Abort crash in libcrypto malloc during onion handshake
Occurred after ~15 hours of uptime on an x86_64 box. I keep all cores archived, so if you have requests for me to run against the core, let me know.
""" GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"...
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /usr/lib/libevent-1.3e.so.1...done.
Loaded symbols for /usr/lib/libevent-1.3e.so.1
Reading symbols from /lib/libssl.so.0.9.8...done.
Loaded symbols for /lib/libssl.so.0.9.8
Reading symbols from /lib/libcrypto.so.0.9.8...done.
Loaded symbols for /lib/libcrypto.so.0.9.8
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/ld-linux-x86-64.so.2...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnss_nis.so.2...done.
Loaded symbols for /lib/libnss_nis.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_mdns4_minimal.so.2...done.
Loaded symbols for /lib/libnss_mdns4_minimal.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Core was generated by `/usr/sbin/tor'.
Program terminated with signal 6, Aborted.
[New process 3611]
[New process 19395]
[New process 3612]
[New process 3614]
[New process 3613]
#0 0x00007fd0ea7cbfb5 in raise () from /lib/libc.so.6
(gdb) bt
#0 0x00007fd0ea7cbfb5 in raise () from /lib/libc.so.6
#1 0x00007fd0ea7cdbc3 in abort () from /lib/libc.so.6
legacy/trac#2 (closed) 0x00007fd0ea80b228 in ?? () from /lib/libc.so.6
legacy/trac#3 (closed) 0x00007fd0ea811b2c in ?? () from /lib/libc.so.6
legacy/trac#4 (closed) 0x00007fd0ea8138f1 in ?? () from /lib/libc.so.6
legacy/trac#5 (closed) 0x00007fd0ea815828 in malloc () from /lib/libc.so.6
legacy/trac#6 (closed) 0x00007fd0eaf91f33 in CRYPTO_malloc () from /lib/libcrypto.so.0.9.8
legacy/trac#7 (closed) 0x00007fd0eafbc18f in BN_mod_exp_mont_consttime () from /lib/libcrypto.so.0.9.8
legacy/trac#8 (closed) 0x00007fd0eafd8925 in ?? () from /lib/libcrypto.so.0.9.8
legacy/trac#9 (closed) 0x00007fd0eafd92ab in ?? () from /lib/libcrypto.so.0.9.8
legacy/trac#10 (closed) 0x00000000004b1786 in crypto_pk_private_decrypt (env=, to=, from=0x8 <Address 0x8 out of bounds>,
fromlen=518, padding=, warnOnFailure=0) at crypto.c:762
legacy/trac#11 (closed) 0x00000000004b2a7e in crypto_pk_private_hybrid_decrypt (env=0x16207c0, to=0x7fd0e9633c30 "",
from=0x7fd0e9633e70 "s\214\235½aNàÇå¯\030\adlf\233\021\206\+\035\203{h ëÈâ\203AÉ®?\225Ï¢éôA\232ÙREC¨ÿÚÜí>¨\003\226ÚÔCd0¢1\211ûÎMÖ\213W\t¿WB\223põ\024Ï3>è:rÆ\036\234.\233Á(2C3É,,\224ìÅ&.\\237ÝÑ\017I\r/⸺\207\032\225\002\205á_}0\206o\005JÊÆ\216\234Ò]÷ÿ\231Ïß¡¾çWz\223\213\215j®\026ÐY<ç/µ<½\037âón¨\026ôÚfZBc4\031\b\221±ál\217Ùõ8Ç}\032ägæÂ{*", fromlen=186, padding=60002, warnOnFailure=0) at crypto.c:989
legacy/trac#12 (closed) 0x0000000000466b85 in onion_skin_server_handshake (
onion_skin=0x7fd0e9633e70 "s\214\235½aNàÇå¯\030\adlf\233\021\206\+\035\203{h ëÈâ\203AÉ®?\225Ï¢éôA\232ÙREC¨ÿÚÜí>¨\003\226ÚÔCd0¢1\211ûÎMÖ\213W\t¿WB\223põ\024Ï3>è:rÆ\036\234.\233Á(2C3É,,\224ìÅ&.\\237ÝÑ\017I\r/⸺\207\032\225\002\205á_}0\206o\005JÊÆ\216\234Ò]÷ÿ\231Ïß¡¾çWz\223\213\215j®\026ÐY<ç/µ<½\037âón¨\026ôÚfZBc4\031\b\221±ál\217Ùõ8Ç}\032ägæÂ{", private_key=0x16207c0, prev_private_key=0x0,
handshake_reply_out=0x7fd0e9633f30 "å\002õ\006(Gf.%1|cÛL? IÜ\204g\031\036Å\016½\217\234µå9\215uEàCʨ¾Íá©xð\201)\f\233Ó\020ÃÎ\037¶\0041Z",
key_out=0x7fd0e9633fd0 "ãJ(v|ÈßBdð-3v\005QÛ\202±\211\022\205J&\0247öI\233\027G¥\034ƶÇ\022,#ÆïDJþ®,\vRú\217ûU\005$s>=MtßWßõò²ú\022\217:ÍHú",
key_out_len=72) at onion.c:232
legacy/trac#13 (closed) 0x000000000044062a in cpuworker_main (data=) at cpuworker.c:273
legacy/trac#14 (closed) 0x00000000004a6ab5 in tor_pthread_helper_fn (_data=0x1620220) at compat.c:1694
legacy/trac#15 (closed) 0x00007fd0ead163ba in start_thread () from /lib/libpthread.so.0
legacy/trac#16 (closed) 0x00007fd0ea87efcd in clone () from /lib/libc.so.6
legacy/trac#17 (closed) 0x0000000000000000 in ?? ()
"""
[Automatically added by flyspray2trac: Operating System: Other Linux]
Trac:
Username: neoeinstein