Opened 13 years ago

Last modified 7 years ago

#276 closed defect (Works for me)

assertion crash on OpenBSD

Reported by: jcs Owned by:
Priority: High Milestone:
Component: Core Tor/Tor Version: 0.1.0.17
Severity: Keywords:
Cc: jcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

running tor 0.1.0.17 as an exit node on OpenBSD 3.8 (i386). has crashed
quite a few times, can't seem to stay running for more than a day or so.
can't easily reproduce crash other than to let it run for a while.

(running in gdb)

Program received signal SIGPIPE, Broken pipe.

Program received signal SIGPIPE, Broken pipe.

Program received signal SIGPIPE, Broken pipe.
buffers.c:1054 assert_buf_ok: Assertion u32 == START_MAGIC failed; aborting.
buffers.c:1054 assert_buf_ok: Assertion u32 == START_MAGIC failed; aborting.
buffers.c:1054 assert_buf_ok: Assertion u32 == START_MAGIC failed; aborting.
tor: (0xd0caf465)tor in free(): error: free_pages: pointer to wrong page

tor in free(): error: ifree: junk pointer, too high to make sense

Program received signal SIGABRT, Aborted.
0x06c0a559 in kill () from /usr/lib/libc.so.38.2
(gdb) bt
#0 0x06c0a559 in kill () from /usr/lib/libc.so.38.2
#1 0x06c46463 in abort () from /usr/lib/libc.so.38.2
#2 0x1c0061a0 in assert_buf_ok (buf=0x7d02b020) at buffers.c:1054
#3 0x1c01b79b in assert_connection_ok (conn=0x7c39c800, now=1143187904)

at connection.c:1721

#4 0x1c033ea5 in conn_read_callback (fd=74, event=2, _conn=0x7c39c800)

at main.c:351

#5 0x1c05d070 in event_base_priority_init ()
#6 0x1c05d26a in event_base_loop ()
#7 0x1c05d108 in event_loop ()
#8 0x1c05d091 in event_dispatch ()
#9 0x1c035264 in do_main_loop () at main.c:953
#10 0x1c035f52 in tor_main (argc=3, argv=0xcfbca3dc) at main.c:1620
#11 0x1c04c3fa in main (argc=3, argv=0xcfbca3dc) at tor_main.c:19

[Automatically added by flyspray2trac: Operating System: BSD]

Child Tickets

Change History (13)

comment:1 Changed 13 years ago by jcs

another crash

circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
circuitlist.c:203 circuit_free: Assertion circ->magic == CIRCUIT_MAGIC failed; a
borting.
crypto.c:1082 crypto_cipher_encrypt: Assertion env failed; aborting.

Program received signal SIGABRT, Aborted.
0x0b869559 in kill () from /usr/lib/libc.so.38.2
(gdb) where
#0 0x0b869559 in kill () from /usr/lib/libc.so.38.2
#1 0x0b8a5463 in abort () from /usr/lib/libc.so.38.2
#2 0x1c0568ec in crypto_cipher_encrypt (env=0x0,

to=0xcfbea010 "[binary data snipped]"...,
from=0xcfbea323 "[binary data snipped]"...,
fromlen=509) at crypto.c:1082

#3 0x1c0370f3 in relay_crypt_one_payload (cipher=0x0,

in=0xcfbea323 "[binary data snipped]"...,
encrypt_mode=1) at relay.c:111

#4 0x1c037a4e in relay_crypt (circ=0x7f7efe00, cell=0xcfbea320,

cell_direction=1, layer_hint=0xcfbea2b0, recognized=0xcfbea2af "")
at relay.c:258

#5 0x1c037338 in circuit_receive_relay_cell (cell=0xcfbea320,

circ=0x7f7efe00, cell_direction=1) at relay.c:142

#6 0x1c011136 in command_process_relay_cell (cell=0xcfbea320, conn=0x7c1b8300)

at command.c:286

#7 0x1c010a4b in command_process_cell (cell=0xcfbea320, conn=0x7c1b8300)

at command.c:129

#8 0x1c022ddb in connection_or_process_cells_from_inbuf (conn=0x7c1b8300)

at connection_or.c:630

#9 0x1c0215d9 in connection_or_process_inbuf (conn=0x7c1b8300)

at connection_or.c:120

#10 0x1c01b0ed in connection_process_inbuf (conn=0x7c1b8300, package_partial=1)

at connection.c:1599

#11 0x1c019bc0 in connection_handle_read (conn=0x7c1b8300) at connection.c:1036
#12 0x1c033eb3 in conn_read_callback (fd=29, event=2, _conn=0x7c1b8300)

at main.c:353

#13 0x1c05d070 in event_base_priority_init ()
#14 0x1c05d26a in event_base_loop ()
#15 0x1c05d108 in event_loop ()
#16 0x1c05d091 in event_dispatch ()
#17 0x1c035264 in do_main_loop () at main.c:953
#18 0x1c035f52 in tor_main (argc=3, argv=0xcfbea92c) at main.c:1620
#19 0x1c04c3fa in main (argc=3, argv=0xcfbea92c) at tor_main.c:19
(gdb)

comment:2 Changed 13 years ago by arma

Exciting. Does this happen to you using the latest 0.1.1.x release candidate also?

comment:3 Changed 13 years ago by jcs

running v0.1.1.16-rc under gdb now, will post with any updates

comment:4 Changed 13 years ago by jcs

no problems since monday with 0.1.1.16, running 0.1.1.17-rc now

comment:5 Changed 13 years ago by jcs

took a lot longer, but it crashed with 1.1.17

Program received signal SIGPIPE, Broken pipe.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.

Program received signal SIGABRT, Aborted.
0x0d720559 in kill () from /usr/lib/libc.so.38.2
(gdb) buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
(gdb) where
#0 0x0d720559 in kill () from /usr/lib/libc.so.38.2
#1 0x0d75c463 in abort () from /usr/lib/libc.so.38.2
#2 0x1c00645d in assert_buf_ok (buf=0x0) at buffers.c:1297
#3 0x1c01af53 in assert_connection_ok (conn=0x7f25a700, now=1143855092) at connection.c:2035
#4 0x1c03329b in conn_read_callback (fd=181, event=2, _conn=0x7f25a700) at main.c:403
#5 0x1c05aa0c in event_base_priority_init ()
#6 0x1c05ac06 in event_base_loop ()
#7 0x1c05aaa4 in event_loop ()
#8 0x1c05aa2d in event_dispatch ()
#9 0x1c034580 in do_main_loop () at main.c:1179
#10 0x1c03519d in tor_main (argc=3, argv=0xcfbe4038) at main.c:2153
#11 0x1c04c987 in main (argc=3, argv=0xcfbe4038) at tor_main.c:22

comment:6 Changed 13 years ago by jcs

another crash

circuitlist.c:109 circuit_set_circid_orconn: Assertion old_conn->magic == CONNECTION_MAGIC failed; aborting.
circuitlist.c:109 circuit_set_circid_orconn: Assertion old_conn->magic == CONNECTION_MAGIC failed; aborting.
circuitlist.c:109 circuit_set_circid_orconn: Assertion old_conn->magic == CONNECTION_MAGIC failed; aborting.
circuitlist.c:109 circuit_set_circid_orconn: Assertion old_conn->magic == CONNECTION_MAGIC failed; aborting.
circuitlist.c:109 circuit_set_circid_orconn: Assertion old_conn->magic == CONNECTION_MAGIC failed; aborting.
circuitlist.c:109 circuit_set_circid_orconn: Assertion old_conn->magic == CONNECTION_MAGIC failed; aborting.
circuitlist.c:109 circuit_set_circid_orconn: Assertion old_conn->magic == CONNECTION_MAGIC failed; aborting.
connection.c:2019 assert_connection_ok: Assertion conn->magic == CONNECTION_MAGIC failed; aborting.
circuitlist.c:109 circuit_set_circid_orconn: Assertion old_conn->magic == CONNECTION_MAGIC failed; aborting.

Program received signal SIGABRT, Aborted.
0x0bd40559 in kill () from /usr/lib/libc.so.38.2
(gdb) where
#0 0x0bd40559 in kill () from /usr/lib/libc.so.38.2
#1 0x0bd7c463 in abort () from /usr/lib/libc.so.38.2
#2 0x1c01a590 in assert_connection_ok (conn=0x7d1e4100, now=1144458708)

at connection.c:2146

#3 0x1c03329b in conn_read_callback (fd=44, event=2, _conn=0x7d1e4100)

at main.c:403

#4 0x1c05aa0c in event_base_priority_init ()
#5 0x1c05ac06 in event_base_loop ()
#6 0x1c05aaa4 in event_loop ()
#7 0x1c05aa2d in event_dispatch ()
#8 0x1c034580 in do_main_loop () at main.c:1179
#9 0x1c03519d in tor_main (argc=1, argv=0xcfbf88c0) at main.c:2153
#10 0x1c04c987 in main (argc=1, argv=0xcfbf88c0) at tor_main.c:22
(gdb)

comment:7 Changed 13 years ago by jcs

another day another crash

Program received signal SIGPIPE, Broken pipe.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.

Program received signal SIGPIPE, Broken pipe.
buffers.c:1294 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.

Program received signal SIGABRT, Aborted.
0x0f538559 in kill () from /usr/lib/libc.so.38.2
(gdb) where
#0 0x0f538559 in kill () from /usr/lib/libc.so.38.2
#1 0x0f574463 in abort () from /usr/lib/libc.so.38.2
#2 0x1c00645d in assert_buf_ok (buf=0x0) at buffers.c:1297
#3 0x1c01af5c in assert_connection_ok (conn=0x80495a00, now=1144695022)

at connection.c:2036

#4 0x1c03329b in conn_read_callback (fd=245, event=2, _conn=0x80495a00)

at main.c:403

#5 0x1c05aa0c in event_base_priority_init ()
#6 0x1c05ac06 in event_base_loop ()
#7 0x1c05aaa4 in event_loop ()
#8 0x1c05aa2d in event_dispatch ()
#9 0x1c034580 in do_main_loop () at main.c:1179
#10 0x1c03519d in tor_main (argc=1, argv=0xcfbbed24) at main.c:2153
#11 0x1c04c987 in main (argc=1, argv=0xcfbbed24) at tor_main.c:22

comment:8 Changed 13 years ago by jcs

Program received signal SIGPIPE, Broken pipe.
dns.c:181 purge_expired_resolves: Assertion pend->conn->s == -1 failed; aborting.

Program received signal SIGABRT, Aborted.
0x04eae559 in kill () from /usr/lib/libc.so.38.2
(gdb) where
#0 0x04eae559 in kill () from /usr/lib/libc.so.38.2
#1 0x04eea463 in abort () from /usr/lib/libc.so.38.2
#2 0x1c02f337 in purge_expired_resolves (now=1145300234) at dns.c:168
#3 0x1c02f642 in dns_resolve (exitconn=0x86a98000) at dns.c:286
#4 0x1c01df19 in connection_exit_begin_conn (cell=0x86a98000, circ=0x7c78db00)

at connection_edge.c:1604

#5 0x1c038676 in connection_edge_process_relay_cell (cell=0xcfbed5f0,

circ=0x7c78db00, conn=0x0, layer_hint=0x0) at relay.c:902

#6 0x1c0372f0 in circuit_receive_relay_cell (cell=0xcfbed5f0,

circ=0x7c78db00, cell_direction=2) at relay.c:169

#7 0x1c00fd12 in command_process_relay_cell (cell=0xcfbed5f0, conn=0x7fe59300)

at command.c:320

#8 0x1c01ffa0 in connection_or_process_cells_from_inbuf (conn=0x7fe59300)

at connection_or.c:792

#9 0x1c018fa3 in connection_handle_read (conn=0x7fe59300) at connection.c:1230
#10 0x1c03359f in conn_read_callback (fd=150, event=2, _conn=0x7fe59300)

at main.c:405

#11 0x1c05af08 in event_base_priority_init ()
#12 0x1c05b102 in event_base_loop ()
#13 0x1c05afa0 in event_loop ()
#14 0x1c05af29 in event_dispatch ()
#15 0x1c03487c in do_main_loop () at main.c:1179
#16 0x1c035499 in tor_main (argc=1, argv=0xcfbedbb4) at main.c:2153
#17 0x1c04ce83 in main (argc=1, argv=0xcfbedbb4) at tor_main.c:22

comment:9 Changed 13 years ago by jcs

buffers.c:1302 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1302 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1302 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1302 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1302 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1302 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.
buffers.c:1302 assert_buf_ok: Assertion u32 == END_MAGIC failed; aborting.

Program received signal SIGSEGV, Segmentation fault.
circuit_expire_building (now=1145496949) at circuituse.c:192

192 if (!CIRCUIT_IS_ORIGIN(victim)
/* didn't originate here */

(gdb) where
#0 circuit_expire_building (now=1145496949) at circuituse.c:192
#1 0x1c033fb0 in run_scheduled_events (now=1145496949) at main.c:888
#2 0x1c034494 in second_elapsed_callback (fd=-1, event=1, args=0x0)

at main.c:1019

#3 0x1c05af08 in event_base_priority_init ()
#4 0x1c05b102 in event_base_loop ()
#5 0x1c05afa0 in event_loop ()
#6 0x1c05af29 in event_dispatch ()
#7 0x1c03487c in do_main_loop () at main.c:1179
#8 0x1c035499 in tor_main (argc=1, argv=0xcfbe6e38) at main.c:2153
#9 0x1c04ce83 in main (argc=1, argv=0xcfbe6e38) at tor_main.c:22

comment:10 Changed 13 years ago by thalunil

hi joshua.

i am running 0.1.1.21 on OpenBSD 3.9 now and it runs quite smooth and cannot "reproduce" this
stability problem.
do you, 3 months later, still have this kind of problem?

comment:11 Changed 13 years ago by jcs

no, tor is quite stable now on openbsd. this bug can be closed, i believe.

comment:12 Changed 13 years ago by arma

flyspray2trac: bug closed.
Perhaps this was an openbsd
3.8 bug. Or flaky hardware. Or
something. Closing for now.

comment:13 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.