Bug 1166151

Summary: Pluto crashes on INITIATOR site during 'service ipsec stop'
Product: Red Hat Enterprise Linux 6 Reporter: Jaroslav Aster <jaster>
Component: libreswanAssignee: Paul Wouters <pwouters>
Status: CLOSED ERRATA QA Contact: Jaroslav Aster <jaster>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.6CC: omoris
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1166146 Environment:
Last Closed: 2016-05-11 00:15:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jaroslav Aster 2014-11-20 13:21:48 UTC 
openswan has a same problem. Tested on openswan-2.6.32-37.el6.

"test2": ASSERTION FAILED at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/connections.c:2215: oriented(*c)
"test2": ABORT at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/connections.c:2215
"test2": ABORT at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/connections.c:2215

+++ This bug was initially created as a clone of Bug #1166146 +++

Description of problem:

When I run test for bug 749605 I saw that pluto crashes on INITIATOR site during 'service ipsec stop' in the end of the test and I saw abort and assert messages in pluto.log. The bug 749605 is old, but automatic test is new, so it is possible that the crash is there for a long time, but nobody has noticed it.


Version-Release number of selected component (if applicable):

libreswan-3.8-5.el7
libreswan-3.12-1.el7

How reproducible:

Always.

Steps to Reproduce:

Configuration
-------------

# cat /etc/ipsec.conf
version 2.0

config setup
    protostack=netkey
    plutodebug=all
    plutostderrlog=/tmp/pluto.log
    plutorestartoncrash=false
    dumpdir=/tmp

conn test1
    left=172.29.1.1
    right=172.29.1.2
    authby=secret
    auto=add

conn test2
    left=172.29.1.1
    right=172.29.1.3
    authby=secret
    auto=add

conn test3
    left=172.29.1.3
    right=172.29.1.2
    authby=secret
    auto=add

# cat /etc/ipsec.secrets 
: PSK "redhat"


Scenario
--------
I_IP: initiator public ip
R_IP: responder public ip
I: initiator
R: responder

# Create tunnel between two host
I: ip tunnel add TEST_IFACE mode gre local I_IP remote R_IP
I: ip addr add 172.29.1.1/24 dev TEST_IFACE
I: ip link set dev TEST_IFACE up
R: ip tunnel add TEST_IFACE mode gre local R_IP remote I_IP
R: ip addr add 172.29.1.2/24 dev TEST_IFACE
R: ip link set dev TEST_IFACE up

I: service ipsec restart
Redirecting to /bin/systemctl restart  ipsec.service

R: service ipsec restart
Redirecting to /bin/systemctl restart  ipsec.service

I: ipsec auto --ready
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"

R: ipsec auto --up test1
002 "test1" #1: initiating Main Mode
104 "test1" #1: STATE_MAIN_I1: initiate
003 "test1" #1: received Vendor ID payload [Dead Peer Detection]
003 "test1" #1: received Vendor ID payload [FRAGMENTATION]
003 "test1" #1: received Vendor ID payload [RFC 3947]
002 "test1" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "test1" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "test1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "test1" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
002 "test1" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "test1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "test1" #1: received Vendor ID payload [CAN-IKEv2]
002 "test1" #1: Main mode peer ID is ID_IPV4_ADDR: '172.29.1.1'
002 "test1" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "test1" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha group=MODP2048}
002 "test1" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#1 msgid:90218c89 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
117 "test1" #2: STATE_QUICK_I1: initiate
002 "test1" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "test1" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x7f974b53 <0xe8d032dd xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=passive}

R: ip a add 172.29.1.3/24 dev TEST_IFACE
R: ipsec auto --ready
002 listening for IKE messages
002 adding interface TEST_IFACE/TEST_IFACE 172.29.1.3:500
002 adding interface TEST_IFACE/TEST_IFACE 172.29.1.3:4500
003 two interfaces match "test3" (TEST_IFACE, TEST_IFACE)
002 "test3": terminating SAs using this connection
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"

R: ipsec auto --up test2
002 "test2" #3: initiating Main Mode
104 "test2" #3: STATE_MAIN_I1: initiate
003 "test2" #3: received Vendor ID payload [Dead Peer Detection]
003 "test2" #3: received Vendor ID payload [FRAGMENTATION]
003 "test2" #3: received Vendor ID payload [RFC 3947]
002 "test2" #3: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "test2" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "test2" #3: STATE_MAIN_I2: sent MI2, expecting MR2
003 "test2" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
002 "test2" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "test2" #3: STATE_MAIN_I3: sent MI3, expecting MR3
003 "test2" #3: received Vendor ID payload [CAN-IKEv2]
002 "test2" #3: Main mode peer ID is ID_IPV4_ADDR: '172.29.1.1'
002 "test2" #3: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "test2" #3: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha group=MODP2048}
002 "test2" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#3 msgid:29da68a2 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
117 "test2" #4: STATE_QUICK_I1: initiate
002 "test2" #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "test2" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xa145be67 <0xc7618fef xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=passive}

R: ip a del 172.29.1.3/24 dev TEST_IFACE
I: ip a add 172.29.1.3/24 dev TEST_IFACE
R: ipsec auto --ready
002 listening for IKE messages
002 shutting down interface TEST_IFACE/TEST_IFACE 172.29.1.3:4500
002 shutting down interface TEST_IFACE/TEST_IFACE 172.29.1.3:500
002 "test2" #4: deleting state (STATE_QUICK_I2)
005 "test2" #4: ESP traffic information: in=0B out=0B
002 "test2" #3: deleting state (STATE_MAIN_I4)
002 "test2": terminating SAs using this connection
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"

I: ipsec auto --ready
002 listening for IKE messages
002 adding interface TEST_IFACE/TEST_IFACE 172.29.1.3:500
002 adding interface TEST_IFACE/TEST_IFACE 172.29.1.3:4500
003 two interfaces match "test2" (TEST_IFACE, TEST_IFACE)
002 "test2": terminating SAs using this connection
002 "test2" #4: deleting state (STATE_QUICK_R2)
005 "test2" #4: ESP traffic information: in=0B out=0B
002 "test2" #3: deleting state (STATE_MAIN_R3)
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"

I: grep -v 'hmac_update: after assert' /tmp/pluto.log | grep -i -e 'assert' -e 'abort' -e 'segfault'
I: service ipsec stop
Redirecting to /bin/systemctl stop  ipsec.service

I: grep -v 'hmac_update: after assert' /tmp/pluto.log | grep -i -e 'assert' -e 'abort' -e 'segfault'
"test2": ASSERTION FAILED at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350: oriented(*c)
"test2": ABORT at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350
"test2": ABORT at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350

R: grep -v 'hmac_update: after assert' /tmp/pluto.log | grep -i -e 'assert' -e 'abort' -e 'segfault'
R: service ipsec stop
Redirecting to /bin/systemctl stop  ipsec.service

R: grep -v 'hmac_update: after assert' /tmp/pluto.log | grep -i -e 'assert' -e 'abort' -e 'segfault'


Actual results:

libreswan-3.8-5.el7
-------------------
"test2": ASSERTION FAILED at /builddir/build/BUILD/libreswan-3.8/programs/pluto/connections.c:2371: oriented(*c)
"test2": ABORT at /builddir/build/BUILD/libreswan-3.8/programs/pluto/connections.c:2371
"test2": ABORT at /builddir/build/BUILD/libreswan-3.8/programs/pluto/connections.c:2371

libreswan-3.12-1.el7
--------------------
"test2": ASSERTION FAILED at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350: oriented(*c)
"test2": ABORT at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350
"test2": ABORT at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350

Expected results:

No crash.

Additional info:
Comment 10 errata-xmlrpc 2016-05-11 00:15:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0890.html