1166151 – Pluto crashes on INITIATOR site during 'service ipsec stop'

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1166151 - Pluto crashes on INITIATOR site during 'service ipsec stop'

Summary: Pluto crashes on INITIATOR site during 'service ipsec stop'

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libreswan
Sub Component:
Version:	6.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Paul Wouters
QA Contact:	Jaroslav Aster
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-11-20 13:21 UTC by Jaroslav Aster
Modified:	2018-01-26 20:55 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1166146
Environment:
Last Closed:	2016-05-11 00:15:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0890	0	normal	SHIPPED_LIVE	libreswan bug fix and enhancement update	2016-05-10 22:49:36 UTC

Description Jaroslav Aster 2014-11-20 13:21:48 UTC

openswan has a same problem. Tested on openswan-2.6.32-37.el6.

"test2": ASSERTION FAILED at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/connections.c:2215: oriented(*c)
"test2": ABORT at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/connections.c:2215
"test2": ABORT at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/connections.c:2215

+++ This bug was initially created as a clone of Bug #1166146 +++

Description of problem:

When I run test for bug 749605 I saw that pluto crashes on INITIATOR site during 'service ipsec stop' in the end of the test and I saw abort and assert messages in pluto.log. The bug 749605 is old, but automatic test is new, so it is possible that the crash is there for a long time, but nobody has noticed it.


Version-Release number of selected component (if applicable):

libreswan-3.8-5.el7
libreswan-3.12-1.el7

How reproducible:

Always.

Steps to Reproduce:

Configuration
-------------

# cat /etc/ipsec.conf
version 2.0

config setup
    protostack=netkey
    plutodebug=all
    plutostderrlog=/tmp/pluto.log
    plutorestartoncrash=false
    dumpdir=/tmp

conn test1
    left=172.29.1.1
    right=172.29.1.2
    authby=secret
    auto=add

conn test2
    left=172.29.1.1
    right=172.29.1.3
    authby=secret
    auto=add

conn test3
    left=172.29.1.3
    right=172.29.1.2
    authby=secret
    auto=add

# cat /etc/ipsec.secrets 
: PSK "redhat"


Scenario
--------
I_IP: initiator public ip
R_IP: responder public ip
I: initiator
R: responder

# Create tunnel between two host
I: ip tunnel add TEST_IFACE mode gre local I_IP remote R_IP
I: ip addr add 172.29.1.1/24 dev TEST_IFACE
I: ip link set dev TEST_IFACE up
R: ip tunnel add TEST_IFACE mode gre local R_IP remote I_IP
R: ip addr add 172.29.1.2/24 dev TEST_IFACE
R: ip link set dev TEST_IFACE up

I: service ipsec restart
Redirecting to /bin/systemctl restart  ipsec.service

R: service ipsec restart
Redirecting to /bin/systemctl restart  ipsec.service

I: ipsec auto --ready
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"

R: ipsec auto --up test1
002 "test1" #1: initiating Main Mode
104 "test1" #1: STATE_MAIN_I1: initiate
003 "test1" #1: received Vendor ID payload [Dead Peer Detection]
003 "test1" #1: received Vendor ID payload [FRAGMENTATION]
003 "test1" #1: received Vendor ID payload [RFC 3947]
002 "test1" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "test1" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "test1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "test1" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
002 "test1" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "test1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "test1" #1: received Vendor ID payload [CAN-IKEv2]
002 "test1" #1: Main mode peer ID is ID_IPV4_ADDR: '172.29.1.1'
002 "test1" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "test1" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha group=MODP2048}
002 "test1" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#1 msgid:90218c89 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
117 "test1" #2: STATE_QUICK_I1: initiate
002 "test1" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "test1" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x7f974b53 <0xe8d032dd xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=passive}

R: ip a add 172.29.1.3/24 dev TEST_IFACE
R: ipsec auto --ready
002 listening for IKE messages
002 adding interface TEST_IFACE/TEST_IFACE 172.29.1.3:500
002 adding interface TEST_IFACE/TEST_IFACE 172.29.1.3:4500
003 two interfaces match "test3" (TEST_IFACE, TEST_IFACE)
002 "test3": terminating SAs using this connection
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"

R: ipsec auto --up test2
002 "test2" #3: initiating Main Mode
104 "test2" #3: STATE_MAIN_I1: initiate
003 "test2" #3: received Vendor ID payload [Dead Peer Detection]
003 "test2" #3: received Vendor ID payload [FRAGMENTATION]
003 "test2" #3: received Vendor ID payload [RFC 3947]
002 "test2" #3: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "test2" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "test2" #3: STATE_MAIN_I2: sent MI2, expecting MR2
003 "test2" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
002 "test2" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "test2" #3: STATE_MAIN_I3: sent MI3, expecting MR3
003 "test2" #3: received Vendor ID payload [CAN-IKEv2]
002 "test2" #3: Main mode peer ID is ID_IPV4_ADDR: '172.29.1.1'
002 "test2" #3: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "test2" #3: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha group=MODP2048}
002 "test2" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#3 msgid:29da68a2 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
117 "test2" #4: STATE_QUICK_I1: initiate
002 "test2" #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "test2" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xa145be67 <0xc7618fef xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=passive}

R: ip a del 172.29.1.3/24 dev TEST_IFACE
I: ip a add 172.29.1.3/24 dev TEST_IFACE
R: ipsec auto --ready
002 listening for IKE messages
002 shutting down interface TEST_IFACE/TEST_IFACE 172.29.1.3:4500
002 shutting down interface TEST_IFACE/TEST_IFACE 172.29.1.3:500
002 "test2" #4: deleting state (STATE_QUICK_I2)
005 "test2" #4: ESP traffic information: in=0B out=0B
002 "test2" #3: deleting state (STATE_MAIN_I4)
002 "test2": terminating SAs using this connection
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"

I: ipsec auto --ready
002 listening for IKE messages
002 adding interface TEST_IFACE/TEST_IFACE 172.29.1.3:500
002 adding interface TEST_IFACE/TEST_IFACE 172.29.1.3:4500
003 two interfaces match "test2" (TEST_IFACE, TEST_IFACE)
002 "test2": terminating SAs using this connection
002 "test2" #4: deleting state (STATE_QUICK_R2)
005 "test2" #4: ESP traffic information: in=0B out=0B
002 "test2" #3: deleting state (STATE_MAIN_R3)
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"

I: grep -v 'hmac_update: after assert' /tmp/pluto.log | grep -i -e 'assert' -e 'abort' -e 'segfault'
I: service ipsec stop
Redirecting to /bin/systemctl stop  ipsec.service

I: grep -v 'hmac_update: after assert' /tmp/pluto.log | grep -i -e 'assert' -e 'abort' -e 'segfault'
"test2": ASSERTION FAILED at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350: oriented(*c)
"test2": ABORT at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350
"test2": ABORT at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350

R: grep -v 'hmac_update: after assert' /tmp/pluto.log | grep -i -e 'assert' -e 'abort' -e 'segfault'
R: service ipsec stop
Redirecting to /bin/systemctl stop  ipsec.service

R: grep -v 'hmac_update: after assert' /tmp/pluto.log | grep -i -e 'assert' -e 'abort' -e 'segfault'


Actual results:

libreswan-3.8-5.el7
-------------------
"test2": ASSERTION FAILED at /builddir/build/BUILD/libreswan-3.8/programs/pluto/connections.c:2371: oriented(*c)
"test2": ABORT at /builddir/build/BUILD/libreswan-3.8/programs/pluto/connections.c:2371
"test2": ABORT at /builddir/build/BUILD/libreswan-3.8/programs/pluto/connections.c:2371

libreswan-3.12-1.el7
--------------------
"test2": ASSERTION FAILED at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350: oriented(*c)
"test2": ABORT at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350
"test2": ABORT at /builddir/build/BUILD/libreswan-3.12/programs/pluto/connections.c:2350

Expected results:

No crash.

Additional info:

Comment 10 errata-xmlrpc 2016-05-11 00:15:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0890.html

Note You need to log in before you can comment on or make changes to this bug.