View Issue Details

IDProjectCategoryView StatusLast Update
0017885CentOS-8kernelpublic2020-11-25 01:13
Reporterbeck Assigned To 
Status newResolutionopen 
Product Version8.2.2004 
Summary0017885: kvm guest memory corruption due to strongswan traffic
DescriptionFiling this as Kernel bug, as strongswan is merely a user of kernel modules and does not bring it's own (afaik).

Setup: strongswan site2site tunnel + multiple KVM (CentOS 7) guests

Issue: When there is "heavy" (>1MBit/s) traffic on the strongswan tunnel, KVM guests get memory corruptions.

After a variable amount of time (seconds - minutes) of heavy traffic, programs in the guests start segfaulting. This is random, sometimes execution works perfectly, the next execution is segfaulting. This is affecting all kinds of services (journald, user space programs, shell commands). It also affects disk io, reading data from the disk is sometimes returning corrupted data. However next read of the same data is working fine; completely random. A reboot of the guest kernel does not fix the issue. Only a "power cycle" of the guest recovers the state.

Traffic bypassing the tunnel does not trigger the issue.
Steps To Reproducesetup strongswan tunnel
startup some KVM guests (it might help to have some userspace programs as well, in my case InfluxDB and PostgreSQL).

Run iperf from the host through the tunnel
observe crashes and segfaults in the guests
Additional InformationI'm sorry for the vague description. I can help debugging the issue if i get the right hints on what to look for.

Host memory is tested and showed no issues.
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-11-25 01:13 beck New Issue