On 25 Aug 2018, at 0:26, Matthew Macy wrote:
On Fri, Aug 24, 2018 at 15:25 Shawn Webb <shawn.w...@hardenedbsd.org>
wrote:
Hey All,
Somewhere in the last month or so, a use after free was introduced. I
don't have the time right now to bisect the commits and figure out
which commit introduced the breakage. Attached is the core.txt (which
seems nonsensical because the dump is reporting on a different
thread). If the core.txt gets scrubbed, I've posted it here:
https://gist.github.com/796ea88cec19a1fd2a85f4913482286a
Do you have any guidance on how to reproduce? The hardenedbsd rev
isn’t
useful - the svn commit that it’s based against is what is needed.
For what it’s worth, it’s not a hardenedbsd thing. I’ve been
chasing the same one (same offset, same allocation size, same most
recent user). Something gets set to zero/NULL. 8 bytes on amd64, so
presumably a pointer.
I currently only trigger it on a development branch, but I’ll see if I
can clean that up into something I can share tomorrow.
In my test scenario it happens after shutdown of a vnet jail with a few
interfaces in it (including a pfsync interface which will disappear with
the jail), and new jails are started. It’s pretty reliable.
At a guess something’s wrong with the delayed cleanup of ifnets and
vnet shutdown.
Regards,
Kristof
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
