From owner-freebsd-bugs@freebsd.org Mon Aug 1 07:19:19 2016 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BFE59BAA873 for ; Mon, 1 Aug 2016 07:19:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AF4AF1AAF for ; Mon, 1 Aug 2016 07:19:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u717JJTp005704 for ; Mon, 1 Aug 2016 07:19:19 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 211486] [panic] [IPSec] [IP6] Crash with IPv6 ESP usage Date: Mon, 01 Aug 2016 07:19:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: bugzilla.freebsd@omnilan.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Aug 2016 07:19:19 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211486 --- Comment #1 from Harald Schmalzbauer --- (In reply to Harald Schmalzbauer from comment #0) Missed helpful info I guess: #0 doadump (textdump=3D-18464194list *0xffffffff80c65afc 0xffffffff80c65afc is in ip6_output (/usr/local/share/deploy-tools/RELENG_11/src/sys/netinet6/ip6_output.c:1060= ). 1055 done: 1056 /* 1057 * Release the route if using our private route, or if 1058 * (with flowtable) we don't have our own reference. 1059 */ 1060 if (ro =3D=3D &ip6route || ro->ro_flags & RT_NORTREF) 1061 RO_RTFREE(ro); 1062 return (error); 1063 1064 freehdrs: 40) at pcpu.h:221 #1 0xffffffff80393346 in db_fncall (dummy1=3D, dummy2=3D, dummy3=3D, dummy4=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_command.c:568 #2 0xffffffff80392de9 in db_command (cmd_table=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_command.c:440 #3 0xffffffff80392b44 in db_command_loop () at /usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_command.c:493 #4 0xffffffff80395a7b in db_trap (type=3D, code=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/ddb/db_main.c:251 #5 0xffffffff80a96133 in kdb_trap (type=3D, code=3D, tf=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/kern/subr_kdb.c:654 #6 0xffffffff80ec6331 in trap_fatal (frame=3D0xfffffe0091f1e540, eva=3D26)= at /usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/trap.c:836 #7 0xffffffff80ec657d in trap_pfault (frame=3D0xfffffe0091f1e540, usermode= =3D0) at /usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/trap.c:691 #8 0xffffffff80ec5a64 in trap (frame=3D0xfffffe0091f1e540) at /usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/trap.c:442 #9 0xffffffff80ea6161 in calltrap () at /usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/exception.S:236 #10 0xffffffff80c65afc in ip6_output (m0=3D, opt=3D, ro=3D, flags=3D, im6o=3D0x0,=20 ifpp=3D0x0, inp=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet6/ip6_output.c:1060 #11 0xffffffff80c43c51 in tcp_twrespond () at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_timewait.c:594 #12 0xffffffff80c436f5 in tcp_twstart (tp=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_timewait.c:336 #13 0xffffffff80c34078 in tcp_do_segment (m=3D0xfffff8000732b400, th=3D, so=3D, tp=3D0xfffff80007b22000, drop_hdrlen=3D72,=20 tlen=3D, iptos=3D, ti_locked= =3DCannot access memory at address 0x1 ) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_input.c:31= 41 #14 0xffffffff80c310b4 in tcp_input (mp=3D, offp=3D, proto=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_input.c:= 1442 #15 0xffffffff80c30221 in tcp6_input (mp=3D0xfffffe0091f1ebf8, offp=3D0xfffffe0091f1ebf4, proto=3D203) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet/tcp_input.c:= 578 #16 0xffffffff80c82799 in ipsec6_common_input_cb (m=3D, sav=3D, skip=3D40, protoff=3D6) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/ipsec_input.c:827 #17 0xffffffff80c97101 in esp_input_cb (crp=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/xform_esp.c:626 #18 0xffffffff80ca9e69 in swcr_process (dev=3D, crp=3D= , hint=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/opencrypto/cryptosoft.c:1185 #19 0xffffffff80ca6c2f in crypto_dispatch (crp=3D0xfffff80028f93840) at /usr/local/share/deploy-tools/RELENG_11/src/sys/opencrypto/crypto.c:807 #20 0xffffffff80c9605a in esp_input (m=3D, sav=3D0xfffff80003ebb300, skip=3D, protoff=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/xform_esp.c= :459 #21 0xffffffff80c8179b in ipsec_common_input (m=3D0xfffff8000732b400, skip= =3D40, protoff=3D6, af=3D28, sproto=3D50) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/ipsec_input.c:236 #22 0xffffffff80c8222d in ipsec6_common_input (mp=3D, offp=3D, proto=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netipsec/ipsec_input.c:581 #23 0xffffffff80c64070 in ip6_input (m=3D0x3b003b00000001) at /usr/local/share/deploy-tools/RELENG_11/src/sys/netinet6/ip6_input.c:921 #24 0xffffffff80b5a7e0 in netisr_dispatch_src (proto=3D6, source=3D0, m=3D0xfffff8000732b400) at /usr/local/share/deploy-tools/RELENG_11/src/sys/net/netisr.c:1121 #25 0xffffffff80b4540a in ether_demux (ifp=3D, m=3D0xffffffff81428eff) at /usr/local/share/deploy-tools/RELENG_11/src/sys/net/if_ethersubr.c:8= 50 #26 0xffffffff80b46200 in ether_nh_input (m=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/net/if_ethersubr.c:639 #27 0xffffffff80b5a7e0 in netisr_dispatch_src (proto=3D5, source=3D0, m=3D0xfffff8000732b400) at /usr/local/share/deploy-tools/RELENG_11/src/sys/net/netisr.c:1121 #28 0xffffffff80b45772 in ether_input (ifp=3D, m=3D0x0= ) at /usr/local/share/deploy-tools/RELENG_11/src/sys/net/if_ethersubr.c:759 #29 0xffffffff80b421fa in if_input (ifp=3D0xfffffe0091f1e5c8, sendmp=3D0xffffffff81428eff) at /usr/local/share/deploy-tools/RELENG_11/src/sys/net/if.c:3956 #30 0xffffffff80524acc in em_rxeof (count=3D98) at /usr/local/share/deploy-tools/RELENG_11/src/sys/dev/e1000/if_em.c:4873 #31 0xffffffff80526110 in em_handle_que (context=3D0xfffffe0000eb6000, pending=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/dev/e1000/if_em.c:15= 99 #32 0xffffffff80aa7a6c in taskqueue_run_locked (queue=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/kern/subr_taskqueue.c:465 #33 0xffffffff80aa85b8 in taskqueue_thread_loop (arg=3D) at /usr/local/share/deploy-tools/RELENG_11/src/sys/kern/subr_taskqueue.c:719 #34 0xffffffff80a18904 in fork_exit (callout=3D0xffffffff80aa8530 , arg=3D0xfffffe0000eb8730, frame=3D0xfffffe0091f1fa= c0) at /usr/local/share/deploy-tools/RELENG_11/src/sys/kern/kern_fork.c:103 #35 0xffffffff80ea669e in fork_trampoline () at /usr/local/share/deploy-tools/RELENG_11/src/sys/amd64/amd64/exception.S:611 #36 0x0000000000000000 in ?? () --=20 You are receiving this mail because: You are the assignee for the bug.=