panic: sandbox escaping file name "../file0/file0"
2 views
Skip to first unread message
syzbot
Nov 25, 2018, 2:29:02 PM11/25/18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 03d6ed1c9def Remove (unused) FS_BOOT training wheels. If y..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=156e82b9400000
dashboard link: https://syzkaller.appspot.com/bug?extid=7afcba4b101ae3f15a9b
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7afcba...@syzkaller.appspotmail.com
panic: sandbox escaping file name "../file0/file0"
goroutine 17 [running]:
github.com/google/syzkaller/prog.(*randGen).filename(0xc000403400,
0xc0004c3380, 0xbf5460, 0x203000, 0xc000060cb8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:161 +0x2ac
github.com/google/syzkaller/prog.(*BufferType).generate(0xbf5460,
0xc000403400, 0xc0004c3380, 0xc00007ca00, 0xe136b44e4b95f4f, 0xc00069d9e8,
0x4f0c53, 0xc0006dc4b0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:646 +0x4fc
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000403400,
0xc0004c3380, 0x8fd600, 0xbf5460, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000403400,
0xc0004c3380, 0x8fd600, 0xbf5460, 0xaaaaaaaaaaaaaaaa, 0x38, 0x7437b2,
0x87a299, 0x3)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*PtrType).generate(0xbd2860,
0xc000403400, 0xc0004c3380, 0x40b7ff, 0xc0005ebb90, 0x30, 0x30, 0x8115a0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:729 +0x84
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000403400,
0xc0004c3380, 0x8fda60, 0xbd2860, 0xc00069db00, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000403400,
0xc0004c3380, 0x8fda60, 0xbd2860, 0x3, 0x3, 0xc0004c3500, 0x40,
0xc00069dce8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc000403400,
0xc0004c3380, 0xbc8b20, 0x3, 0x3, 0x7a81addd746bded2, 0xc00069ddb0,
0x72beae, 0x7f3580, 0xc0007506f0, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:518 +0x11d
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc000403400,
0xc0004c3380,
0xbddde0, 0x85, 0xc0004c3380, 0xc00000dcc8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:462 +0xd1
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc000403400,
0xc0004c3380, 0xc0004c2e80, 0xc0004c3380, 0xc00069de48, 0x7311e7)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:454 +0xa4
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc00069ded0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:118
+0xcb
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc0004c2e80, 0x8f8660,
0xc0006dc4b0, 0x1e, 0xc000756500, 0xc0006be000, 0x942, 0xc00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:32
+0x299
main.(*Proc).loop(0xc0007416c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99
+0x446created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236
+0xfe2
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 03d6ed1c9def Remove (unused) FS_BOOT training wheels. If y..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=156e82b9400000
dashboard link: https://syzkaller.appspot.com/bug?extid=7afcba4b101ae3f15a9b
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7afcba...@syzkaller.appspotmail.com
panic: sandbox escaping file name "../file0/file0"
goroutine 17 [running]:
github.com/google/syzkaller/prog.(*randGen).filename(0xc000403400,
0xc0004c3380, 0xbf5460, 0x203000, 0xc000060cb8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:161 +0x2ac
github.com/google/syzkaller/prog.(*BufferType).generate(0xbf5460,
0xc000403400, 0xc0004c3380, 0xc00007ca00, 0xe136b44e4b95f4f, 0xc00069d9e8,
0x4f0c53, 0xc0006dc4b0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:646 +0x4fc
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000403400,
0xc0004c3380, 0x8fd600, 0xbf5460, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000403400,
0xc0004c3380, 0x8fd600, 0xbf5460, 0xaaaaaaaaaaaaaaaa, 0x38, 0x7437b2,
0x87a299, 0x3)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*PtrType).generate(0xbd2860,
0xc000403400, 0xc0004c3380, 0x40b7ff, 0xc0005ebb90, 0x30, 0x30, 0x8115a0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:729 +0x84
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000403400,
0xc0004c3380, 0x8fda60, 0xbd2860, 0xc00069db00, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000403400,
0xc0004c3380, 0x8fda60, 0xbd2860, 0x3, 0x3, 0xc0004c3500, 0x40,
0xc00069dce8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc000403400,
0xc0004c3380, 0xbc8b20, 0x3, 0x3, 0x7a81addd746bded2, 0xc00069ddb0,
0x72beae, 0x7f3580, 0xc0007506f0, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:518 +0x11d
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc000403400,
0xc0004c3380,
0xbddde0, 0x85, 0xc0004c3380, 0xc00000dcc8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:462 +0xd1
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc000403400,
0xc0004c3380, 0xc0004c2e80, 0xc0004c3380, 0xc00069de48, 0x7311e7)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:454 +0xa4
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc00069ded0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:118
+0xcb
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc0004c2e80, 0x8f8660,
0xc0006dc4b0, 0x1e, 0xc000756500, 0xc0006be000, 0x942, 0xc00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:32
+0x299
main.(*Proc).loop(0xc0007416c0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99
+0x446created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236
+0xfe2
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Greg Steuck
Nov 25, 2018, 4:51:01 PM11/25/18
to syzbot+7afcba...@syzkaller.appspotmail.com, syzkaller-o...@googlegroups.com
#syz invalid
--
You received this message because you are subscribed to the Google Groups "syzkaller-openbsd-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-openbsd...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-openbsd-bugs/000000000000946865057b823ac6%40google.com.
For more options, visit https://groups.google.com/d/optout.
--
nest.cx is Gmail hosted, use PGP for anything private. Key: http://goo.gl/6dMsr
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
Reply all
Reply to author
Forward
0 new messages