Hello,
syzbot found the following crash on:
HEAD commit: 97aa0691961a In unp_internalize() check the length more ca..
git tree:
https://github.com/openbsd/src.git master
console output:
https://syzkaller.appspot.com/x/log.txt?x=13fd3905400000
dashboard link:
https://syzkaller.appspot.com/bug?extid=d9c61993721f4e6389f8
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+d9c619...@syzkaller.appspotmail.com
panic: sandbox escaping file name "../file0"
goroutine 16 [running]:
github.com/google/syzkaller/prog.(*randGen).filename(0xc000759260,
0xc000544ac0, 0xbf4ec0, 0x498aee, 0xc000656780)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:161 +0x2ac
github.com/google/syzkaller/prog.(*BufferType).generate(0xbf4ec0,
0xc000759260, 0xc000544ac0, 0xc000079500, 0x1a5889a35249a32, 0xc0008ef960,
0x4f0c53, 0xc00092fce0)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:646 +0x4fc
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000759260,
0xc000544ac0, 0x8fd600, 0xbf4ec0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000759260,
0xc000544ac0, 0x8fd600, 0xbf4ec0, 0xaaaaaaaaaaaaaaaa, 0x38, 0x7437b2,
0x87a299, 0x3)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*PtrType).generate(0xbd1b40,
0xc000759260, 0xc000544ac0, 0x40b7ff, 0xc0007594a0, 0x20, 0x20, 0x8115a0)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:729 +0x84
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000759260,
0xc000544ac0, 0x8fda60, 0xbd1b40, 0xc0008efb00, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000759260,
0xc000544ac0, 0x8fda60, 0xbd1b40, 0x2, 0x2, 0x0, 0x203000, 0xc0008efc60)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc000759260,
0xc000544ac0, 0xbc6840, 0x2, 0x2, 0x14276daeea19286e, 0xc0008efd28,
0x72beae, 0x7f3580, 0xc00092f110, ...)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:518 +0x11d
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc000759260,
0xc000544ac0,
0xbdd420, 0x6d, 0xc000544ac0, 0xc00090ac60)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:462 +0xd1
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc000759260,
0xc000544ac0, 0xc00043f4c0, 0xc000544ac0, 0xc0008efdc0, 0x7311e7)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/rand.go:454 +0xa4
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc0008efe48, 0x14)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/mutation.go:118
+0xcb
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc00043f4c0, 0x8f8660,
0xc00092fce0, 0x1e, 0xc0006b8680, 0xc000790000, 0x8f6, 0x900)
/syzkaller/gopath/src/
github.com/google/syzkaller/prog/mutation.go:32
+0x299
main.(*Proc).smashInput(0xc0006b86c0, 0xc000a8cb40)
/syzkaller/gopath/src/
github.com/google/syzkaller/syz-fuzzer/proc.go:196
+0x103
main.(*Proc).loop(0xc0006b86c0)
/syzkaller/gopath/src/
github.com/google/syzkaller/syz-fuzzer/proc.go:82
+0x177created by main.main
/syzkaller/gopath/src/
github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236
+0xfe2
OpenBSD/amd64 (worker.syzkaller) (tty00)
login: set $lines = 0
Password:
Login incorrect
login: trace
Password:
Login incorrect
login: show proc
Password:
Login incorrect
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.