syzbot


panic: malloc: allocation too large, type = 2, size = ADDR (2)
Status: fixed on 2019/09/10 23:33
Reported-by: syzbot+d325bc014d9eca9f36d0@syzkaller.appspotmail.com
Fix commit: 225e50e8a961 Do not decrement the number of VMs counter twice in one of vm_create() error paths. If creation of the first VM fails, the counter will wrap around to a huge value. The same value could later be passed to malloc() through vm_get_info() causing a panic.
First crash: 701d, last: 683d
duplicates (13):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
panic: malloc: allocation too large, tpyapnei c:= k2e, rsniezle di=a g1n8o4s4t6i7c4 assertion "!_kernel_lock_held()" f 1 683d 683d 0/3 closed as dup on 2019/09/11 07:06
panic: malloc: palalnioc:c atkieronn elt ood ilaagrngoest,i c tayspsertion "!_kernel_lock_held()" failed: file "/syzkall 1 690d 690d 0/3 closed as dup on 2019/09/03 18:11
panic: malloc: allocation too large, type = 2, size = ADDRp5an12ic9:LINE 1 694d 694d 0/3 closed as dup on 2019/08/31 08:53
panic: malloc: alWlARoNcIaNtG:i onSP Lt oNoO Tl aLrOWgEeRE,D tOypN eS =YS C2,A LsL i3 z4e E=X IT1 8404 6974 1 694d 694d 0/3 closed as dup on 2019/08/31 12:38
panic: malloc: allocatWiAoRNn ItNoGo: lSaPLrg NeO, T tLyOpWeE R=E D2 ,O Ns iSzYeSC A=L 1L 843 446 7E4X4I0T73 700 995 1 684d 684d 0/3 closed as dup on 2019/09/10 07:10
panic: malloc: allocation too large, type = 2, size = ADDRp4a4n07ic3:LINE 0k95er5n0e3l3 diagnostic assertion "!_kernel_l 1 694d 694d 0/3 closed as dup on 2019/09/01 09:01
panic: malloc: allocation too large, type = 2, size = ADDRp9a5n484: ke 1 690d 690d 0/3 closed as dup on 2019/09/05 07:23
panic: malloc: allocation too large, type = 2, sizep a=n 1i8c4: 46ke74rn4e0l7 37di0a9g55no0s9t7i6c 1 692d 692d 0/3 closed as dup on 2019/09/02 21:11
corrupted report 7 684d 697d 0/3 closed as dup on 2019/08/27 18:20
panic: malloc: allocation too large, type W=A RN2,IN sG:i zeS P=L N1O84T 4L6O7W4ER4E0D 7ON3 7S0Y9S5C5A1L29L6 3 1 693d 693d 0/3 closed as dup on 2019/09/01 16:33
panic: malloc: allocation too large, type = 2, sipzaen i= c1:LINE 4k6er74n4e0l7 3di70ag9n55os1t296ic assertion "!_kernel 1 685d 685d 0/3 closed as dup on 2019/09/09 08:48
panic: mallocic: koraeio nd tagnosric,asypr = 2 !_ikzeer n=e l_l4ADDR(3)7" ADDR 1 688d 688d 0/3 closed as dup on 2019/09/06 07:52
panic: malloc: allocation too large, type = 2, size = ADDRpa 1 684d 684d 0/3 closed as dup on 2019/09/09 19:45
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd panic: malloc: allocation too large, type = 2, size = ADDR C 914 847d 910d 3/3 fixed on 2019/03/30 20:17
Patch testing requests:
Created Duration User Patch Repo Result
2019/09/09 18:27 16m anton@basename.se https://github.com/mptre/openbsd-src vmm OK
2019/09/09 18:09 10m anton@basename.se https://github.com/mptre/openbsd-src vmm report log

Sample crash report:

Crashes (16842):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-openbsd-multicore 2019/09/04 15:06 openbsd 40f2a8ecbf52 d994512d .config log report syz C
ci-openbsd-main 2019/08/24 14:04 openbsd 9be55947e891 78ded196 .config log report syz C
ci-openbsd-multicore 2019/09/10 23:13 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 22:31 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 21:32 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 21:30 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 20:27 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 19:53 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 19:16 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 18:37 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 18:14 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 17:52 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 17:19 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 16:55 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 16:29 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 15:47 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 15:25 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 14:55 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 14:17 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 13:51 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 13:25 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 13:00 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 12:21 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 12:00 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 11:40 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 11:11 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 10:37 openbsd 4f5a6e711025 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 10:07 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 09:31 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 09:06 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 08:39 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 08:13 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 07:50 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 07:28 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 06:57 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 06:22 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 05:59 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 05:25 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 04:39 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 04:09 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 03:43 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/09/10 03:21 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 02:50 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-multicore 2019/09/10 02:20 openbsd 62d8f86c43d3 a60cb4cd .config log report
ci-openbsd-main 2019/08/24 08:56 openbsd 9be55947e891 78ded196 .config log report