// https://syzkaller.appspot.com/bug?id=10c5292d7c48f788a5d730f6cf45f1f654c59322 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 280 #endif #ifndef __NR_mmap #define __NR_mmap 222 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 15000) continue; kill_and_wait(pid, &status); break; } } } void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } // bpf$PROG_LOAD arguments: [ // cmd: const = 0x5 (8 bytes) // arg: ptr[in, bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], fd_bpf_prog[opt]]] { // bpf_prog_t[flags[bpf_prog_type, int32], bpf_prog_attach_types, // bpf_btf_id[opt], fd_bpf_prog[opt]] { // type: bpf_prog_type = 0x1 (4 bytes) // ninsn: bytesize8 = 0x5 (4 bytes) // insns: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {bf 16 00 00 00 00 00 00 b7 07 00 00 01 00 00 // 00 40 70 00 00 00 00 00 00 50 00 00 00 00 00 e1 ff 95 00 00 00 // 00 00 00 00 2b a7 6b b3 31 23 75 1c 4e 34 5c 65 2f bc 16 26 cc // a2 a2 ad 75 80 61 50 ae 02 09 e6 27 51 ee 00 ba 19 ce 67 0d 25 // 01 00 00 02 00 00 04 00 00 00 9f c4 04 00 00 00 c7 88 b2 77 be // ee 11 bf 9b 0a 4d ef 23 d4 10 f6 ac cd 36 41 11 0b ec 4e 90 a6 // 34 19 65 da c0 3d 04 68 37 12 a0 b0 9e dc 9e 9e f8 f6 e3 96 ad // 20 0e 01 1e a6 65 c4 5a 34 49 ab e8 02 f5 ab 3e 89 cf 40 b8 58 // 02 18 ce 74 00 68 72 00 00 07 4e 3e 8e ea 3f d8 cf 49 82 7c a3 // 11 f5 b8 7e 1c a6 43 3a 8a cd 71 5f 58 88 b2 00 7f 00 00 00 00 // 00 00 00 00 01 00 00 00 00 00 fb 00 01 00 00 00 00 00 41 40 27 // ef c8 42 22 00 00 00 00 53 35 00 1d b4 3a 5c 00 00 00 00 00 00 // 00 00 24 00 00 00 00 00 00 00 00 00 e7 5a 81 2d ed 52 97 d5 31 // af bf 40 5f 1e 84 6c 12 42 00 00 00 00 00 00 ca d3 26 ad 7a dd // 65 87 3d 9f 87 46 3a d6 f7 c2 e8 ee 1a 39 24 49 60 b3 18 77 8f // 2a 04 7f 6d 5b c2 4f ef 5d 7d 61 7d a7 fb 5e 2a 43 1a b9 14 2f // 3a 06 d5 57 40 a4 30 88 69 6d aa ed 74 b9 c5 c2 96 47 d2 f9 50 // a9 59 cf 99 38 d6 df 86 00 a6 2e 96 b7 cb c3 08 91 f7 e5 ff 7f // d6 fc e4 24 c2 20 0a f6 c3 78 4a 19 75 fa 65 7d e3 8a 3a 32 a4 // fd 67 ce 44 6a c5 43 1d 07 db 79 24 0a ca f0 91 23 1b 98 6e 77 // d0 5d 98 8d 6e dc 71 df 48 dc a0 21 13 a3 83 00 07 46 2b 55 43 // f2 c1 66 95 57 b3 81 9d 8c 39 6d 2c 23 61 62 9d 10 22 f7 22 ec // 23 81 27 70 d7 2c d0 01 00 00 00 78 89 b8 c7 04 4f 56 3a 1f 68 // d4 ef f8 95 fd bc 46 3f 74 7c 08 f4 01 05 86 90 35 00 00 00 00 // 00 00 00 00 00 00 00 00 00 25 90 2e 4a 19 6f b1 69 78 00 00 00 // 00 00 00 00 00 00 00 00 08 00 00 00 3d df 4a a4 b1 c8 ba a0 ae // 6f eb 67 37 c2 75 dc 27 40 f7 42 b5 42 5f 1d 58 19 61 47 1c db // 05 00 00 00 00 00 00 00 d4 12 3f 95 52 67 fe 4a 75 c1 14 f8 74 // e0 86 28 75 47 d4 09 9a ee c9 f1 53 8e e2 5a 36 5c cf 4a 9b 60 // 4e 88 e1 2f f2 51 84 d4 e3 c6 f7 f6 23 55 94 35 b2 6b 50 fb 71 // 13 00 00 00 f0 bc 44 05 50 ee 91 30 2f 5a 00 00 00 00 00 00 00 // 00 00 00 00 00 00 00 00 00 e6 7c cc 00 14 8a c4 c4 30 21 cc e9 // f2 4f 4b 2f 94 92 c3 2e 7a f0 5c 64 89 78 d9 98 0b a4 97 89 90 // 6d 92 3e 49 16 f3 90 ab 7e dc d3 f5 b9 fe 14 44 6d d4 46 a5 21 // 31 c4 64 f2 c0 8e fb 46 d9 34 61 5c 86 31 b7 c4 2e fd 02 94 be // a1 79 b0 43 3f 5c 89 91 19 ec 2c 3f 45 23 11 0c 0a ce f5 38 3b // 5a 27 20 ca eb 68 f1 e9 c0 5b 05 d8 94 67 de d8 4d a0 92 de a2 // 62 e5 18 11 e2 d7 fa 51 57 22 51 6b d5 ef 6c 8c 49 66 e5 93 75 // 62 a5 64 8a 69 6a d3 9e 42 a7 09 7d de fe 06 71 f9 77 fb 14 58 // 90 f5 bf 41 ba 92 b8 c4 c8 b1 4f 0d 4a 88 0e f4 51 8b b3 28 81 // df d1 5d c8 4e 79 d3 26 33 7e 21 e0 41 65 4f 06 bd 7f 00 00 00 // 00 00 00 00 00 00 00 00 00 00 00 00 28 2f fe 00 00 00 00 09 35 // 0c fa 3a b1 09 ab 4a 7d 95 93 8c 53 34 a0 dd 17 7f 1a 73 89 ee // 57 0d 95 e5 43 a2 75 46 d3 77 07 40 f3 54 df 6d d6 b1 bf e4 10 // 4d 22 62 f3 3f 59 6d 60 6c cc e7 5a 3c 3d 5f 9a d9 4a 73 16 b0 // c6 ad 14 f1 39 8a 6b 39 b0 71 21 f6 36 da 41 8b 34 d4 86 77 cf // 8d 2d 99 ee 8a c5 01 42 bc dc c7 3d d7 3c c6 ec 46 89 6f fb 35 // ac 82 ac 7a 93 09 ea 07 39 6d 28 14 dc 63 0a d1 a9 91 39 34 84 // 9b e2 5f 7b 81 b5 9a aa 9f a2 e9 d6 ec af cf a1 de 81 b2 d3 58 // 1a b1 13 85 37 f9 8d 22 40 b6 c2 bf 40 56 9d a4 e2 bb 77 53 2a // b9 22 03 47 d7 83 19 61 7d 17 e1 4f 73 31 48 6e 80 b9 5c 88 ae // 11 b1 c6 b6 ea 6c 2b 23 11 d6 ce 63 15 cc 45 1d d5 0a c7 46 ac // d5 9d 07 5b 41 f9 a7 47 89 49 56 b1 04 53 cc f6 52 7d 8f 57 92 // 56 e9 84 9b ba f6 c7 c8 43 62 20 9d 3d 23 20 10 1d 57 5a 83 f3 // 3e 75 01 1e d8 b4 8a 2f 52 a0 3e c0 9c 27 7b 59 6d 5e b4 91 b6 // b3 80 53 3b e0 19 89 4e 7f c1 a4 14 ae 38 f1 f4 48 a7 f6 42 3b // b1 21 69 d6 f4 16 65 c5 ed fa 3b 47 ac d4 d2 3b 82 6d 15 36 15 // 28 d7 c5 a2 7e 11 20 ca 95 37 c8 c8 cc cb b3 ae 86 a9 18 94 37 // 21 20 48 8b 82 ec ad 35 38 89 9e 53 a3 68 44 aa 51 5e bd bb 1c // d6 9a 33 b5 84 f8 e1 c7 96 82 77 03 f3 89 4c 93 dd 5a 77 60 7c // b6 c1 19 1b 89 b3 03 c1 38 1f 3e 60 16 bf 6c 0e 71 07 50 b4 3e // b9 a8 fd 0d 7d 71 49 2a c4 3b ae c4 99 43 96 f0 fd fe 7c ec f2 // 48 b8 8b a9 40 6c 7b 8e 5e c4 88 2d 52 a0 cd 4b 9b 1c 83 27 e8 // 11 e6 ba 25 72 ff 5a 59 dc 8c 5c 90 46 4a a3 94 2b 4a 25 6e 8a // 51 31 55 fa e5 b3 eb cc 47 d2 e1 a8 76 8c 2d a2 19 f4 75 95 f8 // 32 39 68 8e f9 f5 59 37 c9 e3 44 7f b5 32 ca bc 44 bd 5b 80 53 // 56 cf 12 b8 95 14} (length 0x56a) // } // } // } // license: ptr[in, buffer] { // buffer: {47 50 4c 00} (length 0x4) // } // loglev: int32 = 0x0 (4 bytes) // logsize: len = 0x0 (4 bytes) // log: nil // kern_version: bpf_kern_version = 0x0 (4 bytes) // flags: bpf_prog_load_flags = 0x0 (4 bytes) // prog_name: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00} // (length 0x10) prog_ifindex: ifindex (resource) expected_attach_type: // union bpf_prog_attach_types { // fallback: bpf_attach_types = 0x0 (4 bytes) // } // btf_fd: fd_btf (resource) // func_info_rec_size: const = 0x8 (4 bytes) // func_info: nil // func_info_cnt: len = 0x0 (4 bytes) // line_info_rec_size: const = 0x10 (4 bytes) // line_info: nil // line_info_cnt: len = 0x0 (4 bytes) // attach_btf_id: bpf_btf_id (resource) // attach_prog_fd: fd_bpf_prog (resource) // core_relo_cnt: len = 0x0 (4 bytes) // fd_array: nil // core_relos: nil // core_relo_rec_size: const = 0x10 (4 bytes) // log_true_size: int32 = 0x0 (4 bytes) // prog_token_fd: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_prog_token_fd_wrapper { // void: buffer: {} (length 0x0) // } // pad: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_pad_wrapper { // value: const = 0x0 (4 bytes) // } // } // } // size: len = 0x48 (8 bytes) // ] // returns fd_bpf_prog *(uint32_t*)0x20000080 = 1; *(uint32_t*)0x20000084 = 5; *(uint64_t*)0x20000088 = 0x20001340; memcpy( (void*)0x20001340, "\xbf\x16\x00\x00\x00\x00\x00\x00\xb7\x07\x00\x00\x01\x00\x00\x00\x40\x70" "\x00\x00\x00\x00\x00\x00\x50\x00\x00\x00\x00\x00\xe1\xff\x95\x00\x00\x00" "\x00\x00\x00\x00\x2b\xa7\x6b\xb3\x31\x23\x75\x1c\x4e\x34\x5c\x65\x2f\xbc" "\x16\x26\xcc\xa2\xa2\xad\x75\x80\x61\x50\xae\x02\x09\xe6\x27\x51\xee\x00" "\xba\x19\xce\x67\x0d\x25\x01\x00\x00\x02\x00\x00\x04\x00\x00\x00\x9f\xc4" "\x04\x00\x00\x00\xc7\x88\xb2\x77\xbe\xee\x11\xbf\x9b\x0a\x4d\xef\x23\xd4" "\x10\xf6\xac\xcd\x36\x41\x11\x0b\xec\x4e\x90\xa6\x34\x19\x65\xda\xc0\x3d" "\x04\x68\x37\x12\xa0\xb0\x9e\xdc\x9e\x9e\xf8\xf6\xe3\x96\xad\x20\x0e\x01" "\x1e\xa6\x65\xc4\x5a\x34\x49\xab\xe8\x02\xf5\xab\x3e\x89\xcf\x40\xb8\x58" "\x02\x18\xce\x74\x00\x68\x72\x00\x00\x07\x4e\x3e\x8e\xea\x3f\xd8\xcf\x49" "\x82\x7c\xa3\x11\xf5\xb8\x7e\x1c\xa6\x43\x3a\x8a\xcd\x71\x5f\x58\x88\xb2" "\x00\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\xfb\x00" "\x01\x00\x00\x00\x00\x00\x41\x40\x27\xef\xc8\x42\x22\x00\x00\x00\x00\x53" "\x35\x00\x1d\xb4\x3a\x5c\x00\x00\x00\x00\x00\x00\x00\x00\x24\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\xe7\x5a\x81\x2d\xed\x52\x97\xd5\x31\xaf\xbf\x40" "\x5f\x1e\x84\x6c\x12\x42\x00\x00\x00\x00\x00\x00\xca\xd3\x26\xad\x7a\xdd" "\x65\x87\x3d\x9f\x87\x46\x3a\xd6\xf7\xc2\xe8\xee\x1a\x39\x24\x49\x60\xb3" "\x18\x77\x8f\x2a\x04\x7f\x6d\x5b\xc2\x4f\xef\x5d\x7d\x61\x7d\xa7\xfb\x5e" "\x2a\x43\x1a\xb9\x14\x2f\x3a\x06\xd5\x57\x40\xa4\x30\x88\x69\x6d\xaa\xed" "\x74\xb9\xc5\xc2\x96\x47\xd2\xf9\x50\xa9\x59\xcf\x99\x38\xd6\xdf\x86\x00" "\xa6\x2e\x96\xb7\xcb\xc3\x08\x91\xf7\xe5\xff\x7f\xd6\xfc\xe4\x24\xc2\x20" "\x0a\xf6\xc3\x78\x4a\x19\x75\xfa\x65\x7d\xe3\x8a\x3a\x32\xa4\xfd\x67\xce" "\x44\x6a\xc5\x43\x1d\x07\xdb\x79\x24\x0a\xca\xf0\x91\x23\x1b\x98\x6e\x77" "\xd0\x5d\x98\x8d\x6e\xdc\x71\xdf\x48\xdc\xa0\x21\x13\xa3\x83\x00\x07\x46" "\x2b\x55\x43\xf2\xc1\x66\x95\x57\xb3\x81\x9d\x8c\x39\x6d\x2c\x23\x61\x62" "\x9d\x10\x22\xf7\x22\xec\x23\x81\x27\x70\xd7\x2c\xd0\x01\x00\x00\x00\x78" "\x89\xb8\xc7\x04\x4f\x56\x3a\x1f\x68\xd4\xef\xf8\x95\xfd\xbc\x46\x3f\x74" "\x7c\x08\xf4\x01\x05\x86\x90\x35\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x25\x90\x2e\x4a\x19\x6f\xb1\x69\x78\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x08\x00\x00\x00\x3d\xdf\x4a\xa4\xb1\xc8\xba\xa0\xae" "\x6f\xeb\x67\x37\xc2\x75\xdc\x27\x40\xf7\x42\xb5\x42\x5f\x1d\x58\x19\x61" "\x47\x1c\xdb\x05\x00\x00\x00\x00\x00\x00\x00\xd4\x12\x3f\x95\x52\x67\xfe" "\x4a\x75\xc1\x14\xf8\x74\xe0\x86\x28\x75\x47\xd4\x09\x9a\xee\xc9\xf1\x53" "\x8e\xe2\x5a\x36\x5c\xcf\x4a\x9b\x60\x4e\x88\xe1\x2f\xf2\x51\x84\xd4\xe3" "\xc6\xf7\xf6\x23\x55\x94\x35\xb2\x6b\x50\xfb\x71\x13\x00\x00\x00\xf0\xbc" "\x44\x05\x50\xee\x91\x30\x2f\x5a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\xe6\x7c\xcc\x00\x14\x8a\xc4\xc4\x30\x21\xcc\xe9" "\xf2\x4f\x4b\x2f\x94\x92\xc3\x2e\x7a\xf0\x5c\x64\x89\x78\xd9\x98\x0b\xa4" "\x97\x89\x90\x6d\x92\x3e\x49\x16\xf3\x90\xab\x7e\xdc\xd3\xf5\xb9\xfe\x14" "\x44\x6d\xd4\x46\xa5\x21\x31\xc4\x64\xf2\xc0\x8e\xfb\x46\xd9\x34\x61\x5c" "\x86\x31\xb7\xc4\x2e\xfd\x02\x94\xbe\xa1\x79\xb0\x43\x3f\x5c\x89\x91\x19" "\xec\x2c\x3f\x45\x23\x11\x0c\x0a\xce\xf5\x38\x3b\x5a\x27\x20\xca\xeb\x68" "\xf1\xe9\xc0\x5b\x05\xd8\x94\x67\xde\xd8\x4d\xa0\x92\xde\xa2\x62\xe5\x18" "\x11\xe2\xd7\xfa\x51\x57\x22\x51\x6b\xd5\xef\x6c\x8c\x49\x66\xe5\x93\x75" "\x62\xa5\x64\x8a\x69\x6a\xd3\x9e\x42\xa7\x09\x7d\xde\xfe\x06\x71\xf9\x77" "\xfb\x14\x58\x90\xf5\xbf\x41\xba\x92\xb8\xc4\xc8\xb1\x4f\x0d\x4a\x88\x0e" "\xf4\x51\x8b\xb3\x28\x81\xdf\xd1\x5d\xc8\x4e\x79\xd3\x26\x33\x7e\x21\xe0" "\x41\x65\x4f\x06\xbd\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x28\x2f\xfe\x00\x00\x00\x00\x09\x35\x0c\xfa\x3a\xb1\x09\xab" "\x4a\x7d\x95\x93\x8c\x53\x34\xa0\xdd\x17\x7f\x1a\x73\x89\xee\x57\x0d\x95" "\xe5\x43\xa2\x75\x46\xd3\x77\x07\x40\xf3\x54\xdf\x6d\xd6\xb1\xbf\xe4\x10" "\x4d\x22\x62\xf3\x3f\x59\x6d\x60\x6c\xcc\xe7\x5a\x3c\x3d\x5f\x9a\xd9\x4a" "\x73\x16\xb0\xc6\xad\x14\xf1\x39\x8a\x6b\x39\xb0\x71\x21\xf6\x36\xda\x41" "\x8b\x34\xd4\x86\x77\xcf\x8d\x2d\x99\xee\x8a\xc5\x01\x42\xbc\xdc\xc7\x3d" "\xd7\x3c\xc6\xec\x46\x89\x6f\xfb\x35\xac\x82\xac\x7a\x93\x09\xea\x07\x39" "\x6d\x28\x14\xdc\x63\x0a\xd1\xa9\x91\x39\x34\x84\x9b\xe2\x5f\x7b\x81\xb5" "\x9a\xaa\x9f\xa2\xe9\xd6\xec\xaf\xcf\xa1\xde\x81\xb2\xd3\x58\x1a\xb1\x13" "\x85\x37\xf9\x8d\x22\x40\xb6\xc2\xbf\x40\x56\x9d\xa4\xe2\xbb\x77\x53\x2a" "\xb9\x22\x03\x47\xd7\x83\x19\x61\x7d\x17\xe1\x4f\x73\x31\x48\x6e\x80\xb9" "\x5c\x88\xae\x11\xb1\xc6\xb6\xea\x6c\x2b\x23\x11\xd6\xce\x63\x15\xcc\x45" "\x1d\xd5\x0a\xc7\x46\xac\xd5\x9d\x07\x5b\x41\xf9\xa7\x47\x89\x49\x56\xb1" "\x04\x53\xcc\xf6\x52\x7d\x8f\x57\x92\x56\xe9\x84\x9b\xba\xf6\xc7\xc8\x43" "\x62\x20\x9d\x3d\x23\x20\x10\x1d\x57\x5a\x83\xf3\x3e\x75\x01\x1e\xd8\xb4" "\x8a\x2f\x52\xa0\x3e\xc0\x9c\x27\x7b\x59\x6d\x5e\xb4\x91\xb6\xb3\x80\x53" "\x3b\xe0\x19\x89\x4e\x7f\xc1\xa4\x14\xae\x38\xf1\xf4\x48\xa7\xf6\x42\x3b" "\xb1\x21\x69\xd6\xf4\x16\x65\xc5\xed\xfa\x3b\x47\xac\xd4\xd2\x3b\x82\x6d" "\x15\x36\x15\x28\xd7\xc5\xa2\x7e\x11\x20\xca\x95\x37\xc8\xc8\xcc\xcb\xb3" "\xae\x86\xa9\x18\x94\x37\x21\x20\x48\x8b\x82\xec\xad\x35\x38\x89\x9e\x53" "\xa3\x68\x44\xaa\x51\x5e\xbd\xbb\x1c\xd6\x9a\x33\xb5\x84\xf8\xe1\xc7\x96" "\x82\x77\x03\xf3\x89\x4c\x93\xdd\x5a\x77\x60\x7c\xb6\xc1\x19\x1b\x89\xb3" "\x03\xc1\x38\x1f\x3e\x60\x16\xbf\x6c\x0e\x71\x07\x50\xb4\x3e\xb9\xa8\xfd" "\x0d\x7d\x71\x49\x2a\xc4\x3b\xae\xc4\x99\x43\x96\xf0\xfd\xfe\x7c\xec\xf2" "\x48\xb8\x8b\xa9\x40\x6c\x7b\x8e\x5e\xc4\x88\x2d\x52\xa0\xcd\x4b\x9b\x1c" "\x83\x27\xe8\x11\xe6\xba\x25\x72\xff\x5a\x59\xdc\x8c\x5c\x90\x46\x4a\xa3" "\x94\x2b\x4a\x25\x6e\x8a\x51\x31\x55\xfa\xe5\xb3\xeb\xcc\x47\xd2\xe1\xa8" "\x76\x8c\x2d\xa2\x19\xf4\x75\x95\xf8\x32\x39\x68\x8e\xf9\xf5\x59\x37\xc9" "\xe3\x44\x7f\xb5\x32\xca\xbc\x44\xbd\x5b\x80\x53\x56\xcf\x12\xb8\x95" "\x14", 1386); *(uint64_t*)0x20000090 = 0x20000140; memcpy((void*)0x20000140, "GPL\000", 4); *(uint32_t*)0x20000098 = 0; *(uint32_t*)0x2000009c = 0; *(uint64_t*)0x200000a0 = 0; *(uint32_t*)0x200000a8 = 0; *(uint32_t*)0x200000ac = 0; memset((void*)0x200000b0, 0, 16); *(uint32_t*)0x200000c0 = 0; *(uint32_t*)0x200000c4 = 0; *(uint32_t*)0x200000c8 = -1; *(uint32_t*)0x200000cc = 8; *(uint64_t*)0x200000d0 = 0; *(uint32_t*)0x200000d8 = 0; *(uint32_t*)0x200000dc = 0x10; *(uint64_t*)0x200000e0 = 0; *(uint32_t*)0x200000e8 = 0; *(uint32_t*)0x200000ec = 0; *(uint32_t*)0x200000f0 = -1; *(uint32_t*)0x200000f4 = 0; *(uint64_t*)0x200000f8 = 0; *(uint64_t*)0x20000100 = 0; *(uint32_t*)0x20000108 = 0x10; *(uint32_t*)0x2000010c = 0; *(uint32_t*)0x20000110 = 0; syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x20000080ul, /*size=*/0x48ul); } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; loop(); return 0; }