[Openswan Users] Pluto Segmentation fault in 2.4.7 and 2.4.8 rc1

Paul Wouters paul at xelerance.com
Tue Mar 13 11:55:42 EDT 2007 

On Tue, 13 Mar 2007, Djordje Zekovic wrote:

> Failed to read a valid object file image from memory.
> Core was generated by `/usr/libexec/ipsec/pluto --nofork --secretsfile
> /etc/ipsec.secrets --ipsecdir /'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x0806ebc8 in route_and_eroute (c=0xa0d5118, sr=0xa0d515c, st=0xa0d6878)
> at kernel.c:2532
> 2532                    if (esr->eroute_owner == SOS_NOBODY)
> #0  0x0806ebc8 in route_and_eroute (c=0xa0d5118, sr=0xa0d515c, st=0xa0d6878)
> at kernel.c:2532
> #1  0x0806efad in install_ipsec_sa (st=0xa0d6878, inbound_also=0) at
> kernel.c:2613
> #2  0x08067de1 in quick_inI2 (md=0xa0d2ed0) at ikev1_quick.c:2132
> #3  0x0807807c in process_packet (mdp=0x80ea068) at demux.c:2352
> #4  0x080788cf in comm_handle (ifp=0xa0d0cf8) at demux.c:1223
> #5  0x0805c2d8 in call_server () at server.c:1166
> #6  0x0805a4db in main (argc=1549747535, argv=0x7d6a6750) at plutomain.c:787

Thanks, that was somewhat helpful. Can you repeat it with plutodebug=controlmore ?
That should give us some more information leading up to the crash.
Also, a dump of all the variables in gdb would help as well, or at least a print
of esr.

Is this using 2.6.19 or 2.6.20? KLIPS or NETKEY?

> /var/log/secure:
>
> Mar 13 05:40:46 vpn1 pluto[16901]: ERROR: pfkey write() of SADB_X_DELFLOW
> message 14 for flow int.0 at 0.0.0.0 failed. Errno 14: Bad address
> Mar 13 05:40:46 vpn1 pluto[16901]: |   02 0f 00 0b  0e 00 00 00  0e 00 00
> 00  05 42 00 00
> Mar 13 05:40:46 vpn1 pluto[16901]: |   03 00 15 00  00 00 00 00  02 00 06
> a5  48 37 92 95
> Mar 13 05:40:46 vpn1 pluto[16901]: |   00 00 00 00  00 00 00 00  03 00 16
> 00  00 00 00 00
> Mar 13 05:40:46 vpn1 pluto[16901]: |   02 00 06 a5  c3 42 a4 bd  00 00 00
> 00  00 00 00 00
> Mar 13 05:40:46 vpn1 pluto[16901]: |   03 00 17 00  00 00 00 00  02 00 ff
> ff  ff ff ff ff
> Mar 13 05:40:46 vpn1 pluto[16901]: |   38 1a 90 bf  ca 1a 90 bf  03 00 18
> 00  00 00 00 00
> Mar 13 05:40:46 vpn1 pluto[16901]: |   02 00 ff ff  ff ff ff ff  00 00 00
> 00  00 00 00 00
> Mar 13 05:40:55 vpn1 pluto[16901]: packet from xxx.xxx.xxx.xxx:44: ignoring
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Mar 13 05:40:55 vpn1 pluto[16901]: packet from xxx.xxx.xxx.xxx:44: ignoring
> Vendor ID payload [FRAGMENTATION]
> Mar 13 05:40:55 vpn1 pluto[16901]: packet from xxx.xxx.xxx.xxx:44: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Mar 13 05:40:55 vpn1 pluto[16901]: packet from xxx.xxx.xxx.xxx:44: ignoring
> Vendor ID payload [Vid-Initial-Contact]
> Mar 13 05:40:55 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5:
> responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
> Mar 13 05:40:55 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5:
> transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Mar 13 05:40:55 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5:
> STATE_MAIN_R1: sent MR1, expecting MI2
> Mar 13 05:40:55 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5:
> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> Mar 13 05:40:55 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5:
> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Mar 13 05:40:55 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5:
> STATE_MAIN_R2: sent MR2, expecting MI3
> Mar 13 05:40:56 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5:
> Main mode peer ID is ID_DER_ASN1_DN: '*******'
> Mar 13 05:40:56 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5: I
> am sending my cert
> Mar 13 05:40:56 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5:
> transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Mar 13 05:40:56 vpn1 pluto[16901]: | NAT-T: new mapping xxx.xxx.xxx.xxx
> /1558)
> Mar 13 05:40:56 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #5:
> STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
> Mar 13 05:40:56 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #6:
> responding to Quick Mode {msgid:c366edd3}
> Mar 13 05:40:56 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #6:
> transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Mar 13 05:40:56 vpn1 pluto[16901]: "l2tp-transport"[2] xxx.xxx.xxx.xxx #6:
> STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Mar 13 05:41:07 vpn1 ipsec__plutorun: Restarting Pluto subsystem...
>
>
>
>
> /var/log/messages:
>
> Mar 13 02:45:51 vpn1 ipsec_setup: Restarting Openswan IPsec 2.4.8rc1...
> Mar 13 05:40:56 vpn1 ipsec__plutorun: /usr/lib/ipsec/_plutorun: line 237:
> 16901 Segmentation fault      (core dumped) /usr/libexec/ipsec/pluto
> --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec
> Mar 13 05:40:56 vpn1 ipsec__plutorun: !pluto failure!:  exited with error
> status 139 (signal 11)
> Mar 13 05:40:56 vpn1 ipsec__plutorun: restarting IPsec after pause...
>
>
> On 3/13/07, Paul Wouters <paul at xelerance.com> wrote:
> >
> > On Tue, 13 Mar 2007, Djordje Zekovic wrote:
> >
> > > I have also pluto segmentation fault with 2.4.7 version.
> > > Bug segm.fault still there using 2.4.8rc1 version.
> > >
> > > I can repeat bug any time: I am connected using Windows XP IPSEC/l2tp
> > > Client, then I disable local area network, after enabling it again I
> > > re-connect to VPN server, and wholaaa - segm. fault. I should receive
> > > message "Cannot eroute"
> > >
> > > Here is dump:
> >
> > > GNU gdb Red Hat Linux (6.5-15.fc6rh)
> >
> > > warning: Can't read pathname for load map: Input/output error.
> > > Reading symbols from /usr/lib/sse2/libgmp.so.3...done.
> > > Loaded symbols for /usr/lib/sse2/libgmp.so.3
> > > Reading symbols from /lib/libresolv.so.2...done.
> > > Loaded symbols for /lib/libresolv.so.2
> > > Reading symbols from /lib/libc.so.6...done.
> > > Loaded symbols for /lib/libc.so.6
> > > Reading symbols from /lib/ld-linux.so.2...done.
> > > Loaded symbols for /lib/ld-linux.so.2
> > > Failed to read a valid object file image from memory.
> > > Core was generated by `/usr/libexec/ipsec/pluto --nofork --secretsfile
> > > /etc/ipsec.secrets --ipsecdir /'.
> > > Program terminated with signal 11, Segmentation fault.
> > > #0  0x0806ebc8 in route_and_eroute (c=0x8145108, sr=0x814514c,
> > st=0x8145b40)
> > > at kernel.c:2532
> > > 2532    kernel.c: No such file or directory.
> > >        in kernel.c
> > > (gdb)
> >
> > Please run it so that gdb has access to the source, then give us a
> > backtrace
> > and a dump of the variables involved.
> >
> > Thanks,
> >
> > Paul
> >
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list