// https://syzkaller.appspot.com/bug?id=9d72eb94d786727abd2888985c77f166dd9fbb5f // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } #define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \ *(type*)(addr) = \ htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \ (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[3] = {0xffffffffffffffff, 0x0, 0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; *(uint32_t*)0x20000080 = 6; *(uint32_t*)0x20000084 = 0xe; *(uint64_t*)0x20000088 = 0x20000bc0; memcpy( (void*)0x20000bc0, "\xb7\x02\x00\x00\x00\x00\x00\x00\xbf\xa3\x00\x00\x00\x00\x00\x00\x07\x03" "\x00\x00\xf0\xff\xff\xff\x7a\x0a\xf0\xff\x11\x00\x00\x00\x79\xa4\xf0\xff" "\x00\x00\x00\x00\xb7\x06\x00\x00\x00\x00\x00\x81\xad\x64\x02\x00\x00\x00" "\x00\x00\x45\x04\x04\x00\x01\x00\xff\x0f\x17\x04\x00\x00\x01\x13\x0a\x00" "\xb7\x05\x00\x00\x01\x00\x00\x00\x6a\x0a\xf2\xfe\x00\x00\x00\x00\x85\x00" "\x00\x00\xa3\x00\x00\x00\xb7\x00\x00\x00\x00\x00\x00\x00\x95\x00\x00\x00" "\x00\x00\x00\x00\x00\xe1\x54\xcd\x84\x4a\x95\x4b\x26\xc9\x33\xf7\xff\xff" "\xff\xff\xe4\xfb\xff\xff\xff\x55\xbb\x20\x07\xee\x51\x05\x05\x12\xb5\xb4" "\x21\x28\xaa\x09\x0a\x79\x50\x7d\xf7\x9f\x29\x81\x29\xda\x48\x71\x30\xd5" "\xf2\x4b\xf9\x01\x11\x5e\x17\x39\x2a\xc6\x27\xc8\x78\x81\xc0\x00\x00\x61" "\x46\x00\x1e\x04\xae\xac\xea\x79\x9a\x22\xa2\xfa\x79\x8b\x5a\xdc\x43\xeb" "\x27\xd5\x33\x19\xd0\xad\x22\x9e\x57\x52\x68\x83\x00\x00\x00\x00\xdb\xc2" "\x77\x7d\xf1\x50\xb7\xcd\xd7\x7b\x85\xb9\x41\x09\x23\x14\xfd\x08\x5f\x1b" "\x1b\x2e\xd1\xa4\x53\x55\x50\x61\x4e\x09\xd6\x37\x81\x98\xa6\x09\x7a\x67" "\x08\x38\x33\x7a\xf2\xab\xd5\x5a\x87\xac\x03\x94\xb2\xf9\x2f\xfa\xb7\xd1" "\x53\xd6\x20\x58\xd0\xa4\x13\xb2\x17\x36\x19\xcc\xf5\x55\x20\xf2\x2c\x9c" "\xa8\xb6\x71\x2f\x30\x24\xb7\x04\x1b\x1d\xf6\x5b\x3e\x1b\x9b\xf1\x15\x64" "\x6d\x14\xce\x53\xd1\x3d\x0c\xca\xcd\xa1\xef\xc5\xf9\x09\x4f\xa7\x37\xc2" "\x8b\x99\x4a\x85\x12\xc8\x16\xfd\xcc\xea\xed\xe3\xfa\xed\xc5\x1d\x29\xa4" "\x7f\xc8\x13\xa2\xec\x00\xf4\xc7\xa5\x3a\xc2\x71\xd6\xd7\xf4\xea\x6b\xf9" "\x7f\x2f\x33\xe2\xea\x2e\x53\x43\x00\xbc\xb3\xfd\xc4\xb4\x86\x10\x04\xee" "\xfb\xda\x7f\x54\xf8\x2a\x80\x4d\x4a\x69\xbf\x9b\xc5\xfa\x77\xee\x29\x3f" "\xbd\x16\x5a\x5a\x68\x48\x8e\x40\xb0\x30\x16\x65\x65\xa0\x97\xb1\xb4\x4b" "\x45\x1d\xe7\x36\xbb\x6d\x43\xdb\x8d\xb0\x3d\x4b\x77\x45\xfe\xf1\xd0\x4e" "\xc6\x33\xde\xe2\x54\xa6\xd4\x91\xb8\x49\xa5\xa7\x87\xe8\x14\xc4\xfd\x21" "\xa1\x89\x86\x25\x2a\x70\xf8\xf9\x2e\xb6\xf0\xe8\xc7\xdb\x4b\xf2\x32\x42" "\xa1\xf2\xc2\x81\x59\xf0\x99\x43\xb1\xb0\x45\x2d\x1b\x72\x18\x3a\xac\xf4" "\xa8\x4f\x91\x30\xb7\x01\xf8\x16\x75\xdd\x4e\x9e\x30\x70\x75\x6f\x97\xad" "\x79\x1f\xa9\x9d\xac\x06\xb5\x74\x79\x32\x1a\x05\x74\xfb\x30\xff\x00\x00" "\x00\x19\x89\x32\x8c\x8d\xdc\x20\xea\x01\x1b\xf5\x74\x2e\x0e\x0d\x43\x34" "\xdb\x8b\x20\xce\x3f\x9f\x16\xcb\x7f\xc2\x0f\xb4\x79\x1e\xc8\x58\x21\xd0" "\xc4\x8f\xb6\x57\xc2\x9b\x30\x9c\x73\xf0\x97\x7e\x7c\xde\x65\xa8\x9d\x94" "\x58\xaa\xc2\x79\x5b\x2b\x94\xc4\x61\xd7\x96\x2b\x0d\x22\x77\xa8\x4a\xf3" "\x26\xf3\x7f\x3e\x2c\x25\xa6\x1e\xc4\x5c\x3a\xf9\x7a\x8f\x17\xda\x95\x4a" "\xff\x3f\xc8\xc1\x08\x75\x5f\x75\xca\x13\xfb\x7c\x8b\xbd\x8b\x6e\x7d\xac" "\x1a\xba\x4b\x20\xdc\x7d\xe0\x58\xa4\xdf\xa7\xe8\x5a\x8b\xdf\x1d\x41\xa2" "\xd8\xbd\xa7\x4d\x66\xf4\x7c\xc1\x80\xf8\x2c\x5f\x57\x3c\x6d\x29\x4d\x36" "\x65\x01\x6a\xc5\x9d\xd2\x0f\xde\x07\x45\xdb\x06\x75\x3a\x7a\xc7\xfe\x13" "\xca\xb6\x69\x24\x22\xa4\x7e\x9f\xfe\x2d\x4a\x2d\x32\xf7\x52\x87\x51\x31" "\x36\x94\xbf\x57\x00\xb2\x0e\xf0\xc2\x48\xdd\xd3\xda\x32\x39\x6a\x61\x4c" "\xac\xad\x4a\xff\x20\x66\xbb\x5d\x40\x45\xc9\x58\x56\x38\xc2\x15\x3a\x6e" "\xee\x01\x73\x8b\x0c\x10\x67\x1f\x4f\x55\x9b\x7d\xcb\x98\xa6\x27\x3b\x8c" "\x65\x1e\x24\xd9\xf6\x79\xe4\xfb\xe9\x48\xdf\xb4\xcc\x4a\x38\x94\x69\x60" "\x82\x41\x73\x04\x59\xf0\x12\x3f\xd3\x92\x06\x00\x00\x00\x00\x00\x00\xeb" "\x55\xda\xd4\x6d\xe5\x6e\xf9\x07\xb0\x59\xb9\x0b\x8a\xa4\x9a\xfb\x9a\x79" "\xae\x54\x98\xf6\x58\x98\x80\xed\x6e\xea\x7b\x9c\x67\x00\x12\xbe\x05\xe7" "\xde\x09\x40\x31\x3c\x58\x70\x78\x65\x54\xdf\x26\x23\x6e\xbc\xed\x93\x90" "\xcb\x69\x41\xb8\x37\x5d\x93\x6a\x7d\x21\x20\xec\xa2\x91\x96\x3e\xb2\xd5" "\x37\xd8\xee\x4d\xe5\xc1\x83\xc9\x60\x11\x94\x51\xc3\x15\x39\xb2\x28\x09" "\xe1\xd7\xf0\xcd\xa0\x6a\x9f\xa8\x7d\x64\xcb\x77\x87\x2a\x2c\xd8\xa1\x04" "\xe1\x6b\xb1\xa2\xba\xcf\x13\x46\x4c\xa0\x3a\xff\x14\xa9\xaa\x4b\xdb\x53" "\x9f\x50\x96\x41\x2b\x92\x01\x2e\x09\x5b\x84\xc2\x02\x43\xff\x98\xdf\x33" "\x47\xf0\xe3\x99\xd1\xb9\xf2\x7e\x3c\x33\x26\x9c\x0e\x15\x3b\x28\xb2\xd4" "\x41\x05\x72\xac\x45\xb9\xd3\xfa\x02\x20\x8d\x30\x4d\x45\x5c\x36\x30\x00" "\x00\x00\x00\x22\x32\x01\x78\xb0\x0c\xc6\xed\x79\x66\x13\x0b\x54\x7d\xbf" "\x8b\x49\x7a\xf0\x02\x00\xf9\x00\xcd\x1d\x00\x00\x00\x20\x00\x00\x00\x01" "\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x28\xee\x53\x59\x5a" "\x77\x9d\x24\x3a\x48\xce\xa7\x69\x47\x04\x24\xd2\x88\x04\xc0\x24\xab\x7f" "\x4a\x5c\x81\x92\x1f\x01\x28\xdf\xd7\x0b\x43\x8a\xf6\x0b\x06\x00\x00\x00" "\x00\x00\x00\x00\x56\x64\x2b\x49\xb7\x45\xf3\xbf\x2c\xf7\x90\x8b\x6d\x7d" "\x74\x83\x08\xee\xa0\x9f\xc3\x61\xb4\x73\x5e\xfb\xf3\x41\x17\x18\xd6\xee" "\x78\xeb\xf9\xef\x40\x66\x2d\x78\x36\xd2\x52\xc5\x66\xf5\xee\x93\x4c\x67" "\x9d\xbf\xae\x9f\xb4\xa7\x9f\x8a\x83\x68\x04\xed\x3a\x10\x79\xb0\x28\x2a" "\x12\x04\x34\x08\x81\x6e\xae\x08\xcd\x60\xb6\x87\xdc\xff\x91\xaf\x19\x01" "\x00\x00\x00\x00\x00\x00\x00\x00\x45\x6f\x7d\x2a\x42\xbd\x13\xda\x20\x22" "\xf2\x3d\xae\xc6\x18\x54\xf6\x40\xf7\x01\xdb\x02\x76\x65\x2f\x6c\x74\xf2" "\x06\x75\xeb\x78\x19\x25\x44\x15\x78\xe9\x30\x46\xaa\xdd\xea\x8e\xc4\xca" "\x37\xf7\x1c\x27\x10\xa7\xea\x8a\xe0\xdc\x21\x4e\x1c\xc2\x75\xb2\x6a\xdf" "\xa8\x92\xe6\xde\x92\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\xff\x00\x4c" "\xff\x9e\xc7\x80\xf5\x35\xe6\x2f\x4e\xee\xe5\x0e\x5b\xaf\xec\xea\x4d\x41" "\x34\xf9\xd0\x06\xc8\xd6\x88\x3e\xca\x5c\x9c\x58\xc9\xe9\x33\x11\xab\x50" "\x09\xc6\x8c\x73\xde\x2f\x04\xf1\x5d\x00\x53\x91\x57\x7f\x48\x00\x00\xea" "\x65\x55\x9e\xb0\x0e\x76\xe9\xd0\xad\xa2\x09\xbc\xbb\x5c\x25\x2b\x28\xa6" "\x0c\xa7\x70\x66\x3d\xa4\x51\x79\x0c\xc3\x60\x00\x90\x6d\x5a\x9f\xad\x98" "\xc3\x08\xe3\x9b\xd5\xff\xb6\x15\x1d\x79\xc1\xce\xe1\xcd\xfb\xa0\x5e\x36" "\x33\xbe\x3f\x00\x00\x00\x15\x76\x2e\x5f\x5a\x3a\x0b\xc3\x3f\xdb\xe2\x8a" "\x5f\xfc\x83\xf2\xf0\x85\x18\x5c\xc9\x2f\xe7\xf7\x91\xe8\xf6\x42\x93\x09" "\xd6\xad\xab\x4b\x7e\x50\x8e\x5b\xf0\x24\xed\x8f\x8a\x00\x5f\x2b\xbf\x96" "\xc8\x97\x39\xf5\xd8\x1e\x71\x0d\x50\x51\x7a\x59\xa3\xad\x09\xe8\x80\x2e" "\x8f\x4f\x53\x54\x47\xcc\x0f\xc9\xd5\xf9\x9a\x73\x14\x5d\xfc\xed\xad\x69" "\xda\x9c\xd4\x37\x5c\x62\x46\x00\xe7\x8f\x44\x58\x54\x2b\x14\xf2\x96\x11" "\xf9\x5d\x4a\x31\x83\x8e\xeb\x20\xc2\x0b\xb8\x2a\xa3\x17\x71\xcd\x37\x9e" "\xc8\x35\x54\xce\xa5\xe6\x53\x9d\xb7\x38\x4e\x1f\x58\xd8\x1f\x2f\x26\x53" "\xc4\xd9\x81\x87\x08\xe2\x7c\x89\xb5\x52\xd3\xfc\xd1\x16\xbc\xe9\xc7\x64" "\xc7\x14\xc9\x40\x2c\x21\xd1\x81\xaa\xe5\x9e\xfb\x28\xd4\xf9\x16\x52\xf6" "\x75\x0b\x6e\xc9\x62\x80\x2c\x03\x20\xf8\x05\x91\x95\x72\x9d\x60\xc5\x34" "\xee\x8e\x8f\xf0\x75\x5b\x67\xfe\x4c\x25\xed\xb8\x5b\xcf\xf2\x4c\x75\x7a" "\xa8\x09\x00\x00\x00\x00\x00\x00\x8c\x42\x0e\xb4\x30\x4f\x66\xe3\xa3\x7a" "\xaf\x00\x00\x00\xc4\x2a\x57\x0f\x0e\x9d\xd5\xfd\x54\x54\x70\xf8\x62\xf8" "\xc3\xc1\x4f\xa9\xec\xd1\xe8\x77\xb0\xd8\xca\x84\xc0\x44\x85\x9e\x85\xe6" "\x15\x8f\x91\x84\xbc\x61\xa9\xa2\x84\xdb\x80\xe4\x63\x6c\x25\xb9\x61\x74" "\x32\x7d\x82\x76\x1c\x26\xe3\x29\x55\x5f\x92\x90\xaf\x41\x00\x00\x00\x00" "\x00\x00\x00\x74\x9e\xfd\x37\x63\x65\x55\x00\x34\x4b\xae\x34\x13\x7f\x5a" "\xb0\xd5\x34\xb8\xd6\x3e\x4c\xa3\xb6\x71\xf2\xde\x1c\xdf\x51\x91\x92\xc6" "\xb5\x9a\x60\x1f\xd4\x19\xad\xc1\x6e\x20\x55\xb8\x50\x58\xf7\x93\x48\x43" "\x05\xd7\xa1\x75\x97\x82\xe4\xc5\x71\xee\x85\x5a\x47\xbc\x00\xed\xf5\xe9" "\x02\x0c\x09\xab\x00\x43\x21\x61\x0b\x85\x7e\x87\x17\x76\x4b\x63\x3b\x21" "\xcb\x32\xf0\xe0\x32\x80\xe0\x97\x58\xbd\x44\x5a\xb9\x1d\x20\xba\xca\x00" "\x54\x52\xb7\x9d\x7b\x57\x4a\x24\x7f\x1d\x2f\xe4\x5b\x3c\x4e\x93\xda\x3d" "\x51\xde\x64\x7c\x10\xdd\x49\x94\x4d\xc8\x7c\x92\x33\x2a\xf0\x0f\x19\x1b" "\x66\xb6\xa6\xf7\x32\xa9\x1f\x0e\x2e\x91\x20\xbe\x61\xe5\x8c\x79\xd4\x97" "\x24\x7d\x27\x88\x88\x90\x1d\x44\x2a\xd7\xf8\x53\x66\x05\xa6\x44\xe9\xe3" "\xd7\x69\xdb\x49\x7c\x39\x60\xdf\xde\x12\x18\x23\x34\xca\xee\x99\x4a\xdc" "\x38\xa4\x36\x36\x7a\x54\xb9\xe1\x82\xb7\x8e\x9a\x0c\xeb\x9a\x2c\x4f\x63" "\x90\x2c\x1a\xd1\xa7\xc5\xa0\x8d\x09\x20\xa2\x3c\x2a\x86\xab\xbd\xf3\x57" "\x84\x9a\x65\x17\x33\xe5\x7f\x31\x01\x98\x76\x02\x68\x88\xc8\xcc\xb8\x5c" "\x86\xb4\xf8\xff\xff\xff\x7f\x00\x00\x00\x00\x2c\x33\x1f\xca\x0e\x54\x1b" "\x7c\xa2\x11\xc2\x8e\xd6\x1c\x52\x57\x08\xa1\x3d\x11\x5b\x43\xf8\xb1\x89" "\x4c\x8f\xa8\xa1\x4d\xc4\x81\x0f\x61\xae\x96\xc1\x8c\xc7\x13\x00\x00\x00" "\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x27\xc9" "\xa4\x61\x57\xa3\x60\x9b\x6f\xd9\x84\x3e\xe1\x9e\xc6\x47\x24\x9a\x93\x75" "\xde\x58\x58\x81\x8f\x3c\x4a\x4f\xa6\xce\x46\xf4\xd4\x2b\x07\x19\x9d\xe8" "\xb9\x92\x31\xac\xe5\x8c\x77\x81\x9e\xe2\x14\xe4\x96\x66\xc4\x64\xd3\x5c" "\xa9\xb5\x14\x3e\xd3\xb3\xdc\x8c\x17\xa2\x36\x92\x75\x9c\xcf\x5a\x20\x53" "\x11\xb7\xab\x22\x53\x26\x97\xb8\x61\xdf\xb5\x46\x09\xfd\x88\xe6\x04\x3b" "\xd5\x2a\xe8\x4c\x1b\xb0\xc8\xa6\xc7\x69\xf9\x52\x28\x3a\x1f\x4e\x38\x42" "\xed\xb3\xd4\x2c\x68\xa2\x7e\xf6\xa1\x29\x6d\xff\xf4\xa9\x79\x36\x9b\x0e" "\x8e\xbc\x62\x88\x7a\xa4\x6e\x82\x0a\x74\xf9\x13\x81\xdc\xc1\x98\xe3\x53" "\x04\x7d\xb7\x06\x86\xd1\x47\x35\x70\x24\xeb\x3c\xb9\x4f\x1e\x89\xcb\x5b" "\xa0\xa5\x6a\xa0\x46\xb4\xdc\x52\x1a\x3d\x93\x56\xb4\xb8\xb5\x91\x7c\x4c" "\x86\x04\x95\xb2\x40\xe8\x00\x63\xbd\xe2\x61\xfd\x00\x00\x00\x00\x00\x72" "\xf6\xdf\x34\x2f\x3e\x70\x71\xe2\x8e\xf6\x80\x6b\xc8\xe1\x39\xc4\x9b\x91" "\xc7\x6b\x0d\x39\x58\xf7\xf0\x5b\x47\xd3\xe5\x19\xf1\x63\x4e\x8f\xbd\x8d" "\x31\x33\x0d\x89\x06\x9f\x96\x48\xa2\xb3\xa1\x13\xe4\x7e\xdf\x76\xf7\xd1" "\x16\xd2\xb0\x97\x6c\xf2\xec\x44\x7c\x03\x09\x31\x6d\x1d\xd3\x15\x00\x3b" "\x7a\x6a\x54\x33\xa2\xbb\x56\x0a\xe9\x9e\xc4\xb2\x27\xed\xa2\xe6\x3a\x1c" "\x31\xa2\xc2\xbd\x48\xa8\x22\xcb\xe9\x2b\x65\x24\xe0\xcd\x80\x20\xec\xaa" "\x34\xe1\x9e\x71\x94\xd1\xeb\x3d\xe6\xa5\xf9\x9f\x30\x1f\x89\xc2\xee\x62" "\x7e\x94\x9c\x68\xb3\xa4\xa4\x26\xa9\x96\xd5\x03\xa2\x6e\x9a\x71\x4e\xe5" "\xf7\x2d\x88\x05\xdd\x1b\xfb\xd0\x81\xf6\xa5\xd1\xf1\x28\x9d\xfe\x14\xcb" "\x91\x94\xe2\x6a\x44\xfa\xc2\x73\x46\x1f\xc5\xc0\xe0\xa3\x3d\xb7\xf2\xd4" "\x3e\xa8\x08\x6c\xf0\x59\xf4\x0f\xa2\x64\x59\x44\xcd\x9e\x7f\x2e\x6e\xf5" "\xf1\xe3\xa9\x4b\x10\x8e\xb9\x75\x0b\x6b\xfb\x74\xdd\x35\xf5\xa3\x10\x59" "\xc0\x15\x17\xcf\x4b\x66\x41\xfc\xe9\xa2\x4b\x96\x76\x7b\x83\x7c\xa0\x37" "\xa1\x19\x97\x35\xc3\x75\xc7\x05\xc7\x98\xe0\xe2\x08\xe4\xa5\x25\x9d\x0b" "\xfa\x52\x6b\x46\x2a\xf4\x5a\x6e\x9a\x84\xae\xbe\x02\x5c\x8a\x7f\x65\x81" "\x9f\x39\x75\x74\xdb\x7a\xb0\x1b\xd2\xb3\xe3\xcd\x28\xc5\xae\xc5\x0f\x8e" "\xdf\xe3\x9a\x00\xba\xfd\x68\x8a\x7e\xea\x04\xef\xde\xed\x96\xf6\x70\x12" "\xbc\x3f\x79\x5e\xdb\x68\xb5\xde\xc8\x0a\xd3\x1a\x85\x8e\xb7", 2499); *(uint64_t*)0x20000090 = 0x20000b80; memcpy((void*)0x20000b80, "GPL\000", 4); *(uint32_t*)0x20000098 = 0; *(uint32_t*)0x2000009c = 0; *(uint64_t*)0x200000a0 = 0; *(uint32_t*)0x200000a8 = 0; *(uint32_t*)0x200000ac = 0; memset((void*)0x200000b0, 0, 16); *(uint32_t*)0x200000c0 = 0; *(uint32_t*)0x200000c4 = 0; *(uint32_t*)0x200000c8 = -1; *(uint32_t*)0x200000cc = 8; *(uint64_t*)0x200000d0 = 0x20000000; *(uint32_t*)0x20000000 = 0; *(uint32_t*)0x20000004 = 0; *(uint32_t*)0x200000d8 = 0xfffffedf; *(uint32_t*)0x200000dc = 0x10; *(uint64_t*)0x200000e0 = 0x20000040; *(uint32_t*)0x20000040 = 0; *(uint32_t*)0x20000044 = 0; *(uint32_t*)0x20000048 = 0; *(uint32_t*)0x2000004c = 0; *(uint32_t*)0x200000e8 = 0; *(uint32_t*)0x200000ec = 0; *(uint32_t*)0x200000f0 = -1; *(uint32_t*)0x200000f4 = 0; *(uint64_t*)0x200000f8 = 0; *(uint64_t*)0x20000100 = 0; *(uint32_t*)0x20000108 = 0x10; *(uint32_t*)0x2000010c = 0; res = syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x20000080ul, /*size=*/0x48ul); if (res != -1) r[0] = res; *(uint32_t*)0x20000700 = r[0]; *(uint32_t*)0x20000704 = 0xc0; *(uint64_t*)0x20000708 = 0x20000640; *(uint32_t*)0x20000674 = 0; *(uint64_t*)0x20000678 = 0; *(uint32_t*)0x200006a8 = 0; *(uint32_t*)0x200006ac = 0; *(uint64_t*)0x200006b0 = 0; *(uint64_t*)0x200006b8 = 0; *(uint32_t*)0x200006c4 = 0; *(uint64_t*)0x200006c8 = 0; *(uint32_t*)0x200006d0 = 0; *(uint32_t*)0x200006d4 = 0; *(uint64_t*)0x200006d8 = 0; *(uint64_t*)0x200006e0 = 0; *(uint32_t*)0x200006e8 = 0; *(uint32_t*)0x200006ec = 0; *(uint32_t*)0x200006f0 = 0; *(uint32_t*)0x200006f4 = 0; *(uint64_t*)0x200006f8 = 0; res = syscall(__NR_bpf, /*cmd=*/0xful, /*arg=*/0x20000700ul, /*size=*/0x10ul); if (res != -1) r[1] = *(uint32_t*)0x20000644; *(uint32_t*)0x20000140 = r[1]; res = syscall(__NR_bpf, /*cmd=*/0xdul, /*arg=*/0x20000140ul, /*size=*/0x4cul); if (res != -1) r[2] = res; *(uint32_t*)0x20000180 = r[2]; *(uint32_t*)0x20000184 = 0; *(uint32_t*)0x20000188 = 0; *(uint32_t*)0x2000018c = 0; *(uint64_t*)0x20000190 = 0; *(uint64_t*)0x20000198 = 0; *(uint32_t*)0x200001a0 = 0xf000; *(uint32_t*)0x200001a4 = 0; *(uint32_t*)0x200001a8 = 0; *(uint32_t*)0x200001ac = 0; *(uint64_t*)0x200001b0 = 0; *(uint64_t*)0x200001b8 = 0; *(uint32_t*)0x200001c0 = 0; *(uint32_t*)0x200001c4 = 0; *(uint32_t*)0x200001c8 = 0; syscall(__NR_bpf, /*cmd=*/0xaul, /*arg=*/0x20000180ul, /*size=*/0x48ul); } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1, /*offset=*/0ul); for (procid = 0; procid < 5; procid++) { if (fork() == 0) { loop(); } } sleep(1000000); return 0; }