[Bug 240837] crash with 12.1-BETA1
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Sep 27 15:48:52 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240837
Michael Tuexen <tuexen at freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|bugs at FreeBSD.org |tuexen at freebsd.org
Status|New |In Progress
--- Comment #3 from Michael Tuexen <tuexen at freebsd.org> ---
The problem was fixed for head in
https://svnweb.freebsd.org/changeset/base/352386
, which was MFCed to stable/12 in
https://svnweb.freebsd.org/changeset/base/352508. I missed to MFS the fix to
releng.12.1, which was branched at r352480.
What happened is that overflowing the sackblks[] changed sackhint.nexthole to
an invalid value which was not NULL. From the core provided:
sackblks = {{
start = 0xc1f54a52,
end = 0xc1f54ffe
}, {
start = 0xc1f5229e,
end = 0xc1f5284a
}, {
start = 0xc1f5229e,
end = 0xc1f5284a
}, {
start = 0xc1f5229e,
end = 0xc1f5284a
}, {
start = 0xc1f5229e,
end = 0xc1f5284a
}, {
start = 0xc1f51746,
end = 0xc1f51cf2
}},
sackhint = {
nexthole = 0xc1f5119ac1f50bee,
sack_bytes_rexmit = 0x0,
last_sack_ack = 0x3fe9f863,
ispare = 0x0,
sacked_bytes = 0xb65,
_pad1 = {0x0},
_pad = {0x0}
},
Since I can't get any changes in BETA2 anymore, the fix will be in BETA3 or
RC1.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list