Date: Tue, 22 Jan 2019 07:47:47 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 235097] ci runs panic with use-after-free when running sys/netpfil/pf/nat tests Message-ID: <bug-235097-7501-O1HFBtYKKq@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-235097-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-235097-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235097 Bjoern A. Zeeb <bz@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bz@FreeBSD.org Summary|ci runs failing with panic |ci runs panic with |in IPv6 code with |use-after-free when running |use-after-free in |sys/netpfil/pf/nat tests |epair/pfctl when running | |sys/netpfil/pf/nat tests | --- Comment #5 from Bjoern A. Zeeb <bz@FreeBSD.org> --- (In reply to Li-Wen Hsu from comment #1) Why do you think these two revision numbers have introduced the problem? Because if they did the search pattern is very small. Just trying to understand. (In reply to Kristof Provost from comment #4) Depending on the answer above it could be anything (a x++, refcount, ..). It doesn't have to be a counter(9) increment. It could also be anywhere in the code, not necessarily the network stack where this happens. It's just that the test cases run a lot of network stack code, which means it's most likely to be the next allocation that then finds the modified memory. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235097-7501-O1HFBtYKKq>