uvm_fault: switchwrite
Status: fixed on 2019/01/06 10:35
Fix commit: 54e30ac1 Fix mbuf releated crashes in switch(4). They have been found by syzkaller as pool corruption panic. It is unclear which bug caused what, but it should be better now. - Check M_PKTHDR with assertion before accessing m_pkthdr. - Do not access oh_length without m_pullup(). - After checking if there is space at the end of the mbuf, don't overwrite the data at the beginning. Append the new content. - Do not set m_len and m_pkthdr.len when it is unclear whether the ofp_error header fits at all. Use m_makespace() to adjust the mbuf. Reported-by: test akoshibe@; OK claudio@
First crash: 282d, last: 262d

Sample crash report:

All crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro
ci-openbsd-main 2018/12/27 06:40 openbsd 8ff50274 82c9e677 .config log report syz
ci-openbsd-main 2018/12/07 06:25 openbsd 76d787ec b6709220 .config log report syz
ci-openbsd-main 2018/12/18 04:44 openbsd 9257d67b 527230f1 .config log report
ci-openbsd-main 2018/12/15 05:01 openbsd cb84e044 7624ddd6 .config log report
ci-openbsd-main 2018/12/08 11:21 openbsd 696945d5 6ae0ca72 .config log report
ci-openbsd-main 2018/12/08 00:01 openbsd 53ac6a98 65ed2472 .config log report
ci-openbsd-main 2018/12/07 12:14 openbsd 3ddf1e5e b6709220 .config log report