[Bug 273207] pf_syncookie_mac for IPv6 random cause panic

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 273207] pf_syncookie_mac for IPv6 random cause panic"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 19 Aug 2023 01:09:02 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273207

--- Comment #12 from Rin Cat <dev@rincat.ch> ---
(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=textdump@entry=1) at
/usr/src/sys/kern/kern_shutdown.c:396
#2  0xffffffff80c72724 in kern_reboot (howto=260) at
/usr/src/sys/kern/kern_shutdown.c:484
#3  0xffffffff80c72b8e in vpanic (fmt=<optimized out>,
ap=ap@entry=0xfffffe00c5f643f0) at /usr/src/sys/kern/kern_shutdown.c:923
#4  0xffffffff80c72913 in panic (fmt=<unavailable>) at
/usr/src/sys/kern/kern_shutdown.c:847
#5  0xffffffff811519c7 in trap_fatal (frame=0xfffffe00c5f644e0, eva=0) at
/usr/src/sys/amd64/amd64/trap.c:942
#6  0xffffffff81151a35 in trap_pfault (frame=0xfffffe00c5f644e0,
usermode=false, signo=<optimized out>, ucode=<optimized out>) at
/usr/src/sys/amd64/amd64/trap.c:761
#7  <signal handler called>
#8  memmove_erms () at /usr/src/sys/amd64/amd64/support.S:539
#9  0xffffffff804b6ce9 in SipBuf (ctx=ctx@entry=0xfffffe00c5f64618,
src=src@entry=0xfffffe00c5f645e0, len=len@entry=2, final=2, final@entry=0) at
/usr/src/sys/crypto/siphash/siphash.c:103
#10 0xffffffff804b6b20 in SipHash_Update (ctx=ctx@entry=0xfffffe00c5f64618,
src=<optimized out>, len=len@entry=2) at
/usr/src/sys/crypto/siphash/siphash.c:139
#11 0xffffffff823eac5a in pf_syncookie_mac (pd=pd@entry=0xfffffe00c5f64870,
cookie=..., seq=<optimized out>) at /usr/src/sys/netpfil/pf/pf_syncookies.c:444
#12 0xffffffff823eab48 in pf_syncookie_check (pd=pd@entry=0xfffffe00c5f64870)
at /usr/src/sys/netpfil/pf/pf_syncookies.c:321
#13 0xffffffff823b7e93 in pf_test_state_tcp
(state=state@entry=0xfffffe00c5f64948, direction=direction@entry=1,
kif=kif@entry=0xfffff80001fed500, m=m@entry=0xfffff80125df2400,
off=off@entry=40, h=<optimized out>, pd=pd@entry=0xfffffe00c5f64870,
reason=0xfffffe00c5f64954)
    at /usr/src/sys/netpfil/pf/pf.c:4958
#14 0xffffffff823c0bca in pf_test6 (dir=dir@entry=1, pflags=65536,
ifp=0xfffff80001fe1800, m0=m0@entry=0xfffffe00c5f64a30, inp=0x0) at
/usr/src/sys/netpfil/pf/pf.c:6947
#15 0xffffffff823d66ab in pf_check6_in (m=0xfffffe00c5f64a30, ifp=<optimized
out>, flags=0, ruleset=<optimized out>, inp=0x2) at
/usr/src/sys/netpfil/pf/pf_ioctl.c:5604
#16 0xffffffff80dbc537 in pfil_run_hooks (head=<optimized out>, p=...,
ifp=ifp@entry=0xfffff80001fe1800, flags=flags@entry=65536, inp=inp@entry=0x0)
at /usr/src/sys/net/pfil.c:187
#17 0xffffffff80e97828 in ip6_tryforward (m=0xfffff80125df2400) at
/usr/src/sys/netinet6/ip6_fastfwd.c:167
#18 0xffffffff80e99889 in ip6_input (m=0xfffffe00c5f64638) at
/usr/src/sys/netinet6/ip6_input.c:723
#19 0xffffffff80db8ca3 in netisr_dispatch_src (proto=<optimized out>,
source=source@entry=0, m=0xfffff80125df2400) at /usr/src/sys/net/netisr.c:1194
#20 0xffffffff80db8e6f in netisr_dispatch (proto=3321251384, m=0x2) at
/usr/src/sys/net/netisr.c:1234
#21 0xffffffff80d9aecc in ether_demux (ifp=ifp@entry=0xfffff80001fe1800, m=0x0)
at /usr/src/sys/net/if_ethersubr.c:921
#22 0xffffffff80d9c51d in ether_input_internal (ifp=0xfffff80001fe1800, m=0x0)
at /usr/src/sys/net/if_ethersubr.c:707
#23 ether_nh_input (m=<optimized out>) at /usr/src/sys/net/if_ethersubr.c:737
#24 0xffffffff80db8b11 in netisr_dispatch_src (proto=proto@entry=5,
source=source@entry=0, m=m@entry=0xfffff80125df2400) at
/usr/src/sys/net/netisr.c:1143
#25 0xffffffff80db8e6f in netisr_dispatch (proto=3321251384, proto@entry=5,
m=0x2, m@entry=0xfffff80125df2400) at /usr/src/sys/net/netisr.c:1234
#26 0xffffffff80d9b379 in ether_input (ifp=0xfffff80001fe1800,
m=0xfffff80125df2400) at /usr/src/sys/net/if_ethersubr.c:828
#27 0xffffffff80db4631 in iflib_rxeof (rxq=rxq@entry=0xfffff80001fd4000,
budget=<optimized out>) at /usr/src/sys/net/iflib.c:3048
#28 0xffffffff80dae5aa in _task_fn_rx (context=0xfffff80001fd4000) at
/usr/src/sys/net/iflib.c:4122
#29 0xffffffff80cbe947 in gtaskqueue_run_locked
(queue=queue@entry=0xfffff80001962a00) at
/usr/src/sys/kern/subr_gtaskqueue.c:371
#30 0xffffffff80cbe772 in gtaskqueue_thread_loop
(arg=arg@entry=0xfffffe001fff1008) at /usr/src/sys/kern/subr_gtaskqueue.c:547
#31 0xffffffff80c2b830 in fork_exit (callout=0xffffffff80cbe6b0
<gtaskqueue_thread_loop>, arg=0xfffffe001fff1008, frame=0xfffffe00c5f64f40) at
/usr/src/sys/kern/kern_fork.c:1093
#32 <signal handler called>
#33 0x0f04f983480f74cb in ?? ()

-- 
You are receiving this mail because:
You are the assignee for the bug.