panic: malloc: allocation too large, type = 2, sizep a=n 1i8c4: 46ke74rn4e0l7 37di0a9g55no0s9t7i6c
1 view
Skip to first unread message
syzbot
Sep 2, 2019, 5:30:07 AM9/2/19
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 0c2868d6 downgrade PKCS#11 "provider returned no slots" wa..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14e010fa600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=6177393c9cd1f38553c2
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+617739...@syzkaller.appspotmail.com
panic: malloc: allocation too large, type = 2, sizep a=n 1i8c4:
46ke74rn4e0l7 37di0a9g55no0s9t7i6c
a
sStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
220507 65363 0 0 0x4000000 1 syz-executor.0
* 25020 73363 0 0 0x4000000 0 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(fffffffffffffd80,2,a) at malloc+0x9c9 sys/kern/kern_malloc.c:344
vm_get_info(ffff800022bad610) at vm_get_info+0x9d
VOP_IOCTL(fffffd806e1fdb60,c0185603,ffff800022bad610,ca,fffffd807f7c6960,ffff800020ab0290)
at
VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd806735e998,c0185603,ffff800022bad610,ffff800020ab0290) at
vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524
sys_ioctl(ffff800020ab0290,ffff800022bad728,ffff800022bad770) at
sys_ioctl+0x5b9
syscall(ffff800022bad7f0) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800022bad7f0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff53,0,3,506a9ad90e0) at Xsyscall+0x128
end of kernel
end trace frame: 0x508ef9b7750, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 0c2868d6 downgrade PKCS#11 "provider returned no slots" wa..
git tree: openbsd
console output: https://syzkaller.appspot.com/x/log.txt?x=14e010fa600000
kernel config: https://syzkaller.appspot.com/x/.config?x=26ca0a9c07f16a3a
dashboard link: https://syzkaller.appspot.com/bug?extid=6177393c9cd1f38553c2
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+617739...@syzkaller.appspotmail.com
panic: malloc: allocation too large, type = 2, sizep a=n 1i8c4:
46ke74rn4e0l7 37di0a9g55no0s9t7i6c
a
sStopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
220507 65363 0 0 0x4000000 1 syz-executor.0
* 25020 73363 0 0 0x4000000 0 syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
malloc(fffffffffffffd80,2,a) at malloc+0x9c9 sys/kern/kern_malloc.c:344
vm_get_info(ffff800022bad610) at vm_get_info+0x9d
VOP_IOCTL(fffffd806e1fdb60,c0185603,ffff800022bad610,ca,fffffd807f7c6960,ffff800020ab0290)
at
VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd806735e998,c0185603,ffff800022bad610,ffff800020ab0290) at
vn_ioctl+0xb7 sys/kern/vfs_vnops.c:524
sys_ioctl(ffff800020ab0290,ffff800022bad728,ffff800022bad770) at
sys_ioctl+0x5b9
syscall(ffff800022bad7f0) at syscall+0x4a4 mi_syscall
sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800022bad7f0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff53,0,3,506a9ad90e0) at Xsyscall+0x128
end of kernel
end trace frame: 0x508ef9b7750, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 2, 2019, 5:11:03 PM9/2/19
to Greg Steuck, gr...@nest.cx, syzkaller-o...@googlegroups.com
> #syz dup: panic: malloc: allocation too large, type = 2, size = ADDR (2)
Your 'dup:' command is accepted, but please keep
syzkaller-o...@googlegroups.com mailing list in CC next time. It
serves as a history of what happened with each bug report. Thank you.
Your 'dup:' command is accepted, but please keep
syzkaller-o...@googlegroups.com mailing list in CC next time. It
serves as a history of what happened with each bug report. Thank you.
Reply all
Reply to author
Forward
0 new messages