[Swan-dev] Fwd: [Bug 1867580] New: pluto process frequently dumps core
Paul Wouters
pwouters at redhat.com
Tue Aug 11 02:30:20 UTC 2020
Sent from my iPhone
Begin forwarded message:
> From: bugzilla at redhat.com
> Date: August 10, 2020 at 08:12:27 EDT
> To: pwouters at redhat.com
> Subject: [Bug 1867580] New: pluto process frequently dumps core
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1867580
>
> Bug ID: 1867580
> Summary: pluto process frequently dumps core
> Product: Fedora
> Version: 32
> Hardware: x86_64
> OS: Linux
> Status: NEW
> Component: libreswan
> Assignee: pwouters at redhat.com
> Reporter: reg.bugs at poti.sk
> QA Contact: extras-qa at fedoraproject.org
> CC: pwouters at redhat.com, sahana at redhat.com
> Target Milestone: ---
> Classification: Fedora
>
>
>
> Description of problem:
>
> I was configuring a VPN tunnel with a Mikrotik router RB-2011UiAS-RM on the
> other side. The router gets firmware upgrades regularly.
>
> Finally I found a parameter combination for both sides shown below that
> basically works, but the pluto process crashes often. It seems that the crashes
> correspond with the phase 2 key lifetime of 2 hours. After the coredump systemd
> restarts the ipsec service and the VPN is then re-established.
>
> ----
> My ipsec conf file:
>
> conn XXX
> auto=start
> left=212.XX.XX.XX
> leftsubnet=192.168.XX.0/24
> leftsourceip=192.168.XX.YY
> right=195.XX.XX.XX
> rightsubnet=192.168.YY.0/24
>
> ike=aes256-sha256;modp3072
> ikelifetime=15h
> ikev2=no
>
> phase2alg=aes256-sha256;modp2048
> salifetime=2h
> mtu=1406
> authby=secret
>
> ----
> From the journal:
>
> aug 09 08:58:13 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 08:58:14 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 11:00:00 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=6/ABRT
> aug 09 11:00:00 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 13:00:05 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 13:00:05 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 15:00:09 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 15:00:09 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 16:53:24 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 16:53:24 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 18:55:10 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=6/ABRT
> aug 09 18:55:10 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 20:55:14 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 20:55:14 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 22:57:05 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=6/ABRT
> aug 09 22:57:05 systemd[1]: ipsec.service: Failed with result 'core-dump'
>
> ----
> One of the stack traces:
>
> Stack trace of thread 81411:
> #0 0x00007f705e5f99e5 raise (libc.so.6 + 0x3c9e5)
> #1 0x00007f705e5e2895 abort (libc.so.6 + 0x25895)
> #2 0x00007f705e63d857 __libc_message (libc.so.6 + 0x80857)
> #3 0x00007f705e644d7c malloc_printerr (libc.so.6 + 0x87d7c)
> #4 0x00007f705e645abc unlink_chunk.constprop.0 (libc.so.6 + 0x88abc)
> #5 0x00007f705e645c27 malloc_consolidate (libc.so.6 + 0x88c27)
> #6 0x00007f705e647a85 _int_malloc (libc.so.6 + 0x8aa85)
> #7 0x00007f705e64a235 __libc_calloc (libc.so.6 + 0x8d235)
> #8 0x00007f705dd93ef7 PORT_ZAlloc_Util (libnssutil3.so + 0x18ef7)
> #9 0x00007f705d699100 sftk_GetObjectFromList (libsoftokn3.so + 0x24100)
> #10 0x00007f705d699245 sftk_NewObject (libsoftokn3.so + 0x24245)
> #11 0x00007f705d689a32 NSC_CreateObject (libsoftokn3.so + 0x14a32)
> #12 0x00007f705eaf3a86 PK11_CreateNewObject (libnss3.so + 0x50a86)
> #13 0x00007f705eafd810 pk11_ImportSymKeyWithTempl (libnss3.so + 0x5a810)
> #14 0x00007f705eafe79a PK11_ImportSymKeyWithFlags (libnss3.so + 0x5b79a)
> #15 0x00007f705eafee58 pk11_CopyToSlotPerm (libnss3.so + 0x5be58)
> #16 0x000055bc94f66dbf chunk_from_symkey.part.0 (pluto + 0xb4dbf)
> #17 0x000055bc94fb1137 section_5_keymat (pluto + 0xff137)
> #18 0x000055bc94f41d2d compute_proto_keymat (pluto + 0x8fd2d)
> #19 0x000055bc94f42ebb quick_inR1_outI2_tail (pluto + 0x90ebb)
> #20 0x000055bc94f43036 quick_inR1_outI2_continue (pluto + 0x91036)
> #21 0x000055bc94f78c8e pcr_completed (pluto + 0xc6c8e)
> #22 0x000055bc94f78df7 handle_helper_answer (pluto + 0xc6df7)
> #23 0x000055bc94f2b9ad resume_handler (pluto + 0x799ad)
> #24 0x00007f705e8143b4 event_process_active_single_queue (libevent-2.1.so.6
> + 0x233b4)
> #25 0x00007f705e814ba7 event_base_loop (libevent-2.1.so.6 + 0x23ba7)
> #26 0x000055bc94f2ec25 call_server (pluto + 0x7cc25)
> #27 0x000055bc94ee8aad main (pluto + 0x36aad)
> #28 0x00007f705e5e4042 __libc_start_main (libc.so.6 + 0x27042)
> #29 0x000055bc94eea5de _start (pluto + 0x385de)
>
> Stack trace of thread 81414:
> #0 0x00007f705ea4ce92 pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0 +
> 0xfe92)
> #1 0x000055bc94f7930b pluto_crypto_helper_thread (pluto + 0xc730b)
> #2 0x00007f705ea46432 start_thread (libpthread.so.0 + 0x9432)
> #3 0x00007f705e6be913 __clone (libc.so.6 + 0x101913)
>
> Stack trace of thread 81413:
> #0 0x00007f705ea4ce92 pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0 +
> 0xfe92)
> #1 0x000055bc94f7930b pluto_crypto_helper_thread (pluto + 0xc730b)
> #2 0x00007f705ea46432 start_thread (libpthread.so.0 + 0x9432)
> #3 0x00007f705e6be913 __clone (libc.so.6 + 0x101913)
>
> ----
> Activity immediately before a crash:
>
> #3: initiating Quick Mode
> PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to
> replace #2 {using isakmp#1 msgid:21e0e943
> proposal=AES_CBC_256-HMAC_SHA2_256_128-MODP2048 pfsgroup=MODP2048}
>
> #3: STATE_QUICK_I1: sent QI1, expecting QR1, to replace #2
>
> ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295
> subj=system_u:system_r:ipsec_t:s0 pid=81411 comm="pluto"
> exe="/usr/libexec/ipsec/pluto" sig=6 res=1
>
>
> Version-Release number of selected component (if applicable):
> libreswan-3.32-2.fc32.x86_64
>
> How reproducible:
>
>
> Steps to Reproduce:
> 1. the whole setup must be probably duplicated
>
> Actual results:
> Pluto coredump after 2 hours
>
> Expected results:
> No coredump, continuous service of pluto daemon.
>
> Additional info:
>
>
> --
> You are receiving this mail because:
> You are on the CC list for the bug.
> You are the assignee for the bug.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20200810/f1ac6bd3/attachment-0001.html>
More information about the Swan-dev
mailing list