Get a Segmentation fault trying to start StrongSwan on TCL-15.0 x86 (32-bit)

[rhermsen]

Wonder if there are known issues with TCL-15.0 x86 that can cause a segmentation fault?

I compiled StrongSwan-5.9.14 on TCL-15.0 x86 but get a:

Code: [Select]

$ sudo ipsec start
Segmentation fault
On CorePlus64 StrongSwan-5.9.14 works fine.

I get the also a segmentation fault with StrongSwan-5.9.5 that I compiled on TCL-13.x (which works ok on TCL-13.x and TCL-14.0).

Just want to ask here before opening a bug report with StrongSwan.

[Juanito]

Do you get any messages in dmesg when you get the segfault?

[rhermsen]

Hi Juanito,

Yes it indeed gives some crash details:

Code: [Select]

starter[4816]: segfault at e2a451b4 ip b7f12446 sp bfbc5808 error 5 in libstrongswan.so.0.0.0[b7eea000+32000] likely on CPU 0 (core 0, socket 0)
Code: 04 01 06 11 56 04 8b 03 8b 53 04 89 c6 0f a4 d0 11 89 03 0f a4 f2 11 8b 75 ec 89 53 04 33 06 33 56 04 89 03 89 53 04 8b 46 04 <8b> 10 89 06 89 56 04 8b 01 8b 51 04 01 07 11 57 04 8b 01 8b 51 04


Btw, I compiled it with the following flags (if I should look in that direction...):

Code: [Select]

export CFLAGS="-march=i486 -mtune=i686 -Os -pipe"
export CXXFLAGS="-march=i486 -mtune=i686 -Os -pipe"
export LDFLAGS="-Wl,-O1"
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig


[curaga]

Looks like a strongswan bug, just a more rare one exposed by a newer glibc or kernel.

[Rich]

Hi rhermsen

...

Code: [Select]

starter[4816]: segfault at e2a451b4 ip b7f12446 sp bfbc5808 error 5 in libstrongswan.so.0.0.0 ...

Error 5 according to include/uapi/asm-generic/errno-base.h in the kernel source files:

Code: [Select]

#define EIO              5      /* I/O error */I found references online mentioning segfaults due to .conf file issues:
1. Using spaces instead of tabs.
2. Missing newline character at end of file.
3. Denied access to file (usually apparmor).

[rhermsen]

Thanks for the additional clarification.

Tried to remove all default config files, but the segfaults are still present:

Code: [Select]

# sh -x ipsec start
sh: can't open 'ipsec': No such file or directory
root@testapps:/usr/local/etc/strongswan# which ipsec
/usr/local/sbin/ipsec
root@testapps:/usr/local/etc/strongswan# sh -x /usr/local/sbin/ipsec start
+ PATH=/home/tc/.local/bin:/usr/local/sbin:/usr/local/bin:/apps/bin:/usr/sbin:/usr/bin:/sbin:/bin:/etc/sysconfig/tcedir/ondemand
+ export PATH
+ '[' -z  ]
+ DAEMON_NAME=charon
+ uname -s
+ OS_NAME=Linux
+ IPSEC_NAME=strongSwan
+ uname -r
+ IPSEC_VERSION=U5.9.14/K6.6.8-tinycore
+ IPSEC_DIR=/usr/local/libexec/ipsec
+ IPSEC_BINDIR=/usr/local/bin
+ IPSEC_SBINDIR=/usr/local/sbin
+ IPSEC_CONFDIR=/usr/local/etc/strongswan
+ IPSEC_PIDDIR=/var/run
+ IPSEC_SCRIPT=ipsec
+ IPSEC_STARTER_PID=/var/run/starter.charon.pid
+ IPSEC_CHARON_PID=/var/run/charon.pid
+ IPSEC_STROKE=/usr/local/libexec/ipsec/stroke
+ IPSEC_STARTER=/usr/local/libexec/ipsec/starter
+ export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
+ IPSEC_DISTRO='University of Applied Sciences Rapperswil, Switzerland'
+ command_dir=/usr/local/libexec/ipsec
+ shift
+ '[' -d /var/lock/subsys ]
+ exec /usr/local/libexec/ipsec/starter --daemon charon
no files found matching '/usr/local/etc/strongswan/strongswan.conf'
abort initialization due to invalid configuration
Segmentation fault


[Rich]

Hi rhermsen

Thanks for the additional clarification.

Tried to remove all default config files, but the segfaults are still present:

Code: [Select]

----- Snip -----
no files found matching '/usr/local/etc/strongswan/strongswan.conf'
abort initialization due to invalid configuration
Segmentation fault


It looks like it's choking because it can't find  /usr/local/etc/strongswan/strongswan.conf

In TC13, strongswan.tcz contains a  /usr/local/etc/strongswan/strongswan.conf.sample
Maybe you need to rename it without  .sample  at the end.

[rhermsen]

Hi Rich,

Because you found some references where the config file could be the reason of the sigfault I removed them all, and still get a sigfault.
This was just to find if it was something with the default config files.
(The same .sample config files are also present in StrongSwan-5.9.14. Normally the startup script will copy the .sample config file without .sample if it is not already present)

Btw, I opened a bug report for this issue here:
https://github.com/strongswan/strongswan/issues/2421

[curaga]

Rich, I believe that error code has a different meaning from the usual ones: https://utcc.utoronto.ca/~cks/space/blog/linux/KernelSegfaultErrorCodes

[Rich]

Hi rhermsen
I take it that means if  /usr/local/etc/strongswan/strongswan.conf
is present, the segfault does not occur?

... Normally the startup script will copy the .sample config file without .sample if it is not already present) ...

I think the startup scripts are unique to Tinycore. They get run not
only when an extension first gets installed, but every time you boot.
This is because Tinycore does not use a persistent file system for the
operating system, but rebuilds it from scratch when it boots.

This is the startup file from TC13  usr/local/tce.installed/strongswan :

Code: [Select]

for dir in /usr/local/etc/strongswan/ /usr/local/etc/strongswan/strongswan.d/ /usr/local/etc/strongswan/strongswan.d/charon/ /usr/local/etc/strongswan/swanctl/
do
        cd $dir
        for file in *.sample
        do
                if [ -r ${file%.sample} ]; then
                        echo "Verify if  $dir/${file%.sample} requires changes."
                        echo "See $dir/$file for the example."
                else
                        sudo -u tc cp $file ${file%.sample}
                fi
        done
doneThere really should be a  #!/bin/sh  for the first line.
I don't believe this came from the strongswan source package.

[Rich]

Hi curaga
Oh good, a separate set of error codes to deal with, thanks a lot.
I think you're right. Those error codes would provide more detailed
information of the segfault.

It's too bad that rather than  stat  the file to see if it exists and print
a  "File not found"  message, they decided to segfault instead.

[rhermsen]

Hi rhermsen
I take it that means if  /usr/local/etc/strongswan/strongswan.conf
is present, the segfault does not occur?

No, the segfault occurs independent if the config exist or not.

... Normally the startup script will copy the .sample config file without .sample if it is not already present) ...

I think the startup scripts are unique to Tinycore. They get run not
only when an extension first gets installed, but every time you boot.
This is because Tinycore does not use a persistent file system for the
operating system, but rebuilds it from scratch when it boots.

This is the startup file from TC13  usr/local/tce.installed/strongswan :

Code: [Select]

for dir in /usr/local/etc/strongswan/ /usr/local/etc/strongswan/strongswan.d/ /usr/local/etc/strongswan/strongswan.d/charon/ /usr/local/etc/strongswan/swanctl/
do
        cd $dir
        for file in *.sample
        do
                if [ -r ${file%.sample} ]; then
                        echo "Verify if  $dir/${file%.sample} requires changes."
                        echo "See $dir/$file for the example."
                else
                        sudo -u tc cp $file ${file%.sample}
                fi
        done
done

The script just checks if the config is already present, if it is, it will echo a messages to verify for changes.
(this is only visible if installed via cli)
If the config is not present it will copy the .sample file as config file.

There really should be a  #!/bin/sh  for the first line.

Thanks, I will look into that before submitting an update.

I don't believe this came from the strongswan source package.

Indeed I created that script.