silc-server 1.1.2 crashes after server connection to backup router

Stuart Henderson stu at spacehopper.org
Sat Apr 5 13:39:51 CEST 2008 

I have two OpenBSD/sparc64 machines, one running as a backup router
and the other as a server. Another server added a new connection
to the backup router when the primary router failed, at this point
the backup router segfaulted, and my server died with a bus error,
the other servers on the network also crashed. I have backtraces
from my router+server but not the others.

(as a separate but related note, after this happened the backup
router was unable to startup since the primary router was down).


>> from the backup router:

Core was generated by `silcd'.
Program terminated with signal 11, Segmentation fault.
tReading symbols from /usr/local/lib/libiconv.so.4.0...done.
Loaded symbols for /usr/local/lib/libiconv.so.4.0
Reading symbols from /usr/lib/libpthread.so.9.0...
done.
Loaded symbols for /usr/lib/libpthread.so.9.0
Reading symbols from /usr/lib/libc.so.43.0...done.
Loaded symbols for /usr/lib/libc.so.43.0
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0  _atomic_lock (lock=0x73696c635f7365c2 <Address 0x73696c635f7365c2 out of bounds>) at /usr/src/lib/libpthread/arch/sparc64/_atomic_lock.c:36
36      /usr/src/lib/libpthread/arch/sparc64/_atomic_lock.c: No such file or directory.
        in /usr/src/lib/libpthread/arch/sparc64/_atomic_lock.c
(gdb) bt full
#0  _atomic_lock (lock=0x73696c635f7365c2 <Address 0x73696c635f7365c2 out of bounds>) at /usr/src/lib/libpthread/arch/sparc64/_atomic_lock.c:36
        old = 0 '\0'
#1  0x000000004aaeb618 in _spinlock_debug (lck=0x73696c635f7365c2, fname=0x4abee9f0 "/usr/src/lib/libpthread/uthread/uthread_mutex.c", lineno=445)
    at /usr/src/lib/libpthread/uthread/uthread_spinlock.c:90
        curthread = (struct pthread *) 0x45ae2000
        cnt = 1
#2  0x000000004aae7888 in mutex_lock_common (mutex=0x4ce3f6b0) at /usr/src/lib/libpthread/uthread/uthread_mutex.c:445
        curthread = (struct pthread *) 0x45ae2000
        ret = 0
#3  0x000000004aae7c7c in pthread_mutex_lock (mutex=0x4ce3f6b0) at /usr/src/lib/libpthread/uthread/uthread_mutex.c:675
        ret = 22
#4  0x000000000018b4fc in silc_mutex_lock (mutex=0x4ce3f6b0) at silcunixthread.c:147
No locals.
#5  0x00000000001785e4 in silc_packet_send_raw (stream=0x45b04000, type=1 '\001', flags=0 '\0', src_id_type=1, src_id=0x4d6c9660 "4ilc_server_", src_id_len=8, 
    dst_id_type=1, dst_id=0x4ce3feb0 "Á\v^dÂ\002", dst_id_len=8, data=0x4d6c9660 "4ilc_server_", data_len=1, cipher=0x0, hmac=0x0) at silcpacket.c:1614
        tmppad = "î×fž.ãÒ\226.ï7ò\237N\214Ê#ã¿\021K3\023\216", 'ÿ' <repeats 13 times>, "þW1ªj\225Î\nÏ5\232ÿÿÿÿÿþ_\020\000\000\000\000\0003\023p\000\000\000\000\0003\023p\000\000\000\000\0003\023\215\000\000\000\000\0003\023p", '\0' <repeats 12 times>, "Gðž\026\000\000\000\000\000\000\000\001", '\0' <repeats 11 times>, "4\000\000\000"
        iv = "\000\000\000\000\000\000\000\026\000\000\000\000\000\207b \000\000\000\000\000\207b \000\000\000\000\000\030º\b÷"
        psn = "\000\000\000"
        block_len = 0
        i = 21
        enclen = 48
        truelen = 27
        padlen = 21
        ivlen = 0
        psnlen = 0
        ctr = 0 '\0'
        packet = {head = 0xb "", data = 0x8 "", tail = 0xfffffffffffe57a1 "", end = 0xaa6a95ce0acdf00a <Address 0xaa6a95ce0acdf00a out of bounds>}
#6  0x0000000000178bb8 in silc_packet_send (stream=0x45b04000, type=1 '\001', flags=0 '\0', data=0x4d6c9660 "4ilc_server_", data_len=1) at silcpacket.c:1690
        ret = 135 '\207'
#7  0x000000000017907c in silc_packet_send_va (stream=0x45b04000, type=1 '\001', flags=0 '\0') at silcpacket.c:1759
        buf = {head = 0x4d6c9660 "4ilc_server_", data = 0x4d6c9660 "4ilc_server_", tail = 0x4d6c9661 "ilc_server_", end = 0x4d6c9661 "ilc_server_"}
        ret = 48 '0'
        va = 0xfffffffffffe61f8
#8  0x0000000000120318 in silc_server_disconnect_remote (server=0x4f8a0400, sock=0x45b04000, status=52 '4') at server.c:2908
        buf = '\0' <repeats 31 times>, "\001", '\0' <repeats 12 times>, "C\017\220", '\0' <repeats 30 times>, "\207d\207\000\000\000\000\000\000\000\001ÿÿÿÿÿþb`\000\000\000\000\000\000\006\030\000\000\000\000\000G*š", '\0' <repeats 12 times>, "C÷ÚÀ\000\000\000\000\00044\230\000\000\000\000\00045\210\000\000\000\000\000\000\004\023\000\000\000\000AÛ?`\000\000\000\000F\a$\000\000\000\000\000\b\000\000\000ÿÿÿÿÿþ[±ªj\225Î\nËô\006\000\000\000\000AÛ?`\000\000\000\000\00045\210", '\0' <repeats 93 times>, "G10\000\000\000\000\000G10\000\000\000\000\000G10÷ßÌ' ¯í\\"...
        ap = 0xfffffffffffe6510
        cp = 0x0
#9  0x0000000000129fe0 in silc_server_accept_completed (ske=0x4f8a0a00, status=SILC_SKE_STATUS_TIMEOUT, prop=0x0, keymat=0x0, rekey=0x0, context=0x45b04000)
    at server.c:2523
        sock = 0x45b04000
        entry = 0x41ba5300
        idata = 0x41ba5300
        server = 0x4f8a0400
        connauth = 0x41db3f60
        send_key = 0x4f8a0a00
        receive_key = 0x4f8a0a00
        hmac_send = 0x442ae000
        hmac_receive = 0x4aff1dc0
        hash = 0x0
        pk = (unsigned char *) 0x472aa8 ""
        pk_len = 1560
#10 0x00000000001f8614 in silc_ske_completion (ske=0x4f8a0a00) at silcske.c:966
No locals.
#11 0x00000000001f0db4 in silc_ske_st_responder_failure (fsm=0x4f8a0ac8, fsm_context=0x4f8a0a00, state_context=0x0) at silcske.c:2380
        ske = 0x4f8a0a00
        error = 1
#12 0x00000000001a59ac in silc_fsm_run (schedule=0x442ae000, app_context=0x4f8a0400, type=0, fd=0, context=0x4f8a0ac8) at silcfsm.c:429
        fsm = 0x4f8a0ac8
        status = SILC_FSM_ST_CONTINUE
#13 0x00000000001a5440 in silc_fsm_continue_sync (fsm=0x4f8a0ac8) at silcfsm.c:309
        f = 0x4f8a0ac8
#14 0x00000000001eb688 in silc_ske_timeout (schedule=0x442ae000, app_context=0x4f8a0400, type=SILC_TASK_EXPIRE, fd=0, context=0x4f8a0a00) at silcske.c:1000
        ske = 0x4f8a0a00
#15 0x000000000198da8 in silc_schedule_dispatch_timeout (schedule=0x442ae000, dispatch_all=0 '\0') at silcschedule.c:114
        t = 0x41e59040
        task = 0x41e59040
        curtime = {tv_sec = 1206958102, tv_usec = 373290}
        count = 0
#16 0x000000000019silc_schedule_iterate (schedule=0x442ae000, timeout_usecs=-1) at silcschedule.c:449
        timeout = {tv_sec = -585524958110683812, tv_usec = 1329390400}
        ret = 0
#17 0x00000000001965dc in silc_schedule (schedule=0x442ae000) at silcschedule.c:499
 locals.
#18 0x000000000011d630 in silc_server_run (server=0x4f8a0400) at server.c:1187
No locals.
#19 0x000000000010dc5c in main (argc=3, argv=0xfffffffffffe7338) at silcd.c:753
        ret = 1
        opt = -1
        option_index = 1060104
        foreground = 1 '\001'
        opt_create_keypair = 0 '\0'
        silcd_config_file = 0x50278020 "/etc/silcd/silcd.conf"
        sa = {__sigaction_u = {__sa_handler = 0x1, __sa_sigaction = 0x1}, sa_mask = 0, sa_flags = 0}


>> from the server:

Core was generated by `silcd'.
Program terminated with signal 10, Bus error.
Reading symbols from /usr/local/lib/libiconv.so.4.0...done.
Loaded symbols for /usr/local/lib/libiconv.so.4.0
Reading symbols from /usr/lib/libpthread.so.10.0...done.
Loaded symbols for /usr/lib/libpthread.so.10.0
Reading symbols from /usr/lib/libc.so.44.0...done.
Loaded symbols for /usr/lib/libc.so.44.0
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0  0x00000000001a3404 in silc_stream_write (stream=0x49b23a80, data=0x49b20500 "", data_len=48) at silcstream.c:37
37        return h->ops->write(stream, data, data_len);
(gdb) bt
#0  0x00000000001a3404 in silc_stream_write (stream=0x49b23a80, data=0x49b20500 "", data_len=48) at silcstream.c:37
#1  0x000000000017d3cc in silc_packet_stream_write (ps=0x465bec00, no_unlock=0 '\0') at silcpacket.c:250
#2  0x0000000000178c24 in silc_packet_send (stream=0x465bec00, type=1 '\001', flags=0 '\0', data=0x447f56c0 "495.95.187.146", data_len=1) at silcpacket.c:1702
#3  0x00000000001790bc in silc_packet_send_va (stream=0x465bec00, type=1 '\001', flags=0 '\0') at silcpacket.c:1759
#4  0x0000000000120358 in silc_server_disconnect_remote (server=0x42d4e000, sock=0x465bec00, status=52 '4') at server.c:2908
#5  0x00000000001298dc in silc_server_ke_completed (ske=0x46751000, status=SILC_SKE_STATUS_TIMEOUT, prop=0x0, keymat=0x0, rekey=0x0, context=0x465bec00)
    at server.c:1598
#6  0x00000000001f8654 in silc_ske_completion (ske=0x46751000) at silcske.c:966
#7  0x00000000001ee7c0 in silc_ske_st_initiator_failure (fsm=0x467510c8, fsm_context=0x46751000, state_context=0x0) at silcske.c:1800
#8  0x00000000001a59ec in silc_fsm_run (schedule=0x45ffe900, app_context=0x42d4e000, type=0, fd=0, context=0x467510c8) at silcfsm.c:429
#9  0x00000000001a5480 in silc_fsm_continue_sync (fsm=0x467510c8) at silcfsm.c:309
#10 0x00000000001eb6c8 in silc_ske_timeout (schedule=0x45ffe900, app_context=0x42d4e000, type=SILC_TASK_EXPIRE, fd=0, context=0x46751000) at silcske.c:1000
#11 0x0000000000198de8 in silc_schedule_dispatch_timeout (schedule=0x45ffe900, dispatch_all=0 '\0') at silcschedule.c:114
#12 0x0000000000199290 in silc_schedule_iterate (schedule=0x45ffe900, timeout_usecs=-1) at silcschedule.c:449
#13 0x000000000019661c in silc_schedule (schedule=0x45ffe900) at silcschedule.c:499
#14 0x000000000011d670 in silc_server_run (server=0x42d4e000) at server.c:1187
#15 0x000000000010dc9c in main (argc=2, argv=0xfffffffffffce008) at silcd.c:753
(gdb) bt
#0  0x00000000001a3404 in silc_stream_write (stream=0x49b23a80, data=0x49b20500 "", data_len=48) at silcstream.c:37
#1  0x000000000017d3cc in silc_packet_stream_write (ps=0x465bec00, no_unlock=0 '\0') at silcpacket.c:250
#2  0x0000000000178c24 in silc_packet_send (stream=0x465bec00, type=1 '\001', flags=0 '\0', data=0x447f56c0 "495.95.187.146", data_len=1) at silcpacket.c:1702
#3  0x00000000001790bc in silc_packet_send_va (stream=0x465bec00, type=1 '\001', flags=0 '\0') at silcpacket.c:1759
#4  0x0000000000120358 in silc_server_disconnect_remote (server=0x42d4e000, sock=0x465bec00, status=52 '4') at server.c:2908
#5  0x00000000001298dc in silc_server_ke_completed (ske=0x46751000, status=SILC_SKE_STATUS_TIMEOUT, prop=0x0, keymat=0x0, rekey=0x0, context=0x465bec00)
    at server.c:1598
#6  0x00000000001f8654 in silc_ske_completion (ske=0x46751000) at silcske.c:966
#7  0x00000000001ee7c0 in silc_ske_st_initiator_failure (fsm=0x467510c8, fsm_context=0x46751000, state_context=0x0) at silcske.c:1800
#8  0x00000000001a59ec in silc_fsm_run (schedule=0x45ffe900, app_context=0x42d4e000, type=0, fd=0, context=0x467510c8) at silcfsm.c:429
#9  0x00000000001a5480 in silc_fsm_continue_sync (fsm=0x467510c8) at silcfsm.c:309
#10 0x00000000001eb6c8 in silc_ske_timeout (schedule=0x45ffe900, app_context=0x42d4e000, type=SILC_TASK_EXPIRE, fd=0, context=0x46751000) at silcske.c:1000
#11 0x0000000000198de8 in silc_schedule_dispatch_timeout (schedule=0x45ffe900, dispatch_all=0 '\0') at silcschedule.c:114
#12 0x0000000000199290 in silc_schedule_iterate (schedule=0x45ffe900, timeout_usecs=-1) at silcschedule.c:449
#13 0x000000000019661c in silc_schedule (schedule=0x45ffe900) at silcschedule.c:499
#14 0x000000000011d670 in silc_server_run (server=0x42d4e000) at server.c:1187
#15 0x000000000010dc9c in main (argc=2, argv=0xfffffffffffce008) at silcd.c:753
(gdb) bt full
#0  0x00000000001a3404 in silc_stream_write (stream=0x49b23a80, data=0x49b20500 "", data_len=48) at silcstream.c:37
        h = 0x49b23a80
#1  0x000000000017d3cc in silc_packet_stream_write (ps=0x465bec00, no_unlock=0 '\0') at silcpacket.c:250
        stream = 0x49b23a80
        connected = 167 '§'
        i = 970282388
#2  0x0000000000178c24 in silc_packet_send (stream=0x465bec00, type=1 '\001', flags=0 '\0', data=0x447f56c0 "495.95.187.146", data_len=1) at silcpacket.c:1702
        ret = 1 '\001'
#3  0x00000000001790bc in silc_packet_send_va (stream=0x465bec00, type=1 '\001', flags=0 '\0') at silcpacket.c:1759
        buf = {head = 0x447f56c0 "495.95.187.146", data = 0x447f56c0 "495.95.187.146", tail = 0x447f56c1 "95.95.187.146", end = 0x447f56c1 "95.95.187.146"}
        ret = 0 '\0'
        va = 0xfffffffffffccea8
#4  0x0000000000120358 in silc_server_disconnect_remote (server=0x42d4e000, sock=0x465bec00, status=52 '4') at server.c:2908
        buf = '\0' <repeats 76 times>, "CÃ¥@r\000\000\000\000\000\000\000\001ÿÿÿÿÿüÏ0\000\000\000\000\000\000\006\030\000\000\000\000\000G*è", '\0' <repeats 12 times>, "L Û\000\000\000\000\000\00044Ø\000\000\000\000\00045È\000\000\000\000\000\000\004\023\000\000\000\000EÃ
' \000\000\000\000I²:\200\000\000\000\000\000\000\000\000ÿÿÿÿÿüÈaWmà\021\033ì4j\000\000\000\000EÃ
' ", '\0' <repeats 117 times>, "G1p9ÕU\224t\035-§", '\0' <repeats 15 times>, "\020", '\0' <repeats 12 times>, "F\201š", '\0' <repeats 15 times>, "\004\000ÿÿÿÿÿüÐ@\000\000\000"...
        ap = 0xfffffff8, fsm_context=0x46751000, state_context=0x0) at silcske.c:1800
        ske = 0x46751000
        error = 1
#8  0x00000000001a59ec in silc_fsm_run (schedule=0x45ffe900, app_context=0x42d4e000, type=0, fd=0, context=0x467510c8) at silcfsm.c:429
        fsm = 0x467510c8
        status = SILC_FSM_ST_CONTINUE
#9  0x00000000001a5480 in silc_fsm_continue_sync (fsm=0x467510c8) at silcfsm.c:309
        f = 0x467510c8
#10 0x00000000001eb6c8 in silc_ske_timeout (schedule=0x45ffe900, app_context=0x42d4e000, type=SILC_TASK_EXPIRE, fd=0, context=0x46751000) at silcske.c:1000
        ske = 0x46751000
#11 0x0000000000198de8 in silc_schedule_dispatch_timeout (schedule=0x45ffe900, dispatch_all=0 '\0') at silcschedule.c:114
        t = 0x4834c880
        task = 0x4834c880
        curtime = {tv_sec = 1206958387, tv_usec = 500304}
        count = 0
#12 0x0000000000199290 in silc_schedule_iterate (schedule=0x45ffe900, timeout_usecs=-1) at silcschedule.c:449
        timeout = {tv_sec = 4167331126292852135, tv_usec = 1211417152}
        ret = 0
#13 0x000000000019661c in silc_schedule (schedule=0x45ffe900) at silcschedule.c:499
No locals.
#14 0x000000000011d670 in silc_server_run (server=0x42d4e000) at server.c:1187
No locals.
#15 0x000000000010dc9c in main (argc=2, argv=0xfffffffffffce008) at silcd.c:753
        ret = 1
        opt = -1
        option_index = 1060152
        foreground = 1 '\001'
        opt_create_keypair = 0 '\0'
        silcd_config_file = 0x45f30000 "/etc/silcd/silcd.conf"
        sa = {__sigaction_u = {__sa_handler = 0x1, __sa_sigaction = 0x1}, sa_mask = 0, sa_flags = 0}

More information about the silc-devel mailing list