I don't have a solid reproducer for this, but we're running into a weird issue where libkqueue eventually segfaults due to an access violation:
> zeek.exe!windows_kevent_copyout(kqueue * kq, int nready, kevent * eventlist, int nevents) Line 143 C
zeek.exe!kevent(int kqfd, const kevent * changelist, int nchanges, kevent * eventlist, int nevents, const timespec * timeout) Line 451 C
It appears that the data in iocp_buf.overlap in windows_kevent_copyout is invalid, and when it gets typecasted and then used as an array to get the filter data results in the filter pointing at invalid memory.
The event list here only has one entry, which is the one causing the crash:
Name
Value
Type
ident
492
unsigned __int64
filter
-1
short
flags
1
unsigned short
fflags
0
unsigned int
data
0
__int64
udata
0x0000000000000000
void *
It's only crashing on Windows. Running the same data through our software on Linux and macOS completes successfully. Any ideas on how to start even chasing this down? I can provide KQUEUE_DEBUG logs but they're very long. The crash occurs at the same point in the code every time, but not necessarily the same runtime (once it crashed after 1326 polls, the next after 1310).
I don't have a solid reproducer for this, but we're running into a weird issue where libkqueue eventually segfaults due to an access violation:
It appears that the data in
iocp_buf.overlapinwindows_kevent_copyoutis invalid, and when it gets typecasted and then used as an array to get the filter data results in the filter pointing at invalid memory.The event list here only has one entry, which is the one causing the crash:
It's only crashing on Windows. Running the same data through our software on Linux and macOS completes successfully. Any ideas on how to start even chasing this down? I can provide
KQUEUE_DEBUGlogs but they're very long. The crash occurs at the same point in the code every time, but not necessarily the same runtime (once it crashed after 1326 polls, the next after 1310).