uvm_fault: switchread
5 views
Skip to first unread message
syzbot
Dec 9, 2018, 7:44:04 AM12/9/18
to syzkaller-o...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 3173a78d3f87 Fix kill [-SIGNAME | -s SIGNAME] and simplify
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=13c653f5400000
kernel config: https://syzkaller.appspot.com/x/.config?x=906264fb5874384d
dashboard link: https://syzkaller.appspot.com/bug?extid=70f2d3ae684a55e035e0
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+70f2d3...@syzkaller.appspotmail.com
uvm_fault(0xffffff003f12b000, 0x6000118, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at switchread+0x95: movl 0x18(%r13),%r12d
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 3173a78d3f87 Fix kill [-SIGNAME | -s SIGNAME] and simplify
git tree: https://github.com/openbsd/src.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=13c653f5400000
kernel config: https://syzkaller.appspot.com/x/.config?x=906264fb5874384d
dashboard link: https://syzkaller.appspot.com/bug?extid=70f2d3ae684a55e035e0
compiler:
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+70f2d3...@syzkaller.appspotmail.com
uvm_fault(0xffffff003f12b000, 0x6000118, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at switchread+0x95: movl 0x18(%r13),%r12d
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Anton Lindqvist
Jan 6, 2019, 5:19:03 AM1/6/19
to syzbot, syzkaller-o...@googlegroups.com
#syz fix: Fix mbuf releated crashes in switch(4). They have been found by syzkaller as pool corruption panic. It is unclear which bug caused what, but it should be better now. - Check M_PKTHDR with assertion before accessing m_pkthdr. - Do not access oh_length without m_pullup(). - After checking if there is space at the end of the mbuf, don't overwrite the data at the beginning. Append the new content. - Do not set m_len and m_pkthdr.len when it is unclear whether the ofp_error header fits at all. Use m_makespace() to adjust the mbuf. Reported-by: syzbot+6efc0a...@syzkaller.appspotmail.com test akoshibe@; OK claudio@
Let's see if this fix is enough to close all switch related panics.
Let's see if this fix is enough to close all switch related panics.
Reply all
Reply to author
Forward
0 new messages