uvm_fault(0xffffff003f12b000, 0x6000118, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at switchread+0x95: movl 0x18(%r13),%r12d
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to syzbot, syzkaller-o...@googlegroups.com
#syz fix: Fix mbuf releated crashes in switch(4). They have been found by syzkaller as pool corruption panic. It is unclear which bug caused what, but it should be better now. - Check M_PKTHDR with assertion before accessing m_pkthdr. - Do not access oh_length without m_pullup(). - After checking if there is space at the end of the mbuf, don't overwrite the data at the beginning. Append the new content. - Do not set m_len and m_pkthdr.len when it is unclear whether the ofp_error header fits at all. Use m_makespace() to adjust the mbuf. Reported-by: syzbot+6efc0a...@syzkaller.appspotmail.com test akoshibe@; OK claudio@
Let's see if this fix is enough to close all switch related panics.