Sent from my iPhone
Begin forwarded message: > From: bugzi...@redhat.com > Date: August 10, 2020 at 08:12:27 EDT > To: pwout...@redhat.com > Subject: [Bug 1867580] New: pluto process frequently dumps core > > https://bugzilla.redhat.com/show_bug.cgi?id=1867580 > > Bug ID: 1867580 > Summary: pluto process frequently dumps core > Product: Fedora > Version: 32 > Hardware: x86_64 > OS: Linux > Status: NEW > Component: libreswan > Assignee: pwout...@redhat.com > Reporter: reg.b...@poti.sk > QA Contact: extras...@fedoraproject.org > CC: pwout...@redhat.com, sah...@redhat.com > Target Milestone: --- > Classification: Fedora > > > > Description of problem: > > I was configuring a VPN tunnel with a Mikrotik router RB-2011UiAS-RM on the > other side. The router gets firmware upgrades regularly. > > Finally I found a parameter combination for both sides shown below that > basically works, but the pluto process crashes often. It seems that the > crashes > correspond with the phase 2 key lifetime of 2 hours. After the coredump > systemd > restarts the ipsec service and the VPN is then re-established. > > ---- > My ipsec conf file: > > conn XXX > auto=start > left=212.XX.XX.XX > leftsubnet=192.168.XX.0/24 > leftsourceip=192.168.XX.YY > right=195.XX.XX.XX > rightsubnet=192.168.YY.0/24 > > ike=aes256-sha256;modp3072 > ikelifetime=15h > ikev2=no > > phase2alg=aes256-sha256;modp2048 > salifetime=2h > mtu=1406 > authby=secret > > ---- > From the journal: > > aug 09 08:58:13 systemd[1]: ipsec.service: Main process exited, code=dumped, > status=11/SEGV > aug 09 08:58:14 systemd[1]: ipsec.service: Failed with result 'core-dump'. > aug 09 11:00:00 systemd[1]: ipsec.service: Main process exited, code=dumped, > status=6/ABRT > aug 09 11:00:00 systemd[1]: ipsec.service: Failed with result 'core-dump'. > aug 09 13:00:05 systemd[1]: ipsec.service: Main process exited, code=dumped, > status=11/SEGV > aug 09 13:00:05 systemd[1]: ipsec.service: Failed with result 'core-dump'. > aug 09 15:00:09 systemd[1]: ipsec.service: Main process exited, code=dumped, > status=11/SEGV > aug 09 15:00:09 systemd[1]: ipsec.service: Failed with result 'core-dump'. > aug 09 16:53:24 systemd[1]: ipsec.service: Main process exited, code=dumped, > status=11/SEGV > aug 09 16:53:24 systemd[1]: ipsec.service: Failed with result 'core-dump'. > aug 09 18:55:10 systemd[1]: ipsec.service: Main process exited, code=dumped, > status=6/ABRT > aug 09 18:55:10 systemd[1]: ipsec.service: Failed with result 'core-dump'. > aug 09 20:55:14 systemd[1]: ipsec.service: Main process exited, code=dumped, > status=11/SEGV > aug 09 20:55:14 systemd[1]: ipsec.service: Failed with result 'core-dump'. > aug 09 22:57:05 systemd[1]: ipsec.service: Main process exited, code=dumped, > status=6/ABRT > aug 09 22:57:05 systemd[1]: ipsec.service: Failed with result 'core-dump' > > ---- > One of the stack traces: > > Stack trace of thread 81411: > #0 0x00007f705e5f99e5 raise (libc.so.6 + 0x3c9e5) > #1 0x00007f705e5e2895 abort (libc.so.6 + 0x25895) > #2 0x00007f705e63d857 __libc_message (libc.so.6 + 0x80857) > #3 0x00007f705e644d7c malloc_printerr (libc.so.6 + 0x87d7c) > #4 0x00007f705e645abc unlink_chunk.constprop.0 (libc.so.6 + 0x88abc) > #5 0x00007f705e645c27 malloc_consolidate (libc.so.6 + 0x88c27) > #6 0x00007f705e647a85 _int_malloc (libc.so.6 + 0x8aa85) > #7 0x00007f705e64a235 __libc_calloc (libc.so.6 + 0x8d235) > #8 0x00007f705dd93ef7 PORT_ZAlloc_Util (libnssutil3.so + 0x18ef7) > #9 0x00007f705d699100 sftk_GetObjectFromList (libsoftokn3.so + 0x24100) > #10 0x00007f705d699245 sftk_NewObject (libsoftokn3.so + 0x24245) > #11 0x00007f705d689a32 NSC_CreateObject (libsoftokn3.so + 0x14a32) > #12 0x00007f705eaf3a86 PK11_CreateNewObject (libnss3.so + 0x50a86) > #13 0x00007f705eafd810 pk11_ImportSymKeyWithTempl (libnss3.so + 0x5a810) > #14 0x00007f705eafe79a PK11_ImportSymKeyWithFlags (libnss3.so + 0x5b79a) > #15 0x00007f705eafee58 pk11_CopyToSlotPerm (libnss3.so + 0x5be58) > #16 0x000055bc94f66dbf chunk_from_symkey.part.0 (pluto + 0xb4dbf) > #17 0x000055bc94fb1137 section_5_keymat (pluto + 0xff137) > #18 0x000055bc94f41d2d compute_proto_keymat (pluto + 0x8fd2d) > #19 0x000055bc94f42ebb quick_inR1_outI2_tail (pluto + 0x90ebb) > #20 0x000055bc94f43036 quick_inR1_outI2_continue (pluto + 0x91036) > #21 0x000055bc94f78c8e pcr_completed (pluto + 0xc6c8e) > #22 0x000055bc94f78df7 handle_helper_answer (pluto + 0xc6df7) > #23 0x000055bc94f2b9ad resume_handler (pluto + 0x799ad) > #24 0x00007f705e8143b4 event_process_active_single_queue (libevent-2.1.so.6 > + 0x233b4) > #25 0x00007f705e814ba7 event_base_loop (libevent-2.1.so.6 + 0x23ba7) > #26 0x000055bc94f2ec25 call_server (pluto + 0x7cc25) > #27 0x000055bc94ee8aad main (pluto + 0x36aad) > #28 0x00007f705e5e4042 __libc_start_main (libc.so.6 + 0x27042) > #29 0x000055bc94eea5de _start (pluto + 0x385de) > > Stack trace of thread 81414: > #0 0x00007f705ea4ce92 pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0 + > 0xfe92) > #1 0x000055bc94f7930b pluto_crypto_helper_thread (pluto + 0xc730b) > #2 0x00007f705ea46432 start_thread (libpthread.so.0 + 0x9432) > #3 0x00007f705e6be913 __clone (libc.so.6 + 0x101913) > > Stack trace of thread 81413: > #0 0x00007f705ea4ce92 pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0 + > 0xfe92) > #1 0x000055bc94f7930b pluto_crypto_helper_thread (pluto + 0xc730b) > #2 0x00007f705ea46432 start_thread (libpthread.so.0 + 0x9432) > #3 0x00007f705e6be913 __clone (libc.so.6 + 0x101913) > > ---- > Activity immediately before a crash: > > #3: initiating Quick Mode > PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to > replace #2 {using isakmp#1 msgid:21e0e943 > proposal=AES_CBC_256-HMAC_SHA2_256_128-MODP2048 pfsgroup=MODP2048} > > #3: STATE_QUICK_I1: sent QI1, expecting QR1, to replace #2 > > ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 > subj=system_u:system_r:ipsec_t:s0 pid=81411 comm="pluto" > exe="/usr/libexec/ipsec/pluto" sig=6 res=1 > > > Version-Release number of selected component (if applicable): > libreswan-3.32-2.fc32.x86_64 > > How reproducible: > > > Steps to Reproduce: > 1. the whole setup must be probably duplicated > > Actual results: > Pluto coredump after 2 hours > > Expected results: > No coredump, continuous service of pluto daemon. > > Additional info: > > > -- > You are receiving this mail because: > You are on the CC list for the bug. > You are the assignee for the bug. >
_______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev