// autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #include #include const int kFailStatus = 67; const int kRetryStatus = 69; static void fail(const char* msg, ...) { int e = errno; va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } struct ipt_getinfo { char name[32]; unsigned int valid_hooks; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_entries; unsigned int size; }; struct ipt_get_entries { char name[32]; unsigned int size; unsigned int pad; char entrytable[1024]; }; struct xt_counters { uint64_t pcnt, bcnt; }; struct ipt_replace { char name[32]; unsigned int valid_hooks; unsigned int num_entries; unsigned int size; unsigned int hook_entry[5]; unsigned int underflow[5]; unsigned int num_counters; struct xt_counters* counters; char entrytable[1024]; }; struct ipt_table_desc { const char* name; struct ipt_getinfo info; struct ipt_get_entries entries; struct ipt_replace replace; struct xt_counters counters[10]; }; static struct ipt_table_desc ipv4_tables[] = { {.name = "filter"}, {.name = "nat"}, {.name = "mangle"}, {.name = "raw"}, {.name = "security"}, }; #define IPT_BASE_CTL 64 #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) #define IPT_SO_GET_INFO (IPT_BASE_CTL) #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) static void checkpoint_net_namespace(void) { socklen_t optlen; unsigned i; int fd; fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(ipv4_tables) / sizeof(ipv4_tables[0]); i++) { struct ipt_table_desc* table = &ipv4_tables[i]; strcpy(table->info.name, table->name); strcpy(table->entries.name, table->name); strcpy(table->replace.name, table->name); optlen = sizeof(table->info); if (getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &table->info, &optlen)) { switch (errno) { case EPERM: case ENOENT: case ENOPROTOOPT: continue; } fail("getsockopt(IPT_SO_GET_INFO)"); } if (table->info.size > sizeof(table->entries.entrytable)) fail("table size is too large: %u", table->info.size); if (table->info.num_entries > sizeof(table->counters) / sizeof(table->counters[0])) fail("too many counters: %u", table->info.num_entries); table->entries.size = table->info.size; optlen = sizeof(table->entries) - sizeof(table->entries.entrytable) + table->info.size; if (getsockopt(fd, SOL_IP, IPT_SO_GET_ENTRIES, &table->entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); table->replace.valid_hooks = table->info.valid_hooks; table->replace.num_entries = table->info.num_entries; table->replace.counters = table->counters; table->replace.size = table->info.size; memcpy(table->replace.hook_entry, table->info.hook_entry, sizeof(table->replace.hook_entry)); memcpy(table->replace.underflow, table->info.underflow, sizeof(table->replace.underflow)); memcpy(table->replace.entrytable, table->entries.entrytable, table->info.size); } close(fd); } static void reset_net_namespace(void) { struct ipt_get_entries entries; struct ipt_getinfo info; socklen_t optlen; unsigned i; int fd; memset(&info, 0, sizeof(info)); memset(&entries, 0, sizeof(entries)); fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (fd == -1) fail("socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)"); for (i = 0; i < sizeof(ipv4_tables) / sizeof(ipv4_tables[0]); i++) { struct ipt_table_desc* table = &ipv4_tables[i]; if (table->info.valid_hooks == 0) continue; strcpy(info.name, table->name); optlen = sizeof(info); if (getsockopt(fd, SOL_IP, IPT_SO_GET_INFO, &info, &optlen)) fail("getsockopt(IPT_SO_GET_INFO)"); if (memcmp(&table->info, &info, sizeof(table->info)) == 0) { strcpy(entries.name, table->name); entries.size = table->info.size; optlen = sizeof(entries) - sizeof(entries.entrytable) + entries.size; if (getsockopt(fd, SOL_IP, IPT_SO_GET_ENTRIES, &entries, &optlen)) fail("getsockopt(IPT_SO_GET_ENTRIES)"); if (memcmp(&table->entries, &entries, optlen) == 0) continue; } table->replace.num_counters = info.num_entries; optlen = sizeof(table->replace) - sizeof(table->replace.entrytable) + table->replace.size; if (setsockopt(fd, SOL_IP, IPT_SO_SET_REPLACE, &table->replace, optlen)) fail("setsockopt(IPT_SO_SET_REPLACE)"); } close(fd); } static void test(); void loop() { int iter; checkpoint_net_namespace(); for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) fail("loop fork failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } reset_net_namespace(); } } long r[2]; void test() { memset(r, -1, sizeof(r)); syscall(__NR_mmap, 0x20000000, 0x18000, 3, 0x32, -1, 0); r[0] = syscall(__NR_socket, 2, 0x80001, 0); memcpy((void*)0x20014000, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20014020 = 0xe; *(uint32_t*)0x20014024 = 4; *(uint32_t*)0x20014028 = 0x280; *(uint32_t*)0x2001402c = -1; *(uint32_t*)0x20014030 = 0; *(uint32_t*)0x20014034 = 0; *(uint32_t*)0x20014038 = 0; *(uint32_t*)0x2001403c = -1; *(uint32_t*)0x20014040 = -1; *(uint32_t*)0x20014044 = 0; *(uint32_t*)0x20014048 = 0; *(uint32_t*)0x2001404c = 0; *(uint32_t*)0x20014050 = -1; *(uint32_t*)0x20014054 = 4; *(uint64_t*)0x20014058 = 0x20012fc0; *(uint8_t*)0x20014060 = 0; *(uint8_t*)0x20014061 = 0; *(uint8_t*)0x20014062 = 0; *(uint8_t*)0x20014063 = 0; *(uint8_t*)0x20014064 = 0; *(uint8_t*)0x20014065 = 0; *(uint8_t*)0x20014066 = 0; *(uint8_t*)0x20014067 = 0; *(uint8_t*)0x20014068 = 0; *(uint8_t*)0x20014069 = 0; *(uint8_t*)0x2001406a = 0; *(uint8_t*)0x2001406b = 0; *(uint8_t*)0x2001406c = 0; *(uint8_t*)0x2001406d = 0; *(uint8_t*)0x2001406e = 0; *(uint8_t*)0x2001406f = 0; *(uint8_t*)0x20014070 = 0; *(uint8_t*)0x20014071 = 0; *(uint8_t*)0x20014072 = 0; *(uint8_t*)0x20014073 = 0; *(uint8_t*)0x20014074 = 0; *(uint8_t*)0x20014075 = 0; *(uint8_t*)0x20014076 = 0; *(uint8_t*)0x20014077 = 0; *(uint8_t*)0x20014078 = 0; *(uint8_t*)0x20014079 = 0; *(uint8_t*)0x2001407a = 0; *(uint8_t*)0x2001407b = 0; *(uint8_t*)0x2001407c = 0; *(uint8_t*)0x2001407d = 0; *(uint8_t*)0x2001407e = 0; *(uint8_t*)0x2001407f = 0; *(uint8_t*)0x20014080 = 0; *(uint8_t*)0x20014081 = 0; *(uint8_t*)0x20014082 = 0; *(uint8_t*)0x20014083 = 0; *(uint8_t*)0x20014084 = 0; *(uint8_t*)0x20014085 = 0; *(uint8_t*)0x20014086 = 0; *(uint8_t*)0x20014087 = 0; *(uint8_t*)0x20014088 = 0; *(uint8_t*)0x20014089 = 0; *(uint8_t*)0x2001408a = 0; *(uint8_t*)0x2001408b = 0; *(uint8_t*)0x2001408c = 0; *(uint8_t*)0x2001408d = 0; *(uint8_t*)0x2001408e = 0; *(uint8_t*)0x2001408f = 0; *(uint8_t*)0x20014090 = 0; *(uint8_t*)0x20014091 = 0; *(uint8_t*)0x20014092 = 0; *(uint8_t*)0x20014093 = 0; *(uint8_t*)0x20014094 = 0; *(uint8_t*)0x20014095 = 0; *(uint8_t*)0x20014096 = 0; *(uint8_t*)0x20014097 = 0; *(uint8_t*)0x20014098 = 0; *(uint8_t*)0x20014099 = 0; *(uint8_t*)0x2001409a = 0; *(uint8_t*)0x2001409b = 0; *(uint8_t*)0x2001409c = 0; *(uint8_t*)0x2001409d = 0; *(uint8_t*)0x2001409e = 0; *(uint8_t*)0x2001409f = 0; *(uint8_t*)0x200140a0 = 0; *(uint8_t*)0x200140a1 = 0; *(uint8_t*)0x200140a2 = 0; *(uint8_t*)0x200140a3 = 0; *(uint8_t*)0x200140a4 = 0; *(uint8_t*)0x200140a5 = 0; *(uint8_t*)0x200140a6 = 0; *(uint8_t*)0x200140a7 = 0; *(uint8_t*)0x200140a8 = 0; *(uint8_t*)0x200140a9 = 0; *(uint8_t*)0x200140aa = 0; *(uint8_t*)0x200140ab = 0; *(uint8_t*)0x200140ac = 0; *(uint8_t*)0x200140ad = 0; *(uint8_t*)0x200140ae = 0; *(uint8_t*)0x200140af = 0; *(uint8_t*)0x200140b0 = 0; *(uint8_t*)0x200140b1 = 0; *(uint8_t*)0x200140b2 = 0; *(uint8_t*)0x200140b3 = 0; *(uint32_t*)0x200140b4 = 0; *(uint16_t*)0x200140b8 = 0x70; *(uint16_t*)0x200140ba = 0x98; *(uint32_t*)0x200140bc = 0; *(uint64_t*)0x200140c0 = 0; *(uint64_t*)0x200140c8 = 0; *(uint16_t*)0x200140d0 = 0x28; memcpy((void*)0x200140d2, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200140ef = 0; *(uint32_t*)0x200140f0 = 0xfffffffe; *(uint8_t*)0x200140f8 = 0xac; *(uint8_t*)0x200140f9 = 0x14; *(uint8_t*)0x200140fa = 0; *(uint8_t*)0x200140fb = 0; *(uint32_t*)0x200140fc = htobe32(-1); *(uint32_t*)0x20014100 = htobe32(0); *(uint32_t*)0x20014104 = htobe32(0); memcpy((void*)0x20014108, "\x69\x70\x36\x5f\x76\x74\x69\x30\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20014118 = 0x73; *(uint8_t*)0x20014119 = 0x79; *(uint8_t*)0x2001411a = 0x7a; *(uint8_t*)0x2001411b = 0; *(uint8_t*)0x2001411c = 0; *(uint8_t*)0x20014128 = 0; *(uint8_t*)0x20014129 = 0; *(uint8_t*)0x2001412a = 0; *(uint8_t*)0x2001412b = 0; *(uint8_t*)0x2001412c = 0; *(uint8_t*)0x2001412d = 0; *(uint8_t*)0x2001412e = 0; *(uint8_t*)0x2001412f = 0; *(uint8_t*)0x20014130 = 0; *(uint8_t*)0x20014131 = 0; *(uint8_t*)0x20014132 = 0; *(uint8_t*)0x20014133 = 0; *(uint8_t*)0x20014134 = 0; *(uint8_t*)0x20014135 = 0; *(uint8_t*)0x20014136 = 0; *(uint8_t*)0x20014137 = 0; *(uint8_t*)0x20014138 = 0; *(uint8_t*)0x20014139 = 0; *(uint8_t*)0x2001413a = 0; *(uint8_t*)0x2001413b = 0; *(uint8_t*)0x2001413c = 0; *(uint8_t*)0x2001413d = 0; *(uint8_t*)0x2001413e = 0; *(uint8_t*)0x2001413f = 0; *(uint8_t*)0x20014140 = 0; *(uint8_t*)0x20014141 = 0; *(uint8_t*)0x20014142 = 0; *(uint8_t*)0x20014143 = 0; *(uint8_t*)0x20014144 = 0; *(uint8_t*)0x20014145 = 0; *(uint8_t*)0x20014146 = 0; *(uint8_t*)0x20014147 = 0; *(uint16_t*)0x20014148 = 0; *(uint8_t*)0x2001414a = 0; *(uint8_t*)0x2001414b = 0; *(uint32_t*)0x2001414c = 0; *(uint16_t*)0x20014150 = 0x70; *(uint16_t*)0x20014152 = 0xb8; *(uint32_t*)0x20014154 = 0; *(uint64_t*)0x20014158 = 0; *(uint64_t*)0x20014160 = 0; *(uint16_t*)0x20014168 = 0x48; memcpy((void*)0x2001416a, "\x4c\x45\x44\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20014187 = 0; memcpy((void*)0x20014188, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00", 27); *(uint8_t*)0x200141a3 = 0; *(uint32_t*)0x200141a4 = 0; *(uint64_t*)0x200141a8 = 2; *(uint8_t*)0x200141b0 = 0xac; *(uint8_t*)0x200141b1 = 0x14; *(uint8_t*)0x200141b2 = 0; *(uint8_t*)0x200141b3 = 0; *(uint32_t*)0x200141b4 = htobe32(0xe0000001); *(uint32_t*)0x200141b8 = htobe32(0); *(uint32_t*)0x200141bc = htobe32(0); memcpy((void*)0x200141c0, "\x6b\xd6\xd4\x48\x45\x73\x6f\x88\x9e\xc1\xcf\x4c\x41\xf2\xaf\xfa", 16); *(uint8_t*)0x200141d0 = 0x73; *(uint8_t*)0x200141d1 = 0x79; *(uint8_t*)0x200141d2 = 0x7a; *(uint8_t*)0x200141d3 = 0; *(uint8_t*)0x200141d4 = 0; *(uint8_t*)0x200141e0 = 0; *(uint8_t*)0x200141e1 = 0; *(uint8_t*)0x200141e2 = 0; *(uint8_t*)0x200141e3 = 0; *(uint8_t*)0x200141e4 = 0; *(uint8_t*)0x200141e5 = 0; *(uint8_t*)0x200141e6 = 0; *(uint8_t*)0x200141e7 = 0; *(uint8_t*)0x200141e8 = 0; *(uint8_t*)0x200141e9 = 0; *(uint8_t*)0x200141ea = 0; *(uint8_t*)0x200141eb = 0; *(uint8_t*)0x200141ec = 0; *(uint8_t*)0x200141ed = 0; *(uint8_t*)0x200141ee = 0; *(uint8_t*)0x200141ef = 0; *(uint8_t*)0x200141f0 = 0; *(uint8_t*)0x200141f1 = 0; *(uint8_t*)0x200141f2 = 0; *(uint8_t*)0x200141f3 = 0; *(uint8_t*)0x200141f4 = 0; *(uint8_t*)0x200141f5 = 0; *(uint8_t*)0x200141f6 = 0; *(uint8_t*)0x200141f7 = 0; *(uint8_t*)0x200141f8 = 0; *(uint8_t*)0x200141f9 = 0; *(uint8_t*)0x200141fa = 0; *(uint8_t*)0x200141fb = 0; *(uint8_t*)0x200141fc = 0; *(uint8_t*)0x200141fd = 0; *(uint8_t*)0x200141fe = 0; *(uint8_t*)0x200141ff = 0; *(uint16_t*)0x20014200 = 0; *(uint8_t*)0x20014202 = 0; *(uint8_t*)0x20014203 = 0; *(uint32_t*)0x20014204 = 0; *(uint16_t*)0x20014208 = 0x70; *(uint16_t*)0x2001420a = 0x98; *(uint32_t*)0x2001420c = 0; *(uint64_t*)0x20014210 = 0; *(uint64_t*)0x20014218 = 0; *(uint16_t*)0x20014220 = 0x28; memcpy((void*)0x20014222, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2001423f = 0; *(uint32_t*)0x20014240 = 0; *(uint32_t*)0x20014248 = htobe32(0xe0000002); *(uint32_t*)0x2001424c = htobe32(0x7f000001); *(uint32_t*)0x20014250 = htobe32(0); *(uint32_t*)0x20014254 = htobe32(0); memcpy((void*)0x20014258, "\x69\x66\x62\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20014268 = 0x73; *(uint8_t*)0x20014269 = 0x79; *(uint8_t*)0x2001426a = 0x7a; *(uint8_t*)0x2001426b = 0; *(uint8_t*)0x2001426c = 0; *(uint8_t*)0x20014278 = 0; *(uint8_t*)0x20014279 = 0; *(uint8_t*)0x2001427a = 0; *(uint8_t*)0x2001427b = 0; *(uint8_t*)0x2001427c = 0; *(uint8_t*)0x2001427d = 0; *(uint8_t*)0x2001427e = 0; *(uint8_t*)0x2001427f = 0; *(uint8_t*)0x20014280 = 0; *(uint8_t*)0x20014281 = 0; *(uint8_t*)0x20014282 = 0; *(uint8_t*)0x20014283 = 0; *(uint8_t*)0x20014284 = 0; *(uint8_t*)0x20014285 = 0; *(uint8_t*)0x20014286 = 0; *(uint8_t*)0x20014287 = 0; *(uint8_t*)0x20014288 = 0; *(uint8_t*)0x20014289 = 0; *(uint8_t*)0x2001428a = 0; *(uint8_t*)0x2001428b = 0; *(uint8_t*)0x2001428c = 0; *(uint8_t*)0x2001428d = 0; *(uint8_t*)0x2001428e = 0; *(uint8_t*)0x2001428f = 0; *(uint8_t*)0x20014290 = 0; *(uint8_t*)0x20014291 = 0; *(uint8_t*)0x20014292 = 0; *(uint8_t*)0x20014293 = 0; *(uint8_t*)0x20014294 = 0; *(uint8_t*)0x20014295 = 0; *(uint8_t*)0x20014296 = 0; *(uint8_t*)0x20014297 = 0; *(uint16_t*)0x20014298 = 0; *(uint8_t*)0x2001429a = 0; *(uint8_t*)0x2001429b = 0; *(uint32_t*)0x2001429c = 0; *(uint16_t*)0x200142a0 = 0x70; *(uint16_t*)0x200142a2 = 0x98; *(uint32_t*)0x200142a4 = 0; *(uint64_t*)0x200142a8 = 0; *(uint64_t*)0x200142b0 = 0; *(uint16_t*)0x200142b8 = 0x28; memcpy((void*)0x200142ba, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200142d7 = 0; *(uint32_t*)0x200142d8 = 0; *(uint64_t*)0x20012fc0 = 0; *(uint64_t*)0x20012fc8 = 0; *(uint64_t*)0x20012fd0 = 0; *(uint64_t*)0x20012fd8 = 0; *(uint64_t*)0x20012fe0 = 0; *(uint64_t*)0x20012fe8 = 0; *(uint64_t*)0x20012ff0 = 0; *(uint64_t*)0x20012ff8 = 0; syscall(__NR_setsockopt, r[0], 0, 0x40, 0x20014000, 0x2e0); r[1] = syscall(__NR_socket, 2, 0x80001, 0); memcpy((void*)0x20014000, "\x66\x69\x6c\x74\x65\x72\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 32); *(uint32_t*)0x20014020 = 0xe; *(uint32_t*)0x20014024 = 4; *(uint32_t*)0x20014028 = 0x280; *(uint32_t*)0x2001402c = -1; *(uint32_t*)0x20014030 = 0; *(uint32_t*)0x20014034 = 0; *(uint32_t*)0x20014038 = 0; *(uint32_t*)0x2001403c = -1; *(uint32_t*)0x20014040 = -1; *(uint32_t*)0x20014044 = 0; *(uint32_t*)0x20014048 = 0; *(uint32_t*)0x2001404c = 0; *(uint32_t*)0x20014050 = -1; *(uint32_t*)0x20014054 = 4; *(uint64_t*)0x20014058 = 0x20012fc0; *(uint8_t*)0x20014060 = 0; *(uint8_t*)0x20014061 = 0; *(uint8_t*)0x20014062 = 0; *(uint8_t*)0x20014063 = 0; *(uint8_t*)0x20014064 = 0; *(uint8_t*)0x20014065 = 0; *(uint8_t*)0x20014066 = 0; *(uint8_t*)0x20014067 = 0; *(uint8_t*)0x20014068 = 0; *(uint8_t*)0x20014069 = 0; *(uint8_t*)0x2001406a = 0; *(uint8_t*)0x2001406b = 0; *(uint8_t*)0x2001406c = 0; *(uint8_t*)0x2001406d = 0; *(uint8_t*)0x2001406e = 0; *(uint8_t*)0x2001406f = 0; *(uint8_t*)0x20014070 = 0; *(uint8_t*)0x20014071 = 0; *(uint8_t*)0x20014072 = 0; *(uint8_t*)0x20014073 = 0; *(uint8_t*)0x20014074 = 0; *(uint8_t*)0x20014075 = 0; *(uint8_t*)0x20014076 = 0; *(uint8_t*)0x20014077 = 0; *(uint8_t*)0x20014078 = 0; *(uint8_t*)0x20014079 = 0; *(uint8_t*)0x2001407a = 0; *(uint8_t*)0x2001407b = 0; *(uint8_t*)0x2001407c = 0; *(uint8_t*)0x2001407d = 0; *(uint8_t*)0x2001407e = 0; *(uint8_t*)0x2001407f = 0; *(uint8_t*)0x20014080 = 0; *(uint8_t*)0x20014081 = 0; *(uint8_t*)0x20014082 = 0; *(uint8_t*)0x20014083 = 0; *(uint8_t*)0x20014084 = 0; *(uint8_t*)0x20014085 = 0; *(uint8_t*)0x20014086 = 0; *(uint8_t*)0x20014087 = 0; *(uint8_t*)0x20014088 = 0; *(uint8_t*)0x20014089 = 0; *(uint8_t*)0x2001408a = 0; *(uint8_t*)0x2001408b = 0; *(uint8_t*)0x2001408c = 0; *(uint8_t*)0x2001408d = 0; *(uint8_t*)0x2001408e = 0; *(uint8_t*)0x2001408f = 0; *(uint8_t*)0x20014090 = 0; *(uint8_t*)0x20014091 = 0; *(uint8_t*)0x20014092 = 0; *(uint8_t*)0x20014093 = 0; *(uint8_t*)0x20014094 = 0; *(uint8_t*)0x20014095 = 0; *(uint8_t*)0x20014096 = 0; *(uint8_t*)0x20014097 = 0; *(uint8_t*)0x20014098 = 0; *(uint8_t*)0x20014099 = 0; *(uint8_t*)0x2001409a = 0; *(uint8_t*)0x2001409b = 0; *(uint8_t*)0x2001409c = 0; *(uint8_t*)0x2001409d = 0; *(uint8_t*)0x2001409e = 0; *(uint8_t*)0x2001409f = 0; *(uint8_t*)0x200140a0 = 0; *(uint8_t*)0x200140a1 = 0; *(uint8_t*)0x200140a2 = 0; *(uint8_t*)0x200140a3 = 0; *(uint8_t*)0x200140a4 = 0; *(uint8_t*)0x200140a5 = 0; *(uint8_t*)0x200140a6 = 0; *(uint8_t*)0x200140a7 = 0; *(uint8_t*)0x200140a8 = 0; *(uint8_t*)0x200140a9 = 0; *(uint8_t*)0x200140aa = 0; *(uint8_t*)0x200140ab = 0; *(uint8_t*)0x200140ac = 0; *(uint8_t*)0x200140ad = 0; *(uint8_t*)0x200140ae = 0; *(uint8_t*)0x200140af = 0; *(uint8_t*)0x200140b0 = 0; *(uint8_t*)0x200140b1 = 0; *(uint8_t*)0x200140b2 = 0; *(uint8_t*)0x200140b3 = 0; *(uint32_t*)0x200140b4 = 0; *(uint16_t*)0x200140b8 = 0x70; *(uint16_t*)0x200140ba = 0x98; *(uint32_t*)0x200140bc = 0; *(uint64_t*)0x200140c0 = 0; *(uint64_t*)0x200140c8 = 0; *(uint16_t*)0x200140d0 = 0x28; memcpy((void*)0x200140d2, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200140ef = 0; *(uint32_t*)0x200140f0 = 0xfffffffe; *(uint8_t*)0x200140f8 = 0xac; *(uint8_t*)0x200140f9 = 0x14; *(uint8_t*)0x200140fa = 0; *(uint8_t*)0x200140fb = 0; *(uint32_t*)0x200140fc = htobe32(-1); *(uint32_t*)0x20014100 = htobe32(0); *(uint32_t*)0x20014104 = htobe32(0); memcpy((void*)0x20014108, "\x69\x70\x36\x5f\x76\x74\x69\x30\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20014118 = 0x73; *(uint8_t*)0x20014119 = 0x79; *(uint8_t*)0x2001411a = 0x7a; *(uint8_t*)0x2001411b = 0; *(uint8_t*)0x2001411c = 0; *(uint8_t*)0x20014128 = 0; *(uint8_t*)0x20014129 = 0; *(uint8_t*)0x2001412a = 0; *(uint8_t*)0x2001412b = 0; *(uint8_t*)0x2001412c = 0; *(uint8_t*)0x2001412d = 0; *(uint8_t*)0x2001412e = 0; *(uint8_t*)0x2001412f = 0; *(uint8_t*)0x20014130 = 0; *(uint8_t*)0x20014131 = 0; *(uint8_t*)0x20014132 = 0; *(uint8_t*)0x20014133 = 0; *(uint8_t*)0x20014134 = 0; *(uint8_t*)0x20014135 = 0; *(uint8_t*)0x20014136 = 0; *(uint8_t*)0x20014137 = 0; *(uint8_t*)0x20014138 = 0; *(uint8_t*)0x20014139 = 0; *(uint8_t*)0x2001413a = 0; *(uint8_t*)0x2001413b = 0; *(uint8_t*)0x2001413c = 0; *(uint8_t*)0x2001413d = 0; *(uint8_t*)0x2001413e = 0; *(uint8_t*)0x2001413f = 0; *(uint8_t*)0x20014140 = 0; *(uint8_t*)0x20014141 = 0; *(uint8_t*)0x20014142 = 0; *(uint8_t*)0x20014143 = 0; *(uint8_t*)0x20014144 = 0; *(uint8_t*)0x20014145 = 0; *(uint8_t*)0x20014146 = 0; *(uint8_t*)0x20014147 = 0; *(uint16_t*)0x20014148 = 0; *(uint8_t*)0x2001414a = 0; *(uint8_t*)0x2001414b = 0; *(uint32_t*)0x2001414c = 0; *(uint16_t*)0x20014150 = 0x70; *(uint16_t*)0x20014152 = 0xb8; *(uint32_t*)0x20014154 = 0; *(uint64_t*)0x20014158 = 0; *(uint64_t*)0x20014160 = 0; *(uint16_t*)0x20014168 = 0x48; memcpy((void*)0x2001416a, "\x4c\x45\x44\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x20014187 = 0; memcpy((void*)0x20014188, "\x73\x79\x7a\x30\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00", 27); *(uint8_t*)0x200141a3 = 0; *(uint32_t*)0x200141a4 = 0x80000000; *(uint64_t*)0x200141a8 = 2; *(uint8_t*)0x200141b0 = 0xac; *(uint8_t*)0x200141b1 = 0x14; *(uint8_t*)0x200141b2 = 0; *(uint8_t*)0x200141b3 = 0; *(uint32_t*)0x200141b4 = htobe32(0xe0000001); *(uint32_t*)0x200141b8 = htobe32(0); *(uint32_t*)0x200141bc = htobe32(0); memcpy((void*)0x200141c0, "\x6b\xd6\xd4\x48\x45\x73\x6f\x88\x9e\xc1\xcf\x4c\x41\xf2\xaf\xfa", 16); *(uint8_t*)0x200141d0 = 0x73; *(uint8_t*)0x200141d1 = 0x79; *(uint8_t*)0x200141d2 = 0x7a; *(uint8_t*)0x200141d3 = 0; *(uint8_t*)0x200141d4 = 0; *(uint8_t*)0x200141e0 = 0; *(uint8_t*)0x200141e1 = 0; *(uint8_t*)0x200141e2 = 0; *(uint8_t*)0x200141e3 = 0; *(uint8_t*)0x200141e4 = 0; *(uint8_t*)0x200141e5 = 0; *(uint8_t*)0x200141e6 = 0; *(uint8_t*)0x200141e7 = 0; *(uint8_t*)0x200141e8 = 0; *(uint8_t*)0x200141e9 = 0; *(uint8_t*)0x200141ea = 0; *(uint8_t*)0x200141eb = 0; *(uint8_t*)0x200141ec = 0; *(uint8_t*)0x200141ed = 0; *(uint8_t*)0x200141ee = 0; *(uint8_t*)0x200141ef = 0; *(uint8_t*)0x200141f0 = 0; *(uint8_t*)0x200141f1 = 0; *(uint8_t*)0x200141f2 = 0; *(uint8_t*)0x200141f3 = 0; *(uint8_t*)0x200141f4 = 0; *(uint8_t*)0x200141f5 = 0; *(uint8_t*)0x200141f6 = 0; *(uint8_t*)0x200141f7 = 0; *(uint8_t*)0x200141f8 = 0; *(uint8_t*)0x200141f9 = 0; *(uint8_t*)0x200141fa = 0; *(uint8_t*)0x200141fb = 0; *(uint8_t*)0x200141fc = 0; *(uint8_t*)0x200141fd = 0; *(uint8_t*)0x200141fe = 0; *(uint8_t*)0x200141ff = 0; *(uint16_t*)0x20014200 = 0; *(uint8_t*)0x20014202 = 0; *(uint8_t*)0x20014203 = 0; *(uint32_t*)0x20014204 = 0; *(uint16_t*)0x20014208 = 0x70; *(uint16_t*)0x2001420a = 0x98; *(uint32_t*)0x2001420c = 0; *(uint64_t*)0x20014210 = 0; *(uint64_t*)0x20014218 = 0; *(uint16_t*)0x20014220 = 0x28; memcpy((void*)0x20014222, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x2001423f = 0; *(uint32_t*)0x20014240 = 0; *(uint32_t*)0x20014248 = htobe32(0xe0000002); *(uint32_t*)0x2001424c = htobe32(0x7f000001); *(uint32_t*)0x20014250 = htobe32(0); *(uint32_t*)0x20014254 = htobe32(0); memcpy((void*)0x20014258, "\x69\x66\x62\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint8_t*)0x20014268 = 0x73; *(uint8_t*)0x20014269 = 0x79; *(uint8_t*)0x2001426a = 0x7a; *(uint8_t*)0x2001426b = 0; *(uint8_t*)0x2001426c = 0; *(uint8_t*)0x20014278 = 0; *(uint8_t*)0x20014279 = 0; *(uint8_t*)0x2001427a = 0; *(uint8_t*)0x2001427b = 0; *(uint8_t*)0x2001427c = 0; *(uint8_t*)0x2001427d = 0; *(uint8_t*)0x2001427e = 0; *(uint8_t*)0x2001427f = 0; *(uint8_t*)0x20014280 = 0; *(uint8_t*)0x20014281 = 0; *(uint8_t*)0x20014282 = 0; *(uint8_t*)0x20014283 = 0; *(uint8_t*)0x20014284 = 0; *(uint8_t*)0x20014285 = 0; *(uint8_t*)0x20014286 = 0; *(uint8_t*)0x20014287 = 0; *(uint8_t*)0x20014288 = 0; *(uint8_t*)0x20014289 = 0; *(uint8_t*)0x2001428a = 0; *(uint8_t*)0x2001428b = 0; *(uint8_t*)0x2001428c = 0; *(uint8_t*)0x2001428d = 0; *(uint8_t*)0x2001428e = 0; *(uint8_t*)0x2001428f = 0; *(uint8_t*)0x20014290 = 0; *(uint8_t*)0x20014291 = 0; *(uint8_t*)0x20014292 = 0; *(uint8_t*)0x20014293 = 0; *(uint8_t*)0x20014294 = 0; *(uint8_t*)0x20014295 = 0; *(uint8_t*)0x20014296 = 0; *(uint8_t*)0x20014297 = 0; *(uint16_t*)0x20014298 = 0; *(uint8_t*)0x2001429a = 0; *(uint8_t*)0x2001429b = 0; *(uint32_t*)0x2001429c = 0; *(uint16_t*)0x200142a0 = 0x70; *(uint16_t*)0x200142a2 = 0x98; *(uint32_t*)0x200142a4 = 0; *(uint64_t*)0x200142a8 = 0; *(uint64_t*)0x200142b0 = 0; *(uint16_t*)0x200142b8 = 0x28; memcpy((void*)0x200142ba, "\x52\x45\x4a\x45\x43\x54\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00", 29); *(uint8_t*)0x200142d7 = 0; *(uint32_t*)0x200142d8 = 0; *(uint64_t*)0x20012fc0 = 0; *(uint64_t*)0x20012fc8 = 0; *(uint64_t*)0x20012fd0 = 0; *(uint64_t*)0x20012fd8 = 0; *(uint64_t*)0x20012fe0 = 0; *(uint64_t*)0x20012fe8 = 0; *(uint64_t*)0x20012ff0 = 0; *(uint64_t*)0x20012ff8 = 0; syscall(__NR_setsockopt, r[1], 0, 0x40, 0x20014000, 0x2e0); } int main() { for (;;) { loop(); } }