syzbot


panic: malloc: allocation too large, type = 2, size = ADDRpa

Status: closed as dup on 2019/09/09 19:45
Reported-by: syzbot+33d4f331cf22bbab11fb@syzkaller.appspotmail.com
First crash: 1929d, last: 1929d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
panic: malloc: allocation too large, type = 2, size = ADDR (2) C 16842 1928d 1946d

Sample crash report:
panic: malloc: allocation too large, type = 2, size = 18446744073709550336pa
n
ic
:Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*276679  27691      0           0  0x4000000    0  syz-executor.0
 459612  51729      0           0  0x4000000    1  syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(fffffffffffffb00,2,a) at malloc+0x9c9 sys/kern/kern_malloc.c:344
vm_get_info(ffff800021d55810) at vm_get_info+0x9d
VOP_IOCTL(fffffd806ebc9a90,c0185603,ffff800021d55810,1,fffffd807f7c68a0,ffff800020ab18c8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd80797f7428,c0185603,ffff800021d55810,ffff800020ab18c8) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524
sys_ioctl(ffff800020ab18c8,ffff800021d55928,ffff800021d55970) at sys_ioctl+0x5b9
syscall(ffff800021d559f0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800021d559f0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff53,0,3,aba87131010) at Xsyscall+0x128
end of kernel
end trace frame: 0xabcf23cacb0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
malloc: allocation too large, type = 2, size = 18446744073709550336

ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(fffffffffffffb00,2,a) at malloc+0x9c9 sys/kern/kern_malloc.c:344
vm_get_info(ffff800021d55810) at vm_get_info+0x9d
VOP_IOCTL(fffffd806ebc9a90,c0185603,ffff800021d55810,1,fffffd807f7c68a0,ffff800020ab18c8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd80797f7428,c0185603,ffff800021d55810,ffff800020ab18c8) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524
sys_ioctl(ffff800020ab18c8,ffff800021d55928,ffff800021d55970) at sys_ioctl+0x5b9
syscall(ffff800021d559f0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800021d559f0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff53,0,3,aba87131010) at Xsyscall+0x128
end of kernel
end trace frame: 0xabcf23cacb0, count: -9
ddb{0}> show registers
rdi               0xffffffff818a6867    db_enter+0x17
rsi                           0x1edd    __ALIGN_SIZE+0xedd
rbp               0xffff800021d55450
rbx               0xffff800021d55500
rdx                           0x1ede    __ALIGN_SIZE+0xede
rcx               0xffff800020b4a000
rax               0xffff800020b4a000
r8                0xffffffff81e023df    kprintf+0x16f
r9                               0x1
r10                             0x25
r11               0x8b08e209a4f8da8d
r12                     0x3000000008
r13               0xffff800021d55460
r14                            0x100
r15                              0x1
rip               0xffffffff818a6868    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800021d55440
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor.0) pid=276679 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=83, usrpri=83, nice=20
    forw=0xffffffffffffffff, list=0xffff800020a5f150,0xffffffff8263bd20
    process=0xffff800020a8aa90 user=0xffff800021d50000, vmspace=0xfffffd807f00b730
    estcpu=36, cpticks=0, pctcpu=0.0
    user=0, sys=0, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 27691  459149  36825      0  2           0                syz-executor.0
*27691  276679  36825      0  7   0x4000000                syz-executor.0
 51729  438843  68129      0  2           0                syz-executor.1
 51729  459612  68129      0  7   0x4000000                syz-executor.1
 68129  302765  67658      0  3        0x82  nanosleep     syz-executor.1
 36825  165968  67658      0  3        0x82  nanosleep     syz-executor.0
 61880  279338      1      0  3    0x100083  ttyin         getty
  4879  454493      0      0  3     0x14200  acct          acct
 55087   30276      0      0  3     0x14200  bored         sosplice
 67658  227094  72192      0  3        0x82  thrsleep      syz-fuzzer
 67658  291060  72192      0  3   0x4000082  nanosleep     syz-fuzzer
 67658  279221  72192      0  3   0x4000082  thrsleep      syz-fuzzer
 67658    7230  72192      0  3   0x4000082  thrsleep      syz-fuzzer
 67658  323013  72192      0  3   0x4000082  kqread        syz-fuzzer
 67658  139555  72192      0  3   0x4000082  thrsleep      syz-fuzzer
 67658   84624  72192      0  3   0x4000082  thrsleep      syz-fuzzer
 67658  511567  72192      0  3   0x4000082  thrsleep      syz-fuzzer
 67658  508247  72192      0  3   0x4000082  thrsleep      syz-fuzzer
 67658  389842  72192      0  3   0x4000082  thrsleep      syz-fuzzer
 72192  167972  90485      0  3    0x10008a  pause         ksh
 90485  399521  75186      0  3        0x92  select        sshd
 75186  339398      1      0  3        0x80  select        sshd
 11635  134807  20521     74  3    0x100092  bpf           pflogd
 20521  212028      1      0  3        0x80  netio         pflogd
 14318  120923  96415     73  3    0x100090  kqread        syslogd
 96415   15798      1      0  3    0x100082  netio         syslogd
 44667  434682      0      0  2     0x14200                zerothread
 48099  157779      0      0  3     0x14200  aiodoned      aiodoned
 77680  521636      0      0  3     0x14200  syncer        update
 31147  520787      0      0  3     0x14200  cleaner       cleaner
 65611  228113      0      0  3     0x14200  reaper        reaper
 68374  514298      0      0  3     0x14200  pgdaemon      pagedaemon
 89039  371716      0      0  3     0x14200  bored         crynlk
 43093  361583      0      0  3     0x14200  bored         crypto
 98954    2749      0      0  3  0x40014200  acpi0         acpi0
 95468  198404      0      0  3  0x40014200                idle1
 51377  304547      0      0  3     0x14200  bored         softnet
 14689  350361      0      0  3     0x14200  bored         systqmp
 34086  104191      0      0  3     0x14200  bored         systq
  9864  394587      0      0  3  0x40014200  bored         softclock
 66707  411534      0      0  3  0x40014200                idle0
 41598  374599      0      0  3     0x14200  bored         smr
     1   34150      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}> show all locks
Process 27691 (syz-executor.0) thread 0xffff800020ab18c8 (276679)
shared rwlock vmlistlock r = 0 (0xffff80000066e478)
#0  witness_lock+0x52e sys/kern/subr_witness.c:1163
#1  vm_get_info+0x39 sys/arch/amd64/amd64/vmm.c:3712
#2  VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
#3  vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524
#4  sys_ioctl+0x5b9
#5  syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#5  syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#6  Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff826394e0)
#0  witness_lock+0x52e sys/kern/subr_witness.c:1163
#1  syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline]
#1  syscall+0x400 sys/arch/amd64/amd64/trap.c:555
#2  Xsyscall+0x128
ddb{0}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim Kern Lim
         devbuf  9619   6419K    7832K  78643K     25969        0        0
            pcb    13      8K       8K  78643K       914        0        0
         rtable   115     12K      13K  78643K      1101        0        0
         ifaddr    88     20K      21K  78643K       772        0        0
       counters    39     33K      33K  78643K        39        0        0
       ioctlops     0      0K       4K  78643K      1710        0        0
            iov     0      0K      32K  78643K       573        0        0
          mount     1      1K       1K  78643K         1        0        0
         vnodes  1213     76K      77K  78643K      7344        0        0
      UFS quota     1     32K      32K  78643K         1        0        0
      UFS mount     5     36K      36K  78643K         5        0        0
            shm     2      1K       5K  78643K       102        0        0
         VM map     2      1K       1K  78643K        10        0        0
            sem    12      0K       0K  78643K      1301        0        0
        dirhash    12      2K       2K  78643K        12        0        0
           ACPI  1808    196K     290K  78643K     12765        0        0
      file desc     6     17K      25K  78643K      6645        0        0
          sigio     0      0K       0K  78643K        63        0        0
           proc    57     51K      95K  78643K      2189        0        0
        subproc    32      2K       2K  78643K       493        0        0
    NFS srvsock     1      0K       0K  78643K         1        0        0
     NFS daemon     1     16K      16K  78643K         1        0        0
    ip_moptions     0      0K       0K  78643K       524        0        0
       in_multi    33      2K       2K  78643K       499        0        0
    ether_multi     1      0K       0K  78643K        33        0        0
            mrt     0      0K       0K  78643K        26        0        0
    ISOFS mount     1     32K      32K  78643K         1        0        0
  MSDOSFS mount     1     16K      16K  78643K         1        0        0
           ttys   198    874K     874K  78643K       198        0        0
           exec     0      0K       1K  78643K      1057        0        0
     pfkey data     0      0K       4K  78643K         2        0        0
        pagedep     1      8K       8K  78643K         1        0        0
       inodedep     1     32K      32K  78643K         1        0        0
         newblk     1      0K       0K  78643K         1        0        0
        VM swap     7     26K      26K  78643K         7        0        0
       UVM amap   114     22K      30K  78643K     23360        0        0
       UVM aobj   130      5K       5K  78643K       153        0        0
        memdesc     1      4K       4K  78643K         1        0        0
    crypto data     1      1K       1K  78643K         1        0        0
    ip6_options     0      0K       1K  78643K       887        0        0
            NDP    21      0K       0K  78643K       240        0        0
           temp   235   3557K    4197K  78643K     85113        0        0
         kqueue     0      0K       0K  78643K        68        0        0
      SYN cache     2     16K      16K  78643K         2        0        0
ddb{0}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64       64    0       58     1     0     1     1     0     8    0
plcache    128       20    0        0     1     0     1     1     0     8    0
rtpcb       80      355    0      355    14    13     1     1     0     8    1
rtentry    112      302    0      258     2     0     2     2     0     8    0
unpcb      120     2457    0     2445     4     3     1     3     0     8    0
syncache   264        4    0        4     1     1     0     1     0     8    0
sackhl      24        4    0        4     4     4     0     1     0     8    0
tcpqe       32     5719    0     5719     3     3     0     2     0     8    0
tcpcb      544     1486    0     1482     3     2     1     3     0     8    0
inpcb      280     4348    0     4344     5     4     1     3     0     8    0
rttmr       72        5    0        5     5     5     0     1     0     8    0
ip6q        72        1    0        1     1     1     0     1     0     8    0
nd6         48       50    0       46     1     0     1     1     0     8    0
pkpcb       40       32    0       32    11    11     0     1     0     8    0
swfcl       56        3    0        0     1     0     1     1     0     8    0
ppxss      1128     118    0      118    19    19     0     1     0     8    0
pffrag     232        7    0        7     2     2     0     1     0   482    0
pffrnode    88        7    0        7     2     2     0     1     0     8    0
pffrent     40       19    0       19     3     3     0     1     0     8    0
pfosfp      40      846    0      423     5     0     5     5     0     8    0
pfosfpen   112     1428    0      714    21     0    21    21     0     8    0
pfstitem    24      161    0      153     1     0     1     1     0     8    0
pfstkey    112      162    0      154     1     0     1     1     0     8    0
pfstate    328      162    0      154     4     3     1     3     0     8    0
pfrule     1360      21    0       16     2     1     1     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256     1331    0     1116    27    13    14    15     0     8    0
art_table   32     1332    0     1116     2     0     2     2     0     8    0
art_node    16      299    0      259     1     0     1     1     0     8    0
sysvmsgpl   40       25    0       16     1     0     1     1     0     8    0
semupl     112        1    0        1     1     1     0     1     0     8    0
semapl     112     1299    0     1289     1     0     1     1     0     8    0
shmpl      112      151    0       23     4     0     4     4     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino1pl    128    11459    0    10039    46     0    46    46     0     8    0
ffsino     272    11459    0    10039    95     0    95    95     0     8    0
nchpl      144    24468    0    22854    61     0    61    61     0     8    0
uvmvnodes   72     5983    0        0   109     0   109   109     0     8    0
vnodes     208     5983    0        0   315     0   315   315     0     8    0
namei      1024   78904    0    78904     8     7     1     1     0     8    1
percpumem   16       30    0        0     1     0     1     1     0     8    0
vmpool     552        8    0        8     4     4     0     1     0     8    0
scsiplug    64       17    0       17    10    10     0     1     0     8    0
scxspl     192    58388    0    58388    37    36     1     7     0     8    1
plimitpl   152      630    0      623     1     0     1     1     0     8    0
sigapl     432     6767    0     6753     3     1     2     3     0     8    0
futexpl     56   109390    0   109390     9     8     1     1     0     8    1
knotepl    112     1420    0     1401     3     2     1     2     0     8    0
kqueuepl   104     3571    0     3569     1     0     1     1     0     8    0
pipepl     112     3092    0     3073     6     5     1     2     0     8    0
fdescpl    488     6768    0     6753     3     0     3     3     0     8    0
filepl     152    53066    0    52970    24    19     5     9     0     8    1
lockfpl    104     2074    0     2074     9     8     1     1     0     8    1
lockfspl    48      727    0      727     9     8     1     1     0     8    1
sessionpl  112       48    0       39     1     0     1     1     0     8    0
pgrppl      48      103    0       94     1     0     1     1     0     8    0
ucredpl     96     8619    0     8611     1     0     1     1     0     8    0
zombiepl   144     6753    0     6753     4     3     1     1     0     8    1
processpl  896     6785    0     6753     4     0     4     4     0     8    0
procpl     632    21160    0    21117    29    24     5     5     0     8    1
srpgc       64       54    0       54    17    16     1     1     0     8    1
sosppl     128       58    0       58    18    18     0     1     0     8    0
sockpl     384     7258    0     7242    17    14     3     8     0     8    0
mcl64k     65536     19    0        0     3     0     3     3     0     8    0
mcl16k     16384     10    0        0     2     0     2     2     0     8    0
mcl12k     12288     34    0        0     3     1     2     2     0     8    0
mcl9k      9216      19    0        0     2     0     2     2     0     8    0
mcl8k      8192      30    0        0     4     2     2     3     0     8    0
mcl4k      4096      25    0        0     3     0     3     3     0     8    0
mcl2k2     2112      12    0        0     1     0     1     1     0     8    0
mcl2k      2048     278    0        0    29     7    22    29     0     8    0
mtagpl      80       58    0        0     1     0     1     1     0     8    0
mbufpl     256      433    0        0    16     0    16    16     0     8    0
bufpl      256    18980    0    11932   441     0   441   441     0     8    0
anonpl      16   619945    0   607332   191   119    72    76     0   124   11
amapchunkpl 152   41562    0    41436    20    13     7    11     0   158    0
amappl16   192    32148    0    31352   179   134    45    52     0     8    4
amappl15   184     1441    0     1439     5     4     1     1     0     8    0
amappl14   176      551    0      547     2     1     1     1     0     8    0
amappl13   168     1891    0     1891     3     3     0     1     0     8    0
amappl12   160      611    0      610     1     0     1     1     0     8    0
amappl11   152     1160    0     1152     1     0     1     1     0     8    0
amappl10   144      574    0      570     1     0     1     1     0     8    0
amappl9    136     1690    0     1682     1     0     1     1     0     8    0
amappl8    128     1202    0     1165     2     0     2     2     0     8    0
amappl7    120      739    0      730     1     0     1     1     0     8    0
amappl6    112     1103    0     1091     1     0     1     1     0     8    0
amappl5    104      965    0      954     1     0     1     1     0     8    0
amappl4     96     7358    0     7330     1     0     1     1     0     8    0
amappl3     88      913    0      908     1     0     1     1     0     8    0
amappl2     80    53724    0    53649     4     2     2     3     0     8    0
amappl1     72   157204    0   156781    25    15    10    20     0     8    0
amappl      80    21863    0    21823     3     1     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma64       64      259    0      259     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       17    0       17     1     1     0     1     0     8    0
aobjpl      64      152    0       23     3     0     3     3     0     8    0
uaddrrnd    24     6776    0     6753     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     6776    0     6753     1     0     1     1     0     8    0
vmmpekpl   168    54285    0    54254     2     0     2     2     0     8    0
vmmpepl    168   833944    0   831981   360   238   122   126     0   357   33
vmsppl     368     6767    0     6753     2     0     2     2     0     8    0
pdppl      4096   13559    0    13522    10     5     5     6     0     8    0
pvpl        32  1677796    0  1661973   423   246   177   182     0   265   30
pmappl     232     6775    0     6761     2     1     1     2     0     8    0
extentpl    40       41    0       26     1     0     1     1     0     8    0
phpool     112      651    0       39    18     0    18    18     0     8    0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/09/09 19:27 openbsd 1af766eb9cce a60cb4cd .config console log report ci-openbsd-multicore
* Struck through repros no longer work on HEAD.