syzbot


panic: malloc: allocation too large, tpyapnei c:= k2e, rsniezle di=a g1n8o4s4t6i7c4 assertion "!_kernel_lock_held()" f

Status: closed as dup on 2019/09/11 07:06
Reported-by: syzbot+aca11589fa61fce22ae4@syzkaller.appspotmail.com
First crash: 1928d, last: 1928d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
panic: malloc: allocation too large, type = 2, size = ADDR (2) C 16842 1928d 1946d

Sample crash report:
login: panic: malloc: allocation too large, tpyapnei c:=  k2e, rsniezle  di=a g1n8o4s4t6i7c4 assertion "!_kernel_lock_held()" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_fork.c", line 690
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 202640  59512      0           0  0x4000000    0  syz-executor.1
*464703   2369      0           0  0x4000000    1  syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff8220219d,ffffffff821ee8cd,2b2,ffffffff821d0e7f) at __assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: 11
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
malloc: allocation too large, type = 2, size = 18446744073709550016

ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff8220219d,ffffffff821ee8cd,2b2,ffffffff821d0e7f) at __assert+0x2b sys/kern/subr_prf.c:154
proc_trampoline_mp() at proc_trampoline_mp+0x123
end trace frame: 0x0, count: -4
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff800022775b70
rbx               0xffff800022775c20
rdx               0xffff800020acf660
rcx                                0
rax                                0
r8                0xffffffff81dbebdf    kprintf+0x16f
r9                               0x1
r10                             0x25
r11               0xa54b4cdbe7da2653
r12                     0x3000000008
r13               0xffff800022775b80
r14                            0x104
r15                              0x1
rip               0xffffffff81e59458    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800022775b60
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.0) pid=464703 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=79, usrpri=79, nice=20
    forw=0xffffffffffffffff, list=0xffff800020acfb50,0xffffffff8262fc50
    process=0xffff800020a8b890 user=0xffff800022770000, vmspace=0xfffffd807f00c5c0
    estcpu=36, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 59512   39046  20475      0  2           0                syz-executor.1
 59512  202640  20475      0  7   0x4000000                syz-executor.1
  2369   48654  55106      0  2           0                syz-executor.0
  2369  518885  55106      0  3   0x4000080  fsleep        syz-executor.0
* 2369  464703  55106      0  7   0x4000000                syz-executor.0
 55106  337805  98150      0  3        0x82  nanosleep     syz-executor.0
 20475  165495  98150      0  3        0x82  nanosleep     syz-executor.1
 38729  203006      1      0  3    0x100083  ttyin         getty
 41762   30192      0      0  3     0x14200  acct          acct
 22494  280303      0      0  3     0x14200  bored         sosplice
 98150  143195  87326      0  3        0x82  thrsleep      syz-fuzzer
 98150   51439  87326      0  3   0x4000082  nanosleep     syz-fuzzer
 98150  277916  87326      0  3   0x4000082  thrsleep      syz-fuzzer
 98150  311052  87326      0  3   0x4000082  thrsleep      syz-fuzzer
 98150  311505  87326      0  3   0x4000082  thrsleep      syz-fuzzer
 98150  310704  87326      0  3   0x4000082  thrsleep      syz-fuzzer
 98150  507886  87326      0  3   0x4000082  kqread        syz-fuzzer
 98150  115016  87326      0  3   0x4000082  thrsleep      syz-fuzzer
 98150  133596  87326      0  3   0x4000082  thrsleep      syz-fuzzer
 98150   66850  87326      0  3   0x4000082  thrsleep      syz-fuzzer
 87326  216114   9300      0  3    0x10008a  pause         ksh
  9300   50453  28627      0  3        0x92  select        sshd
 28627  276344      1      0  3        0x80  select        sshd
 17880   77315  60251     74  3    0x100092  bpf           pflogd
 60251  318139      1      0  3        0x80  netio         pflogd
 64070  360816  95453     73  3    0x100090  kqread        syslogd
 95453  519939      1      0  3    0x100082  netio         syslogd
 72391   71781      1     77  3    0x100090  poll          dhclient
 55189  518866      1      0  3        0x80  poll          dhclient
 53932  169554      0      0  2     0x14200                zerothread
 38740   58253      0      0  3     0x14200  aiodoned      aiodoned
 17489    3753      0      0  3     0x14200  syncer        update
 38891  393836      0      0  3     0x14200  cleaner       cleaner
 59978  443413      0      0  3     0x14200  reaper        reaper
  2190  374560      0      0  3     0x14200  pgdaemon      pagedaemon
  7658  185490      0      0  3     0x14200  bored         crynlk
  1196  325425      0      0  3     0x14200  bored         crypto
 63141  241787      0      0  3  0x40014200  acpi0         acpi0
 33329  463976      0      0  3  0x40014200                idle1
 64133  146674      0      0  3     0x14200  bored         softnet
 77399  487972      0      0  3     0x14200  bored         systqmp
 72032  461517      0      0  3     0x14200  bored         systq
 79237  437741      0      0  3  0x40014200  bored         softclock
 31124  154381      0      0  3  0x40014200                idle0
 75075  516259      0      0  3     0x14200  bored         smr
     1  100341      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
Process 59512 (syz-executor.1) thread 0xffff800020acfb50 (202640)
shared rwlock vmlistlock r = 0 (0xffff80000066e478)
#0  witness_lock+0x52e sys/kern/subr_witness.c:1163
#1  vm_get_info+0x39 sys/arch/amd64/amd64/vmm.c:3712
#2  VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
#3  vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524
#4  sys_ioctl+0x5b9
#5  syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
#5  syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
#6  Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82663928)
#0  witness_lock+0x52e sys/kern/subr_witness.c:1163
#1  syscall+0x400 mi_syscall sys/sys/syscall_mi.h:83 [inline]
#1  syscall+0x400 sys/arch/amd64/amd64/trap.c:555
#2  Xsyscall+0x128
ddb{1}> show malloc
           Type InUse  MemUse  HighUse   Limit  Requests Type Lim Kern Lim
         devbuf  9646   6676K    7718K  78643K     24430        0        0
            pcb    13      8K       8K  78643K       758        0        0
         rtable   111     12K      13K  78643K      2046        0        0
         ifaddr    97     21K      22K  78643K       698        0        0
       counters    39     33K      33K  78643K        39        0        0
       ioctlops     0      0K       4K  78643K      1691        0        0
            iov     0      0K      20K  78643K       631        0        0
          mount     1      1K       1K  78643K         1        0        0
         vnodes  1206     76K      77K  78643K      7346        0        0
      UFS quota     1     32K      32K  78643K         1        0        0
      UFS mount     5     36K      36K  78643K         5        0        0
            shm     2      1K       5K  78643K        94        0        0
         VM map     2      1K       1K  78643K        12        0        0
            sem    12      0K       0K  78643K       852        0        0
        dirhash    12      2K       2K  78643K        12        0        0
           ACPI  1808    196K     290K  78643K     12765        0        0
      file desc     6     17K      25K  78643K      6051        0        0
          sigio     0      0K       0K  78643K        53        0        0
           proc    62     63K      83K  78643K      1804        0        0
        subproc    32      2K       2K  78643K       408        0        0
    NFS srvsock     1      0K       0K  78643K         1        0        0
     NFS daemon     1     16K      16K  78643K         1        0        0
    ip_moptions     0      0K       0K  78643K       526        0        0
       in_multi    29      1K       2K  78643K       419        0        0
    ether_multi     1      0K       0K  78643K        26        0        0
            mrt     2      0K       0K  78643K        33        0        0
    ISOFS mount     1     32K      32K  78643K         1        0        0
  MSDOSFS mount     1     16K      16K  78643K         1        0        0
           ttys    96    424K     424K  78643K        96        0        0
           exec     0      0K       1K  78643K       969        0        0
     pfkey data     0      0K       4K  78643K         2        0        0
        pagedep     1      8K       8K  78643K         1        0        0
       inodedep     1     32K      32K  78643K         1        0        0
         newblk     1      0K       0K  78643K         1        0        0
        VM swap     7     26K      26K  78643K         7        0        0
       UVM amap   130     23K      32K  78643K     21544        0        0
       UVM aobj   130      6K       6K  78643K       142        0        0
        memdesc     1      4K       4K  78643K         1        0        0
    crypto data     1      1K       1K  78643K         1        0        0
    ip6_options     0      0K       1K  78643K       716        0        0
            NDP    24      0K       1K  78643K       215        0        0
           temp   259   3557K    4197K  78643K    134648        0        0
         kqueue     0      0K       0K  78643K        34        0        0
      SYN cache     2     16K      16K  78643K         2        0        0
ddb{1}> show all pools
Name      Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp         64       56    0       50     1     0     1     1     0     8    0
plcache    128       20    0        0     1     0     1     1     0     8    0
rtpcb       80      300    0      298     1     0     1     1     0     8    0
rtentry    112      266    0      226     2     0     2     2     0     8    0
unpcb      120     2141    0     2123     3     1     2     2     0     8    1
syncache   264        4    0        4     1     1     0     1     0     8    0
sackhl      24        2    0        2     2     2     0     1     0     8    0
tcpqe       32     5357    0     5357     1     1     0     1     0     8    0
tcpcb      544     5491    0     5487     8     7     1     2     0     8    0
inpcb      280     8386    0     8379    11    10     1     2     0     8    0
rttmr       72        7    0        7     6     6     0     1     0     8    0
ip6q        72        1    0        1     1     1     0     1     0     8    0
ip6af       40        1    0        1     1     1     0     1     0     8    0
nd6         48       40    0       37     1     0     1     1     0     8    0
pkpcb       40       33    0       33    10    10     0     1     0     8    0
ppxss      1128      99    0       99    15    14     1     1     0     8    1
pffrag     232        1    0        1     1     1     0     1     0   482    0
pffrnode    88        1    0        1     1     1     0     1     0     8    0
pffrent     40        2    0        2     1     1     0     1     0     8    0
pfosfp      40      846    0      846     5     5     0     5     0     8    0
pfosfpen   112     1428    0     1428    21    21     0    21     0     8    0
pfstitem    24      142    0      120     1     0     1     1     0     8    0
pfstkey    112      142    0      120     1     0     1     1     0     8    0
pfstate    328      142    0      120     3     0     3     3     0     8    0
pfrule     1360      21    0       16     2     1     1     2     0     8    0
art_heap8  4096       1    0        0     1     0     1     1     0     8    0
art_heap4  256     1078    0      877    18     3    15    15     0     8    0
art_table   32     1079    0      877     2     0     2     2     0     8    0
art_node    16      253    0      216     1     0     1     1     0     8    0
semupl     112        4    0        4     1     1     0     1     0     8    0
semapl     112      850    0      840     1     0     1     1     0     8    0
shmpl      112      140    0       12     5     1     4     4     0     8    0
dirhash    1024      17    0        0     3     0     3     3     0     8    0
dino1pl    128    11109    0     9692    46     0    46    46     0     8    0
ffsino     272    11109    0     9692    95     0    95    95     0     8    0
nchpl      144    20934    0    20464    61    41    20    61     0     8    0
uvmvnodes   72     6442    0        0   118     0   118   118     0     8    0
vnodes     208     6442    0        0   340     0   340   340     0     8    0
namei      1024   75661    0    75661     3     2     1     1     0     8    1
percpumem   16       30    0        0     1     0     1     1     0     8    0
vmpool     552       10    0       10     4     4     0     1     0     8    0
scsiplug    64        8    0        8     5     5     0     1     0     8    0
scxspl     192    54635    0    54635    27    24     3     7     0     8    3
plimitpl   152      527    0      519     1     0     1     1     0     8    0
sigapl     432     6188    0     6172     3     1     2     3     0     8    0
futexpl     56   121756    0   121755     1     0     1     1     0     8    0
knotepl    112     1237    0     1218     3     2     1     3     0     8    0
kqueuepl   104     1183    0     1181     1     0     1     1     0     8    0
pipepl     112     3016    0     2997     8     6     2     2     0     8    1
fdescpl    488     6189    0     6172     3     0     3     3     0     8    0
filepl     152    51823    0    51719    17    11     6     7     0     8    2
lockfpl    104     1909    0     1908     1     0     1     1     0     8    0
lockfspl    48      639    0      638     1     0     1     1     0     8    0
sessionpl  112       43    0       32     1     0     1     1     0     8    0
pgrppl      48     1636    0     1625     1     0     1     1     0     8    0
ucredpl     96    10872    0    10862     1     0     1     1     0     8    0
zombiepl   144     6174    0     6174     3     2     1     1     0     8    1
processpl  896     6208    0     6174     4     0     4     4     0     8    0
procpl     632    19640    0    19594     6     1     5     5     0     8    0
srpgc       64       46    0       46    16    15     1     1     0     8    1
sosppl     128       79    0       79    15    15     0     1     0     8    0
sockpl     384    10948    0    10921    13     8     5     5     0     8    1
mcl64k     65536     19    0        0     3     0     3     3     0     8    0
mcl16k     16384     17    0        0     3     0     3     3     0     8    0
mcl12k     12288     17    0        0     2     0     2     2     0     8    0
mcl9k      9216      17    0        0     2     0     2     2     0     8    0
mcl8k      8192      21    0        0     3     1     2     3     0     8    0
mcl4k      4096      26    0        0     3     0     3     3     0     8    0
mcl2k2     2112      11    0        0     1     0     1     1     0     8    0
mcl2k      2048     123    0        0    13     0    13    13     0     8    0
mtagpl      80       39    0        0     1     0     1     1     0     8    0
mbufpl     256      338    0        0    12     2    10    10     0     8    0
bufpl      256    20416    0    13368   441     0   441   441     0     8    0
anonpl      16   582959    0   571625   175   111    64    76     0   124    0
amapchunkpl 152   40123    0    39991    60    53     7    20     0   158    1
amappl16   192    29662    0    28869   155   113    42    52     0     8    2
amappl15   184      282    0      282     4     4     0     1     0     8    0
amappl14   176      809    0      808     2     1     1     1     0     8    0
amappl13   168     1561    0     1559     4     3     1     1     0     8    0
amappl12   160      984    0      983     1     0     1     1     0     8    0
amappl11   152      466    0      448     1     0     1     1     0     8    0
amappl10   144     1156    0     1149     1     0     1     1     0     8    0
amappl9    136     1559    0     1551     1     0     1     1     0     8    0
amappl8    128     1117    0     1081     2     0     2     2     0     8    0
amappl7    120     1282    0     1274     1     0     1     1     0     8    0
amappl6    112      423    0      410     1     0     1     1     0     8    0
amappl5    104     1272    0     1258     1     0     1     1     0     8    0
amappl4     96     5797    0     5765     1     0     1     1     0     8    0
amappl3     88     1974    0     1968     1     0     1     1     0     8    0
amappl2     80    48751    0    48671     4     2     2     3     0     8    0
amappl1     72   145407    0   144950    27    17    10    20     0     8    0
amappl      80    20271    0    20226     2     0     2     2     0    84    0
dma4096    4096       1    0        1     1     1     0     1     0     8    0
dma256     256        6    0        6     1     1     0     1     0     8    0
dma64       64      259    0      259     1     1     0     1     0     8    0
dma32       32        7    0        7     1     1     0     1     0     8    0
dma16       16       17    0       17     1     1     0     1     0     8    0
aobjpl      64      141    0       12     3     0     3     3     0     8    0
uaddrrnd    24     6199    0     6172     1     0     1     1     0     8    0
uaddrbest   32        2    0        0     1     0     1     1     0     8    0
uaddr       24     6199    0     6172     1     0     1     1     0     8    0
vmmpekpl   168    49662    0    49625     2     0     2     2     0     8    0
vmmpepl    168   765277    0   763220   317   202   115   115     0   357   24
vmsppl     368     6188    0     6172     2     0     2     2     0     8    0
pdppl      4096   12405    0    12364     7     1     6     6     0     8    0
pvpl        32  1577522    0  1562885   361   210   151   187     0   265    4
pmappl     232     6198    0     6182     4     3     1     2     0     8    0
extentpl    40       41    0       26     1     0     1     1     0     8    0
phpool     112      619    0       19    18     0    18    18     0     8    0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/09/10 20:24 openbsd 4f5a6e711025 a60cb4cd .config console log report ci-openbsd-multicore
* Struck through repros no longer work on HEAD.