SYZFAIL: %s

7 views

Skip to first unread message

syzbot

unread,

Mar 10, 2021, 11:41:13 PM3/10/21

to syzkaller-...@googlegroups.com

Hello,

syzbot found the following issue on:

HEAD commit: 59ee1e30 make(1): replace global preserveUndefined with VA..
git tree: netbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=11d72d56d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fab579639ba4bf0a
dashboard link: https://syzkaller.appspot.com/bug?extid=4435cef0c512430b11af
compiler: g++ (Ubuntu 5.4.0-6ubuntu1~16.04.12) 5.4.0 20160609

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4435ce...@syzkaller.appspotmail.com

failed to mmap coverage filter bitmap bad coverage filter bitmap size /dev/vhci%llu SYZFAIL: %s
(errno %d: %s)
pos=%p region=[%p:%p] output overflow pos=%p: [%p:%p) input command overflows input result=%lld command refers to bad result failed to chmod /dev/fault clock_gettime failed setsid failed event already set control pipe write failed failed to open /dev /dev/%s path=%s failed to chmod vhci /dev/kcov open of /dev/kcov failed from=%d, to=%d failed to dup cover fd ioctl remote attach failed ioctl init trace write failed cover mmap failed SIGSEGV on %p, skipping
SIGSEGV on %p, exiting
(errno %d)
pthread_mutex_init failed pthread_cond_init failed rmdir(%s) failed opendir(%s) failed .. %s/%s lstat(%s) failed unlink(%s) failed � � � > #%d [%llums] -> %s( , failed to open /dev/fault nth=%d FAULT_IOC_ENABLE failed thr=%d, cov=%u too much cover FAULT_IOC_GETINFO failed FAULT_IOC_DISABLE failed cover=%u fault=%d format=%llu bad binary format in swap size=%llu bad big-endian int size off=%llu, len=%llu bitmask for string format copyin: bad argument size bad strdec size %020llu bad strhex size 0x%016llx bad stroct size %023llo unknown binary format vsnprintf failed string='%s' command=%s: %d command failed command '%s': %d
tun_id=%d tun_id out of range /dev/tap%d ifconfig %s destroy ifconfig %s create device=%s tun: can't open device dup2(tunfd, kTunFd) failed aa:aa:aa:aa:aa:aa ifconfig %s link %s 172.20.%d.170 aa:aa:aa:aa:aa:bb 172.20.%d.187 arp -s %s %s fe80::%02hxaa ifconfig %s inet6 %s fe80::%02hxbb ndp -s %s%%%s %s %02x copyout: bad argument size tun: read failed extracted seq: %08x
extracted ack: %08x
IN OUT syz_usb_connect: configured
syz_usb_connect: dev: %p
syz_usb_connect: dev is null
type=%llx invalid kcov comp type ncomps=%u too many comparisons ready=%d done=%d executing=%d index=%lld result overflows kMaxCommands negative running bag inet checksum size size=%lld bad checksum const chunk size kind=%llu bad checksum chunk kind bad checksum kind type=%llu bad argument type call_num=%llu invalid syscall number syscall=%s executing disabled syscall syz_usb syz_80211_inject_frame args=%llu bad argument binary format bad argument bitfield bad result argument format pthread_create failed out of threads bad thread state in schedule enabling collider
./%d failed to mkdir control pipe read failed magic=0x%llx bad execute request magic size=0x%llx bad execute prog size bad timeouts need_prog: no program clone failed failed to chdir spawned worker pid %d
killing hanging pid %d
child failed sandbox fork failed spawned loop pid %d
nobody getpwnam_r("nobody") failed failed to setgroups failed to setgid failed to setuid SKIP FAIL OK version setup feature=%s leak setup_kcsan_filterlist KCSAN is not implemented test === RUN %s
--- %-4s %s
mmap of data segment failed mmap of input file failed mmap of output file failed failed to mkdtemp failed to chmod dup2(0, kInPipeFd) failed dup2(1, kOutPipeFd) failed dup2(2, 1) failed dup2(2, 0) failed read=%d handshake read failed bad handshake magic /syz-cover-bitmap faied to stat coverage filter want=%p, got=%p loop exited with status %d
unknown sandbox type test_copyin test_csum_inet test_csum_inet_acc test_coverage_filter __clock_getres50 __clock_gettime50 __clock_settime50 __clone __fstat50 __futimes50 __getcwd __getdents30 __getitimer50 __getlogin __getrusage50 __lstat50 __lutimes50 __mount50 __msync13 __nanosleep50 __select50 __setitimer50 __stat50 __utimes50 __vfork14 __wait450 _ksem_close _ksem_destroy _ksem_getvalue _ksem_init _ksem_open _ksem_post _ksem_timedwait _ksem_trywait _ksem_unlink _ksem_wait _lwp_continue _lwp_create _lwp_ctl _lwp_detach _lwp_exit _lwp_getname _lwp_getprivate _lwp_kill _lwp_self _lwp_setname _lwp_setprivate _lwp_suspend _lwp_unpark _lwp_unpark_all _lwp_wait _lwp_wakeup accept$inet accept$inet6 accept$unix access acct bind bind$inet bind$inet6 bind$unix clock_nanosleep compat_09_ouname compat_12_fstat12 compat_12_lstat12 compat_12_msync compat_12_stat12 compat_20_fstatfs compat_20_getfsstat compat_20_statfs compat_30_getdents compat_30_socket compat_40_mount compat_43_fstat43 compat_43_lstat43 compat_43_oaccept compat_43_ocreat compat_43_oftruncate compat_43_ogetpeername compat_43_ogetrlimit compat_43_ogetsockname compat_43_olseek compat_43_orecvfrom compat_43_osetrlimit compat_43_otruncate compat_43_stat43 compat_50__lwp_park compat_50_clock_getres compat_50_clock_gettime compat_50_clock_settime compat_50_futimes compat_50_getitimer compat_50_getrusage compat_50_lutimes compat_50_mknod compat_50_nanosleep compat_50_quotactl compat_50_select compat_50_setitimer compat_50_utimes compat_50_wait4 compat_60__lwp_park connect$inet connect$inet6 connect$unix dup dup2 dup3 execve faccessat fchdir fchflags fchmod fchmodat fchown fchownat fchroot fcntl$dupfd fcntl$getflags fcntl$getown fcntl$lock fcntl$setflags fcntl$setown fcntl$setstatus fdatasync flock fstatat fsync getegid geteuid getgid getgroups getpeername$inet getpeername$inet6 getpeername$unix getpgid getpgrp getpid getppid getpriority getsid getsockname$inet getsockname$inet6 getsockname$unix getsockopt getsockopt$SO_PEERCRED getsockopt$inet_opts getsockopt$sock_cred getsockopt$sock_int getsockopt$sock_linger getsockopt$sock_timeval getuid ioctl$FIOASYNC ioctl$FIOGETBMAP ioctl$FIOGETOWN ioctl$FIONBIO ioctl$FIONREAD ioctl$FIONSPACE ioctl$FIONWRITE ioctl$FIOSEEKDATA ioctl$FIOSEEKHOLE ioctl$FIOSETOWN ioctl$OFIOGETBMAP lchflags lchmod lchown listen madvise mincore minherit mkdirat mknod$loop mknodat mlock mlockall mmap mprotect msgctl$IPC_RMID msgctl$IPC_SET msgctl$IPC_STAT msgget msgget$private msgrcv msgsnd munlock munlockall munmap open$dir openat paccept pipe pipe2 poll posix_spawn pread preadv profil ptrace pwrite pwritev readlink readlinkat recvfrom$inet recvfrom$inet6 recvfrom$unix recvmmsg recvmsg rename renameat rmdir semctl$GETALL semctl$GETNCNT semctl$GETPID semctl$GETVAL semctl$GETZCNT semctl$IPC_RMID semctl$IPC_SET semctl$IPC_STAT semctl$SETALL semctl$SETVAL semget semget$private semop sendmmsg sendmsg sendmsg$unix sendto sendto$inet sendto$inet6 sendto$unix setegid seteuid setpgid setpriority setregid setreuid setsockopt setsockopt$inet6_MRT6_ADD_MFC setsockopt$inet6_MRT6_ADD_MIF setsockopt$inet6_MRT6_DEL_MFC setsockopt$inet_opts setsockopt$sock_cred setsockopt$sock_int setsockopt$sock_linger setsockopt$sock_timeval shmat shmctl$IPC_RMID shmctl$IPC_SET shmctl$IPC_STAT shmctl$SHM_LOCK shmctl$SHM_UNLOCK shmdt shmget shmget$private shutdown socket$inet socket$inet6 socket$unix socketpair socketpair$unix symlink symlinkat syz_builtin0 syz_builtin1 syz_emit_ethernet syz_execute_func syz_extract_tcp_res syz_extract_tcp_res$synack syz_usb_connect syz_usb_connect$cdc_ecm syz_usb_connect$cdc_ncm syz_usb_connect$hid syz_usb_connect$printer syz_usb_connect$uac1 syz_usb_disconnect umask unlinkat unmount utimensat vfork �� > �� B CD E �� B CD E �� B CD E �� 4Vx 4 Vx �� "3DUfw��̻��wfUD3" �� 4 Vx �� "3DUfw��̻��wfUD3" �� "3DUfw��̻��wfUD3" : �� @ �� @ �� @ �� @ ��@ � ��@ � ��@ �� @ ��@ �C ��@ �C ��@ �C ʠ@ 2P ڠ@ �S �@ �{ �@ , T( �@ �p 0�@ , T `�@ , S� �A@ CD@ D@ �C@ �A@ �A@ �C@ �A@ �A@ �A@ �A@ �A@ �A@ �A@ �A@ ZC@ ��@ �*@ �@ �(@ �@ �)@ )�@ 5@ ׍@ $@ ��@ w"@ >�@ � O�@ � a�@ � s�@ {�@ � ��@ � ��@ ( ��@ � ��@ � ��@ 1 ��@ � Β@ � ؒ@ � �@ � �@ ��@ � �@ � �@ � �@ � (�@ � 3�@ =�@ � G�@ � S�@ � a�@ � p�@ � {�@ � ��@ � ��@ ��@ � ��@ � ��@ � Ǔ@ : Փ@ 5 �@ E �@ ? ��@ 6 �@ D �@ < �@ > '�@ 7 1�@ C >�@ = N�@ 9 [�@ A g�@ B w�@ 8 ��@ ; �@ ��@ ��@ ��@ ��@ ! ��@ 3 ��@ h Ô@ h ͔@ h ؔ@ h N�@ 8�@ " ��@ Q�@ a�@ = �@ � M�@ �@ � �@ � �@ � '�@ A 7�@ � H�@ � Z�@ n�@ � �@ ��@ a ��@ ��@ > ŕ@ ( ו@ c �@ ��@ � �@ � &�@ � ;�@ � R�@ c�@ } w�@ � ��@ � ��@ & ��@ @ Ŗ@ � ܖ@ � ��@ � �@ � �@ V 2�@ u F�@ X�@ h�@ � |�@ � ��@ ] ��@ S ��@ � ŗ@ ՗@ � ̟@ b �@ b ��@ b �@ b �@ ) �@ Z �@ � �@ ; ��@ &�@ � 0�@ 7�@ # @�@ | G�@ � P�@ { W�@ � `�@ ) h�@ \ t�@ \ ��@ \ ��@ \ ��@ \ ��@ \ ��@ \ ǘ@ � ј@ � z�@ ט@ � ߘ@ _ �@ � �@ + �@ ��@ / ��@ O �@ �@ �@ )�@ :�@ � B�@ Q J�@ Q�@ ' Y�@ d 1�@ � e�@ F�@ l�@ }�@ ��@ ��@ v ��@ v ™@ v י@ v �@ v �@ v �@ v /�@ 6�@ 6 E�@ 6 V�@ 6 f�@ 6 t�@ 6 ��@ 6 ��@ 6 ��@ 6 ��@ 6 ǚ@ 6 ך@ 6 �@ 0 �@ ��@ '�@ 0�@ � �@ j ]�@ � �@ K �@ N �@ ��@ � �@ � b�@ � (�@ � 3�@ � ;�@ � A�@ � J�@ � O�@ J X�@ � h�@ � w�@ � ��@ � ��@ � ��@ � ��@ � ��@ � ��@ � ��@ I ��@ ś@ Λ@ � ՛@ � ݛ@ * �@ � �@ � �@ � ��@ � ��@ ! �@ , �@ �@ � �@ " ��@ #�@ : ,�@ � �@ x n�@ 7�@ E�@ T�@ b�@ � k�@ s�@ � z�@ � ��@ � ��@ � ��@ � ��@ � ��@ � œ@ � ќ@ � �@ � �@ � �@ � �@ � �@ � #�@ � 2�@ � 8�@ � A�@ I�@ V�@ � ]�@ � i�@ � v�@ � ��@ � ��@ � ��@ � �@ P ��@ R ��@ ` ��@ ��@ ~ ��@ � ��@ i Ý@ i �@ i ��@ i �@ i 2�@ i G�@ i [�@ i r�@ i �@ ��@ � ��@ � ��@ � ��@ � ��@ � Ϟ@ � �@ � �@ � �@ � ��@ � ��@ � �@ � �@ � �@ � +�@ � 6�@ � F�@ 9 N�@ � ̘@ $ X�@ e�@ r�@ �:@ ��@ � @ ��@ �<@ ��@ �<@ ğ@ � � iE@ ԟ@ � � iE@ �@ � � iE@ �@ � � iE@ �@ � � iE@ 0�@ � � iE@ E�@ , { @ �@ � X�@ < ��@
^�@ � g�@ o�@ � y�@ B �@ �@ y s y z ;� O �#��p (�� `(�� (�� )�� !*��D 0,�� ,�� -�� -��8 �-��P .��p /�� [/�� 0�� 0�� 0�� 1�� [1��0 2��L N2��h �2�� /3�� L4�� 4�� 4�� 5��0 �5��L 7��x f7�� 8�� \9�� :��$ �>��d ?�� 4C�� |C�� D�� PD�� D��4 DF��\ RH�� hH�� H�� RI�� I��< J��d LJ��x ,K�� EL�� S��
�T��P
�T��d
�U��
V��
<V��
MV��
\V��l &Z��< $\�� \�� `�� _o��P t�� t��0 u�� 0{��
�{��
g|�� ,}��d �}�� p~�� ҁ�� I��0 ӆ��| �� '�� zR x � $ �%��; A � A � D r A A D �%��M > E ( ` �&��9 B � A � A � q A B zR x � � � � $ �q�� ( � �&��h B � B � A � A (� D 0 $ � x ��0 F J w � ? ;*3$" �$�� @ , x(�� B � B � B � A (� A 0� D � ~ 0A (A B B B ( p �(�� A � A � G � � A A � _)��+ O R � r)��9 G � q � �)��) A � D b A � �)�� B � A � A � G � }*��B n $ �*�� A � h
A D 3+�� D �
A ` �+�� D t �+��& D W
A � �+��N D
A � #,�� D �
A � �,��3 A � c
E � �,��@ D q
A -�� A � G � �
A A 0 $ -�� B � A � A � D @ �
A A B A X h.��G s l �.��^ A � A � D � �.�� A � A � G � � s/��? A � e
A ( � �/��2 A � A � G � �
A A A � �0��J ( �0�� A � G � �
A A I A H 4 N1��N B � B � B � B (� A 0� A 8� G � 2 8A 0A (B B B B � P2�� D w
A g < � �2�� B � B � A � A (� D � H
(A A B B A $ � *7��j I w
A H E J
A ( l7��4 B � A � D P �
A B A 4 t;��H ~ H �;�� D �
A I ( h <��A A � A � D Z
A A A � 0<�� G � � $ � �<��j A � G � H
A A ( � �=�� N � G � � A A�A � � �?�� L �?�� J � B � A � A (� D 0 `
(A A B B A K (A� A� B� B� 0 h @��Z A � A � D 0
A A E K A A � *@��= D h
A $ � K@�� B � B � A � A (� D 0 � �@��4 X � �@�� D 0 n
A , �A�� A � G � �
A A C
A A L @ yB�� B � B � B � B (� A 0� A 8� G �! o
8A 0A (B B B B A 8 � �I�� B � B � A � A (� D P �
(A A B B A � 7J��X , � |J�� A � @
E \
E \
E Z
E K��v d P ( fK��! < tK�� P qK�� d @p�� x �p�� D 0 � L � Kq�� K � B � B � B (� A 0� A 8� D P � 8A 0A (B B B B A�� D � �q�� K � B � B � A (� A 0� �
(A B B B A H �� D ( r�� K � B � B � A (� A 0� z
(A B B B A G �� ( p tr�� A � A � D 8 u
A A A H � gt��C B � B � B � B (� A 0� A 8� D � * 8A 0A (B B B B L � �I�� B � B � B � B (� A 0� A 8� D �
8A 0A (B B B B A $ 8
u�� A � A � �
A A H `
�u�� B � B � B � B (� A 0� A 8� D @ U
8A 0A (B B B B A H �
w�� B � B � B � B (� A 0� A 8� D ` A
8A 0A (B B B B A $ �
Oy�� A � A � �
A A H z��i B � B � B � B (� A 0� A 8� D @ 6
8A 0A (B B B B A H l /{��s B � B � B � B (� A 0� A 8� D ` ?
8A 0A (B B B B A H � �K�� B � B � B � B (� A 0� A 8� D @ �
8A 0A (B B B B A ( �M�� q � A � D �
A A A H 0 +N��8 B � B � B � B (� A 0� A 8� D � �
8A 0A (B B B B A L | Q��@ B � B � B � B (� A 0� A 8� G � �
8A 0A (B B B B A 0 � `�� B � B � B � SYZFAIL: FAULT_IOC_GETINFO failed
(errno 22: Invalid argument)
SYZFAIL: child failed
(errno 0: Undefined error: 0)

---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,

Jun 9, 2021, 12:41:12 AM6/9/21

to syzkaller-...@googlegroups.com

Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.

Reply all

Reply to author

Forward

0 new messages