Skip to content

Instantly share code, notes, and snippets.

@dvyukov

dvyukov/gist:451019c8fb14aa4565a4

Created November 24, 2015 13:47
Show Gist options
  • Save dvyukov/451019c8fb14aa4565a4 to your computer and use it in GitHub Desktop.
Save dvyukov/451019c8fb14aa4565a4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
Save the following log into memcg file, and then run:
$ ./execprog -executor ./executor -debug=0 -cover=0 -threaded=1 -collide=1 -procs=16 -loop memcg
// execprog and executor binaries are built from https://github.com/google/syzkaller
2015/11/24 02:00:19 executing program 3:
mmap(&(0x7f0000000000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
prctl$intptr(0x26, 0x1)
seccomp(0x1, 0x0, &(0x7f0000000000+0x4da)={0x3, &(0x7f0000002000-0x18)={{0x15, 0x0, 0x1, 0x0}, {0x4, 0x7, 0x31e04854, 0xb13}, {0x6, 0x73b8285d7d5712f1, 0x5, 0xfffffffffffffff9}}})
r0 = accept(0x1869f, &(0x7f0000002000+0xc52)=nil, &(0x7f0000002000+0x19d)=nil)
ioctl$TIOCGSID(r0, 0x540f, &(0x7f0000001000+0x141)=0x0)
2015/11/24 02:00:19 executing program 2:
mmap(&(0x7f0000000000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0x1869f)
mmap(&(0x7f0000001000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
getdents64(r0, &(0x7f0000001000)=nil, 0x1b)
mmap(&(0x7f0000002000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000001000-0x7)="2e2f62757300", r0, &(0x7f0000002000)="2e2f62757300", 0x1000)
r1 = getpgid(0x0)
mmap(&(0x7f0000003000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
ptrace$poke(0x4, r1, &(0x7f0000003000)=0x0, 0x42)
2015/11/24 02:00:19 executing program 1:
r0 = socket(0xa, 0x801, 0x6)
mmap(&(0x7f0000001000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$ip_ipsec(r0, 0x0, 0x10, &(0x7f0000000000)={{{{0x0, 0x0, 0x0, 0x1000000}, {0x0, 0x0, 0x0, 0x1000000}, 0x6a18dcc9, 0x9, 0x1, 0x2, 0x1, 0x1, 0x0, 0x7, 0x2c3f, 0x9}, {0x0, 0x7, 0x16, 0xfffffffffffffff9, 0x7, 0x58, 0x2, 0x1}, {0x9, 0xc5, 0x6, 0x6}, 0x6, 0x0, 0x0, 0x4, 0x1, 0x5}, {{{0x0, 0x0, 0x0, 0x1000000}, 0x8, 0x629b}, 0x6, {0x100007f, 0x0, 0x0, 0x0}, 0x7, 0x2, 0x9, 0x0, 0x0, 0x693, 0x8}}, 0xdb)
setsockopt$ipv6_int(r0, 0x29, 0x3e, &(0x7f0000001000+0x2cd)=0x9, 0x4)
2015/11/24 02:00:19 executing program 0:
r0 = socket(0x2, 0x1, 0x0)
mmap(&(0x7f0000000000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$ip_int(r0, 0x0, 0x31, &(0x7f0000001000)=0x0, &(0x7f0000000000)=nil)
mmap(&(0x7f0000001000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
r1 = openat(0x1869f, &(0x7f0000002000-0x5)="2e2f636f6e74726f6c00", 0x1, 0x20)
mmap(&(0x7f0000001000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
ioctl$TIOCLINUX2(r1, 0x541c, &(0x7f0000002000-0xb)={0x2, 0x8, 0x0, 0x2, 0x6, 0x1})
2015/11/24 02:00:19 executing program 3:
mmap(&(0x7f0000000000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
prctl$intptr(0x26, 0x1)
seccomp(0x1, 0x0, &(0x7f0000000000+0x4da)={0x3, &(0x7f0000002000-0x18)={{0x35, 0x0, 0x1, 0xfffffffffffffffb}, {0x4, 0x6, 0x4ba7, 0x5}, {0x6, 0x73b8285d7d5712f1, 0x5, 0xfffffffffffffff9}}})
r0 = getpgrp(0x0)
mmap(&(0x7f0000002000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
sched_setparam(r0, &(0x7f0000002000)=0xcd3)
io_destroy(0x0)
2015/11/24 02:00:19 executing program 1:
mmap(&(0x7f0000eab000)=nil, (0x4000), 0x2, 0x20031, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000)=nil, (0x1000), 0x1, 0x32, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000000)={[r0=]0x0, [r1=]0x0})
mbind(&(0x7f0000eab000)=nil, (0x4000), 0x4002, &(0x7f0000001000-0x8)=0x87346b5512e9ab2a, 0x7, 0x1)
fgetxattr(r1, &(0x7f0000eae000-0x4a)="413b1cfd425f9d888c564bb95ecc281676a59a5083511016a931c5dd89b125fc355c54ef8c741d4fa7877316c13aaf36c95b1eeb6e7b2d74654fdc09d9b0a471214ada498ca7c7af652c", &(0x7f0000000000)=nil, 0xa6)
mmap(&(0x7f0000001000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
unshare(0x20000)
mmap(&(0x7f0000002000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000eab000)=nil, (0x4000), 0x2, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000eab000+0x7c7)={0x0, [r2=]0x0, 0x0}, &(0x7f0000004000-0x4)=nil)
mmap(&(0x7f0000003000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
fstat(r0, &(0x7f0000004000-0x44)={0x0, 0x0, 0x0, 0x0, 0x0, [r3=]0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = getuid()
setresuid(r2, r3, r4)
read(r0, &(0x7f0000002000+0x29f)=nil, 0x25)
2015/11/24 02:00:19 executing program 2:
mmap(&(0x7f0000001000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
set_mempolicy(0x1, &(0x7f0000001000+0x22d)=0x0, 0x9)
mmap(&(0x7f00008dc000)=nil, (0x4000), 0x4, 0x30, 0xffffffffffffffff, 0x0)
r0 = open$ptmx(&(0x7f0000000000)="2f6465762f70746d78", 0x1, 0x0)
close(r0)
2015/11/24 02:00:19 executing program 0:
mmap(&(0x7f0000000000)=nil, (0x1000), 0x2, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
prctl$intptr(0x26, 0x1)
prctl$seccomp(0x16, 0x2, &(0x7f0000002000-0x10)={0x2, &(0x7f0000000000)={{0x14, 0x3, 0xfffffffffffff905, 0x6}, {0x6, 0xa167, 0xfffffffffffffffa, 0xfffffffffffffff7}}})
mmap(&(0x7f0000003000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = dup(0xffffffffffffffff)
mmap(&(0x7f0000002000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
write$fuse_notify_inval_entry(r0, &(0x7f0000003000-0x18)={0x20, 0x80, 0x0, 0x0, 0xfffffffffffffff7, 0x0}, 0x20)
mmap(&(0x7f0000004000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000004000-0x29)={&(0x7f0000004000-0x6d)="0a0033e152d5ffe6000000000000000000000000000000016070a21c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", 0x80, &(0x7f0000003000)={{&(0x7f0000004000-0x47)="d4d68379dabbd014d11e148a926c4649826781e48c27c95930e48613a9ec1c7b0921dc1286104e03d78045e11657da495d731d1197c220509bbed9da2a59966fba237004e306a6", 0x47}}, 0x1, &(0x7f0000001000)={0xde, 0x0, 0x3}, 0x10, 0x801, 0x7}, 0x4000)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment