netbsd-bugs: kern/15953: ipsec panics kernel

Subject: kern/15953: ipsec panics kernel
To: None <gnats-bugs@gnats.netbsd.org>
From: None <toshii@netbsd.org>
List: netbsd-bugs
Date: 03/18/2002 08:16:19
>Number:         15953
>Category:       kern
>Synopsis:       ipsec panics kernel
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 17 15:17:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     IWAMOTO Toshihiro
>Release:        NetBSD 1.5ZB
>Organization:
	
>Environment:
System: NetBSD kiku.my.domain 1.5ZB NetBSD 1.5ZB (KIKU) #121: Sat Mar 16 15:28:59 JST 2002 toshii@kiku.my.domain:/usr/src/syssrc/sys/arch/i386/compile/KIKU i386
Architecture: i386
Machine: i386
>Description:
	Using ipsec with racoon causes panics shown below.
	As I'm using the same coniguration for long time and I don't remember
	such a trouble with 2 months old kernel, this may be due to some change
	made in last 2 months.
panic: free: unaligned addr %p, size %ld, type %s, mask %ld

#0  0x1 in ?? ()
(gdb) inf st
#0  0x1 in ?? ()
#1  0xc026a26b in cpu_reboot (howto=256, bootstr=0x0)
    at /sys/arch/i386/compile/KIKU/../../../../arch/i386/i386/machdep.c:2171
#2  0xc011ee39 in db_reboot_cmd ()
    at /sys/arch/i386/compile/KIKU/../../../../ddb/db_command.c:669
#3  0xc011eb14 in db_command (last_cmdp=0xc034fbd4, cmd_table=0xc02e3c6c)
    at /sys/arch/i386/compile/KIKU/../../../../ddb/db_command.c:456
#4  0xc011e713 in db_command_loop ()
    at /sys/arch/i386/compile/KIKU/../../../../ddb/db_command.c:246
#5  0xc0121ee4 in db_trap (type=6, code=0)
    at /sys/arch/i386/compile/KIKU/../../../../ddb/db_trap.c:92
#6  0xc02671b6 in kdb_trap (type=6, code=0, regs=0xdec8091c)
    at /sys/arch/i386/compile/KIKU/../../../../arch/i386/i386/db_interface.c:129
#7  0xc026f937 in trap (frame={tf_gs = 16, tf_fs = 16, tf_es = -1072627696,
      tf_ds = -1064828912, tf_edi = 5, tf_esi = -1064159744,
      tf_ebp = -557315724, tf_ebx = -1064155136, tf_edx = 0,
      tf_ecx = -1064155136, tf_eax = 0, tf_trapno = 6, tf_err = 0,
      tf_eip = -1071355597, tf_cs = 8, tf_eflags = 66118, tf_esp = 5,
      tf_ss = -1064159744, tf_vm86_es = -1064159744, tf_vm86_ds = -1072263956,
      tf_vm86_fs = 1016403129, tf_vm86_gs = 766669000})
    at /sys/arch/i386/compile/KIKU/../../../../arch/i386/i386/trap.c:220
#8  0xc0100c39 in calltrap ()
---Type <return> to continue, or q <return> to quit---
#9  0xc0243d09 in lfs_segwrite (mp=0xc0923600, flags=5)
    at /sys/arch/i386/compile/KIKU/../../../../ufs/lfs/lfs_segment.c:525
#10 0xc024b2bc in lfs_sync (mp=0xc0923600, waitfor=2, cred=0xc0814f00,
    p=0xc0378740)
    at /sys/arch/i386/compile/KIKU/../../../../ufs/lfs/lfs_vfsops.c:1284
#11 0xc016459e in sys_sync (p=0xc0378740, v=0x0, retval=0x0)
    at /sys/arch/i386/compile/KIKU/../../../../kern/vfs_syscalls.c:581
#12 0xc01633aa in vfs_shutdown ()
    at /sys/arch/i386/compile/KIKU/../../../../kern/vfs_subr.c:2465
#13 0xc026a243 in cpu_reboot (howto=256, bootstr=0x0)
    at /sys/arch/i386/compile/KIKU/../../../../arch/i386/i386/machdep.c:2158
#14 0xc01478ef in panic ()
    at /sys/arch/i386/compile/KIKU/../../../../kern/subr_prf.c:253
#15 0xc013973b in free (addr=0xc08e01ff, type=95)
    at /sys/arch/i386/compile/KIKU/../../../../kern/kern_malloc.c:463
#16 0xc01f27d7 in keydb_delsecpolicy (p=0xc08e01ff)
    at /sys/arch/i386/compile/KIKU/../../../../netkey/keydb.c:80
#17 0xc01ea24e in key_delsp (sp=0xc08e01ff)
    at /sys/arch/i386/compile/KIKU/../../../../netkey/key.c:992
#18 0xc01e9fe3 in key_freesp (sp=0xc08e01ff)
    at /sys/arch/i386/compile/KIKU/../../../../netkey/key.c:848
#19 0xc01ddb79 in ipsec4_delete_pcbpolicy (inp=0xc090bb40)
    at /sys/arch/i386/compile/KIKU/../../../../netinet6/ipsec.c:1528
---Type <return> to continue, or q <return> to quit---
#20 0xc01a1347 in in_pcbdetach (v=0xc090bb40)
    at /sys/arch/i386/compile/KIKU/../../../../netinet/in_pcb.c:463
#21 0xc01bd65d in tcp_close (tp=0xc09e63a8)
    at /sys/arch/i386/compile/KIKU/../../../../netinet/tcp_subr.c:1038
#22 0xc01beab1 in tcp_timer_2msl (arg=0xc09e63a8)
    at /sys/arch/i386/compile/KIKU/../../../../netinet/tcp_timer.c:591
#23 0xc013242d in softclock (v=0x0)
    at /sys/arch/i386/compile/KIKU/../../../../kern/kern_clock.c:992
#24 0xc0132221 in hardclock (frame=0xdec80d20)
    at /sys/arch/i386/compile/KIKU/../../../../kern/kern_clock.c:905
#25 0xc0298169 in clockintr (arg=0xdec80d20)
    at /sys/arch/i386/compile/KIKU/../../../../arch/i386/isa/clock.c:413
#26 0xc0100e2a in Xintr0 ()
(gdb)

	savecore says:
Mar 18 07:20:36 kiku savecore: reboot after panic: panic: free: unaligned addr 0xc08e01ff, size 512, type key mgmt, mask 511

>How-To-Repeat:
	Use ipsec with racoon.
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: