// https://syzkaller.appspot.com/bug?id=61714127fcffd45b73cbd408ae695751952b87aa // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1) #define BITMASK_LEN_OFF(type, bf_off, bf_len) \ (type)(BITMASK_LEN(type, (bf_len)) << (bf_off)) #define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len) \ if ((bf_off) == 0 && (bf_len) == 0) { \ *(type*)(addr) = (type)(val); \ } else { \ type new_val = *(type*)(addr); \ new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len)); \ new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off); \ *(type*)(addr) = new_val; \ } struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i; for (i = 0; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += (uint16_t)data[length - 1]; while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } static void test(); void loop() { while (1) { test(); } } long r[1]; uint64_t procid; void test() { memset(r, -1, sizeof(r)); r[0] = syscall(__NR_socket, 0xa, 0x801, 0); memcpy((void*)0x20000340, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20000360 = 0xe; *(uint32_t*)0x20000364 = 4; *(uint32_t*)0x20000368 = 0x2e0; *(uint32_t*)0x2000036c = -1; *(uint32_t*)0x20000370 = 0; *(uint32_t*)0x20000374 = 0x98; *(uint32_t*)0x20000378 = 0x188; *(uint32_t*)0x2000037c = -1; *(uint32_t*)0x20000380 = -1; *(uint32_t*)0x20000384 = 0x248; *(uint32_t*)0x20000388 = 0x248; *(uint32_t*)0x2000038c = 0x248; *(uint32_t*)0x20000390 = -1; *(uint32_t*)0x20000394 = 4; *(uint64_t*)0x20000398 = 0x20003fc0; *(uint8_t*)0x200003a0 = 0; *(uint8_t*)0x200003a1 = 0; *(uint8_t*)0x200003a2 = 0; *(uint8_t*)0x200003a3 = 0; *(uint8_t*)0x200003a4 = 0; *(uint8_t*)0x200003a5 = 0; *(uint8_t*)0x200003a6 = 0; *(uint8_t*)0x200003a7 = 0; *(uint8_t*)0x200003a8 = 0; *(uint8_t*)0x200003a9 = 0; *(uint8_t*)0x200003aa = 0; *(uint8_t*)0x200003ab = 0; *(uint8_t*)0x200003ac = 0; *(uint8_t*)0x200003ad = 0; *(uint8_t*)0x200003ae = 0; *(uint8_t*)0x200003af = 0; *(uint8_t*)0x200003b0 = 0; *(uint8_t*)0x200003b1 = 0; *(uint8_t*)0x200003b2 = 0; *(uint8_t*)0x200003b3 = 0; *(uint8_t*)0x200003b4 = 0; *(uint8_t*)0x200003b5 = 0; *(uint8_t*)0x200003b6 = 0; *(uint8_t*)0x200003b7 = 0; *(uint8_t*)0x200003b8 = 0; *(uint8_t*)0x200003b9 = 0; *(uint8_t*)0x200003ba = 0; *(uint8_t*)0x200003bb = 0; *(uint8_t*)0x200003bc = 0; *(uint8_t*)0x200003bd = 0; *(uint8_t*)0x200003be = 0; *(uint8_t*)0x200003bf = 0; *(uint8_t*)0x200003c0 = 0; *(uint8_t*)0x200003c1 = 0; *(uint8_t*)0x200003c2 = 0; *(uint8_t*)0x200003c3 = 0; *(uint8_t*)0x200003c4 = 0; *(uint8_t*)0x200003c5 = 0; *(uint8_t*)0x200003c6 = 0; *(uint8_t*)0x200003c7 = 0; *(uint8_t*)0x200003c8 = 0; *(uint8_t*)0x200003c9 = 0; *(uint8_t*)0x200003ca = 0; *(uint8_t*)0x200003cb = 0; *(uint8_t*)0x200003cc = 0; *(uint8_t*)0x200003cd = 0; *(uint8_t*)0x200003ce = 0; *(uint8_t*)0x200003cf = 0; *(uint8_t*)0x200003d0 = 0; *(uint8_t*)0x200003d1 = 0; *(uint8_t*)0x200003d2 = 0; *(uint8_t*)0x200003d3 = 0; *(uint8_t*)0x200003d4 = 0; *(uint8_t*)0x200003d5 = 0; *(uint8_t*)0x200003d6 = 0; *(uint8_t*)0x200003d7 = 0; *(uint8_t*)0x200003d8 = 0; *(uint8_t*)0x200003d9 = 0; *(uint8_t*)0x200003da = 0; *(uint8_t*)0x200003db = 0; *(uint8_t*)0x200003dc = 0; *(uint8_t*)0x200003dd = 0; *(uint8_t*)0x200003de = 0; *(uint8_t*)0x200003df = 0; *(uint8_t*)0x200003e0 = 0; *(uint8_t*)0x200003e1 = 0; *(uint8_t*)0x200003e2 = 0; *(uint8_t*)0x200003e3 = 0; *(uint8_t*)0x200003e4 = 0; *(uint8_t*)0x200003e5 = 0; *(uint8_t*)0x200003e6 = 0; *(uint8_t*)0x200003e7 = 0; *(uint8_t*)0x200003e8 = 0; *(uint8_t*)0x200003e9 = 0; *(uint8_t*)0x200003ea = 0; *(uint8_t*)0x200003eb = 0; *(uint8_t*)0x200003ec = 0; *(uint8_t*)0x200003ed = 0; *(uint8_t*)0x200003ee = 0; *(uint8_t*)0x200003ef = 0; *(uint8_t*)0x200003f0 = 0; *(uint8_t*)0x200003f1 = 0; *(uint8_t*)0x200003f2 = 0; *(uint8_t*)0x200003f3 = 0; *(uint32_t*)0x200003f4 = 0; *(uint16_t*)0x200003f8 = 0x70; *(uint16_t*)0x200003fa = 0x98; *(uint32_t*)0x200003fc = 0; *(uint64_t*)0x20000400 = 0; *(uint64_t*)0x20000408 = 0; *(uint16_t*)0x20000410 = 0x28; memcpy((void*)0x20000412, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2000042f = 0; *(uint32_t*)0x20000430 = 0x248; *(uint8_t*)0x20000438 = 0; *(uint8_t*)0x20000439 = 0; *(uint8_t*)0x2000043a = 0; *(uint8_t*)0x2000043b = 0; *(uint8_t*)0x2000043c = 0; *(uint8_t*)0x2000043d = 0; *(uint8_t*)0x2000043e = 0; *(uint8_t*)0x2000043f = 0; *(uint8_t*)0x20000440 = 0; *(uint8_t*)0x20000441 = 0; *(uint8_t*)0x20000442 = 0; *(uint8_t*)0x20000443 = 0; *(uint8_t*)0x20000444 = 0; *(uint8_t*)0x20000445 = 0; *(uint8_t*)0x20000446 = 0; *(uint8_t*)0x20000447 = 0; *(uint8_t*)0x20000448 = 0; *(uint8_t*)0x20000449 = 0; *(uint8_t*)0x2000044a = 0; *(uint8_t*)0x2000044b = 0; *(uint8_t*)0x2000044c = 0; *(uint8_t*)0x2000044d = 0; *(uint8_t*)0x2000044e = 0; *(uint8_t*)0x2000044f = 0; *(uint8_t*)0x20000450 = 0; *(uint8_t*)0x20000451 = 0; *(uint8_t*)0x20000452 = 0; *(uint8_t*)0x20000453 = 0; *(uint8_t*)0x20000454 = 0; *(uint8_t*)0x20000455 = 0; *(uint8_t*)0x20000456 = 0; *(uint8_t*)0x20000457 = 0; *(uint8_t*)0x20000458 = 0; *(uint8_t*)0x20000459 = 0; *(uint8_t*)0x2000045a = 0; *(uint8_t*)0x2000045b = 0; *(uint8_t*)0x2000045c = 0; *(uint8_t*)0x2000045d = 0; *(uint8_t*)0x2000045e = 0; *(uint8_t*)0x2000045f = 0; *(uint8_t*)0x20000460 = 0; *(uint8_t*)0x20000461 = 0; *(uint8_t*)0x20000462 = 0; *(uint8_t*)0x20000463 = 0; *(uint8_t*)0x20000464 = 0; *(uint8_t*)0x20000465 = 0; *(uint8_t*)0x20000466 = 0; *(uint8_t*)0x20000467 = 0; *(uint8_t*)0x20000468 = 0; *(uint8_t*)0x20000469 = 0; *(uint8_t*)0x2000046a = 0; *(uint8_t*)0x2000046b = 0; *(uint8_t*)0x2000046c = 0; *(uint8_t*)0x2000046d = 0; *(uint8_t*)0x2000046e = 0; *(uint8_t*)0x2000046f = 0; *(uint8_t*)0x20000470 = 0; *(uint8_t*)0x20000471 = 0; *(uint8_t*)0x20000472 = 0; *(uint8_t*)0x20000473 = 0; *(uint8_t*)0x20000474 = 0; *(uint8_t*)0x20000475 = 0; *(uint8_t*)0x20000476 = 0; *(uint8_t*)0x20000477 = 0; *(uint8_t*)0x20000478 = 0; *(uint8_t*)0x20000479 = 0; *(uint8_t*)0x2000047a = 0; *(uint8_t*)0x2000047b = 0; *(uint8_t*)0x2000047c = 0; *(uint8_t*)0x2000047d = 0; *(uint8_t*)0x2000047e = 0; *(uint8_t*)0x2000047f = 0; *(uint8_t*)0x20000480 = 0; *(uint8_t*)0x20000481 = 0; *(uint8_t*)0x20000482 = 0; *(uint8_t*)0x20000483 = 0; *(uint8_t*)0x20000484 = 0; *(uint8_t*)0x20000485 = 0; *(uint8_t*)0x20000486 = 0; *(uint8_t*)0x20000487 = 0; *(uint8_t*)0x20000488 = 0; *(uint8_t*)0x20000489 = 0; *(uint8_t*)0x2000048a = 0; *(uint8_t*)0x2000048b = 0; *(uint32_t*)0x2000048c = 0; *(uint16_t*)0x20000490 = 0xc8; *(uint16_t*)0x20000492 = 0xf0; *(uint32_t*)0x20000494 = 0; *(uint64_t*)0x20000498 = 0; *(uint64_t*)0x200004a0 = 0; *(uint16_t*)0x200004a8 = 0x30; memcpy((void*)0x200004aa, "\x61\x64\x64\x72\x74\x79\x70\x65\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200004c7 = 0; *(uint16_t*)0x200004c8 = 0; *(uint16_t*)0x200004ca = 0; *(uint32_t*)0x200004cc = 0; *(uint32_t*)0x200004d0 = 0; *(uint16_t*)0x200004d8 = 0x28; memcpy((void*)0x200004da, "\x74\x74\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200004f7 = 0; *(uint8_t*)0x200004f8 = 0; *(uint8_t*)0x200004f9 = 0; *(uint16_t*)0x20000500 = 0x28; memcpy((void*)0x20000502, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2000051f = 0; *(uint32_t*)0x20000520 = 0xfffffffd; *(uint8_t*)0x20000528 = 0; *(uint8_t*)0x20000529 = 0; *(uint8_t*)0x2000052a = 0; *(uint8_t*)0x2000052b = 0; *(uint8_t*)0x2000052c = 0; *(uint8_t*)0x2000052d = 0; *(uint8_t*)0x2000052e = 0; *(uint8_t*)0x2000052f = 0; *(uint8_t*)0x20000530 = 0; *(uint8_t*)0x20000531 = 0; *(uint8_t*)0x20000532 = 0; *(uint8_t*)0x20000533 = 0; *(uint8_t*)0x20000534 = 0; *(uint8_t*)0x20000535 = 0; *(uint8_t*)0x20000536 = 0; *(uint8_t*)0x20000537 = 0; *(uint8_t*)0x20000538 = 0; *(uint8_t*)0x20000539 = 0; *(uint8_t*)0x2000053a = 0; *(uint8_t*)0x2000053b = 0; *(uint8_t*)0x2000053c = 0; *(uint8_t*)0x2000053d = 0; *(uint8_t*)0x2000053e = 0; *(uint8_t*)0x2000053f = 0; *(uint8_t*)0x20000540 = 0; *(uint8_t*)0x20000541 = 0; *(uint8_t*)0x20000542 = 0; *(uint8_t*)0x20000543 = 0; *(uint8_t*)0x20000544 = 0; *(uint8_t*)0x20000545 = 0; *(uint8_t*)0x20000546 = 0; *(uint8_t*)0x20000547 = 0; *(uint8_t*)0x20000548 = 0; *(uint8_t*)0x20000549 = 0; *(uint8_t*)0x2000054a = 0; *(uint8_t*)0x2000054b = 0; *(uint8_t*)0x2000054c = 0; *(uint8_t*)0x2000054d = 0; *(uint8_t*)0x2000054e = 0; *(uint8_t*)0x2000054f = 0; *(uint8_t*)0x20000550 = 0; *(uint8_t*)0x20000551 = 0; *(uint8_t*)0x20000552 = 0; *(uint8_t*)0x20000553 = 0; *(uint8_t*)0x20000554 = 0; *(uint8_t*)0x20000555 = 0; *(uint8_t*)0x20000556 = 0; *(uint8_t*)0x20000557 = 0; *(uint8_t*)0x20000558 = 0; *(uint8_t*)0x20000559 = 0; *(uint8_t*)0x2000055a = 0; *(uint8_t*)0x2000055b = 0; *(uint8_t*)0x2000055c = 0; *(uint8_t*)0x2000055d = 0; *(uint8_t*)0x2000055e = 0; *(uint8_t*)0x2000055f = 0; *(uint8_t*)0x20000560 = 0; *(uint8_t*)0x20000561 = 0; *(uint8_t*)0x20000562 = 0; *(uint8_t*)0x20000563 = 0; *(uint8_t*)0x20000564 = 0; *(uint8_t*)0x20000565 = 0; *(uint8_t*)0x20000566 = 0; *(uint8_t*)0x20000567 = 0; *(uint8_t*)0x20000568 = 0; *(uint8_t*)0x20000569 = 0; *(uint8_t*)0x2000056a = 0; *(uint8_t*)0x2000056b = 0; *(uint8_t*)0x2000056c = 0; *(uint8_t*)0x2000056d = 0; *(uint8_t*)0x2000056e = 0; *(uint8_t*)0x2000056f = 0; *(uint8_t*)0x20000570 = 0; *(uint8_t*)0x20000571 = 0; *(uint8_t*)0x20000572 = 0; *(uint8_t*)0x20000573 = 0; *(uint8_t*)0x20000574 = 0; *(uint8_t*)0x20000575 = 0; *(uint8_t*)0x20000576 = 0; *(uint8_t*)0x20000577 = 0; *(uint8_t*)0x20000578 = 0; *(uint8_t*)0x20000579 = 0; *(uint8_t*)0x2000057a = 0; *(uint8_t*)0x2000057b = 0; *(uint32_t*)0x2000057c = 0; *(uint16_t*)0x20000580 = 0x98; *(uint16_t*)0x20000582 = 0xc0; *(uint32_t*)0x20000584 = 0; *(uint64_t*)0x20000588 = 0; *(uint64_t*)0x20000590 = 0; *(uint16_t*)0x20000598 = 0x28; memcpy((void*)0x2000059a, "\x74\x74\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200005b7 = 0; *(uint8_t*)0x200005b8 = 0; *(uint8_t*)0x200005b9 = 0; *(uint16_t*)0x200005c0 = 0x28; memcpy((void*)0x200005c2, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200005df = 0; *(uint32_t*)0x200005e0 = 0; *(uint8_t*)0x200005e8 = 0; *(uint8_t*)0x200005e9 = 0; *(uint8_t*)0x200005ea = 0; *(uint8_t*)0x200005eb = 0; *(uint8_t*)0x200005ec = 0; *(uint8_t*)0x200005ed = 0; *(uint8_t*)0x200005ee = 0; *(uint8_t*)0x200005ef = 0; *(uint8_t*)0x200005f0 = 0; *(uint8_t*)0x200005f1 = 0; *(uint8_t*)0x200005f2 = 0; *(uint8_t*)0x200005f3 = 0; *(uint8_t*)0x200005f4 = 0; *(uint8_t*)0x200005f5 = 0; *(uint8_t*)0x200005f6 = 0; *(uint8_t*)0x200005f7 = 0; *(uint8_t*)0x200005f8 = 0; *(uint8_t*)0x200005f9 = 0; *(uint8_t*)0x200005fa = 0; *(uint8_t*)0x200005fb = 0; *(uint8_t*)0x200005fc = 0; *(uint8_t*)0x200005fd = 0; *(uint8_t*)0x200005fe = 0; *(uint8_t*)0x200005ff = 0; *(uint8_t*)0x20000600 = 0; *(uint8_t*)0x20000601 = 0; *(uint8_t*)0x20000602 = 0; *(uint8_t*)0x20000603 = 0; *(uint8_t*)0x20000604 = 0; *(uint8_t*)0x20000605 = 0; *(uint8_t*)0x20000606 = 0; *(uint8_t*)0x20000607 = 0; *(uint8_t*)0x20000608 = 0; *(uint8_t*)0x20000609 = 0; *(uint8_t*)0x2000060a = 0; *(uint8_t*)0x2000060b = 0; *(uint8_t*)0x2000060c = 0; *(uint8_t*)0x2000060d = 0; *(uint8_t*)0x2000060e = 0; *(uint8_t*)0x2000060f = 0; *(uint8_t*)0x20000610 = 0; *(uint8_t*)0x20000611 = 0; *(uint8_t*)0x20000612 = 0; *(uint8_t*)0x20000613 = 0; *(uint8_t*)0x20000614 = 0; *(uint8_t*)0x20000615 = 0; *(uint8_t*)0x20000616 = 0; *(uint8_t*)0x20000617 = 0; *(uint8_t*)0x20000618 = 0; *(uint8_t*)0x20000619 = 0; *(uint8_t*)0x2000061a = 0; *(uint8_t*)0x2000061b = 0; *(uint8_t*)0x2000061c = 0; *(uint8_t*)0x2000061d = 0; *(uint8_t*)0x2000061e = 0; *(uint8_t*)0x2000061f = 0; *(uint8_t*)0x20000620 = 0; *(uint8_t*)0x20000621 = 0; *(uint8_t*)0x20000622 = 0; *(uint8_t*)0x20000623 = 0; *(uint8_t*)0x20000624 = 0; *(uint8_t*)0x20000625 = 0; *(uint8_t*)0x20000626 = 0; *(uint8_t*)0x20000627 = 0; *(uint8_t*)0x20000628 = 0; *(uint8_t*)0x20000629 = 0; *(uint8_t*)0x2000062a = 0; *(uint8_t*)0x2000062b = 0; *(uint8_t*)0x2000062c = 0; *(uint8_t*)0x2000062d = 0; *(uint8_t*)0x2000062e = 0; *(uint8_t*)0x2000062f = 0; *(uint8_t*)0x20000630 = 0; *(uint8_t*)0x20000631 = 0; *(uint8_t*)0x20000632 = 0; *(uint8_t*)0x20000633 = 0; *(uint8_t*)0x20000634 = 0; *(uint8_t*)0x20000635 = 0; *(uint8_t*)0x20000636 = 0; *(uint8_t*)0x20000637 = 0; *(uint8_t*)0x20000638 = 0; *(uint8_t*)0x20000639 = 0; *(uint8_t*)0x2000063a = 0; *(uint8_t*)0x2000063b = 0; *(uint32_t*)0x2000063c = 0; *(uint16_t*)0x20000640 = 0x70; *(uint16_t*)0x20000642 = 0x98; *(uint32_t*)0x20000644 = 0; *(uint64_t*)0x20000648 = 0; *(uint64_t*)0x20000650 = 0; *(uint16_t*)0x20000658 = 0x28; memcpy((void*)0x2000065a, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20000677 = 0; *(uint32_t*)0x20000678 = 0xfffffffe; syscall(__NR_setsockopt, r[0], 0, 0x40, 0x20000340, 0x340); *(uint8_t*)0x20000000 = 1; *(uint8_t*)0x20000001 = 0x80; *(uint8_t*)0x20000002 = 0xc2; *(uint8_t*)0x20000003 = 0; *(uint8_t*)0x20000004 = 0; *(uint8_t*)0x20000005 = 0; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0; *(uint8_t*)0x2000000b = 0; *(uint16_t*)0x2000000c = htobe16(0x800); STORE_BY_BITMASK(uint8_t, 0x2000000e, 5, 0, 4); STORE_BY_BITMASK(uint8_t, 0x2000000e, 4, 4, 4); STORE_BY_BITMASK(uint8_t, 0x2000000f, 0, 0, 2); STORE_BY_BITMASK(uint8_t, 0x2000000f, 0, 2, 6); *(uint16_t*)0x20000010 = htobe16(0x24); *(uint16_t*)0x20000012 = 0; *(uint16_t*)0x20000014 = htobe16(0); *(uint8_t*)0x20000016 = 0; *(uint8_t*)0x20000017 = 0; *(uint16_t*)0x20000018 = 0; *(uint8_t*)0x2000001a = 0xac; *(uint8_t*)0x2000001b = 0x14; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0xaa; *(uint32_t*)0x2000001e = htobe32(-1); STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 0, 1); STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 1, 1); STORE_BY_BITMASK(uint16_t, 0x20000022, 1, 2, 1); STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 3, 1); STORE_BY_BITMASK(uint16_t, 0x20000022, 0xb, 4, 4); STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 8, 1); STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 9, 4); STORE_BY_BITMASK(uint16_t, 0x20000022, 8, 13, 3); *(uint16_t*)0x20000024 = htobe16(0x880b); *(uint16_t*)0x20000026 = htobe16(0); *(uint16_t*)0x20000028 = htobe16(0); STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 0, 1); STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 1, 1); STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 2, 1); STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 3, 1); STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 4, 9); STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 13, 3); *(uint16_t*)0x2000002c = htobe16(0x800); STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 0, 1); STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 1, 1); STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 2, 1); STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 3, 1); STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 4, 9); STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 13, 3); *(uint16_t*)0x20000030 = htobe16(0x86dd); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x2000000e, 20); *(uint16_t*)0x20000018 = csum_inet_digest(&csum_1); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); for (procid = 0; procid < 8; procid++) { if (fork() == 0) { for (;;) { loop(); } } } sleep(1000000); return 0; }