syzbot


uvm_fault: m_free
Status: fixed on 2019/01/06 10:35
Reported-by: syzbot+fed3bb2b9049007f7f34@syzkaller.appspotmail.com
Fix commit: 54e30ac1 Fix mbuf releated crashes in switch(4). They have been found by syzkaller as pool corruption panic. It is unclear which bug caused what, but it should be better now. - Check M_PKTHDR with assertion before accessing m_pkthdr. - Do not access oh_length without m_pullup(). - After checking if there is space at the end of the mbuf, don't overwrite the data at the beginning. Append the new content. - Do not set m_len and m_pkthdr.len when it is unclear whether the ofp_error header fits at all. Use m_makespace() to adjust the mbuf. Reported-by: syzbot+6efc0a9d5b700b54392e@syzkaller.appspotmail.com test akoshibe@; OK claudio@
First crash: 347d, last: 325d

Sample crash report:

Crashes (12):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro
ci-openbsd-main 2018/12/27 06:25 openbsd 8ff50274 82c9e677 .config log report
ci-openbsd-main 2018/12/04 12:29 openbsd f939acc2 03f94a45 log report
ci-openbsd-main 2018/12/17 16:24 openbsd 9257d67b 527230f1 .config log report
ci-openbsd-main 2018/12/16 21:09 openbsd 4e9c4198 1749e412 .config log report
ci-openbsd-main 2018/12/16 05:26 openbsd 014e1581 def91db3 .config log report
ci-openbsd-main 2018/12/15 15:27 openbsd ff5089e6 c9128939 .config log report
ci-openbsd-main 2018/12/12 10:47 openbsd feddb4c1 7795ae03 .config log report
ci-openbsd-main 2018/12/08 09:41 openbsd 696945d5 6ae0ca72 .config log report
ci-openbsd-main 2018/12/07 05:30 openbsd 76d787ec b6709220 .config log report
ci-openbsd-main 2018/12/07 03:35 openbsd 76d787ec b6709220 .config log report
ci-openbsd-multicore 2018/12/06 14:35 https://github.com/blackgnezdo/src.git multicore 46168e0d cc3a19d5 log report
ci-openbsd-multicore 2018/12/06 09:23 https://github.com/blackgnezdo/src.git multicore 46168e0d f162ad97 log report