// https://syzkaller.appspot.com/bug?id=61714127fcffd45b73cbd408ae695751952b87aa
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE
#include <endian.h>
#include <errno.h>
#include <linux/net.h>
#include <netinet/in.h>
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
#include <sys/prctl.h>
#include <sys/socket.h>
#include <sys/syscall.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>

__attribute__((noreturn)) static void doexit(int status)
{
  volatile unsigned i;
  syscall(__NR_exit_group, status);
  for (i = 0;; i++) {
  }
}
#include <stdint.h>
#include <string.h>

const int kFailStatus = 67;
const int kRetryStatus = 69;

static void fail(const char* msg, ...)
{
  int e = errno;
  va_list args;
  va_start(args, msg);
  vfprintf(stderr, msg, args);
  va_end(args);
  fprintf(stderr, " (errno %d)\n", e);
  doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus);
}

#define BITMASK_LEN(type, bf_len) (type)((1ull << (bf_len)) - 1)

#define BITMASK_LEN_OFF(type, bf_off, bf_len)                                  \
  (type)(BITMASK_LEN(type, (bf_len)) << (bf_off))

#define STORE_BY_BITMASK(type, addr, val, bf_off, bf_len)                      \
  if ((bf_off) == 0 && (bf_len) == 0) {                                        \
    *(type*)(addr) = (type)(val);                                              \
  } else {                                                                     \
    type new_val = *(type*)(addr);                                             \
    new_val &= ~BITMASK_LEN_OFF(type, (bf_off), (bf_len));                     \
    new_val |= ((type)(val)&BITMASK_LEN(type, (bf_len))) << (bf_off);          \
    *(type*)(addr) = new_val;                                                  \
  }

struct csum_inet {
  uint32_t acc;
};

static void csum_inet_init(struct csum_inet* csum)
{
  csum->acc = 0;
}

static void csum_inet_update(struct csum_inet* csum, const uint8_t* data,
                             size_t length)
{
  if (length == 0)
    return;

  size_t i;
  for (i = 0; i < length - 1; i += 2)
    csum->acc += *(uint16_t*)&data[i];

  if (length & 1)
    csum->acc += (uint16_t)data[length - 1];

  while (csum->acc > 0xffff)
    csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16);
}

static uint16_t csum_inet_digest(struct csum_inet* csum)
{
  return ~csum->acc;
}

static uint64_t current_time_ms()
{
  struct timespec ts;

  if (clock_gettime(CLOCK_MONOTONIC, &ts))
    fail("clock_gettime failed");
  return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}

#define XT_TABLE_SIZE 1536
#define XT_MAX_ENTRIES 10

struct xt_counters {
  uint64_t pcnt, bcnt;
};

struct ipt_getinfo {
  char name[32];
  unsigned int valid_hooks;
  unsigned int hook_entry[5];
  unsigned int underflow[5];
  unsigned int num_entries;
  unsigned int size;
};

struct ipt_get_entries {
  char name[32];
  unsigned int size;
  void* entrytable[XT_TABLE_SIZE / sizeof(void*)];
};

struct ipt_replace {
  char name[32];
  unsigned int valid_hooks;
  unsigned int num_entries;
  unsigned int size;
  unsigned int hook_entry[5];
  unsigned int underflow[5];
  unsigned int num_counters;
  struct xt_counters* counters;
  char entrytable[XT_TABLE_SIZE];
};

struct ipt_table_desc {
  const char* name;
  struct ipt_getinfo info;
  struct ipt_replace replace;
};

static struct ipt_table_desc ipv4_tables[] = {
    {.name = "filter"}, {.name = "nat"},      {.name = "mangle"},
    {.name = "raw"},    {.name = "security"},
};

static struct ipt_table_desc ipv6_tables[] = {
    {.name = "filter"}, {.name = "nat"},      {.name = "mangle"},
    {.name = "raw"},    {.name = "security"},
};

#define IPT_BASE_CTL 64
#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
#define IPT_SO_GET_INFO (IPT_BASE_CTL)
#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)

struct arpt_getinfo {
  char name[32];
  unsigned int valid_hooks;
  unsigned int hook_entry[3];
  unsigned int underflow[3];
  unsigned int num_entries;
  unsigned int size;
};

struct arpt_get_entries {
  char name[32];
  unsigned int size;
  void* entrytable[XT_TABLE_SIZE / sizeof(void*)];
};

struct arpt_replace {
  char name[32];
  unsigned int valid_hooks;
  unsigned int num_entries;
  unsigned int size;
  unsigned int hook_entry[3];
  unsigned int underflow[3];
  unsigned int num_counters;
  struct xt_counters* counters;
  char entrytable[XT_TABLE_SIZE];
};

struct arpt_table_desc {
  const char* name;
  struct arpt_getinfo info;
  struct arpt_replace replace;
};

static struct arpt_table_desc arpt_tables[] = {
    {.name = "filter"},
};

#define ARPT_BASE_CTL 96
#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)

static void checkpoint_iptables(struct ipt_table_desc* tables, int num_tables,
                                int family, int level)
{
  struct ipt_get_entries entries;
  socklen_t optlen;
  int fd, i;

  fd = socket(family, SOCK_STREAM, IPPROTO_TCP);
  if (fd == -1)
    fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family);
  for (i = 0; i < num_tables; i++) {
    struct ipt_table_desc* table = &tables[i];
    strcpy(table->info.name, table->name);
    strcpy(table->replace.name, table->name);
    optlen = sizeof(table->info);
    if (getsockopt(fd, level, IPT_SO_GET_INFO, &table->info, &optlen)) {
      switch (errno) {
      case EPERM:
      case ENOENT:
      case ENOPROTOOPT:
        continue;
      }
      fail("getsockopt(IPT_SO_GET_INFO)");
    }
    if (table->info.size > sizeof(table->replace.entrytable))
      fail("table size is too large: %u", table->info.size);
    if (table->info.num_entries > XT_MAX_ENTRIES)
      fail("too many counters: %u", table->info.num_entries);
    memset(&entries, 0, sizeof(entries));
    strcpy(entries.name, table->name);
    entries.size = table->info.size;
    optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size;
    if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen))
      fail("getsockopt(IPT_SO_GET_ENTRIES)");
    table->replace.valid_hooks = table->info.valid_hooks;
    table->replace.num_entries = table->info.num_entries;
    table->replace.size = table->info.size;
    memcpy(table->replace.hook_entry, table->info.hook_entry,
           sizeof(table->replace.hook_entry));
    memcpy(table->replace.underflow, table->info.underflow,
           sizeof(table->replace.underflow));
    memcpy(table->replace.entrytable, entries.entrytable, table->info.size);
  }
  close(fd);
}

static void reset_iptables(struct ipt_table_desc* tables, int num_tables,
                           int family, int level)
{
  struct xt_counters counters[XT_MAX_ENTRIES];
  struct ipt_get_entries entries;
  struct ipt_getinfo info;
  socklen_t optlen;
  int fd, i;

  fd = socket(family, SOCK_STREAM, IPPROTO_TCP);
  if (fd == -1)
    fail("socket(%d, SOCK_STREAM, IPPROTO_TCP)", family);
  for (i = 0; i < num_tables; i++) {
    struct ipt_table_desc* table = &tables[i];
    if (table->info.valid_hooks == 0)
      continue;
    memset(&info, 0, sizeof(info));
    strcpy(info.name, table->name);
    optlen = sizeof(info);
    if (getsockopt(fd, level, IPT_SO_GET_INFO, &info, &optlen))
      fail("getsockopt(IPT_SO_GET_INFO)");
    if (memcmp(&table->info, &info, sizeof(table->info)) == 0) {
      memset(&entries, 0, sizeof(entries));
      strcpy(entries.name, table->name);
      entries.size = table->info.size;
      optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size;
      if (getsockopt(fd, level, IPT_SO_GET_ENTRIES, &entries, &optlen))
        fail("getsockopt(IPT_SO_GET_ENTRIES)");
      if (memcmp(table->replace.entrytable, entries.entrytable,
                 table->info.size) == 0)
        continue;
    }
    table->replace.num_counters = info.num_entries;
    table->replace.counters = counters;
    optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) +
             table->replace.size;
    if (setsockopt(fd, level, IPT_SO_SET_REPLACE, &table->replace, optlen))
      fail("setsockopt(IPT_SO_SET_REPLACE)");
  }
  close(fd);
}

static void checkpoint_arptables(void)
{
  struct arpt_get_entries entries;
  socklen_t optlen;
  unsigned i;
  int fd;

  fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  if (fd == -1)
    fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
  for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) {
    struct arpt_table_desc* table = &arpt_tables[i];
    strcpy(table->info.name, table->name);
    strcpy(table->replace.name, table->name);
    optlen = sizeof(table->info);
    if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &table->info, &optlen)) {
      switch (errno) {
      case EPERM:
      case ENOENT:
      case ENOPROTOOPT:
        continue;
      }
      fail("getsockopt(ARPT_SO_GET_INFO)");
    }
    if (table->info.size > sizeof(table->replace.entrytable))
      fail("table size is too large: %u", table->info.size);
    if (table->info.num_entries > XT_MAX_ENTRIES)
      fail("too many counters: %u", table->info.num_entries);
    memset(&entries, 0, sizeof(entries));
    strcpy(entries.name, table->name);
    entries.size = table->info.size;
    optlen = sizeof(entries) - sizeof(entries.entrytable) + table->info.size;
    if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen))
      fail("getsockopt(ARPT_SO_GET_ENTRIES)");
    table->replace.valid_hooks = table->info.valid_hooks;
    table->replace.num_entries = table->info.num_entries;
    table->replace.size = table->info.size;
    memcpy(table->replace.hook_entry, table->info.hook_entry,
           sizeof(table->replace.hook_entry));
    memcpy(table->replace.underflow, table->info.underflow,
           sizeof(table->replace.underflow));
    memcpy(table->replace.entrytable, entries.entrytable, table->info.size);
  }
  close(fd);
}

static void reset_arptables()
{
  struct xt_counters counters[XT_MAX_ENTRIES];
  struct arpt_get_entries entries;
  struct arpt_getinfo info;
  socklen_t optlen;
  unsigned i;
  int fd;

  fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  if (fd == -1)
    fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
  for (i = 0; i < sizeof(arpt_tables) / sizeof(arpt_tables[0]); i++) {
    struct arpt_table_desc* table = &arpt_tables[i];
    if (table->info.valid_hooks == 0)
      continue;
    memset(&info, 0, sizeof(info));
    strcpy(info.name, table->name);
    optlen = sizeof(info);
    if (getsockopt(fd, SOL_IP, ARPT_SO_GET_INFO, &info, &optlen))
      fail("getsockopt(ARPT_SO_GET_INFO)");
    if (memcmp(&table->info, &info, sizeof(table->info)) == 0) {
      memset(&entries, 0, sizeof(entries));
      strcpy(entries.name, table->name);
      entries.size = table->info.size;
      optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size;
      if (getsockopt(fd, SOL_IP, ARPT_SO_GET_ENTRIES, &entries, &optlen))
        fail("getsockopt(ARPT_SO_GET_ENTRIES)");
      if (memcmp(table->replace.entrytable, entries.entrytable,
                 table->info.size) == 0)
        continue;
    }
    table->replace.num_counters = info.num_entries;
    table->replace.counters = counters;
    optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) +
             table->replace.size;
    if (setsockopt(fd, SOL_IP, ARPT_SO_SET_REPLACE, &table->replace, optlen))
      fail("setsockopt(ARPT_SO_SET_REPLACE)");
  }
  close(fd);
}
#include <linux/if.h>
#include <linux/netfilter_bridge/ebtables.h>

struct ebt_table_desc {
  const char* name;
  struct ebt_replace replace;
  char entrytable[XT_TABLE_SIZE];
};

static struct ebt_table_desc ebt_tables[] = {
    {.name = "filter"}, {.name = "nat"}, {.name = "broute"},
};

static void checkpoint_ebtables(void)
{
  socklen_t optlen;
  unsigned i;
  int fd;

  fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  if (fd == -1)
    fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
  for (i = 0; i < sizeof(ebt_tables) / sizeof(ebt_tables[0]); i++) {
    struct ebt_table_desc* table = &ebt_tables[i];
    strcpy(table->replace.name, table->name);
    optlen = sizeof(table->replace);
    if (getsockopt(fd, SOL_IP, EBT_SO_GET_INIT_INFO, &table->replace,
                   &optlen)) {
      switch (errno) {
      case EPERM:
      case ENOENT:
      case ENOPROTOOPT:
        continue;
      }
      fail("getsockopt(EBT_SO_GET_INIT_INFO)");
    }
    if (table->replace.entries_size > sizeof(table->entrytable))
      fail("table size is too large: %u", table->replace.entries_size);
    table->replace.num_counters = 0;
    table->replace.entries = table->entrytable;
    optlen = sizeof(table->replace) + table->replace.entries_size;
    if (getsockopt(fd, SOL_IP, EBT_SO_GET_INIT_ENTRIES, &table->replace,
                   &optlen))
      fail("getsockopt(EBT_SO_GET_INIT_ENTRIES)");
  }
  close(fd);
}

static void reset_ebtables()
{
  struct ebt_replace replace;
  char entrytable[XT_TABLE_SIZE];
  socklen_t optlen;
  unsigned i, j, h;
  int fd;

  fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  if (fd == -1)
    fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)");
  for (i = 0; i < sizeof(ebt_tables) / sizeof(ebt_tables[0]); i++) {
    struct ebt_table_desc* table = &ebt_tables[i];
    if (table->replace.valid_hooks == 0)
      continue;
    memset(&replace, 0, sizeof(replace));
    strcpy(replace.name, table->name);
    optlen = sizeof(replace);
    if (getsockopt(fd, SOL_IP, EBT_SO_GET_INFO, &replace, &optlen))
      fail("getsockopt(EBT_SO_GET_INFO)");
    replace.num_counters = 0;
    for (h = 0; h < NF_BR_NUMHOOKS; h++)
      table->replace.hook_entry[h] = 0;
    if (memcmp(&table->replace, &replace, sizeof(table->replace)) == 0) {
      memset(&entrytable, 0, sizeof(entrytable));
      replace.entries = entrytable;
      optlen = sizeof(replace) + replace.entries_size;
      if (getsockopt(fd, SOL_IP, EBT_SO_GET_ENTRIES, &replace, &optlen))
        fail("getsockopt(EBT_SO_GET_ENTRIES)");
      if (memcmp(table->entrytable, entrytable, replace.entries_size) == 0)
        continue;
    }
    for (j = 0, h = 0; h < NF_BR_NUMHOOKS; h++) {
      if (table->replace.valid_hooks & (1 << h)) {
        table->replace.hook_entry[h] =
            (struct ebt_entries*)table->entrytable + j;
        j++;
      }
    }
    optlen = sizeof(table->replace) + table->replace.entries_size;
    if (setsockopt(fd, SOL_IP, EBT_SO_SET_ENTRIES, &table->replace, optlen))
      fail("setsockopt(EBT_SO_SET_ENTRIES)");
  }
  close(fd);
}

static void checkpoint_net_namespace(void)
{
  checkpoint_ebtables();
  checkpoint_arptables();
  checkpoint_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]),
                      AF_INET, SOL_IP);
  checkpoint_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]),
                      AF_INET6, SOL_IPV6);
}

static void reset_net_namespace(void)
{
  reset_ebtables();
  reset_arptables();
  reset_iptables(ipv4_tables, sizeof(ipv4_tables) / sizeof(ipv4_tables[0]),
                 AF_INET, SOL_IP);
  reset_iptables(ipv6_tables, sizeof(ipv6_tables) / sizeof(ipv6_tables[0]),
                 AF_INET6, SOL_IPV6);
}

static void test();

void loop()
{
  int iter;
  checkpoint_net_namespace();
  for (iter = 0;; iter++) {
    int pid = fork();
    if (pid < 0)
      fail("loop fork failed");
    if (pid == 0) {
      prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
      setpgrp();
      test();
      doexit(0);
    }
    int status = 0;
    uint64_t start = current_time_ms();
    for (;;) {
      int res = waitpid(-1, &status, __WALL | WNOHANG);
      if (res == pid)
        break;
      usleep(1000);
      if (current_time_ms() - start > 5 * 1000) {
        kill(-pid, SIGKILL);
        kill(pid, SIGKILL);
        while (waitpid(-1, &status, __WALL) != pid) {
        }
        break;
      }
    }
    reset_net_namespace();
  }
}

long r[1];
uint64_t procid;
void test()
{
  memset(r, -1, sizeof(r));
  r[0] = syscall(__NR_socket, 0xa, 0x801, 0);
  memcpy((void*)0x20000340, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00\x00\x00\x00",
         32);
  *(uint32_t*)0x20000360 = 0xe;
  *(uint32_t*)0x20000364 = 4;
  *(uint32_t*)0x20000368 = 0x2e0;
  *(uint32_t*)0x2000036c = -1;
  *(uint32_t*)0x20000370 = 0;
  *(uint32_t*)0x20000374 = 0x98;
  *(uint32_t*)0x20000378 = 0x188;
  *(uint32_t*)0x2000037c = -1;
  *(uint32_t*)0x20000380 = -1;
  *(uint32_t*)0x20000384 = 0x248;
  *(uint32_t*)0x20000388 = 0x248;
  *(uint32_t*)0x2000038c = 0x248;
  *(uint32_t*)0x20000390 = -1;
  *(uint32_t*)0x20000394 = 4;
  *(uint64_t*)0x20000398 = 0x20003fc0;
  *(uint8_t*)0x200003a0 = 0;
  *(uint8_t*)0x200003a1 = 0;
  *(uint8_t*)0x200003a2 = 0;
  *(uint8_t*)0x200003a3 = 0;
  *(uint8_t*)0x200003a4 = 0;
  *(uint8_t*)0x200003a5 = 0;
  *(uint8_t*)0x200003a6 = 0;
  *(uint8_t*)0x200003a7 = 0;
  *(uint8_t*)0x200003a8 = 0;
  *(uint8_t*)0x200003a9 = 0;
  *(uint8_t*)0x200003aa = 0;
  *(uint8_t*)0x200003ab = 0;
  *(uint8_t*)0x200003ac = 0;
  *(uint8_t*)0x200003ad = 0;
  *(uint8_t*)0x200003ae = 0;
  *(uint8_t*)0x200003af = 0;
  *(uint8_t*)0x200003b0 = 0;
  *(uint8_t*)0x200003b1 = 0;
  *(uint8_t*)0x200003b2 = 0;
  *(uint8_t*)0x200003b3 = 0;
  *(uint8_t*)0x200003b4 = 0;
  *(uint8_t*)0x200003b5 = 0;
  *(uint8_t*)0x200003b6 = 0;
  *(uint8_t*)0x200003b7 = 0;
  *(uint8_t*)0x200003b8 = 0;
  *(uint8_t*)0x200003b9 = 0;
  *(uint8_t*)0x200003ba = 0;
  *(uint8_t*)0x200003bb = 0;
  *(uint8_t*)0x200003bc = 0;
  *(uint8_t*)0x200003bd = 0;
  *(uint8_t*)0x200003be = 0;
  *(uint8_t*)0x200003bf = 0;
  *(uint8_t*)0x200003c0 = 0;
  *(uint8_t*)0x200003c1 = 0;
  *(uint8_t*)0x200003c2 = 0;
  *(uint8_t*)0x200003c3 = 0;
  *(uint8_t*)0x200003c4 = 0;
  *(uint8_t*)0x200003c5 = 0;
  *(uint8_t*)0x200003c6 = 0;
  *(uint8_t*)0x200003c7 = 0;
  *(uint8_t*)0x200003c8 = 0;
  *(uint8_t*)0x200003c9 = 0;
  *(uint8_t*)0x200003ca = 0;
  *(uint8_t*)0x200003cb = 0;
  *(uint8_t*)0x200003cc = 0;
  *(uint8_t*)0x200003cd = 0;
  *(uint8_t*)0x200003ce = 0;
  *(uint8_t*)0x200003cf = 0;
  *(uint8_t*)0x200003d0 = 0;
  *(uint8_t*)0x200003d1 = 0;
  *(uint8_t*)0x200003d2 = 0;
  *(uint8_t*)0x200003d3 = 0;
  *(uint8_t*)0x200003d4 = 0;
  *(uint8_t*)0x200003d5 = 0;
  *(uint8_t*)0x200003d6 = 0;
  *(uint8_t*)0x200003d7 = 0;
  *(uint8_t*)0x200003d8 = 0;
  *(uint8_t*)0x200003d9 = 0;
  *(uint8_t*)0x200003da = 0;
  *(uint8_t*)0x200003db = 0;
  *(uint8_t*)0x200003dc = 0;
  *(uint8_t*)0x200003dd = 0;
  *(uint8_t*)0x200003de = 0;
  *(uint8_t*)0x200003df = 0;
  *(uint8_t*)0x200003e0 = 0;
  *(uint8_t*)0x200003e1 = 0;
  *(uint8_t*)0x200003e2 = 0;
  *(uint8_t*)0x200003e3 = 0;
  *(uint8_t*)0x200003e4 = 0;
  *(uint8_t*)0x200003e5 = 0;
  *(uint8_t*)0x200003e6 = 0;
  *(uint8_t*)0x200003e7 = 0;
  *(uint8_t*)0x200003e8 = 0;
  *(uint8_t*)0x200003e9 = 0;
  *(uint8_t*)0x200003ea = 0;
  *(uint8_t*)0x200003eb = 0;
  *(uint8_t*)0x200003ec = 0;
  *(uint8_t*)0x200003ed = 0;
  *(uint8_t*)0x200003ee = 0;
  *(uint8_t*)0x200003ef = 0;
  *(uint8_t*)0x200003f0 = 0;
  *(uint8_t*)0x200003f1 = 0;
  *(uint8_t*)0x200003f2 = 0;
  *(uint8_t*)0x200003f3 = 0;
  *(uint32_t*)0x200003f4 = 0;
  *(uint16_t*)0x200003f8 = 0x70;
  *(uint16_t*)0x200003fa = 0x98;
  *(uint32_t*)0x200003fc = 0;
  *(uint64_t*)0x20000400 = 0;
  *(uint64_t*)0x20000408 = 0;
  *(uint16_t*)0x20000410 = 0x28;
  memcpy((void*)0x20000412, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00",
         29);
  *(uint8_t*)0x2000042f = 0;
  *(uint32_t*)0x20000430 = 0x248;
  *(uint8_t*)0x20000438 = 0;
  *(uint8_t*)0x20000439 = 0;
  *(uint8_t*)0x2000043a = 0;
  *(uint8_t*)0x2000043b = 0;
  *(uint8_t*)0x2000043c = 0;
  *(uint8_t*)0x2000043d = 0;
  *(uint8_t*)0x2000043e = 0;
  *(uint8_t*)0x2000043f = 0;
  *(uint8_t*)0x20000440 = 0;
  *(uint8_t*)0x20000441 = 0;
  *(uint8_t*)0x20000442 = 0;
  *(uint8_t*)0x20000443 = 0;
  *(uint8_t*)0x20000444 = 0;
  *(uint8_t*)0x20000445 = 0;
  *(uint8_t*)0x20000446 = 0;
  *(uint8_t*)0x20000447 = 0;
  *(uint8_t*)0x20000448 = 0;
  *(uint8_t*)0x20000449 = 0;
  *(uint8_t*)0x2000044a = 0;
  *(uint8_t*)0x2000044b = 0;
  *(uint8_t*)0x2000044c = 0;
  *(uint8_t*)0x2000044d = 0;
  *(uint8_t*)0x2000044e = 0;
  *(uint8_t*)0x2000044f = 0;
  *(uint8_t*)0x20000450 = 0;
  *(uint8_t*)0x20000451 = 0;
  *(uint8_t*)0x20000452 = 0;
  *(uint8_t*)0x20000453 = 0;
  *(uint8_t*)0x20000454 = 0;
  *(uint8_t*)0x20000455 = 0;
  *(uint8_t*)0x20000456 = 0;
  *(uint8_t*)0x20000457 = 0;
  *(uint8_t*)0x20000458 = 0;
  *(uint8_t*)0x20000459 = 0;
  *(uint8_t*)0x2000045a = 0;
  *(uint8_t*)0x2000045b = 0;
  *(uint8_t*)0x2000045c = 0;
  *(uint8_t*)0x2000045d = 0;
  *(uint8_t*)0x2000045e = 0;
  *(uint8_t*)0x2000045f = 0;
  *(uint8_t*)0x20000460 = 0;
  *(uint8_t*)0x20000461 = 0;
  *(uint8_t*)0x20000462 = 0;
  *(uint8_t*)0x20000463 = 0;
  *(uint8_t*)0x20000464 = 0;
  *(uint8_t*)0x20000465 = 0;
  *(uint8_t*)0x20000466 = 0;
  *(uint8_t*)0x20000467 = 0;
  *(uint8_t*)0x20000468 = 0;
  *(uint8_t*)0x20000469 = 0;
  *(uint8_t*)0x2000046a = 0;
  *(uint8_t*)0x2000046b = 0;
  *(uint8_t*)0x2000046c = 0;
  *(uint8_t*)0x2000046d = 0;
  *(uint8_t*)0x2000046e = 0;
  *(uint8_t*)0x2000046f = 0;
  *(uint8_t*)0x20000470 = 0;
  *(uint8_t*)0x20000471 = 0;
  *(uint8_t*)0x20000472 = 0;
  *(uint8_t*)0x20000473 = 0;
  *(uint8_t*)0x20000474 = 0;
  *(uint8_t*)0x20000475 = 0;
  *(uint8_t*)0x20000476 = 0;
  *(uint8_t*)0x20000477 = 0;
  *(uint8_t*)0x20000478 = 0;
  *(uint8_t*)0x20000479 = 0;
  *(uint8_t*)0x2000047a = 0;
  *(uint8_t*)0x2000047b = 0;
  *(uint8_t*)0x2000047c = 0;
  *(uint8_t*)0x2000047d = 0;
  *(uint8_t*)0x2000047e = 0;
  *(uint8_t*)0x2000047f = 0;
  *(uint8_t*)0x20000480 = 0;
  *(uint8_t*)0x20000481 = 0;
  *(uint8_t*)0x20000482 = 0;
  *(uint8_t*)0x20000483 = 0;
  *(uint8_t*)0x20000484 = 0;
  *(uint8_t*)0x20000485 = 0;
  *(uint8_t*)0x20000486 = 0;
  *(uint8_t*)0x20000487 = 0;
  *(uint8_t*)0x20000488 = 0;
  *(uint8_t*)0x20000489 = 0;
  *(uint8_t*)0x2000048a = 0;
  *(uint8_t*)0x2000048b = 0;
  *(uint32_t*)0x2000048c = 0;
  *(uint16_t*)0x20000490 = 0xc8;
  *(uint16_t*)0x20000492 = 0xf0;
  *(uint32_t*)0x20000494 = 0;
  *(uint64_t*)0x20000498 = 0;
  *(uint64_t*)0x200004a0 = 0;
  *(uint16_t*)0x200004a8 = 0x30;
  memcpy((void*)0x200004aa, "\x61\x64\x64\x72\x74\x79\x70\x65\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00",
         29);
  *(uint8_t*)0x200004c7 = 0;
  *(uint16_t*)0x200004c8 = 0;
  *(uint16_t*)0x200004ca = 0;
  *(uint32_t*)0x200004cc = 0;
  *(uint32_t*)0x200004d0 = 0;
  *(uint16_t*)0x200004d8 = 0x28;
  memcpy((void*)0x200004da, "\x74\x74\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00",
         29);
  *(uint8_t*)0x200004f7 = 0;
  *(uint8_t*)0x200004f8 = 0;
  *(uint8_t*)0x200004f9 = 0;
  *(uint16_t*)0x20000500 = 0x28;
  memcpy((void*)0x20000502, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00",
         29);
  *(uint8_t*)0x2000051f = 0;
  *(uint32_t*)0x20000520 = 0xfffffffd;
  *(uint8_t*)0x20000528 = 0;
  *(uint8_t*)0x20000529 = 0;
  *(uint8_t*)0x2000052a = 0;
  *(uint8_t*)0x2000052b = 0;
  *(uint8_t*)0x2000052c = 0;
  *(uint8_t*)0x2000052d = 0;
  *(uint8_t*)0x2000052e = 0;
  *(uint8_t*)0x2000052f = 0;
  *(uint8_t*)0x20000530 = 0;
  *(uint8_t*)0x20000531 = 0;
  *(uint8_t*)0x20000532 = 0;
  *(uint8_t*)0x20000533 = 0;
  *(uint8_t*)0x20000534 = 0;
  *(uint8_t*)0x20000535 = 0;
  *(uint8_t*)0x20000536 = 0;
  *(uint8_t*)0x20000537 = 0;
  *(uint8_t*)0x20000538 = 0;
  *(uint8_t*)0x20000539 = 0;
  *(uint8_t*)0x2000053a = 0;
  *(uint8_t*)0x2000053b = 0;
  *(uint8_t*)0x2000053c = 0;
  *(uint8_t*)0x2000053d = 0;
  *(uint8_t*)0x2000053e = 0;
  *(uint8_t*)0x2000053f = 0;
  *(uint8_t*)0x20000540 = 0;
  *(uint8_t*)0x20000541 = 0;
  *(uint8_t*)0x20000542 = 0;
  *(uint8_t*)0x20000543 = 0;
  *(uint8_t*)0x20000544 = 0;
  *(uint8_t*)0x20000545 = 0;
  *(uint8_t*)0x20000546 = 0;
  *(uint8_t*)0x20000547 = 0;
  *(uint8_t*)0x20000548 = 0;
  *(uint8_t*)0x20000549 = 0;
  *(uint8_t*)0x2000054a = 0;
  *(uint8_t*)0x2000054b = 0;
  *(uint8_t*)0x2000054c = 0;
  *(uint8_t*)0x2000054d = 0;
  *(uint8_t*)0x2000054e = 0;
  *(uint8_t*)0x2000054f = 0;
  *(uint8_t*)0x20000550 = 0;
  *(uint8_t*)0x20000551 = 0;
  *(uint8_t*)0x20000552 = 0;
  *(uint8_t*)0x20000553 = 0;
  *(uint8_t*)0x20000554 = 0;
  *(uint8_t*)0x20000555 = 0;
  *(uint8_t*)0x20000556 = 0;
  *(uint8_t*)0x20000557 = 0;
  *(uint8_t*)0x20000558 = 0;
  *(uint8_t*)0x20000559 = 0;
  *(uint8_t*)0x2000055a = 0;
  *(uint8_t*)0x2000055b = 0;
  *(uint8_t*)0x2000055c = 0;
  *(uint8_t*)0x2000055d = 0;
  *(uint8_t*)0x2000055e = 0;
  *(uint8_t*)0x2000055f = 0;
  *(uint8_t*)0x20000560 = 0;
  *(uint8_t*)0x20000561 = 0;
  *(uint8_t*)0x20000562 = 0;
  *(uint8_t*)0x20000563 = 0;
  *(uint8_t*)0x20000564 = 0;
  *(uint8_t*)0x20000565 = 0;
  *(uint8_t*)0x20000566 = 0;
  *(uint8_t*)0x20000567 = 0;
  *(uint8_t*)0x20000568 = 0;
  *(uint8_t*)0x20000569 = 0;
  *(uint8_t*)0x2000056a = 0;
  *(uint8_t*)0x2000056b = 0;
  *(uint8_t*)0x2000056c = 0;
  *(uint8_t*)0x2000056d = 0;
  *(uint8_t*)0x2000056e = 0;
  *(uint8_t*)0x2000056f = 0;
  *(uint8_t*)0x20000570 = 0;
  *(uint8_t*)0x20000571 = 0;
  *(uint8_t*)0x20000572 = 0;
  *(uint8_t*)0x20000573 = 0;
  *(uint8_t*)0x20000574 = 0;
  *(uint8_t*)0x20000575 = 0;
  *(uint8_t*)0x20000576 = 0;
  *(uint8_t*)0x20000577 = 0;
  *(uint8_t*)0x20000578 = 0;
  *(uint8_t*)0x20000579 = 0;
  *(uint8_t*)0x2000057a = 0;
  *(uint8_t*)0x2000057b = 0;
  *(uint32_t*)0x2000057c = 0;
  *(uint16_t*)0x20000580 = 0x98;
  *(uint16_t*)0x20000582 = 0xc0;
  *(uint32_t*)0x20000584 = 0;
  *(uint64_t*)0x20000588 = 0;
  *(uint64_t*)0x20000590 = 0;
  *(uint16_t*)0x20000598 = 0x28;
  memcpy((void*)0x2000059a, "\x74\x74\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00",
         29);
  *(uint8_t*)0x200005b7 = 0;
  *(uint8_t*)0x200005b8 = 0;
  *(uint8_t*)0x200005b9 = 0;
  *(uint16_t*)0x200005c0 = 0x28;
  memcpy((void*)0x200005c2, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00",
         29);
  *(uint8_t*)0x200005df = 0;
  *(uint32_t*)0x200005e0 = 0;
  *(uint8_t*)0x200005e8 = 0;
  *(uint8_t*)0x200005e9 = 0;
  *(uint8_t*)0x200005ea = 0;
  *(uint8_t*)0x200005eb = 0;
  *(uint8_t*)0x200005ec = 0;
  *(uint8_t*)0x200005ed = 0;
  *(uint8_t*)0x200005ee = 0;
  *(uint8_t*)0x200005ef = 0;
  *(uint8_t*)0x200005f0 = 0;
  *(uint8_t*)0x200005f1 = 0;
  *(uint8_t*)0x200005f2 = 0;
  *(uint8_t*)0x200005f3 = 0;
  *(uint8_t*)0x200005f4 = 0;
  *(uint8_t*)0x200005f5 = 0;
  *(uint8_t*)0x200005f6 = 0;
  *(uint8_t*)0x200005f7 = 0;
  *(uint8_t*)0x200005f8 = 0;
  *(uint8_t*)0x200005f9 = 0;
  *(uint8_t*)0x200005fa = 0;
  *(uint8_t*)0x200005fb = 0;
  *(uint8_t*)0x200005fc = 0;
  *(uint8_t*)0x200005fd = 0;
  *(uint8_t*)0x200005fe = 0;
  *(uint8_t*)0x200005ff = 0;
  *(uint8_t*)0x20000600 = 0;
  *(uint8_t*)0x20000601 = 0;
  *(uint8_t*)0x20000602 = 0;
  *(uint8_t*)0x20000603 = 0;
  *(uint8_t*)0x20000604 = 0;
  *(uint8_t*)0x20000605 = 0;
  *(uint8_t*)0x20000606 = 0;
  *(uint8_t*)0x20000607 = 0;
  *(uint8_t*)0x20000608 = 0;
  *(uint8_t*)0x20000609 = 0;
  *(uint8_t*)0x2000060a = 0;
  *(uint8_t*)0x2000060b = 0;
  *(uint8_t*)0x2000060c = 0;
  *(uint8_t*)0x2000060d = 0;
  *(uint8_t*)0x2000060e = 0;
  *(uint8_t*)0x2000060f = 0;
  *(uint8_t*)0x20000610 = 0;
  *(uint8_t*)0x20000611 = 0;
  *(uint8_t*)0x20000612 = 0;
  *(uint8_t*)0x20000613 = 0;
  *(uint8_t*)0x20000614 = 0;
  *(uint8_t*)0x20000615 = 0;
  *(uint8_t*)0x20000616 = 0;
  *(uint8_t*)0x20000617 = 0;
  *(uint8_t*)0x20000618 = 0;
  *(uint8_t*)0x20000619 = 0;
  *(uint8_t*)0x2000061a = 0;
  *(uint8_t*)0x2000061b = 0;
  *(uint8_t*)0x2000061c = 0;
  *(uint8_t*)0x2000061d = 0;
  *(uint8_t*)0x2000061e = 0;
  *(uint8_t*)0x2000061f = 0;
  *(uint8_t*)0x20000620 = 0;
  *(uint8_t*)0x20000621 = 0;
  *(uint8_t*)0x20000622 = 0;
  *(uint8_t*)0x20000623 = 0;
  *(uint8_t*)0x20000624 = 0;
  *(uint8_t*)0x20000625 = 0;
  *(uint8_t*)0x20000626 = 0;
  *(uint8_t*)0x20000627 = 0;
  *(uint8_t*)0x20000628 = 0;
  *(uint8_t*)0x20000629 = 0;
  *(uint8_t*)0x2000062a = 0;
  *(uint8_t*)0x2000062b = 0;
  *(uint8_t*)0x2000062c = 0;
  *(uint8_t*)0x2000062d = 0;
  *(uint8_t*)0x2000062e = 0;
  *(uint8_t*)0x2000062f = 0;
  *(uint8_t*)0x20000630 = 0;
  *(uint8_t*)0x20000631 = 0;
  *(uint8_t*)0x20000632 = 0;
  *(uint8_t*)0x20000633 = 0;
  *(uint8_t*)0x20000634 = 0;
  *(uint8_t*)0x20000635 = 0;
  *(uint8_t*)0x20000636 = 0;
  *(uint8_t*)0x20000637 = 0;
  *(uint8_t*)0x20000638 = 0;
  *(uint8_t*)0x20000639 = 0;
  *(uint8_t*)0x2000063a = 0;
  *(uint8_t*)0x2000063b = 0;
  *(uint32_t*)0x2000063c = 0;
  *(uint16_t*)0x20000640 = 0x70;
  *(uint16_t*)0x20000642 = 0x98;
  *(uint32_t*)0x20000644 = 0;
  *(uint64_t*)0x20000648 = 0;
  *(uint64_t*)0x20000650 = 0;
  *(uint16_t*)0x20000658 = 0x28;
  memcpy((void*)0x2000065a, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                            "\x00\x00\x00\x00\x00",
         29);
  *(uint8_t*)0x20000677 = 0;
  *(uint32_t*)0x20000678 = 0xfffffffe;
  syscall(__NR_setsockopt, r[0], 0, 0x40, 0x20000340, 0x340);
  *(uint8_t*)0x20000000 = 1;
  *(uint8_t*)0x20000001 = 0x80;
  *(uint8_t*)0x20000002 = 0xc2;
  *(uint8_t*)0x20000003 = 0;
  *(uint8_t*)0x20000004 = 0;
  *(uint8_t*)0x20000005 = 0;
  *(uint8_t*)0x20000006 = 0xaa;
  *(uint8_t*)0x20000007 = 0xaa;
  *(uint8_t*)0x20000008 = 0xaa;
  *(uint8_t*)0x20000009 = 0xaa;
  *(uint8_t*)0x2000000a = 0;
  *(uint8_t*)0x2000000b = 0;
  *(uint16_t*)0x2000000c = htobe16(0x800);
  STORE_BY_BITMASK(uint8_t, 0x2000000e, 5, 0, 4);
  STORE_BY_BITMASK(uint8_t, 0x2000000e, 4, 4, 4);
  STORE_BY_BITMASK(uint8_t, 0x2000000f, 0, 0, 2);
  STORE_BY_BITMASK(uint8_t, 0x2000000f, 0, 2, 6);
  *(uint16_t*)0x20000010 = htobe16(0x24);
  *(uint16_t*)0x20000012 = 0;
  *(uint16_t*)0x20000014 = htobe16(0);
  *(uint8_t*)0x20000016 = 0;
  *(uint8_t*)0x20000017 = 0;
  *(uint16_t*)0x20000018 = 0;
  *(uint8_t*)0x2000001a = 0xac;
  *(uint8_t*)0x2000001b = 0x14;
  *(uint8_t*)0x2000001c = 0;
  *(uint8_t*)0x2000001d = 0xaa;
  *(uint32_t*)0x2000001e = htobe32(-1);
  STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 0, 1);
  STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 1, 1);
  STORE_BY_BITMASK(uint16_t, 0x20000022, 1, 2, 1);
  STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 3, 1);
  STORE_BY_BITMASK(uint16_t, 0x20000022, 0xb, 4, 4);
  STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 8, 1);
  STORE_BY_BITMASK(uint16_t, 0x20000022, 0, 9, 4);
  STORE_BY_BITMASK(uint16_t, 0x20000022, 8, 13, 3);
  *(uint16_t*)0x20000024 = htobe16(0x880b);
  *(uint16_t*)0x20000026 = htobe16(0);
  *(uint16_t*)0x20000028 = htobe16(0);
  STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 0, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 1, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 2, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 3, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 4, 9);
  STORE_BY_BITMASK(uint16_t, 0x2000002a, 0, 13, 3);
  *(uint16_t*)0x2000002c = htobe16(0x800);
  STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 0, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 1, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 2, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 3, 1);
  STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 4, 9);
  STORE_BY_BITMASK(uint16_t, 0x2000002e, 0, 13, 3);
  *(uint16_t*)0x20000030 = htobe16(0x86dd);
  struct csum_inet csum_1;
  csum_inet_init(&csum_1);
  csum_inet_update(&csum_1, (const uint8_t*)0x2000000e, 20);
  *(uint16_t*)0x20000018 = csum_inet_digest(&csum_1);
}

int main()
{
  syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
  for (procid = 0; procid < 8; procid++) {
    if (fork() == 0) {
      for (;;) {
        loop();
      }
    }
  }
  sleep(1000000);
  return 0;
}