anyone doing IPv6 BGP will likely run into this. An IPv6 MD5 packet causes a panic because of a NULL dereference. This is fixed in r307726 in HEAD, but the problem exists in at least 11.0p3 and likely in 11-STABLE, too (although I didn't check). I think this is serious enough to be considered ERRATA too ... or even a possible denial-of-service (although I don't know if you can trigger this without md5 being configured) anyways MFC 307726.
Over to committer of 307726.
I think you misinterpreted r307726. Probably you mean r308358, that already was merged into stable/11 with r308613.
looks like you're correct. I misread the patch screen in the svn-web interface. Sigh. However... this really needs to be MFC'd to 11.0, not just 11-STABLE. I'm not sure if it gets classified as an eratta or a security thing. But upgrading anything that uses MP5 and IPv6 (like a BGP router) from 10.3 to 11.0 gives a quickly rebooting router.
Over to the committer of https://svnweb.freebsd.org/base/head/sys/netinet/tcp_subr.c?revision=308358&view=markup&pathrev=308358.
There is no sense to make Errata Notice for this problem, since the feature doesn't belong to the GENERIC kernel. The feature is available only in custom made kernels.