[Bug 211486] [panic] [IPSec] [IP6] Crash with IPv6 ESP usage

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Aug 1 07:19:19 UTC 2016


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211486

--- Comment #1 from Harald Schmalzbauer <bugzilla.freebsd at omnilan.de> ---
(In reply to Harald Schmalzbauer from comment #0)
Missed helpful info I guess:


#0  doadump (textdump=-18464194list *0xffffffff80c65afc
0xffffffff80c65afc is in ip6_output
(/usr/local/share/deploy-tools/RELENG_11/src/sys/netinet6/ip6_output.c:1060).
1055    done:
1056            /*
1057             * Release the route if using our private route, or if
1058             * (with flowtable) we don't have our own reference.
1059             */
1060            if (ro == &ip6route || ro->ro_flags & RT_NORTREF)
1061                    RO_RTFREE(ro);
1062            return (error);
1063
1064    freehdrs:
40) at pcpu.h:221

#1  0xffffffff80393346 in db_fncall (dummy1=<value optimized out>,
dummy2=<value optimized out>, dummy3=<value optimized out>, dummy4=<value
optimized out>)
    at /usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_command.c:568
#2  0xffffffff80392de9 in db_command (cmd_table=<value optimized out>) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_command.c:440
#3  0xffffffff80392b44 in db_command_loop () at
/usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_command.c:493
#4  0xffffffff80395a7b in db_trap (type=<value optimized out>, code=<value
optimized out>) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_main.c:251
#5  0xffffffff80a96133 in kdb_trap (type=<value optimized out>, code=<value
optimized out>, tf=<value optimized out>)
    at /usr/local/share/deploy-tools/RELENG_11/src/sys/kern/subr_kdb.c:654
#6  0xffffffff80ec6331 in trap_fatal (frame=0xfffffe0091f1e540, eva=26) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/trap.c:836
#7  0xffffffff80ec657d in trap_pfault (frame=0xfffffe0091f1e540, usermode=0) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/trap.c:691
#8  0xffffffff80ec5a64 in trap (frame=0xfffffe0091f1e540) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/trap.c:442
#9  0xffffffff80ea6161 in calltrap () at
/usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/exception.S:236
#10 0xffffffff80c65afc in ip6_output (m0=<value optimized out>, opt=<value
optimized out>, ro=<value optimized out>, flags=<value optimized out>,
im6o=0x0, 
    ifpp=0x0, inp=<value optimized out>) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/netinet6/ip6_output.c:1060
#11 0xffffffff80c43c51 in tcp_twrespond () at
/usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_timewait.c:594
#12 0xffffffff80c436f5 in tcp_twstart (tp=<value optimized out>) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_timewait.c:336
#13 0xffffffff80c34078 in tcp_do_segment (m=0xfffff8000732b400, th=<value
optimized out>, so=<value optimized out>, tp=0xfffff80007b22000,
drop_hdrlen=72, 
    tlen=<value optimized out>, iptos=<value optimized out>, ti_locked=Cannot
access memory at address 0x1
) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_input.c:3141
#14 0xffffffff80c310b4 in tcp_input (mp=<value optimized out>, offp=<value
optimized out>, proto=<value optimized out>)
    at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_input.c:1442
#15 0xffffffff80c30221 in tcp6_input (mp=0xfffffe0091f1ebf8,
offp=0xfffffe0091f1ebf4, proto=203)
    at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_input.c:578
#16 0xffffffff80c82799 in ipsec6_common_input_cb (m=<value optimized out>,
sav=<value optimized out>, skip=40, protoff=6)
    at
/usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/ipsec_input.c:827
#17 0xffffffff80c97101 in esp_input_cb (crp=<value optimized out>) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/xform_esp.c:626
#18 0xffffffff80ca9e69 in swcr_process (dev=<value optimized out>, crp=<value
optimized out>, hint=<value optimized out>)
    at
/usr/local/share/deploy-tools/RELENG_11/src/sys/opencrypto/cryptosoft.c:1185
#19 0xffffffff80ca6c2f in crypto_dispatch (crp=0xfffff80028f93840) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/opencrypto/crypto.c:807
#20 0xffffffff80c9605a in esp_input (m=<value optimized out>,
sav=0xfffff80003ebb300, skip=<value optimized out>, protoff=<value optimized
out>)
    at /usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/xform_esp.c:459
#21 0xffffffff80c8179b in ipsec_common_input (m=0xfffff8000732b400, skip=40,
protoff=6, af=28, sproto=50)
    at
/usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/ipsec_input.c:236
#22 0xffffffff80c8222d in ipsec6_common_input (mp=<value optimized out>,
offp=<value optimized out>, proto=<value optimized out>)
    at
/usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/ipsec_input.c:581
#23 0xffffffff80c64070 in ip6_input (m=0x3b003b00000001) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/netinet6/ip6_input.c:921
#24 0xffffffff80b5a7e0 in netisr_dispatch_src (proto=6, source=0,
m=0xfffff8000732b400) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/net/netisr.c:1121
#25 0xffffffff80b4540a in ether_demux (ifp=<value optimized out>,
m=0xffffffff81428eff)
    at /usr/local/share/deploy-tools/RELENG_11/src/sys/net/if_ethersubr.c:850
#26 0xffffffff80b46200 in ether_nh_input (m=<value optimized out>) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/net/if_ethersubr.c:639
#27 0xffffffff80b5a7e0 in netisr_dispatch_src (proto=5, source=0,
m=0xfffff8000732b400) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/net/netisr.c:1121
#28 0xffffffff80b45772 in ether_input (ifp=<value optimized out>, m=0x0) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/net/if_ethersubr.c:759
#29 0xffffffff80b421fa in if_input (ifp=0xfffffe0091f1e5c8,
sendmp=0xffffffff81428eff) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/net/if.c:3956
#30 0xffffffff80524acc in em_rxeof (count=98) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/dev/e1000/if_em.c:4873
#31 0xffffffff80526110 in em_handle_que (context=0xfffffe0000eb6000,
pending=<value optimized out>)
    at /usr/local/share/deploy-tools/RELENG_11/src/sys/dev/e1000/if_em.c:1599
#32 0xffffffff80aa7a6c in taskqueue_run_locked (queue=<value optimized out>) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/kern/subr_taskqueue.c:465
#33 0xffffffff80aa85b8 in taskqueue_thread_loop (arg=<value optimized out>) at
/usr/local/share/deploy-tools/RELENG_11/src/sys/kern/subr_taskqueue.c:719
#34 0xffffffff80a18904 in fork_exit (callout=0xffffffff80aa8530
<taskqueue_thread_loop>, arg=0xfffffe0000eb8730, frame=0xfffffe0091f1fac0)
    at /usr/local/share/deploy-tools/RELENG_11/src/sys/kern/kern_fork.c:103
#35 0xffffffff80ea669e in fork_trampoline () at
/usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/exception.S:611
#36 0x0000000000000000 in ?? ()

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list