[Swan-dev] Fwd: [Bug 1867580] New: pluto process frequently dumps core

Paul Wouters pwouters at redhat.com
Tue Aug 11 02:30:20 UTC 2020 


Sent from my iPhone

Begin forwarded message:

> From: bugzilla at redhat.com
> Date: August 10, 2020 at 08:12:27 EDT
> To: pwouters at redhat.com
> Subject: [Bug 1867580] New: pluto process frequently dumps core
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1867580
> 
>            Bug ID: 1867580
>           Summary: pluto process frequently dumps core
>           Product: Fedora
>           Version: 32
>          Hardware: x86_64
>                OS: Linux
>            Status: NEW
>         Component: libreswan
>          Assignee: pwouters at redhat.com
>          Reporter: reg.bugs at poti.sk
>        QA Contact: extras-qa at fedoraproject.org
>                CC: pwouters at redhat.com, sahana at redhat.com
>  Target Milestone: ---
>    Classification: Fedora
> 
> 
> 
> Description of problem:
> 
> I was configuring a VPN tunnel with a Mikrotik router RB-2011UiAS-RM on the
> other side. The router gets firmware upgrades regularly.
> 
> Finally I found a parameter combination for both sides shown below that
> basically works, but the pluto process crashes often. It seems that the crashes
> correspond with the phase 2 key lifetime of 2 hours. After the coredump systemd
> restarts the ipsec service and the VPN is then re-established.
> 
> ----
> My ipsec conf file:
> 
> conn XXX
>        auto=start
>        left=212.XX.XX.XX
>        leftsubnet=192.168.XX.0/24
>        leftsourceip=192.168.XX.YY
>        right=195.XX.XX.XX
>        rightsubnet=192.168.YY.0/24
> 
>        ike=aes256-sha256;modp3072
>        ikelifetime=15h
>        ikev2=no
> 
>        phase2alg=aes256-sha256;modp2048
>        salifetime=2h
>        mtu=1406
>        authby=secret
> 
> ----
> From the journal:
> 
> aug 09 08:58:13 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 08:58:14 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 11:00:00 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=6/ABRT
> aug 09 11:00:00 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 13:00:05 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 13:00:05 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 15:00:09 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 15:00:09 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 16:53:24 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 16:53:24 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 18:55:10 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=6/ABRT
> aug 09 18:55:10 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 20:55:14 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=11/SEGV
> aug 09 20:55:14 systemd[1]: ipsec.service: Failed with result 'core-dump'.
> aug 09 22:57:05 systemd[1]: ipsec.service: Main process exited, code=dumped,
> status=6/ABRT
> aug 09 22:57:05 systemd[1]: ipsec.service: Failed with result 'core-dump'
> 
> ----
> One of the stack traces:
> 
>    Stack trace of thread 81411:
>    #0  0x00007f705e5f99e5 raise (libc.so.6 + 0x3c9e5)
>    #1  0x00007f705e5e2895 abort (libc.so.6 + 0x25895)
>    #2  0x00007f705e63d857 __libc_message (libc.so.6 + 0x80857)
>    #3  0x00007f705e644d7c malloc_printerr (libc.so.6 + 0x87d7c)
>    #4  0x00007f705e645abc unlink_chunk.constprop.0 (libc.so.6 + 0x88abc)
>    #5  0x00007f705e645c27 malloc_consolidate (libc.so.6 + 0x88c27)
>    #6  0x00007f705e647a85 _int_malloc (libc.so.6 + 0x8aa85)
>    #7  0x00007f705e64a235 __libc_calloc (libc.so.6 + 0x8d235)
>    #8  0x00007f705dd93ef7 PORT_ZAlloc_Util (libnssutil3.so + 0x18ef7)
>    #9  0x00007f705d699100 sftk_GetObjectFromList (libsoftokn3.so + 0x24100)
>    #10 0x00007f705d699245 sftk_NewObject (libsoftokn3.so + 0x24245)
>    #11 0x00007f705d689a32 NSC_CreateObject (libsoftokn3.so + 0x14a32)
>    #12 0x00007f705eaf3a86 PK11_CreateNewObject (libnss3.so + 0x50a86)
>    #13 0x00007f705eafd810 pk11_ImportSymKeyWithTempl (libnss3.so + 0x5a810)
>    #14 0x00007f705eafe79a PK11_ImportSymKeyWithFlags (libnss3.so + 0x5b79a)
>    #15 0x00007f705eafee58 pk11_CopyToSlotPerm (libnss3.so + 0x5be58)
>    #16 0x000055bc94f66dbf chunk_from_symkey.part.0 (pluto + 0xb4dbf)
>    #17 0x000055bc94fb1137 section_5_keymat (pluto + 0xff137)
>    #18 0x000055bc94f41d2d compute_proto_keymat (pluto + 0x8fd2d)
>    #19 0x000055bc94f42ebb quick_inR1_outI2_tail (pluto + 0x90ebb)
>    #20 0x000055bc94f43036 quick_inR1_outI2_continue (pluto + 0x91036)
>    #21 0x000055bc94f78c8e pcr_completed (pluto + 0xc6c8e)
>    #22 0x000055bc94f78df7 handle_helper_answer (pluto + 0xc6df7)
>    #23 0x000055bc94f2b9ad resume_handler (pluto + 0x799ad)
>    #24 0x00007f705e8143b4 event_process_active_single_queue (libevent-2.1.so.6
> + 0x233b4)
>    #25 0x00007f705e814ba7 event_base_loop (libevent-2.1.so.6 + 0x23ba7)
>    #26 0x000055bc94f2ec25 call_server (pluto + 0x7cc25)
>    #27 0x000055bc94ee8aad main (pluto + 0x36aad)
>    #28 0x00007f705e5e4042 __libc_start_main (libc.so.6 + 0x27042)
>    #29 0x000055bc94eea5de _start (pluto + 0x385de)
> 
>    Stack trace of thread 81414:
>    #0  0x00007f705ea4ce92 pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0 +
> 0xfe92)
>    #1  0x000055bc94f7930b pluto_crypto_helper_thread (pluto + 0xc730b)
>    #2  0x00007f705ea46432 start_thread (libpthread.so.0 + 0x9432)
>    #3  0x00007f705e6be913 __clone (libc.so.6 + 0x101913)
> 
>    Stack trace of thread 81413:
>    #0  0x00007f705ea4ce92 pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0 +
> 0xfe92)
>    #1  0x000055bc94f7930b pluto_crypto_helper_thread (pluto + 0xc730b)
>    #2  0x00007f705ea46432 start_thread (libpthread.so.0 + 0x9432)
>    #3  0x00007f705e6be913 __clone (libc.so.6 + 0x101913)
> 
> ----
> Activity immediately before a crash:
> 
> #3: initiating Quick Mode
> PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to
> replace #2 {using isakmp#1 msgid:21e0e943
> proposal=AES_CBC_256-HMAC_SHA2_256_128-MODP2048 pfsgroup=MODP2048}
> 
> #3: STATE_QUICK_I1: sent QI1, expecting QR1, to replace #2
> 
> ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295
> subj=system_u:system_r:ipsec_t:s0 pid=81411 comm="pluto"
> exe="/usr/libexec/ipsec/pluto" sig=6 res=1
> 
> 
> Version-Release number of selected component (if applicable):
> libreswan-3.32-2.fc32.x86_64
> 
> How reproducible:
> 
> 
> Steps to Reproduce:
> 1. the whole setup must be probably duplicated
> 
> Actual results:
> Pluto coredump after 2 hours
> 
> Expected results:
> No coredump, continuous service of pluto daemon.
> 
> Additional info:
> 
> 
> -- 
> You are receiving this mail because:
> You are on the CC list for the bug.
> You are the assignee for the bug.
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20200810/f1ac6bd3/attachment-0001.html>

More information about the Swan-dev mailing list