// https://syzkaller.appspot.com/bug?id=a53b68e5178eec469534aca80fca1735fb3d8071 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { int i, call, thread; int collide = 0; again: for (call = 0; call < 3; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 45); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } #ifndef __NR_mmap #define __NR_mmap 192 #endif #ifndef __NR_setsockopt #define __NR_setsockopt 366 #endif #ifndef __NR_socket #define __NR_socket 359 #endif #undef __NR_mmap #define __NR_mmap __NR_mmap2 uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: res = syscall(__NR_socket, 0xa, 2, 0); if (res != -1) r[0] = res; break; case 1: memcpy( (void*)0x20000a00, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00" "\x00\x00\x04\x00\x00\x00\x30\x03\x00\x00\xa0\x01\x00\x00\xa0\x01\x00" "\x00\xd8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x68\x02\x00\x00" "\x68\x02\x00\x00\x68\x02\x00\x00\x68\x02\x00\x00\x68\x02\x00\x00\x04" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x00\xd8\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x31\x00\x53\x45\x54\x00\x00\x43\x82\x61\x00\x00\x00\x00\x00\x01" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x09" "\xbe\xb0\x56\x00\x00\x00\xa4\x00\xc8\x00\xf1\xff\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x24\x00\x52\x45" "\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\x80" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\xff\xff\xac\x14\x14\xbb\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6f\x6e\x64\x30\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6e\x72\x30\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\xa4\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x24\x00\x43\x4c\x41\x53\x53\x49" "\x46\x59\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x00" "\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x24", 873); syscall(__NR_setsockopt, (intptr_t)r[0], 0x29, 0x40, 0x20000a00, 1); break; case 2: memcpy((void*)0x20000a40, "mangle\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000", 32); *(uint32_t*)0x20000a60 = 0x1f; *(uint32_t*)0x20000a64 = 6; *(uint32_t*)0x20000a68 = 0x5c4; *(uint32_t*)0x20000a6c = 0xe8; *(uint32_t*)0x20000a70 = 0x414; *(uint32_t*)0x20000a74 = 0; *(uint32_t*)0x20000a78 = 0; *(uint32_t*)0x20000a7c = 0x228; *(uint32_t*)0x20000a80 = 0x4fc; *(uint32_t*)0x20000a84 = 0x4fc; *(uint32_t*)0x20000a88 = 0x4fc; *(uint32_t*)0x20000a8c = 0x4fc; *(uint32_t*)0x20000a90 = 0x4fc; *(uint32_t*)0x20000a94 = 6; *(uint32_t*)0x20000a98 = 0; memcpy((void*)0x20000a9c, " \001\000\000\000\000\000\000\000\000\000\000\000\000\000\001", 16); *(uint64_t*)0x20000aac = htobe64(0); *(uint64_t*)0x20000ab4 = htobe64(1); *(uint32_t*)0x20000abc = htobe32(0); *(uint32_t*)0x20000ac0 = htobe32(-1); *(uint32_t*)0x20000ac4 = htobe32(-1); *(uint32_t*)0x20000ac8 = htobe32(0xff000000); *(uint32_t*)0x20000acc = htobe32(0); *(uint32_t*)0x20000ad0 = htobe32(0xff000000); *(uint32_t*)0x20000ad4 = htobe32(0xff000000); *(uint32_t*)0x20000ad8 = htobe32(0); memcpy((void*)0x20000adc, "batadv_slave_0\000\000", 16); memcpy((void*)0x20000aec, "macvlan0\000\000\000\000\000\000\000\000", 16); *(uint8_t*)0x20000afc = -1; *(uint8_t*)0x20000b0c = -1; *(uint16_t*)0x20000b1c = 0x2c; *(uint8_t*)0x20000b1e = 1; *(uint8_t*)0x20000b1f = 6; *(uint8_t*)0x20000b20 = 0x18; *(uint32_t*)0x20000b24 = 0; *(uint16_t*)0x20000b28 = 0xa4; *(uint16_t*)0x20000b2a = 0xe8; *(uint32_t*)0x20000b2c = 0; *(uint64_t*)0x20000b30 = 0; *(uint64_t*)0x20000b38 = 0; *(uint16_t*)0x20000b40 = 0x44; memcpy((void*)0x20000b42, "SNPT\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000", 29); *(uint8_t*)0x20000b5f = 0; *(uint8_t*)0x20000b60 = 0; *(uint8_t*)0x20000b61 = 0; *(uint8_t*)0x20000b62 = 0; *(uint8_t*)0x20000b63 = 0; *(uint8_t*)0x20000b64 = 0; *(uint8_t*)0x20000b65 = 0; *(uint8_t*)0x20000b66 = 0; *(uint8_t*)0x20000b67 = 0; *(uint8_t*)0x20000b68 = 0; *(uint8_t*)0x20000b69 = 0; *(uint8_t*)0x20000b6a = 0; *(uint8_t*)0x20000b6b = 0; *(uint8_t*)0x20000b6c = 0; *(uint8_t*)0x20000b6d = 0; *(uint8_t*)0x20000b6e = 0; *(uint8_t*)0x20000b6f = 0; *(uint8_t*)0x20000b70 = 0; *(uint8_t*)0x20000b71 = 0; *(uint8_t*)0x20000b72 = 0; *(uint8_t*)0x20000b73 = 0; *(uint8_t*)0x20000b74 = 0; *(uint8_t*)0x20000b75 = 0; *(uint8_t*)0x20000b76 = 0; *(uint8_t*)0x20000b77 = 0; *(uint8_t*)0x20000b78 = 0; *(uint8_t*)0x20000b79 = 0; *(uint8_t*)0x20000b7a = -1; *(uint8_t*)0x20000b7b = -1; *(uint32_t*)0x20000b7c = htobe32(0xa010101); *(uint8_t*)0x20000b80 = 0x36; *(uint8_t*)0x20000b81 = 0x17; *(uint16_t*)0x20000b82 = 7; *(uint8_t*)0x20000b84 = 0xfe; *(uint8_t*)0x20000b85 = 0x80; *(uint8_t*)0x20000b86 = 0; *(uint8_t*)0x20000b87 = 0; *(uint8_t*)0x20000b88 = 0; *(uint8_t*)0x20000b89 = 0; *(uint8_t*)0x20000b8a = 0; *(uint8_t*)0x20000b8b = 0; *(uint8_t*)0x20000b8c = 0; *(uint8_t*)0x20000b8d = 0; *(uint8_t*)0x20000b8e = 0; *(uint8_t*)0x20000b8f = 0; *(uint8_t*)0x20000b90 = 0; *(uint8_t*)0x20000b91 = 0; *(uint8_t*)0x20000b92 = 0; *(uint8_t*)0x20000b93 = 0xaa; *(uint8_t*)0x20000b94 = 0xfe; *(uint8_t*)0x20000b95 = 0x80; *(uint8_t*)0x20000b96 = 0; *(uint8_t*)0x20000b97 = 0; *(uint8_t*)0x20000b98 = 0; *(uint8_t*)0x20000b99 = 0; *(uint8_t*)0x20000b9a = 0; *(uint8_t*)0x20000b9b = 0; *(uint8_t*)0x20000b9c = 0; *(uint8_t*)0x20000b9d = 0; *(uint8_t*)0x20000b9e = 0; *(uint8_t*)0x20000b9f = 0; *(uint8_t*)0x20000ba0 = 0; *(uint8_t*)0x20000ba1 = 0; *(uint8_t*)0x20000ba2 = 0; *(uint8_t*)0x20000ba3 = 0xbb; *(uint32_t*)0x20000ba4 = htobe32(0x40d7b2c4); *(uint32_t*)0x20000ba8 = htobe32(0xffffff00); *(uint32_t*)0x20000bac = htobe32(0xff); *(uint32_t*)0x20000bb0 = htobe32(-1); *(uint32_t*)0x20000bb4 = htobe32(0xff); *(uint32_t*)0x20000bb8 = htobe32(-1); *(uint32_t*)0x20000bbc = htobe32(0xffffff); *(uint32_t*)0x20000bc0 = htobe32(0xffff00); memcpy((void*)0x20000bc4, "veth0_to_hsr\000\000\000\000", 16); memcpy((void*)0x20000bd4, "ipvlan1\000\000\000\000\000\000\000\000\000", 16); *(uint8_t*)0x20000be4 = -1; *(uint8_t*)0x20000bf4 = -1; *(uint16_t*)0x20000c04 = 0x2c; *(uint8_t*)0x20000c06 = 0x40; *(uint8_t*)0x20000c07 = 3; *(uint8_t*)0x20000c08 = 0x1c; *(uint32_t*)0x20000c0c = 0; *(uint16_t*)0x20000c10 = 0xfc; *(uint16_t*)0x20000c12 = 0x140; *(uint32_t*)0x20000c14 = 0; *(uint64_t*)0x20000c18 = 0; *(uint64_t*)0x20000c20 = 0; *(uint16_t*)0x20000c28 = 0x2c; memcpy((void*)0x20000c2a, "srh\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000", 29); *(uint8_t*)0x20000c47 = 0; *(uint8_t*)0x20000c48 = 0x21; *(uint8_t*)0x20000c49 = 0x81; *(uint8_t*)0x20000c4a = 0xb6; *(uint8_t*)0x20000c4b = 0x9e; *(uint16_t*)0x20000c4c = 0x20; *(uint16_t*)0x20000c4e = 0x2e59; *(uint16_t*)0x20000c50 = 0x210; *(uint16_t*)0x20000c54 = 0x2c; memcpy((void*)0x20000c56, "realm\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000", 29); *(uint8_t*)0x20000c73 = 0; *(uint32_t*)0x20000c74 = 0x271; *(uint32_t*)0x20000c78 = 1; *(uint8_t*)0x20000c7c = 1; *(uint16_t*)0x20000c80 = 0x44; memcpy((void*)0x20000c82, "DNPT\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000", 29); *(uint8_t*)0x20000c9f = 0; *(uint32_t*)0x20000ca0 = htobe32(0xa010102); *(uint32_t*)0x20000cb0 = htobe32(0xa010100); *(uint8_t*)0x20000cc0 = 0x17; *(uint8_t*)0x20000cc1 = 0x2d; *(uint16_t*)0x20000cc2 = 2; *(uint8_t*)0x20000cc4 = 0; *(uint8_t*)0x20000cc5 = 0; *(uint8_t*)0x20000cc6 = 0; *(uint8_t*)0x20000cc7 = 0; *(uint8_t*)0x20000cc8 = 0; *(uint8_t*)0x20000cc9 = 0; *(uint8_t*)0x20000cca = 0; *(uint8_t*)0x20000ccb = 0; *(uint8_t*)0x20000ccc = 0; *(uint8_t*)0x20000ccd = 0; *(uint8_t*)0x20000cce = 0; *(uint8_t*)0x20000ccf = 0; *(uint8_t*)0x20000cd0 = 0; *(uint8_t*)0x20000cd1 = 0; *(uint8_t*)0x20000cd2 = 0; *(uint8_t*)0x20000cd3 = 0; *(uint8_t*)0x20000cd4 = 0; *(uint8_t*)0x20000cd5 = 0; *(uint8_t*)0x20000cd6 = 0; *(uint8_t*)0x20000cd7 = 0; *(uint8_t*)0x20000cd8 = 0; *(uint8_t*)0x20000cd9 = 0; *(uint8_t*)0x20000cda = 0; *(uint8_t*)0x20000cdb = 0; *(uint8_t*)0x20000cdc = 0; *(uint8_t*)0x20000cdd = 0; *(uint8_t*)0x20000cde = 0; *(uint8_t*)0x20000cdf = 0; *(uint8_t*)0x20000ce0 = 0; *(uint8_t*)0x20000ce1 = 0; *(uint8_t*)0x20000ce2 = 0; *(uint8_t*)0x20000ce3 = 0; *(uint8_t*)0x20000ce4 = 0; *(uint8_t*)0x20000ce5 = 0; *(uint8_t*)0x20000ce6 = 0; *(uint8_t*)0x20000ce7 = 0; *(uint8_t*)0x20000ce8 = 0; *(uint8_t*)0x20000ce9 = 0; *(uint8_t*)0x20000cea = 0; *(uint8_t*)0x20000ceb = 0; *(uint8_t*)0x20000cec = 0; *(uint8_t*)0x20000ced = 0; *(uint8_t*)0x20000cee = 0; *(uint8_t*)0x20000cef = 0; *(uint8_t*)0x20000cf0 = 0; *(uint8_t*)0x20000cf1 = 0; *(uint8_t*)0x20000cf2 = 0; *(uint8_t*)0x20000cf3 = 0; *(uint8_t*)0x20000cf4 = 0; *(uint8_t*)0x20000cf5 = 0; *(uint8_t*)0x20000cf6 = 0; *(uint8_t*)0x20000cf7 = 0; *(uint8_t*)0x20000cf8 = 0; *(uint8_t*)0x20000cf9 = 0; *(uint8_t*)0x20000cfa = 0; *(uint8_t*)0x20000cfb = 0; *(uint8_t*)0x20000cfc = 0; *(uint8_t*)0x20000cfd = 0; *(uint8_t*)0x20000cfe = 0; *(uint8_t*)0x20000cff = 0; *(uint8_t*)0x20000d00 = 0; *(uint8_t*)0x20000d01 = 0; *(uint8_t*)0x20000d02 = 0; *(uint8_t*)0x20000d03 = 0; *(uint8_t*)0x20000d04 = 0; *(uint8_t*)0x20000d05 = 0; *(uint8_t*)0x20000d06 = 0; *(uint8_t*)0x20000d07 = 0; *(uint8_t*)0x20000d08 = 0; *(uint8_t*)0x20000d09 = 0; *(uint8_t*)0x20000d0a = 0; *(uint8_t*)0x20000d0b = 0; *(uint8_t*)0x20000d0c = 0; *(uint8_t*)0x20000d0d = 0; *(uint8_t*)0x20000d0e = 0; *(uint8_t*)0x20000d0f = 0; *(uint8_t*)0x20000d10 = 0; *(uint8_t*)0x20000d11 = 0; *(uint8_t*)0x20000d12 = 0; *(uint8_t*)0x20000d13 = 0; *(uint8_t*)0x20000d14 = 0; *(uint8_t*)0x20000d15 = 0; *(uint8_t*)0x20000d16 = 0; *(uint8_t*)0x20000d17 = 0; *(uint8_t*)0x20000d18 = 0; *(uint8_t*)0x20000d19 = 0; *(uint8_t*)0x20000d1a = 0; *(uint8_t*)0x20000d1b = 0; *(uint8_t*)0x20000d1c = 0; *(uint8_t*)0x20000d1d = 0; *(uint8_t*)0x20000d1e = 0; *(uint8_t*)0x20000d1f = 0; *(uint8_t*)0x20000d20 = 0; *(uint8_t*)0x20000d21 = 0; *(uint8_t*)0x20000d22 = 0; *(uint8_t*)0x20000d23 = 0; *(uint8_t*)0x20000d24 = 0; *(uint8_t*)0x20000d25 = 0; *(uint8_t*)0x20000d26 = 0; *(uint8_t*)0x20000d27 = 0; *(uint8_t*)0x20000d28 = 0; *(uint8_t*)0x20000d29 = 0; *(uint8_t*)0x20000d2a = 0; *(uint8_t*)0x20000d2b = 0; *(uint8_t*)0x20000d2c = 0; *(uint8_t*)0x20000d2d = 0; *(uint8_t*)0x20000d2e = 0; *(uint8_t*)0x20000d2f = 0; *(uint8_t*)0x20000d30 = 0; *(uint8_t*)0x20000d31 = 0; *(uint8_t*)0x20000d32 = 0; *(uint8_t*)0x20000d33 = 0; *(uint8_t*)0x20000d34 = 0; *(uint8_t*)0x20000d35 = 0; *(uint8_t*)0x20000d36 = 0; *(uint8_t*)0x20000d37 = 0; *(uint8_t*)0x20000d38 = 0; *(uint8_t*)0x20000d39 = 0; *(uint8_t*)0x20000d3a = 0; *(uint8_t*)0x20000d3b = 0; *(uint8_t*)0x20000d3c = 0; *(uint8_t*)0x20000d3d = 0; *(uint8_t*)0x20000d3e = 0; *(uint8_t*)0x20000d3f = 0; *(uint8_t*)0x20000d40 = 0; *(uint8_t*)0x20000d41 = 0; *(uint8_t*)0x20000d42 = 0; *(uint8_t*)0x20000d43 = 0; *(uint8_t*)0x20000d44 = 0; *(uint8_t*)0x20000d45 = 0; *(uint8_t*)0x20000d46 = 0; *(uint8_t*)0x20000d47 = 0; *(uint8_t*)0x20000d48 = 0; *(uint8_t*)0x20000d49 = 0; *(uint8_t*)0x20000d4a = 0; *(uint8_t*)0x20000d4b = 0; *(uint32_t*)0x20000d4c = 0; *(uint16_t*)0x20000d50 = 0xa4; *(uint16_t*)0x20000d52 = 0xe0; *(uint32_t*)0x20000d54 = 0; *(uint64_t*)0x20000d58 = 0; *(uint64_t*)0x20000d60 = 0; *(uint16_t*)0x20000d68 = 0x3c; memcpy((void*)0x20000d6a, "TPROXY\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000" "\000", 29); *(uint8_t*)0x20000d87 = 1; *(uint32_t*)0x20000d88 = 0x7fff; *(uint32_t*)0x20000d8c = 4; *(uint8_t*)0x20000d90 = 0xfe; *(uint8_t*)0x20000d91 = 0x88; *(uint8_t*)0x20000d92 = 0; *(uint8_t*)0x20000d93 = 0; *(uint8_t*)0x20000d94 = 0; *(uint8_t*)0x20000d95 = 0; *(uint8_t*)0x20000d96 = 0; *(uint8_t*)0x20000d97 = 0; *(uint8_t*)0x20000d98 = 0; *(uint8_t*)0x20000d99 = 0; *(uint8_t*)0x20000d9a = 0; *(uint8_t*)0x20000d9b = 0; *(uint8_t*)0x20000d9c = 0; *(uint8_t*)0x20000d9d = 0; *(uint8_t*)0x20000d9e = 1; *(uint8_t*)0x20000d9f = 1; *(uint16_t*)0x20000da0 = htobe16(0x4e21); *(uint8_t*)0x20000da4 = 0; *(uint8_t*)0x20000da5 = 0; *(uint8_t*)0x20000da6 = 0; *(uint8_t*)0x20000da7 = 0; *(uint8_t*)0x20000da8 = 0; *(uint8_t*)0x20000da9 = 0; *(uint8_t*)0x20000daa = 0; *(uint8_t*)0x20000dab = 0; *(uint8_t*)0x20000dac = 0; *(uint8_t*)0x20000dad = 0; *(uint8_t*)0x20000dae = 0; *(uint8_t*)0x20000daf = 0; *(uint8_t*)0x20000db0 = 0; *(uint8_t*)0x20000db1 = 0; *(uint8_t*)0x20000db2 = 0; *(uint8_t*)0x20000db3 = 0; *(uint8_t*)0x20000db4 = 0; *(uint8_t*)0x20000db5 = 0; *(uint8_t*)0x20000db6 = 0; *(uint8_t*)0x20000db7 = 0; *(uint8_t*)0x20000db8 = 0; *(uint8_t*)0x20000db9 = 0; *(uint8_t*)0x20000dba = 0; *(uint8_t*)0x20000dbb = 0; *(uint8_t*)0x20000dbc = 0; *(uint8_t*)0x20000dbd = 0; *(uint8_t*)0x20000dbe = 0; *(uint8_t*)0x20000dbf = 0; *(uint8_t*)0x20000dc0 = 0; *(uint8_t*)0x20000dc1 = 0; *(uint8_t*)0x20000dc2 = 0; *(uint8_t*)0x20000dc3 = 0; *(uint8_t*)0x20000dc4 = 0; *(uint8_t*)0x20000dc5 = 0; *(uint8_t*)0x20000dc6 = 0; *(uint8_t*)0x20000dc7 = 0; *(uint8_t*)0x20000dc8 = 0; *(uint8_t*)0x20000dc9 = 0; *(uint8_t*)0x20000dca = 0; *(uint8_t*)0x20000dcb = 0; *(uint8_t*)0x20000dcc = 0; *(uint8_t*)0x20000dcd = 0; *(uint8_t*)0x20000dce = 0; *(uint8_t*)0x20000dcf = 0; *(uint8_t*)0x20000dd0 = 0; *(uint8_t*)0x20000dd1 = 0; *(uint8_t*)0x20000dd2 = 0; *(uint8_t*)0x20000dd3 = 0; *(uint8_t*)0x20000dd4 = 0; *(uint8_t*)0x20000dd5 = 0; *(uint8_t*)0x20000dd6 = 0; *(uint8_t*)0x20000dd7 = 0; *(uint8_t*)0x20000dd8 = 0; *(uint8_t*)0x20000dd9 = 0; *(uint8_t*)0x20000dda = 0; *(uint8_t*)0x20000ddb = 0; *(uint8_t*)0x20000ddc = 0; *(uint8_t*)0x20000ddd = 0; *(uint8_t*)0x20000dde = 0; *(uint8_t*)0x20000ddf = 0; *(uint8_t*)0x20000de0 = 0; *(uint8_t*)0x20000de1 = 0; *(uint8_t*)0x20000de2 = 0; *(uint8_t*)0x20000de3 = 0; *(uint8_t*)0x20000de4 = 0; *(uint8_t*)0x20000de5 = 0; *(uint8_t*)0x20000de6 = 0; *(uint8_t*)0x20000de7 = 0; *(uint8_t*)0x20000de8 = 0; *(uint8_t*)0x20000de9 = 0; *(uint8_t*)0x20000dea = 0; *(uint8_t*)0x20000deb = 0; *(uint8_t*)0x20000dec = 0; *(uint8_t*)0x20000ded = 0; *(uint8_t*)0x20000dee = 0; *(uint8_t*)0x20000def = 0; *(uint8_t*)0x20000df0 = 0; *(uint8_t*)0x20000df1 = 0; *(uint8_t*)0x20000df2 = 0; *(uint8_t*)0x20000df3 = 0; *(uint8_t*)0x20000df4 = 0; *(uint8_t*)0x20000df5 = 0; *(uint8_t*)0x20000df6 = 0; *(uint8_t*)0x20000df7 = 0; *(uint8_t*)0x20000df8 = 0; *(uint8_t*)0x20000df9 = 0; *(uint8_t*)0x20000dfa = 0; *(uint8_t*)0x20000dfb = 0; *(uint8_t*)0x20000dfc = 0; *(uint8_t*)0x20000dfd = 0; *(uint8_t*)0x20000dfe = 0; *(uint8_t*)0x20000dff = 0; *(uint8_t*)0x20000e00 = 0; *(uint8_t*)0x20000e01 = 0; *(uint8_t*)0x20000e02 = 0; *(uint8_t*)0x20000e03 = 0; *(uint8_t*)0x20000e04 = 0; *(uint8_t*)0x20000e05 = 0; *(uint8_t*)0x20000e06 = 0; *(uint8_t*)0x20000e07 = 0; *(uint8_t*)0x20000e08 = 0; *(uint8_t*)0x20000e09 = 0; *(uint8_t*)0x20000e0a = 0; *(uint8_t*)0x20000e0b = 0; *(uint8_t*)0x20000e0c = 0; *(uint8_t*)0x20000e0d = 0; *(uint8_t*)0x20000e0e = 0; *(uint8_t*)0x20000e0f = 0; *(uint8_t*)0x20000e10 = 0; *(uint8_t*)0x20000e11 = 0; *(uint8_t*)0x20000e12 = 0; *(uint8_t*)0x20000e13 = 0; *(uint8_t*)0x20000e14 = 0; *(uint8_t*)0x20000e15 = 0; *(uint8_t*)0x20000e16 = 0; *(uint8_t*)0x20000e17 = 0; *(uint8_t*)0x20000e18 = 0; *(uint8_t*)0x20000e19 = 0; *(uint8_t*)0x20000e1a = 0; *(uint8_t*)0x20000e1b = 0; *(uint8_t*)0x20000e1c = 0; *(uint8_t*)0x20000e1d = 0; *(uint8_t*)0x20000e1e = 0; *(uint8_t*)0x20000e1f = 0; *(uint8_t*)0x20000e20 = 0; *(uint8_t*)0x20000e21 = 0; *(uint8_t*)0x20000e22 = 0; *(uint8_t*)0x20000e23 = 0; *(uint8_t*)0x20000e24 = 0; *(uint8_t*)0x20000e25 = 0; *(uint8_t*)0x20000e26 = 0; *(uint8_t*)0x20000e27 = 0; *(uint8_t*)0x20000e28 = 0; *(uint8_t*)0x20000e29 = 0; *(uint8_t*)0x20000e2a = 0; *(uint8_t*)0x20000e2b = 0; *(uint32_t*)0x20000e2c = 0; *(uint16_t*)0x20000e30 = 0xc8; *(uint16_t*)0x20000e32 = 0x10c; *(uint32_t*)0x20000e34 = 0; *(uint64_t*)0x20000e38 = 0; *(uint64_t*)0x20000e40 = 0; *(uint16_t*)0x20000e48 = 0x24; memcpy((void*)0x20000e4a, "rpfilter\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000", 29); *(uint8_t*)0x20000e67 = 0; *(uint8_t*)0x20000e68 = 1; *(uint16_t*)0x20000e6c = 0x44; memcpy((void*)0x20000e6e, "DNPT\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000", 29); *(uint8_t*)0x20000e8b = 0; *(uint8_t*)0x20000e8c = 0xfe; *(uint8_t*)0x20000e8d = 0x88; *(uint8_t*)0x20000e8e = 0; *(uint8_t*)0x20000e8f = 0; *(uint8_t*)0x20000e90 = 0; *(uint8_t*)0x20000e91 = 0; *(uint8_t*)0x20000e92 = 0; *(uint8_t*)0x20000e93 = 0; *(uint8_t*)0x20000e94 = 0; *(uint8_t*)0x20000e95 = 0; *(uint8_t*)0x20000e96 = 0; *(uint8_t*)0x20000e97 = 0; *(uint8_t*)0x20000e98 = 0; *(uint8_t*)0x20000e99 = 0; *(uint8_t*)0x20000e9a = 1; *(uint8_t*)0x20000e9b = 1; *(uint8_t*)0x20000e9c = 0xfe; *(uint8_t*)0x20000e9d = 0x80; *(uint8_t*)0x20000e9e = 0; *(uint8_t*)0x20000e9f = 0; *(uint8_t*)0x20000ea0 = 0; *(uint8_t*)0x20000ea1 = 0; *(uint8_t*)0x20000ea2 = 0; *(uint8_t*)0x20000ea3 = 0; *(uint8_t*)0x20000ea4 = 0; *(uint8_t*)0x20000ea5 = 0; *(uint8_t*)0x20000ea6 = 0; *(uint8_t*)0x20000ea7 = 0; *(uint8_t*)0x20000ea8 = 0; *(uint8_t*)0x20000ea9 = 0; *(uint8_t*)0x20000eaa = 0; *(uint8_t*)0x20000eab = 0xbb; *(uint8_t*)0x20000eac = 4; *(uint8_t*)0x20000ead = 0x24; *(uint16_t*)0x20000eae = 0x40; *(uint8_t*)0x20000eb0 = 0xfc; *(uint8_t*)0x20000eb1 = 2; *(uint8_t*)0x20000eb2 = 0; *(uint8_t*)0x20000eb3 = 0; *(uint8_t*)0x20000eb4 = 0; *(uint8_t*)0x20000eb5 = 0; *(uint8_t*)0x20000eb6 = 0; *(uint8_t*)0x20000eb7 = 0; *(uint8_t*)0x20000eb8 = 0; *(uint8_t*)0x20000eb9 = 0; *(uint8_t*)0x20000eba = 0; *(uint8_t*)0x20000ebb = 0; *(uint8_t*)0x20000ebc = 0; *(uint8_t*)0x20000ebd = 0; *(uint8_t*)0x20000ebe = 0; *(uint8_t*)0x20000ebf = 0; *(uint8_t*)0x20000ec0 = 0xfc; *(uint8_t*)0x20000ec1 = 2; *(uint8_t*)0x20000ec2 = 0; *(uint8_t*)0x20000ec3 = 0; *(uint8_t*)0x20000ec4 = 0; *(uint8_t*)0x20000ec5 = 0; *(uint8_t*)0x20000ec6 = 0; *(uint8_t*)0x20000ec7 = 0; *(uint8_t*)0x20000ec8 = 0; *(uint8_t*)0x20000ec9 = 0; *(uint8_t*)0x20000eca = 0; *(uint8_t*)0x20000ecb = 0; *(uint8_t*)0x20000ecc = 0; *(uint8_t*)0x20000ecd = 0; *(uint8_t*)0x20000ece = 0; *(uint8_t*)0x20000ecf = 0; *(uint32_t*)0x20000ed0 = htobe32(0); *(uint32_t*)0x20000ed4 = htobe32(0xff); *(uint32_t*)0x20000ed8 = htobe32(-1); *(uint32_t*)0x20000edc = htobe32(0xff); *(uint32_t*)0x20000ee0 = htobe32(0xff000000); *(uint32_t*)0x20000ee4 = htobe32(0xff000000); *(uint32_t*)0x20000ee8 = htobe32(0xff); *(uint32_t*)0x20000eec = htobe32(0); memcpy((void*)0x20000ef0, "bond0\000\000\000\000\000\000\000\000\000\000\000", 16); memcpy((void*)0x20000f00, "veth0_to_bridge\000", 16); *(uint8_t*)0x20000f10 = -1; *(uint8_t*)0x20000f20 = 0; *(uint16_t*)0x20000f30 = 3; *(uint8_t*)0x20000f32 = 0x81; *(uint8_t*)0x20000f33 = 4; *(uint8_t*)0x20000f34 = 0x42; *(uint32_t*)0x20000f38 = 0; *(uint16_t*)0x20000f3c = 0xa4; *(uint16_t*)0x20000f3e = 0xe8; *(uint32_t*)0x20000f40 = 0; *(uint64_t*)0x20000f44 = 0; *(uint64_t*)0x20000f4c = 0; *(uint16_t*)0x20000f54 = 0x44; memcpy((void*)0x20000f56, "SNPT\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000", 29); *(uint8_t*)0x20000f73 = 0; *(uint8_t*)0x20000f74 = 0xfe; *(uint8_t*)0x20000f75 = 0x80; *(uint8_t*)0x20000f76 = 0; *(uint8_t*)0x20000f77 = 0; *(uint8_t*)0x20000f78 = 0; *(uint8_t*)0x20000f79 = 0; *(uint8_t*)0x20000f7a = 0; *(uint8_t*)0x20000f7b = 0; *(uint8_t*)0x20000f7c = 0; *(uint8_t*)0x20000f7d = 0; *(uint8_t*)0x20000f7e = 0; *(uint8_t*)0x20000f7f = 0; *(uint8_t*)0x20000f80 = 0; *(uint8_t*)0x20000f81 = 0; *(uint8_t*)0x20000f82 = 0; *(uint8_t*)0x20000f83 = 0xaa; *(uint32_t*)0x20000f84 = htobe32(-1); *(uint8_t*)0x20000f94 = 0x25; *(uint8_t*)0x20000f95 = 0x34; *(uint16_t*)0x20000f96 = 1; *(uint8_t*)0x20000f98 = 0; *(uint8_t*)0x20000f99 = 0; *(uint8_t*)0x20000f9a = 0; *(uint8_t*)0x20000f9b = 0; *(uint8_t*)0x20000f9c = 0; *(uint8_t*)0x20000f9d = 0; *(uint8_t*)0x20000f9e = 0; *(uint8_t*)0x20000f9f = 0; *(uint8_t*)0x20000fa0 = 0; *(uint8_t*)0x20000fa1 = 0; *(uint8_t*)0x20000fa2 = 0; *(uint8_t*)0x20000fa3 = 0; *(uint8_t*)0x20000fa4 = 0; *(uint8_t*)0x20000fa5 = 0; *(uint8_t*)0x20000fa6 = 0; *(uint8_t*)0x20000fa7 = 0; *(uint8_t*)0x20000fa8 = 0; *(uint8_t*)0x20000fa9 = 0; *(uint8_t*)0x20000faa = 0; *(uint8_t*)0x20000fab = 0; *(uint8_t*)0x20000fac = 0; *(uint8_t*)0x20000fad = 0; *(uint8_t*)0x20000fae = 0; *(uint8_t*)0x20000faf = 0; *(uint8_t*)0x20000fb0 = 0; *(uint8_t*)0x20000fb1 = 0; *(uint8_t*)0x20000fb2 = 0; *(uint8_t*)0x20000fb3 = 0; *(uint8_t*)0x20000fb4 = 0; *(uint8_t*)0x20000fb5 = 0; *(uint8_t*)0x20000fb6 = 0; *(uint8_t*)0x20000fb7 = 0; *(uint8_t*)0x20000fb8 = 0; *(uint8_t*)0x20000fb9 = 0; *(uint8_t*)0x20000fba = 0; *(uint8_t*)0x20000fbb = 0; *(uint8_t*)0x20000fbc = 0; *(uint8_t*)0x20000fbd = 0; *(uint8_t*)0x20000fbe = 0; *(uint8_t*)0x20000fbf = 0; *(uint8_t*)0x20000fc0 = 0; *(uint8_t*)0x20000fc1 = 0; *(uint8_t*)0x20000fc2 = 0; *(uint8_t*)0x20000fc3 = 0; *(uint8_t*)0x20000fc4 = 0; *(uint8_t*)0x20000fc5 = 0; *(uint8_t*)0x20000fc6 = 0; *(uint8_t*)0x20000fc7 = 0; *(uint8_t*)0x20000fc8 = 0; *(uint8_t*)0x20000fc9 = 0; *(uint8_t*)0x20000fca = 0; *(uint8_t*)0x20000fcb = 0; *(uint8_t*)0x20000fcc = 0; *(uint8_t*)0x20000fcd = 0; *(uint8_t*)0x20000fce = 0; *(uint8_t*)0x20000fcf = 0; *(uint8_t*)0x20000fd0 = 0; *(uint8_t*)0x20000fd1 = 0; *(uint8_t*)0x20000fd2 = 0; *(uint8_t*)0x20000fd3 = 0; *(uint8_t*)0x20000fd4 = 0; *(uint8_t*)0x20000fd5 = 0; *(uint8_t*)0x20000fd6 = 0; *(uint8_t*)0x20000fd7 = 0; *(uint8_t*)0x20000fd8 = 0; *(uint8_t*)0x20000fd9 = 0; *(uint8_t*)0x20000fda = 0; *(uint8_t*)0x20000fdb = 0; *(uint8_t*)0x20000fdc = 0; *(uint8_t*)0x20000fdd = 0; *(uint8_t*)0x20000fde = 0; *(uint8_t*)0x20000fdf = 0; *(uint8_t*)0x20000fe0 = 0; *(uint8_t*)0x20000fe1 = 0; *(uint8_t*)0x20000fe2 = 0; *(uint8_t*)0x20000fe3 = 0; *(uint8_t*)0x20000fe4 = 0; *(uint8_t*)0x20000fe5 = 0; *(uint8_t*)0x20000fe6 = 0; *(uint8_t*)0x20000fe7 = 0; *(uint8_t*)0x20000fe8 = 0; *(uint8_t*)0x20000fe9 = 0; *(uint8_t*)0x20000fea = 0; *(uint8_t*)0x20000feb = 0; *(uint8_t*)0x20000fec = 0; *(uint8_t*)0x20000fed = 0; *(uint8_t*)0x20000fee = 0; *(uint8_t*)0x20000fef = 0; *(uint8_t*)0x20000ff0 = 0; *(uint8_t*)0x20000ff1 = 0; *(uint8_t*)0x20000ff2 = 0; *(uint8_t*)0x20000ff3 = 0; *(uint8_t*)0x20000ff4 = 0; *(uint8_t*)0x20000ff5 = 0; *(uint8_t*)0x20000ff6 = 0; *(uint8_t*)0x20000ff7 = 0; *(uint8_t*)0x20000ff8 = 0; *(uint8_t*)0x20000ff9 = 0; *(uint8_t*)0x20000ffa = 0; *(uint8_t*)0x20000ffb = 0; *(uint8_t*)0x20000ffc = 0; *(uint8_t*)0x20000ffd = 0; *(uint8_t*)0x20000ffe = 0; *(uint8_t*)0x20000fff = 0; *(uint8_t*)0x20001000 = 0; *(uint8_t*)0x20001001 = 0; *(uint8_t*)0x20001002 = 0; *(uint8_t*)0x20001003 = 0; *(uint8_t*)0x20001004 = 0; *(uint8_t*)0x20001005 = 0; *(uint8_t*)0x20001006 = 0; *(uint8_t*)0x20001007 = 0; *(uint8_t*)0x20001008 = 0; *(uint8_t*)0x20001009 = 0; *(uint8_t*)0x2000100a = 0; *(uint8_t*)0x2000100b = 0; *(uint8_t*)0x2000100c = 0; *(uint8_t*)0x2000100d = 0; *(uint8_t*)0x2000100e = 0; *(uint8_t*)0x2000100f = 0; *(uint8_t*)0x20001010 = 0; *(uint8_t*)0x20001011 = 0; *(uint8_t*)0x20001012 = 0; *(uint8_t*)0x20001013 = 0; *(uint8_t*)0x20001014 = 0; *(uint8_t*)0x20001015 = 0; *(uint8_t*)0x20001016 = 0; *(uint8_t*)0x20001017 = 0; *(uint8_t*)0x20001018 = 0; *(uint8_t*)0x20001019 = 0; *(uint8_t*)0x2000101a = 0; *(uint8_t*)0x2000101b = 0; *(uint8_t*)0x2000101c = 0; *(uint8_t*)0x2000101d = 0; *(uint8_t*)0x2000101e = 0; *(uint8_t*)0x2000101f = 0; *(uint32_t*)0x20001020 = 0; *(uint16_t*)0x20001024 = 0xa4; *(uint16_t*)0x20001026 = 0xc8; *(uint32_t*)0x20001028 = 0; *(uint64_t*)0x2000102c = 0; *(uint64_t*)0x20001034 = 0; *(uint16_t*)0x2000103c = 0x24; memcpy((void*)0x2000103e, "\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000\000\000\000\000\000\000\000" "\000\000\000\000\000", 29); *(uint8_t*)0x2000105b = 0; *(uint32_t*)0x2000105c = 0xfffffffe; syscall(__NR_setsockopt, (intptr_t)r[0], 0x29, 0x40, 0x20000a40, 0x620); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000, 0x1000, 0, 0x32, -1, 0); syscall(__NR_mmap, 0x20000000, 0x1000000, 7, 0x32, -1, 0); syscall(__NR_mmap, 0x21000000, 0x1000, 0, 0x32, -1, 0); loop(); return 0; }