[Swan] Valgrin reported issues (and threads)

Paul Wouters paul at nohats.ca
Sat Mar 2 19:18:05 EET 2013 

To get more information about the threading issue, I ran pluto for a
while under valgrind. Output is below. It does seem like some issues
that we need to fix. Especially the dealloc_st_jbuf/malloc_st_jbuf
issue.

Paul




==29627== Use of uninitialised value of size 8
==29627==    at 0x41C5CF: libreswan_DBG_dump (log.c:823)
==29627==    by 0x461CC3: finish_pfkey_msg (kernel_pfkey.c:658)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x45694B: setup_half_ipsec_sa (kernel.c:1480)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==    by 0x432253: process_packet_tail (ikev1.c:2070)
==29627==
==29627== Use of uninitialised value of size 8
==29627==    at 0x41C5FB: libreswan_DBG_dump (log.c:824)
==29627==    by 0x461CC3: finish_pfkey_msg (kernel_pfkey.c:658)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x45694B: setup_half_ipsec_sa (kernel.c:1480)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==    by 0x432253: process_packet_tail (ikev1.c:2070)
==29627==
==29627== Use of uninitialised value of size 8
==29627==    at 0x41C5CF: libreswan_DBG_dump (log.c:823)
==29627==    by 0x461CC3: finish_pfkey_msg (kernel_pfkey.c:658)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x45694B: setup_half_ipsec_sa (kernel.c:1480)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==    by 0x432253: process_packet_tail (ikev1.c:2070)
==29627==
==29627== Use of uninitialised value of size 8
==29627==    at 0x41C5FB: libreswan_DBG_dump (log.c:824)
==29627==    by 0x461CC3: finish_pfkey_msg (kernel_pfkey.c:658)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x45694B: setup_half_ipsec_sa (kernel.c:1480)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==    by 0x432253: process_packet_tail (ikev1.c:2070)
==29627==
==29627== Syscall param write(buf) points to uninitialised byte(s)
==29627==    at 0x5386CCD: ??? (syscall-template.S:82)
==29627==    by 0x461CF3: finish_pfkey_msg (kernel_pfkey.c:667)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x45694B: setup_half_ipsec_sa (kernel.c:1480)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==    by 0x432253: process_packet_tail (ikev1.c:2070)
==29627==  Address 0xbbd5d34 is 100 bytes inside a block of size 104 alloc'd
==29627==    at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29627==    by 0x4BEE9E: pfkey_msg_build (pfkey_v2_build.c:1348)
==29627==    by 0x461BDB: finish_pfkey_msg (kernel_pfkey.c:646)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x45694B: setup_half_ipsec_sa (kernel.c:1480)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==
==29627== Use of uninitialised value of size 8
==29627==    at 0x41C5CF: libreswan_DBG_dump (log.c:823)
==29627==    by 0x461CC3: finish_pfkey_msg (kernel_pfkey.c:658)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x4576E5: setup_half_ipsec_sa (kernel.c:1824)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==    by 0x432253: process_packet_tail (ikev1.c:2070)
==29627==
==29627== Use of uninitialised value of size 8
==29627==    at 0x41C5FB: libreswan_DBG_dump (log.c:824)
==29627==    by 0x461CC3: finish_pfkey_msg (kernel_pfkey.c:658)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x4576E5: setup_half_ipsec_sa (kernel.c:1824)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==    by 0x432253: process_packet_tail (ikev1.c:2070)
==29627==
==29627==
==29627== Syscall param write(buf) points to uninitialised byte(s)
==29627==    at 0x5386CCD: ??? (syscall-template.S:82)
==29627==    by 0x461CF3: finish_pfkey_msg (kernel_pfkey.c:667)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x4576E5: setup_half_ipsec_sa (kernel.c:1824)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==    by 0x432253: process_packet_tail (ikev1.c:2070)
==29627==  Address 0xc72d474 is 196 bytes inside a block of size 200 alloc'd
==29627==    at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29627==    by 0x4BEE9E: pfkey_msg_build (pfkey_v2_build.c:1348)
==29627==    by 0x461BDB: finish_pfkey_msg (kernel_pfkey.c:646)
==29627==    by 0x462EB8: pfkey_add_sa (kernel_pfkey.c:1109)
==29627==    by 0x4576E5: setup_half_ipsec_sa (kernel.c:1824)
==29627==    by 0x458C48: install_inbound_ipsec_sa (kernel.c:2445)
==29627==    by 0x4412EF: quick_inI1_outR1_cryptotail (ikev1_quick.c:2285)
==29627==    by 0x440A0A: quick_inI1_outR1_cryptocontinue1 (ikev1_quick.c:2063)
==29627==    by 0x46C48C: send_crypto_helper_request (pluto_crypt.c:284)
==29627==    by 0x46E6A8: build_nonce (crypt_ke.c:216)
==29627==    by 0x440643: quick_inI1_outR1_authtail (ikev1_quick.c:1983)
==29627==    by 0x43E74D: quick_inI1_outR1 (ikev1_quick.c:1262)
==29627==
==29627== Thread 2:
==29627== Invalid free() / delete / delete[] / realloc()
==29627==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29627==    by 0x4A7636: leak_pfree (alloc.c:157)
==29627==    by 0x48695F: xauth_send_status (xauth.c:1095)
==29627==    by 0x4876FB: do_authentication (xauth.c:1436)
==29627==    by 0x537FE99: start_thread (pthread_create.c:308)
==29627==    by 0x662CCBC: clone (clone.S:112)
==29627==  Address 0x7feffde30 is on thread 1's stack
==29627==
==29627== Invalid write of size 4
==29627==    at 0x4846DD: dealloc_st_jbuf (xauth.c:148)
==29627==    by 0x48737E: do_authentication (xauth.c:1372)
==29627==    by 0x537FE99: start_thread (pthread_create.c:308)
==29627==    by 0x662CCBC: clone (clone.S:112)
==29627==  Address 0xcad08e0 is 0 bytes inside a block of size 864 free'd
==29627==    at 0x4C2B7B2: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29627==    by 0x484868: alloc_st_jbuf (xauth.c:202)
==29627==    by 0x48793F: xauth_launch_authent (xauth.c:1502)
==29627==    by 0x48810F: xauth_inR0 (xauth.c:1671)
==29627==    by 0x432253: process_packet_tail (ikev1.c:2070)
==29627==    by 0x431216: process_v1_packet (ikev1.c:1622)
==29627==    by 0x466425: process_packet (demux.c:171)
==29627==    by 0x4664B2: comm_handle (demux.c:225)
==29627==    by 0x4272C0: call_server (server.c:787)
==29627==    by 0x423C32: main (plutomain.c:1262)
==29627==
==29627== HEAP SUMMARY:
==29627==     in use at exit: 3,561,161 bytes in 4,344 blocks
==29627==   total heap usage: 3,330,852 allocs, 3,326,509 frees, 6,551,692,065 bytes allocated
==29627== 
==29627== LEAK SUMMARY:
==29627==    definitely lost: 475,328 bytes in 577 blocks
==29627==    indirectly lost: 734,981 bytes in 420 blocks
==29627==      possibly lost: 112,524 bytes in 227 blocks
==29627==    still reachable: 2,238,328 bytes in 3,120 blocks
==29627==         suppressed: 0 bytes in 0 blocks
==29627== Rerun with --leak-check=full to see details of leaked memory
==29627==

More information about the Swan mailing list