Opened 11 years ago

Last modified 7 years ago

#845 closed defect (Fixed)

Tor crash on ppc64 with bad descriptors

Reported by: coderman Owned by:
Priority: High Milestone:
Component: Core Tor/Tor Version: 0.2.1.5-alpha
Severity: Keywords:
Cc: coderman, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor 0.2.1.6-alpha on ppc64 (PS3 Ubuntu) fails assert reliably with a bad descriptor found in http://peertech.org/files/save-bad-cached-files-tor-ppc64-crash.tgz

The failed assert is:
[err] Bug: policies.c:1266: addr_policy_free: Assertion p == found->policy failed; aborting.

The Tor instance attempts to remove a canonical policy returned by the hash table HT_REMOVE.

The policy to find is (i added some additional debugging info to help troubleshoot):
debug_policy(): Policy data for 0x101f2d88:
HASH: 1105958104
IsPrivate: 0
addr: 190.21.106.7
mask: 32
prt_min: 1
prt_max: 65535
type: 2

The matched policy shouldn't match, but does return:
debug_policy(): Policy data for 0x1027bb68:
HASH: 2801726591
IsPrivate: 0
addr: 89.2.10.96
mask: 32
prt_min: 1
prt_max: 65535
type: 2

The assert fails because the search policy does not match the found policy in addr_policy_free.

The policy at address 0x1027bb68 is for router "router Unnamed 221.207.2.77 443 0 9030" in the cached files.
The policy at address 0x101f2d88 is for router "router utumno 98.100.128.152 9001 0 0".

I can attempt to assist further if necessary. This does not appear to be a problem on x86 for the same alpha version.

[Automatically added by flyspray2trac: Operating System: Other Linux]

Child Tickets

Change History (6)

comment:1 Changed 11 years ago by nickm

Strange! Do the policies match under cmp_single_exit_policy? They shouldn't, but if they do, that might be the bug.

Also, it seems these two addresses differ only in their address. Could it be that tor_addr_compare_masked() is wrong?

Also also, I've checked in a possible fix. There was a negative shift in address comparison, which is apparently
bad practice in C. Let me know if trunk fixes this for you?

comment:2 Changed 11 years ago by nickm

This may be the same as bug 811.

comment:3 Changed 11 years ago by nickm

I've modified trunk to give a more useful error message before it dies. Can you let me know what it says?

comment:4 Changed 11 years ago by coderman

This is fixed in the latest 17188 rev from tor-svn.freehaven.net. It seems svn.torproject.org is out of date and I was using an older revision (17139 from 2008-10-21).

comment:5 Changed 11 years ago by coderman

flyspray2trac: bug closed.
This is confirmed fixed in revision 17188.

comment:6 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.