// https://syzkaller.appspot.com/bug?id=004b0f7b61d4901cbfecfc33de7996e8cbe0a278 // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include uint64_t r[1] = {0xffffffffffffffff}; void loop() { long res = 0; res = syscall(__NR_socket, 0x2b, 1, 0); if (res != -1) r[0] = res; *(uint64_t*)0x20003240 = 0x20000040; *(uint16_t*)0x20000040 = 0x10; *(uint16_t*)0x20000042 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0x8000800; *(uint32_t*)0x20003248 = 0xc; *(uint64_t*)0x20003250 = 0x20003200; *(uint64_t*)0x20003200 = 0x200029c0; *(uint32_t*)0x200029c0 = 0x830; *(uint16_t*)0x200029c4 = 0; *(uint16_t*)0x200029c6 = 0x800; *(uint32_t*)0x200029c8 = 0x70bd2a; *(uint32_t*)0x200029cc = 0x25dfdbfd; *(uint8_t*)0x200029d0 = 2; *(uint8_t*)0x200029d1 = 0; *(uint16_t*)0x200029d2 = 0; *(uint16_t*)0x200029d4 = 8; *(uint16_t*)0x200029d6 = 1; *(uint32_t*)0x200029d8 = 0; *(uint16_t*)0x200029dc = 0xbc; *(uint16_t*)0x200029de = 2; *(uint16_t*)0x200029e0 = 0x40; *(uint16_t*)0x200029e2 = 1; *(uint16_t*)0x200029e4 = 0x24; *(uint16_t*)0x200029e6 = 1; memcpy((void*)0x200029e8, "\x6c\x62\x5f\x68\x61\x73\x68\x5f\x73\x74\x61\x74" "\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002a08 = 8; *(uint16_t*)0x20002a0a = 3; *(uint8_t*)0x20002a0c = 0xb; *(uint16_t*)0x20002a10 = 8; *(uint16_t*)0x20002a12 = 4; *(uint32_t*)0x20002a14 = 8; *(uint16_t*)0x20002a18 = 8; *(uint16_t*)0x20002a1a = 7; *(uint32_t*)0x20002a1c = 0; *(uint16_t*)0x20002a20 = 0x38; *(uint16_t*)0x20002a22 = 1; *(uint16_t*)0x20002a24 = 0x24; *(uint16_t*)0x20002a26 = 1; memcpy((void*)0x20002a28, "\x6d\x63\x61\x73\x74\x5f\x72\x65\x6a\x6f\x69\x6e" "\x5f\x69\x6e\x74\x65\x72\x76\x61\x6c\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002a48 = 8; *(uint16_t*)0x20002a4a = 3; *(uint8_t*)0x20002a4c = 3; *(uint16_t*)0x20002a50 = 8; *(uint16_t*)0x20002a52 = 4; *(uint32_t*)0x20002a54 = 0x7fff; *(uint16_t*)0x20002a58 = 0x40; *(uint16_t*)0x20002a5a = 1; *(uint16_t*)0x20002a5c = 0x24; *(uint16_t*)0x20002a5e = 1; memcpy((void*)0x20002a60, "\x6c\x62\x5f\x68\x61\x73\x68\x5f\x73\x74\x61\x74" "\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002a80 = 8; *(uint16_t*)0x20002a82 = 3; *(uint8_t*)0x20002a84 = 0xb; *(uint16_t*)0x20002a88 = 8; *(uint16_t*)0x20002a8a = 4; *(uint32_t*)0x20002a8c = 6; *(uint16_t*)0x20002a90 = 8; *(uint16_t*)0x20002a92 = 7; *(uint32_t*)0x20002a94 = 0; *(uint16_t*)0x20002a98 = 8; *(uint16_t*)0x20002a9a = 1; *(uint32_t*)0x20002a9c = 0; *(uint16_t*)0x20002aa0 = 0x260; *(uint16_t*)0x20002aa2 = 2; *(uint16_t*)0x20002aa4 = 0x38; *(uint16_t*)0x20002aa6 = 1; *(uint16_t*)0x20002aa8 = 0x24; *(uint16_t*)0x20002aaa = 1; memcpy((void*)0x20002aac, "\x6d\x63\x61\x73\x74\x5f\x72\x65\x6a\x6f\x69\x6e" "\x5f\x69\x6e\x74\x65\x72\x76\x61\x6c\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002acc = 8; *(uint16_t*)0x20002ace = 3; *(uint8_t*)0x20002ad0 = 3; *(uint16_t*)0x20002ad4 = 8; *(uint16_t*)0x20002ad6 = 4; *(uint32_t*)0x20002ad8 = 0xd78; *(uint16_t*)0x20002adc = 0x40; *(uint16_t*)0x20002ade = 1; *(uint16_t*)0x20002ae0 = 0x24; *(uint16_t*)0x20002ae2 = 1; memcpy((void*)0x20002ae4, "\x71\x75\x65\x75\x65\x5f\x69\x64\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002b04 = 8; *(uint16_t*)0x20002b06 = 3; *(uint8_t*)0x20002b08 = 3; *(uint16_t*)0x20002b0c = 8; *(uint16_t*)0x20002b0e = 4; *(uint32_t*)0x20002b10 = 1; *(uint16_t*)0x20002b14 = 8; *(uint16_t*)0x20002b16 = 6; *(uint32_t*)0x20002b18 = 0; *(uint16_t*)0x20002b1c = 0x38; *(uint16_t*)0x20002b1e = 1; *(uint16_t*)0x20002b20 = 0x24; *(uint16_t*)0x20002b22 = 1; memcpy((void*)0x20002b24, "\x6d\x63\x61\x73\x74\x5f\x72\x65\x6a\x6f\x69\x6e" "\x5f\x69\x6e\x74\x65\x72\x76\x61\x6c\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002b44 = 8; *(uint16_t*)0x20002b46 = 3; *(uint8_t*)0x20002b48 = 3; *(uint16_t*)0x20002b4c = 8; *(uint16_t*)0x20002b4e = 4; *(uint32_t*)0x20002b50 = 5; *(uint16_t*)0x20002b54 = 0x40; *(uint16_t*)0x20002b56 = 1; *(uint16_t*)0x20002b58 = 0x24; *(uint16_t*)0x20002b5a = 1; memcpy((void*)0x20002b5c, "\x6c\x62\x5f\x74\x78\x5f\x68\x61\x73\x68\x5f\x74" "\x6f\x5f\x70\x6f\x72\x74\x5f\x6d\x61\x70\x70\x69" "\x6e\x67\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002b7c = 8; *(uint16_t*)0x20002b7e = 3; *(uint8_t*)0x20002b80 = 3; *(uint16_t*)0x20002b84 = 8; *(uint16_t*)0x20002b86 = 4; *(uint32_t*)0x20002b88 = 0; *(uint16_t*)0x20002b8c = 8; *(uint16_t*)0x20002b8e = 7; *(uint32_t*)0x20002b90 = 0; *(uint16_t*)0x20002b94 = 0x38; *(uint16_t*)0x20002b96 = 1; *(uint16_t*)0x20002b98 = 0x24; *(uint16_t*)0x20002b9a = 1; memcpy((void*)0x20002b9c, "\x6d\x63\x61\x73\x74\x5f\x72\x65\x6a\x6f\x69\x6e" "\x5f\x69\x6e\x74\x65\x72\x76\x61\x6c\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002bbc = 8; *(uint16_t*)0x20002bbe = 3; *(uint8_t*)0x20002bc0 = 3; *(uint16_t*)0x20002bc4 = 8; *(uint16_t*)0x20002bc6 = 4; *(uint32_t*)0x20002bc8 = 5; *(uint16_t*)0x20002bcc = 0x3c; *(uint16_t*)0x20002bce = 1; *(uint16_t*)0x20002bd0 = 0x24; *(uint16_t*)0x20002bd2 = 1; memcpy((void*)0x20002bd4, "\x65\x6e\x61\x62\x6c\x65\x64\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002bf4 = 8; *(uint16_t*)0x20002bf6 = 3; *(uint8_t*)0x20002bf8 = 6; *(uint16_t*)0x20002bfc = 4; *(uint16_t*)0x20002bfe = 4; *(uint16_t*)0x20002c00 = 8; *(uint16_t*)0x20002c02 = 6; *(uint32_t*)0x20002c04 = 0; *(uint16_t*)0x20002c08 = 0x3c; *(uint16_t*)0x20002c0a = 1; *(uint16_t*)0x20002c0c = 0x24; *(uint16_t*)0x20002c0e = 1; memcpy((void*)0x20002c10, "\x6d\x6f\x64\x65\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002c30 = 8; *(uint16_t*)0x20002c32 = 3; *(uint8_t*)0x20002c34 = 5; *(uint16_t*)0x20002c38 = 0xc; *(uint16_t*)0x20002c3a = 4; memcpy((void*)0x20002c3c, "random", 7); *(uint16_t*)0x20002c44 = 0x38; *(uint16_t*)0x20002c46 = 1; *(uint16_t*)0x20002c48 = 0x24; *(uint16_t*)0x20002c4a = 1; memcpy((void*)0x20002c4c, "\x6d\x63\x61\x73\x74\x5f\x72\x65\x6a\x6f\x69\x6e" "\x5f\x69\x6e\x74\x65\x72\x76\x61\x6c\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002c6c = 8; *(uint16_t*)0x20002c6e = 3; *(uint8_t*)0x20002c70 = 3; *(uint16_t*)0x20002c74 = 8; *(uint16_t*)0x20002c76 = 4; *(uint32_t*)0x20002c78 = 0; *(uint16_t*)0x20002c7c = 0x38; *(uint16_t*)0x20002c7e = 1; *(uint16_t*)0x20002c80 = 0x24; *(uint16_t*)0x20002c82 = 1; memcpy((void*)0x20002c84, "\x6d\x63\x61\x73\x74\x5f\x72\x65\x6a\x6f\x69\x6e" "\x5f\x63\x6f\x75\x6e\x74\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002ca4 = 8; *(uint16_t*)0x20002ca6 = 3; *(uint8_t*)0x20002ca8 = 3; *(uint16_t*)0x20002cac = 8; *(uint16_t*)0x20002cae = 4; *(uint32_t*)0x20002cb0 = 0x7fffffff; *(uint16_t*)0x20002cb4 = 0x4c; *(uint16_t*)0x20002cb6 = 1; *(uint16_t*)0x20002cb8 = 0x24; *(uint16_t*)0x20002cba = 1; memcpy((void*)0x20002cbc, "\x6c\x62\x5f\x74\x78\x5f\x6d\x65\x74\x68\x6f\x64" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002cdc = 8; *(uint16_t*)0x20002cde = 3; *(uint8_t*)0x20002ce0 = 5; *(uint16_t*)0x20002ce4 = 0x1c; *(uint16_t*)0x20002ce6 = 4; memcpy((void*)0x20002ce8, "hash_to_port_mapping", 21); *(uint16_t*)0x20002d00 = 8; *(uint16_t*)0x20002d02 = 1; *(uint32_t*)0x20002d04 = 0; *(uint16_t*)0x20002d08 = 0x180; *(uint16_t*)0x20002d0a = 2; *(uint16_t*)0x20002d0c = 0x38; *(uint16_t*)0x20002d0e = 1; *(uint16_t*)0x20002d10 = 0x24; *(uint16_t*)0x20002d12 = 1; memcpy((void*)0x20002d14, "\x6d\x63\x61\x73\x74\x5f\x72\x65\x6a\x6f\x69\x6e" "\x5f\x63\x6f\x75\x6e\x74\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002d34 = 8; *(uint16_t*)0x20002d36 = 3; *(uint8_t*)0x20002d38 = 3; *(uint16_t*)0x20002d3c = 8; *(uint16_t*)0x20002d3e = 4; *(uint32_t*)0x20002d40 = 0x830; *(uint16_t*)0x20002d44 = 0x38; *(uint16_t*)0x20002d46 = 1; *(uint16_t*)0x20002d48 = 0x24; *(uint16_t*)0x20002d4a = 1; memcpy((void*)0x20002d4c, "\x6e\x6f\x74\x69\x66\x79\x5f\x70\x65\x65\x72\x73" "\x5f\x63\x6f\x75\x6e\x74\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002d6c = 8; *(uint16_t*)0x20002d6e = 3; *(uint8_t*)0x20002d70 = 3; *(uint16_t*)0x20002d74 = 8; *(uint16_t*)0x20002d76 = 4; *(uint32_t*)0x20002d78 = 0xf00; *(uint16_t*)0x20002d7c = 0x40; *(uint16_t*)0x20002d7e = 1; *(uint16_t*)0x20002d80 = 0x24; *(uint16_t*)0x20002d82 = 1; memcpy((void*)0x20002d84, "\x6d\x6f\x64\x65\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002da4 = 8; *(uint16_t*)0x20002da6 = 3; *(uint8_t*)0x20002da8 = 5; *(uint16_t*)0x20002dac = 0x10; *(uint16_t*)0x20002dae = 4; memcpy((void*)0x20002db0, "loadbalance", 12); *(uint16_t*)0x20002dbc = 0x38; *(uint16_t*)0x20002dbe = 1; *(uint16_t*)0x20002dc0 = 0x24; *(uint16_t*)0x20002dc2 = 1; memcpy((void*)0x20002dc4, "\x6e\x6f\x74\x69\x66\x79\x5f\x70\x65\x65\x72\x73" "\x5f\x63\x6f\x75\x6e\x74\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002de4 = 8; *(uint16_t*)0x20002de6 = 3; *(uint8_t*)0x20002de8 = 3; *(uint16_t*)0x20002dec = 8; *(uint16_t*)0x20002dee = 4; *(uint32_t*)0x20002df0 = 0x80; *(uint16_t*)0x20002df4 = 0x40; *(uint16_t*)0x20002df6 = 1; *(uint16_t*)0x20002df8 = 0x24; *(uint16_t*)0x20002dfa = 1; memcpy((void*)0x20002dfc, "\x6c\x62\x5f\x74\x78\x5f\x68\x61\x73\x68\x5f\x74" "\x6f\x5f\x70\x6f\x72\x74\x5f\x6d\x61\x70\x70\x69" "\x6e\x67\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002e1c = 8; *(uint16_t*)0x20002e1e = 3; *(uint8_t*)0x20002e20 = 3; *(uint16_t*)0x20002e24 = 8; *(uint16_t*)0x20002e26 = 4; *(uint32_t*)0x20002e28 = 0; *(uint16_t*)0x20002e2c = 8; *(uint16_t*)0x20002e2e = 7; *(uint32_t*)0x20002e30 = 0; *(uint16_t*)0x20002e34 = 0x54; *(uint16_t*)0x20002e36 = 1; *(uint16_t*)0x20002e38 = 0x24; *(uint16_t*)0x20002e3a = 1; memcpy((void*)0x20002e3c, "\x62\x70\x66\x5f\x68\x61\x73\x68\x5f\x66\x75\x6e" "\x63\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002e5c = 8; *(uint16_t*)0x20002e5e = 3; *(uint8_t*)0x20002e60 = 0xb; *(uint16_t*)0x20002e64 = 0x24; *(uint16_t*)0x20002e66 = 4; *(uint16_t*)0x20002e68 = 5; *(uint8_t*)0x20002e6a = 0x40; *(uint8_t*)0x20002e6b = -1; *(uint32_t*)0x20002e6c = 0; *(uint16_t*)0x20002e70 = 0x800; *(uint8_t*)0x20002e72 = 0; *(uint8_t*)0x20002e73 = 0xfa; *(uint32_t*)0x20002e74 = 0x80000001; *(uint16_t*)0x20002e78 = -1; *(uint8_t*)0x20002e7a = 1; *(uint8_t*)0x20002e7b = 0x3f; *(uint32_t*)0x20002e7c = 7; *(uint16_t*)0x20002e80 = 9; *(uint8_t*)0x20002e82 = 0; *(uint8_t*)0x20002e83 = 0x20; *(uint32_t*)0x20002e84 = 0x800; *(uint16_t*)0x20002e88 = 8; *(uint16_t*)0x20002e8a = 1; *(uint32_t*)0x20002e8c = 0; *(uint16_t*)0x20002e90 = 0xc0; *(uint16_t*)0x20002e92 = 2; *(uint16_t*)0x20002e94 = 0x40; *(uint16_t*)0x20002e96 = 1; *(uint16_t*)0x20002e98 = 0x24; *(uint16_t*)0x20002e9a = 1; memcpy((void*)0x20002e9c, "\x6c\x62\x5f\x70\x6f\x72\x74\x5f\x73\x74\x61\x74" "\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002ebc = 8; *(uint16_t*)0x20002ebe = 3; *(uint8_t*)0x20002ec0 = 0xb; *(uint16_t*)0x20002ec4 = 8; *(uint16_t*)0x20002ec6 = 4; *(uint32_t*)0x20002ec8 = 0x37; *(uint16_t*)0x20002ecc = 8; *(uint16_t*)0x20002ece = 6; *(uint32_t*)0x20002ed0 = 0; *(uint16_t*)0x20002ed4 = 0x40; *(uint16_t*)0x20002ed6 = 1; *(uint16_t*)0x20002ed8 = 0x24; *(uint16_t*)0x20002eda = 1; memcpy((void*)0x20002edc, "\x6c\x62\x5f\x68\x61\x73\x68\x5f\x73\x74\x61\x74" "\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002efc = 8; *(uint16_t*)0x20002efe = 3; *(uint8_t*)0x20002f00 = 0xb; *(uint16_t*)0x20002f04 = 8; *(uint16_t*)0x20002f06 = 4; *(uint32_t*)0x20002f08 = 7; *(uint16_t*)0x20002f0c = 8; *(uint16_t*)0x20002f0e = 7; *(uint32_t*)0x20002f10 = 0; *(uint16_t*)0x20002f14 = 0x3c; *(uint16_t*)0x20002f16 = 1; *(uint16_t*)0x20002f18 = 0x24; *(uint16_t*)0x20002f1a = 1; memcpy((void*)0x20002f1c, "\x75\x73\x65\x72\x5f\x6c\x69\x6e\x6b\x75\x70\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002f3c = 8; *(uint16_t*)0x20002f3e = 3; *(uint8_t*)0x20002f40 = 6; *(uint16_t*)0x20002f44 = 4; *(uint16_t*)0x20002f46 = 4; *(uint16_t*)0x20002f48 = 8; *(uint16_t*)0x20002f4a = 6; *(uint32_t*)0x20002f4c = 0; *(uint16_t*)0x20002f50 = 8; *(uint16_t*)0x20002f52 = 1; *(uint32_t*)0x20002f54 = 0; *(uint16_t*)0x20002f58 = 0x1ac; *(uint16_t*)0x20002f5a = 2; *(uint16_t*)0x20002f5c = 0x40; *(uint16_t*)0x20002f5e = 1; *(uint16_t*)0x20002f60 = 0x24; *(uint16_t*)0x20002f62 = 1; memcpy((void*)0x20002f64, "\x71\x75\x65\x75\x65\x5f\x69\x64\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002f84 = 8; *(uint16_t*)0x20002f86 = 3; *(uint8_t*)0x20002f88 = 3; *(uint16_t*)0x20002f8c = 8; *(uint16_t*)0x20002f8e = 4; *(uint32_t*)0x20002f90 = 0x821d; *(uint16_t*)0x20002f94 = 8; *(uint16_t*)0x20002f96 = 6; *(uint32_t*)0x20002f98 = 0; *(uint16_t*)0x20002f9c = 0x40; *(uint16_t*)0x20002f9e = 1; *(uint16_t*)0x20002fa0 = 0x24; *(uint16_t*)0x20002fa2 = 1; memcpy((void*)0x20002fa4, "\x6c\x62\x5f\x68\x61\x73\x68\x5f\x73\x74\x61\x74" "\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20002fc4 = 8; *(uint16_t*)0x20002fc6 = 3; *(uint8_t*)0x20002fc8 = 0xb; *(uint16_t*)0x20002fcc = 8; *(uint16_t*)0x20002fce = 4; *(uint32_t*)0x20002fd0 = -1; *(uint16_t*)0x20002fd4 = 8; *(uint16_t*)0x20002fd6 = 7; *(uint32_t*)0x20002fd8 = 0; *(uint16_t*)0x20002fdc = 0x38; *(uint16_t*)0x20002fde = 1; *(uint16_t*)0x20002fe0 = 0x24; *(uint16_t*)0x20002fe2 = 1; memcpy((void*)0x20002fe4, "\x6c\x62\x5f\x73\x74\x61\x74\x73\x5f\x72\x65\x66" "\x72\x65\x73\x68\x5f\x69\x6e\x74\x65\x72\x76\x61" "\x6c\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20003004 = 8; *(uint16_t*)0x20003006 = 3; *(uint8_t*)0x20003008 = 3; *(uint16_t*)0x2000300c = 8; *(uint16_t*)0x2000300e = 4; *(uint32_t*)0x20003010 = 0x6ba1; *(uint16_t*)0x20003014 = 0x38; *(uint16_t*)0x20003016 = 1; *(uint16_t*)0x20003018 = 0x24; *(uint16_t*)0x2000301a = 1; memcpy((void*)0x2000301c, "\x6c\x62\x5f\x73\x74\x61\x74\x73\x5f\x72\x65\x66" "\x72\x65\x73\x68\x5f\x69\x6e\x74\x65\x72\x76\x61" "\x6c\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x2000303c = 8; *(uint16_t*)0x2000303e = 3; *(uint8_t*)0x20003040 = 3; *(uint16_t*)0x20003044 = 8; *(uint16_t*)0x20003046 = 4; *(uint32_t*)0x20003048 = 7; *(uint16_t*)0x2000304c = 0x3c; *(uint16_t*)0x2000304e = 1; *(uint16_t*)0x20003050 = 0x24; *(uint16_t*)0x20003052 = 1; memcpy((void*)0x20003054, "\x65\x6e\x61\x62\x6c\x65\x64\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20003074 = 8; *(uint16_t*)0x20003076 = 3; *(uint8_t*)0x20003078 = 6; *(uint16_t*)0x2000307c = 4; *(uint16_t*)0x2000307e = 4; *(uint16_t*)0x20003080 = 8; *(uint16_t*)0x20003082 = 6; *(uint32_t*)0x20003084 = 0; *(uint16_t*)0x20003088 = 0x40; *(uint16_t*)0x2000308a = 1; *(uint16_t*)0x2000308c = 0x24; *(uint16_t*)0x2000308e = 1; memcpy((void*)0x20003090, "\x6c\x62\x5f\x70\x6f\x72\x74\x5f\x73\x74\x61\x74" "\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x200030b0 = 8; *(uint16_t*)0x200030b2 = 3; *(uint8_t*)0x200030b4 = 0xb; *(uint16_t*)0x200030b8 = 8; *(uint16_t*)0x200030ba = 4; *(uint32_t*)0x200030bc = 8; *(uint16_t*)0x200030c0 = 8; *(uint16_t*)0x200030c2 = 6; *(uint32_t*)0x200030c4 = 0; *(uint16_t*)0x200030c8 = 0x3c; *(uint16_t*)0x200030ca = 1; *(uint16_t*)0x200030cc = 0x24; *(uint16_t*)0x200030ce = 1; memcpy((void*)0x200030d0, "\x65\x6e\x61\x62\x6c\x65\x64\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x200030f0 = 8; *(uint16_t*)0x200030f2 = 3; *(uint8_t*)0x200030f4 = 6; *(uint16_t*)0x200030f8 = 4; *(uint16_t*)0x200030fa = 4; *(uint16_t*)0x200030fc = 8; *(uint16_t*)0x200030fe = 6; *(uint32_t*)0x20003100 = 0; *(uint16_t*)0x20003104 = 8; *(uint16_t*)0x20003106 = 1; *(uint32_t*)0x20003108 = 0; *(uint16_t*)0x2000310c = 0xe4; *(uint16_t*)0x2000310e = 2; *(uint16_t*)0x20003110 = 0x38; *(uint16_t*)0x20003112 = 1; *(uint16_t*)0x20003114 = 0x24; *(uint16_t*)0x20003116 = 1; memcpy((void*)0x20003118, "\x6e\x6f\x74\x69\x66\x79\x5f\x70\x65\x65\x72\x73" "\x5f\x63\x6f\x75\x6e\x74\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20003138 = 8; *(uint16_t*)0x2000313a = 3; *(uint8_t*)0x2000313c = 3; *(uint16_t*)0x20003140 = 8; *(uint16_t*)0x20003142 = 4; *(uint32_t*)0x20003144 = 0xfffffffd; *(uint16_t*)0x20003148 = 0x38; *(uint16_t*)0x2000314a = 1; *(uint16_t*)0x2000314c = 0x24; *(uint16_t*)0x2000314e = 1; memcpy((void*)0x20003150, "\x6e\x6f\x74\x69\x66\x79\x5f\x70\x65\x65\x72\x73" "\x5f\x69\x6e\x74\x65\x72\x76\x61\x6c\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x20003170 = 8; *(uint16_t*)0x20003172 = 3; *(uint8_t*)0x20003174 = 3; *(uint16_t*)0x20003178 = 8; *(uint16_t*)0x2000317a = 4; *(uint32_t*)0x2000317c = 0x1f; *(uint16_t*)0x20003180 = 0x38; *(uint16_t*)0x20003182 = 1; *(uint16_t*)0x20003184 = 0x24; *(uint16_t*)0x20003186 = 1; memcpy((void*)0x20003188, "\x61\x63\x74\x69\x76\x65\x70\x6f\x72\x74\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x200031a8 = 8; *(uint16_t*)0x200031aa = 3; *(uint8_t*)0x200031ac = 3; *(uint16_t*)0x200031b0 = 8; *(uint16_t*)0x200031b2 = 4; *(uint32_t*)0x200031b4 = 0; *(uint16_t*)0x200031b8 = 0x38; *(uint16_t*)0x200031ba = 1; *(uint16_t*)0x200031bc = 0x24; *(uint16_t*)0x200031be = 1; memcpy((void*)0x200031c0, "\x6d\x63\x61\x73\x74\x5f\x72\x65\x6a\x6f\x69\x6e" "\x5f\x63\x6f\x75\x6e\x74\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint16_t*)0x200031e0 = 8; *(uint16_t*)0x200031e2 = 3; *(uint8_t*)0x200031e4 = 3; *(uint16_t*)0x200031e8 = 8; *(uint16_t*)0x200031ea = 4; *(uint32_t*)0x200031ec = 5; *(uint64_t*)0x20003208 = 0x830; *(uint64_t*)0x20003258 = 1; *(uint64_t*)0x20003260 = 0; *(uint64_t*)0x20003268 = 0; *(uint32_t*)0x20003270 = 0; syscall(__NR_sendmsg, r[0], 0x20003240, 0x20048000); } int main() { syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); loop(); return 0; }