WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Get a Segmentation fault trying to start StrongSwan on TCL-15.0 x86 (32-bit)  (Read 534 times)

Offline rhermsen

  • Wiki Author
  • Full Member
  • *****
  • Posts: 106
Wonder if there are known issues with TCL-15.0 x86 that can cause a segmentation fault?

I compiled StrongSwan-5.9.14 on TCL-15.0 x86 but get a:
Code: [Select]
$ sudo ipsec start
Segmentation fault

On CorePlus64 StrongSwan-5.9.14 works fine.

I get the also a segmentation fault with StrongSwan-5.9.5 that I compiled on TCL-13.x (which works ok on TCL-13.x and TCL-14.0).

Just want to ask here before opening a bug report with StrongSwan.

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14756
Do you get any messages in dmesg when you get the segfault?

Offline rhermsen

  • Wiki Author
  • Full Member
  • *****
  • Posts: 106
Hi Juanito,

Yes it indeed gives some crash details:

Code: [Select]
starter[4816]: segfault at e2a451b4 ip b7f12446 sp bfbc5808 error 5 in libstrongswan.so.0.0.0[b7eea000+32000] likely on CPU 0 (core 0, socket 0)
Code: 04 01 06 11 56 04 8b 03 8b 53 04 89 c6 0f a4 d0 11 89 03 0f a4 f2 11 8b 75 ec 89 53 04 33 06 33 56 04 89 03 89 53 04 8b 46 04 <8b> 10 89 06 89 56 04 8b 01 8b 51 04 01 07 11 57 04 8b 01 8b 51 04


Btw, I compiled it with the following flags (if I should look in that direction...):
Code: [Select]
export CFLAGS="-march=i486 -mtune=i686 -Os -pipe"
export CXXFLAGS="-march=i486 -mtune=i686 -Os -pipe"
export LDFLAGS="-Wl,-O1"
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig





Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11027
Looks like a strongswan bug, just a more rare one exposed by a newer glibc or kernel.
The only barriers that can stop you are the ones you create yourself.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11518
Hi rhermsen
...
Code: [Select]
starter[4816]: segfault at e2a451b4 ip b7f12446 sp bfbc5808 error 5 in libstrongswan.so.0.0.0 ...
Error 5 according to include/uapi/asm-generic/errno-base.h in the kernel source files:
Code: [Select]
#define EIO              5      /* I/O error */I found references online mentioning segfaults due to .conf file issues:
1. Using spaces instead of tabs.
2. Missing newline character at end of file.
3. Denied access to file (usually apparmor).

Offline rhermsen

  • Wiki Author
  • Full Member
  • *****
  • Posts: 106
Thanks for the additional clarification.

Tried to remove all default config files, but the segfaults are still present:

Code: [Select]
# sh -x ipsec start
sh: can't open 'ipsec': No such file or directory
root@testapps:/usr/local/etc/strongswan# which ipsec
/usr/local/sbin/ipsec
root@testapps:/usr/local/etc/strongswan# sh -x /usr/local/sbin/ipsec start
+ PATH=/home/tc/.local/bin:/usr/local/sbin:/usr/local/bin:/apps/bin:/usr/sbin:/usr/bin:/sbin:/bin:/etc/sysconfig/tcedir/ondemand
+ export PATH
+ '[' -z  ]
+ DAEMON_NAME=charon
+ uname -s
+ OS_NAME=Linux
+ IPSEC_NAME=strongSwan
+ uname -r
+ IPSEC_VERSION=U5.9.14/K6.6.8-tinycore
+ IPSEC_DIR=/usr/local/libexec/ipsec
+ IPSEC_BINDIR=/usr/local/bin
+ IPSEC_SBINDIR=/usr/local/sbin
+ IPSEC_CONFDIR=/usr/local/etc/strongswan
+ IPSEC_PIDDIR=/var/run
+ IPSEC_SCRIPT=ipsec
+ IPSEC_STARTER_PID=/var/run/starter.charon.pid
+ IPSEC_CHARON_PID=/var/run/charon.pid
+ IPSEC_STROKE=/usr/local/libexec/ipsec/stroke
+ IPSEC_STARTER=/usr/local/libexec/ipsec/starter
+ export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
+ IPSEC_DISTRO='University of Applied Sciences Rapperswil, Switzerland'
+ command_dir=/usr/local/libexec/ipsec
+ shift
+ '[' -d /var/lock/subsys ]
+ exec /usr/local/libexec/ipsec/starter --daemon charon
no files found matching '/usr/local/etc/strongswan/strongswan.conf'
abort initialization due to invalid configuration
Segmentation fault

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11518
Hi rhermsen
Thanks for the additional clarification.

Tried to remove all default config files, but the segfaults are still present:

Code: [Select]
----- Snip -----
no files found matching '/usr/local/etc/strongswan/strongswan.conf'
abort initialization due to invalid configuration
Segmentation fault
It looks like it's choking because it can't find  /usr/local/etc/strongswan/strongswan.conf

In TC13, strongswan.tcz contains a  /usr/local/etc/strongswan/strongswan.conf.sample
Maybe you need to rename it without  .sample  at the end.


Offline rhermsen

  • Wiki Author
  • Full Member
  • *****
  • Posts: 106
Hi Rich,

Because you found some references where the config file could be the reason of the sigfault I removed them all, and still get a sigfault.
This was just to find if it was something with the default config files.
(The same .sample config files are also present in StrongSwan-5.9.14. Normally the startup script will copy the .sample config file without .sample if it is not already present)

Btw, I opened a bug report for this issue here:
https://github.com/strongswan/strongswan/issues/2421



Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11027
Rich, I believe that error code has a different meaning from the usual ones: https://utcc.utoronto.ca/~cks/space/blog/linux/KernelSegfaultErrorCodes
The only barriers that can stop you are the ones you create yourself.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11518
Hi rhermsen
I take it that means if  /usr/local/etc/strongswan/strongswan.conf
is present, the segfault does not occur?

... Normally the startup script will copy the .sample config file without .sample if it is not already present) ...
I think the startup scripts are unique to Tinycore. They get run not
only when an extension first gets installed, but every time you boot.
This is because Tinycore does not use a persistent file system for the
operating system, but rebuilds it from scratch when it boots.

This is the startup file from TC13  usr/local/tce.installed/strongswan :
Code: [Select]
for dir in /usr/local/etc/strongswan/ /usr/local/etc/strongswan/strongswan.d/ /usr/local/etc/strongswan/strongswan.d/charon/ /usr/local/etc/strongswan/swanctl/
do
        cd $dir
        for file in *.sample
        do
                if [ -r ${file%.sample} ]; then
                        echo "Verify if  $dir/${file%.sample} requires changes."
                        echo "See $dir/$file for the example."
                else
                        sudo -u tc cp $file ${file%.sample}
                fi
        done
done
There really should be a  #!/bin/sh  for the first line.
I don't believe this came from the strongswan source package.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11518
Hi curaga
Oh good, a separate set of error codes to deal with, thanks a lot. ;D
I think you're right. Those error codes would provide more detailed
information of the segfault.

It's too bad that rather than  stat  the file to see if it exists and print
a  "File not found"  message, they decided to segfault instead.

Offline rhermsen

  • Wiki Author
  • Full Member
  • *****
  • Posts: 106
Hi rhermsen
I take it that means if  /usr/local/etc/strongswan/strongswan.conf
is present, the segfault does not occur?
No, the segfault occurs independent if the config exist or not.


... Normally the startup script will copy the .sample config file without .sample if it is not already present) ...
I think the startup scripts are unique to Tinycore. They get run not
only when an extension first gets installed, but every time you boot.
This is because Tinycore does not use a persistent file system for the
operating system, but rebuilds it from scratch when it boots.

This is the startup file from TC13  usr/local/tce.installed/strongswan :
Code: [Select]
for dir in /usr/local/etc/strongswan/ /usr/local/etc/strongswan/strongswan.d/ /usr/local/etc/strongswan/strongswan.d/charon/ /usr/local/etc/strongswan/swanctl/
do
        cd $dir
        for file in *.sample
        do
                if [ -r ${file%.sample} ]; then
                        echo "Verify if  $dir/${file%.sample} requires changes."
                        echo "See $dir/$file for the example."
                else
                        sudo -u tc cp $file ${file%.sample}
                fi
        done
done


The script just checks if the config is already present, if it is, it will echo a messages to verify for changes.
(this is only visible if installed via cli)
If the config is not present it will copy the .sample file as config file.

There really should be a  #!/bin/sh  for the first line.
Thanks, I will look into that before submitting an update.

I don't believe this came from the strongswan source package.
Indeed I created that script.