#define _GNU_SOURCE #include <endian.h>#include <sys/syscall.h>#include <u

1. #define _GNU_SOURCE
2. #include <endian.h>
3. #include <sys/syscall.h>
4. #include <unistd.h>
5. #include <errno.h>
6. #include <sched.h>
7. #include <signal.h>
8. #include <stdarg.h>
9. #include <stdbool.h>
10. #include <stdio.h>
11. #include <sys/prctl.h>
12. #include <sys/resource.h>
13. #include <sys/time.h>
14. #include <sys/wait.h>
15. #include <errno.h>
16. #include <fcntl.h>
17. #include <sys/stat.h>
18. #include <sys/types.h>
19. #include <arpa/inet.h>
20. #include <errno.h>
21. #include <fcntl.h>
22. #include <linux/if.h>
23. #include <linux/if_ether.h>
24. #include <linux/if_tun.h>
25. #include <linux/ip.h>
26. #include <linux/tcp.h>
27. #include <net/if_arp.h>
28. #include <stdarg.h>
29. #include <stdbool.h>
30. #include <stdio.h>
31. #include <stdlib.h>
32. #include <sys/ioctl.h>
33. #include <sys/stat.h>
34. JKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRST
35. #include <sys/uio.h>
36. #include <errno.h>
37. #include <fcntl.h>
38. #include <stdarg.h>
39. #include <stdbool.h>
40. #include <stdio.h>
41. #include <sys/stat.h>
42.  
43. __attribute__((noreturn)) static void doexit(int status)
44. {
45. volatile unsigned i;
46. syscall(__NR_exit_group, status);
47. for (i = 0;; i++) {
48. }
49. }
50. #include <stdint.h>
51. #include <string.h>
52. #include <errno.h>
53. #include <stdarg.h>
54. #include <stdio.h>
55.  
56. const int kFailStatus = 67;
57. const int kRetryStatus = 69;
58.  
59. static void fail(const char* msg, ...)
60. {
61. int e = errno;
62. va_list args;
63. va_start(args, msg);
64. vfprintf(stderr, msg, args);
65. va_end(args);
66. fprintf(stderr, " (errno %d)\n", e);
67. doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus);
68. }
69.  
70. static void exitf(const char* msg, ...)
71. {
72. int e = errno;
73. va_list args;
74. va_start(args, msg);
75. vfprintf(stderr, msg, args);
76. va_end(args);
77. fprintf(stderr, " (errno %d)\n", e);
78. doexit(kRetryStatus);
79. }
80.  
81. static void vsnprintf_check(char* str, size_t size, const char* format, va_list args)
82. {
83. int rv;
84.  
85. rv = vsnprintf(str, size, format, args);
86. if (rv < 0)
87. fail("tun: snprintf failed");
88. if ((size_t)rv >= size)
89. fail("tun: string '%s...' doesn't fit into buffer", str);
90. }
91.  
92. #define COMMAND_MAX_LEN 128
93. #define PATH_PREFIX "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin "
94. #define PATH_PREFIX_LEN (sizeof(PATH_PREFIX) - 1)
95.  
96. static void execute_command(bool panic, const char* format, ...)
97. {
98. va_list args;
99. char command[PATH_PREFIX_LEN + COMMAND_MAX_LEN];
100. int rv;
101.  
102. va_start(args, format);
103. memcpy(command, PATH_PREFIX, PATH_PREFIX_LEN);
104. vsnprintf_check(command + PATH_PREFIX_LEN, COMMAND_MAX_LEN, format, args);
105. va_end(args);
106. rv = system(command);
107. if (rv) {
108. if (panic)
109. fail("command '%s' failed: %d", &command[0], rv);
110. }
111. }
112.  
113. #define DEV_IPV4 "172.20.20.%d"
114. #define DEV_IPV6 "fe80::%02hx"
115. #define DEV_MAC "aa:aa:aa:aa:aa:%02hx"
116.  
117. static void snprintf_check(char* str, size_t size, const char* format, ...)
118. {
119. va_list args;
120.  
121. va_start(args, format);
122. vsnprintf_check(str, size, format, args);
123. va_end(args);
124. }
125.  
126. static void initialize_netdevices(void)
127. {
128. unsigned i;
129. const char* devtypes[] = {"ip6gretap", "bridge", "vcan", "bond", "team"};
130. const char* devnames[] = {"lo", "sit0", "bridge0", "vcan0", "tunl0",
131. "gre0", "gretap0", "ip_vti0", "ip6_vti0",
132. "ip6tnl0", "ip6gre0", "ip6gretap0",
133. "erspan0", "bond0", "veth0", "veth1", "team0",
134. "veth0_to_bridge", "veth1_to_bridge",
135. "veth0_to_bond", "veth1_to_bond",
136. "veth0_to_team", "veth1_to_team"};
137. const char* devmasters[] = {"bridge", "bond", "team"};
138.  
139. for (i = 0; i < sizeof(devtypes) / (sizeof(devtypes[0])); i++)
140. execute_command(0, "ip link add dev %s0 type %s", devtypes[i], devtypes[i]);
141. execute_command(0, "ip link add type veth");
142.  
143. for (i = 0; i < sizeof(devmasters) / (sizeof(devmasters[0])); i++) {
144. execute_command(0, "ip link add name %s_slave_0 type veth peer name veth0_to_%s", devmasters[i], devmasters[i]);
145. execute_command(0, "ip link add name %s_slave_1 type veth peer name veth1_to_%s", devmasters[i], devmasters[i]);
146. execute_command(0, "ip link set %s_slave_0 master %s0", devmasters[i], devmasters[i]);
147. execute_command(0, "ip link set %s_slave_1 master %s0", devmasters[i], devmasters[i]);
148. execute_command(0, "ip link set veth0_to_%s up", devmasters[i]);
149. execute_command(0, "ip link set veth1_to_%s up", devmasters[i]);
150. }
151. execute_command(0, "ip link set bridge_slave_0 up");
152. execute_command(0, "ip link set bridge_slave_1 up");
153.  
154. for (i = 0; i < sizeof(devnames) / (sizeof(devnames[0])); i++) {
155. char addr[32];
156. snprintf_check(addr, sizeof(addr), DEV_IPV4, i + 10);
157. execute_command(0, "ip -4 addr add %s/24 dev %s", addr, devnames[i]);
158. snprintf_check(addr, sizeof(addr), DEV_IPV6, i + 10);
159. execute_command(0, "ip -6 addr add %s/120 dev %s", addr, devnames[i]);
160. snprintf_check(addr, sizeof(addr), DEV_MAC, i + 10);
161. execute_command(0, "ip link set dev %s address %s", devnames[i], addr);
162. execute_command(0, "ip link set dev %s up", devnames[i]);
163. }
164. }
165.  
166. static bool write_file(const char* file, const char* what, ...)
167. {
168. char buf[1024];
169. va_list args;
170. va_start(args, what);
171. vsnprintf(buf, sizeof(buf), what, args);
172. va_end(args);
173. buf[sizeof(buf) - 1] = 0;
174. int len = strlen(buf);
175.  
176. int fd = open(file, O_WRONLY | O_CLOEXEC);
177. if (fd == -1)
178. return false;
179. if (write(fd, buf, len) != len) {
180. int err = errno;
181. close(fd);
182. errno = err;
183. return false;
184. }
185. close(fd);
186. return true;
187. }
188.  
189. static void loop();
190.  
191. static void sandbox_common()
192. {
193. prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
194. setpgrp();
195. setsid();
196.  
197. struct rlimit rlim;
198. rlim.rlim_cur = rlim.rlim_max = 160 << 20;
199. setrlimit(RLIMIT_AS, &rlim);
200. rlim.rlim_cur = rlim.rlim_max = 8 << 20;
201. setrlimit(RLIMIT_MEMLOCK, &rlim);
202. rlim.rlim_cur = rlim.rlim_max = 136 << 20;
203. setrlimit(RLIMIT_FSIZE, &rlim);
204. rlim.rlim_cur = rlim.rlim_max = 1 << 20;
205. setrlimit(RLIMIT_STACK, &rlim);
206. rlim.rlim_cur = rlim.rlim_max = 0;
207. setrlimit(RLIMIT_CORE, &rlim);
208.  
209. if (unshare(CLONE_NEWNS)) {
210. }
211. if (unshare(CLONE_NEWIPC)) {
212. }
213. if (unshare(0x02000000)) {
214. }
215. if (unshare(CLONE_NEWUTS)) {
216. }
217. if (unshare(CLONE_SYSVSEM)) {
218. }
219. }
220.  
221. static int do_sandbox_none(void)
222. {
223. if (unshare(CLONE_NEWPID)) {
224. }
225. int pid = fork();
226. if (pid < 0)
227. fail("sandbox fork failed");
228. if (pid)
229. return pid;
230.  
231. sandbox_common();
232. if (unshare(CLONE_NEWNET)) {
233. }
234. initialize_netdevices();
235. loop();
236. doexit(1);
237. }
238.  
239. static int inject_fault(int nth)
240. {
241. int fd;
242. char buf[16];
243.  
244. fd = open("/proc/thread-self/fail-nth", O_RDWR);
245. if (fd == -1)
246. exitf("failed to open /proc/thread-self/fail-nth");
247. sprintf(buf, "%d", nth + 1);
248. if (write(fd, buf, strlen(buf)) != (ssize_t)strlen(buf))
249. exitf("failed to write /proc/thread-self/fail-nth");
250. return fd;
251. }
252.  
253. uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};
254. void loop()
255. {
256. long res = 0;
257. memcpy((void*)0x20000011, "/etc/ld.so.cache", 17);
258. res = syscall(__NR_open, 0x20000011, 0, 0);
259. if (res != -1)
260. r[0] = res;
261. syscall(__NR_close, r[0]);
262. syscall(__NR_close, -1);
263. syscall(__NR_getpid);
264. memcpy((void*)0x20000448, "tfile_sparse_3852", 18);
265. res = syscall(__NR_open, 0x20000448, 0x42, 0);
266. if (res != -1)
267. r[1] = res;
268. syscall(__NR_fstat, -1, 0x2000048c);
269. syscall(__NR_write, -1, 0x2000148d, 0);
270. syscall(__NR_write, -1, 0x2000248e, 0);
271. syscall(__NR_write, -1, 0x2000348f, 0);
272. syscall(__NR_write, -1, 0x20004490, 0);
273. syscall(__NR_write, -1, 0x20005491, 0);
274. syscall(__NR_write, -1, 0x20006492, 0);
275. syscall(__NR_write, -1, 0x20007493, 0);
276. syscall(__NR_write, -1, 0x20008494, 0);
277. syscall(__NR_write, -1, 0x20009495, 0);
278. memcpy((void*)0x2000a496, "A", 1);
279. syscall(__NR_write, r[1], 0x2000a496, 1);
280. memcpy((void*)0x2000b497, "ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN", 4096);
281. syscall(__NR_write, r[1], 0x2000b497, 0x1000);
282. memcpy((void*)0x2000c498, "ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN", 4096);
283. syscall(__NR_write, r[1], 0x2000c498, 0x1000);
284. syscall(__NR_lseek, -1, 0, 0);
285. syscall(__NR_write, -1, 0x2000d499, 0);
286. syscall(__NR_write, -1, 0x2000e49a, 0);
287. syscall(__NR_write, -1, 0x2000f49b, 0);
288. syscall(__NR_write, -1, 0x2001049c, 0);
289. syscall(__NR_write, -1, 0x2001149d, 0);
290. syscall(__NR_write, -1, 0x2001249e, 0);
291. syscall(__NR_write, -1, 0x2001349f, 0);
292. syscall(__NR_write, -1, 0x200144a0, 0);
293. syscall(__NR_write, -1, 0x200154a1, 0);
294. syscall(__NR_write, -1, 0x200164a2, 0);
295. syscall(__NR_write, -1, 0x200174a3, 0);
296. syscall(__NR_write, -1, 0x200184a4, 0);
297. syscall(__NR_lseek, -1, 0, 0);
298. syscall(__NR_fallocate, r[0], 0, 0x2000, 0x1000);
299. syscall(__NR_ioctl, 1, 0x5401, 0x200184c8);
300. syscall(__NR_fstat, 1, 0x2001850c);
301. syscall(__NR_fallocate, -1, 0, 0, 0);
302. syscall(__NR_fallocate, r[1], 0, 0x11000, 0x1000);
303. write_file("/sys/kernel/debug/failslab/ignore-gfp-wait", "N");
304. write_file("/sys/kernel/debug/fail_futex/ignore-private", "N");
305. inject_fault(4);
306. syscall(__NR_fallocate, r[1], 0, 0, 0x1000);
307. }
308.  
309. int main()
310. {
311. syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
312. int pid = do_sandbox_none();
313. int status = 0;
314. while (waitpid(pid, &status, __WALL) != pid) {}
315. return 0;
316. }