From owner-freebsd-current@freebsd.org Fri Aug 24 22:26:56 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84B341095A8C for ; Fri, 24 Aug 2018 22:26:56 +0000 (UTC) (envelope-from mmacy@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 391F379DAE for ; Fri, 24 Aug 2018 22:26:56 +0000 (UTC) (envelope-from mmacy@freebsd.org) Received: from mail-it0-f41.google.com (mail-it0-f41.google.com [209.85.214.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) (Authenticated sender: mmacy) by smtp.freebsd.org (Postfix) with ESMTPSA id EED41A311 for ; Fri, 24 Aug 2018 22:26:55 +0000 (UTC) (envelope-from mmacy@freebsd.org) Received: by mail-it0-f41.google.com with SMTP id 139-v6so3843888itf.0 for ; Fri, 24 Aug 2018 15:26:55 -0700 (PDT) X-Gm-Message-State: APzg51AKN1poru/E+1ypWkjedB6Vu7omcB3QUoAESgTZ30k0lpYB4n/l ouEpqlHJ82pxdc0YIHFM7WkDhXpTTuGYy4LdoRs= X-Google-Smtp-Source: ANB0VdY+VPn8wsVuui0sByKynFW9rjcnXggtqDu++mGuGVi4ImK9O6eQ7qps5MCbOIT3DjZBAVUXtUiHocMt39B/ctY= X-Received: by 2002:a02:685:: with SMTP id 127-v6mr2835990jav.98.1535149615409; Fri, 24 Aug 2018 15:26:55 -0700 (PDT) MIME-Version: 1.0 References: <20180824221955.7hkftov25otk6bjc@mutt-hbsd> In-Reply-To: <20180824221955.7hkftov25otk6bjc@mutt-hbsd> From: Matthew Macy Date: Fri, 24 Aug 2018 15:26:44 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: ifnet use after free To: Shawn Webb Cc: freebsd-current@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Aug 2018 22:26:56 -0000 On Fri, Aug 24, 2018 at 15:25 Shawn Webb wrote= : > Hey All, > > Somewhere in the last month or so, a use after free was introduced. I > don't have the time right now to bisect the commits and figure out > which commit introduced the breakage. Attached is the core.txt (which > seems nonsensical because the dump is reporting on a different > thread). If the core.txt gets scrubbed, I've posted it here: > https://gist.github.com/796ea88cec19a1fd2a85f4913482286a > Do you have any guidance on how to reproduce? The hardenedbsd rev isn=E2=80= =99t useful - the svn commit that it=E2=80=99s based against is what is needed. Thanks. -M > I'm running HardenedBSD 12-CURRENT/amd64, commit 6091fec317a. > > FreeBSD hbsd-dev-laptop 12.0-ALPHA2 FreeBSD 12.0-ALPHA2 #4 > 6091fec317a(hardened/current/master)-dirty: Thu Aug 23 18:37:45 EDT > 2018 > shawn@hbsd-dev-laptop:/usr/obj/usr/src/amd64.amd64/sys/LATT-SEC amd64 > > Thanks, > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > Tor-ified Signal: +1 443-546-8752 > Tor+XMPP+OTR: lattera@is.a.hacker.sx > GPG Key ID: 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE >