[Bug 274007] IPSec asymmetric crypto broken

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274007

--- Comment #3 from Shawn Anastasio <sanastasio@raptorengineering.com> ---
I am able to reproduce this on -CURRENT on powerpc64le. With a debug kernel
build, I'm hitting the following assertion when flooding an ipsec link between
two VMs using ipsec3 with the net.inet.ipsec.async_crypto tunable set to 1:

panic: vtnet_txq_encap: no mbuf packet header!
cpuid = 13
time = 1696530952
KDB: stack backtrace:
0xc00800006f554300: at kdb_backtrace+0x60
0xc00800006f554410: at vpanic+0x1b8
0xc00800006f5544c0: at panic+0x44
0xc00800006f5544f0: at vtnet_txq_encap+0x3c8
0xc00800006f5545d0: at vtnet_txq_mq_start_locked+0x17c
0xc00800006f554690: at vtnet_txq_tq_deferred+0x6c
0xc00800006f5546d0: at taskqueue_run_locked+0x100
0xc00800006f5547d0: at taskqueue_thread_loop+0x144
0xc00800006f554820: at fork_exit+0xc4
0xc00800006f5548c0: at fork_trampoline+0x18
0xc00800006f5548f0: at -0x4
KDB: enter: panic

Not being intimately familiar with the FreeBSD network stack, it looks to me
like there might be a use-after-free on the mbuf with the tunable enabled.

-- 
You are receiving this mail because:
You are the assignee for the bug.