panic: sandbox escaping file name "../file0", Files are map[./file0:true ../file0:true]
1 view
Skip to first unread message
syzbot
Nov 25, 2018, 4:15:04 PM11/25/18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 03d6ed1c9def Remove (unused) FS_BOOT training wheels. If y..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=13928893400000
dashboard link: https://syzkaller.appspot.com/bug?extid=403b2971bb4ae9a2eeea
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+403b29...@syzkaller.appspotmail.com
panic: sandbox escaping file name "../file0", Files are
map[./file0:true ../file0:true]
goroutine 16 [running]:
github.com/google/syzkaller/prog.(*randGen).filename(0xc000633d80,
0xc0002911c0, 0xbf7120, 0x203000, 0xc00097b958)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:161 +0x2e3
github.com/google/syzkaller/prog.(*BufferType).generate(0xbf7120,
0xc000633d80, 0xc0002911c0, 0xc00007b500, 0x5746868df585b677, 0xc00097b9e8,
0x4f0c53, 0xc000417c20)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:646 +0x4fc
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000633d80,
0xc0002911c0, 0x8fd620, 0xbf7120, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000633d80,
0xc0002911c0, 0x8fd620, 0xbf7120, 0xaaaaaaaaaaaaaaaa, 0x38, 0x7437e2,
0x87a299, 0x3)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*PtrType).generate(0xbd68e0,
0xc000633d80, 0xc0002911c0, 0x40b7ff, 0xc000633fc0, 0x20, 0x20, 0x8115a0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:729 +0x84
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000633d80,
0xc0002911c0, 0x8fda80, 0xbd68e0, 0xc00097bb00, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000633d80,
0xc0002911c0, 0x8fda80, 0xbd68e0, 0x2, 0x2, 0x0, 0x203000, 0xc00097bce8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc000633d80,
0xc0002911c0, 0xbc6de0, 0x2, 0x2, 0x4bb4f2e5b6de328d, 0xc00097bdb0,
0x72beae, 0x7f3580, 0xc000417050, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:518 +0x11d
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc000633d80,
0xc0002911c0,
0xbe0360, 0xe1, 0xc0002911c0, 0xc000552630)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:462 +0xd1
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc000633d80,
0xc0002911c0, 0xc000290f80, 0xc0002911c0, 0xc00097be48, 0x731217)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:454 +0xa4
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc00097bed0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:118
+0xcb
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc000290f80, 0x8f8680,
0xc000417c20, 0x1e, 0xc000425800, 0xc000912000, 0x97d, 0xc00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:32
+0x299
main.(*Proc).loop(0xc000425840)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99
+0x446created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236
+0xfe2
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 03d6ed1c9def Remove (unused) FS_BOOT training wheels. If y..
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=13928893400000
dashboard link: https://syzkaller.appspot.com/bug?extid=403b2971bb4ae9a2eeea
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+403b29...@syzkaller.appspotmail.com
panic: sandbox escaping file name "../file0", Files are
map[./file0:true ../file0:true]
goroutine 16 [running]:
github.com/google/syzkaller/prog.(*randGen).filename(0xc000633d80,
0xc0002911c0, 0xbf7120, 0x203000, 0xc00097b958)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:161 +0x2e3
github.com/google/syzkaller/prog.(*BufferType).generate(0xbf7120,
0xc000633d80, 0xc0002911c0, 0xc00007b500, 0x5746868df585b677, 0xc00097b9e8,
0x4f0c53, 0xc000417c20)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:646 +0x4fc
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000633d80,
0xc0002911c0, 0x8fd620, 0xbf7120, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000633d80,
0xc0002911c0, 0x8fd620, 0xbf7120, 0xaaaaaaaaaaaaaaaa, 0x38, 0x7437e2,
0x87a299, 0x3)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*PtrType).generate(0xbd68e0,
0xc000633d80, 0xc0002911c0, 0x40b7ff, 0xc000633fc0, 0x20, 0x20, 0x8115a0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:729 +0x84
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc000633d80,
0xc0002911c0, 0x8fda80, 0xbd68e0, 0xc00097bb00, 0x0, 0x0, 0x0, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:581 +0x1b6
github.com/google/syzkaller/prog.(*randGen).generateArg(0xc000633d80,
0xc0002911c0, 0x8fda80, 0xbd68e0, 0x2, 0x2, 0x0, 0x203000, 0xc00097bce8)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:530 +0x52
github.com/google/syzkaller/prog.(*randGen).generateArgs(0xc000633d80,
0xc0002911c0, 0xbc6de0, 0x2, 0x2, 0x4bb4f2e5b6de328d, 0xc00097bdb0,
0x72beae, 0x7f3580, 0xc000417050, ...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:518 +0x11d
github.com/google/syzkaller/prog.(*randGen).generateParticularCall(0xc000633d80,
0xc0002911c0,
0xbe0360, 0xe1, 0xc0002911c0, 0xc000552630)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:462 +0xd1
github.com/google/syzkaller/prog.(*randGen).generateCall(0xc000633d80,
0xc0002911c0, 0xc000290f80, 0xc0002911c0, 0xc00097be48, 0x731217)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:454 +0xa4
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc00097bed0, 0x14)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:118
+0xcb
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc000290f80, 0x8f8680,
0xc000417c20, 0x1e, 0xc000425800, 0xc000912000, 0x97d, 0xc00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:32
+0x299
main.(*Proc).loop(0xc000425840)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:99
+0x446created by main.main
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:236
+0xfe2
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Greg Steuck
Nov 25, 2018, 4:51:20 PM11/25/18
to syzbot+403b29...@syzkaller.appspotmail.com, syzkaller-o...@googlegroups.com
#syz invalid
Reply all
Reply to author
Forward
0 new messages