[tor-bugs] #7212 [Tor]: circuitmux assertion failure in 0.2.4.4-alpha

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 12 07:20:10 UTC 2012 

#7212: circuitmux assertion failure in 0.2.4.4-alpha
-----------------------+----------------------------------------------------
 Reporter:  nickm      |          Owner:                    
     Type:  defect     |         Status:  needs_review      
 Priority:  major      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor        |        Version:  Tor: 0.2.4.4-alpha
 Keywords:  tor-relay  |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by andrea):

 Replying to [comment:17 nickm]:
 > Aha, Maybe.
 >
 > Both of the failures had this pair of stack frames in common:
 >
 > {{{
 > #4  0x00007ffff7eee224 in circuit_mark_for_close_ (circ=0x7ffff99f4eb0,
 >     reason=8, line=1461, file=0x7ffff7fb3a0f "src/or/circuitlist.c")
 >     at src/or/circuitlist.c:1441
 >         conn = <optimized out>
 >         __PRETTY_FUNCTION__ = "circuit_mark_for_close_"
 >         __func__ = "circuit_mark_for_close_"
 > #5  0x00007ffff7eee513 in circuit_mark_for_close_ (circ=0x7ffff8decff0,
 >     reason=8, line=1047, file=0x7ffff7fb3a0f "src/or/circuitlist.c")
 >     at src/or/circuitlist.c:1461
 >         __PRETTY_FUNCTION__ = "circuit_mark_for_close_"
 >         __func__ = "circuit_mark_for_close_"
 > }}}
 >
 > That's a circuit_mark_for_close_() calling a circuit_mark_for_close_()
 on its spliced rendezvous circuit at what is now line 1471 of
 circuitlist.c.  That's a clue, perhaps.
 >
 > Also, circuit_mark_for_close_() doesn't call update_circuit_on_cmux()
 directly; it only calls circuit_cell_queue_clear().  That could be another
 clue.
 >
 > I've taken a wild stab at a workaround in branch "bug7212_wild_stab" in
 my public repository.  Andrea, what do you think of this one? Do you think
 it's safe to merge?

 Come to think of it, I think you probably nailed it.  Spliced rendezvous
 circuits are an exception to 'every circuit has a channel and should be
 attached to its cmux', since IIRC they deliver cells to another circuit
 that is then attached to a channel instead.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7212#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list