<div dir="ltr">Can do ....<div><br></div><div>The parent was indeed deleted.<div><br></div><div>I see this:</div><div> #533497: received unsupported NOTIFY v2N_NON_FIRST_FRAGMENTS_ALSO</div><div>Then 5 seconds later the deletion:</div><div> #533497: deleting state (STATE_PARENT_R2) aged 4.913s and sending notification</div><div>Followed immediately by the crash:</div><div> EXPECTATION FAILED: child state #533502 missing parent state #533497 (in get_ike_sa() at state.c:461)</div></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 6, 2019 at 11:32 AM Andrew Cagney <<a href="mailto:andrew.cagney@gmail.com">andrew.cagney@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I'd start by going through the logs looking for messages that pertain<br>
to the IKE SA '#533497'. Presumably it was deleted, but its child<br>
#533502 was somehow missed.<br>
<br>
On Wed, 6 Nov 2019 at 10:40, Alan Szlosek <<a href="mailto:alan@redoxengine.com" target="_blank">alan@redoxengine.com</a>> wrote:<br>
><br>
> Hi libreswan,<br>
><br>
> We're running libreswan 3.29 on Ubuntu with Linux kernel 4.15 and had a segfault due to a null pointer dereference in the ikev2.c code. Can you work with me to determine what caused it?<br>
><br>
> We saw this in the logs just before the crash:<br>
><br>
> EXPECTATION FAILED: child state #533502 missing parent state #533497 (in get_ike_sa() at state.c:461)<br>
<br>
<br>
> I ran gdb against the crash dump, here's the output:<br>
><br>
> GNU gdb (Ubuntu 8.1-0ubuntu3.1) 8.1.0.20180409-git<br>
> Copyright (C) 2018 Free Software Foundation, Inc.<br>
> License GPLv3+: GNU GPL version 3 or later <<a href="http://gnu.org/licenses/gpl.html" rel="noreferrer" target="_blank">http://gnu.org/licenses/gpl.html</a>><br>
> This is free software: you are free to change and redistribute it.<br>
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"<br>
> and "show warranty" for details.<br>
> This GDB was configured as "x86_64-linux-gnu".<br>
> Type "show configuration" for configuration details.<br>
> For bug reporting instructions, please see:<br>
> <<a href="http://www.gnu.org/software/gdb/bugs/" rel="noreferrer" target="_blank">http://www.gnu.org/software/gdb/bugs/</a>>.<br>
> Find the GDB manual and other documentation resources online at:<br>
> <<a href="http://www.gnu.org/software/gdb/documentation/" rel="noreferrer" target="_blank">http://www.gnu.org/software/gdb/documentation/</a>>.<br>
> For help, type "help".<br>
> Type "apropos word" to search for commands related to "word"...<br>
> Reading symbols from /usr/lib/ipsec/pluto...Reading symbols from /usr/lib/debug/.build-id/07/90d482ffd48ee4a7e01a43395d54c7df1747e1.debug...done.<br>
> done.<br>
> [New LWP 4703]<br>
> [New LWP 4713]<br>
> [New LWP 4708]<br>
> [New LWP 4714]<br>
> [New LWP 4707]<br>
> [New LWP 4712]<br>
> [New LWP 4711]<br>
> [New LWP 4715]<br>
> [New LWP 4709]<br>
> [New LWP 4716]<br>
> [New LWP 4710]<br>
> [New LWP 4720]<br>
> [New LWP 4717]<br>
> [New LWP 4718]<br>
> [New LWP 4719]<br>
> [New LWP 4721]<br>
> [Thread debugging using libthread_db enabled]<br>
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".<br>
> Core was generated by `/usr/lib/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork'.<br>
> Program terminated with signal SIGSEGV, Segmentation fault.<br>
> #0 0x000055b4c756dfe5 in ikev2_process_packet (mdp=mdp@entry=0x7fffa7286f00) at ./programs/pluto/ikev2.c:1736<br>
><br>
> warning: Source file is more recent than executable.<br>
> 1736 if (md->hdr.isa_msgid > ike->sa.st_v2_msgids.initiator.sent) {<br>
> [Current thread is 1 (Thread 0x7f4ad6e80900 (LWP 4703))]<br>
> (gdb) where<br>
> #0 0x000055b4c756dfe5 in ikev2_process_packet (mdp=mdp@entry=0x7fffa7286f00) at ./programs/pluto/ikev2.c:1736<br>
> #1 0x000055b4c7592428 in process_packet (mdp=mdp@entry=0x7fffa7286f00) at ./programs/pluto/demux.c:387<br>
> #2 0x000055b4c759263f in process_md (mdp=mdp@entry=0x7fffa7286f00) at ./programs/pluto/demux.c:442<br>
> #3 0x000055b4c7592ba6 in comm_handle (ifp=<optimized out>) at ./programs/pluto/demux.c:483<br>
> #4 comm_handle_cb (fd=<optimized out>, event=<optimized out>, arg=<optimized out>) at ./programs/pluto/demux.c:492<br>
> #5 0x00007f4ad49d88f8 in ?? () from /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6<br>
> #6 0x00007f4ad49d933f in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.1.so.6<br>
> #7 0x000055b4c754ece4 in call_server () at ./programs/pluto/server.c:1378<br>
> #8 0x000055b4c750c973 in main (argc=<optimized out>, argv=<optimized out>) at ./programs/pluto/plutomain.c:1789<br>
><br>
> # I BELIEVE THE FOLLOWING SHOWS THAT THE ike VAR CONTAINS A NULL POINTER.<br>
> # And as you know, dereferencing a null pointer is one of the possible causes of segfaults.<br>
> (gdb) p md<br>
> $1 = (struct msg_digest *) 0x55b4c8390758<br>
> (gdb) p ike<br>
> $2 = (struct ike_sa *) 0x0<br>
> (gdb) p st->st_serialno<br>
> $6 = 533502<br>
><br>
><br>
><br>
> I verified that st->st_serialno contains the expected value of 533502 (which was mentioned in the log output).<br>
><br>
> What else should I check?<br>
><br>
> Thanks in advance.<br>
> _______________________________________________<br>
> Swan mailing list<br>
> <a href="mailto:Swan@lists.libreswan.org" target="_blank">Swan@lists.libreswan.org</a><br>
> <a href="https://lists.libreswan.org/mailman/listinfo/swan" rel="noreferrer" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Alan Szlosek<div>Infrastructure Engineer</div><div><a href="https://www.redoxengine.com" target="_blank">redoxengine.com</a></div><div><a href="https://www.redoxengine.com/redox-interoperability-summit-2019/?utm_medium=email&utm_source=Email%20Signature%20Banner&utm_campaign=Summit19&utm_content=banner" target="_blank"><br></a></div><div><a href="https://www.redoxengine.com/redox-interoperability-summit-2019/?utm_medium=email&utm_source=Email%20Signature%20Banner&utm_campaign=Summit19&utm_content=banner" target="_blank"><img src="http://www.redoxengine.com/wp-content/uploads/2019/08/Redox_InteroperabilitySummit_2019_EmailSig-1.jpg" width="420" height="119" alt="https://www.redoxengine.com/redox-interoperability-summit-2019/?utm_medium=email&utm_source=Email%20Signature%20Banner&utm_campaign=Summit19&utm_content=banner"></a><br></div></div></div>