#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 3; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/sys/kernel/security/tomoyo/manager\000", 36); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000000ul, /*flags=*/1ul, /*mode=*/0ul); if (res != -1) r[0] = res; break; case 1: memcpy((void*)0x20000040, "1\000", 2); syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000040ul, /*len=*/0xfc2eul); break; case 2: *(uint64_t*)0x20000240 = 0x20001ec0; memcpy( (void*)0x20001ec0, "\x0a\x22\xb9\xbf\x9e\x7e\x57\x9b\x6d\x87\x62\xce\xdb\x91\xbb\x87\xf2" "\x06\xfd\x64\xc4\x84\x69\x48\xa3\x4f\x83\xe9\xd5\x4c\x3a\x16\xb3\xe3" "\xa9\x09\xa7\x02\x62\xdf\x28\xd7\x08\x1d\x53\x4e\xcb\xbc\xce\x86\x07" "\x08\xe2\xdf\x0a\xdf\xcc\xdc\xe0\xf0\x84\xc8\x38\xd8\xd4\x35\xba\x39" "\x68\xa7\xde\x55\xeb\xae\x55\x33\x52\xcd\xf7\xbe\x1c\x1f\xa9\xc5\x08" "\x9d\x60\x42\x1a\x59\xf8\xec\x30\x5d\x68\x8a\x76\xfd\xb4\x22\xc1\x65" "\x72\x78\x24\x55\x2e\x24\x98\x44\xf5\xb8\xd2\x06\x3c\xe8\x86\xe5\xa6" "\x96\x7b\x6d\x1c\x82\xed\x97\x67\x95\xe9\x19\xbe\xcc\xb3\x89\x22\x8f" "\x65\x24\x8d\xff\x1c\x7a\xe1\x26\x43\xa8\x8d\x46\x64\xd3\x99\x99\x36" "\x11\x8b\x9b\x13\x3c\x38\xf2\xf1\x89\x4d\x04\xa8\x46\x54\x82\x7d\x6c" "\xcc\x8f\xe4\xa9\x27\x52\x70\x38\x1c\xfb\x99\x12\x16\x74\x57\x01\x4a" "\xe5\x9c\x23\x1f\xff\x09\x69\x7a\x96\xd5\xea\xd3\xdd\x9a\x3c\x90\x23" "\xbb\xe3\xb3\x02\x78\x8a\xaa\x4e\xf1\x27\x53\x9e\x02\x6c\x62\x02\xf7" "\xdc\x94\xa3\x0b\xbd\xd8\x71\x2c\xef\x4c\xe1\x94\xf6\xd0\xbe\xd7\x25" "\xdc\x18\x8d\x69\x9a\x33\x1c\x7d\x44\x73\x3e\xa4\x1b\xc1\x80\xe2\xc0" "\xc5\xa3\xcb\x24\xf7\x3f\x17\x4f\x04\x28\xde\x24\xb4\x23\x05\x23\xd8" "\x29\x68\xb4\xb6\x7b\x51\xd3\x67\x2f\x38\xf0\x84\xe6\xab\xfb\x7c\xe1" "\x6b\x41\xbf\x83\x82\x79\xb6\xd9\x7f\x30\xf6\x02\x50\x10\x46\x51\x12" "\x07\xe6\x82\x82\x58\xb7\x5e\xbe\x4e\xd2\x65\x2a\x5e\x25\xe8\xf4\xc0" "\x73\x44\x72\xbf\xe6\xa1\x09\xda\x77\x55\xfb\x53\x66\x67\x8d\xc1\x58" "\xa3\xbb\x8c\x4e\x03\xf4\xbc\xb4\x61\x12\x0a\xfc\x7f\x84\xf4\x87\x38" "\xac\xa3\x85\xf5\xd9\x59\xc5\x97\x0c\x07\xb8\xc3\x89\xda\xfd\x52\x04" "\x20\xc5\x96\x93\xf0\x09\xbd\x0b\xf4\x69\xd6\x53\x58\x1d\x63\x80\xf7" "\xf3\xcb\x41\x17\x93\x6b\x9e\x35\x4c\xb8\x3b\xc0\xe0\x73\xd6\xfe\x10" "\x62\xc8\xdd\xcb\x30\xd7\xce\xc4\xb7\x92\xd5\xab\xe6\x4e\x70\x69\xb7" "\xa2\xe7\x8c\x00\xd5\x7a\xe5\x6c\x53\x6e\xb1\x80\x20\x5f\xfe\x25\x2b" "\x82\x82\x4f\x54\xd1\x6d\x66\x74\x79\x0c\xf3\x1a\x40\x4d\x61\x2f\x0c" "\x62\x65\xf6\xaa\x44\x52\x8b\xad\xae\x6f\xc3\x71\x7b\x34\x0b\x37\x37" "\xde\x66\x6a\x06\xc9\x31\x0b\x2f\x17\x3e\x83\x4d\x61\x40\x81\x82\xad" "\x1a\xe3\x25\x23\x9a\x04\x51\x9e\xb0\xe1\xe5\xb6\x1f\x6b\x73\xd6\xf2" "\x93\x21\xe3\x52\x17\xd3\x2a\xee\xde\xe8\x9d\x62\x03\xde\xa4\x42\xae" "\xdd\x54\xed\x67\x5a\xdd\x6f\xd6\xeb\x12\x32\xff\x62\x98\xd9\x7d\x5d" "\xdb\x2a\x87\x9f\xa4\xa8\x60\xb8\x57\xb4\xa8\x46\x4a\xcf\xba\xd7\xc9" "\xa9\xb3\xd2\xb4\x0a\xae\xb6\x4d\x8d\x8e\x1e\xc0\xc2\x16\x57\x77\x9c" "\xb1\xdf\xa5\x3a\x0b\xde\x66\xc7\x33\xcc\x2d\xc0\xe0\xc8\xf4\xe7\xc5" "\xdd\xea\x1c\x6a\xaa\xbf\x22\x89\x3d\x3f\x00\xdd\x5d\x88\x20\x4d\x5f" "\xd7\xfb\x56\xf9\xd5\x66\xc2\x97\x46\x1c\x9a\xfd\x03\x7c\xe8\xb8\x0b" "\xa2\xf5\x46\xd4\x79\xc3\x2f\x11\xd2\x22\xbb\x9c\x6d\x92\x81\x00\xb4" "\xe4\x49\x9c\x9e\xb0\x44\x57\x88\xc7\xc2\xf0\xdd\x5c\x3b\xfc\x6e\x60" "\xc3\xd0\xac\x31\x9b\x5b\xa4\x77\x09\x82\x72\x75\x28\x88\x52\x2c\xea" "\xbf\xb7\xfb\x30\x98\x28\x95\xea\xe3\x60\x58\xde\x49\x47\x91\x8b\xc2" "\xaf\x8f\x18\xe9\x68\x5f\xf1\xe2\x20\x75\x30\x16\xf2\x99\x84\x53\x53" "\x4f\x1a\xc6\x45\x0c\xa3\x74\xa3\x5c\x00\xf2\x9a\xb1\xbc\xbb\x7e\xb2" "\xf9\xfa\xcc\x8c\x93\x5d\x11\x57\x61\x37\x92\x53\xd7\xa0\xc2\x0b\x54" "\xb1\xbf\x8c\xad\xaf\x56\x78\x70\x02\xb0\xd7\xb9\x5f\xed\xdc\x95\xbe" "\xe6\x0d\xd4\xae\x71\x9f\xad\x98\xf2\x32\x5e\x51\x82\xae\x4f\x1d\xfe" "\x44\x04\x5a\x00\x4e\xb0\xe5\x40\x63\x36\xe9\xe7\x48\xa0\x02\xc4\x41" "\xb8\x47\xcf\x84\x3c\x44\xb0\x4d\x70\x27\xa2\x56\xbb\x45\x4c\xdc\xf5" "\xe8\x85\x78\x79\xc7\xf8\x46\x63\x24\xb9\xb7\x9f\x23\xdf\x72\xc5\x94" "\xa1\x1b\xdf\xc1\x01\xec\x43\xad\x1e\x4b\x65\x43\x9d\xda\xa3\xc0\x12" "\xd0\xcd\x5d\xea\xae\x49\x83\x81\x89\xb4\xae\xee\x85\x83\x93\x18\xdf" "\x04\xf4\x3a\x20\x93\x89\xe4\xd6\xad\x42\x62\xd9\x07\xc6\x3c\xd7\xc8" "\xb1\xaa\x63\x85\x32\xc6\xea\xa9\x43\x41\x98\x7b\x68\x44\x3b\x6c\x3b" "\x85\x58\xcf\xc6\x04\x6f\xc5\x7f\x22\x18\x74\xce\xa3\x53\x15\x03\x58" "\x6b\x43\x07\xea\x71\x15\x6e\xb6\xae\xb0\xb7\xb0\x51\xa0\xae\xbc\x55" "\x01\xcd\xaa\x24\x86\x96\xaf\x0a\xde\x97\x43\xcb\x18\xe3\x14\xa0\x2f" "\xde\x7b\x6b\x5c\x43\xa3\x24\x14\x6f\xd8\xe8\x90\x8a\xec\xcc\x87\x64" "\x1b\x74\x27\x25\xf1\x21\x23\x7b\xbd\x1e\xc7\x34\x37\xb7\x2f\x17\x43" "\x5c\x0d\x26\xba\xaf\xe3\xf6\xcd\xc0\xc0\x80\xe9\x8e\x7d\xfd\xd2\x11" "\x1d\x97\x2f\x19\x44\xcf\x1e\xf1\xcb\x38\x35\xa3\xb5\x9f\x7d\x8d\x3c" "\x2b\x7f\x83\x43\x40\x84\x01\x5e\xbf\x72\x19\x8f\x5c\x46\x7a\xdc\x6b" "\x39\xcb\x7a\x27\x1d\x22\x1f\xcd\xf7\xf1\x58\x8a\xd3\x04\xfe\xa4\xee" "\x6c\xaa\x78\xd4\x0c\x42\xcb\x26\x8d\xc4\x65\xf5\x4a\xad\x97\xac\x08" "\x94\x43\xf4\x7d\xf4\x00\xb6\x2c\x81\x7c\x5e\xda\x34\x21\xaf\x52\xa5" "\x27\xf3\xb4\x8f\xb8\x4a\x45\xa8\xa3\xa6\x3c\x65\xba\x06\x04\x95\x60" "\x99\xf3\xba\x8f\xa2\xe7\xa2\x63\x18\x91\x22\x57\xd7\xbf\xbe\xf6\xd8" "\xe5\xfb\xbc\x3b\xd3\x4c\xab\x87\x60\x2e\xf6\x5d\xcb\xda\x71\xfa\x73" "\xbc\x73\xcb\x25\x33\xc6\x88\x47\x6e\x86\xc0\xbf\xb4\x31\x4e\xdc\x7c" "\x70\x11\x62\xba\x3a\xda\x0d\x35\x78\xfd\x18\x62\x25\x1b\x17\xef\x76" "\xe9\x3b\xa6\x5c\x54\x22\x30\x88\x95\x7a\x90\x11\x7f\x83\xf9\x4f\x0f" "\x37\xd1\x0a\x3a\xb7\x9e\xd5\x4e\x7e\xa3\x97\x7d\x8d\x3b\xbc\x18\x67" "\x14\x23\x56\xe7\x63\x87\x74\x0d\x92\xff\xe4\xa2\xa2\x14\x3a\x0d\x76" "\x95\xa1\x13\xb2\x79\xdd\xa1\x28\x90\x58\x91\xf3\x32\x80\x32\xa0\x00" "\x28\x4a\x86\xf9\x47\xad\xbd\x90\x0d\x3f\x1e\x7c\x18\x80\x54\xce\xc7" "\x88\xb4\x96\xee\x7d\x9f\xc0\x52\x08\xbd\x2e\xe1\xad\x5e\x29\x2f\x6d" "\x6d\xc2\x0f\x39\x9c\xb7\x44\x46\x79\x1d\x64\x1f\x63\x6c\x9a\xae\x26" "\x64\xc0\x6a\x67\xa4\x98\x63\x4b\xa6\x50\xfe\xdb\x3f\xec\x5e\x64\x44" "\xca\x2b\xae\x9b\x9d\x4d\x39\x11\x67\x7b\x44\xab\xd9\xee\xca\x43\xb0" "\x91\xe1\x4d\xd4\xd4\xff\xdc\x7c\xe3\x49\x43\x18\xef\x45\x7a\x24\x40" "\x66\xa5\x9b\x56\xb4\x87\x53\x8d\xcc\x43\x87\xb2\x8c\xf4\xad\x5d\x01" "\xfb\x9f\x64\xb7\x3f\x8f\x04\xa4\x96\x80\x3b\xfb\x4b\xc7\xda\xb2\x07" "\xff\x47\x8b\xad\xc2\x01\x38\x24\x11\x68\xae\x21\x9c\xdb\x1a\xbe\x44" "\x89\xcb\x3b\x1f\x72\xbd\x33\xf3\x28\x62\xf2\x38\x15\x13\xa9\xf5\x37" "\xb8\x6c\xc0\x3b\x4d\xd6\x1c\x43\x8d\xba\x62\xb5\xa7\x3a\xa9\xc7\xa3" "\x74\xb7\x75\x86\x73\xf2\x7a\x30\x14\xeb\xc3\xad\x03\x41\xfb\xd8\xf1" "\x63\x2d\xe9\xc4\xa7\xba\x66\xce\x63\x39\x3b\xa2\xe1\x4d\xe1\xe4\xfe" "\x59\xba\x53\x93\xef\x66\x8d\x5b\xd2\x12\xbc\x76\x81\x82\x76\xdd\xac" "\xf0\xf9\xf9\x03\x2a\xc6\x60\x7b\xd3\xce\xd7\xad\x54\x4d\x77\xc0\x40" "\x3d\x80\x4a\x56\xf4\x12\x58\x09\x6d\xcc\xc4\xcc\x78\x8b\x4f\xf9\xa5" "\x6f\xed\xca\xa9\x12\xbc\x7b\x61\xe4\x23\x43\x76\xe8\x5b\x87\x3f\x3f" "\xdd\xf6\x6a\x45\x9f\x35\x50\x11\xf2\xb6\x79\x83\xe2\x7a\x08\x4e\xb5" "\x04\x1c\xcc\xee\xd1\xdf\x83\x5d\x2a\x8d\xbe\x94\xfe\xde\xd8\xf7\xf1" "\xca\x88\xd4\xda\x3f\x8c\x29\xed\x37\x72\xd7\x62\xf7\xb4\x13\x84\x55" "\x66\xee\xa6\x6b\xb9\x65\x82\x70\xc9\x96\x93\x88\x08\xe7\x15\x85\xf3" "\x93\x87\xae\x0e\x95\x55\xe9\x6b\xfa\xe1\x1b\x55\x35\x87\x75\x94\x68" "\x10\x84\x96\x66\x8e\xea\x2a\x08\x2c\x4a\xd1\xc3\xdd\x0c\x78\xf0\x9e" "\x86\xfd\xfd\x23\x2a\x59\x1f\x61\xeb\x10\x5c\xa6\x34\x17\x42\x02\xd0" "\x29\x1e\x14\x83\x9e\x1b\x8b\x0c\x29\x10\x0c\x9d\x8e\x46\x54\xee\xcb" "\x86\x54\xf2\xc9\xe4\xd7\xb3\x7e\xa1\xbf\x0f\xfa\xcc\x59\x08\x27\xe9" "\x37\x6f\x99\x42\xb7\xac\xb0\x51\x65\x3d\x0d\x08\xdc\x9b\xef\x39\x80" "\xed\xb9\x5f\x19\x2c\xb0\x57\x34\x37\x18\x81\x23\x47\xf7\xfb\x8b\x7b" "\xd8\x05\x90\x01\x56\xca\x12\x3d\x8e\x21\x2f\x13\x88\xdd\x0a\x1c\xb7" "\x4a\x05\x41\xb4\xc1\xe5\xc3\x59\x35\x43\x0d\x2f\x33\xf5\x4d\x9c\x10" "\x72\x79\x40\x68\x8a\xea\x86\x15\xad\x22\xaa\x53\x1d\x65\xb0\x32\xfb" "\x1b\x4b\xb6\xc3\x54\x0d\x74\x7e\x25\x84\xbb\x3b\xb6\xb4\x31\xab\x4e" "\xc7\xa0\x75\x5f\x24\xa2\xcd\xfb\xe5\xde\x73\x52\xad\xba\x66\xc2\xf6" "\xde\xb3\x45\xe9\xe8\x36\xb2\xde\x4d\xaf\xcf\xe0\x98\x06\xd1\xf0\xb2" "\x3d\x79\x29\x5e\xed\xb6\x82\x26\x71\x65\x9b\x35\x2a\x9f\xf1\x8a\x71" "\xce\x6b\xb1\x64\x33\xd0\x80\x5c\x6e\x6a\x13\xd7\x8a\x42\x3b\x0d\xcb" "\x03\x23\x7e\xb4\xaa\xd7\xe1\x9a\xf0\x1d\x64\x5b\x10\xbc\x7e\x03\x03" "\x92\x54\xda\xb7\xcb\xc3\x36\x96\xc9\x24\x10\x88\xc2\xf7\x96\xaf\x30" "\x20\x54\xca\x10\x84\xf3\x0a\x8d\x74\xc7\xf8\xf8\x27\x9d\x76\xdf\x95" "\x36\xe9\x48\xa3\x73\x28\x34\x5e\x4e\x49\x74\xa1\x71\x60\xc5\xdd\x9f" "\x1d\x63\x2f\x7c\xfe\xe3\xc6\x65\xfb\xf3\x53\xbd\x2e\x6f\x94\x29\xc2" "\xca\x62\xd1\xd5\x12\x28\xef\xa2\xc4\x1c\xe3\x4f\x60\x71\xf4\x5e\xdb" "\x70\x8b\xfc\x65\x85\x3f\x5e\x3c\x45\x12\x9a\x0f\x03\x7b\xff\xa6\x78" "\x0f\xf2\x5e\xf6\x99\x68\xab\xa3\xfc\x11\xcb\x88\x23\x8f\x82\xa8\x4e" "\x7c\x11\x2a\xa2\x6a\x05\xec\xae\x19\xa8\xdf\x73\x9d\x54\x18\x29\x8e" "\x74\x7e\xf9\x69\x16\xb4\x1e\xd9\x6c\xde\x38\x45\xe8\xa0\xb6\x89\xe9" "\xe6\x8e\xbd\xce\x22\xec\x9f\x2e\x4f\x57\xea\x4e\xc8\xd5\xdb\x37\xa6" "\xed\x95\x7b\xca\xae\x17\xbb\x78\xbf\x21\x5c\xad\x9e\xe3\x9d\xf6\x53" "\x08\x2e\x6f\xd8\x99\x5f\x45\xaf\x49\xc6\xc2\x71\xab\x67\x0d\xf9\xb1" "\x5c\x6b\x0e\x18\xfb\xa4\xad\x34\x60\xc4\x8d\x7b\xd1\x91\xff\xd5\x1a" "\x78\x9e\xf4\xfd\x2d\xc5\x63\xd6\x73\xe9\x25\xdc\x72\xaa\xe9\x48\x7f" "\x83\x27\x75\x1e\x30\xf8\x9c\xf9\xe7\xbe\x63\xb8\x47\x78\x0c\xe4\x20" "\x87\x7f\x85\x63\xd7\xed\x4e\xca\xf6\x78\x5d\xa4\x38\x07\x26\xc3\xa2" "\x38\xe3\x66\xcd\x6e\x45\x47\x19\x11\xd2\x72\xc6\x8d\xdf\xc4\x84\x81" "\x10\xa3\xb2\xf5\x9e\x42\x87\x08\x6c\x4d\xbf\xea\xc3\xb0\x72\x51\x1f" "\x21\x60\xd7\x80\x16\x4b\x8b\x2c\x12\x62\xcd\xca\x07\x5f\x06\x30\x96" "\x05\x9f\xd3\xf9\x12\x92\x6b\xce\x4d\x10\x79\x46\x50\xb6\x1d\xa3\xbe" "\x17\xb4\xce\xcc\xb6\x2e\x7d\x25\x29\x3a\xb1\x4c\x5f\xe4\x08\x5b\xed" "\xc6\x9b\x93\x29\xaf\x57\x02\x3c\x48\xbd\x03\x38\x96\x01\x79\x23\xd1" "\xd1\x2e\x53\x49\x06\xf5\x0f\xe0\xba\x3e\x14\x9b\xb2\x41\xa4\x05\x47" "\x69\x08\x1e\x53\xb2\x77\xa2\x7a\xf4\x6d\x96\xaa\xfa\xf2\x46\xe2\x0e" "\x66\x27\xfd\x9b\x29\x25\xae\xea\x32\x74\x06\x22\x7c\x57\x39\xf8\x41" "\x95\x97\xe0\x22\x0b\x2f\xf4\x7c\xc9\x3f\x90\x6a\x3c\x81\x34\xf4\x64" "\x56\x44\xca\xb2\xe3\x2f\x3a\x03\x6f\xba\xac\xd8\x85\xa4\x74\x9f\x4c" "\x1e\x1a\x6b\xfd\xfa\xc9\x72\xce\x8c\x53\xe3\x79\xbb\xb1\xa9\xc1\xbb" "\x97\x20\xc5\x43\x5b\x09\xd4\xe0\x29\xae\x60\x9d\xee\x4a\xd2\x68\x5f" "\x04\xff\xb3\xa2\x1f\xd7\x18\x81\x3c\x23\x1b\x20\xf7\xbd\x60\xad\x9c" "\x8c\xf8\xa5\x9b\xa2\xec\x34\x53\xad\x19\x6a\xb1\x80\xe8\xee\x6c\x08" "\xc2\x55\x7a\x6a\x41\x4a\x40\xfb\x84\x5c\x3a\x54\x82\xeb\x4d\x0f\xab" "\xd9\xeb\xc1\xb4\x7d\x3d\x25\xe0\x1f\xe2\xc2\x24\x03\x06\x09\x22\x71" "\x37\x92\xc9\x24\x5a\x39\x78\xb1\xa7\x5d\xd8\x30\xb8\x2e\x62\xd7\x84" "\xf0\xa1\xbc\x46\xea\x29\x22\x16\x6e\x4d\x6f\x99\xcd\x2b\xde\xba\xdb" "\x6e\xe7\x3a\xc4\x17\x77\xee\x7c\x8a\xcb\x13\x7c\xd9\xa5\x90\xd4\x6e" "\x82\x4e\x4b\x97\xf0\xc7\xb7\x3f\x1d\xbf\xe9\xe2\x6d\xb4\xaf\x18\xdf" "\xe1\xd0\x29\x08\xf1\xa8\x50\x2a\xda\xbf\x9d\x98\x6f\x7f\x4a\x1d\x96" "\xf9\x06\x8d\xa1\x93\x7b\x96\x81\x40\x7f\x1b\xb4\xb9\x15\x71\x20\x04" "\x2a\x2f\x6e\x19\x46\x06\x34\xd1\xe9\x89\x96\x58\x75\x5d\xc4\x1c\xf5" "\x36\x56\xc9\xc1\xb7\x0d\x74\x0f\x5c\x27\xd3\xe1\x93\x07\x53\x9f\x7e" "\x80\xf4\xd4\x25\x34\xa6\x3f\xf8\xf7\xc9\xe5\x09\x79\x2e\xdf\x2b\x8d" "\xcc\x02\xe7\xc7\xc4\xaf\xb7\x5e\x92\xf1\x63\xfa\x54\x97\xce\x17\x0a" "\x51\x0a\xc8\x84\xa5\xd9\x3c\x10\x22\xa5\x7c\x71\xed\x39\xaa\x13\xd8" "\x70\xb5\xf9\x31\x22\x93\x4e\xbc\x80\xdf\x38\x4a\x84\x7d\x07\xa0\x8a" "\x4c\xa3\x2d\x03\xf9\x09\x26\xe0\x56\x17\x5a\xc1\x0d\x8d\x39\x2b\x5b" "\xb3\x47\x70\x64\xbc\xff\x9a\xd3\x36\x4b\x0f\xbe\xba\xae\x57\xc7\x05" "\x68\x08\x04\xc3\x31\x03\xbb\xec\x63\x91\x56\xec\xb1\xee\xfa\x65\x0b" "\x4f\x87\x1f\x22\x79\x0a\xb9\xf7\x71\x1f\xb8\xdc\x9d\xa1\xfb\x06\x4f" "\x36\x9a\x69\x3d\x0d\x7f\x16\xeb\x5c\x91\xa5\x57\xb4\xe0\xa4\x80\x08" "\x7d\x8d\x9a\xa3\x04\x4d\xe1\x6a\x8e\x7b\x32\x8f\x21\x4c\xb1\x41\x92" "\xc9\xbc\xb1\x30\x3c\x74\x1c\x26\x83\xb1\x8e\xb6\xb5\xbd\x0c\x5e\x42" "\xb3\xc9\x67\x5c\x6a\x62\x8d\x44\x1f\xe1\x44\x6a\xf2\x10\x66\xa4\xb6" "\x22\x69\xd8\x95\x55\xb0\x92\x13\xdb\x4c\x11\xbd\xba\xcf\x57\xca\x33" "\xe1\x85\x33\x9f\x03\x61\x45\x9e\xe0\x47\xb0\xb2\xb9\x58\xe9\x6a\x33" "\x97\x96\xfe\xbb\x29\xc0\x4d\x85\x87\x06\x2d\x55\x70\x29\x2b\x90\xd3" "\x23\xb3\x7b\xf3\xfb\x69\x5a\xd4\xf3\x64\x82\xc1\xa7\x2f\x9b\x7d\x4f" "\xd5\x83\x31\x1d\xe3\x38\xdf\xd5\xfa\x71\xec\xb6\xdb\xa8\x82\x29\x31" "\x82\xdc\xe2\xa1\x05\xd9\x4a\x6a\x9f\x36\xf7\xaa\x63\x5d\xb5\x21\xca" "\x81\xf4\x84\xbd\xf2\x3b\x83\x37\x02\x68\x88\x8b\xd8\x15\x36\x45\x3c" "\xfd\x1e\xa0\x2c\xa6\x28\xb6\xcb\x13\xba\xd7\x79\xe0\x1c\x5d\x29\xab" "\xba\x41\x20\xf7\x42\x89\x73\x62\x62\x8a\x0b\xbe\x18\x52\x58\xec\x0f" "\x8b\xee\x4a\xdf\x1f\x69\xd7\x1f\x77\xab\xeb\x5b\xdc\xd4\x19\x54\xc1" "\xce\xdb\xd6\x91\x16\x14\x7c\x77\x9d\x0d\x53\x12\x83\xd1\xb3\x3d\xc0" "\x14\x24\x67\x49\xd1\xd9\xa8\xa7\x41\x43\x87\x18\xe0\x9c\x55\x9d\x26" "\x27\x4f\x1b\xa6\x61\x29\xa0\x0e\xa8\xbd\x3e\x41\xe3\xac\x85\x3f\x22" "\xf4\xb1\xe0\x48\xbc\x6e\xff\x62\x52\x7c\xe7\x3b\x52\x77\xc7\x1c\x82" "\xdc\x0a\xb8\x35\x8d\x77\xc9\x9f\x12\xd1\xc1\x39\x90\xa0\x7e\xc0\xdb" "\x80\xd9\xa9\x86\x3f\x2c\x87\x91\x4a\x28\x04\xb6\xa2\x85\xda\x8a\xff" "\xf0\x9a\x1b\x80\xf3\x2d\xe1\x4b\x42\x3d\x24\x95\xad\x5b\x8b\x9e\xb4" "\x5d\x04\x9b\xa1\xed\x73\xfa\x13\xca\xbf\x02\x8c\x21\xa0\x93\xae\x82" "\xab\x85\x12\x89\x86\x3d\x3c\x27\x2a\x18\xdb\x9b\xd7\xbf\x74\xc3\x80" "\x9a\xdb\xf3\x99\xb3\xe5\x4b\xc7\x88\xa3\x7d\x62\xa2\x77\x58\xa3\x6e" "\xf7\x26\xae\x0c\xdc\x80\xd1\x4f\x55\x44\x8e\x83\xb0\xe1\x35\x24\xbc" "\xac\x19\x5d\x23\x21\x21\x8d\x04\x80\x11\x56\xfb\xd5\x93\xcc\xce\x68" "\xd1\xb5\xc5\x6e\x47\x89\x94\xf9\x94\xc6\x84\x7d\xc1\x2e\xdf\xf8\xfd" "\x4a\x72\x2d\xfc\x54\x7a\x0a\x49\xd3\x67\x59\x56\xfa\xd5\xf0\x82\x5e" "\x52\xfa\x3a\x17\xc0\x28\x92\xed\x90\x42\xb6\x99\x8b\x1a\x3a\x1f\xb1" "\xbe\x43\x4c\xdd\xd1\x83\x63\x2c\xb7\x46\xc3\xf5\xad\xe7\x9c\x9e\xfa" "\x9a\x0b\xeb\xf9\x36\x93\x86\x6a\xb1\x48\x20\x2c\x82\x39\xcb\xe5\x60" "\x54\x63\xe0\xe8\x28\x09\x24\x2d\x24\x48\xe3\x12\x64\x84\xc9\x58\x96" "\x2f\x4d\x30\x71\xbd\xbb\xeb\xae\x9b\xe2\xe9\x9a\xf5\x2b\x1c\xea\xfc" "\x21\x8f\x84\x17\x94\xcb\x2c\xb9\x10\xa9\x43\xed\xa3\x5b\x7c\x8b\x4d" "\x86\x98\xf6\x1c\xc7\xe3\x63\x7a\x8d\x0d\x36\xcc\x89\x17\xc0\xa1\x39" "\xe5\x3a\xd0\x1b\xa6\xf7\x08\x25\x32\x45\x2f\x53\xec\x3c\xef\x17\x98" "\x7e\x07\x85\x77\x11\x99\x85\x95\x2b\xe6\xbe\x2c\x13\x3a\xf6\x2f\xa2" "\x02\x3f\x6e\x2a\x1d\x1f\x03\x1c\x5f\x7b\x01\x94\x55\xde\x51\xc4\xeb" "\xf6\xc7\xac\x96\x3a\x15\xf4\xf1\xe4\x37\x76\x1e\x4f\xa1\x26\xd1\x2d" "\xe3\x28\x1f\x13\x7b\xf7\x50\x3e\xd8\xef\x48\x34\x84\x0b\x50\xee\xf9" "\x1e\x8a\x39\x8a\x59\xed\x3e\x8b\x1e\xac\x0f\xc2\x65\x35\x15\xd5\x28" "\x1d\xf2\xb8\x3e\x6a\xd2\xd4\x47\x5c\x69\x7c\x89\x92\x6b\x92\x87\xf8" "\x28\x1e\x3b\x4c\x75\x74\xde\x05\x22\xc0\x56\x57\xa1\x75\xaa\xd2\xf4" "\x66\xa4\x47\x21\x61\xd7\x3b\xb2\x78\x6e\xe4\xa8\x2c\x7d\x06\x0d\x66" "\x97\x31\xcf\x34\x88\xad\xdf\x6d\x96\x13\x6b\xe7\x1b\x67\xfc\xdc\x25" "\x8a\x09\xad\xec\x13\xc8\x2d\xc7\x89\x6c\x67\x8d\x76\xa1\x6b\x5a\x91" "\x36\x1e\x43\xed\x61\xbe\x1e\x5e\x7f\xe7\x8d\x5c\x2a\xa0\xd9\xf8\x8b" "\x89\x0a\x2e\xf4\xa2\x00\x83\x04\x49\x82\x72\x8f\xcd\xa6\xa4\xc1\x9a" "\x20\xa3\xaf\x92\xfc\xc9\x7a\x03\x01\xf4\xcf\xf8\x25\xe3\x76\xfc\x0a" "\x65\xf8\xaf\xfc\xc2\x7f\x27\x09\x8e\x2a\xfe\x05\xbc\x7f\x32\x0d\xa2" "\x61\x02\x0f\x94\x29\x1b\xf5\xe7\x4c\x40\x4a\xf7\xe1\xad\x7e\x09\x72" "\x13\x8e\xe1\x12\x5f\x2d\x10\xe9\xc1\x87\xe3\x55\x7b\x3c\x58\x95\x78" "\xc2\x1f\x15\x2e\x35\x50\xdb\x68\x42\xb0\x25\xe0\x20\xc4\x1b\x3e\xec" "\x11\x02\xa1\xc0\xa6\x05\x5b\x56\x93\x27\x97\x84\x71\x5f\x96\x87\x51" "\x62\xbf\x66\xbe\x67\xfc\x4f\x84\x92\x63\xf7\x52\x9e\x29\x4a\xad\x10" "\x59\x6b\xb9\x6a\x3b\x7f\xad\xf2\xc3\xb2\x7a\x47\x25\x1f\x26\xd0\xe2" "\x27\x00\xd5\x7b\xc8\x7d\x83\xeb\xe7\xaa\x4b\xc4\x1f\x69\xd1\xb6\xc2" "\x9b\x18\x05\x82\xfd\x6d\x5e\xf5\xe7\xf0\x18\xfe\x34\x18\x7d\x1b\x0e" "\x36\x65\x46\x66\x64\x50\x10\xb5\xc4\x97\x83\xd6\xf2\x7c\x69\x43\x85" "\xd9\xb1\x6b\xcf\xc5\xde\x39\xde\x29\xd1\x12\x52\xa0\x52\x2c\x13\xea" "\xe6\x68\x80\x24\x79\x17\x31\x8f\x4f\xcb\x37\x27\x94\x35\xc4\x1f\xfd" "\x46\x18\x0d\x2d\xfd\x69\xc4\x02\x5b\x55\x3a\xd0\x5e\x2c\x66\xda\xa1" "\x1a\xca\x17\xd8\xb3\xe6\x3c\xe0\x8d\x5e\xe0\x8a\xa6\x9c\xce\xd5\x4d" "\x05\x93\x54\x01\x5b\xfc\x57\x7d\xd9\x39\x04\xd0\xe1\xc7\xe0\xbc\x82" "\xc2\xb3\x91\x40\xd5\xb2\x62\x06\x1d\x3b\x13\x80\xb6\x68\x30\x53\xcd" "\x8d\xc8\x25\x66\x42\x86\x75\xd4\xf0\x2a\xc9\xf8\xa0\xc8\x6a\x2b\x44" "\x36\xe8\x6c\xc1\xdc\x49\x47\x78\x20\x18\x26\xab\x4b\x44\x8e\x67\x32" "\x7b\x37\xbb\x06\x5b\x42\x3f\x75\x6e\x8b\xe0\x7a\x85\xc9\x6d\xc9\x52" "\x34\xad\xcd\xb1\x11\x1e\xeb\xd0\x94\x5f\x9b\x21\x02\xaf\x49\x32\xd2" "\xb8\x3e\xbb\xb1\x6a\xea\xf2\xff\xb1\x10\xb2\xe5\x0a\x09\x56\xb3\x4e" "\x35\xc6\x3a\xf3\xcb\x9d\xc8\xd9\x9b\x53\x04\x31\x38\xd9\xfa\x66\x53" "\x08\x62\x90\xeb\xaf\x6a\xd3\x9a\x2f\xb2\xca\x12\xc6\x2c\xa5\x9e\xe2" "\x7b\xac\x96\x01\x61\x86\xa9\x97\x26\xdd\xd9\xed\xc7\x5f\xd8\xfb\xd4" "\xe2\x9f\x34\x65\xfe\xff\x01\xb4\xd3\x39\xb4\x03\xf4\xfc\xc4\x13\x56" "\x23\x2a\x57\x2a\x9d\xdb\x6f\x60\x56\xeb\x68\xb0\xba\x1a\x9c\x7c\xbf" "\x7d\x2a\xef\x43\xbe\x0d\x13\xbe\xe9\x7a\xbf\x0c\x71\x2b\x8b\xb6\x6c" "\xd8\x25\xf4\x9f\xd1\x89\xd9\x96\xc5\x64\xa0\x5f\x45\x86\xee\x03\x8a" "\xd0\x1b\x5f\x6a\x97\x79\xf3\x57\x6d\xed\xdd\x33\xf9\x7d\x67\xb3\x4f" "\x16\xf8\xd0\x3a\x98\x09\x3e\xde\x56\x37\x31\xd4\xf1\x4b\xe4\xf0\x37" "\x24\x41\x45\xcc\x6f\x40\xa5\x83\xfa\xe0\x47\x6b\x68\x12\x96\x15\x45" "\x2f\xa2\x21\x27\x53\x41\x9a\x7e\x6e\x19\x17\x38\x0b\xc0\x16\x1c\x66" "\x96\xbb\x90\xae\xd2\xaa\x13\xec\x76\x5c\x85\x5a\x2f\xbe\x0b\x57", 4096); *(uint64_t*)0x20000248 = 0x1000; *(uint64_t*)0x20000250 = 0; *(uint64_t*)0x20000258 = 0; *(uint64_t*)0x20000260 = 0; *(uint64_t*)0x20000268 = 0; *(uint64_t*)0x20000270 = 0; *(uint64_t*)0x20000278 = 0; syscall(__NR_pwritev, /*fd=*/r[0], /*vec=*/0x20000240ul, /*vlen=*/4ul, /*off_low=*/0xfffff552, /*off_high=*/8); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); for (procid = 0; procid < 4; procid++) { if (fork() == 0) { loop(); } } sleep(1000000); return 0; }