[strongSwan] SIGILL in 4.3.5 and above

Bjarke Istrup Pedersen gurli at gurlinet.dk
Thu Jul 22 11:02:42 CEST 2010


Hey again

2010/7/21 Tobias Brunner <tobias at strongswan.org>:
>> Looks suspicious:
>>
>>> +    return rekey - jitter * (random() / (RAND_MAX + 1.0));
>>
>> @Tobias: What's the idea behind RAND_MAX + 1.0? Might this end in a
>> division by zero?
>
> random() / (RAND_MAX + 1.0) returns a random floating point number in
> the range [0, 1). The value of RAND_MAX depends on the C library and in
> glibc it's 0x7fffffff.  Which shouldn't overflow a double-precision
> floating point number (in what RAND_MAX + 1.0 implicitly should result).
>
> As Martin recommended, using a debugger is probably be the fastest way
> to find the cause for this SIGILL.  If you can't use a debugger, it
> would help to know in what situations the SIGILL actually occurs (i.e.
> config, log).
>
> Regards,
> Tobias
>

Here is the output of strongswan 4.3.5 starting with --no-fork:

Starting strongSwan 4.3.5 IPsec [starter]...
01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.5)
01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
01[CFG] loading crls from '/etc/ipsec.d/crls'
01[CFG] loading secrets from '/etc/ipsec.secrets'
01[CFG]   loaded IKE secret for @woodpecker.home.gurlinet.dk
@jupiter.home.gurlinet.dk
01[KNL] listening on interfaces:
01[KNL]   wan0
01[KNL]     83.89.1.9
01[KNL]     fe80::200:24ff:fecb:e96c
01[KNL]   lan0
01[KNL]     fe80::200:24ff:fecb:e96d
01[KNL]   lan1
01[KNL]     fe80::200:24ff:fecb:e96f
01[KNL]   wlan0
01[KNL]     fe80::2a0:c5ff:feb2:1a77
01[KNL]   br0
01[KNL]     192.168.1.1
01[KNL]     fe80::200:24ff:fecb:e96d
01[KNL]   mon.wlan0
01[DMN] loaded plugins: aes des sha1 sha2 md5 pem pkcs1 gmp random
hmac xcbc stroke kernel-netlink updown
01[JOB] spawning 16 worker threads
charon (30793) started after 40 ms
03[CFG] received stroke: add connection 'net-net'
03[CFG] added configuration 'net-net'
03[CFG] received stroke: initiate 'net-net'
03[IKE] initiating IKE_SA net-net[1] to 92.246.20.56
03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
03[NET] sending packet: from 83.89.1.9[500] to 92.246.20.56[500]
12[NET] received packet: from 92.246.20.56[500] to 83.89.1.9[500]
12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
12[IKE] authentication of 'woodpecker.home.gurlinet.dk' (myself) with
pre-shared key
12[IKE] establishing CHILD_SA net-net
12[ENC] generating IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr ]
12[NET] sending packet: from 83.89.1.9[500] to 92.246.20.56[500]
14[NET] received packet: from 92.246.20.56[500] to 83.89.1.9[500]
14[ENC] parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) ]
14[IKE] authentication of 'jupiter.gurlinet.dk' with pre-shared key successful
14[IKE] IKE_SA net-net[1] established between
83.89.1.9[woodpecker.home.gurlinet.dk]...92.246.20.56[jupiter.gurlinet.dk]
14[IKE] scheduling reauthentication in 3281s
14[IKE] maximum IKE_SA lifetime 3461s
14[DMN] thread 2958461808 received 4
 dumping 0 stack frame addresses:
14[DMN] killing ourself, received critical signal
charon has died -- restart scheduled (5sec)

I managed to get ipsec start --attach-gdb working, here is the output:

woodpecker usr # ipsec start --attach-gdb
Starting strongSwan 4.3.5 IPsec [starter]...
GNU gdb (Gentoo 7.1 p1) 7.1
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-pc-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>...
Reading symbols from /usr/libexec/ipsec/charon...Reading symbols from
/usr/lib/debug/usr/libexec/ipsec/charon.debug...done.
done.
(gdb) run
Starting program: /usr/libexec/ipsec/charon
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/lib/libstrongswan.so.0.0.0.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.5)
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-aes.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-des.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-sha1.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-sha2.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-md5.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-pem.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-pkcs1.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-gmp.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-random.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-hmac.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-xcbc.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-stroke.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
01[CFG] loading crls from '/etc/ipsec.d/crls'
01[CFG] loading secrets from '/etc/ipsec.secrets'
01[CFG]   loaded IKE secret for @woodpecker.home.gurlinet.dk
@jupiter.home.gurlinet.dk
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-kernel-netlink.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
01[KNL] listening on interfaces:
01[KNL]   wan0
01[KNL]     83.89.1.9
01[KNL]     fe80::200:24ff:fecb:e96c
01[KNL]   lan0
01[KNL]     fe80::200:24ff:fecb:e96d
01[KNL]   lan1
01[KNL]     fe80::200:24ff:fecb:e96f
01[KNL]   wlan0
01[KNL]     fe80::2a0:c5ff:feb2:1a77
01[KNL]   br0
01[KNL]     192.168.1.1
01[KNL]     fe80::200:24ff:fecb:e96d
01[KNL]   mon.wlan0
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
warning: no loadable sections found in added symbol-file
/usr/lib/debug/usr/libexec/ipsec/plugins/libstrongswan-updown.so.debug
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
[tcsetpgrp failed in terminal_inferior: Inappropriate ioctl for device]
01[DMN] loaded plugins: aes des sha1 sha2 md5 pem pkcs1 gmp random
hmac xcbc stroke kernel-netlink updown
01[JOB] spawning 16 worker threads
charon (30864) started after 2460 ms
03[CFG] received stroke: add connection 'net-net'
03[CFG] added configuration 'net-net'
08[CFG] received stroke: initiate 'net-net'
08[IKE] initiating IKE_SA net-net[1] to 92.246.20.56
08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
08[NET] sending packet: from 83.89.1.9[500] to 92.246.20.56[500]
12[NET] received packet: from 92.246.20.56[500] to 83.89.1.9[500]
12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
12[IKE] authentication of 'woodpecker.home.gurlinet.dk' (myself) with
pre-shared key
12[IKE] establishing CHILD_SA net-net
12[ENC] generating IKE_AUTH request 1 [ IDi IDr AUTH SA TSi TSr ]
12[NET] sending packet: from 83.89.1.9[500] to 92.246.20.56[500]
14[NET] received packet: from 92.246.20.56[500] to 83.89.1.9[500]
14[ENC] parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) ]
14[IKE] authentication of 'jupiter.gurlinet.dk' with pre-shared key successful
14[IKE] IKE_SA net-net[1] established between
83.89.1.9[woodpecker.home.gurlinet.dk]...92.246.20.56[jupiter.gurlinet.dk]
14[IKE] scheduling reauthentication in 3379s
14[IKE] maximum IKE_SA lifetime 3559s
[New LWP 30882]

Program received signal SIGILL, Illegal instruction.
[Switching to LWP 30882]
0x080722c8 in __fixunsdfdi ()
(gdb) bt
#0  0x080722c8 in __fixunsdfdi ()
#1  0x0804f15b in apply_jitter (this=0x8087180) at config/child_cfg.c:364
#2  get_lifetime (this=0x8087180) at config/child_cfg.c:375
#3  0x0805ff77 in install (this=0x808bc18, encr=..., integ=...,
spi=3888568525, cpi=0, inbound=true) at sa/child_sa.c:589
#4  0x08067a19 in select_and_install (this=0x8088990, no_dh=<value
optimized out>) at sa/tasks/child_create.c:415
#5  0x08067fee in process_i (this=0x8088990, message=0x8089cf0) at
sa/tasks/child_create.c:1057
#6  0x080658fa in process_response (this=0x80882b8, msg=0x8089cf0) at
sa/task_manager.c:498
#7  process_message (this=0x80882b8, msg=0x8089cf0) at sa/task_manager.c:913
#8  0x0805c4ac in execute (this=0x8085620) at
processing/jobs/process_message_job.c:78
#9  0x0805d2d2 in process_jobs (this=0x80805f0) at processing/processor.c:123
#10 0xb7fb27cf in ?? () from /lib/libpthread.so.0
#11 0xb7f0c9de in clone () from /lib/libc.so.6
(gdb)

I am unable to find what __fixunsdfdi is.
child_cfg.c is indeed the line mentioned above.

Anyone who has any ideas?




More information about the Users mailing list