Date: Wed, 4 Jun 2003 14:39:44 +0100 (BST) From: David Hedley <david@bill.inty.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/52935: occasional panic in ip_input with IPSEC Message-ID: <200306041339.h54Ddita014942@bill.inty.net> Resent-Message-ID: <200306041340.h54DeCiw092760@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 52935 >Category: kern >Synopsis: occasional panic in ip_input with IPSEC >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 04 06:40:11 PDT 2003 >Closed-Date: >Last-Modified: >Originator: David Hedley >Release: FreeBSD 4.7-RELEASE i386 >Organization: Inty Ltd >Environment: >Description: We are seeing occasional kernel panics when using IPSEC. The panic occurs in ip_input at the following line: * be handled via ip_forward() and ether_output() with the loopback * into the stack for SIMPLEX interfaces handled by ether_output(). */ if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { <<<<< Panic here TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { if (ifa->ifa_addr->sa_family != AF_INET) continue; ia = ifatoia(ifa); It seems that m_pkthdr.rcvif is NULL and hence the resulting deference is invalid. >How-To-Repeat: >Fix: Ensure rcvif is not NULL before deferencing it: * be handled via ip_forward() and ether_output() with the loopback * into the stack for SIMPLEX interfaces handled by ether_output(). */ if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { if (ifa->ifa_addr->sa_family != AF_INET) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306041339.h54Ddita014942>