING(*(uint8_t*)0x205cee4f = 0); NONFAILING(*(uint8_t*)0x205cee50 = 0); NONFAILING(*(uint8_t*)0x205cee51 = 0); NONFAILING(*(uint8_t*)0x205cee52 = 0); NONFAILING(*(uint8_t*)0x205cee53 = 0); NONFAILING(*(uint8_t*)0x205cee54 = 0); NONFAILING(*(uint8_t*)0x205cee55 = 0); NONFAILING(*(uint8_t*)0x205cee56 = 0); NONFAILING(*(uint8_t*)0x205cee57 = 0); NONFAILING(*(uint8_t*)0x205cee58 = 0); NONFAILING(*(uint8_t*)0x205cee59 = 0); NONFAILING(*(uint8_t*)0x205cee5a = 0); NONFAILING(*(uint8_t*)0x205cee5b = 0); NONFAILING(*(uint8_t*)0x205cee5c = 0); NONFAILING(*(uint8_t*)0x205cee5d = 0); NONFAILING(*(uint8_t*)0x205cee5e = 0); NONFAILING(*(uint8_t*)0x205cee5f = 0); NONFAILING(*(uint8_t*)0x205cee60 = 0); NONFAILING(*(uint8_t*)0x205cee61 = 0); NONFAILING(*(uint8_t*)0x205cee62 = 0); NONFAILING(*(uint8_t*)0x205cee63 = 0); NONFAILING(*(uint8_t*)0x205cee64 = 0); NONFAILING(*(uint8_t*)0x205cee65 = 0); NONFAILING(*(uint8_t*)0x205cee66 = 0); NONFAILING(*(uint8_t*)0x205cee67 = 0); NONFAILING(*(uint8_t*)0x205cee68 = 0); NONFAILING(*(uint8_t*)0x205cee69 = 0); NONFAILING(*(uint8_t*)0x205cee6a = 0); NONFAILING(*(uint8_t*)0x205cee6b = 0); NONFAILING(*(uint8_t*)0x205cee6c = 0); NONFAILING(*(uint8_t*)0x205cee6d = 0); NONFAILING(*(uint8_t*)0x205cee6e = 0); NONFAILING(*(uint8_t*)0x205cee6f = 0); NONFAILING(*(uint8_t*)0x205cee70 = 0); NONFAILING(*(uint8_t*)0x205cee71 = 0); NONFAILING(*(uint8_t*)0x205cee72 = 0); NONFAILING(*(uint8_t*)0x205cee73 = 0); NONFAILING(*(uint8_t*)0x205cee74 = 0); NONFAILING(*(uint8_t*)0x205cee75 = 0); NONFAILING(*(uint8_t*)0x205cee76 = 0); NONFAILING(*(uint8_t*)0x205cee77 = 0); NONFAILING(*(uint8_t*)0x205cee78 = 0); NONFAILING(*(uint8_t*)0x205cee79 = 0); NONFAILING(*(uint8_t*)0x205cee7a = 0); NONFAILING(*(uint8_t*)0x205cee7b = 0); NONFAILING(*(uint8_t*)0x205cee7c = 0); NONFAILING(*(uint8_t*)0x205cee7d = 0); NONFAILING(*(uint8_t*)0x205cee7e = 0); NONFAILING(*(uint8_t*)0x205cee7f = 0); NONFAILING(*(uint8_t*)0x205cee80 = 0); NONFAILING(*(uint8_t*)0x205cee81 = 0); NONFAILING(*(uint8_t*)0x205cee82 = 0); NONFAILING(*(uint8_t*)0x205cee83 = 0); NONFAILING(*(uint8_t*)0x205cee84 = 0); NONFAILING(*(uint8_t*)0x205cee85 = 0); NONFAILING(*(uint8_t*)0x205cee86 = 0); NONFAILING(*(uint8_t*)0x205cee87 = 0); NONFAILING(*(uint8_t*)0x205cee88 = 0); NONFAILING(*(uint8_t*)0x205cee89 = 0); NONFAILING(*(uint8_t*)0x205cee8a = 0); NONFAILING(*(uint8_t*)0x205cee8b = 0); NONFAILING(*(uint8_t*)0x205cee8c = 0); NONFAILING(*(uint8_t*)0x205cee8d = 0); NONFAILING(*(uint8_t*)0x205cee8e = 0); NONFAILING(*(uint8_t*)0x205cee8f = 0); NONFAILING(*(uint8_t*)0x205cee90 = 0); NONFAILING(*(uint8_t*)0x205cee91 = 0); NONFAILING(*(uint8_t*)0x205cee92 = 0); NONFAILING(*(uint8_t*)0x205cee93 = 0); NONFAILING(*(uint8_t*)0x205cee94 = 0); NONFAILING(*(uint8_t*)0x205cee95 = 0); NONFAILING(*(uint8_t*)0x205cee96 = 0); NONFAILING(*(uint8_t*)0x205cee97 = 0); NONFAILING(*(uint8_t*)0x205cee98 = 0); NONFAILING(*(uint8_t*)0x205cee99 = 0); NONFAILING(*(uint8_t*)0x205cee9a = 0); NONFAILING(*(uint8_t*)0x205cee9b = 0); NONFAILING(*(uint8_t*)0x205cee9c = 0); NONFAILING(*(uint8_t*)0x205cee9d = 0); NONFAILING(*(uint8_t*)0x205cee9e = 0); NONFAILING(*(uint8_t*)0x205cee9f = 0); NONFAILING(*(uint8_t*)0x205ceea0 = 0); NONFAILING(*(uint8_t*)0x205ceea1 = 0); NONFAILING(*(uint8_t*)0x205ceea2 = 0); NONFAILING(*(uint8_t*)0x205ceea3 = 0); NONFAILING(*(uint8_t*)0x205ceea4 = 0); NONFAILING(*(uint8_t*)0x205ceea5 = 0); NONFAILING(*(uint8_t*)0x205ceea6 = 0); NONFAILING(*(uint8_t*)0x205ceea7 = 0); NONFAILING(*(uint8_t*)0x205ceea8 = 0); NONFAILING(*(uint8_t*)0x205ceea9 = 0); NONFAILING(*(uint8_t*)0x205ceeaa = 0); NONFAILING(*(uint8_t*)0x205ceeab = 0); NONFAILING(*(uint8_t*)0x205ceeac = 0); NONFAILING(*(uint8_t*)0x205ceead = 0); NONFAILING(*(uint8_t*)0x205ceeae = 0); NONFAILING(*(uint8_t*)0x205ceeaf = 0); NONFAILING(*(uint8_t*)0x205ceeb0 = 0); NONFAILING(*(uint8_t*)0x205ceeb1 = 0); NONFAILING(*(uint8_t*)0x205ceeb2 = 0); NONFAILING(*(uint8_t*)0x205ceeb3 = 0); NONFAILING(*(uint8_t*)0x205ceeb4 = 0); NONFAILING(*(uint8_t*)0x205ceeb5 = 0); NONFAILING(*(uint8_t*)0x205ceeb6 = 0); NONFAILING(*(uint8_t*)0x205ceeb7 = 0); NONFAILING(*(uint8_t*)0x205ceeb8 = 0); NONFAILING(*(uint8_t*)0x205ceeb9 = 0); NONFAILING(*(uint8_t*)0x205ceeba = 0); NONFAILING(*(uint8_t*)0x205ceebb = 0); NONFAILING(*(uint8_t*)0x205ceebc = 0); NONFAILING(*(uint8_t*)0x205ceebd = 0); NONFAILING(*(uint8_t*)0x205ceebe = 0); NONFAILING(*(uint8_t*)0x205ceebf = 0); NONFAILING(*(uint8_t*)0x205ceec0 = 0); NONFAILING(*(uint8_t*)0x205ceec1 = 0); NONFAILING(*(uint8_t*)0x205ceec2 = 0); NONFAILING(*(uint8_t*)0x205ceec3 = 0); NONFAILING(*(uint8_t*)0x205ceec4 = 0); NONFAILING(*(uint8_t*)0x205ceec5 = 0); NONFAILING(*(uint8_t*)0x205ceec6 = 0); NONFAILING(*(uint8_t*)0x205ceec7 = 0); NONFAILING(*(uint8_t*)0x205ceec8 = 0); NONFAILING(*(uint8_t*)0x205ceec9 = 0); NONFAILING(*(uint8_t*)0x205ceeca = 0); NONFAILING(*(uint8_t*)0x205ceecb = 0); NONFAILING(*(uint8_t*)0x205ceecc = 0); NONFAILING(*(uint8_t*)0x205ceecd = 0); NONFAILING(*(uint8_t*)0x205ceece = 0); NONFAILING(*(uint8_t*)0x205ceecf = 0); NONFAILING(*(uint8_t*)0x205ceed0 = 0); NONFAILING(*(uint8_t*)0x205ceed1 = 0); NONFAILING(*(uint8_t*)0x205ceed2 = 0); NONFAILING(*(uint8_t*)0x205ceed3 = 0); NONFAILING(*(uint8_t*)0x205ceed4 = 0); NONFAILING(*(uint8_t*)0x205ceed5 = 0); NONFAILING(*(uint8_t*)0x205ceed6 = 0); NONFAILING(*(uint8_t*)0x205ceed7 = 0); NONFAILING(*(uint8_t*)0x205ceed8 = 0); NONFAILING(*(uint8_t*)0x205ceed9 = 0); NONFAILING(*(uint8_t*)0x205ceeda = 0); NONFAILING(*(uint8_t*)0x205ceedb = 0); NONFAILING(*(uint8_t*)0x205ceedc = 0); NONFAILING(*(uint8_t*)0x205ceedd = 0); NONFAILING(*(uint8_t*)0x205ceede = 0); NONFAILING(*(uint8_t*)0x205ceedf = 0); NONFAILING(*(uint8_t*)0x205ceee0 = 0); NONFAILING(*(uint8_t*)0x205ceee1 = 0); NONFAILING(*(uint8_t*)0x205ceee2 = 0); NONFAILING(*(uint8_t*)0x205ceee3 = 0); NONFAILING(*(uint8_t*)0x205ceee4 = 0); NONFAILING(*(uint8_t*)0x205ceee5 = 0); NONFAILING(*(uint8_t*)0x205ceee6 = 0); NONFAILING(*(uint8_t*)0x205ceee7 = 0); NONFAILING(*(uint8_t*)0x205ceee8 = 0); NONFAILING(*(uint8_t*)0x205ceee9 = 0); NONFAILING(*(uint8_t*)0x205ceeea = 0); NONFAILING(*(uint8_t*)0x205ceeeb = 0); NONFAILING(*(uint8_t*)0x205ceeec = 0); NONFAILING(*(uint8_t*)0x205ceeed = 0); NONFAILING(*(uint8_t*)0x205ceeee = 0); NONFAILING(*(uint8_t*)0x205ceeef = 0); NONFAILING(*(uint8_t*)0x205ceef0 = 0); NONFAILING(*(uint8_t*)0x205ceef1 = 0); NONFAILING(*(uint8_t*)0x205ceef2 = 0); NONFAILING(*(uint8_t*)0x205ceef3 = 0); NONFAILING(*(uint8_t*)0x205ceef4 = 0); NONFAILING(*(uint8_t*)0x205ceef5 = 0); NONFAILING(*(uint8_t*)0x205ceef6 = 0); NONFAILING(*(uint8_t*)0x205ceef7 = 0); NONFAILING(*(uint8_t*)0x205ceef8 = 0); NONFAILING(*(uint8_t*)0x205ceef9 = 0); NONFAILING(*(uint8_t*)0x205ceefa = 0); NONFAILING(*(uint8_t*)0x205ceefb = 0); NONFAILING(*(uint8_t*)0x205ceefc = 0); NONFAILING(*(uint8_t*)0x205ceefd = 0); NONFAILING(*(uint8_t*)0x205ceefe = 0); NONFAILING(*(uint8_t*)0x205ceeff = 0); NONFAILING(*(uint8_t*)0x205cef00 = 0); NONFAILING(*(uint8_t*)0x205cef01 = 0); NONFAILING(*(uint8_t*)0x205cef02 = 0); NONFAILING(*(uint8_t*)0x205cef03 = 0); NONFAILING(*(uint8_t*)0x205cef04 = 0); NONFAILING(*(uint8_t*)0x205cef05 = 0); NONFAILING(*(uint8_t*)0x205cef06 = 0); NONFAILING(*(uint8_t*)0x205cef07 = 0); NONFAILING(*(uint8_t*)0x205cef08 = 0); NONFAILING(*(uint8_t*)0x205cef09 = 0); NONFAILING(*(uint8_t*)0x205cef0a = 0); NONFAILING(*(uint8_t*)0x205cef0b = 0); NONFAILING(*(uint8_t*)0x205cef0c = 0); NONFAILING(*(uint8_t*)0x205cef0d = 0); NONFAILING(*(uint8_t*)0x205cef0e = 0); NONFAILING(*(uint8_t*)0x205cef0f = 0); NONFAILING(memcpy((void*)0x205cef10, "\x72\x61\x74\x65\x65\x73\x74\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205cef30 = 0x48); NONFAILING(memcpy( (void*)0x205cef38, "\x67\x72\x65\x74\x61\x70\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16)); NONFAILING(*(uint8_t*)0x205cef48 = 0x73); NONFAILING(*(uint8_t*)0x205cef49 = 0x79); NONFAILING(*(uint8_t*)0x205cef4a = 0x7a); NONFAILING(*(uint8_t*)0x205cef4b = 0x30); NONFAILING(*(uint8_t*)0x205cef4c = 0); NONFAILING(*(uint16_t*)0x205cef58 = 0x10); NONFAILING(*(uint16_t*)0x205cef5a = 2); NONFAILING(*(uint32_t*)0x205cef5c = 0x200); NONFAILING(*(uint32_t*)0x205cef60 = 5); NONFAILING(*(uint32_t*)0x205cef64 = 1); NONFAILING(*(uint32_t*)0x205cef68 = 0); NONFAILING(*(uint64_t*)0x205cef70 = 0x81); NONFAILING(*(uint64_t*)0x205cef78 = 0xd3c); NONFAILING(memcpy((void*)0x205cef80, "\x64\x6e\x61\x74\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205cefa0 = 0x10); NONFAILING(memcpy((void*)0x205cefa8, "\x33\x02\x26\x8b\x66\x3e", 6)); NONFAILING(*(uint32_t*)0x205cefb0 = -1); NONFAILING(memcpy((void*)0x205cefb8, "\x45\x52\x52\x4f\x52\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 32)); NONFAILING(*(uint32_t*)0x205cefd8 = 0x20); NONFAILING(memcpy((void*)0x205cefe0, "\x7e\xdd\x00\x34\xbc\x80\x1f\x65\xfc" "\x63\xd3\x2a\xa9\x50\xd0\x8b\x09\x74" "\x94\x6d\xf6\xbf\xae\x44\x3c\x7d\xc3" "\x35\xa0\x33", 30)); syscall(__NR_setsockopt, r[0], 0, 0x80, 0x20fb1000, 0xd80); } int main() { install_segv_handler(); char* cwd = get_current_dir_name(); for (;;) { if (chdir(cwd)) fail("failed to chdir"); use_temporary_dir(); int pid = do_sandbox_none(0, false); int status = 0; while (waitpid(pid, &status, __WALL) != pid) { } } }