On 08.02.2020 11:47, Maxime Villard wrote: > > Running ATF with kASan+LOCKDEBUG+fault with {N=32 scope=GLOBAL} already > gives > an instant crash: > > kernel diagnostic assertion "radix_tree_empty_tree_p(&pmap->pm_pvtree)" > failed: file ".../sys/arch/x86/x86/pmap.c" >
There is a number of similar reports on syzbot. > Looks like radixtree.c doesn't handle allocation failures very well > somewhere. > > fault(4) seems like the kind of feature that would be useful for > stress-testing > and fuzzing. As you can see in the diff, its code is extremely simple. > > Maxime > > [1] https://m00nbsd.net/garbage/fault/fault.diff This tool is a must have but I defer review to others.