// https://syzkaller.appspot.com/bug?id=5b9d1e3232dc19d61832a76821bc5fc9b914b4cd // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } struct ipt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_entries; unsigned int size; }; struct ipt_get_entries { char name[32]; unsigned int size; void* entrytable[1024 / sizeof(void*)]; }; struct xt_counters { uint64_t pcnt, bcnt; }; struct ipt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_counters; struct xt_counters* counters; char entrytable[1024]; }; struct ipt_table_desc { const char* name; struct ipt_getinfo info; struct ipt_get_entries entries; struct ipt_replace replace; struct xt_counters counters[10]; }; static struct ipt_table_desc ipv4_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; #define IPT_BASE_CTL 64 #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) #define IPT_SO_GET_INFO (IPT_BASE_CTL) #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) static void checkpoint_net_namespace(void) { socklen_t optlen; unsigned i; int fd; fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(ipv4_tables) / sizeof(ipv4_tables[0]); i++) { struct ipt_table_desc* table = &ipv4_tables[i]; strcpy(table->info.name, table->name); strcpy(table->entries.name, table->name); strcpy(table->replace.name, table->name); optlen = sizeof(table->info); if (getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } fail("getsockopt(IPT_SO_GET_INFO)"); } if (table->info.size > sizeof(table->entries.entrytable)) fail("table size is too large: %u", table->info.size); if (table->info.num_entries > sizeof(table->counters) / sizeof(table->counters[0])) fail("too many counters: %u", table->info.num_entries); table->entries.size = table->info.size; optlen = sizeof(table->entries) - sizeof(table->entries.entrytable) + table->info.size; if (getsockopt(fd, SOL_IP, IPT_SO_GET_ENTRIES, &table->entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.counters = table->counters; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, table->entries.entrytable, table->info.size); } close(fd); } static void reset_net_namespace(void) { struct ipt_get_entries entries; struct ipt_getinfo info; socklen_t optlen; unsigned i; int fd; memset(&info, 0, sizeof(info)); memset(&entries, 0, sizeof(entries)); fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(ipv4_tables) / sizeof(ipv4_tables[0]); i++) { struct ipt_table_desc* table = &ipv4_tables[i]; if (table->info.valid_hooks == 0) continue; strcpy(info.name, table->name); optlen = sizeof(info); if (getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &info, &optlen)) fail("getsockopt(IPT_SO_GET_INFO)"); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, SOL_IP, IPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); if (memcmp(&table->entries, &entries, optlen) == 0) continue; } table->replace.num_counters = info.num_entries; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, SOL_IP, IPT_SO_SET_REPLACE, &table->replace, optlen)) fail("setsockopt(IPT_SO_SET_REPLACE)"); } close(fd); } static void test(); void loop() { int iter; checkpoint_net_namespace(); for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) fail("loop fork failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } reset_net_namespace(); } } long r[2]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0xfff000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 2, 1, 0); *(uint32_t*)0x20831000 = 6; *(uint16_t*)0x20831008 = 2; *(uint16_t*)0x2083100a = 0; *(uint32_t*)0x2083100c = htobe32(0xe0000002); *(uint8_t*)0x20831010 = 0; *(uint8_t*)0x20831011 = 0; *(uint8_t*)0x20831012 = 0; *(uint8_t*)0x20831013 = 0; *(uint8_t*)0x20831014 = 0; *(uint8_t*)0x20831015 = 0; *(uint8_t*)0x20831016 = 0; *(uint8_t*)0x20831017 = 0; *(uint64_t*)0x20831018 = 0; *(uint64_t*)0x20831020 = 0; *(uint64_t*)0x20831028 = 0; *(uint64_t*)0x20831030 = 0; *(uint64_t*)0x20831038 = 0; *(uint64_t*)0x20831040 = 0; *(uint64_t*)0x20831048 = 0; *(uint64_t*)0x20831050 = 0; *(uint64_t*)0x20831058 = 0; *(uint64_t*)0x20831060 = 0; *(uint64_t*)0x20831068 = 0; *(uint64_t*)0x20831070 = 0; *(uint64_t*)0x20831078 = 0; *(uint64_t*)0x20831080 = 0; *(uint64_t*)0x20831088 = 0; syscall(__NR_setsockopt, r[0], 0, 0x2a, 0x20831000, 0x90); r[1] = syscall(__NR_socket, 2, 0x805, 0); memcpy((void*)0x20016000, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20016020 = 0xe; *(uint32_t*)0x20016024 = 4; *(uint32_t*)0x20016028 = 0x280; *(uint32_t*)0x2001602c = -1; *(uint32_t*)0x20016030 = 0; *(uint32_t*)0x20016034 = 0; *(uint32_t*)0x20016038 = 0; *(uint32_t*)0x2001603c = -1; *(uint32_t*)0x20016040 = -1; *(uint32_t*)0x20016044 = 0; *(uint32_t*)0x20016048 = 0; *(uint32_t*)0x2001604c = 0; *(uint32_t*)0x20016050 = -1; *(uint32_t*)0x20016054 = 4; *(uint64_t*)0x20016058 = 0x20005fc0; *(uint8_t*)0x20016060 = 0; *(uint8_t*)0x20016061 = 0; *(uint8_t*)0x20016062 = 0; *(uint8_t*)0x20016063 = 0; *(uint8_t*)0x20016064 = 0; *(uint8_t*)0x20016065 = 0; *(uint8_t*)0x20016066 = 0; *(uint8_t*)0x20016067 = 0; *(uint8_t*)0x20016068 = 0; *(uint8_t*)0x20016069 = 0; *(uint8_t*)0x2001606a = 0; *(uint8_t*)0x2001606b = 0; *(uint8_t*)0x2001606c = 0; *(uint8_t*)0x2001606d = 0; *(uint8_t*)0x2001606e = 0; *(uint8_t*)0x2001606f = 0; *(uint8_t*)0x20016070 = 0; *(uint8_t*)0x20016071 = 0; *(uint8_t*)0x20016072 = 0; *(uint8_t*)0x20016073 = 0; *(uint8_t*)0x20016074 = 0; *(uint8_t*)0x20016075 = 0; *(uint8_t*)0x20016076 = 0; *(uint8_t*)0x20016077 = 0; *(uint8_t*)0x20016078 = 0; *(uint8_t*)0x20016079 = 0; *(uint8_t*)0x2001607a = 0; *(uint8_t*)0x2001607b = 0; *(uint8_t*)0x2001607c = 0; *(uint8_t*)0x2001607d = 0; *(uint8_t*)0x2001607e = 0; *(uint8_t*)0x2001607f = 0; *(uint8_t*)0x20016080 = 0; *(uint8_t*)0x20016081 = 0; *(uint8_t*)0x20016082 = 0; *(uint8_t*)0x20016083 = 0; *(uint8_t*)0x20016084 = 0; *(uint8_t*)0x20016085 = 0; *(uint8_t*)0x20016086 = 0; *(uint8_t*)0x20016087 = 0; *(uint8_t*)0x20016088 = 0; *(uint8_t*)0x20016089 = 0; *(uint8_t*)0x2001608a = 0; *(uint8_t*)0x2001608b = 0; *(uint8_t*)0x2001608c = 0; *(uint8_t*)0x2001608d = 0; *(uint8_t*)0x2001608e = 0; *(uint8_t*)0x2001608f = 0; *(uint8_t*)0x20016090 = 0; *(uint8_t*)0x20016091 = 0; *(uint8_t*)0x20016092 = 0; *(uint8_t*)0x20016093 = 0; *(uint8_t*)0x20016094 = 0; *(uint8_t*)0x20016095 = 0; *(uint8_t*)0x20016096 = 0; *(uint8_t*)0x20016097 = 0; *(uint8_t*)0x20016098 = 0; *(uint8_t*)0x20016099 = 0; *(uint8_t*)0x2001609a = 0; *(uint8_t*)0x2001609b = 0; *(uint8_t*)0x2001609c = 0; *(uint8_t*)0x2001609d = 0; *(uint8_t*)0x2001609e = 0; *(uint8_t*)0x2001609f = 0; *(uint8_t*)0x200160a0 = 0; *(uint8_t*)0x200160a1 = 0; *(uint8_t*)0x200160a2 = 0; *(uint8_t*)0x200160a3 = 0; *(uint8_t*)0x200160a4 = 0; *(uint8_t*)0x200160a5 = 0; *(uint8_t*)0x200160a6 = 0; *(uint8_t*)0x200160a7 = 0; *(uint8_t*)0x200160a8 = 0; *(uint8_t*)0x200160a9 = 0; *(uint8_t*)0x200160aa = 0; *(uint8_t*)0x200160ab = 0; *(uint8_t*)0x200160ac = 0; *(uint8_t*)0x200160ad = 0; *(uint8_t*)0x200160ae = 0; *(uint8_t*)0x200160af = 0; *(uint8_t*)0x200160b0 = 0; *(uint8_t*)0x200160b1 = 0; *(uint8_t*)0x200160b2 = 0; *(uint8_t*)0x200160b3 = 0; *(uint32_t*)0x200160b4 = 0; *(uint16_t*)0x200160b8 = 0x70; *(uint16_t*)0x200160ba = 0x98; *(uint32_t*)0x200160bc = 0; *(uint64_t*)0x200160c0 = 0; *(uint64_t*)0x200160c8 = 0; *(uint16_t*)0x200160d0 = 0x28; memcpy((void*)0x200160d2, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200160ef = 0; *(uint32_t*)0x200160f0 = 0xfffffffe; *(uint8_t*)0x200160f8 = 0; *(uint8_t*)0x200160f9 = 0; *(uint8_t*)0x200160fa = 0; *(uint8_t*)0x200160fb = 0; *(uint8_t*)0x200160fc = 0; *(uint8_t*)0x200160fd = 0; *(uint8_t*)0x200160fe = 0; *(uint8_t*)0x200160ff = 0; *(uint8_t*)0x20016100 = 0; *(uint8_t*)0x20016101 = 0; *(uint8_t*)0x20016102 = 0; *(uint8_t*)0x20016103 = 0; *(uint8_t*)0x20016104 = 0; *(uint8_t*)0x20016105 = 0; *(uint8_t*)0x20016106 = 0; *(uint8_t*)0x20016107 = 0; *(uint8_t*)0x20016108 = 0; *(uint8_t*)0x20016109 = 0; *(uint8_t*)0x2001610a = 0; *(uint8_t*)0x2001610b = 0; *(uint8_t*)0x2001610c = 0; *(uint8_t*)0x2001610d = 0; *(uint8_t*)0x2001610e = 0; *(uint8_t*)0x2001610f = 0; *(uint8_t*)0x20016110 = 0; *(uint8_t*)0x20016111 = 0; *(uint8_t*)0x20016112 = 0; *(uint8_t*)0x20016113 = 0; *(uint8_t*)0x20016114 = 0; *(uint8_t*)0x20016115 = 0; *(uint8_t*)0x20016116 = 0; *(uint8_t*)0x20016117 = 0; *(uint8_t*)0x20016118 = 0; *(uint8_t*)0x20016119 = 0; *(uint8_t*)0x2001611a = 0; *(uint8_t*)0x2001611b = 0; *(uint8_t*)0x2001611c = 0; *(uint8_t*)0x2001611d = 0; *(uint8_t*)0x2001611e = 0; *(uint8_t*)0x2001611f = 0; *(uint8_t*)0x20016120 = 0; *(uint8_t*)0x20016121 = 0; *(uint8_t*)0x20016122 = 0; *(uint8_t*)0x20016123 = 0; *(uint8_t*)0x20016124 = 0; *(uint8_t*)0x20016125 = 0; *(uint8_t*)0x20016126 = 0; *(uint8_t*)0x20016127 = 0; *(uint8_t*)0x20016128 = 0; *(uint8_t*)0x20016129 = 0; *(uint8_t*)0x2001612a = 0; *(uint8_t*)0x2001612b = 0; *(uint8_t*)0x2001612c = 0; *(uint8_t*)0x2001612d = 0; *(uint8_t*)0x2001612e = 0; *(uint8_t*)0x2001612f = 0; *(uint8_t*)0x20016130 = 0; *(uint8_t*)0x20016131 = 0; *(uint8_t*)0x20016132 = 0; *(uint8_t*)0x20016133 = 0; *(uint8_t*)0x20016134 = 0; *(uint8_t*)0x20016135 = 0; *(uint8_t*)0x20016136 = 0; *(uint8_t*)0x20016137 = 0; *(uint8_t*)0x20016138 = 0; *(uint8_t*)0x20016139 = 0; *(uint8_t*)0x2001613a = 0; *(uint8_t*)0x2001613b = 0; *(uint8_t*)0x2001613c = 0; *(uint8_t*)0x2001613d = 0; *(uint8_t*)0x2001613e = 0; *(uint8_t*)0x2001613f = 0; *(uint8_t*)0x20016140 = 0; *(uint8_t*)0x20016141 = 0; *(uint8_t*)0x20016142 = 0; *(uint8_t*)0x20016143 = 0; *(uint8_t*)0x20016144 = 0; *(uint8_t*)0x20016145 = 0; *(uint8_t*)0x20016146 = 0; *(uint8_t*)0x20016147 = 0; *(uint8_t*)0x20016148 = 0; *(uint8_t*)0x20016149 = 0; *(uint8_t*)0x2001614a = 0; *(uint8_t*)0x2001614b = 0; *(uint32_t*)0x2001614c = 0; *(uint16_t*)0x20016150 = 0x70; *(uint16_t*)0x20016152 = 0x98; *(uint32_t*)0x20016154 = 0; *(uint64_t*)0x20016158 = 0; *(uint64_t*)0x20016160 = 0; *(uint16_t*)0x20016168 = 0x28; memcpy((void*)0x2001616a, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20016187 = 0; *(uint32_t*)0x20016188 = 0; *(uint8_t*)0x20016190 = 0xac; *(uint8_t*)0x20016191 = 0x14; *(uint8_t*)0x20016192 = 0; *(uint8_t*)0x20016193 = 0xaa; *(uint8_t*)0x20016194 = 0xac; *(uint8_t*)0x20016195 = 0x14; *(uint8_t*)0x20016196 = 0; *(uint8_t*)0x20016197 = 0xaa; *(uint32_t*)0x20016198 = htobe32(0); *(uint32_t*)0x2001619c = htobe32(0); memcpy((void*)0x200161a0, "\x69\x70\x5f\x76\x74\x69\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x200161b0 = 0x73; *(uint8_t*)0x200161b1 = 0x79; *(uint8_t*)0x200161b2 = 0x7a; *(uint8_t*)0x200161b3 = 0; *(uint8_t*)0x200161b4 = 0; *(uint8_t*)0x200161c0 = 0; *(uint8_t*)0x200161c1 = 0; *(uint8_t*)0x200161c2 = 0; *(uint8_t*)0x200161c3 = 0; *(uint8_t*)0x200161c4 = 0; *(uint8_t*)0x200161c5 = 0; *(uint8_t*)0x200161c6 = 0; *(uint8_t*)0x200161c7 = 0; *(uint8_t*)0x200161c8 = 0; *(uint8_t*)0x200161c9 = 0; *(uint8_t*)0x200161ca = 0; *(uint8_t*)0x200161cb = 0; *(uint8_t*)0x200161cc = 0; *(uint8_t*)0x200161cd = 0; *(uint8_t*)0x200161ce = 0; *(uint8_t*)0x200161cf = 0; *(uint8_t*)0x200161d0 = 0; *(uint8_t*)0x200161d1 = 0; *(uint8_t*)0x200161d2 = 0; *(uint8_t*)0x200161d3 = 0; *(uint8_t*)0x200161d4 = 0; *(uint8_t*)0x200161d5 = 0; *(uint8_t*)0x200161d6 = 0; *(uint8_t*)0x200161d7 = 0; *(uint8_t*)0x200161d8 = 0; *(uint8_t*)0x200161d9 = 0; *(uint8_t*)0x200161da = 0; *(uint8_t*)0x200161db = 0; *(uint8_t*)0x200161dc = 0; *(uint8_t*)0x200161dd = 0; *(uint8_t*)0x200161de = 0; *(uint8_t*)0x200161df = 0; *(uint16_t*)0x200161e0 = 0; *(uint8_t*)0x200161e2 = 0; *(uint8_t*)0x200161e3 = 0; *(uint32_t*)0x200161e4 = 0; *(uint16_t*)0x200161e8 = 0x70; *(uint16_t*)0x200161ea = 0x98; *(uint32_t*)0x200161ec = 0; *(uint64_t*)0x200161f0 = 0; *(uint64_t*)0x200161f8 = 0; *(uint16_t*)0x20016200 = 0x28; memcpy((void*)0x20016202, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2001621f = 0; *(uint32_t*)0x20016220 = 0; *(uint32_t*)0x20016228 = htobe32(0); *(uint8_t*)0x2001622c = 0xac; *(uint8_t*)0x2001622d = 0x14; *(uint8_t*)0x2001622e = 0; *(uint8_t*)0x2001622f = 0; *(uint32_t*)0x20016230 = htobe32(0); *(uint32_t*)0x20016234 = htobe32(0); memcpy((void*)0x20016238, "\x23\x61\xb4\x85\x22\x95\x29\x61\x9c\x57\xba\x71\x8a\xb8\xab\x68", 16); memcpy((void*)0x20016248, "\xdf\xac\xf2\xbb\x67\xac\x65\x31\x7f\x3c\xb3\x95\x8c\xac\x31\x46", 16); *(uint8_t*)0x20016258 = 0; *(uint8_t*)0x20016259 = 0; *(uint8_t*)0x2001625a = 0; *(uint8_t*)0x2001625b = 0; *(uint8_t*)0x2001625c = 0; *(uint8_t*)0x2001625d = 0; *(uint8_t*)0x2001625e = 0; *(uint8_t*)0x2001625f = 0; *(uint8_t*)0x20016260 = 0; *(uint8_t*)0x20016261 = 0; *(uint8_t*)0x20016262 = 0; *(uint8_t*)0x20016263 = 0; *(uint8_t*)0x20016264 = 0; *(uint8_t*)0x20016265 = 0; *(uint8_t*)0x20016266 = 0; *(uint8_t*)0x20016267 = 0; *(uint8_t*)0x20016268 = 0; *(uint8_t*)0x20016269 = 0; *(uint8_t*)0x2001626a = 0; *(uint8_t*)0x2001626b = 0; *(uint8_t*)0x2001626c = 0; *(uint8_t*)0x2001626d = 0; *(uint8_t*)0x2001626e = 0; *(uint8_t*)0x2001626f = 0; *(uint8_t*)0x20016270 = 0; *(uint8_t*)0x20016271 = 0; *(uint8_t*)0x20016272 = 0; *(uint8_t*)0x20016273 = 0; *(uint8_t*)0x20016274 = 0; *(uint8_t*)0x20016275 = 0; *(uint8_t*)0x20016276 = 0; *(uint8_t*)0x20016277 = 0; *(uint16_t*)0x20016278 = 0; *(uint8_t*)0x2001627a = 0; *(uint8_t*)0x2001627b = 0; *(uint32_t*)0x2001627c = 0; *(uint16_t*)0x20016280 = 0x70; *(uint16_t*)0x20016282 = 0xb8; *(uint32_t*)0x20016284 = 0; *(uint64_t*)0x20016288 = 0; *(uint64_t*)0x20016290 = 0; *(uint16_t*)0x20016298 = 0x48; memcpy((void*)0x2001629a, "\x54\x45\x45\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200162b7 = 1; *(uint8_t*)0x200162b8 = 0xfe; *(uint8_t*)0x200162b9 = 0x80; *(uint8_t*)0x200162ba = 0; *(uint8_t*)0x200162bb = 0; *(uint8_t*)0x200162bc = 0; *(uint8_t*)0x200162bd = 0; *(uint8_t*)0x200162be = 0; *(uint8_t*)0x200162bf = 0; *(uint8_t*)0x200162c0 = 0; *(uint8_t*)0x200162c1 = 0; *(uint8_t*)0x200162c2 = 0; *(uint8_t*)0x200162c3 = 0; *(uint8_t*)0x200162c4 = 0; *(uint8_t*)0x200162c5 = 0; *(uint8_t*)0x200162c6 = 0; *(uint8_t*)0x200162c7 = 0; *(uint8_t*)0x200162c8 = 0x73; *(uint8_t*)0x200162c9 = 0x79; *(uint8_t*)0x200162ca = 0x7a; *(uint8_t*)0x200162cb = 0; *(uint8_t*)0x200162cc = 0; *(uint64_t*)0x200162d8 = 0; *(uint64_t*)0x20005fc0 = 0; *(uint64_t*)0x20005fc8 = 0; *(uint64_t*)0x20005fd0 = 0; *(uint64_t*)0x20005fd8 = 0; *(uint64_t*)0x20005fe0 = 0; *(uint64_t*)0x20005fe8 = 0; *(uint64_t*)0x20005ff0 = 0; *(uint64_t*)0x20005ff8 = 0; syscall(__NR_setsockopt, r[1], 0, 0x40, 0x20016000, 0x2e0); } int main() { for (;;) { loop(); } }