[freebsd-current]Who should reset M_PKTHDR flag in m_buf when IP packets are fragmented. m_unshare panic throw when IPSec is enabled

Tue Dec 26 04:43:51 UTC 2017

Hi All,

If I try to run ping of size say 6000 in IPSec transport mode, m_unshare() panic with following trace. It seems that while re-assembly of IP packet "ip_reass" missed re-setting of "M_PKTHDR".  After applying below patch things work fine. Can some one suggest Is it a BUG or I am missing somethings.

panic: m_unshare: m0 0xfffff80020f82600, m 0xfffff8005d054100 has M_PKTHDR
cpuid = 15
time = 1495578455
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2c/frame 0xfffffe044e9bb890
kdb_backtrace() at kdb_backtrace+0x53/frame 0xfffffe044e9bb960
vpanic() at vpanic+0x269/frame 0xfffffe044e9bba30
kassert_panic() at kassert_panic+0xc7/frame 0xfffffe044e9bbac0
m_unshare() at m_unshare+0x578/frame 0xfffffe044e9bbbc0
esp_output() at esp_output+0x44c/frame 0xfffffe044e9bbe40
ipsec4_perform_request() at ipsec4_perform_request+0x5df/frame 0xfffffe044e9bbff0


Patch to fix

diff --git a/sys/amd64/conf/GENERIC b/sys/amd64/conf/GENERIC
index bf5e209ad3b..c9044652ba2 100644
--- a/sys/amd64/conf/GENERIC
+++ b/sys/amd64/conf/GENERIC
@@ -21,7 +21,7 @@
 cpu            HAMMER
 ident          GENERIC

-makeoptions    DEBUG=-g                # Build kernel with gdb(1) debug symbols
+makeoptions    DEBUG="-g -O0"          # Build kernel with gdb(1) debug symbols
 makeoptions    WITH_CTF=1              # Run ctfconvert(1) for DTrace support

 options        SCHED_ULE               # ULE scheduler
diff --git a/sys/netinet/ip_reass.c b/sys/netinet/ip_reass.c
index fbf9c176956..c6755c99f72 100644
--- a/sys/netinet/ip_reass.c
+++ b/sys/netinet/ip_reass.c
@@ -247,6 +247,7 @@ ip_reass(struct mbuf *m)
                goto done;
        } else {
                fp->ipq_nfrags++;
+               m->m_flags &= ~M_PKTHDR;
 #ifdef MAC
                mac_ipq_update(m, fp);
 #endif



Thanks & Regards

Harsh Jain

