Date: Thu, 03 Nov 2016 17:35:48 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 214169] Kernel panic using IPv6 and TCP-SIGNATURE (IPSEC) Message-ID: <bug-214169-6@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214169 Bug ID: 214169 Summary: Kernel panic using IPv6 and TCP-SIGNATURE (IPSEC) Product: Base System Version: 11.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: anderson.soares@embrapa.br CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org After migrate my gateway to FreeBSD 11 STABLE, the quagga bgpd daemon start= ed to cause kernel panics in my gateway every time quagga starts. At first, I thought it was a quagga related problem and I tried to replace = it to OpenBGPD. But as soon as I started openbgpd, the system crashed again. After that, I was able to trace the problem to some bgp peers using password protected connections. A few more tests showed that the problem only happen= ed in IPv6 connections. Since bgp protected connections use RFC 2385 TCP MD5 signatures option, I've tried to simulate the problem in other environment using IPSEC and netcat (= nc -S). As expected, every time I tried to connect two hosts with TCP-MD5 signature= s, the host opening the connection crashes. Nothing happens to the host listen= ing to connections. I've forced to downgrade my gateway to FreeBSD 10.3, and since then, my gat= eway has worked without any failure. The kernel panics as follow: Fatal trap 12: page fault while in kernel mode cpuid =3D 1; apic id =3D 01 fault virtual address =3D 0x8 fault code =3D supervisor read data, page not present instruction pointer =3D 0x20:0xffffffff80c6e0ea stack pointer =3D 0x28:0xfffffe00510da6b0 frame pointer =3D 0x28:0xfffffe00510da790 code segment =3D base 0x0, limit 0xfffff, type 0x1b =3D DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D 743 (nc) trap number =3D 12 panic: page fault cpuid =3D 1 KDB: stack backtrace: #0 0xffffffff80a98d27 at kdb_backtrace+0x67 #1 0xffffffff80a4f6c2 at vpanic+0x182 #2 0xffffffff80a4f533 at panic+0x43 #3 0xffffffff80ef2e41 at trap_fatal+0x351 #4 0xffffffff80ef3033 at trap_pfault+0x1e3 #5 0xffffffff80ef25bc at trap+0x26c #6 0xffffffff80ed5d11 at calltrap+0x8 #7 0xffffffff80c6801b at tcp_output+0x16ab #8 0xffffffff80c78b11 at tcp6_usr_connect+0x271 #9 0xffffffff80aee5de at kern_connectat+0x12e #10 0xffffffff80aee487 at sys_connect+0x77 #11 0xffffffff80ef37ee at amd64_syscall+0x51e #12 0xffffffff80ed5ffb at Xfast_syscall+0xfb How-To-Repeat: - In a system with TCP_SIGNATURE kernel option enabled, enable IPSEC and ad= d a TCP-MD5 key in /etc/ipsec.conf for each side of connection. - Run nc -6S <host ipv6> <port> The system --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214169-6>