[tor-bugs] #18930 [Core Tor/Tor]: Segmentation fault: entry->parsed->intro_nodes

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 29 10:42:12 UTC 2016 

#18930: Segmentation fault: entry->parsed->intro_nodes
---------------------------+------------------------------------
 Reporter:  juha           |          Owner:
     Type:  defect         |         Status:  new
 Priority:  Medium         |      Milestone:  Tor: 0.2.8.x-final
Component:  Core Tor/Tor   |        Version:  Tor: 0.2.7.6
 Severity:  Critical       |     Resolution:
 Keywords:  tor2web crash  |  Actual Points:
Parent ID:                 |         Points:  small
 Reviewer:                 |        Sponsor:
---------------------------+------------------------------------
Changes (by teor):

 * cc: dgoulet (added)
 * keywords:  tor2web => tor2web crash
 * points:   => small
 * severity:  Normal => Critical
 * milestone:   => Tor: 0.2.8.x-final


Comment:

 '''Further Information'''

 The line numbers in your backtrace don't seem to be the same as the line
 numbers I have for 0.2.7.6. I'm going to assume they're wrong, and work
 off the code listings.

 It might help to provide the last few entries from an info-level or debug-
 level log.

 `query=0x5555568ea1f0 "oahmssjdnck7ntzx") at src/or/rendclient.c:1217`
 The hidden service in question is oahmssjdnck7ntzx.onion, it appears to be
 down.
 (I've attached a stem script to fetch its descriptor, it says:
 `stem.DescriptorUnavailable: No running hidden service at
 oahmssjdnck7ntzx.onion`.)

 Can you tell us if it's always the same hidden service causing the crash?

 '''Analysis'''

 The calls in this backtrace were removed in 0.2.8.2-alpha by dgoulet to
 fix #15937, a bug where tor over-enthusiastically cancelled connections if
 too many requests happened for the same hidden services in a short period
 of time.

 This bug could cause all sorts of problems for busy tor2web instances
 connecting to busy hidden services. I can't see any obvious issues in the
 code, but I'd like others to have a look at:
 * rend_client_refetch_v2_renddesc (0.2.7.6)
 * rend_client_desc_trynow
 * rend_cache_lookup_entry
 * I wouldn't bother looking in detail at
 rend_client_any_intro_points_usable, as it crashes on the first line that
 tries to use a corrupt or NULL entry.

 I wonder if you've found a race condition or something?

 '''Suggested Solutions'''

 You could try applying that patch from #15937 and see if it fixes your
 issue.
 You could also try running 0.2.8.2-alpha, it should work for Tor2web, but
 it's still a little unstable.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18930#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list