// https://syzkaller.appspot.com/bug?id=28559ed09c03ef0bd768eb893807c634772c6443 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[3] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_one(void) { intptr_t res = 0; if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } // bpf$PROG_LOAD arguments: [ // cmd: const = 0x5 (8 bytes) // arg: ptr[in, bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], fd_bpf_prog[opt]]] { // bpf_prog_t[flags[bpf_prog_type, int32], bpf_prog_attach_types, // bpf_btf_id[opt], fd_bpf_prog[opt]] { // type: bpf_prog_type = 0x11 (4 bytes) // ninsn: bytesize8 = 0xc (4 bytes) // insns: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // 00 18 11 00 00} (length 0x14) // } // union ANYUNION { // ANYRES32: ANYRES32 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {00 00 00 00 00 00 00 00 b7 08 00 00 00 00 09 // 00 7b 8a f8 ff 00 00 00 00 bf a2 00 00 00 00 00 00 07 02 00 00 // f8 ff ff ff b7 03 00 00 08 00 00 00 b7 04 00 00 00 00 00 00 85 // 00 00 00 01 00 00 00 95} (length 0x41) // } // } // } // license: nil // loglev: int32 = 0x0 (4 bytes) // logsize: len = 0x0 (4 bytes) // log: nil // kern_version: bpf_kern_version = 0x0 (4 bytes) // flags: bpf_prog_load_flags = 0x0 (4 bytes) // prog_name: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00} // (length 0x10) prog_ifindex: ifindex (resource) expected_attach_type: // union bpf_prog_attach_types { // fallback: bpf_attach_types = 0x0 (4 bytes) // } // btf_fd: fd_btf (resource) // func_info_rec_size: const = 0x0 (4 bytes) // func_info: nil // func_info_cnt: len = 0x0 (4 bytes) // line_info_rec_size: const = 0x0 (4 bytes) // line_info: nil // line_info_cnt: len = 0x0 (4 bytes) // attach_btf_id: bpf_btf_id (resource) // attach_prog_fd: fd_bpf_prog (resource) // core_relo_cnt: len = 0x0 (4 bytes) // fd_array: nil // core_relos: nil // core_relo_rec_size: const = 0x0 (4 bytes) // log_true_size: int32 = 0x0 (4 bytes) // prog_token_fd: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_prog_token_fd_wrapper { // void: buffer: {} (length 0x0) // } // pad: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_pad_wrapper { // value: const = 0x0 (4 bytes) // } // } // } // size: len = 0x94 (8 bytes) // ] // returns fd_bpf_prog *(uint32_t*)0x2000000000c0 = 0x11; *(uint32_t*)0x2000000000c4 = 0xc; *(uint64_t*)0x2000000000c8 = 0x200000000440; memcpy((void*)0x200000000440, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18" "\x11\x00\x00", 20); *(uint32_t*)0x200000000454 = -1; memcpy((void*)0x200000000458, "\x00\x00\x00\x00\x00\x00\x00\x00\xb7\x08\x00\x00\x00\x00\x09\x00\x7b" "\x8a\xf8\xff\x00\x00\x00\x00\xbf\xa2\x00\x00\x00\x00\x00\x00\x07\x02" "\x00\x00\xf8\xff\xff\xff\xb7\x03\x00\x00\x08\x00\x00\x00\xb7\x04\x00" "\x00\x00\x00\x00\x00\x85\x00\x00\x00\x01\x00\x00\x00\x95", 65); *(uint64_t*)0x2000000000d0 = 0; *(uint32_t*)0x2000000000d8 = 0; *(uint32_t*)0x2000000000dc = 0; *(uint64_t*)0x2000000000e0 = 0; *(uint32_t*)0x2000000000e8 = 0; *(uint32_t*)0x2000000000ec = 0; memset((void*)0x2000000000f0, 0, 16); *(uint32_t*)0x200000000100 = 0; *(uint32_t*)0x200000000104 = 0; *(uint32_t*)0x200000000108 = -1; *(uint32_t*)0x20000000010c = 0; *(uint64_t*)0x200000000110 = 0; *(uint32_t*)0x200000000118 = 0; *(uint32_t*)0x20000000011c = 0; *(uint64_t*)0x200000000120 = 0; *(uint32_t*)0x200000000128 = 0; *(uint32_t*)0x20000000012c = 0; *(uint32_t*)0x200000000130 = 0; *(uint32_t*)0x200000000134 = 0; *(uint64_t*)0x200000000138 = 0; *(uint64_t*)0x200000000140 = 0; *(uint32_t*)0x200000000148 = 0; *(uint32_t*)0x20000000014c = 0; *(uint32_t*)0x200000000150 = 0; syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x2000000000c0ul, /*size=*/0x94ul); // bpf$MAP_CREATE arguments: [ // cmd: const = 0x0 (8 bytes) // arg: ptr[in, bpf_map_create_arg] { // union bpf_map_create_arg { // base: bpf_map_create_arg_t[flags[bpf_map_type, int32], int32, int32, // int32, flags[map_flags, int32], const[0, int64]] { // type: bpf_map_type = 0xb (4 bytes) // ksize: int32 = 0x8 (4 bytes) // vsize: int32 = 0xc (4 bytes) // max: int32 = 0xffffbfff (4 bytes) // flags: map_flags = 0x1 (4 bytes) // inner: fd_bpf_map (resource) // node: int32 = 0x0 (4 bytes) // map_name: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // 00} (length 0x10) map_ifindex: ifindex (resource) btf_fd: fd_btf // (resource) btf_key_type_id: int32 = 0x0 (4 bytes) // btf_value_type_id: int32 = 0x0 (4 bytes) // btf_vmlinux_type_id: int32 = 0x0 (4 bytes) // map_extra: const = 0x0 (8 bytes) // value_type_btf_obj_fd: union // _bpf_map_create_arg_t[flags[bpf_map_type, int32], int32, int32, // int32, flags[map_flags, int32], const[0, // int64]]_value_type_btf_obj_fd_wrapper { // void: buffer: {} (length 0x0) // } // pad1: union _bpf_map_create_arg_t[flags[bpf_map_type, int32], // int32, int32, int32, flags[map_flags, int32], const[0, // int64]]_pad1_wrapper { // value: const = 0x0 (4 bytes) // } // map_token_fd: union _bpf_map_create_arg_t[flags[bpf_map_type, // int32], int32, int32, int32, flags[map_flags, int32], const[0, // int64]]_map_token_fd_wrapper { // void: buffer: {} (length 0x0) // } // pad2: union _bpf_map_create_arg_t[flags[bpf_map_type, int32], // int32, int32, int32, flags[map_flags, int32], const[0, // int64]]_pad2_wrapper { // value: const = 0x0 (4 bytes) // } // } // } // } // size: len = 0x50 (8 bytes) // ] // returns fd_bpf_map *(uint32_t*)0x2000000000c0 = 0xb; *(uint32_t*)0x2000000000c4 = 8; *(uint32_t*)0x2000000000c8 = 0xc; *(uint32_t*)0x2000000000cc = 0xffffbfff; *(uint32_t*)0x2000000000d0 = 1; *(uint32_t*)0x2000000000d4 = 1; *(uint32_t*)0x2000000000d8 = 0; memset((void*)0x2000000000dc, 0, 16); *(uint32_t*)0x2000000000ec = 0; *(uint32_t*)0x2000000000f0 = -1; *(uint32_t*)0x2000000000f4 = 0; *(uint32_t*)0x2000000000f8 = 0; *(uint32_t*)0x2000000000fc = 0; *(uint64_t*)0x200000000100 = 0; *(uint32_t*)0x200000000108 = 0; *(uint32_t*)0x20000000010c = 0; res = syscall(__NR_bpf, /*cmd=*/0ul, /*arg=*/0x2000000000c0ul, /*size=*/0x50ul); if (res != -1) r[0] = res; // bpf$PROG_LOAD arguments: [ // cmd: const = 0x5 (8 bytes) // arg: ptr[in, bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], fd_bpf_prog[opt]]] { // bpf_prog_t[flags[bpf_prog_type, int32], bpf_prog_attach_types, // bpf_btf_id[opt], fd_bpf_prog[opt]] { // type: bpf_prog_type = 0xa (4 bytes) // ninsn: bytesize8 = 0x3 (4 bytes) // insns: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {85 00 00 00 22 00 00 00 07 00 00 00 00 00 00 // 08 95 00 00 00 00 00 00 00 e2 6c 9b d1 a6 36 1b 80 cd d6 ff 07 // 00 00 00 00 00 08 69 04 5a ac 00 00 65 9f 55 df 08 f9 b9 07 88 // ff 7f 00 00 00 10 00 00 29 c2 1e bb cd e6 1d 8a b5 92 0a ef 6c // 3e 00 7f e6 12 41 63 89 62 cf 0b 89 ef 50 6c fd 3f 1d 41 63 d3 // cf ca 37 33 b3 00 70 a7 cf 53 02 1a 95 54 32 00 00 00 00 00 00 // 00 14 56 9d 65 e3 3d 46 f8 d8 ae 24 ba 69 c6 57 af ac 04 37 9c // b5 36 00 8c 21 99 91 70 4f 11 c5 a0 1b a6 2e d8 f2 c6 a5 03 dd // 1b 1d 07 6f 03 b0 f9 17 c7 66 f3 a7 59 8b bc 00 fe b3 bc 8e 88 // f7 9d f5 17 b3 7b 56 bc bc 29 00 80 00 00 00 00 00 00 e6 75 45 // 8a 43 b8 a8 93 5b f9 cf 0b e7 d0 ae aa c4 14 05 e3 41 cd 0b a0 // d6 fd 56 24 89 da d5 95 71 2a 40 51 bb 6c f8 26 ab 75 71 93 fe // 09 3b 8b 33 53 fb bb 27 8d 19 00 00 00 00 00 00 00 7b 61 80 5e // d4 30 ef 06 00 00 00 00 00 00 00 1e 93 f6 40 f1 59 32 0c 8b 08 // 8f 4d 64 97 7b 2e b3 12 d4 96 7a ff 9e 4c 14 c6 6c 90 00 00 54 // ed 82 c7 cb a4 c8 1f 91 d6 df ed 18 76 7b f0 df 58 4b 4b 6c 42 // 04 df 41 1f 92 1e 3a a0 2a 67 dd 32 4b 81 76 02 0e 9c 02 47 51 // df 38 c0 57 27 f8 2c 92 04 6b fe 64 ba bb 6d 7b a8 65 26 b7 88 // 6a 0c 24 81 c5 81 28 12 a6 fa 3f ca 37 58 cb d8 c3 2b 25 c2 8b // e2 25 bd 1f 16 29 7b aa 06 5f 5b f9 63 30 fa d0 aa a4 38 8c 06 // c0 eb 2e cd f8 29 af 95 77 fc d8 68 cc 26 9b 74 00 00 b7 77 d7 // 3a 63 24 6c e6 f0 46 71 67 62 63 29 ab 91 df 7a 13 d9 ec 9a 64 // e7 f6 b5 6a ea b8 c3 8f 69 a2 13 c9 6e 2d 2a d7 97 8c 9d 72 1c // 27 0f 27 e7 02 5d 57 65 35 19 87 42 d4 03 ec 43 57 2d 7d 0b af // 00 e8 82 61 7b 26 06 27 80 5c a4 42 00 33 5e a4 36 30 66 94 4d // 0a a6 fe b9 70 5b 09 ba 40 d4 64 25 19 28 11 51 f8 75 cb f1 3a // 58 2f 90 ad 71 9f 0e cc f0 2a 47 3d d5 08 a1 61 38 90 49 33 68 // 9e a6 ee 02 41 20 64 73 07 00 ae ff 2b 69 c2 f2 bf 6f 69 1c 35 // 60 e0 68 74 3a e8 e8 77 12 80 da 61 fd 8f dc 3f 7a 35 ea 35 2e // 35 75 3c 59 eb c1 bd 27 ab 66 03 e6 af b1 b3 f0 57 fb b7 ed 3a // ab e7 02 b3 c6 30 1d 3f 5c 29 5d 1d 69 d1 54 1d 0e 64 63 1c 95 // d6 c0 99 9e 27 e8 d1 a5 8f 6a 00 f1 91 02 d2 bf af 53 f2 5a 45 // 63 7b 1c 57 7a e5 0c 4c 56 d9 ab c4 0c 64 a2 0c 14 ff 0b 1b f4 // d2 3f e0 7a e9 0f 50 3b a9 c6 4b f8 9b 26 e7 d8 d7 07 10 b0 4f // 9e ce 69 02 3a ca db b4 58 22 72 e5 b3 a0 42 9a 56 75 e5 a9 55 // 4d e5 49 45 d9 a2 70 18 0e 05 45 b0 c8 24 ad 36 f7 cc 8b e1 2b // 38 74 d5 a1 93 49 b0 ed e8 45 e9 ec e2 4d 54 6d 3a f1 ba e0 69 // b8 9f 6e cf 2a ab b1 7e b1 84 0b c8 e0 ed 1d d8 b9 b7 ee af 32 // a1 85 d8 02 50 a7 f2 ee b7 56 ea da fe 20 bb c6 16 bc 44 b3 47 // ab c8 ca f7 22 b2 c3 b0 68 84 c1 d1 69 0f 23 b0 6f a4 54 1b b2 // a8 10 73 b4 52 76 4f 04 bd 39 00 8b 65 ee 22 2c f6 97 ac 21 b0 // 87 54 8e 97 08 df fa ff 28 59 e9 73 b1 e8 86 68 c8 02 2c c6 da // c8 54 81 67 e5 79 8e c9 c7 d2 88 a7 fa 77 49 f0 75 13 18 7c d8 // f0 60 ab bb c5 e3 7d d1 be 3a ab 92 7b e1 b4 09 be 73 3b 74 08 // 53 4e 5b 09 51 e9 ec fd 0a 1c 77 e3 a2 9b e4 c4 09 33 30 12 46 // 15 05 6e 3c e0 ce 6a c9 1b 12 42 d3 bb 2e 78 7a 18 6d c2 ec 28 // 4d 60 e9 d8 a0 38 84 a2 2e ea a1 ef a4 97 ee 88 c6 cb 56 5b 16 // 4a 26 0a fb 51 57 e3 92 b1 eb b1 a4 d4 f9 92 01 1e cb ac 4a 0a // 6d f5 bd c6 f7 99 4a 42 2b b2 76 1e dd 2d 8f 20 f5 f8 79 a8 8f // 89 d4 8b 83 14 f8 62 58 5e 4b 7a 9d 6a 66 81 f4 0e 8b 82 cc 65 // 55 dc db 95 1d 16 4c c9 a7 0e 64 0a c8 97 4f aa 25 87 a6 e3 af // 3b 94 58 f7 d4 b4 07 7b 30 02 53 6b 10 ea 24 d7 33 07 a3 30 90 // c4 c2 70 90 9a 53 22 ea c3 2c b1 75 e6 8f a8 34 57 b2 14 65 c0 // 8c 02 dc ef cc c0 c7 14 c2 86 2d db e5 67 75 5f 05 a1 e6 71 32 // 8d 16 0d 37 52 34 5c a1 db 6e 74 c7 20 e4 2a fc a9 82 ba 6b ef // d9 6c 55 75 f1 dd 8f 87 ff 66 06 30 1c 00 00 00 00 00 00 00 00 // 00 00 00 00 00 00 00 00 00 00 00 04 d0 d5 4b 4c af 78 01 87 66 // cd b9 71 e8 b1 68 d4 76 3c 21 18 1f 00 00 00 03 d4 e1 d8 42 ca // f4 57 79 7f 93 db 93 e4 f3 8a 9d bd 79 f6 bf 5d c4 0b 55 fd bf // 9b 85 66 65 06 1b 2e 29 24 f2 7e b2 d2 b5 a1 81 cc fd 9e eb 11 // de c1 65 b6 f1 24 33 f0 0b b0 61 24 04 1f fd cd cd c9 1f 3b 3b // 76 63 5a 68 9c 92 49 cf 69 bc ae 65 4b fa 81 e7 5b 7c 70 02 b8 // 83 c5 60 26 d8 35 20 39 5b 7d 51 1f 60 7c f2 f8 99 c7 b1 c7 5e // 21 92 f7 75 d7 22 47 16 72 85 85 75 88 ac e1 11 5f be bf e6 3c // 16 b8 4c f7 03 6d 41 c4 93 a6 3c 09 f2 ce 46 c1 f5 99 5c 2d 7f // e5 8c 15 e6 4b b4 cb 7e 7f 33 6c c2 2f a1 ea 13 63 bc e3 75 bd // 3d 57 9b e1 dd db 08 ed 51 47 b6 29 e4 b3 f0 e6 57 83 ee 5e 20 // d9 27 08 02 f2 a7 50 07 38 bf 35 61 31 ca 53 e9 d7 ba 8d 48 6f // b2 62 52 d6 84 b8 4f a2 46 39 08 90 64 ca 7b 93 05 7c 04 1f 12 // d5 44 da b4 d2 4a 4f 95 2b 4f 26 5a 69 ba 27 99 29 95 99 91 b7 // ac 63 78 60 55 b3 c0 29 a0 e8 b6 e4 c2 64 97 c0 29 bb 61 46 26 // 23 a5 85 56 cd 62 84 4d 4d 23 cc 73 8e e5 b3 6c 71 d2 c0 10 b0 // 89 25 1d 58 06 00 0b 1a de 92 dd 9f 44 14 68 96 7c 05 2a ec d9 // de 81 b4 b5 5d 06 67 05 97 99 1f 37 dd c4 fa 19 a6 36 9d 5b f7 // 6c 47 46 33 a3 37 f6 76 ad 25 58 69 88 1d a5 ca dc f4 9c e9 18 // 81 29 cc 97 89 77 f8 7b 32 bd 49 45 75 36 43 0f fb d3 e0 1e 67 // ff 08 76 44 f5 2f cf 0a 3c 73 2b 05 86 cb 87 97 2c 43 d2 61 6b // f4 e5 21 dc 31 26 bf 17 60 24 3d 51 a1 97 d3 ec fd 74 bd 62 5e // 9f 49 61 75 cf ea aa 02 08 17 d3 3d 51 3f 3e 97 85 4e a7 6e 04 // e9 6a 86 39 a2 97 87 14 85 a8 60 9f 8c a8 42 b3 32 19 32 c4 d9 // e2 24 a0 ce c5 94 6c ec 9e 35 9f d3 68 74 15 ca d5 fb 8c 67 81 // 36 f3 6d 9f 78 1f ad e9 f2 46 94 77 74 8f 4d fa 0f 56 c3 26 c8 // 9b b5 d0 7f 35 aa f9 53 03 b5 a6 20 fc 84 e1 c7 35 64 78 95 71 // 3c bc ea 57 b2 27 78 31 f8 f6 33 f0 d2 93 71 e6 45 e5 54 4e 57 // 01 0a 9b 76 45 7f 6a d7 32 31 a9 f3 1f 6b bb 1b 95 24 8a ed a5 // a9 df 9d ea 64 cc 1f d1 f0 6a 98 0f cf 3a 79 2b b0 91 0e 45 fc // e2 98 ab 0a 02 98 fc 33 a4 23 e8 60 d5 b3 08 d7 84 93 81 b2 94 // 10 6a f2 5f 15 fe c0 47 d5 b8 44 a9 9f 36 e3 42 16 5d f7 28 e3 // 81 b4 8c 20 e0 90 0f 8d 26 51 57 46 7d 34 94 f2 b9 6a cf 06 0f // 74 08 47 60 d2 26 f5 0e db 11 5c 2e 07 5f 3c 66 3a 4b 41 69 b9 // 00 fa 0a 13 cf 79 6e 0d 7a 9d ad 86 95 3c 13 ed 62 41 20 6d 68 // 2e 19 4c 64 c4 91 de 6a 53 1e 9b d4 5a be 70 5f 07 00 0a 82 cc // d4 1a 2c 1b 9d 5d d8 bf 6c 28 65 3e b8 4f 11 7e 47 6e 05 2a 9d // b7 90 e0 a7 1d ac 9d 8b 34 3e fe bd c0 26 86 00 00 00 00 00 00 // 00 00 00 00 00 00 00 00 aa d5 79 30 20 85 df df 75 be a2 47 98 // c6 80 b3 de 34 1e 3b d5 75 43 cd 8d fd 58 bc eb db b8 83 c7 43 // ed 43 ba 7f 54 0f 2c 4e 03 10 c2 1e 7d ef f9 e4 5b 8b d2 cf 65 // bb 58 40 91 b8 e8 0e 34 b3 e5 91 85 fe 32 d1 d7 3d d4 f6 27 12 // a3 9b 13 66 15 16 72 3b 6b 80 a7 e9 9e 5a a6 53 69 82 c0 22 75 // fc 53 fa 3e f1 4d 9f cc b0 5f 9c 4e 69 a3 af 0f de 86 3a f2 d9 // a0 f8 a9 4f c5 71 b0 ab 4a d7 14 f4 1f a4 ee 0b 8b 44 e3 c4 1a // 31 25 be 95 e4 b2 3d 5f 05 39 58 52 76 1b fa eb e0 db 97 9d 5f // 39 91 d8 26 cc 74 54 2b 85 cf d0 db a6 6b c9 3c fd 79 17 8a b0 // b7 9f a3 b2 9f f9 c1 9e 04 24 51 3c 91 98 01 87 c9 d9 4b 83 54 // 33 7a 1f c7 82 50 5d b9 00 c4 7d 83 bd 49 27 6c fe 6e 24 2b a8 // 36 5b 1e a4 59 8a 21 f5 0f 54 15 a7 09 90 b5 bb 4a 1f 6b d8 ac // df 2c 7d a3 d6 48 75 47 67 08 9c 9b 5c eb 55 6f af a3 cc 5a fd // 2f 3e 9a 62 a9 02 62 a7 6f f8 9a 27 51 b5 9a 74 4f 0d 3f 36 ca // 50 33 57 da a3 e2 9c e6 f3 57 dc 1e 48 39 27 7d 00 3e 93 fd bb // 95 5e 1a 13 02 a7 6a ea 7e 73 83 50 94 fb 15 46 4e 94 e8 14 c7 // 7c 29 31 21 d0 43 3e 80 d4 44 c4 ca 17 ab af 32 b5 21 d8 68 66 // 66 05 5d a0 23 ae f9 c8 df 3e 80 d2 ed 64 0e d1 0a a1 9a 03 6d // ce f1 72 db d3 b3 60 0b 69 d7 b9 0c 62 22 e1 67 d7 c7 60 59 f2 // b5 f3 b3 00 4e 8a 20 d1 f6 61 2e fe b6 29 57 3b e9 7a a9 49 c6 // 01 6e 7e 16 28 3e 84 98 6a aa 4f c8 a0 98 70 8e be 36 f3 77 ad // a6 3d 9b 46 4c 39 34 2e 06 82 54 98 62 de 3e c7 5e 7b 03 1b c4 // 9f 34 1a 21 41 7f b6 37 5e 87 01 48 1b 59 d1 72 2c 83 69 61 80 // 46 66 80 16 78 eb 25 75 0b 52 0b f1 61 5a 4b bf 30 aa 74 d6 0e // c6 b6 57 f2 dd 29 8b 04 19 da 43 fc 70 8a 60 c9 4a 7f f2 fd 6a // 2d 08 00 5a d7 3c 9e 2d 61 43 d2 85 7b e8 fb 3f 12 bf a6 62 8b // cc b1 53 e3 91 72 d0 75 63 d6 a1 dc 75 c3 47 c0 80 60 30 4f 09 // 12 30 bd 74 b4 9e cd d1 3b f4 80 db 39 84 62 2a 16 7c 86 03 b8 // c5 01 28 00 59 a7 b6 12 3c 8f 8c d2 17 f6 4e cc c2 df fe 4f 3a // 1e 8c 9a 96 a1 3d 81 26 f3 ea 26 77 9f bd 00 69 d7 29 a7 76 4d // 4d dd 7d 9d 82 0b 0d e2 53 09 69 36 2b 94 b9 74 67 85 27 f5 ba // c7 eb 8d 6e 32 1b 2b e0 b2 f7 53 46 34 a5 ec d1 24 8d 7a d7 e8 // e0 31 63 e9 2e 9f 1d 62 0e 28 59 7b d8 81 ee a0 98 1e 8a df d7 // 0b 67 0b 07 63 ce 92 26 f7 c3 e1 56 b3 53 e2 2f de a6 94 2b 57 // 7b bc 53 9a ab 23 cb d4 6b dd 0e a1 e6 71 40 c7 59 f2 08 c1 2d // c5 7f 31 00 00 00 00 e4 96 5f cb 6c 07 49 95 5e ac 94 76 68 7e // 63 b4 1c 62 82 bb cb 0c 3d 8b 0c 94 93 a3 a5 f6 d8 79 d7 25 7b // 4b 68 dc 7c ac 3d 9d 5f 5b be 93 7c 50 18 66 ee 40 42 b2 50 e5 // 16 ec 07 45 59 e1 e5 51 16 71 38 76 6e ee cb 69 41 e8 30 5d 9c // de 18 00 c8 21 53 6f 9d 25 bd 14 16 38 90 84 2a 08 13 5b db 7a // 90 db 63 0b 18 f0 99 85 5a 7d 9d e6 5c 80 fa 71 ff 90 e8 73 36 // 1d 0e 11 a7 df eb e5 6f fb 20 00 b7 11 a0 b7 91 4d 63 51 ff 60 // 59 3e 48 af 60 e1 ff ec ba 7c d6 f8 ab 66 2e b3 c8 f3 16 41 39 // e9 94 d6 a7 06 af b9 27 22 59 5d 64 9a 04 f1 ff 64 e5 63 4e 7c // b9 10 61 73 a9 d5 d8 cf 3e 5a 95 9e 6b fd c1 b6 50 7b 85 1c 4b // a4 33 12 72 6c fe c5 8d ed ec e1 35 5a 08 7c 1b 60 88 27 13 a6 // 16 19 14 f0 92 67 e2 ce 8a a8 86 b3 c0 ad d5 cd 92 e1 85 d3 45 // c9 b2 93 3a 78 a4 21 51 33 e8 e7 24 7f a4 44 ae e3 0b fb 6c 0f // ca da 97 42 54 bc 5f ed a6 ce e9 a0 80 3b 2a 0b 81 f4 40 20 2e // d5 f2 78 e4 cf 06 56 53 70 89 3e 74 81 ef df bc 49 b1 18 eb 17 // ba 01 04 00 00 00 00 00 00 b3 42 fd ef 64 b1 43 b5 25 da ae 4e // 27 e7 36 8f 91 3e 61 11 bb 53 29 b8 b1 33 d0 3c c3 4d 73 6d 22 // ba 13 9b 03 b7 fc 83 ac 49 f2 df c9 15 a2 f2 7e 2e ac 8d c2 a6 // ba 72 e6 bd d4 23 b3 55 5b 6e 1b d4 89 6b 4c 94 6a 45 00 e0 a4 // 23 40 70 0b 93 bc a9 02 e0 2f 74 4c eb 51 53 4f 1f b9 fa 87 f8 // 50 a6 c6 ee d7 6f 73 76 e2 a7 e7 2d 3a 64 a8 27 20 de d8 f0 ce // 31 b1 de 35 61 36 2e 97 5e d3 2a 71 67 d9 e0 ad 3f 2a 77 f7 a1 // 0c 16 14 a9 ba 93 8a 98 da 29 76 cb 1a 0d 04 94 46 e6 70 73 c9 // a1 a3 8e cc 88 1c 69 3a 52 4c 52 91 f8 96 77 de 9f e9 04 c7 52 // e4 50 eb a7 1d 2f 32 80 55 01 d0 df 5b 4a 41 12 32 33 55 4b dc // 35 b5 62 d9 f5 a2 a0 26 a3 b4 0f c7 c9 a8 54 6f c8 d8 31 0a 98 // 76 11 4f fd 7d fb 90 96 56 d5 4c 31 bb b6 55 af 54 bb ee b0 17 // 4e 45 1c eb 7b 35 e5 bd 1a c1 57 92 ff 47 4a bc de 83 53 fe 0d // e7 00 b1 10 a0 03 05 ff 77 c1 33 18 16 88 a6 2a 49 cf f6 db 4c // b4 a5 a9 0d 40 d3 5e 92 7d 21 64 35 df 80 4b 8b d6 03 3a 7c e4 // 9f 11 49 1f 75 2f ef a9 9e 9c 54 42 8b 72 54 86 29 14 90 d3 11 // b1 3e b0 2d 14 a0 ae 56 73 31 41 a8 dc 6d 51 e3 51 00 00 00 00 // 00 00 00 9f 38 4a 63 b9 7d 00 00 00 00 00 00 00 00 00 00 00 00 // 00 00 00 00} (length 0xd48) // } // } // } // license: ptr[in, buffer] { // buffer: {47 50 4c 00} (length 0x4) // } // loglev: int32 = 0x2 (4 bytes) // logsize: len = 0x103a (4 bytes) // log: ptr[out, buffer] { // buffer: (DirOut) // } // kern_version: bpf_kern_version = 0x0 (4 bytes) // flags: bpf_prog_load_flags = 0x0 (4 bytes) // prog_name: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00} // (length 0x10) prog_ifindex: ifindex (resource) expected_attach_type: // union bpf_prog_attach_types { // fallback: bpf_attach_types = 0x0 (4 bytes) // } // btf_fd: fd_btf (resource) // func_info_rec_size: const = 0x8 (4 bytes) // func_info: ptr[in, bpf_func_info] { // bpf_func_info { // insn_off: int32 = 0x0 (4 bytes) // type_id: int32 = 0x0 (4 bytes) // } // } // func_info_cnt: len = 0x0 (4 bytes) // line_info_rec_size: const = 0x10 (4 bytes) // line_info: ptr[in, bpf_line_info] { // bpf_line_info { // insn_off: int32 = 0x0 (4 bytes) // file_name_off: int32 = 0x0 (4 bytes) // line_off: int32 = 0x0 (4 bytes) // line_col: int32 = 0x0 (4 bytes) // } // } // line_info_cnt: len = 0x2a3 (4 bytes) // attach_btf_id: bpf_btf_id (resource) // attach_prog_fd: fd_bpf_prog (resource) // core_relo_cnt: len = 0x0 (4 bytes) // fd_array: nil // core_relos: nil // core_relo_rec_size: const = 0x10 (4 bytes) // log_true_size: int32 = 0x0 (4 bytes) // prog_token_fd: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_prog_token_fd_wrapper { // void: buffer: {} (length 0x0) // } // pad: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_pad_wrapper { // value: const = 0x0 (4 bytes) // } // } // } // size: len = 0x48 (8 bytes) // ] // returns fd_bpf_prog *(uint32_t*)0x20000000d000 = 0xa; *(uint32_t*)0x20000000d004 = 3; *(uint64_t*)0x20000000d008 = 0x200000001500; memcpy( (void*)0x200000001500, "\x85\x00\x00\x00\x22\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x08\x95\x00" "\x00\x00\x00\x00\x00\x00\xe2\x6c\x9b\xd1\xa6\x36\x1b\x80\xcd\xd6\xff\x07" "\x00\x00\x00\x00\x00\x08\x69\x04\x5a\xac\x00\x00\x65\x9f\x55\xdf\x08\xf9" "\xb9\x07\x88\xff\x7f\x00\x00\x00\x10\x00\x00\x29\xc2\x1e\xbb\xcd\xe6\x1d" "\x8a\xb5\x92\x0a\xef\x6c\x3e\x00\x7f\xe6\x12\x41\x63\x89\x62\xcf\x0b\x89" "\xef\x50\x6c\xfd\x3f\x1d\x41\x63\xd3\xcf\xca\x37\x33\xb3\x00\x70\xa7\xcf" "\x53\x02\x1a\x95\x54\x32\x00\x00\x00\x00\x00\x00\x00\x14\x56\x9d\x65\xe3" "\x3d\x46\xf8\xd8\xae\x24\xba\x69\xc6\x57\xaf\xac\x04\x37\x9c\xb5\x36\x00" "\x8c\x21\x99\x91\x70\x4f\x11\xc5\xa0\x1b\xa6\x2e\xd8\xf2\xc6\xa5\x03\xdd" "\x1b\x1d\x07\x6f\x03\xb0\xf9\x17\xc7\x66\xf3\xa7\x59\x8b\xbc\x00\xfe\xb3" "\xbc\x8e\x88\xf7\x9d\xf5\x17\xb3\x7b\x56\xbc\xbc\x29\x00\x80\x00\x00\x00" "\x00\x00\x00\xe6\x75\x45\x8a\x43\xb8\xa8\x93\x5b\xf9\xcf\x0b\xe7\xd0\xae" "\xaa\xc4\x14\x05\xe3\x41\xcd\x0b\xa0\xd6\xfd\x56\x24\x89\xda\xd5\x95\x71" "\x2a\x40\x51\xbb\x6c\xf8\x26\xab\x75\x71\x93\xfe\x09\x3b\x8b\x33\x53\xfb" "\xbb\x27\x8d\x19\x00\x00\x00\x00\x00\x00\x00\x7b\x61\x80\x5e\xd4\x30\xef" "\x06\x00\x00\x00\x00\x00\x00\x00\x1e\x93\xf6\x40\xf1\x59\x32\x0c\x8b\x08" "\x8f\x4d\x64\x97\x7b\x2e\xb3\x12\xd4\x96\x7a\xff\x9e\x4c\x14\xc6\x6c\x90" "\x00\x00\x54\xed\x82\xc7\xcb\xa4\xc8\x1f\x91\xd6\xdf\xed\x18\x76\x7b\xf0" "\xdf\x58\x4b\x4b\x6c\x42\x04\xdf\x41\x1f\x92\x1e\x3a\xa0\x2a\x67\xdd\x32" "\x4b\x81\x76\x02\x0e\x9c\x02\x47\x51\xdf\x38\xc0\x57\x27\xf8\x2c\x92\x04" "\x6b\xfe\x64\xba\xbb\x6d\x7b\xa8\x65\x26\xb7\x88\x6a\x0c\x24\x81\xc5\x81" "\x28\x12\xa6\xfa\x3f\xca\x37\x58\xcb\xd8\xc3\x2b\x25\xc2\x8b\xe2\x25\xbd" "\x1f\x16\x29\x7b\xaa\x06\x5f\x5b\xf9\x63\x30\xfa\xd0\xaa\xa4\x38\x8c\x06" "\xc0\xeb\x2e\xcd\xf8\x29\xaf\x95\x77\xfc\xd8\x68\xcc\x26\x9b\x74\x00\x00" "\xb7\x77\xd7\x3a\x63\x24\x6c\xe6\xf0\x46\x71\x67\x62\x63\x29\xab\x91\xdf" "\x7a\x13\xd9\xec\x9a\x64\xe7\xf6\xb5\x6a\xea\xb8\xc3\x8f\x69\xa2\x13\xc9" "\x6e\x2d\x2a\xd7\x97\x8c\x9d\x72\x1c\x27\x0f\x27\xe7\x02\x5d\x57\x65\x35" "\x19\x87\x42\xd4\x03\xec\x43\x57\x2d\x7d\x0b\xaf\x00\xe8\x82\x61\x7b\x26" "\x06\x27\x80\x5c\xa4\x42\x00\x33\x5e\xa4\x36\x30\x66\x94\x4d\x0a\xa6\xfe" "\xb9\x70\x5b\x09\xba\x40\xd4\x64\x25\x19\x28\x11\x51\xf8\x75\xcb\xf1\x3a" "\x58\x2f\x90\xad\x71\x9f\x0e\xcc\xf0\x2a\x47\x3d\xd5\x08\xa1\x61\x38\x90" "\x49\x33\x68\x9e\xa6\xee\x02\x41\x20\x64\x73\x07\x00\xae\xff\x2b\x69\xc2" "\xf2\xbf\x6f\x69\x1c\x35\x60\xe0\x68\x74\x3a\xe8\xe8\x77\x12\x80\xda\x61" "\xfd\x8f\xdc\x3f\x7a\x35\xea\x35\x2e\x35\x75\x3c\x59\xeb\xc1\xbd\x27\xab" "\x66\x03\xe6\xaf\xb1\xb3\xf0\x57\xfb\xb7\xed\x3a\xab\xe7\x02\xb3\xc6\x30" "\x1d\x3f\x5c\x29\x5d\x1d\x69\xd1\x54\x1d\x0e\x64\x63\x1c\x95\xd6\xc0\x99" "\x9e\x27\xe8\xd1\xa5\x8f\x6a\x00\xf1\x91\x02\xd2\xbf\xaf\x53\xf2\x5a\x45" "\x63\x7b\x1c\x57\x7a\xe5\x0c\x4c\x56\xd9\xab\xc4\x0c\x64\xa2\x0c\x14\xff" "\x0b\x1b\xf4\xd2\x3f\xe0\x7a\xe9\x0f\x50\x3b\xa9\xc6\x4b\xf8\x9b\x26\xe7" "\xd8\xd7\x07\x10\xb0\x4f\x9e\xce\x69\x02\x3a\xca\xdb\xb4\x58\x22\x72\xe5" "\xb3\xa0\x42\x9a\x56\x75\xe5\xa9\x55\x4d\xe5\x49\x45\xd9\xa2\x70\x18\x0e" "\x05\x45\xb0\xc8\x24\xad\x36\xf7\xcc\x8b\xe1\x2b\x38\x74\xd5\xa1\x93\x49" "\xb0\xed\xe8\x45\xe9\xec\xe2\x4d\x54\x6d\x3a\xf1\xba\xe0\x69\xb8\x9f\x6e" "\xcf\x2a\xab\xb1\x7e\xb1\x84\x0b\xc8\xe0\xed\x1d\xd8\xb9\xb7\xee\xaf\x32" "\xa1\x85\xd8\x02\x50\xa7\xf2\xee\xb7\x56\xea\xda\xfe\x20\xbb\xc6\x16\xbc" "\x44\xb3\x47\xab\xc8\xca\xf7\x22\xb2\xc3\xb0\x68\x84\xc1\xd1\x69\x0f\x23" "\xb0\x6f\xa4\x54\x1b\xb2\xa8\x10\x73\xb4\x52\x76\x4f\x04\xbd\x39\x00\x8b" "\x65\xee\x22\x2c\xf6\x97\xac\x21\xb0\x87\x54\x8e\x97\x08\xdf\xfa\xff\x28" "\x59\xe9\x73\xb1\xe8\x86\x68\xc8\x02\x2c\xc6\xda\xc8\x54\x81\x67\xe5\x79" "\x8e\xc9\xc7\xd2\x88\xa7\xfa\x77\x49\xf0\x75\x13\x18\x7c\xd8\xf0\x60\xab" "\xbb\xc5\xe3\x7d\xd1\xbe\x3a\xab\x92\x7b\xe1\xb4\x09\xbe\x73\x3b\x74\x08" "\x53\x4e\x5b\x09\x51\xe9\xec\xfd\x0a\x1c\x77\xe3\xa2\x9b\xe4\xc4\x09\x33" "\x30\x12\x46\x15\x05\x6e\x3c\xe0\xce\x6a\xc9\x1b\x12\x42\xd3\xbb\x2e\x78" "\x7a\x18\x6d\xc2\xec\x28\x4d\x60\xe9\xd8\xa0\x38\x84\xa2\x2e\xea\xa1\xef" "\xa4\x97\xee\x88\xc6\xcb\x56\x5b\x16\x4a\x26\x0a\xfb\x51\x57\xe3\x92\xb1" "\xeb\xb1\xa4\xd4\xf9\x92\x01\x1e\xcb\xac\x4a\x0a\x6d\xf5\xbd\xc6\xf7\x99" "\x4a\x42\x2b\xb2\x76\x1e\xdd\x2d\x8f\x20\xf5\xf8\x79\xa8\x8f\x89\xd4\x8b" "\x83\x14\xf8\x62\x58\x5e\x4b\x7a\x9d\x6a\x66\x81\xf4\x0e\x8b\x82\xcc\x65" "\x55\xdc\xdb\x95\x1d\x16\x4c\xc9\xa7\x0e\x64\x0a\xc8\x97\x4f\xaa\x25\x87" "\xa6\xe3\xaf\x3b\x94\x58\xf7\xd4\xb4\x07\x7b\x30\x02\x53\x6b\x10\xea\x24" "\xd7\x33\x07\xa3\x30\x90\xc4\xc2\x70\x90\x9a\x53\x22\xea\xc3\x2c\xb1\x75" "\xe6\x8f\xa8\x34\x57\xb2\x14\x65\xc0\x8c\x02\xdc\xef\xcc\xc0\xc7\x14\xc2" "\x86\x2d\xdb\xe5\x67\x75\x5f\x05\xa1\xe6\x71\x32\x8d\x16\x0d\x37\x52\x34" "\x5c\xa1\xdb\x6e\x74\xc7\x20\xe4\x2a\xfc\xa9\x82\xba\x6b\xef\xd9\x6c\x55" "\x75\xf1\xdd\x8f\x87\xff\x66\x06\x30\x1c\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\xd0\xd5\x4b\x4c\xaf\x78" "\x01\x87\x66\xcd\xb9\x71\xe8\xb1\x68\xd4\x76\x3c\x21\x18\x1f\x00\x00\x00" "\x03\xd4\xe1\xd8\x42\xca\xf4\x57\x79\x7f\x93\xdb\x93\xe4\xf3\x8a\x9d\xbd" "\x79\xf6\xbf\x5d\xc4\x0b\x55\xfd\xbf\x9b\x85\x66\x65\x06\x1b\x2e\x29\x24" "\xf2\x7e\xb2\xd2\xb5\xa1\x81\xcc\xfd\x9e\xeb\x11\xde\xc1\x65\xb6\xf1\x24" "\x33\xf0\x0b\xb0\x61\x24\x04\x1f\xfd\xcd\xcd\xc9\x1f\x3b\x3b\x76\x63\x5a" "\x68\x9c\x92\x49\xcf\x69\xbc\xae\x65\x4b\xfa\x81\xe7\x5b\x7c\x70\x02\xb8" "\x83\xc5\x60\x26\xd8\x35\x20\x39\x5b\x7d\x51\x1f\x60\x7c\xf2\xf8\x99\xc7" "\xb1\xc7\x5e\x21\x92\xf7\x75\xd7\x22\x47\x16\x72\x85\x85\x75\x88\xac\xe1" "\x11\x5f\xbe\xbf\xe6\x3c\x16\xb8\x4c\xf7\x03\x6d\x41\xc4\x93\xa6\x3c\x09" "\xf2\xce\x46\xc1\xf5\x99\x5c\x2d\x7f\xe5\x8c\x15\xe6\x4b\xb4\xcb\x7e\x7f" "\x33\x6c\xc2\x2f\xa1\xea\x13\x63\xbc\xe3\x75\xbd\x3d\x57\x9b\xe1\xdd\xdb" "\x08\xed\x51\x47\xb6\x29\xe4\xb3\xf0\xe6\x57\x83\xee\x5e\x20\xd9\x27\x08" "\x02\xf2\xa7\x50\x07\x38\xbf\x35\x61\x31\xca\x53\xe9\xd7\xba\x8d\x48\x6f" "\xb2\x62\x52\xd6\x84\xb8\x4f\xa2\x46\x39\x08\x90\x64\xca\x7b\x93\x05\x7c" "\x04\x1f\x12\xd5\x44\xda\xb4\xd2\x4a\x4f\x95\x2b\x4f\x26\x5a\x69\xba\x27" "\x99\x29\x95\x99\x91\xb7\xac\x63\x78\x60\x55\xb3\xc0\x29\xa0\xe8\xb6\xe4" "\xc2\x64\x97\xc0\x29\xbb\x61\x46\x26\x23\xa5\x85\x56\xcd\x62\x84\x4d\x4d" "\x23\xcc\x73\x8e\xe5\xb3\x6c\x71\xd2\xc0\x10\xb0\x89\x25\x1d\x58\x06\x00" "\x0b\x1a\xde\x92\xdd\x9f\x44\x14\x68\x96\x7c\x05\x2a\xec\xd9\xde\x81\xb4" "\xb5\x5d\x06\x67\x05\x97\x99\x1f\x37\xdd\xc4\xfa\x19\xa6\x36\x9d\x5b\xf7" "\x6c\x47\x46\x33\xa3\x37\xf6\x76\xad\x25\x58\x69\x88\x1d\xa5\xca\xdc\xf4" "\x9c\xe9\x18\x81\x29\xcc\x97\x89\x77\xf8\x7b\x32\xbd\x49\x45\x75\x36\x43" "\x0f\xfb\xd3\xe0\x1e\x67\xff\x08\x76\x44\xf5\x2f\xcf\x0a\x3c\x73\x2b\x05" "\x86\xcb\x87\x97\x2c\x43\xd2\x61\x6b\xf4\xe5\x21\xdc\x31\x26\xbf\x17\x60" "\x24\x3d\x51\xa1\x97\xd3\xec\xfd\x74\xbd\x62\x5e\x9f\x49\x61\x75\xcf\xea" "\xaa\x02\x08\x17\xd3\x3d\x51\x3f\x3e\x97\x85\x4e\xa7\x6e\x04\xe9\x6a\x86" "\x39\xa2\x97\x87\x14\x85\xa8\x60\x9f\x8c\xa8\x42\xb3\x32\x19\x32\xc4\xd9" "\xe2\x24\xa0\xce\xc5\x94\x6c\xec\x9e\x35\x9f\xd3\x68\x74\x15\xca\xd5\xfb" "\x8c\x67\x81\x36\xf3\x6d\x9f\x78\x1f\xad\xe9\xf2\x46\x94\x77\x74\x8f\x4d" "\xfa\x0f\x56\xc3\x26\xc8\x9b\xb5\xd0\x7f\x35\xaa\xf9\x53\x03\xb5\xa6\x20" "\xfc\x84\xe1\xc7\x35\x64\x78\x95\x71\x3c\xbc\xea\x57\xb2\x27\x78\x31\xf8" "\xf6\x33\xf0\xd2\x93\x71\xe6\x45\xe5\x54\x4e\x57\x01\x0a\x9b\x76\x45\x7f" "\x6a\xd7\x32\x31\xa9\xf3\x1f\x6b\xbb\x1b\x95\x24\x8a\xed\xa5\xa9\xdf\x9d" "\xea\x64\xcc\x1f\xd1\xf0\x6a\x98\x0f\xcf\x3a\x79\x2b\xb0\x91\x0e\x45\xfc" "\xe2\x98\xab\x0a\x02\x98\xfc\x33\xa4\x23\xe8\x60\xd5\xb3\x08\xd7\x84\x93" "\x81\xb2\x94\x10\x6a\xf2\x5f\x15\xfe\xc0\x47\xd5\xb8\x44\xa9\x9f\x36\xe3" "\x42\x16\x5d\xf7\x28\xe3\x81\xb4\x8c\x20\xe0\x90\x0f\x8d\x26\x51\x57\x46" "\x7d\x34\x94\xf2\xb9\x6a\xcf\x06\x0f\x74\x08\x47\x60\xd2\x26\xf5\x0e\xdb" "\x11\x5c\x2e\x07\x5f\x3c\x66\x3a\x4b\x41\x69\xb9\x00\xfa\x0a\x13\xcf\x79" "\x6e\x0d\x7a\x9d\xad\x86\x95\x3c\x13\xed\x62\x41\x20\x6d\x68\x2e\x19\x4c" "\x64\xc4\x91\xde\x6a\x53\x1e\x9b\xd4\x5a\xbe\x70\x5f\x07\x00\x0a\x82\xcc" "\xd4\x1a\x2c\x1b\x9d\x5d\xd8\xbf\x6c\x28\x65\x3e\xb8\x4f\x11\x7e\x47\x6e" "\x05\x2a\x9d\xb7\x90\xe0\xa7\x1d\xac\x9d\x8b\x34\x3e\xfe\xbd\xc0\x26\x86" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xd5\x79\x30" "\x20\x85\xdf\xdf\x75\xbe\xa2\x47\x98\xc6\x80\xb3\xde\x34\x1e\x3b\xd5\x75" "\x43\xcd\x8d\xfd\x58\xbc\xeb\xdb\xb8\x83\xc7\x43\xed\x43\xba\x7f\x54\x0f" "\x2c\x4e\x03\x10\xc2\x1e\x7d\xef\xf9\xe4\x5b\x8b\xd2\xcf\x65\xbb\x58\x40" "\x91\xb8\xe8\x0e\x34\xb3\xe5\x91\x85\xfe\x32\xd1\xd7\x3d\xd4\xf6\x27\x12" "\xa3\x9b\x13\x66\x15\x16\x72\x3b\x6b\x80\xa7\xe9\x9e\x5a\xa6\x53\x69\x82" "\xc0\x22\x75\xfc\x53\xfa\x3e\xf1\x4d\x9f\xcc\xb0\x5f\x9c\x4e\x69\xa3\xaf" "\x0f\xde\x86\x3a\xf2\xd9\xa0\xf8\xa9\x4f\xc5\x71\xb0\xab\x4a\xd7\x14\xf4" "\x1f\xa4\xee\x0b\x8b\x44\xe3\xc4\x1a\x31\x25\xbe\x95\xe4\xb2\x3d\x5f\x05" "\x39\x58\x52\x76\x1b\xfa\xeb\xe0\xdb\x97\x9d\x5f\x39\x91\xd8\x26\xcc\x74" "\x54\x2b\x85\xcf\xd0\xdb\xa6\x6b\xc9\x3c\xfd\x79\x17\x8a\xb0\xb7\x9f\xa3" "\xb2\x9f\xf9\xc1\x9e\x04\x24\x51\x3c\x91\x98\x01\x87\xc9\xd9\x4b\x83\x54" "\x33\x7a\x1f\xc7\x82\x50\x5d\xb9\x00\xc4\x7d\x83\xbd\x49\x27\x6c\xfe\x6e" "\x24\x2b\xa8\x36\x5b\x1e\xa4\x59\x8a\x21\xf5\x0f\x54\x15\xa7\x09\x90\xb5" "\xbb\x4a\x1f\x6b\xd8\xac\xdf\x2c\x7d\xa3\xd6\x48\x75\x47\x67\x08\x9c\x9b" "\x5c\xeb\x55\x6f\xaf\xa3\xcc\x5a\xfd\x2f\x3e\x9a\x62\xa9\x02\x62\xa7\x6f" "\xf8\x9a\x27\x51\xb5\x9a\x74\x4f\x0d\x3f\x36\xca\x50\x33\x57\xda\xa3\xe2" "\x9c\xe6\xf3\x57\xdc\x1e\x48\x39\x27\x7d\x00\x3e\x93\xfd\xbb\x95\x5e\x1a" "\x13\x02\xa7\x6a\xea\x7e\x73\x83\x50\x94\xfb\x15\x46\x4e\x94\xe8\x14\xc7" "\x7c\x29\x31\x21\xd0\x43\x3e\x80\xd4\x44\xc4\xca\x17\xab\xaf\x32\xb5\x21" "\xd8\x68\x66\x66\x05\x5d\xa0\x23\xae\xf9\xc8\xdf\x3e\x80\xd2\xed\x64\x0e" "\xd1\x0a\xa1\x9a\x03\x6d\xce\xf1\x72\xdb\xd3\xb3\x60\x0b\x69\xd7\xb9\x0c" "\x62\x22\xe1\x67\xd7\xc7\x60\x59\xf2\xb5\xf3\xb3\x00\x4e\x8a\x20\xd1\xf6" "\x61\x2e\xfe\xb6\x29\x57\x3b\xe9\x7a\xa9\x49\xc6\x01\x6e\x7e\x16\x28\x3e" "\x84\x98\x6a\xaa\x4f\xc8\xa0\x98\x70\x8e\xbe\x36\xf3\x77\xad\xa6\x3d\x9b" "\x46\x4c\x39\x34\x2e\x06\x82\x54\x98\x62\xde\x3e\xc7\x5e\x7b\x03\x1b\xc4" "\x9f\x34\x1a\x21\x41\x7f\xb6\x37\x5e\x87\x01\x48\x1b\x59\xd1\x72\x2c\x83" "\x69\x61\x80\x46\x66\x80\x16\x78\xeb\x25\x75\x0b\x52\x0b\xf1\x61\x5a\x4b" "\xbf\x30\xaa\x74\xd6\x0e\xc6\xb6\x57\xf2\xdd\x29\x8b\x04\x19\xda\x43\xfc" "\x70\x8a\x60\xc9\x4a\x7f\xf2\xfd\x6a\x2d\x08\x00\x5a\xd7\x3c\x9e\x2d\x61" "\x43\xd2\x85\x7b\xe8\xfb\x3f\x12\xbf\xa6\x62\x8b\xcc\xb1\x53\xe3\x91\x72" "\xd0\x75\x63\xd6\xa1\xdc\x75\xc3\x47\xc0\x80\x60\x30\x4f\x09\x12\x30\xbd" "\x74\xb4\x9e\xcd\xd1\x3b\xf4\x80\xdb\x39\x84\x62\x2a\x16\x7c\x86\x03\xb8" "\xc5\x01\x28\x00\x59\xa7\xb6\x12\x3c\x8f\x8c\xd2\x17\xf6\x4e\xcc\xc2\xdf" "\xfe\x4f\x3a\x1e\x8c\x9a\x96\xa1\x3d\x81\x26\xf3\xea\x26\x77\x9f\xbd\x00" "\x69\xd7\x29\xa7\x76\x4d\x4d\xdd\x7d\x9d\x82\x0b\x0d\xe2\x53\x09\x69\x36" "\x2b\x94\xb9\x74\x67\x85\x27\xf5\xba\xc7\xeb\x8d\x6e\x32\x1b\x2b\xe0\xb2" "\xf7\x53\x46\x34\xa5\xec\xd1\x24\x8d\x7a\xd7\xe8\xe0\x31\x63\xe9\x2e\x9f" "\x1d\x62\x0e\x28\x59\x7b\xd8\x81\xee\xa0\x98\x1e\x8a\xdf\xd7\x0b\x67\x0b" "\x07\x63\xce\x92\x26\xf7\xc3\xe1\x56\xb3\x53\xe2\x2f\xde\xa6\x94\x2b\x57" "\x7b\xbc\x53\x9a\xab\x23\xcb\xd4\x6b\xdd\x0e\xa1\xe6\x71\x40\xc7\x59\xf2" "\x08\xc1\x2d\xc5\x7f\x31\x00\x00\x00\x00\xe4\x96\x5f\xcb\x6c\x07\x49\x95" "\x5e\xac\x94\x76\x68\x7e\x63\xb4\x1c\x62\x82\xbb\xcb\x0c\x3d\x8b\x0c\x94" "\x93\xa3\xa5\xf6\xd8\x79\xd7\x25\x7b\x4b\x68\xdc\x7c\xac\x3d\x9d\x5f\x5b" "\xbe\x93\x7c\x50\x18\x66\xee\x40\x42\xb2\x50\xe5\x16\xec\x07\x45\x59\xe1" "\xe5\x51\x16\x71\x38\x76\x6e\xee\xcb\x69\x41\xe8\x30\x5d\x9c\xde\x18\x00" "\xc8\x21\x53\x6f\x9d\x25\xbd\x14\x16\x38\x90\x84\x2a\x08\x13\x5b\xdb\x7a" "\x90\xdb\x63\x0b\x18\xf0\x99\x85\x5a\x7d\x9d\xe6\x5c\x80\xfa\x71\xff\x90" "\xe8\x73\x36\x1d\x0e\x11\xa7\xdf\xeb\xe5\x6f\xfb\x20\x00\xb7\x11\xa0\xb7" "\x91\x4d\x63\x51\xff\x60\x59\x3e\x48\xaf\x60\xe1\xff\xec\xba\x7c\xd6\xf8" "\xab\x66\x2e\xb3\xc8\xf3\x16\x41\x39\xe9\x94\xd6\xa7\x06\xaf\xb9\x27\x22" "\x59\x5d\x64\x9a\x04\xf1\xff\x64\xe5\x63\x4e\x7c\xb9\x10\x61\x73\xa9\xd5" "\xd8\xcf\x3e\x5a\x95\x9e\x6b\xfd\xc1\xb6\x50\x7b\x85\x1c\x4b\xa4\x33\x12" "\x72\x6c\xfe\xc5\x8d\xed\xec\xe1\x35\x5a\x08\x7c\x1b\x60\x88\x27\x13\xa6" "\x16\x19\x14\xf0\x92\x67\xe2\xce\x8a\xa8\x86\xb3\xc0\xad\xd5\xcd\x92\xe1" "\x85\xd3\x45\xc9\xb2\x93\x3a\x78\xa4\x21\x51\x33\xe8\xe7\x24\x7f\xa4\x44" "\xae\xe3\x0b\xfb\x6c\x0f\xca\xda\x97\x42\x54\xbc\x5f\xed\xa6\xce\xe9\xa0" "\x80\x3b\x2a\x0b\x81\xf4\x40\x20\x2e\xd5\xf2\x78\xe4\xcf\x06\x56\x53\x70" "\x89\x3e\x74\x81\xef\xdf\xbc\x49\xb1\x18\xeb\x17\xba\x01\x04\x00\x00\x00" "\x00\x00\x00\xb3\x42\xfd\xef\x64\xb1\x43\xb5\x25\xda\xae\x4e\x27\xe7\x36" "\x8f\x91\x3e\x61\x11\xbb\x53\x29\xb8\xb1\x33\xd0\x3c\xc3\x4d\x73\x6d\x22" "\xba\x13\x9b\x03\xb7\xfc\x83\xac\x49\xf2\xdf\xc9\x15\xa2\xf2\x7e\x2e\xac" "\x8d\xc2\xa6\xba\x72\xe6\xbd\xd4\x23\xb3\x55\x5b\x6e\x1b\xd4\x89\x6b\x4c" "\x94\x6a\x45\x00\xe0\xa4\x23\x40\x70\x0b\x93\xbc\xa9\x02\xe0\x2f\x74\x4c" "\xeb\x51\x53\x4f\x1f\xb9\xfa\x87\xf8\x50\xa6\xc6\xee\xd7\x6f\x73\x76\xe2" "\xa7\xe7\x2d\x3a\x64\xa8\x27\x20\xde\xd8\xf0\xce\x31\xb1\xde\x35\x61\x36" "\x2e\x97\x5e\xd3\x2a\x71\x67\xd9\xe0\xad\x3f\x2a\x77\xf7\xa1\x0c\x16\x14" "\xa9\xba\x93\x8a\x98\xda\x29\x76\xcb\x1a\x0d\x04\x94\x46\xe6\x70\x73\xc9" "\xa1\xa3\x8e\xcc\x88\x1c\x69\x3a\x52\x4c\x52\x91\xf8\x96\x77\xde\x9f\xe9" "\x04\xc7\x52\xe4\x50\xeb\xa7\x1d\x2f\x32\x80\x55\x01\xd0\xdf\x5b\x4a\x41" "\x12\x32\x33\x55\x4b\xdc\x35\xb5\x62\xd9\xf5\xa2\xa0\x26\xa3\xb4\x0f\xc7" "\xc9\xa8\x54\x6f\xc8\xd8\x31\x0a\x98\x76\x11\x4f\xfd\x7d\xfb\x90\x96\x56" "\xd5\x4c\x31\xbb\xb6\x55\xaf\x54\xbb\xee\xb0\x17\x4e\x45\x1c\xeb\x7b\x35" "\xe5\xbd\x1a\xc1\x57\x92\xff\x47\x4a\xbc\xde\x83\x53\xfe\x0d\xe7\x00\xb1" "\x10\xa0\x03\x05\xff\x77\xc1\x33\x18\x16\x88\xa6\x2a\x49\xcf\xf6\xdb\x4c" "\xb4\xa5\xa9\x0d\x40\xd3\x5e\x92\x7d\x21\x64\x35\xdf\x80\x4b\x8b\xd6\x03" "\x3a\x7c\xe4\x9f\x11\x49\x1f\x75\x2f\xef\xa9\x9e\x9c\x54\x42\x8b\x72\x54" "\x86\x29\x14\x90\xd3\x11\xb1\x3e\xb0\x2d\x14\xa0\xae\x56\x73\x31\x41\xa8" "\xdc\x6d\x51\xe3\x51\x00\x00\x00\x00\x00\x00\x00\x9f\x38\x4a\x63\xb9\x7d" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 3400); *(uint64_t*)0x20000000d010 = 0x200000014ff5; memcpy((void*)0x200000014ff5, "GPL\000", 4); *(uint32_t*)0x20000000d018 = 2; *(uint32_t*)0x20000000d01c = 0x103a; *(uint64_t*)0x20000000d020 = 0x200000014000; *(uint32_t*)0x20000000d028 = 0; *(uint32_t*)0x20000000d02c = 0; memset((void*)0x20000000d030, 0, 16); *(uint32_t*)0x20000000d040 = 0; *(uint32_t*)0x20000000d044 = 0; *(uint32_t*)0x20000000d048 = -1; *(uint32_t*)0x20000000d04c = 8; *(uint64_t*)0x20000000d050 = 0x200000000000; *(uint32_t*)0x200000000000 = 0; *(uint32_t*)0x200000000004 = 0; *(uint32_t*)0x20000000d058 = 0; *(uint32_t*)0x20000000d05c = 0x10; *(uint64_t*)0x20000000d060 = 0x200000000000; *(uint32_t*)0x200000000000 = 0; *(uint32_t*)0x200000000004 = 0; *(uint32_t*)0x200000000008 = 0; *(uint32_t*)0x20000000000c = 0; *(uint32_t*)0x20000000d068 = 0x2a3; *(uint32_t*)0x20000000d06c = 0; *(uint32_t*)0x20000000d070 = -1; *(uint32_t*)0x20000000d074 = 0; *(uint64_t*)0x20000000d078 = 0; *(uint64_t*)0x20000000d080 = 0; *(uint32_t*)0x20000000d088 = 0x10; *(uint32_t*)0x20000000d08c = 0; *(uint32_t*)0x20000000d090 = 0; res = syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x20000000d000ul, /*size=*/0x48ul); if (res != -1) r[1] = res; // bpf$BPF_PROG_TEST_RUN arguments: [ // cmd: const = 0xa (8 bytes) // arg: ptr[in, bpf_test_prog_arg] { // bpf_test_prog_arg { // prog: fd_bpf_prog (resource) // retval: const = 0x3a (4 bytes) // insizedata: len = 0x0 (4 bytes) // outsizedata: len = 0x0 (4 bytes) // indata: nil // outdata: nil // repeat: int32 = 0x401 (4 bytes) // dur: const = 0x0 (4 bytes) // insizectx: len = 0x0 (4 bytes) // outsizectx: len = 0x0 (4 bytes) // inctx: nil // outctx: nil // flags: bpf_prog_test_run_flags = 0x1 (4 bytes) // cpu: const = 0xfffffffd (4 bytes) // batch_size: int32 = 0x0 (4 bytes) // pad = 0x0 (4 bytes) // } // } // size: len = 0x50 (8 bytes) // ] *(uint32_t*)0x2000000000c0 = r[1]; *(uint32_t*)0x2000000000c4 = 0x3a; *(uint32_t*)0x2000000000c8 = 0; *(uint32_t*)0x2000000000cc = 0; *(uint64_t*)0x2000000000d0 = 0; *(uint64_t*)0x2000000000d8 = 0; *(uint32_t*)0x2000000000e0 = 0x401; *(uint32_t*)0x2000000000e4 = 0; *(uint32_t*)0x2000000000e8 = 0; *(uint32_t*)0x2000000000ec = 0; *(uint64_t*)0x2000000000f0 = 0; *(uint64_t*)0x2000000000f8 = 0; *(uint32_t*)0x200000000100 = 1; *(uint32_t*)0x200000000104 = 0xfffffffd; *(uint32_t*)0x200000000108 = 0; syscall(__NR_bpf, /*cmd=*/0xaul, /*arg=*/0x2000000000c0ul, /*size=*/0x50ul); // bpf$MAP_UPDATE_BATCH arguments: [ // cmd: const = 0x1a (8 bytes) // arg: ptr[in, bpf_map_batch_arg] { // bpf_map_batch_arg { // in_batch: nil // out_batch: nil // key: ptr[in, buffer] { // buffer: {} (length 0x0) // } // val: ptr[in, buffer] { // buffer: {} (length 0x0) // } // count: int32 = 0x5 (4 bytes) // map_fd: fd_bpf_map (resource) // elem_flags: bpf_batch_flags = 0x0 (8 bytes) // flags: const = 0x0 (8 bytes) // } // } // size: len = 0x38 (8 bytes) // ] *(uint64_t*)0x200000000000 = 0; *(uint64_t*)0x200000000008 = 0; *(uint64_t*)0x200000000010 = 0x2000000000c0; *(uint64_t*)0x200000000018 = 0x2000000004c0; *(uint32_t*)0x200000000020 = 5; *(uint32_t*)0x200000000024 = r[0]; *(uint64_t*)0x200000000028 = 0; *(uint64_t*)0x200000000030 = 0; syscall(__NR_bpf, /*cmd=*/0x1aul, /*arg=*/0x200000000000ul, /*size=*/0x38ul); // bpf$PROG_LOAD arguments: [ // cmd: const = 0x5 (8 bytes) // arg: ptr[in, bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], fd_bpf_prog[opt]]] { // bpf_prog_t[flags[bpf_prog_type, int32], bpf_prog_attach_types, // bpf_btf_id[opt], fd_bpf_prog[opt]] { // type: bpf_prog_type = 0x0 (4 bytes) // ninsn: bytesize8 = 0xc (4 bytes) // insns: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {18 00 00 00 00 00 00 00 00 00 00 00 00 00 81 // 00 18 11 00 00} (length 0x14) // } // union ANYUNION { // ANYRES32: ANYRES32 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {00 00 00 00 00 00 00 00 b7 08 00 00 00 00 00 // 00 7b 8a f8 ff 00 00 00 00 bf a2 00 00 00 00 00 00 07 02 00 00 // f8 ff ff ff b7 03 00 00 08 00 00 00 b7 04 00 00 00 00 00 00 85 // 00 00 00 03} (length 0x3d) // } // } // } // license: nil // loglev: int32 = 0x0 (4 bytes) // logsize: len = 0xfffffffffffffe59 (4 bytes) // log: nil // kern_version: bpf_kern_version = 0x0 (4 bytes) // flags: bpf_prog_load_flags = 0x8 (4 bytes) // prog_name: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00} // (length 0x10) prog_ifindex: ifindex (resource) expected_attach_type: // union bpf_prog_attach_types { // fallback: bpf_attach_types = 0x0 (4 bytes) // } // btf_fd: fd_btf (resource) // func_info_rec_size: const = 0x0 (4 bytes) // func_info: nil // func_info_cnt: len = 0x0 (4 bytes) // line_info_rec_size: const = 0x0 (4 bytes) // line_info: nil // line_info_cnt: len = 0x0 (4 bytes) // attach_btf_id: bpf_btf_id (resource) // attach_prog_fd: fd_bpf_prog (resource) // core_relo_cnt: len = 0x0 (4 bytes) // fd_array: nil // core_relos: nil // core_relo_rec_size: const = 0x0 (4 bytes) // log_true_size: int32 = 0x0 (4 bytes) // prog_token_fd: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_prog_token_fd_wrapper { // void: buffer: {} (length 0x0) // } // pad: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_pad_wrapper { // value: const = 0x0 (4 bytes) // } // } // } // size: len = 0x94 (8 bytes) // ] // returns fd_bpf_prog *(uint32_t*)0x2000000000c0 = 0; *(uint32_t*)0x2000000000c4 = 0xc; *(uint64_t*)0x2000000000c8 = 0x200000000440; memcpy((void*)0x200000000440, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x81\x00\x18" "\x11\x00\x00", 20); *(uint32_t*)0x200000000454 = r[0]; memcpy((void*)0x200000000458, "\x00\x00\x00\x00\x00\x00\x00\x00\xb7\x08\x00\x00\x00\x00\x00\x00\x7b" "\x8a\xf8\xff\x00\x00\x00\x00\xbf\xa2\x00\x00\x00\x00\x00\x00\x07\x02" "\x00\x00\xf8\xff\xff\xff\xb7\x03\x00\x00\x08\x00\x00\x00\xb7\x04\x00" "\x00\x00\x00\x00\x00\x85\x00\x00\x00\x03", 61); *(uint64_t*)0x2000000000d0 = 0; *(uint32_t*)0x2000000000d8 = 0; *(uint32_t*)0x2000000000dc = 0xfffffe59; *(uint64_t*)0x2000000000e0 = 0; *(uint32_t*)0x2000000000e8 = 0; *(uint32_t*)0x2000000000ec = 8; memset((void*)0x2000000000f0, 0, 16); *(uint32_t*)0x200000000100 = 0; *(uint32_t*)0x200000000104 = 0; *(uint32_t*)0x200000000108 = -1; *(uint32_t*)0x20000000010c = 0; *(uint64_t*)0x200000000110 = 0; *(uint32_t*)0x200000000118 = 0; *(uint32_t*)0x20000000011c = 0; *(uint64_t*)0x200000000120 = 0; *(uint32_t*)0x200000000128 = 0; *(uint32_t*)0x20000000012c = 0; *(uint32_t*)0x200000000130 = -1; *(uint32_t*)0x200000000134 = 0; *(uint64_t*)0x200000000138 = 0; *(uint64_t*)0x200000000140 = 0; *(uint32_t*)0x200000000148 = 0; *(uint32_t*)0x20000000014c = 0; *(uint32_t*)0x200000000150 = 0; syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x2000000000c0ul, /*size=*/0x94ul); // bpf$PROG_LOAD arguments: [ // cmd: const = 0x5 (8 bytes) // arg: ptr[in, bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], fd_bpf_prog[opt]]] { // bpf_prog_t[flags[bpf_prog_type, int32], bpf_prog_attach_types, // bpf_btf_id[opt], fd_bpf_prog[opt]] { // type: bpf_prog_type = 0x11 (4 bytes) // ninsn: bytesize8 = 0xc (4 bytes) // insns: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // } // } // license: ptr[in, buffer] { // buffer: {47 50 4c 00} (length 0x4) // } // loglev: int32 = 0x0 (4 bytes) // logsize: len = 0x0 (4 bytes) // log: nil // kern_version: bpf_kern_version = 0x41100 (4 bytes) // flags: bpf_prog_load_flags = 0x0 (4 bytes) // prog_name: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00} // (length 0x10) prog_ifindex: ifindex (resource) expected_attach_type: // union bpf_prog_attach_types { // fallback: bpf_attach_types = 0x0 (4 bytes) // } // btf_fd: fd_btf (resource) // func_info_rec_size: const = 0x0 (4 bytes) // func_info: nil // func_info_cnt: len = 0x0 (4 bytes) // line_info_rec_size: const = 0x0 (4 bytes) // line_info: nil // line_info_cnt: len = 0x0 (4 bytes) // attach_btf_id: bpf_btf_id (resource) // attach_prog_fd: fd_bpf_prog (resource) // core_relo_cnt: len = 0x0 (4 bytes) // fd_array: nil // core_relos: nil // core_relo_rec_size: const = 0x0 (4 bytes) // log_true_size: int32 = 0x0 (4 bytes) // prog_token_fd: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_prog_token_fd_wrapper { // void: buffer: {} (length 0x0) // } // pad: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_pad_wrapper { // value: const = 0x0 (4 bytes) // } // } // } // size: len = 0x94 (8 bytes) // ] // returns fd_bpf_prog *(uint32_t*)0x2000000007c0 = 0x11; *(uint32_t*)0x2000000007c4 = 0xc; *(uint64_t*)0x2000000007c8 = 0x200000000440; *(uint64_t*)0x2000000007d0 = 0x200000000880; memcpy((void*)0x200000000880, "GPL\000", 4); *(uint32_t*)0x2000000007d8 = 0; *(uint32_t*)0x2000000007dc = 0; *(uint64_t*)0x2000000007e0 = 0; *(uint32_t*)0x2000000007e8 = 0x41100; *(uint32_t*)0x2000000007ec = 0; memset((void*)0x2000000007f0, 0, 16); *(uint32_t*)0x200000000800 = 0; *(uint32_t*)0x200000000804 = 0; *(uint32_t*)0x200000000808 = -1; *(uint32_t*)0x20000000080c = 0; *(uint64_t*)0x200000000810 = 0; *(uint32_t*)0x200000000818 = 0; *(uint32_t*)0x20000000081c = 0; *(uint64_t*)0x200000000820 = 0; *(uint32_t*)0x200000000828 = 0; *(uint32_t*)0x20000000082c = 0; *(uint32_t*)0x200000000830 = 0; *(uint32_t*)0x200000000834 = 0; *(uint64_t*)0x200000000838 = 0; *(uint64_t*)0x200000000840 = 0; *(uint32_t*)0x200000000848 = 0; *(uint32_t*)0x20000000084c = 0; *(uint32_t*)0x200000000850 = 0; res = syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x2000000007c0ul, /*size=*/0x94ul); if (res != -1) r[2] = res; // bpf$BPF_RAW_TRACEPOINT_OPEN arguments: [ // cmd: const = 0x11 (8 bytes) // arg: ptr[in, bpf_raw_tracepoint] { // bpf_raw_tracepoint { // name: ptr[in, buffer] { // buffer: {74 69 6d 65 72 5f 73 74 61 72 74 00} (length 0xc) // } // prog_fd: fd_bpf_prog_raw_tracepoint (resource) // pad: const = 0x0 (4 bytes) // cookie: int64 = 0x0 (8 bytes) // } // } // size: len = 0x18 (8 bytes) // ] // returns fd_perf_base *(uint64_t*)0x2000000002c0 = 0x200000000000; memcpy((void*)0x200000000000, "timer_start\000", 12); *(uint32_t*)0x2000000002c8 = r[2]; *(uint32_t*)0x2000000002cc = 0; *(uint64_t*)0x2000000002d0 = 0; syscall(__NR_bpf, /*cmd=*/0x11ul, /*arg=*/0x2000000002c0ul, /*size=*/0x18ul); } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; loop(); return 0; }