Opened 5 weeks ago

Closed 4 weeks ago

#31696 closed defect (fixed)

Assertion failure in map-anon.c:218

Reported by: gk Owned by: nickm
Priority: High Milestone: Tor: 0.4.1.x-final
Component: Core Tor/Tor Version: Tor: 0.4.1.5
Severity: Normal Keywords: regression, crash, 041-regression, BugSmashFund, 042-must, 041-backport
Cc: Actual Points: .1
Parent ID: Points: .1
Reviewer: ahf Sponsor:

Description (last modified by gk)

We got a bug report for tor 0.4.1.5 on x86_64 14.2 Slackware system on the blog (https://blog.torproject.org/comment/283980#comment-283980):

Raw assertion failed at src/lib/malloc/map_anon.c:218:
noinherit_result == tor-browser_en-US/Browser/TorBrowser/Tor/tor(dump_stack_symbols_to_error_fds+0x33)
[0x55ff75f58743] tor-browser_en-US/Browser/TorBrowser/Tor/tor(tor_raw_assertion_failed_msg_+0x86)
[0x55ff75f58e26] tor-browser_en-US/Browser/TorBrowser/Tor/tor(tor_mmap_anonymous+0xca)
[0x55ff75f57f3a] tor-browser_en-US/Browser/TorBrowser/Tor/tor(crypto_fast_rng_new_from_seed+0x35)
[0x55ff75f009f5] tor-browser_en-US/Browser/TorBrowser/Tor/tor(crypto_fast_rng_new+0x2b)
[0x55ff75f00a9b] tor-browser_en-US/Browser/TorBrowser/Tor/tor(get_thread_fast_rng+0x45)
[0x55ff75f00c35] tor-browser_en-US/Browser/TorBrowser/Tor/tor(circuit_reset_sendme_randomness+0x21)[0x55ff75e02fb1] tor-browser_en-US/Browser/TorBrowser/Tor/tor(+0x8342b)
[0x55ff75dd142b] tor-browser_en-US/Browser/TorBrowser/Tor/tor(origin_circuit_new+0x8f)
[0x55ff75dd3aef] tor-browser_en-US/Browser/TorBrowser/Tor/tor(origin_circuit_init+0x22)
[0x55ff75dcceb2] tor-browser_en-US/Browser/TorBrowser/Tor/tor(circuit_establish_circuit+0x37)[0x55ff75dcf877] tor-browser_en-US/Browser/TorBrowser/Tor/tor(circuit_launch_by_extend_info+0x9c)[0x55ff75de6b2c] tor-browser_en-US/Browser/TorBrowser/Tor/tor(+0x99859)
[0x55ff75de7859] tor-browser_en-US/Browser/TorBrowser/Tor/tor(connection_ap_handshake_attach_circuit+0x321)
[0x55ff75de8251] tor-browser_en-US/Browser/TorBrowser/Tor/tor(connection_ap_attach_pending+0x1b0)[0x55ff75dec6b0] ./TorBrowser/Tor/libevent-2.1.so.6(+0x22395)
[0x7fdac04cc395] ./TorBrowser/Tor/libevent-2.1.so.6(event_base_loop+0x55f)
[0x7fdac04ccc6f] tor-browser_en-US/Browser/TorBrowser/Tor/tor(do_main_loop+0xe5)
[0x55ff75dbce95] tor-browser_en-US/Browser/TorBrowser/Tor/tor(tor_run_main+0x1225)
[0x55ff75daa8d5] tor-browser_en-US/Browser/TorBrowser/Tor/tor(tor_main+0x3a)
[0x55ff75da7d5a] tor-browser_en-US/Browser/TorBrowser/Tor/tor(main+0x19)
[0x55ff75da78b9] /lib64/libc.so.6(__libc_start_main+0xf0)
[0x7fdabf6497d0] tor-browser_en-US/Browser/TorBrowser/Tor/tor(+0x59909)
[0x55ff75da7909]

0.4.0.5 worked fine on that system.

Child Tickets

Change History (12)

comment:1 Changed 5 weeks ago by gk

Description: modified (diff)

comment:2 Changed 5 weeks ago by nickm

Keywords: regression crash 041-regression BugSmashFund added
Owner: set to nickm
Points: .1
Priority: MediumHigh
Status: newaccepted

comment:3 Changed 5 weeks ago by nickm

Reviewer: ahf

This appears to be similar to, but not the same as, #31570. I'll take this too, since I worked on that one. I'll set ahf as reviewer.

comment:4 Changed 5 weeks ago by nickm

Actual Points: .1

Branch at bug31696_041 ; PR at https://github.com/torproject/tor/pull/1318 .

I'll put this in needs_review once CI has passed.

comment:5 Changed 5 weeks ago by nickm

Keywords: 042-must added

comment:6 Changed 5 weeks ago by nickm

Status: acceptedneeds_review

CI has passed.

comment:7 Changed 5 weeks ago by ahf

Status: needs_reviewmerge_ready

Looks good. Again, unable to reproduce locally.

comment:8 Changed 5 weeks ago by nickm

Keywords: dgoulet-merge added

comment:9 Changed 4 weeks ago by teor

Keywords: 041-backport added
Milestone: Tor: 0.4.1.x-finalTor: 0.4.2.x-final

comment:10 Changed 4 weeks ago by nickm

Keywords: asn-merge added; dgoulet-merge removed

Setting two tickets to asn-merge, since dgoulet is on vacation.

comment:11 Changed 4 weeks ago by asn

Keywords: asn-merge removed
Milestone: Tor: 0.4.2.x-finalTor: 0.4.1.x-final

Merged! LEaving open for backports.

comment:12 Changed 4 weeks ago by nickm

Resolution: fixed
Status: merge_readyclosed

Merged to 0.4.1.

Note: See TracTickets for help on using tickets.