From owner-freebsd-net@freebsd.org  Tue Dec 26 04:43:51 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0E67BE9FB6E
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Tue, 26 Dec 2017 04:43:51 +0000 (UTC)
 (envelope-from harsh@chelsio.com)
Received: from stargate.chelsio.com (stargate.chelsio.com [12.32.117.8])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F36BF646F5
 for <freebsd-net@freebsd.org>; Tue, 26 Dec 2017 04:43:50 +0000 (UTC)
 (envelope-from harsh@chelsio.com)
Received: from [10.193.189.121] (harsh.asicdesigners.com [10.193.189.121])
 by stargate.chelsio.com (8.13.8/8.13.8) with ESMTP id vBQ4hjUp010107;
 Mon, 25 Dec 2017 20:43:46 -0800
To: freebsd-net@freebsd.org
From: Harsh Jain <harsh@chelsio.com>
Subject: [freebsd-current]Who should reset M_PKTHDR flag in m_buf when IP
 packets are fragmented. m_unshare panic throw when IPSec is enabled
Cc: harsh@chelsio.com
Message-ID: <73302ead-b2e9-c25b-4d11-475f38dec1a1@chelsio.com>
Date: Tue, 26 Dec 2017 10:13:44 +0530
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Dec 2017 04:43:51 -0000

Hi All,

If I try to run ping of size say 6000 in IPSec transport mode, m_unshare() panic with following trace. It seems that while re-assembly of IP packet "ip_reass" missed re-setting of "M_PKTHDR".  After applying below patch things work fine. Can some one suggest Is it a BUG or I am missing somethings.

panic: m_unshare: m0 0xfffff80020f82600, m 0xfffff8005d054100 has M_PKTHDR
cpuid = 15
time = 1495578455
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2c/frame 0xfffffe044e9bb890
kdb_backtrace() at kdb_backtrace+0x53/frame 0xfffffe044e9bb960
vpanic() at vpanic+0x269/frame 0xfffffe044e9bba30
kassert_panic() at kassert_panic+0xc7/frame 0xfffffe044e9bbac0
m_unshare() at m_unshare+0x578/frame 0xfffffe044e9bbbc0
esp_output() at esp_output+0x44c/frame 0xfffffe044e9bbe40
ipsec4_perform_request() at ipsec4_perform_request+0x5df/frame 0xfffffe044e9bbff0


Patch to fix

diff --git a/sys/amd64/conf/GENERIC b/sys/amd64/conf/GENERIC
index bf5e209ad3b..c9044652ba2 100644
--- a/sys/amd64/conf/GENERIC
+++ b/sys/amd64/conf/GENERIC
@@ -21,7 +21,7 @@
 cpu            HAMMER
 ident          GENERIC

-makeoptions    DEBUG=-g                # Build kernel with gdb(1) debug symbols
+makeoptions    DEBUG="-g -O0"          # Build kernel with gdb(1) debug symbols
 makeoptions    WITH_CTF=1              # Run ctfconvert(1) for DTrace support

 options        SCHED_ULE               # ULE scheduler
diff --git a/sys/netinet/ip_reass.c b/sys/netinet/ip_reass.c
index fbf9c176956..c6755c99f72 100644
--- a/sys/netinet/ip_reass.c
+++ b/sys/netinet/ip_reass.c
@@ -247,6 +247,7 @@ ip_reass(struct mbuf *m)
                goto done;
        } else {
                fp->ipq_nfrags++;
+               m->m_flags &= ~M_PKTHDR;
 #ifdef MAC
                mac_ipq_update(m, fp);
 #endif



Thanks & Regards

Harsh Jain