uvm_fault: switchwrite
Status: fixed on 2019/01/06 10:35
Fix commit: 54e30ac1a804 Fix mbuf releated crashes in switch(4). They have been found by syzkaller as pool corruption panic. It is unclear which bug caused what, but it should be better now. - Check M_PKTHDR with assertion before accessing m_pkthdr. - Do not access oh_length without m_pullup(). - After checking if there is space at the end of the mbuf, don't overwrite the data at the beginning. Append the new content. - Do not set m_len and m_pkthdr.len when it is unclear whether the ofp_error header fits at all. Use m_makespace() to adjust the mbuf. Reported-by: test akoshibe@; OK claudio@
First crash: 965d, last: 945d

Sample crash report:

Crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-openbsd-main 2018/12/27 06:40 openbsd 8ff5027431d5 82c9e677 .config log report syz
ci-openbsd-main 2018/12/07 06:25 openbsd 76d787ec3667 b6709220 .config log report syz
ci-openbsd-main 2018/12/18 04:44 openbsd 9257d67bbd0d 527230f1 .config log report
ci-openbsd-main 2018/12/15 05:01 openbsd cb84e0447e1d 7624ddd6 .config log report
ci-openbsd-main 2018/12/08 11:21 openbsd 696945d58559 6ae0ca72 .config log report
ci-openbsd-main 2018/12/08 00:01 openbsd 53ac6a98736c 65ed2472 .config log report
ci-openbsd-main 2018/12/07 12:14 openbsd 3ddf1e5e4bb5 b6709220 .config log report