From owner-freebsd-bugs@FreeBSD.ORG  Wed May  2 04:52:05 2012
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0148A106566B;
	Wed,  2 May 2012 04:52:05 +0000 (UTC)
	(envelope-from eugen@grosbein.pp.ru)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5])
	by mx1.freebsd.org (Postfix) with ESMTP id 5AF868FC14;
	Wed,  2 May 2012 04:52:04 +0000 (UTC)
Received: from eg.sd.rdtc.ru (localhost [127.0.0.1])
	by eg.sd.rdtc.ru (8.14.5/8.14.5) with ESMTP id q424q2LK007000;
	Wed, 2 May 2012 11:52:03 +0700 (NOVT)
	(envelope-from eugen@grosbein.pp.ru)
Message-ID: <4FA0BD72.2080307@grosbein.pp.ru>
Date: Wed, 02 May 2012 11:52:02 +0700
From: Eugene Grosbein <eugen@grosbein.pp.ru>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU;
	rv:1.9.2.13) Gecko/20110112 Thunderbird/3.1.7
MIME-Version: 1.0
References: <201205020444.q424i4WL031888@freefall.freebsd.org>
In-Reply-To: <201205020444.q424i4WL031888@freefall.freebsd.org>
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: 8bit
Cc: freebsd-ipfw@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: bin/65961: [ipfw] ipfw2 memory corruption inside add()
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2012 04:52:05 -0000

02.05.2012 11:44, linimon@FreeBSD.org пишет:

> Old Synopsis: ipfw2 memory corruption inside add()
> New Synopsis: [ipfw] ipfw2 memory corruption inside add()
> 
> State-Changed-From-To: closed->open
> State-Changed-By: linimon
> State-Changed-When: Wed May 2 04:43:06 UTC 2012
> State-Changed-Why: 
> submitter claims that this problem still persists with 8.3.
> 
> 
> Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
> Responsible-Changed-By: linimon
> Responsible-Changed-When: Wed May 2 04:43:06 UTC 2012
> Responsible-Changed-Why: 
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=65961

More tests show that for 8.3/i386 this is possible to make /sbin/ipfw
eat all CPU cycles and run in R state infinitely despite of kill -9.

Just run mentioned script: ./test 122

Eugene Grosbein