syzbot

 sign-in | mailing list | source | docs
🐞 Open [140]
🐞 Fixed [274]
🐞 Invalid [743]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: free: size too large NUM > NUM (ADDR) type sysctl

Status: fixed on 2024/09/25 14:29
Reported-by: syzbot+36e1f3b306f721f90c72@syzkaller.appspotmail.com
Fix commit: dd2b8016139a Fix sleeping race during malloc in sysctl hw.disknames.
First crash: 62d, last: 62d

Sample crash report:
panic: free: size too large 224 > 128 (0xffff8000015a8e80) type sysctl
Starting stack trace...
panic(ffffffff8300cbfc) at panic+0x1ba sys/kern/subr_prf.c:229
free(ffff8000015a8e80,b,e0) at free+0x6f5 sys/kern/kern_malloc.c:418
sysctl_diskinit(0,ffffffff8343a400) at sysctl_diskinit+0x17d sys/kern/kern_sysctl.c:2512
hw_sysctl_locked(ffff800037623d44,1,20000700,ffff800037623d78,20000100,93,ee60bf8ce4166c0) at hw_sysctl_locked+0x352 sys/kern/kern_sysctl.c:867
hw_sysctl(ffff800037623d44,1,20000700,ffff800037623d78,20000100,93,44b5cbc296677a54) at hw_sysctl+0x49a sys/kern/kern_sysctl.c:814
sys_sysctl(ffff80002a47b1e8,ffff800037623eb0,ffff800037623e00) at sys_sysctl+0x422
syscall(ffff800037623eb0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6aeed96c6d0, count: 249
End of stack trace.

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/23 19:01 openbsd 208893442c38 89298aad .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-main panic: free: size too large NUM > NUM (ADDR) type sysctl
* Struck through repros no longer work on HEAD.