View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0017885||CentOS-8||kernel||public||2020-11-25 01:13||2020-11-25 01:13|
|Target Version||Fixed in Version|
|Summary||0017885: kvm guest memory corruption due to strongswan traffic|
|Description||Filing this as Kernel bug, as strongswan is merely a user of kernel modules and does not bring it's own (afaik).|
Setup: strongswan site2site tunnel + multiple KVM (CentOS 7) guests
Issue: When there is "heavy" (>1MBit/s) traffic on the strongswan tunnel, KVM guests get memory corruptions.
After a variable amount of time (seconds - minutes) of heavy traffic, programs in the guests start segfaulting. This is random, sometimes execution works perfectly, the next execution is segfaulting. This is affecting all kinds of services (journald, user space programs, shell commands). It also affects disk io, reading data from the disk is sometimes returning corrupted data. However next read of the same data is working fine; completely random. A reboot of the guest kernel does not fix the issue. Only a "power cycle" of the guest recovers the state.
Traffic bypassing the tunnel does not trigger the issue.
|Steps To Reproduce||setup strongswan tunnel|
startup some KVM guests (it might help to have some userspace programs as well, in my case InfluxDB and PostgreSQL).
Run iperf from the host through the tunnel
observe crashes and segfaults in the guests
|Additional Information||I'm sorry for the vague description. I can help debugging the issue if i get the right hints on what to look for.|
Host memory is tested and showed no issues.
|Tags||No tags attached.|