Bug 1277247 - NM crashing when upping libreswan connection as secondary
NM crashing when upping libreswan connection as secondary
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager (Show other bugs)
7.3
Unspecified Unspecified
urgent Severity urgent
: rc
: 7.3
Assigned To: Thomas Haller
Desktop QE
:
Depends On:
Blocks: 1301628 1313485
  Show dependency treegraph
 
Reported: 2015-11-02 14:31 EST by Vladimir Benes
Modified: 2016-11-03 15:19 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 15:19:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
backtrace (6.37 KB, text/plain)
2015-11-02 14:32 EST, Vladimir Benes
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2581 normal SHIPPED_LIVE Low: NetworkManager security, bug fix, and enhancement update 2016-11-03 08:08:07 EDT

  None (edit)
Description Vladimir Benes 2015-11-02 14:31:50 EST
Description of problem:
I have a connection to racoon server and libreswan as a secondary on that to racoon server connection. I see crash randomly.

backtrace attached.
 

Version-Release number of selected component (if applicable):
NetworkManager-1.0.6-27.el7.x86_64 
NetworkManager-libreswan-1.0.6-3.el7.x86_64
libreswan-3.12-10.1.el7_1.x86_64


rac1 connection:
connection.id:                          rac1
connection.uuid:                        dc329547-e765-40c3-8b0b-d208559f5aae
connection.interface-name:              racoon1
connection.type:                        802-3-ethernet
connection.autoconnect:                 no
connection.autoconnect-priority:        0
connection.timestamp:                   1446492505
connection.read-only:                   no
connection.permissions:                 
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 8ba20250-3291-462a-9872-8179edbbe0c1
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          yes
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.mac-address-blacklist:   
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-subchannels:        
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            
802-3-ethernet.wake-on-lan:             1 (default)
802-3-ethernet.wake-on-lan-password:    --
ipv4.method:                            auto
ipv4.dns:                               
ipv4.dns-search:                        
ipv4.addresses:                         
ipv4.gateway:                           --
ipv4.routes:                            
ipv4.route-metric:                      90
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv6.method:                            ignore
ipv6.dns:                               
ipv6.dns-search:                        
ipv6.addresses:                         
ipv6.gateway:                           --
ipv6.routes:                            
ipv6.route-metric:                      -1
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --


libreswan connection:
connection.id:                          libreswan
connection.uuid:                        8ba20250-3291-462a-9872-8179edbbe0c1
connection.interface-name:              --
connection.type:                        vpn
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.timestamp:                   0
connection.read-only:                   no
connection.permissions:                 
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
ipv4.method:                            auto
ipv4.dns:                               
ipv4.dns-search:                        
ipv4.addresses:                         
ipv4.gateway:                           --
ipv4.routes:                            
ipv4.route-metric:                      -1
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv6.method:                            auto
ipv6.dns:                               
ipv6.dns-search:                        
ipv6.addresses:                         
ipv6.gateway:                           --
ipv6.routes:                            
ipv6.route-metric:                      -1
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
vpn.service-type:                       org.freedesktop.NetworkManager.libreswan
vpn.user-name:                          --
vpn.data:                               right = 172.31.70.1, xauthpasswordinputmodes = save, xauthpassword-flags = 0, leftxauthusername = budulinek, pskinputmodes = save, vendor = Cisco, pskvalue-flags = 0, leftid = yolo
vpn.secrets:                            <hidden>
vpn.persistent:                         no


scenario:
    * Add a connection named "libreswan" for device "\*" to "libreswan" VPN
    * Use user "budulinek" with password "passwd" and group "yolo" with secret "ipsecret" for gateway "172.31.70.1" on Libreswan connection "libreswan"
    * Execute "nmcli con modify rac1 connection.secondaries libreswan"
    * Bring "up" connection "rac1"
    Then "libreswan" is visible with command "nmcli con show -a" in "60" seconds
    Then "rac1" is visible with command "nmcli con show -a" in "60" seconds
    Then "172.31.80.0/24 dev racoon1" is visible with command "ip route"
    Then "VPN.VPN-STATE:.*VPN connected" is visible with command "nmcli c show libreswan"
    Then "VPN.BANNER:.*BUG_REPORT_URL" is visible with command "nmcli c show libreswan"
    Then "IP4.ADDRESS.*172.31.60.2/32" is visible with command "nmcli c show libreswan"
    Then "IP4.ADDRESS.*172.31.60.2/32" is visible with command "nmcli d show racoon1"
    Then "IP4.ADDRESS.*172.31.70.*/24" is visible with command "nmcli d show racoon1"
    Then "IP4.GATEWAY:.*172.31.70.1" is visible with command "nmcli d show racoon1"
Comment 1 Vladimir Benes 2015-11-02 14:32 EST
Created attachment 1088709 [details]
backtrace
Comment 2 Jirka Klimes 2015-11-03 03:02:35 EST
We know that there might be a problem in this area, because of bug 1175446. Unfortunately, we have not been able to reproduce it. I'll try your test. And if you could identify how/when this happens it would help.
Comment 6 Jirka Klimes 2015-12-03 08:18:18 EST
For the record, these are the fixes:
master: b9da3d9 policy: fix looping through list while removing elements (rh #1175446)
nm-1-0: 112f3f8 policy: fix looping through list while removing elements (rh #1175446)
Comment 11 errata-xmlrpc 2016-11-03 15:19:50 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2581.html

Note You need to log in before you can comment on or make changes to this bug.