Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 Jun 2021 19:47:04 +0200
From:      Lutz Donnerhacke <lutz@donnerhacke.de>
To:        Alexander Richardson <arichardson@freebsd.org>
Cc:        Lutz Donnerhacke <donner@freebsd.org>, src-committers <src-committers@freebsd.org>, "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>, dev-commits-src-main@freebsd.org
Subject:   Re: git: 935fc93af157 - main - libalias: Switch to efficient data structure for outgoing traffic
Message-ID:  <20210623174704.GB21369@belenus.iks-jena.de>
In-Reply-To: <CA%2BZ_v8pWGNtqiyh85A7Frmg4G-v8%2BRuvnX5bVEysDRxuUUJUrQ@mail.gmail.com>
References:  <202106192010.15JKAbQ8061792@gitrepo.freebsd.org> <CA%2BZ_v8pWGNtqiyh85A7Frmg4G-v8%2BRuvnX5bVEysDRxuUUJUrQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jun 23, 2021 at 11:08:13AM +0100, Alexander Richardson wrote:
> On Sat, 19 Jun 2021 at 21:10, Lutz Donnerhacke <donner@freebsd.org> wrote:
> > commit 935fc93af157dee352eb4b6c83f8a2a9e7fd9a4e
> > Author:     Lutz Donnerhacke <donner@FreeBSD.org>
> > AuthorDate: 2021-05-27 21:42:54 +0000
> > Commit:     Lutz Donnerhacke <donner@FreeBSD.org>
> > CommitDate: 2021-06-19 20:09:44 +0000
> >
> >     libalias: Switch to efficient data structure for outgoing traffic
[shorten the output to make the messages readable]

> This commit appears to have introduced a SIGBUS when running some of the tests:
> 
> Program terminated with signal SIGBUS, Bus error.
> #0  cmp_out (a=0x80180e080, b=0x5a5a5a5a5a5a5a5a) at
> /usr/src/sys/netinet/libalias/alias_db.c:413
> 413 /usr/src/sys/netinet/libalias/alias_db.c: No such file or directory.
> #0  cmp_out (a=0x80180e080, b=0x5a5a5a5a5a5a5a5a) at
> /usr/src/sys/netinet/libalias/alias_db.c:413
> #1  splay_out_SPLAY (head=head@entry=0x8018100e0,
> elm=elm@entry=0x80180e080) at
> /usr/src/sys/netinet/libalias/alias_db.c:425
> #2  0x00000008010908d9 in splay_out_SPLAY_REMOVE (head=0x8018100e0,
> elm=0x80180e080) at /usr/src/sys/netinet/libalias/alias_db.c:425
> #3  DeleteLink (plnk=plnk@entry=0x7fffffffd530,
> deletePermanent=<optimized out>, deletePermanent@entry=1) at
> /usr/src/sys/netinet/libalias/alias_db.c:883
> #4  0x0000000801091251 in CleanupAliasData (la=0x8018100c0,
> deletePermanent=1) at /usr/src/sys/netinet/libalias/alias_db.c:819
> #5  LibAliasUninit (la=0x8018100c0) at
> /usr/src/sys/netinet/libalias/alias_db.c:2542
[...]

A use after free in the final cleanup.
Thank you for catching this.
It will delay the MFC until this issue is solved.

> Source: https://ci.freebsd.org/job/FreeBSD-main-amd64-test/18438/testReport/junit/sys.netinet.libalias/3_natin/1_portforward/
> See https://ci.freebsd.org/job/FreeBSD-main-amd64-test/18438/#showFailuresLink
> Could you have a look?

Yep, try to reproduce.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210623174704.GB21369>