This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ 135.031791] ------------[ cut here ]------------ | |
| [ 135.031795] WARNING: net/kcm/kcmsock.c:631 at kcm_write_msgs+0x39b/0x6e0, CPU#1: rep/446 | |
| [ 135.031807] Modules linked in: | |
| [ 135.031815] CPU: 1 UID: 0 PID: 446 Comm: rep Tainted: G W 6.19.0-rc8+ #139 PREEMPT_RT | |
| [ 135.031822] Tainted: [W]=WARN | |
| [ 135.031825] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 | |
| [ 135.031828] RIP: 0010:kcm_write_msgs+0x39b/0x6e0 | |
| [ 135.031845] Code: ff ff e8 d8 8e c5 ff ba 02 00 00 00 4c 89 e6 31 ff e8 e9 1f c6 ff 49 83 87 b8 01 00 00 01 e9 55 fe ff ff 4c 8b 8d 60 ff ff ff <0f> 0b bb ea ff ff ff e9 97 fe ff ff 48 86 | |
| [ 135.031849] RSP: 0018:ffffd0dfc182b9f0 EFLAGS: 00010246 | |
| [ 135.031854] RAX: 0000000000000000 RBX: 0000000000088000 RCX: 0000000000000000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Reproducer for ATM signaling sigd_send() vulnerability | |
| * | |
| * Bug: net/atm/signaling.c sigd_send() uses user-controlled | |
| * msg->vcc pointer without validation. | |
| * | |
| * Requires: root (CAP_NET_ADMIN) and CONFIG_ATM enabled kernel | |
| */ | |
| #include <stdio.h> | |
| #include <string.h> |
mrpre
/ test_zswpraw.c
Created
February 5, 2026 04:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Test program for zswpraw per-cgroup stat. | |
| * Pre-compress data with zstd so kernel zswap can't compress further. | |
| * Dep: apt-get install libzstd-dev | |
| * Build: gcc -o test_zswpraw test_zswpraw.c -lzstd | |
| */ | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> |
mrpre
/ gist:d9a694cc0e19828ee3bc3b37983fde13
Last active
February 4, 2026 07:19
caif_deadloop_repro.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * caif_deadloop_repro.c - Reproduce handle_tx() infinite loop in caif_serial | |
| * Kernel config: | |
| * CONFIG_CAIF=y | |
| * CONFIG_CAIF_TTY=y | |
| * Root cause: Using a TTY with PORT_UNKNOWN type (e.g., /dev/ttyS3 in QEMU) | |
| * causes uart_write_room() to return 1 but uart_write() to return 0, | |
| * because xmit_buf is never allocated for PORT_UNKNOWN ports. | |
| * | |
| * Compile: gcc -o caif_deadloop_repro caif_deadloop_repro.c |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * caif_uaf_trigger.c - Trigger caif_serial UAF bug | |
| * | |
| * This program opens a tty, sets N_CAIF line discipline, | |
| * then sends packets to the caif device while closing the tty | |
| * to trigger the use-after-free bug. | |
| * | |
| * Compile: gcc -o caif_uaf_trigger caif_uaf_trigger.c -lpthread | |
| * Run as root: ./caif_uaf_trigger | |
| */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * ip_rt_bug race condition reproducer | |
| * | |
| * Requires kernel with mdelay(2000) in icmp_route_lookup before ip_route_input. | |
| * | |
| * Race scenario: | |
| * 1. Send packet with src=172.20.20.1 (not local), dst=172.30.0.1 | |
| * 2. Malformed IP option triggers icmp_send -> icmp_route_lookup | |
| * 3. First xfrm_lookup returns -EPERM (block policy), enters reverse path | |
| * 4. Kernel delays 2s before ip_route_input |