Date: Tue, 22 Jan 2019 07:47:47 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235097] ci runs panic with use-after-free when running sys/netpfil/pf/nat tests Message-ID: <bug-235097-7501-O1HFBtYKKq@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-235097-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-235097-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235097 Bjoern A. Zeeb <bz@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bz@FreeBSD.org Summary|ci runs failing with panic |ci runs panic with |in IPv6 code with |use-after-free when running |use-after-free in |sys/netpfil/pf/nat tests |epair/pfctl when running | |sys/netpfil/pf/nat tests | --- Comment #5 from Bjoern A. Zeeb <bz@FreeBSD.org> --- (In reply to Li-Wen Hsu from comment #1) Why do you think these two revision numbers have introduced the problem?=20 Because if they did the search pattern is very small. Just trying to understand. (In reply to Kristof Provost from comment #4) Depending on the answer above it could be anything (a x++, refcount, ..). = It doesn't have to be a counter(9) increment. It could also be anywhere in the code, not necessarily the network stack where this happens. It's just that= the test cases run a lot of network stack code, which means it's most likely to= be the next allocation that then finds the modified memory. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235097-7501-O1HFBtYKKq>