Date: Wed, 4 Jun 2003 14:39:44 +0100 (BST) From: David Hedley <david@bill.inty.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/52935: occasional panic in ip_input with IPSEC Message-ID: <200306041339.h54Ddita014942@bill.inty.net> Resent-Message-ID: <200306041340.h54DeCiw092760@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 52935
>Category: kern
>Synopsis: occasional panic in ip_input with IPSEC
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 04 06:40:11 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: David Hedley
>Release: FreeBSD 4.7-RELEASE i386
>Organization:
Inty Ltd
>Environment:
>Description:
We are seeing occasional kernel panics when using IPSEC. The panic occurs in ip_input at the following line:
* be handled via ip_forward() and ether_output() with the loopback
* into the stack for SIMPLEX interfaces handled by ether_output().
*/
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { <<<<< Panic here
TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
if (ifa->ifa_addr->sa_family != AF_INET)
continue;
ia = ifatoia(ifa);
It seems that m_pkthdr.rcvif is NULL and hence the resulting deference is invalid.
>How-To-Repeat:
>Fix:
Ensure rcvif is not NULL before deferencing it:
* be handled via ip_forward() and ether_output() with the loopback
* into the stack for SIMPLEX interfaces handled by ether_output().
*/
if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) {
TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
if (ifa->ifa_addr->sa_family != AF_INET)
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306041339.h54Ddita014942>