Opened 12 years ago

Last modified 7 years ago

#429 closed defect (Fixed)

routerlist.c:1565: signed_descriptor_get_body: Assertion !memcmp("router ", r, 7) || !memcmp("extra-

Reported by: weasel Owned by:
Priority: High Milestone:
Component: Core Tor/Tor Version: 0.2.0.0-alpha-dev
Severity: Keywords:
Cc: weasel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

May 19 12:56:05.449 [notice] We now have enough directory information to build circuits.

May 19 12:56:34.620 [err] Bug: routerlist.c:1565: signed_descriptor_get_body: Assertion !memcmp("router ", r, 7)
!memcmp("extra-info ", r, 11) failed; aborting.

on r10217

the bt:
#0 0xffffe410 in kernel_vsyscall ()
#1 0xb7c99885 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7c9b002 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x080abc44 in signed_descriptor_get_body (desc=0x6) at routerlist.c:1572
#4 0x080a9799 in router_rebuild_store (force=0, extrainfo=157592432) at routerlist.c:404
#5 0x080aea0d in router_load_extrainfo_from_string (s=0xd64a7e8 "", saved_location=20, requested_fingerprints=0x86eead8) at routerlist.c:2673
#6 0x08082e81 in connection_dir_client_reached_eof (conn=0x884bec0) at directory.c:1251
#7 0x08083e6f in connection_dir_reached_eof (conn=0x884bec0) at directory.c:1400
#8 0x0806b68c in connection_handle_read (conn=0x884bec0) at connection.c:1604
#9 0x08093089 in conn_read_callback (fd=40, event=2, _conn=0x884bec0) at main.c:482
#10 0xb7eebc79 in event_base_priority_init () from /usr/lib/libevent-1.1a.so.1
#11 0xb7eebf65 in event_base_loop () from /usr/lib/libevent-1.1a.so.1
#12 0xb7eebdcb in event_loop () from /usr/lib/libevent-1.1a.so.1
#13 0x08094cf3 in do_main_loop () at main.c:1365
#14 0x08095d9d in tor_main (argc=0, argv=0x0) at main.c:2592
#15 0x080be9cb in main (argc=0, argv=0x0) at tor_main.c:28

however, the state looks quite broken:
(at #3)
(gdb) p desc
$3 = (signed_descriptor_t *) 0x6
(gdb) p len
$4 = 0
(gdb) p r

$5 = 0x80f7d60 "!memcmp(\"router \", r, 7)
!memcmp(\"extra-info \", r, 11)"

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (7)

comment:1 Changed 12 years ago by arma

on moria2 just now

#0 0x0000002a95e43545 in raise () from /lib/libc.so.6
#1 0x0000002a95e44cce in abort () from /lib/libc.so.6
#2 0x0000000000456d8d in signed_descriptor_get_body (desc=0x51b3)

at routerlist.c:1572

#3 0x0000000000454b14 in router_rebuild_store (force=20915,

extrainfo=12138880) at routerlist.c:404

#4 0x000000000045967a in router_load_extrainfo_from_string (s=0x722120 "",

saved_location=SAVED_NOWHERE, requested_fingerprints=0x1244560)
at routerlist.c:2673

#5 0x000000000043437c in connection_dir_client_reached_eof (conn=0x34ca8d0)

at directory.c:1251

#6 0x000000000043501e in connection_dir_reached_eof (conn=0x34ca8d0)

at directory.c:1400

#7 0x0000000000420446 in connection_handle_read (conn=0x34ca8d0)

at connection.c:1604

#8 0x0000000000441f23 in conn_read_callback (fd=20915, event=20915, _conn=0x6)

at main.c:482

#9 0x0000002a9578482d in event_base_priority_init ()

from /usr/lib/libevent-1.1a.so.1

#10 0x0000002a95784a72 in event_base_loop () from /usr/lib/libevent-1.1a.so.1
#11 0x0000002a957848e5 in event_loop () from /usr/lib/libevent-1.1a.so.1
#12 0x0000000000443841 in do_main_loop () at main.c:1365
#13 0x000000000044456a in tor_main (argc=20915, argv=0x51b3) at main.c:2592
#14 0x0000002a95e31441 in libc_start_main () from /lib/libc.so.6
#15 0x00000000004062ea in _start () at ../sysdeps/x86_64/elf/start.S:96

(gdb) up
#3 0x0000000000454b14 in router_rebuild_store (force=20915,

extrainfo=12138880) at routerlist.c:404

404 }
(gdb) print desc
No symbol "desc" in current context.
(gdb) down
#2 0x0000000000456d8d in signed_descriptor_get_body (desc=0x51b3)

at routerlist.c:1572

1572 }
(gdb) print desc
$1 = (signed_descriptor_t *) 0x51b3
(gdb) print r
$2 = 0x51b3 <Address 0x51b3 out of bounds>

comment:2 Changed 12 years ago by nickm

I still got this one on r10224, and not even on an authority. Here's peacetime:

May 19 23:37:18.302 [info] connection_dir_client_reached_eof(): Received 11/11 r
outers requested from 140.247.60.64:80
May 19 23:37:18.305 [info] connection_dir_client_reached_eof(): Received extra s
erver info (size 15247) from server '194.109.206.212:80'
May 19 23:37:18.307 [info] router_load_routers_from_string(): 7 elements to add
May 19 23:37:18.376 [info] connection_dir_client_reached_eof(): Received 7/7 rou
ters requested from 194.109.206.212:80
May 19 23:37:18.509 [info] connection_dir_client_reached_eof(): Received server
info (size 2356) from server '86.59.21.38:80'
May 19 23:37:18.509 [info] router_load_extrainfo_from_string(): 1 elements to ad
d
May 19 23:37:18.604 [info] router_rebuild_store(): Rebuilding Extra-info cache
May 19 23:37:18.735 [err] Bug: routerlist.c:1567: signed_descriptor_get_body: As

sertion !memcmp("router ", r, 7)
!memcmp("extra-info ", r, 11) failed; aborti

ng.

#2 0x0000000000456d4d in signed_descriptor_get_body (desc=0x38f9)

at routerlist.c:1574

#3 0x0000000000454ad4 in router_rebuild_store (force=14585,

extrainfo=18115136) at routerlist.c:406

#4 0x000000000045979a in router_load_extrainfo_from_string (s=0x1262a94 "",

saved_location=SAVED_IN_CACHE, requested_fingerprints=0x1d79d30)
at routerlist.c:2707

#5 0x000000000043437c in connection_dir_client_reached_eof (conn=0x2195bf0)

at directory.c:1251

#6 0x000000000043501e in connection_dir_reached_eof (conn=0x2195bf0)

at directory.c:1400

#7 0x0000000000420446 in connection_handle_read (conn=0x2195bf0)

at connection.c:1604

#8 0x0000000000441ee3 in conn_read_callback (fd=14585, event=14585, _conn=0x6)

at main.c:482

#9 0x0000002a9578482d in event_base_priority_init ()

from /usr/lib/libevent-1.1a.so.1

comment:3 Changed 12 years ago by nickm

Oh, *duh*. I see what this is. Hang on.

comment:4 Changed 12 years ago by arma

moria1 and moria2 just seg faulted in unison (running r10226)

moria1:

May 21 00:33:07.578 [notice] Rejected router descriptor from 86.59.21.38.
May 21 00:38:04.785 [err] descriptor at 0xf4a9b0 begins with unexpected string 698,91546388,89596514,92057600,92072524,92042676,92065528,919509

May 21 00:38:04.850 [err] Bug: routerlist.c:1581: signed_descriptor_get_body: Assertion !memcmp("router ", r, 7) routerlist.c:1581 signed_descriptor_get_body: Assertion !memcmp("router ", r, 7)
!memcmp("extra-info ", r, 11) failed; aborting.
!memcmp("extra-info ", r, 11) failed; aborting.

#0 0x0000002a95e43545 in raise () from /lib/libc.so.6
#1 0x0000002a95e44cce in abort () from /lib/libc.so.6
#2 0x0000000000456d6f in signed_descriptor_get_body (desc=0xf4a9b0)

at routerlist.c:1588

#3 0x0000000000454af6 in router_rebuild_store (force=24623,

extrainfo=16034224) at routerlist.c:409

#4 0x00000000004597ea in router_load_extrainfo_from_string (s=0x85e39f8 "",

saved_location=SAVED_IN_CACHE, requested_fingerprints=0x1170ce0)
at routerlist.c:2721

#5 0x000000000043437c in connection_dir_client_reached_eof (conn=0xda4400)

at directory.c:1251

#6 0x000000000043501e in connection_dir_reached_eof (conn=0xda4400)

at directory.c:1400

#7 0x0000000000420446 in connection_handle_read (conn=0xda4400)

at connection.c:1604

#8 0x0000000000441ee3 in conn_read_callback (fd=24623, event=24623, _conn=0x6)

at main.c:482

#9 0x0000002a9578482d in event_base_priority_init ()

from /usr/lib/libevent-1.1a.so.1

#10 0x0000002a95784a72 in event_base_loop () from /usr/lib/libevent-1.1a.so.1
#11 0x0000002a957848e5 in event_loop () from /usr/lib/libevent-1.1a.so.1
#12 0x0000000000443801 in do_main_loop () at main.c:1365
#13 0x000000000044452a in tor_main (argc=24623, argv=0x602f) at main.c:2592

(gdb) print *desc
$1 = {signed_descriptor_body = 0x0, signed_descriptor_len = 2124,

signed_descriptor_digest = "E𖝢裡òÔ«pjÌ𖠼𖠯ëÁÃQëòç",
identity_digest = "ÿ𖠲E𖝤m´IÚ𖡆𖡉𖝢Zê𖞃𖝴á𖡌p𖠽f",
published_on = 1179573898, extra_info_digest = 'Θ' ,
ei_dl_status = {next_attempt_at = 0, n_download_failures = 0 'Θ'},
saved_location = SAVED_IN_CACHE, saved_offset = 2203, do_not_cache = 0,
is_extrainfo = 1}

#3 0x0000000000454af6 in router_rebuild_store (force=24623,

extrainfo=16034224) at routerlist.c:409

409 }

moria2:

May 21 00:33:07.588 [notice] Rejected router descriptor from 86.59.21.38.
May 21 00:34:04.082 [err] descriptor at 0x114abd0 begins with unexpected string 7740800,25969664,24700928,27143168,23386112,31435776,37380096,31

May 21 00:34:04.108 [err] Bug: routerlist.c:1581: signed_descriptor_get_body: Assertion !memcmp("router ", r, 7) routerlist.c:1581 signed_descriptor_get_body: Assertion !memcmp("router ", r, 7)
!memcmp("extra-info ", r, 11) failed; aborting.
!memcmp("extra-info ", r, 11) failed; aborting.

#0 0x0000002a95e43545 in raise () from /lib/libc.so.6
#1 0x0000002a95e44cce in abort () from /lib/libc.so.6
#2 0x0000000000456d6f in signed_descriptor_get_body (desc=0x114abd0)

at routerlist.c:1588

#3 0x0000000000454af6 in router_rebuild_store (force=24616,

extrainfo=18131920) at routerlist.c:409

#4 0x00000000004597ea in router_load_extrainfo_from_string (s=0xab26d0 "",

saved_location=SAVED_NOWHERE, requested_fingerprints=0x589aae0)
at routerlist.c:2721

#5 0x000000000043437c in connection_dir_client_reached_eof (conn=0xf211d0)

at directory.c:1251

#6 0x000000000043501e in connection_dir_reached_eof (conn=0xf211d0)

at directory.c:1400

#7 0x0000000000420446 in connection_handle_read (conn=0xf211d0)

at connection.c:1604

#8 0x0000000000441ee3 in conn_read_callback (fd=24616, event=24616, _conn=0x6)

at main.c:482

#9 0x0000002a9578482d in event_base_priority_init ()

from /usr/lib/libevent-1.1a.so.1

#10 0x0000002a95784a72 in event_base_loop () from /usr/lib/libevent-1.1a.so.1
#11 0x0000002a957848e5 in event_loop () from /usr/lib/libevent-1.1a.so.1
#12 0x0000000000443801 in do_main_loop () at main.c:1365
#13 0x000000000044452a in tor_main (argc=24616, argv=0x6028) at main.c:2592

(gdb) print *desc
$1 = {signed_descriptor_body = 0x0, signed_descriptor_len = 2022,

signed_descriptor_digest = "½ð·Ë𖠫󠬱𖠭ý *𖝾¡𖝿𖞅bV4ðD",
identity_digest = "ÿËFÛ󠪯Ú𖠬gLp×ËXd4Ä7𖝤A",
published_on = 1179641428, extra_info_digest = 'Θ' ,
ei_dl_status = {next_attempt_at = 0, n_download_failures = 0 'Θ'},
saved_location = SAVED_IN_CACHE, saved_offset = 917, do_not_cache = 0,
is_extrainfo = 1}

#3 0x0000000000454af6 in router_rebuild_store (force=24616,

extrainfo=18131920) at routerlist.c:409

409 }

Funny how 'force' got clobbered similarly in each case.

comment:5 Changed 12 years ago by weasel

and tor26 running r10226:

May 21 13:53:34.192 [err] descriptor at 0xb6b3e08 begins with unexpected string 920 16289
onion-key


MIGJAoGBAM6y0

May 21 13:53:34.192 [err] Bug: routerlist.c:1581: signed_descriptor_get_body: Assertion !memcmp("router ", r, 7)
!memcmp("extra-info ", r, 11) failed; aborting.

(gdb) bt
#0 0xffffe410 in kernel_vsyscall ()
#1 0xb7cb2885 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7cb4002 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0x080b6d5d in signed_descriptor_get_body (desc=0xb6b3e08) at routerlist.c:1581
#4 0x080b3fe6 in router_rebuild_store (force=0, extrainfo=1) at routerlist.c:378
#5 0x080b9f8a in router_load_extrainfo_from_string (s=0x9b45b90 "", saved_location=SAVED_NOWHERE, requested_fingerprints=0xf77d738) at routerlist.c:2721
#6 0x080892f0 in connection_dir_client_reached_eof (conn=0x92b3d30) at directory.c:1251
#7 0x08089a05 in connection_dir_reached_eof (conn=0x92b3d30) at directory.c:1400
#8 0x0807094f in connection_reached_eof (conn=0x92b3d30) at connection.c:2493
#9 0x0806ea1b in connection_handle_read (conn=0x92b3d30) at connection.c:1604
#10 0x0809aeb1 in conn_read_callback (fd=1126, event=2, _conn=0x92b3d30) at main.c:482
#11 0xb7f04c79 in event_base_priority_init () from /usr/lib/libevent-1.1a.so.1
#12 0xb7f04f65 in event_base_loop () from /usr/lib/libevent-1.1a.so.1
#13 0xb7f04dcb in event_loop () from /usr/lib/libevent-1.1a.so.1
#14 0x0809caef in do_main_loop () at main.c:1365
#15 0x0809dd6d in tor_main (argc=1, argv=0xbfff8ef4) at main.c:2592

(gdb) up
#3 0x080b6d5d in signed_descriptor_get_body (desc=0xb6b3e08) at routerlist.c:1581

1581 tor_assert(!memcmp("router ", r, 7)
!memcmp("extra-info ", r, 11));

(gdb) p *desc
$3 = {signed_descriptor_body = 0x0, signed_descriptor_len = 2409, signed_descriptor_digest = "^w\024\006Ì<\225ÿ\224»äGýª+(]\021Ãí",

identity_digest = "\204{\037\205\003D×\207d\221¥H\222ù\004\223NN¸]", published_on = 1179609157, extra_info_digest = '\0' <repeats 19 times>, ei_dl_status = {

next_attempt_at = 0, n_download_failures = 0 '\0'}, saved_location = SAVED_IN_CACHE, saved_offset = 2447, do_not_cache = 0, is_extrainfo = 1}

(gdb) up
#4 0x080b3fe6 in router_rebuild_store (force=0, extrainfo=1) at routerlist.c:378
378 SMARTLIST_FOREACH(signed_descriptors, signed_descriptor_t *, sd,
(gdb) p offset
$4 = 4856

comment:6 Changed 12 years ago by weasel

flyspray2trac: bug closed.
hopefully r10233 closed this for good

comment:7 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.