Date: Mon, 09 Oct 2023 21:07:57 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 274007] IPSec asymmetric crypto broken Message-ID: <bug-274007-7501-dp94IYK0Bk@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-274007-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-274007-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274007 --- Comment #3 from Shawn Anastasio <sanastasio@raptorengineering.com> --- I am able to reproduce this on -CURRENT on powerpc64le. With a debug kernel build, I'm hitting the following assertion when flooding an ipsec link betw= een two VMs using ipsec3 with the net.inet.ipsec.async_crypto tunable set to 1: panic: vtnet_txq_encap: no mbuf packet header! cpuid =3D 13 time =3D 1696530952 KDB: stack backtrace: 0xc00800006f554300: at kdb_backtrace+0x60 0xc00800006f554410: at vpanic+0x1b8 0xc00800006f5544c0: at panic+0x44 0xc00800006f5544f0: at vtnet_txq_encap+0x3c8 0xc00800006f5545d0: at vtnet_txq_mq_start_locked+0x17c 0xc00800006f554690: at vtnet_txq_tq_deferred+0x6c 0xc00800006f5546d0: at taskqueue_run_locked+0x100 0xc00800006f5547d0: at taskqueue_thread_loop+0x144 0xc00800006f554820: at fork_exit+0xc4 0xc00800006f5548c0: at fork_trampoline+0x18 0xc00800006f5548f0: at -0x4 KDB: enter: panic Not being intimately familiar with the FreeBSD network stack, it looks to me like there might be a use-after-free on the mbuf with the tunable enabled. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274007-7501-dp94IYK0Bk>