panic: sandbox escaping file name "../file0", Files are map[../file0:true]
1 view
Skip to first unread message
syzbot
Nov 25, 2018, 4:07:03 PM11/25/18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 03d6ed1c9def Remove (unused) FS_BOOT training wheels. If y..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=16f83533400000
dashboard link: https://syzkaller.appspot.com/bug?extid=feab84fa35af2ad0807f
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+feab84...@syzkaller.appspotmail.com
panic: sandbox escaping file name "../file0", Files are map[../file0:true]
goroutine 16 [running]:
github.com/google/syzkaller/prog.(*randGen).filename(0xc000615960,
0xc000786b40, 0xbf5640, 0x2, 0x2)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:161 +0x2e3
github.com/google/syzkaller/prog.(*BufferType).generate(0xbf5640,
0xc000615960, 0xc000786b40, 0xc00007b500, 0x672e3f68198bd01b, 0xc0004699e8,
0x4f0c53, 0xc0002be7e0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:646 +0x4fc
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000615960,
0xc000786b40, 0x8fd620, 0xbf5640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000615960,
0xc000786b40, 0x8fd620, 0xbf5640, 0x0, 0x0, 0x7437e2, 0x87a299, 0x3)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*PtrType).generate(0xbd2a40,
0xc000615960, 0xc000786b40, 0x8, 0x8, 0xc00000c730, 0x0, 0xc000221180)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:729 +0x84
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000615960,
0xc000786b40, 0x8fda80, 0xbd2a40, 0xc000469b00, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000615960,
0xc000786b40, 0x8fda80, 0xbd2a40, 0xc00000c6c0, 0x1, 0x1, 0x1, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc000615960,
0xc000786b40, 0xbcf260, 0x4, 0x4, 0xc9fe6cbfcae3505b, 0xc000469db0,
0x72beae, 0x7f3580, 0xc000269a40, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:518 +0x11d
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc000615960,
0xc000786b40,
0xbddea0, 0x87, 0xc000786b40, 0xc000330ac0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:462 +0xd1
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc000615960,
0xc000786b40, 0xc000786a40, 0xc000786b40, 0xc000469e48, 0x731217)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:454 +0xa4
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc000469ed0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:118
+0xcb
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc000786a40, 0x8f8680,
0xc0002be7e0, 0x1e, 0xc0003ac3c0, 0xc000646000, 0x4e6, 0x500)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:32
+0x299
main.(*Proc).loop(0xc0003ac400)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99
+0x446created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236
+0xfe2
login:
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 03d6ed1c9def Remove (unused) FS_BOOT training wheels. If y..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=16f83533400000
dashboard link: https://syzkaller.appspot.com/bug?extid=feab84fa35af2ad0807f
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+feab84...@syzkaller.appspotmail.com
panic: sandbox escaping file name "../file0", Files are map[../file0:true]
goroutine 16 [running]:
github.com/google/syzkaller/prog.(*randGen).filename(0xc000615960,
0xc000786b40, 0xbf5640, 0x2, 0x2)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:161 +0x2e3
github.com/google/syzkaller/prog.(*BufferType).generate(0xbf5640,
0xc000615960, 0xc000786b40, 0xc00007b500, 0x672e3f68198bd01b, 0xc0004699e8,
0x4f0c53, 0xc0002be7e0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:646 +0x4fc
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000615960,
0xc000786b40, 0x8fd620, 0xbf5640, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000615960,
0xc000786b40, 0x8fd620, 0xbf5640, 0x0, 0x0, 0x7437e2, 0x87a299, 0x3)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*PtrType).generate(0xbd2a40,
0xc000615960, 0xc000786b40, 0x8, 0x8, 0xc00000c730, 0x0, 0xc000221180)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:729 +0x84
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000615960,
0xc000786b40, 0x8fda80, 0xbd2a40, 0xc000469b00, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000615960,
0xc000786b40, 0x8fda80, 0xbd2a40, 0xc00000c6c0, 0x1, 0x1, 0x1, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc000615960,
0xc000786b40, 0xbcf260, 0x4, 0x4, 0xc9fe6cbfcae3505b, 0xc000469db0,
0x72beae, 0x7f3580, 0xc000269a40, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:518 +0x11d
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc000615960,
0xc000786b40,
0xbddea0, 0x87, 0xc000786b40, 0xc000330ac0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:462 +0xd1
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc000615960,
0xc000786b40, 0xc000786a40, 0xc000786b40, 0xc000469e48, 0x731217)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:454 +0xa4
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc000469ed0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:118
+0xcb
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc000786a40, 0x8f8680,
0xc0002be7e0, 0x1e, 0xc0003ac3c0, 0xc000646000, 0x4e6, 0x500)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:32
+0x299
main.(*Proc).loop(0xc0003ac400)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99
+0x446created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236
+0xfe2
login:
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Greg Steuck
Nov 25, 2018, 4:51:36 PM11/25/18
to syzbot+feab84...@syzkaller.appspotmail.com, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages