[tor-bugs] #9754 [Tor]: Tor 0.2.4.17-rc crashed with failed assertion

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 30 17:02:25 UTC 2013 

#9754: Tor 0.2.4.17-rc crashed with failed assertion
------------------------------+--------------------------------
     Reporter:  communicator  |      Owner:
         Type:  defect        |     Status:  needs_information
     Priority:  major         |  Milestone:  Tor: 0.2.4.x-final
    Component:  Tor           |    Version:  Tor: unspecified
   Resolution:                |   Keywords:  tor-relay
Actual Points:                |  Parent ID:
       Points:                |
------------------------------+--------------------------------

Comment (by communicator):

 Replying to [comment:17 arma]:
 > Your core file likely includes sensitive keys [...] You should keep it
 secret.

 Good point.

 Maybe the next core will help?
 This time it took nearly 6 days to crash. My {{{/var/log/syslog}}} shows
 these lines:

 {{{
 Sep 30 17:11:37 communicator kernel: [906980.459109]
 do_general_protection: 66 callbacks suppressed
 Sep 30 17:11:37 communicator kernel: [906980.459140] tor[22059] general
 protection ip:7fa9d532315c sp:7fff48e604f0 error:0 in tor[
 7fa9d5293000+1b8000]
 }}}

 The stacktrace from gdb:

 {{{
 Core was generated by `/usr/bin/tor --defaults-torrc /usr/share/tor/tor-
 service-defaults-torrc --hush'.
 Program terminated with signal 11, Segmentation fault.
 #0  circuit_get_by_rend_token_and_purpose (purpose=purpose at entry=3 '\003',
     token=token at entry=0x7fff48e60aa0 "hS(i\252\272\026\267M\366\303<퉥
 \215iE\247\207", len=20) at ../src/or/circuitlist.c:1141
 1141        if (! circ->marked_for_close &&
 (gdb) bt
 #0  circuit_get_by_rend_token_and_purpose (purpose=purpose at entry=3 '\003',
     token=token at entry=0x7fff48e60aa0 "hS(i\252\272\026\267M\366\303<퉥
 \215iE\247\207", len=20) at ../src/or/circuitlist.c:1141
 #1  0x00007fa9d5325c75 in circuit_get_rendezvous (
     cookie=cookie at entry=0x7fff48e60aa0 "hS(i\252\272\026\267M\366\303<퉥
 \215iE\247\207") at ../src/or/circuitlist.c:1155
 #2  0x00007fa9d52cf1f3 in rend_mid_establish_rendezvous
 (circ=0x7fa9dbf37890,
     request=request at entry=0x7fff48e60aa0 "hS(i\252\272\026\267M\366\303<퉥
 \215iE\247\207", request_len=request_len at entry=20)
     at ../src/or/rendmid.c:238
 #3  0x00007fa9d52ce87c in rend_process_relay_cell
 (circ=circ at entry=0x7fa9dbf37890, layer_hint=layer_hint at entry=0x0,
 command=33,
     length=20, payload=payload at entry=0x7fff48e60aa0
 "hS(i\252\272\026\267M\366\303<퉥\215iE\247\207")
     at ../src/or/rendcommon.c:1440
 #4  0x00007fa9d52c5e7a in connection_edge_process_relay_cell
 (cell=cell at entry=0x7fff48e60a90, circ=circ at entry=0x7fa9dbf37890,
     conn=conn at entry=0x0, layer_hint=layer_hint at entry=0x0) at
 ../src/or/relay.c:1578
 #5  0x00007fa9d52c7a71 in circuit_receive_relay_cell
 (cell=cell at entry=0x7fff48e60a90, circ=circ at entry=0x7fa9dbf37890,
     cell_direction=cell_direction at entry=CELL_DIRECTION_OUT) at
 ../src/or/relay.c:212
 #6  0x00007fa9d533770c in command_process_relay_cell (chan=0x7fa9de927520,
 cell=0x7fff48e60a90) at ../src/or/command.c:465
 #7  command_process_cell (chan=0x7fa9de927520, cell=0x7fff48e60a90) at
 ../src/or/command.c:149
 #8  0x00007fa9d5318a1b in channel_tls_handle_cell
 (cell=cell at entry=0x7fff48e60a90, conn=conn at entry=0x7fa9dcf0a4d0)
     at ../src/or/channeltls.c:923
 #9  0x00007fa9d5358c57 in connection_or_process_cells_from_inbuf
 (conn=0x7fa9dcf0a4d0) at ../src/or/connection_or.c:1972
 #10 0x00007fa9d535bef2 in connection_or_process_inbuf
 (conn=conn at entry=0x7fa9dcf0a4d0) at ../src/or/connection_or.c:483
 #11 0x00007fa9d53474c5 in connection_process_inbuf
 (conn=conn at entry=0x7fa9dcf0a4d0, package_partial=package_partial at entry=1)
     at ../src/or/connection.c:4001
 #12 0x00007fa9d534d65d in connection_handle_read_impl
 (conn=0x7fa9dcf0a4d0) at ../src/or/connection.c:2839
 #13 connection_handle_read (conn=conn at entry=0x7fa9dcf0a4d0) at
 ../src/or/connection.c:2880
 #14 0x00007fa9d52a9061 in conn_read_callback (fd=<optimized out>,
 event=<optimized out>, _conn=0x7fa9dcf0a4d0)
     at ../src/or/main.c:718
 #15 0x00007fa9d4923ccc in event_base_loop () from /usr/lib/x86_64-linux-
 gnu/libevent-2.0.so.5
 #16 0x00007fa9d52a99f5 in do_main_loop () at ../src/or/main.c:1992
 #17 0x00007fa9d52ab1de in tor_main (argc=4, argv=0x7fff48e611d8) at
 ../src/or/main.c:2708
 #18 0x00007fa9d3b12995 in __libc_start_main () from /lib/x86_64-linux-
 gnu/libc.so.6
 #19 0x00007fa9d52a5abb in _start ()
 }}}

 If anyone can give me pointers on how to use valgrind, I will try that.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9754#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list