// https://syzkaller.appspot.com/bug?id=d5f63be97bcf572595613d19f9b82475e37c9026 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __NR_bpf #define __NR_bpf 321 #endif static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 6; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 3) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { sleep_ms(10); if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[4] = {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: // socketpair$unix arguments: [ // domain: const = 0x1 (8 bytes) // type: unix_socket_type = 0x2 (8 bytes) // proto: const = 0x0 (4 bytes) // fds: ptr[out, unix_pair] { // unix_pair { // fd0: sock_unix (resource) // fd1: sock_unix (resource) // } // } // ] res = syscall(__NR_socketpair, /*domain=*/1ul, /*type=SOCK_DGRAM*/ 2ul, /*proto=*/0, /*fds=*/0x200000000080ul); if (res != -1) r[0] = *(uint32_t*)0x200000000080; break; case 1: // bpf$MAP_CREATE_TAIL_CALL arguments: [ // cmd: const = 0x0 (8 bytes) // arg: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {03 00 00 00 04 00 00 00 04 00 00 00 0a} // (length 0xd) // } // } // } // size: len = 0x48 (8 bytes) // ] // returns tail_call_map_fd memcpy((void*)0x200000000340, "\x03\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x0a", 13); res = syscall(__NR_bpf, /*cmd=*/0ul, /*arg=*/0x200000000340ul, /*size=*/0x48ul); if (res != -1) r[1] = res; break; case 2: // bpf$PROG_LOAD arguments: [ // cmd: const = 0x5 (8 bytes) // arg: ptr[in, bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], fd_bpf_prog[opt]]] { // bpf_prog_t[flags[bpf_prog_type, int32], bpf_prog_attach_types, // bpf_btf_id[opt], fd_bpf_prog[opt]] { // type: bpf_prog_type = 0x1 (4 bytes) // ninsn: bytesize8 = 0x5 (4 bytes) // insns: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {bf 16 00 00 00 00 00 00 b7 07 00 00 00 ff // 00 00 48 70 00 00 00 00 00 00 40 00 00 00 00 00 00 00 95 00 // 00 00 00 00 00 00 2b a7 28 04 15 98 fb d3 0c b5 99 e8 3d 24 // a3 aa 81 d3 6b b3 01 9c 13 bd 23 21 2f b5 6f a5 4f 26 41 d8 // b0 2c 38 15 e7 9c 14 14 eb 07 ea e6 f0 71 1e 6b d9 17 48 79 // 60 71 71 42 fa 9e a4 31 81 23 f6 02 00 00 00 00 00 80 de 89 // e6 61 16 8c 18 86 d0 d4 d9 4f 20 4e 34 5c 65 c2 6e 27 8e f5 // b9 15 39 5b 19 28 4a 1a 4b c7 2f 85 30 4e f8 d1 4f 8b bc 16 // 26 e3 a2 a2 ad 35 80 61 d0 ae 02 09 e6 2f 51 ee 98 8e 6e a6 // 04 ce 97 4a 22 a5 50 d6 f9 70 80 98 04 00 00 3e 05 df 3c eb // 9f 1f ea e5 73 7e ca a8 0a 66 69 63 c4 74 c2 a1 00 c7 88 b2 // 77 be ee 1c bf 9b 0a 4d 38 81 dc c7 b1 b8 5f 3c 3d 44 ae ac // cd 36 41 11 0b ec 4e 90 a6 34 19 65 c3 9e 4b 34 31 ab e8 02 // f5 ab 3e 89 cf 6c 66 2e d4 04 8d 3b 3e 22 27 8d 00 ce 00 00 // 00 00 d3 a0 27 62 c2 95 12 57 b8 58 02 18 9d 74 00 5d 2a 1b // cf 94 36 e1 92 e2 3f d2 75 98 5b f3 1b 71 4f 00 0b ca b6 fc // d6 10 f2 5f 58 88 00 00 00 00 3f 11 af c9 bd 08 c6 eb fb b8 // 94 32 fb 46 5b c5 2f 49 12 9b 9b 61 50 e3 20 c9 90 1d e2 eb // b9 00 00 00 01 8e 30 95 c4 c5 c7 a1 56 ce c3 3a 66 7d cc af // f9 50 ca 1e 5e fd d4 c9 68 da cf 81 ba a3 a5 09 b1 04 1d 06 // f6 b0 09 7c 43 04 81 82 4a 3f 4f dd d3 c6 43 f6 30 ba 17 5d // 87 6d ef d3 54 17 72 f2 6e 27 c4 4c fd b2 d8 5d 6d 29 98 3e // 83 0a 9c dd 79 83 7b 34 68 e8 c6 7a 57 1d 0a 01 7c 10 03 44 // c5 2a 6f 38 7a 13 40 bd c8 88 94 64 f9 0c c4 cd 1f 57 0d d3 // 98 77 df b2 ff 1a e6 6e 1c e9 17 47 4b 2e 65 0a e6 30 af d0 // 14 a3 37 ac 5d 58 bc b5 e5 17 23 25 7c 87 2c 52 55 f2 01 00 // 00 00 00 00 00 00 f0 41 b6 65 ab 21 37 2c 8d 8b 7b ac 5b 5c // 78 4d 20 a4 a2 4d 8d bd 75 06 2e 1d ae f9 de ad 61 9c c6 e7 // ba a7 27 07 15 77 91 c3 d2 a2 86 ff b8 d3 54 52 bb 5d 36 82 // a8 68 2b f7 ec bd 53 f9 50 ef 47 09 ec 01 e2 30 d2 f5 35 94 // ef 48 39 c6 13 0c 4c 13 a0 cc a8 4b 99 35 f7 71 fd 49 e4 80 // cd 9d 48 ae b1 2b 1d 6a ca bd 38 a8 17 bc d2 22 61 4d 1f 62 // 73 4d 67 90 39 a9 7d 2b 74 f9 e8 e9 97 cc d3 14 00 0f 74 77 // 13 7f 4e 8e 70 25 12 3e 78 3d f8 b8 a1 7e 3a a9 fe 1f 66 2a // ef 87 a0 65 b0 3c fb 65 b4 df e4 f1 b5 6e 1f 23 12 8d 74 37 // 53 a1 de 17 2d 68 3d 58 92 ce 94 14 a1 d9 8e a9 3e 3d 35 db // b6 c2 3b 90 cf 36 e8 3b 8a 43 4a 97 d0 93 43 d7 f8 30 79 cc // b0 2e 69 d3 84 14 60 56 d1 25 cf a7 88 23 78 74 dd 42 da e3 // 34 bd a0 42 81 9a 2a a2 4d ba 1c 25 be 27 94 44 8b 4f 63 48 // 30 26 b5 e3 4d 44 70 5b 76 ef 29 24 1a da b0 dd 7d 68 bf 97 // 5e 02 06 9f 6f 24 25 e1 bc 97 a3 d5 88 08 5f 16 be f6 3a 06 // 57 8d 4f 5d e7 bf b6 aa a7 5f 16 99 6d 53 62 56 c0 22 84 cb // 1d 3a 6f b8 ca e8 76 91 fa e3 65 a7 0c 3f c6 9e 15 65 bb a8 // dd 56 ee e5 79 80 41 35 8a 8c a0 49 f7 98 ab e6 46 f7 38 be // bd 69 41 3a fc 9d 8a 5e dd 7a aa 00 00 00 00 00 00 00 1e 6c // 2f 2a 28 7c 52 78 a2 18 db fa ff ff ff 00 a1 4d b5 cc a6 81 // 9e b1 d3 9c 48 cf dc 80 d2 15 c9 e1 6e 0c 47 36 c8 19 36 31 // 54 cc a4 e2 f8 98 00 d1 8c 89 d7 f4 6f 67 9d f6 c9 e2 95 2a // e1 eb fd 0c a8 83 68 ee 6c e1 39 e8 b5 82 2c 22 cf 2e 9d de // 94 3d 34 c4 32 e1 00 11 71 79 2c 65 98 61 46 66 6a 54 90 92 // 84 41 f4 7e 0f e5 ea c4 18 24 ca 1f d0 eb 71 aa 24 3c 88 d5 // 48 0e fd 83 29 d9 a7 33 d8 f9 ff ff ff 5f 91 2a c4 e3 4b f6 // ea 8a 86 da 70 7b 03 bd db 49 1b a0 cc 98 f6 be 92 c5 00 08 // a2 b5 00 25 41 9d 14 76 c7 31 32 ca 7c a2 6c e8 a7 e3 ff b7 // 00 f0 9e 15 7f 9b 84 40 51 f1 a6 42 ac a9 ff 98 c9 03 64 71 // cc ff 05 22 90 3e 7b cf 62 e1 8f 76 96 bb c2 80 b9 5e 8e 0d // 6f d5 64 4b 0e bd e3 a9 5b 06 54 88 62 de 80 9d 3d ae 3c cc // f1 09 f7 c7 8e 84 79 a3 45 e8 00 00 00 00 00 00 00 00 00 00 // 00 94 55 bf 41 76 27 ce 72 3a 5d 91 03 70 6a ba 69 27 95 00 // bb 82 f6 b5 a3 dd c0 bd 98 56 71 29 45 b7 0c 75 ce 5b 72 25 // 78 82 08 20 d0 10 d7 a3 cf fc 99 fc 64 7d 0b 82 ef 26 ab 70 // 8c 0b 19 ed 15 4b e5 1c 3b 39 8f 0e 6b b7 a3 00 06 00 00 00 // cb a1 29 53 d5 8c ff 0f 03 78 74 0f e6 66 2f 37 7b 97 d8 e7 // cd b0 47 ac d0 83 d3 cd 38 56 47 6a 60 a4 9a d1 27 ba 65 70 // ba fc 2b bc f9 ee 72 1f d9 cb 46 7f f0 71 e5 60 4f bf 04 91 // 24 5c 00 00 00 7d 93 2d 7a 64 de 4c 4a a4 33 fc 08 40 af f7 // c4 7d a3 a4 c6 96 6d 00 00 00 00 00 00 00 00 f6 bf ba e2 9e // 8a 6e 2a 88 9f 6e f6 86 9d 82 d6 bd 73 eb 76 b6 5c 7a 35 a5 // 4a 4a 6b 8a d4 60 0e 3a 97 2a 0b b5 97 1a 5f 16 59 0b 0a 03 // da fa 3f d1 11 87 65 cc 8a b9 fc cf 3b 51 c4 1a 33 9f 20 0f // 2f a3 30 06 91 0a 67 9a 9a e0 18 7b 4d 75 0c 4b d2 44 cb 0c // bf d2 3b 26 5f 4d 4d a4 48 a7 a0 d1 9c 5e 43 ea e5 0a 31 60 // 9d fa 2d de 26 75 51 46 7e b6 47 52 93 dd 70 12 cc 44 90 09 // 98 1f 22 82 0e 57 a0 ef f2 34 cc fe 21 d7 a2 30 2e 00 06 69 // 75 3d 3c 34 32 cc 14 ee 1a be 72 4a db 6b 54 31 be fe dd 3e // 22 97 11 18 f0 e2 1a ed 18 23 cb 7d de 82 12 a8 53 1b d9 00 // 00 00 00 6a 37 0e 9e b5 6b 3d 79 0b 98 f2 bd 0d b1 e5 de 6a // 30 40 d2 a3 9d 79 65 d3 4d f5 24 b7 60 ab 92 ef cc e7 dd 15 // 74 05 2c 73 59 35 bf 6a 75 2c 01 5c 7f 5f fe e9 ff 66 e5 dd // 28 66 b1 5b 6e 0d 17 61 8c b1 f5 c1 ee 4b 05 eb f1 44 5e a1 // 10 f4 99 f8 40 a5 c9 65 44 3d 72 55 56 35 1e e2 5f e0 9f 69 // 49 4b 05 36 78 dc ad cf 02 e0 63 df f2 fa 4b ef 1a c3 bb be // be 6c 74 d7 1e c3 b2 3e 29 89 5e ff 1d 10 17 02 4f e3 e8 cc // 75 9b 05 78 5a dc 34 6b 7f fd 05 96 3f 92 c1 d0 d7 d9 0b a8 // 78 ad 89 e4 90 f3 e2 9a c5 1d 30 63 28 69 a5 34 41 8f 91 6b // f6 fe 81 67 82 7a 8e 6c 8f 8b 39 1c 82 28 05 cb 0a df 1b 8b // d6 94 7f f2 08 75 3e b0 d2 08 ce 14 f7 b2 06 b2 e0 2c 21 e9 // 63 ab c5 ce b7 35 c1 b3 c4 6b 0a 84 3d e5 2a 90 33 75 df b6 // 63 a8 d8 ee 9c 2b 27 05 c1 a8 1d 9d 3b 96 56 b2 19 c8 cd 99 // c9 ca fc d0 d0 54 08 84 d9 7a ec b1 99 83 fc 6a f2 9a b4 4a // 82 af f9 cb a9 21 19 2c 66 5b 87 7a f6 53 9b db 1b 56 7f 48 // 1b a0 79 82 e7 ad 75 8f 4e 1e ac 69 e7 e8 8a 63 96 09 75 f4 // 90 e1 61 e3 71 ec 85 34 79 1e 3b 61 c6 85 d9 00 a9 c0 83 92 // 08 35 6b 53 75 0e 76 fc c3 c2 d1 bd dc bd 83 89 79 21 41 4d // 0c 02 e8 18 8f 3d f7 9e a2 a5 c5 44 40 04 83 0e 6c b2 27 ca // 1b da fb 97 7c 00 00 00 00 00 3a 41 71 93 b8 c5 d7 93 68 73 // 35 a9 30 86 70 94 fd 6a 78 21 82 18 e0 4b 70 5e c6 2f 16 08 // cb 56 9b 81 91 4e 68 f1 75 b3 92 af 6b c4 fd 21 21 d7 fd 27 // 6a f2 c9 7a 44 1b 56 e7 a0 68 7d 98 b8 e7 6d 8d 0d 23 1e 4f // e0 0b e1 de 76 bd 19 cc 12 e2 bd 93 8e b6 81 ed 6b c9 51 c1 // b4 f7 c5 1a f5 9e ea 4d 40 c6 00 00 00 00 02 00 77 8a 67 7b // 72 78 63 11 15 32 71 a3 31 3d a0 26 45 e1 17 61 69 9e 4d 04 // ac 86 dd 14 ff 95 3a 5b 77 06 bf 5d 1f ab a4 b1 88 08 d9 cb // 0e 9d b6 96 de c4 e0 82 0e e4 02 8d 72 25 a2 c9 c4 27 cf 64 // cb de 6f ba 05 6b 20 06 b7 a3 7c 11 81 d5 30 fb 86 5e 23 5c // d3 02 f3 b4 07 1e e5 23 7a da 98 6b 9e 5e 31 44 bf 47 9f 27 // 7f 10 65 6a d3 74 40 37 cc c9 c6 36 85 a6 f1 10 9d 2e a7 37 // 73 d3 63 5f 61 49 7f 1f a1 ea 4a 16 f6 01 80 0b f3 e5 91 41 // fb f0 5a 96 11 33 20 c4 45 f9 ba 85 96 97 0d 52 54 72 7e 80 // 4f bd 99 cc ef b7 c0 92 69 dd 2c 5c 25 e5 6e 16 9a c1 59 80 // f3 f8 5f 7c a3 6d d5 95 0e f5 b6 4f d4 6f 12 33 11 82 95 34 // a8 29 40 99 41 99 b3 cf 7a 8f ab ea 99 30 95 2f 5d a9 b9 09 // c1 94 6e 55 28 9f 66 8c 42 3f cb b3 1a e9 18 64 c8 82 31 31 // 51 74 1a 67 53 8c 96 89 dc 8e cc 99 03 c7 04 1e 5c 07 04 e2 // fa 55 a7 56 48 75 17 a7 44 5c bd 9e 3f 51 75 e4 1c 00 00 00 // 00 00 00 00 00 00 00 00 00 00 bf 98 ef d5 87 ff fe 32 6f 47 // 4b 0b 08 9c 01 7b 16 c0 06 2c bc e9 6f 5a de be c5 2a 79 f9 // 36 39 09 84 2f 79 c5 0a 15 20 be 46 d8 70 03 13 7e 4c 50 31 // f0 01 23 e8 12 a5 e3 7c d5 2c 9e b7 33 62 81 cb 8c 6c e9 93 // c5 1c d1 ea b8 a2 6b 23 2a cf 6b f0 ab 82 9c 26 da b6 37 53 // 8b 2e b1 42 0d 81 2d 2b 80 c7 77 71 0b a0 f1 8e 46 61 68 1a // a2 18 d9 ba 54 02 3a b4 30 5d 77 eb 15 61 1a e2 54 58 35 e9 // d3 0e 9f 6d 4f b4 3a 29 1c 69 54 5a 1e ea 0f 87 20 43 11 32 // d8 54 9f 99 bf 6c 5c b0 60 da 70 cb b5 9d 0a 00 00 00 00 00 // 34 d0 83 fc 37 d2 44 9f 72 de 0c be a4 bc 1d c8 9c 13 6c db // c5 04 f8 49 d5 50 2d 77 a9 5c 7b ff f4 cd 9c 03 05 8d 0d 4d // 07 ea 64 82 4f 1a cf 2b 39 38 9f 67 5f 39 d0 17 19 cd ba b3 // f1 ce 10 60 9c 8d 7b 3e 37 cb 99 b4 1d a5 e4 85 a4 41 b6 a1 // 03 54 9f 55 ab 09 dc 98 76 77 63 d1 f2 fa fd 45 bb 7d 2b 40 // 05 0d 1f 82 92 f4 d9 ec 6d 00 00 00 00 00 00 39 32 06 22 90 // f4 99 6f dd 55 b0 60 23 43 7e 9e 20 72 da f7 f5 d8 2f 6f 1b // 5b 89 a4 11 34 f4 dc 2e 65 bb 11 27 2f df 8c 81 41 f4 1d 61 // 60 b3 d8 b6 ec d1 6d 14 26 7f 61 b4 88 1a de e7 f0 7f 3d 6a // f5 ae 79 e1 6f e2 c3 f5 5a c7 a6 39 2d 2e 1d 9b 42 86 b6 c3 // e1 f5 a7 6b 85 ed 6e 1f 00 00 c6 7e 6c 5f cd c8 c3 93 81 be // 47 99 b8 cb 2d 08 b8 26 2c 80 7d d7 55 e2 2b 80 11 62 38 1a // a9 d1 af 2b bc 9c fd 49 75 85 33 7e ac 40 8b 84 75 b4 7a 39 // 2a 10 ca e3 49 16 0f 12 8e 5f 87 3a 58 06 4e b4 00 c3 6a 90 // 62 4f 6a ed 39 8a 21 5e 9c e6 45 22 ab 24 9f 67 c3 8a 65 6d // 32 ec ff 5c db 2b 03 9c 4a bf 34 9d 2c 0f 88 a4 2e 91 89 bb // fa 7f 5c f3 5b 6e 7e f8 f9 d3 31 63 b7 ea 87 55 0f b1 ba 33 // 4c 83 e3 ae c4 71 4c 9c 4c a3 ec b0 4f 27 20 23 76 15 a2 8b // f3 10 b5 8f fa 2a 10 32 16 fd cc 8c 2d 8f 5d 55 e5 e7 eb f1 // 47 10 52 72 aa ae 56 e8 6d 85 6b 3c f7 9a 3f 73 06 43 63 62 // dd 1a 08 ce 87 3e 07 ce bc 78 92 ec 6f 9f 69 6d a3 8f ee d3 // dc 00 01 50 0e 34 ad ae 1b a8 9a 32 ba d2 af 90 30 f8 40 f1 // ba 46 64 f3 55 47 cd ad d5 cb ac c5 93 52 c2 90 f5 5d 97 1b // 65 95 35 33 66 8c 25 f2 1d 8d 62 d8 49 e9 05 8e aa 97 c6 34 // 91 56 88 87 54 8f 66 8c db ca 2a bf 01 a3 61 a0 b6 4d 8b 52 // 3e 66 9d a3 50 e3 ec 74 45 df bf 36 6b 0b 3b c5 e7 68 24 a1 // e4 3e aa ec a7 0d b9 0f 2f a3 95 96 44 34 47 67 19 33 07 9a // 24 fe 36 81 ad 9a c3 61 f7 1a c2 79 a6 88 f1 0a 1c c4 df 11 // 12 10 5e de bc 5e 3b bc 39 4c 83 05 ab 12 9c a2 df b9 b7 c5 // e9 d0 97 bd 01 b4 95 cc ce fd dc e5 69 11 7f 7f 5d 6a 62 70 // ff 0f 0f 4c 37 10 29 ca 84 89 57 1b 55 84 1b f3 dd 00 3b c8 // 14 60 ee e5 7c eb 3c 33 f4 e9 30 0b 01 44 fe 04 0c f5 fc fc // bb 61 6c 20 70 23 78 81 af db 31 4c ec d1 62 3f 3e 55 ab 8b // 76 27 fa 1b e3 49 14 5a 8d 63 13 cb c7 90 ee fe 20 20 13 8e // 82 fb 9d 35 1b e4 dd cb cc 9b c0 48 dd 3d b5 82 8d 16 ba ec // 6e 07 a0 07 f0 03 0f 34 ea 3c fd 52 4d 6f a1 d4 5d a5 64 1d // 6c 94 e1 d3 ae 7f ba 1c 85 03 5d 2a 60 ef 16 96 e0 d9 6a a1 // c6 00 19 f7 3a 20 aa 61 13 cd 66 ef 26 b5 77 73 37 c2 6e 14 // 61 40 5d 86 fd f0 91 ed d5 26 f2 5c ad a4 39 bb 36 09 ed 5c // 35 ab 60 a5 39 ad e7 86 bd 60 04 d0 ea 3e db d6 c4 da 0d 8e // 8b e8 c7 71 c8 c8 a0 b0 7d 98 59 e0 4a db 18 96 4d cc e9 bc // e5 46 07 4c 26 df fb c2 df 37 2a 01 6e 8c 84 5d 42 57 00 00 // 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 96 57 69 // 7d 9c 2b 13 2b 2d c2 f5 ea 51 22 83 65 82 a7 e8 5f e2 bc 16 // 6f 17 ae fd 9d 86 1d e0 19 1f 52 77 d4 a3 b5 af b6 f2 3d 9e // ea 24 59 f7 84 46 06 e1 20 27 68 d8 3c 24 cc 79 1b de 44 a4 // 48 02 2b bf a5 71 fe 02 9a 7b 2d 51 52 63 9e e2 83 89 4a b6 // 16 89 92 ff 0a cc 01 b3 9a 07 8f 28 5c e6 15 35 1f 26 20 19 // 58 6e b9 44 7b b3 ea ff d7 b5 3d 8f 37 ca 6c 5f 10 27 dd 5b // 75 92 99 6c 8a 77 89 ba 10 89 79 cc 9a d0 7e d8 66 82 84 3e // 2e aa 85 5d d0 14 43 ee 6f fd e1 81 1f 10 03 9d 5d 14 45 81 // 77 09 6e 15 cc 4d 8f 25 82 a1 be a5 cc 98 d9 92 f3 de 7d 1c // df b2 43 84 b9 f1 0f 61 5c 87 c4 41 dc 97 0e c8 96 a5 af 6b // f6 9b 50 a2 44 bc 13 8a 1c ae 98 68 c3 07 9b af e6 01 fb 69 // 5a 97 69 00 00 00 00 00 00 00 00 00 e9 9b 63 02 9d 21 9c d3 // 54 5a 84 26 b5 65 54 a9 f2 65 d3 55 7e ef b3 60 28 94 50 7c // 25 6c b8 ee 9e ba df ec b6 af eb 84 ba 75 7b fa 8d 00 a5 af // 0d d6 aa 1e 81 44 ef 8e f0 44 10 d5 22 04 c3 35 40 89 41 b8 // ec cc 5c 73 4c c6 a0 52 47 14 2e d6 47 f8 9b cb 5c 04 3a cf // b3 82 b9 cc 91 8b c3 cd c3 68 98 31 57 85 1c df 67 88 00 aa // 7e b2 a6 cb c1 2c 7a e2 3b c8 8b 8f 10 00 00 00 00 00 00 00 // 00 00} (length 0xe70) // } // } // } // license: ptr[in, buffer] { // buffer: {47 50 4c 00} (length 0x4) // } // loglev: int32 = 0x0 (4 bytes) // logsize: len = 0x0 (4 bytes) // log: nil // kern_version: bpf_kern_version = 0x0 (4 bytes) // flags: bpf_prog_load_flags = 0x0 (4 bytes) // prog_name: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // 00} (length 0x10) prog_ifindex: ifindex (resource) // expected_attach_type: union bpf_prog_attach_types { // fallback: bpf_attach_types = 0x0 (4 bytes) // } // btf_fd: fd_btf (resource) // func_info_rec_size: const = 0x8 (4 bytes) // func_info: ptr[in, bpf_func_info] { // bpf_func_info { // insn_off: int32 = 0x0 (4 bytes) // type_id: int32 = 0x0 (4 bytes) // } // } // func_info_cnt: len = 0xfffffffffffffe89 (4 bytes) // line_info_rec_size: const = 0x10 (4 bytes) // line_info: nil // line_info_cnt: len = 0x0 (4 bytes) // attach_btf_id: bpf_btf_id (resource) // attach_prog_fd: fd_bpf_prog (resource) // core_relo_cnt: len = 0x0 (4 bytes) // fd_array: nil // core_relos: nil // core_relo_rec_size: const = 0x10 (4 bytes) // log_true_size: int32 = 0x0 (4 bytes) // prog_token_fd: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_prog_token_fd_wrapper { // void: buffer: {} (length 0x0) // } // pad: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_pad_wrapper { // value: const = 0x0 (4 bytes) // } // } // } // size: len = 0x48 (8 bytes) // ] // returns fd_bpf_prog *(uint32_t*)0x200000000080 = 1; *(uint32_t*)0x200000000084 = 5; *(uint64_t*)0x200000000088 = 0x200000002500; memcpy( (void*)0x200000002500, "\xbf\x16\x00\x00\x00\x00\x00\x00\xb7\x07\x00\x00\x00\xff\x00\x00\x48" "\x70\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x95\x00" "\x00\x00\x00\x00\x00\x00\x2b\xa7\x28\x04\x15\x98\xfb\xd3\x0c\xb5\x99" "\xe8\x3d\x24\xa3\xaa\x81\xd3\x6b\xb3\x01\x9c\x13\xbd\x23\x21\x2f\xb5" "\x6f\xa5\x4f\x26\x41\xd8\xb0\x2c\x38\x15\xe7\x9c\x14\x14\xeb\x07\xea" "\xe6\xf0\x71\x1e\x6b\xd9\x17\x48\x79\x60\x71\x71\x42\xfa\x9e\xa4\x31" "\x81\x23\xf6\x02\x00\x00\x00\x00\x00\x80\xde\x89\xe6\x61\x16\x8c\x18" "\x86\xd0\xd4\xd9\x4f\x20\x4e\x34\x5c\x65\xc2\x6e\x27\x8e\xf5\xb9\x15" "\x39\x5b\x19\x28\x4a\x1a\x4b\xc7\x2f\x85\x30\x4e\xf8\xd1\x4f\x8b\xbc" "\x16\x26\xe3\xa2\xa2\xad\x35\x80\x61\xd0\xae\x02\x09\xe6\x2f\x51\xee" "\x98\x8e\x6e\xa6\x04\xce\x97\x4a\x22\xa5\x50\xd6\xf9\x70\x80\x98\x04" "\x00\x00\x3e\x05\xdf\x3c\xeb\x9f\x1f\xea\xe5\x73\x7e\xca\xa8\x0a\x66" "\x69\x63\xc4\x74\xc2\xa1\x00\xc7\x88\xb2\x77\xbe\xee\x1c\xbf\x9b\x0a" "\x4d\x38\x81\xdc\xc7\xb1\xb8\x5f\x3c\x3d\x44\xae\xac\xcd\x36\x41\x11" "\x0b\xec\x4e\x90\xa6\x34\x19\x65\xc3\x9e\x4b\x34\x31\xab\xe8\x02\xf5" "\xab\x3e\x89\xcf\x6c\x66\x2e\xd4\x04\x8d\x3b\x3e\x22\x27\x8d\x00\xce" "\x00\x00\x00\x00\xd3\xa0\x27\x62\xc2\x95\x12\x57\xb8\x58\x02\x18\x9d" "\x74\x00\x5d\x2a\x1b\xcf\x94\x36\xe1\x92\xe2\x3f\xd2\x75\x98\x5b\xf3" "\x1b\x71\x4f\x00\x0b\xca\xb6\xfc\xd6\x10\xf2\x5f\x58\x88\x00\x00\x00" "\x00\x3f\x11\xaf\xc9\xbd\x08\xc6\xeb\xfb\xb8\x94\x32\xfb\x46\x5b\xc5" "\x2f\x49\x12\x9b\x9b\x61\x50\xe3\x20\xc9\x90\x1d\xe2\xeb\xb9\x00\x00" "\x00\x01\x8e\x30\x95\xc4\xc5\xc7\xa1\x56\xce\xc3\x3a\x66\x7d\xcc\xaf" "\xf9\x50\xca\x1e\x5e\xfd\xd4\xc9\x68\xda\xcf\x81\xba\xa3\xa5\x09\xb1" "\x04\x1d\x06\xf6\xb0\x09\x7c\x43\x04\x81\x82\x4a\x3f\x4f\xdd\xd3\xc6" "\x43\xf6\x30\xba\x17\x5d\x87\x6d\xef\xd3\x54\x17\x72\xf2\x6e\x27\xc4" "\x4c\xfd\xb2\xd8\x5d\x6d\x29\x98\x3e\x83\x0a\x9c\xdd\x79\x83\x7b\x34" "\x68\xe8\xc6\x7a\x57\x1d\x0a\x01\x7c\x10\x03\x44\xc5\x2a\x6f\x38\x7a" "\x13\x40\xbd\xc8\x88\x94\x64\xf9\x0c\xc4\xcd\x1f\x57\x0d\xd3\x98\x77" "\xdf\xb2\xff\x1a\xe6\x6e\x1c\xe9\x17\x47\x4b\x2e\x65\x0a\xe6\x30\xaf" "\xd0\x14\xa3\x37\xac\x5d\x58\xbc\xb5\xe5\x17\x23\x25\x7c\x87\x2c\x52" "\x55\xf2\x01\x00\x00\x00\x00\x00\x00\x00\xf0\x41\xb6\x65\xab\x21\x37" "\x2c\x8d\x8b\x7b\xac\x5b\x5c\x78\x4d\x20\xa4\xa2\x4d\x8d\xbd\x75\x06" "\x2e\x1d\xae\xf9\xde\xad\x61\x9c\xc6\xe7\xba\xa7\x27\x07\x15\x77\x91" "\xc3\xd2\xa2\x86\xff\xb8\xd3\x54\x52\xbb\x5d\x36\x82\xa8\x68\x2b\xf7" "\xec\xbd\x53\xf9\x50\xef\x47\x09\xec\x01\xe2\x30\xd2\xf5\x35\x94\xef" "\x48\x39\xc6\x13\x0c\x4c\x13\xa0\xcc\xa8\x4b\x99\x35\xf7\x71\xfd\x49" "\xe4\x80\xcd\x9d\x48\xae\xb1\x2b\x1d\x6a\xca\xbd\x38\xa8\x17\xbc\xd2" "\x22\x61\x4d\x1f\x62\x73\x4d\x67\x90\x39\xa9\x7d\x2b\x74\xf9\xe8\xe9" "\x97\xcc\xd3\x14\x00\x0f\x74\x77\x13\x7f\x4e\x8e\x70\x25\x12\x3e\x78" "\x3d\xf8\xb8\xa1\x7e\x3a\xa9\xfe\x1f\x66\x2a\xef\x87\xa0\x65\xb0\x3c" "\xfb\x65\xb4\xdf\xe4\xf1\xb5\x6e\x1f\x23\x12\x8d\x74\x37\x53\xa1\xde" "\x17\x2d\x68\x3d\x58\x92\xce\x94\x14\xa1\xd9\x8e\xa9\x3e\x3d\x35\xdb" "\xb6\xc2\x3b\x90\xcf\x36\xe8\x3b\x8a\x43\x4a\x97\xd0\x93\x43\xd7\xf8" "\x30\x79\xcc\xb0\x2e\x69\xd3\x84\x14\x60\x56\xd1\x25\xcf\xa7\x88\x23" "\x78\x74\xdd\x42\xda\xe3\x34\xbd\xa0\x42\x81\x9a\x2a\xa2\x4d\xba\x1c" "\x25\xbe\x27\x94\x44\x8b\x4f\x63\x48\x30\x26\xb5\xe3\x4d\x44\x70\x5b" "\x76\xef\x29\x24\x1a\xda\xb0\xdd\x7d\x68\xbf\x97\x5e\x02\x06\x9f\x6f" "\x24\x25\xe1\xbc\x97\xa3\xd5\x88\x08\x5f\x16\xbe\xf6\x3a\x06\x57\x8d" "\x4f\x5d\xe7\xbf\xb6\xaa\xa7\x5f\x16\x99\x6d\x53\x62\x56\xc0\x22\x84" "\xcb\x1d\x3a\x6f\xb8\xca\xe8\x76\x91\xfa\xe3\x65\xa7\x0c\x3f\xc6\x9e" "\x15\x65\xbb\xa8\xdd\x56\xee\xe5\x79\x80\x41\x35\x8a\x8c\xa0\x49\xf7" "\x98\xab\xe6\x46\xf7\x38\xbe\xbd\x69\x41\x3a\xfc\x9d\x8a\x5e\xdd\x7a" "\xaa\x00\x00\x00\x00\x00\x00\x00\x1e\x6c\x2f\x2a\x28\x7c\x52\x78\xa2" "\x18\xdb\xfa\xff\xff\xff\x00\xa1\x4d\xb5\xcc\xa6\x81\x9e\xb1\xd3\x9c" "\x48\xcf\xdc\x80\xd2\x15\xc9\xe1\x6e\x0c\x47\x36\xc8\x19\x36\x31\x54" "\xcc\xa4\xe2\xf8\x98\x00\xd1\x8c\x89\xd7\xf4\x6f\x67\x9d\xf6\xc9\xe2" "\x95\x2a\xe1\xeb\xfd\x0c\xa8\x83\x68\xee\x6c\xe1\x39\xe8\xb5\x82\x2c" "\x22\xcf\x2e\x9d\xde\x94\x3d\x34\xc4\x32\xe1\x00\x11\x71\x79\x2c\x65" "\x98\x61\x46\x66\x6a\x54\x90\x92\x84\x41\xf4\x7e\x0f\xe5\xea\xc4\x18" "\x24\xca\x1f\xd0\xeb\x71\xaa\x24\x3c\x88\xd5\x48\x0e\xfd\x83\x29\xd9" "\xa7\x33\xd8\xf9\xff\xff\xff\x5f\x91\x2a\xc4\xe3\x4b\xf6\xea\x8a\x86" "\xda\x70\x7b\x03\xbd\xdb\x49\x1b\xa0\xcc\x98\xf6\xbe\x92\xc5\x00\x08" "\xa2\xb5\x00\x25\x41\x9d\x14\x76\xc7\x31\x32\xca\x7c\xa2\x6c\xe8\xa7" "\xe3\xff\xb7\x00\xf0\x9e\x15\x7f\x9b\x84\x40\x51\xf1\xa6\x42\xac\xa9" "\xff\x98\xc9\x03\x64\x71\xcc\xff\x05\x22\x90\x3e\x7b\xcf\x62\xe1\x8f" "\x76\x96\xbb\xc2\x80\xb9\x5e\x8e\x0d\x6f\xd5\x64\x4b\x0e\xbd\xe3\xa9" "\x5b\x06\x54\x88\x62\xde\x80\x9d\x3d\xae\x3c\xcc\xf1\x09\xf7\xc7\x8e" "\x84\x79\xa3\x45\xe8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x94" "\x55\xbf\x41\x76\x27\xce\x72\x3a\x5d\x91\x03\x70\x6a\xba\x69\x27\x95" "\x00\xbb\x82\xf6\xb5\xa3\xdd\xc0\xbd\x98\x56\x71\x29\x45\xb7\x0c\x75" "\xce\x5b\x72\x25\x78\x82\x08\x20\xd0\x10\xd7\xa3\xcf\xfc\x99\xfc\x64" "\x7d\x0b\x82\xef\x26\xab\x70\x8c\x0b\x19\xed\x15\x4b\xe5\x1c\x3b\x39" "\x8f\x0e\x6b\xb7\xa3\x00\x06\x00\x00\x00\xcb\xa1\x29\x53\xd5\x8c\xff" "\x0f\x03\x78\x74\x0f\xe6\x66\x2f\x37\x7b\x97\xd8\xe7\xcd\xb0\x47\xac" "\xd0\x83\xd3\xcd\x38\x56\x47\x6a\x60\xa4\x9a\xd1\x27\xba\x65\x70\xba" "\xfc\x2b\xbc\xf9\xee\x72\x1f\xd9\xcb\x46\x7f\xf0\x71\xe5\x60\x4f\xbf" "\x04\x91\x24\x5c\x00\x00\x00\x7d\x93\x2d\x7a\x64\xde\x4c\x4a\xa4\x33" "\xfc\x08\x40\xaf\xf7\xc4\x7d\xa3\xa4\xc6\x96\x6d\x00\x00\x00\x00\x00" "\x00\x00\x00\xf6\xbf\xba\xe2\x9e\x8a\x6e\x2a\x88\x9f\x6e\xf6\x86\x9d" "\x82\xd6\xbd\x73\xeb\x76\xb6\x5c\x7a\x35\xa5\x4a\x4a\x6b\x8a\xd4\x60" "\x0e\x3a\x97\x2a\x0b\xb5\x97\x1a\x5f\x16\x59\x0b\x0a\x03\xda\xfa\x3f" "\xd1\x11\x87\x65\xcc\x8a\xb9\xfc\xcf\x3b\x51\xc4\x1a\x33\x9f\x20\x0f" "\x2f\xa3\x30\x06\x91\x0a\x67\x9a\x9a\xe0\x18\x7b\x4d\x75\x0c\x4b\xd2" "\x44\xcb\x0c\xbf\xd2\x3b\x26\x5f\x4d\x4d\xa4\x48\xa7\xa0\xd1\x9c\x5e" "\x43\xea\xe5\x0a\x31\x60\x9d\xfa\x2d\xde\x26\x75\x51\x46\x7e\xb6\x47" "\x52\x93\xdd\x70\x12\xcc\x44\x90\x09\x98\x1f\x22\x82\x0e\x57\xa0\xef" "\xf2\x34\xcc\xfe\x21\xd7\xa2\x30\x2e\x00\x06\x69\x75\x3d\x3c\x34\x32" "\xcc\x14\xee\x1a\xbe\x72\x4a\xdb\x6b\x54\x31\xbe\xfe\xdd\x3e\x22\x97" "\x11\x18\xf0\xe2\x1a\xed\x18\x23\xcb\x7d\xde\x82\x12\xa8\x53\x1b\xd9" "\x00\x00\x00\x00\x6a\x37\x0e\x9e\xb5\x6b\x3d\x79\x0b\x98\xf2\xbd\x0d" "\xb1\xe5\xde\x6a\x30\x40\xd2\xa3\x9d\x79\x65\xd3\x4d\xf5\x24\xb7\x60" "\xab\x92\xef\xcc\xe7\xdd\x15\x74\x05\x2c\x73\x59\x35\xbf\x6a\x75\x2c" "\x01\x5c\x7f\x5f\xfe\xe9\xff\x66\xe5\xdd\x28\x66\xb1\x5b\x6e\x0d\x17" "\x61\x8c\xb1\xf5\xc1\xee\x4b\x05\xeb\xf1\x44\x5e\xa1\x10\xf4\x99\xf8" "\x40\xa5\xc9\x65\x44\x3d\x72\x55\x56\x35\x1e\xe2\x5f\xe0\x9f\x69\x49" "\x4b\x05\x36\x78\xdc\xad\xcf\x02\xe0\x63\xdf\xf2\xfa\x4b\xef\x1a\xc3" "\xbb\xbe\xbe\x6c\x74\xd7\x1e\xc3\xb2\x3e\x29\x89\x5e\xff\x1d\x10\x17" "\x02\x4f\xe3\xe8\xcc\x75\x9b\x05\x78\x5a\xdc\x34\x6b\x7f\xfd\x05\x96" "\x3f\x92\xc1\xd0\xd7\xd9\x0b\xa8\x78\xad\x89\xe4\x90\xf3\xe2\x9a\xc5" "\x1d\x30\x63\x28\x69\xa5\x34\x41\x8f\x91\x6b\xf6\xfe\x81\x67\x82\x7a" "\x8e\x6c\x8f\x8b\x39\x1c\x82\x28\x05\xcb\x0a\xdf\x1b\x8b\xd6\x94\x7f" "\xf2\x08\x75\x3e\xb0\xd2\x08\xce\x14\xf7\xb2\x06\xb2\xe0\x2c\x21\xe9" "\x63\xab\xc5\xce\xb7\x35\xc1\xb3\xc4\x6b\x0a\x84\x3d\xe5\x2a\x90\x33" "\x75\xdf\xb6\x63\xa8\xd8\xee\x9c\x2b\x27\x05\xc1\xa8\x1d\x9d\x3b\x96" "\x56\xb2\x19\xc8\xcd\x99\xc9\xca\xfc\xd0\xd0\x54\x08\x84\xd9\x7a\xec" "\xb1\x99\x83\xfc\x6a\xf2\x9a\xb4\x4a\x82\xaf\xf9\xcb\xa9\x21\x19\x2c" "\x66\x5b\x87\x7a\xf6\x53\x9b\xdb\x1b\x56\x7f\x48\x1b\xa0\x79\x82\xe7" "\xad\x75\x8f\x4e\x1e\xac\x69\xe7\xe8\x8a\x63\x96\x09\x75\xf4\x90\xe1" "\x61\xe3\x71\xec\x85\x34\x79\x1e\x3b\x61\xc6\x85\xd9\x00\xa9\xc0\x83" "\x92\x08\x35\x6b\x53\x75\x0e\x76\xfc\xc3\xc2\xd1\xbd\xdc\xbd\x83\x89" "\x79\x21\x41\x4d\x0c\x02\xe8\x18\x8f\x3d\xf7\x9e\xa2\xa5\xc5\x44\x40" "\x04\x83\x0e\x6c\xb2\x27\xca\x1b\xda\xfb\x97\x7c\x00\x00\x00\x00\x00" "\x3a\x41\x71\x93\xb8\xc5\xd7\x93\x68\x73\x35\xa9\x30\x86\x70\x94\xfd" "\x6a\x78\x21\x82\x18\xe0\x4b\x70\x5e\xc6\x2f\x16\x08\xcb\x56\x9b\x81" "\x91\x4e\x68\xf1\x75\xb3\x92\xaf\x6b\xc4\xfd\x21\x21\xd7\xfd\x27\x6a" "\xf2\xc9\x7a\x44\x1b\x56\xe7\xa0\x68\x7d\x98\xb8\xe7\x6d\x8d\x0d\x23" "\x1e\x4f\xe0\x0b\xe1\xde\x76\xbd\x19\xcc\x12\xe2\xbd\x93\x8e\xb6\x81" "\xed\x6b\xc9\x51\xc1\xb4\xf7\xc5\x1a\xf5\x9e\xea\x4d\x40\xc6\x00\x00" "\x00\x00\x02\x00\x77\x8a\x67\x7b\x72\x78\x63\x11\x15\x32\x71\xa3\x31" "\x3d\xa0\x26\x45\xe1\x17\x61\x69\x9e\x4d\x04\xac\x86\xdd\x14\xff\x95" "\x3a\x5b\x77\x06\xbf\x5d\x1f\xab\xa4\xb1\x88\x08\xd9\xcb\x0e\x9d\xb6" "\x96\xde\xc4\xe0\x82\x0e\xe4\x02\x8d\x72\x25\xa2\xc9\xc4\x27\xcf\x64" "\xcb\xde\x6f\xba\x05\x6b\x20\x06\xb7\xa3\x7c\x11\x81\xd5\x30\xfb\x86" "\x5e\x23\x5c\xd3\x02\xf3\xb4\x07\x1e\xe5\x23\x7a\xda\x98\x6b\x9e\x5e" "\x31\x44\xbf\x47\x9f\x27\x7f\x10\x65\x6a\xd3\x74\x40\x37\xcc\xc9\xc6" "\x36\x85\xa6\xf1\x10\x9d\x2e\xa7\x37\x73\xd3\x63\x5f\x61\x49\x7f\x1f" "\xa1\xea\x4a\x16\xf6\x01\x80\x0b\xf3\xe5\x91\x41\xfb\xf0\x5a\x96\x11" "\x33\x20\xc4\x45\xf9\xba\x85\x96\x97\x0d\x52\x54\x72\x7e\x80\x4f\xbd" "\x99\xcc\xef\xb7\xc0\x92\x69\xdd\x2c\x5c\x25\xe5\x6e\x16\x9a\xc1\x59" "\x80\xf3\xf8\x5f\x7c\xa3\x6d\xd5\x95\x0e\xf5\xb6\x4f\xd4\x6f\x12\x33" "\x11\x82\x95\x34\xa8\x29\x40\x99\x41\x99\xb3\xcf\x7a\x8f\xab\xea\x99" "\x30\x95\x2f\x5d\xa9\xb9\x09\xc1\x94\x6e\x55\x28\x9f\x66\x8c\x42\x3f" "\xcb\xb3\x1a\xe9\x18\x64\xc8\x82\x31\x31\x51\x74\x1a\x67\x53\x8c\x96" "\x89\xdc\x8e\xcc\x99\x03\xc7\x04\x1e\x5c\x07\x04\xe2\xfa\x55\xa7\x56" "\x48\x75\x17\xa7\x44\x5c\xbd\x9e\x3f\x51\x75\xe4\x1c\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x98\xef\xd5\x87\xff\xfe\x32" "\x6f\x47\x4b\x0b\x08\x9c\x01\x7b\x16\xc0\x06\x2c\xbc\xe9\x6f\x5a\xde" "\xbe\xc5\x2a\x79\xf9\x36\x39\x09\x84\x2f\x79\xc5\x0a\x15\x20\xbe\x46" "\xd8\x70\x03\x13\x7e\x4c\x50\x31\xf0\x01\x23\xe8\x12\xa5\xe3\x7c\xd5" "\x2c\x9e\xb7\x33\x62\x81\xcb\x8c\x6c\xe9\x93\xc5\x1c\xd1\xea\xb8\xa2" "\x6b\x23\x2a\xcf\x6b\xf0\xab\x82\x9c\x26\xda\xb6\x37\x53\x8b\x2e\xb1" "\x42\x0d\x81\x2d\x2b\x80\xc7\x77\x71\x0b\xa0\xf1\x8e\x46\x61\x68\x1a" "\xa2\x18\xd9\xba\x54\x02\x3a\xb4\x30\x5d\x77\xeb\x15\x61\x1a\xe2\x54" "\x58\x35\xe9\xd3\x0e\x9f\x6d\x4f\xb4\x3a\x29\x1c\x69\x54\x5a\x1e\xea" "\x0f\x87\x20\x43\x11\x32\xd8\x54\x9f\x99\xbf\x6c\x5c\xb0\x60\xda\x70" "\xcb\xb5\x9d\x0a\x00\x00\x00\x00\x00\x34\xd0\x83\xfc\x37\xd2\x44\x9f" "\x72\xde\x0c\xbe\xa4\xbc\x1d\xc8\x9c\x13\x6c\xdb\xc5\x04\xf8\x49\xd5" "\x50\x2d\x77\xa9\x5c\x7b\xff\xf4\xcd\x9c\x03\x05\x8d\x0d\x4d\x07\xea" "\x64\x82\x4f\x1a\xcf\x2b\x39\x38\x9f\x67\x5f\x39\xd0\x17\x19\xcd\xba" "\xb3\xf1\xce\x10\x60\x9c\x8d\x7b\x3e\x37\xcb\x99\xb4\x1d\xa5\xe4\x85" "\xa4\x41\xb6\xa1\x03\x54\x9f\x55\xab\x09\xdc\x98\x76\x77\x63\xd1\xf2" "\xfa\xfd\x45\xbb\x7d\x2b\x40\x05\x0d\x1f\x82\x92\xf4\xd9\xec\x6d\x00" "\x00\x00\x00\x00\x00\x39\x32\x06\x22\x90\xf4\x99\x6f\xdd\x55\xb0\x60" "\x23\x43\x7e\x9e\x20\x72\xda\xf7\xf5\xd8\x2f\x6f\x1b\x5b\x89\xa4\x11" "\x34\xf4\xdc\x2e\x65\xbb\x11\x27\x2f\xdf\x8c\x81\x41\xf4\x1d\x61\x60" "\xb3\xd8\xb6\xec\xd1\x6d\x14\x26\x7f\x61\xb4\x88\x1a\xde\xe7\xf0\x7f" "\x3d\x6a\xf5\xae\x79\xe1\x6f\xe2\xc3\xf5\x5a\xc7\xa6\x39\x2d\x2e\x1d" "\x9b\x42\x86\xb6\xc3\xe1\xf5\xa7\x6b\x85\xed\x6e\x1f\x00\x00\xc6\x7e" "\x6c\x5f\xcd\xc8\xc3\x93\x81\xbe\x47\x99\xb8\xcb\x2d\x08\xb8\x26\x2c" "\x80\x7d\xd7\x55\xe2\x2b\x80\x11\x62\x38\x1a\xa9\xd1\xaf\x2b\xbc\x9c" "\xfd\x49\x75\x85\x33\x7e\xac\x40\x8b\x84\x75\xb4\x7a\x39\x2a\x10\xca" "\xe3\x49\x16\x0f\x12\x8e\x5f\x87\x3a\x58\x06\x4e\xb4\x00\xc3\x6a\x90" "\x62\x4f\x6a\xed\x39\x8a\x21\x5e\x9c\xe6\x45\x22\xab\x24\x9f\x67\xc3" "\x8a\x65\x6d\x32\xec\xff\x5c\xdb\x2b\x03\x9c\x4a\xbf\x34\x9d\x2c\x0f" "\x88\xa4\x2e\x91\x89\xbb\xfa\x7f\x5c\xf3\x5b\x6e\x7e\xf8\xf9\xd3\x31" "\x63\xb7\xea\x87\x55\x0f\xb1\xba\x33\x4c\x83\xe3\xae\xc4\x71\x4c\x9c" "\x4c\xa3\xec\xb0\x4f\x27\x20\x23\x76\x15\xa2\x8b\xf3\x10\xb5\x8f\xfa" "\x2a\x10\x32\x16\xfd\xcc\x8c\x2d\x8f\x5d\x55\xe5\xe7\xeb\xf1\x47\x10" "\x52\x72\xaa\xae\x56\xe8\x6d\x85\x6b\x3c\xf7\x9a\x3f\x73\x06\x43\x63" "\x62\xdd\x1a\x08\xce\x87\x3e\x07\xce\xbc\x78\x92\xec\x6f\x9f\x69\x6d" "\xa3\x8f\xee\xd3\xdc\x00\x01\x50\x0e\x34\xad\xae\x1b\xa8\x9a\x32\xba" "\xd2\xaf\x90\x30\xf8\x40\xf1\xba\x46\x64\xf3\x55\x47\xcd\xad\xd5\xcb" "\xac\xc5\x93\x52\xc2\x90\xf5\x5d\x97\x1b\x65\x95\x35\x33\x66\x8c\x25" "\xf2\x1d\x8d\x62\xd8\x49\xe9\x05\x8e\xaa\x97\xc6\x34\x91\x56\x88\x87" "\x54\x8f\x66\x8c\xdb\xca\x2a\xbf\x01\xa3\x61\xa0\xb6\x4d\x8b\x52\x3e" "\x66\x9d\xa3\x50\xe3\xec\x74\x45\xdf\xbf\x36\x6b\x0b\x3b\xc5\xe7\x68" "\x24\xa1\xe4\x3e\xaa\xec\xa7\x0d\xb9\x0f\x2f\xa3\x95\x96\x44\x34\x47" "\x67\x19\x33\x07\x9a\x24\xfe\x36\x81\xad\x9a\xc3\x61\xf7\x1a\xc2\x79" "\xa6\x88\xf1\x0a\x1c\xc4\xdf\x11\x12\x10\x5e\xde\xbc\x5e\x3b\xbc\x39" "\x4c\x83\x05\xab\x12\x9c\xa2\xdf\xb9\xb7\xc5\xe9\xd0\x97\xbd\x01\xb4" "\x95\xcc\xce\xfd\xdc\xe5\x69\x11\x7f\x7f\x5d\x6a\x62\x70\xff\x0f\x0f" "\x4c\x37\x10\x29\xca\x84\x89\x57\x1b\x55\x84\x1b\xf3\xdd\x00\x3b\xc8" "\x14\x60\xee\xe5\x7c\xeb\x3c\x33\xf4\xe9\x30\x0b\x01\x44\xfe\x04\x0c" "\xf5\xfc\xfc\xbb\x61\x6c\x20\x70\x23\x78\x81\xaf\xdb\x31\x4c\xec\xd1" "\x62\x3f\x3e\x55\xab\x8b\x76\x27\xfa\x1b\xe3\x49\x14\x5a\x8d\x63\x13" "\xcb\xc7\x90\xee\xfe\x20\x20\x13\x8e\x82\xfb\x9d\x35\x1b\xe4\xdd\xcb" "\xcc\x9b\xc0\x48\xdd\x3d\xb5\x82\x8d\x16\xba\xec\x6e\x07\xa0\x07\xf0" "\x03\x0f\x34\xea\x3c\xfd\x52\x4d\x6f\xa1\xd4\x5d\xa5\x64\x1d\x6c\x94" "\xe1\xd3\xae\x7f\xba\x1c\x85\x03\x5d\x2a\x60\xef\x16\x96\xe0\xd9\x6a" "\xa1\xc6\x00\x19\xf7\x3a\x20\xaa\x61\x13\xcd\x66\xef\x26\xb5\x77\x73" "\x37\xc2\x6e\x14\x61\x40\x5d\x86\xfd\xf0\x91\xed\xd5\x26\xf2\x5c\xad" "\xa4\x39\xbb\x36\x09\xed\x5c\x35\xab\x60\xa5\x39\xad\xe7\x86\xbd\x60" "\x04\xd0\xea\x3e\xdb\xd6\xc4\xda\x0d\x8e\x8b\xe8\xc7\x71\xc8\xc8\xa0" "\xb0\x7d\x98\x59\xe0\x4a\xdb\x18\x96\x4d\xcc\xe9\xbc\xe5\x46\x07\x4c" "\x26\xdf\xfb\xc2\xdf\x37\x2a\x01\x6e\x8c\x84\x5d\x42\x57\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf2\x96" "\x57\x69\x7d\x9c\x2b\x13\x2b\x2d\xc2\xf5\xea\x51\x22\x83\x65\x82\xa7" "\xe8\x5f\xe2\xbc\x16\x6f\x17\xae\xfd\x9d\x86\x1d\xe0\x19\x1f\x52\x77" "\xd4\xa3\xb5\xaf\xb6\xf2\x3d\x9e\xea\x24\x59\xf7\x84\x46\x06\xe1\x20" "\x27\x68\xd8\x3c\x24\xcc\x79\x1b\xde\x44\xa4\x48\x02\x2b\xbf\xa5\x71" "\xfe\x02\x9a\x7b\x2d\x51\x52\x63\x9e\xe2\x83\x89\x4a\xb6\x16\x89\x92" "\xff\x0a\xcc\x01\xb3\x9a\x07\x8f\x28\x5c\xe6\x15\x35\x1f\x26\x20\x19" "\x58\x6e\xb9\x44\x7b\xb3\xea\xff\xd7\xb5\x3d\x8f\x37\xca\x6c\x5f\x10" "\x27\xdd\x5b\x75\x92\x99\x6c\x8a\x77\x89\xba\x10\x89\x79\xcc\x9a\xd0" "\x7e\xd8\x66\x82\x84\x3e\x2e\xaa\x85\x5d\xd0\x14\x43\xee\x6f\xfd\xe1" "\x81\x1f\x10\x03\x9d\x5d\x14\x45\x81\x77\x09\x6e\x15\xcc\x4d\x8f\x25" "\x82\xa1\xbe\xa5\xcc\x98\xd9\x92\xf3\xde\x7d\x1c\xdf\xb2\x43\x84\xb9" "\xf1\x0f\x61\x5c\x87\xc4\x41\xdc\x97\x0e\xc8\x96\xa5\xaf\x6b\xf6\x9b" "\x50\xa2\x44\xbc\x13\x8a\x1c\xae\x98\x68\xc3\x07\x9b\xaf\xe6\x01\xfb" "\x69\x5a\x97\x69\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe9\x9b\x63\x02" "\x9d\x21\x9c\xd3\x54\x5a\x84\x26\xb5\x65\x54\xa9\xf2\x65\xd3\x55\x7e" "\xef\xb3\x60\x28\x94\x50\x7c\x25\x6c\xb8\xee\x9e\xba\xdf\xec\xb6\xaf" "\xeb\x84\xba\x75\x7b\xfa\x8d\x00\xa5\xaf\x0d\xd6\xaa\x1e\x81\x44\xef" "\x8e\xf0\x44\x10\xd5\x22\x04\xc3\x35\x40\x89\x41\xb8\xec\xcc\x5c\x73" "\x4c\xc6\xa0\x52\x47\x14\x2e\xd6\x47\xf8\x9b\xcb\x5c\x04\x3a\xcf\xb3" "\x82\xb9\xcc\x91\x8b\xc3\xcd\xc3\x68\x98\x31\x57\x85\x1c\xdf\x67\x88" "\x00\xaa\x7e\xb2\xa6\xcb\xc1\x2c\x7a\xe2\x3b\xc8\x8b\x8f\x10\x00\x00" "\x00\x00\x00\x00\x00\x00\x00", 3696); *(uint64_t*)0x200000000090 = 0x200000000140; memcpy((void*)0x200000000140, "GPL\000", 4); *(uint32_t*)0x200000000098 = 0; *(uint32_t*)0x20000000009c = 0; *(uint64_t*)0x2000000000a0 = 0; *(uint32_t*)0x2000000000a8 = 0; *(uint32_t*)0x2000000000ac = 0; memset((void*)0x2000000000b0, 0, 16); *(uint32_t*)0x2000000000c0 = 0; *(uint32_t*)0x2000000000c4 = 0; *(uint32_t*)0x2000000000c8 = -1; *(uint32_t*)0x2000000000cc = 8; *(uint64_t*)0x2000000000d0 = 0x200000000000; *(uint32_t*)0x200000000000 = 0; *(uint32_t*)0x200000000004 = 0; *(uint32_t*)0x2000000000d8 = 0xfffffe89; *(uint32_t*)0x2000000000dc = 0x10; *(uint64_t*)0x2000000000e0 = 0; *(uint32_t*)0x2000000000e8 = 0; *(uint32_t*)0x2000000000ec = 0; *(uint32_t*)0x2000000000f0 = -1; *(uint32_t*)0x2000000000f4 = 0; *(uint64_t*)0x2000000000f8 = 0; *(uint64_t*)0x200000000100 = 0; *(uint32_t*)0x200000000108 = 0x10; *(uint32_t*)0x20000000010c = 0; *(uint32_t*)0x200000000110 = 0; res = syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x200000000080ul, /*size=*/0x48ul); if (res != -1) r[2] = res; break; case 3: // bpf$MAP_UPDATE_ELEM_TAIL_CALL arguments: [ // cmd: const = 0x2 (8 bytes) // arg: ptr[inout, bpf_map_update_tail_call_arg] { // bpf_map_update_tail_call_arg { // map: tail_call_map_update { // in: tail_call_map_fd (resource) // out: tail_call_map (resource) // } // pad = 0x0 (4 bytes) // key: ptr[in, const[0, const]] { // const = 0x0 (4 bytes) // } // val: ptr[in, fd_bpf_prog] { // fd_bpf_prog (resource) // } // flags: const = 0x0 (8 bytes) // } // } // size: len = 0x20 (8 bytes) // ] *(uint32_t*)0x200000000200 = r[1]; *(uint64_t*)0x200000000208 = 0x2000000002c0; *(uint32_t*)0x2000000002c0 = 0; *(uint64_t*)0x200000000210 = 0x200000000240; *(uint32_t*)0x200000000240 = r[2]; *(uint64_t*)0x200000000218 = 0; syscall(__NR_bpf, /*cmd=*/2ul, /*arg=*/0x200000000200ul, /*size=*/0x20ul); break; case 4: // bpf$PROG_LOAD arguments: [ // cmd: const = 0x5 (8 bytes) // arg: ptr[in, bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], fd_bpf_prog[opt]]] { // bpf_prog_t[flags[bpf_prog_type, int32], bpf_prog_attach_types, // bpf_btf_id[opt], fd_bpf_prog[opt]] { // type: bpf_prog_type = 0x1 (4 bytes) // ninsn: bytesize8 = 0x10 (4 bytes) // insns: ptr[inout, array[ANYUNION]] { // array[ANYUNION] { // union ANYUNION { // ANYBLOB: buffer: {18 08 00 00 00 00 00 00 00 00 00 00 00 00 // 00 00 18 12 00 00} (length 0x14) // } // union ANYUNION { // ANYRES32: ANYRES32 (resource) // } // union ANYUNION { // ANYBLOB: buffer: {00 00 00 00 00 00 00 00 b7 03 00 00 00 00 // 00 00 85 00 00 00 0c 00 00 00 b7 00 00 00 00 00 00 00 18 01 // 00 00 00 08 2c 25 00 00 00 00 00 21 20 20 7b 1a f8 ff 00 00 // 00 00 bf a1 00 00 00 00 00 00 07 01 00 00 f8 ff ff ff b7 02 // 00 00 08 00 00 00 b7 03 00 00 00 00 00 00 85 00 00 00 07 00 // 00 00 95} (length 0x61) // } // } // } // license: ptr[in, buffer] { // buffer: {47 50 4c 00} (length 0x4) // } // loglev: int32 = 0x0 (4 bytes) // logsize: len = 0x0 (4 bytes) // log: nil // kern_version: bpf_kern_version = 0x0 (4 bytes) // flags: bpf_prog_load_flags = 0x0 (4 bytes) // prog_name: buffer: {00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 // 00} (length 0x10) prog_ifindex: ifindex (resource) // expected_attach_type: union bpf_prog_attach_types { // fallback: bpf_attach_types = 0x0 (4 bytes) // } // btf_fd: fd_btf (resource) // func_info_rec_size: const = 0x0 (4 bytes) // func_info: nil // func_info_cnt: len = 0x0 (4 bytes) // line_info_rec_size: const = 0x0 (4 bytes) // line_info: nil // line_info_cnt: len = 0x0 (4 bytes) // attach_btf_id: bpf_btf_id (resource) // attach_prog_fd: fd_bpf_prog (resource) // core_relo_cnt: len = 0x0 (4 bytes) // fd_array: nil // core_relos: nil // core_relo_rec_size: const = 0x0 (4 bytes) // log_true_size: int32 = 0x0 (4 bytes) // prog_token_fd: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_prog_token_fd_wrapper { // void: buffer: {} (length 0x0) // } // pad: union _bpf_prog_t[flags[bpf_prog_type, int32], // bpf_prog_attach_types, bpf_btf_id[opt], // fd_bpf_prog[opt]]_pad_wrapper { // value: const = 0x0 (4 bytes) // } // } // } // size: len = 0x90 (8 bytes) // ] // returns fd_bpf_prog *(uint32_t*)0x200000000880 = 1; *(uint32_t*)0x200000000884 = 0x10; *(uint64_t*)0x200000000888 = 0x200000000bc0; memcpy((void*)0x200000000bc0, "\x18\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x18\x12\x00\x00", 20); *(uint32_t*)0x200000000bd4 = r[1]; memcpy( (void*)0x200000000bd8, "\x00\x00\x00\x00\x00\x00\x00\x00\xb7\x03\x00\x00\x00\x00\x00\x00\x85" "\x00\x00\x00\x0c\x00\x00\x00\xb7\x00\x00\x00\x00\x00\x00\x00\x18\x01" "\x00\x00\x00\x08\x2c\x25\x00\x00\x00\x00\x00\x21\x20\x20\x7b\x1a\xf8" "\xff\x00\x00\x00\x00\xbf\xa1\x00\x00\x00\x00\x00\x00\x07\x01\x00\x00" "\xf8\xff\xff\xff\xb7\x02\x00\x00\x08\x00\x00\x00\xb7\x03\x00\x00\x00" "\x00\x00\x00\x85\x00\x00\x00\x07\x00\x00\x00\x95", 97); *(uint64_t*)0x200000000890 = 0x200000000980; memcpy((void*)0x200000000980, "GPL\000", 4); *(uint32_t*)0x200000000898 = 0; *(uint32_t*)0x20000000089c = 0; *(uint64_t*)0x2000000008a0 = 0; *(uint32_t*)0x2000000008a8 = 0; *(uint32_t*)0x2000000008ac = 0; memset((void*)0x2000000008b0, 0, 16); *(uint32_t*)0x2000000008c0 = 0; *(uint32_t*)0x2000000008c4 = 0; *(uint32_t*)0x2000000008c8 = -1; *(uint32_t*)0x2000000008cc = 0; *(uint64_t*)0x2000000008d0 = 0; *(uint32_t*)0x2000000008d8 = 0; *(uint32_t*)0x2000000008dc = 0; *(uint64_t*)0x2000000008e0 = 0; *(uint32_t*)0x2000000008e8 = 0; *(uint32_t*)0x2000000008ec = 0; *(uint32_t*)0x2000000008f0 = 0; *(uint32_t*)0x2000000008f4 = 0; *(uint64_t*)0x2000000008f8 = 0; *(uint64_t*)0x200000000900 = 0; *(uint32_t*)0x200000000908 = 0; *(uint32_t*)0x20000000090c = 0; *(uint32_t*)0x200000000910 = 0; res = syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x200000000880ul, /*size=*/0x90ul); if (res != -1) r[3] = res; break; case 5: // setsockopt$sock_attach_bpf arguments: [ // fd: sock (resource) // level: const = 0x1 (4 bytes) // optname: const = 0x32 (4 bytes) // optval: ptr[in, fd_bpf_prog] { // fd_bpf_prog (resource) // } // optlen: len = 0x4 (8 bytes) // ] *(uint32_t*)0x2000000000c0 = r[3]; syscall(__NR_setsockopt, /*fd=*/r[0], /*level=*/1, /*optname=*/0x32, /*optval=*/0x2000000000c0ul, /*optlen=*/4ul); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/(intptr_t)-1, /*offset=*/0ul); const char* reason; (void)reason; for (procid = 0; procid < 5; procid++) { if (fork() == 0) { loop(); } } sleep(1000000); return 0; }