segfault after backup->master recovery

Fri Apr 11 03:29:02 CEST 2008

this is from my server (not router) running 1.1.2 plus the "Fixed packet
stream destroy crashes when closing connections" diff from git, on openbsd
sparc64. Starts connected to router and backup router, then the router
shuts down to load new code. Backup router takes over, main router comes
back and crashes at reconnect:

[Fri Apr 11 01:52:25 2008] [Info] Disconnected by xxx.xx.28.2 (xxx-backup-router):  (0) Server is shutting down
[Fri Apr 11 01:52:25 2008] [Info] New primary router is backup router xxx.xx.187.146
[Fri Apr 11 01:52:27 2008] [Info] Closing connection xxx-backup-router:706 [] 
[...clients connect...]
[Fri Apr 11 01:52:48 2008] [Info] Starting backup resuming protocol
[Fri Apr 11 01:52:48 2008] [Info] Connecting to the router xxx.xx.28.2 on port 706
<boom>

Core was generated by `silcd'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libiconv.so.4.0...done.
Loaded symbols for /usr/local/lib/libiconv.so.4.0
Reading symbols from /usr/lib/libpthread.so.10.0...done.
Loaded symbols for /usr/lib/libpthread.so.10.0
Reading symbols from /usr/lib/libc.so.44.0...done.
Loaded symbols for /usr/lib/libc.so.44.0
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0  0x0000000000178648 in silc_packet_send_raw (stream=0x4c91dc00, 
    type=12 '\f', flags=0 '\0', src_id_type=0, src_id=0x0, src_id_len=0, 
    dst_id_type=0, dst_id=0x0, dst_id_len=0, data=0x447ade00 "", data_len=34, 
    cipher=0x0, hmac=0x0) at silcpacket.c:1611
1611      for (i = 0; i < padlen; i++) tmppad[i] =
(gdb) bt full 
#0  0x0000000000178648 in silc_packet_send_raw (stream=0x4c91dc00, 
    type=12 '\f', flags=0 '\0', src_id_type=0, src_id=0x0, src_id_len=0, 
    dst_id_type=0, dst_id=0x0, dst_id_len=0, data=0x447ade00 "", data_len=34, 
    cipher=0x0, hmac=0x0) at silcpacket.c:1611
        tmppad = "\000\000\000\000F/x\000\000\000\000\000L6[\000\000\000\000\000\000\207e\020\000\000\000\000\0003« \000\000\000\000\000\000\000\001\000\000\000\000\000\000\0005\000\000\000\000\000\000\000\002\000\000\000\000\0003&xÿÿÿÿÿÿ\032á·\016+EU¡\207\000\000\000\000\000\207e\020\000\000\000\000\0003« \000\000\000\000\000\000\000\001\000\000\000\000ÿÿñðGþ¶n\000\000\001z\000\000\000\000Bf À"
        iv = "\000\000\000\000\000\000\000\035\000\000\000\000I&¹à\000\000\000\000\0003\000Ý\000\000\000\000\000\000\000\001"
        psn = "\000\000\000"
        block_len = 0
        i = 0
        enclen = 64
        truelen = 44
        padlen = 20
        ivlen = 0
        psnlen = 0
        ctr = 0 '\0'
        packet = {head = 0x1d "", 
  data = 0x4926b9e0 "Sending COMMAND REPLY packet", tail = 0x3300dd "", 
  end = 0x1 ""}
#1  0x0000000000178c58 in silc_packet_send (stream=0x4c91dc00, type=12 '\f', 
    flags=0 '\0', data=0x447ade00 "", data_len=34) at silcpacket.c:1690
        ret = 112 'p'
#2  0x000000000012d928 in silc_server_packet_send (server=0x434b2000, 
    sock=0x4c91dc00, type=12 '\f', flags=0 '\0', data=0x447ade00 "", 
    data_len=34) at packet_send.c:49
        idata = 0x0
#3  0x0000000000132634 in silc_server_send_command_reply (server=0x434b2000, 
    sock=0x4c91dc00, command=26 '\032', status=0 '\0', error=0 '\0', 
    ident=3974, argc=2) at packet_send.c:1497
        packet = 0x4926ba40
        ap = 0xffffffffffff2658
#4  0x0000000000154b24 in silc_server_command_getkey (context=0x4266bb80, 
    context2=0x4266b900) at command.c:5146
        cmd = 0x4266bb80
        server = 0x434b2000
        client = 0x4f44d900
        server_entry = 0x4926b9e0
        client_id = {ip = {data = "Ã_»6", '\0' <repeats 11 times>, 
    data_len = 4 '\004'}, rnd = 47 '/', hash = "¨¡ïíÒ\211Ò'bÊ!"}
        server_id = {ip = {data = '\0' <repeats 15 times>, data_len = 255 'ÿ'}, 
  port = 65535, rnd = 65535}
        idp = 0x4a3c94f0
        ident = 3974
        tmp = (unsigned char *) 0x462f8120 ""
        tmp_len = 20
        pk = 0x0
        id_type = 2
        public_key = 0x0
#5  0x0000000000144860 in silc_server_command_pending_timeout (
    schedule=0x4c91cd00, app_context=0x434b2000, type=SILC_TASK_EXPIRE, fd=0, 
    context=0x4266bf40) at command.c:367
        server = 0x434b2000
        reply = (SilcServerCommandPending *) 0x4266bf40
        cmdr = 0x4266b900
        tmpreply = 0x4926b9e0
        i = 0
#6  0x0000000000198e48 in silc_schedule_dispatch_timeout (schedule=0x4c91cd00, 
    dispatch_all=0 '\0') at silcschedule.c:114
        t = 0x4266bc80
        task = 0x4266bc80
        curtime = {tv_sec = 1207875182, tv_usec = 376803}
        count = 0
#7  0x0000000000199594 in silc_schedule_select_timeout (schedule=0x4c91cd00)
    at silcschedule.c:159
        t = 0x4266bc80
        task = 0x4266bc80
        curtime = {tv_sec = 1207875182, tv_usec = 376614}
        dispatch = 1 '\001'
#8  0x0000000000199110 in silc_schedule_iterate (schedule=0x4c91cd00, 
    timeout_usecs=-1) at silcschedule.c:424
        timeout = {tv_sec = -7023322803194003151, tv_usec = 1114022784}
        ret = 1
#9  0x000000000019667c in silc_schedule (schedule=0x4c91cd00)
    at silcschedule.c:499
No locals.
#10 0x000000000011d670 in silc_server_run (server=0x434b2000) at server.c:1190
No locals.
#11 0x000000000010dc9c in main (argc=3, argv=0xffffffffffff3318) at silcd.c:753
        ret = 1
        opt = -1
        option_index = 1060152
        foreground = 1 '\001'
        opt_create_keypair = 0 '\0'
        silcd_config_file = 0x43622020 "/etc/silcd/silcd.conf"
        sa = {__sigaction_u = {__sa_handler = 0x1, __sa_sigaction = 0x1}, 
  sa_mask = 0, sa_flags = 0}