crashes

[zergvszerg]

Please answer these questions before submitting your issue. Thanks!

What version of shadowsocks-native are you using?

baaad92 (HEAD -> master, origin/master, origin/HEAD) minor issues

What operating system are you using?

Linux (on aarch64)

What did you do?

ssr-server

What did you expect to see?

ssr-server not crash due to an assertion blow

What did you see instead?

ssr-server crashed due to an assertion failure

What is your config in detail (with all sensitive info masked)?

The protocol is auth_chain_b, yet I saw auth_chain_a called in the coredump stacks

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x0000ffffb317ccb4 in __GI_abort () at abort.c:79
#2  0x0000ffffb3174560 in __assert_fail_base (fmt=0xffffb3273438 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x4b7fb8 "proto_confirm == ((void *)0)", file=file@entry=0x4b7d88 "/root/ssr-n/src/server/server.c", line=line@entry=1435,
    function=function@entry=0x4b8960 <__PRETTY_FUNCTION__.11802> "tunnel_extract_data") at assert.c:92
#3  0x0000ffffb31745dc in __GI___assert_fail (assertion=0x4b7fb8 "proto_confirm == ((void *)0)", file=0x4b7d88 "/root/ssr-n/src/server/server.c", line=1435, function=0x4b8960 <__PRETTY_FUNCTION__.11802> "tunnel_extract_data") at assert.c:101
#4  0x00000000004346fc in tunnel_extract_data (tunnel=0x5f5fb40, socket=0x5f59580, allocator=0x413e20 <malloc@plt>, size=0xffffee532750) at /root/ssr-n/src/server/server.c:1435
#5  0x0000000000433d24 in tunnel_server_streaming (tunnel=0x5f5fb40, socket=0x5f59580) at /root/ssr-n/src/server/server.c:1250
#6  0x0000000000431a8c in tunnel_dispatcher (tunnel=0x5f5fb40, socket=0x5f59580) at /root/ssr-n/src/server/server.c:546
#7  0x0000000000431b60 in tunnel_read_done (tunnel=0x5f5fb40, socket=0x5f59580) at /root/ssr-n/src/server/server.c:572
#8  0x0000000000430200 in tunnel_socket_ctx_on_read_cb (socket=0x5f59580, status=1158, buf=0xffffee532858, p=0x5f5fb40) at /root/ssr-n/src/tunnel.c:598
#9  0x000000000042f000 in uv_socket_read_done_cb (handle=0x5f59598, nread=1158, buf=0xffffee5329f0) at /root/ssr-n/src/tunnel.c:193
#10 0x000000000046755c in uv.read ()
#11 0x0000000000467868 in uv.stream_io ()
#12 0x000000000046e584 in uv.io_poll ()
#13 0x000000000045bdb8 in uv_run ()
#14 0x0000000000430df0 in ssr_server_run_loop (config=0x5f0c2b0, force_quit=false) at /root/ssr-n/src/server/server.c:283
#15 0x0000000000430afc in main (argc=4, argv=0xffffee536fb8) at /root/ssr-n/src/server/server.c:212
(gdb) f 4
#4  0x00000000004346fc in tunnel_extract_data (tunnel=0x5f5fb40, socket=0x5f59580, allocator=0x413e20 <malloc@plt>, size=0xffffee532750) at /root/ssr-n/src/server/server.c:1435
1435                    ASSERT(proto_confirm == NULL);
(gdb) p cipher_ctx->protocol->server_post_decrypt
$4 = (struct buffer_t *(*)(struct obfs_t *, struct buffer_t *, _Bool *)) 0x43bea4 <auth_chain_a_server_post_decrypt>
(gdb) p cipher_ctx->protocol [0]
$4 = {server_info = {host = '\000' <repeats 255 times>, port = 443, param = 0x3523e3e0 "", g_data = 0x3523f5b0, iv = '\000' <repeats 63 times>, iv_len = 0, recv_iv = '\000' <repeats 255 times>, recv_iv_len = 0, key = 0x3523f9c0 "u=g>\337\302U2\023\201\006D\003",
    key_len = 16, head_len = 36, tcp_mss = 1452, overhead = 9, buffer_size = 32759, cipher_env = 0x3523f9b0, config = 0x3523e2b0}, l_data = 0x35275970, generate_global_init_data = 0x43a458 <auth_chain_a_generate_global_init_data>,
  get_overhead = 0x43a5b8 <auth_chain_a_get_overhead>, need_feedback = 0x4443bc <need_feedback_true>, get_server_info = 0x4443fc <get_server_info>, set_server_info = 0x43cbac <auth_chain_b_set_server_info>, dispose = 0x43c81c <auth_chain_b_dispose>,
  audit_incoming_user = 0x4444fc <protocol_audit_incoming_user>, client_pre_encrypt = 0x43b64c <auth_chain_a_client_pre_encrypt>, client_post_decrypt = 0x43b890 <auth_chain_a_client_post_decrypt>, client_encode = 0x0, client_decode = 0x0,
  server_pre_encrypt = 0x43bd1c <auth_chain_a_server_pre_encrypt>, server_post_decrypt = 0x43bea4 <auth_chain_a_server_post_decrypt>, server_encode = 0x0, server_decode = 0x0}

[ssrlive]

Complete configuration file is needed.

[zergvszerg]

I forgot to mention that crashing won't happen every single time a proxy request is made, it just fills the disk with coredump files over time. The crashing pattern seemed to be at random. The configuration is as below,

{
    "password": "xxx",                // modified for obvious resion
    "method": "none",
    "protocol": "auth_chain_b",
    "protocol_param": "",
    "obfs": "tls1.2_ticket_auth", 
    "obfs_param": "",

    "udp": true,
    "idle_timeout": 90,
    "connect_timeout": 5,
    "udp_timeout": 4,

    "server_settings": {
        "listen_address": "0.0.0.0",
        "listen_port": 1080                      // modified for obvious reason, yet the port number is not filtered/occupied for sure
    },

    "client_settings": {
        "server": "12.34.56.78",
        "server_port": 12475,
        "listen_address": "0.0.0.0",
        "listen_port": 1080
    },

    "over_tls_settings": {
        "enable": false,
        "server_domain": "goodsitesample.com",
        "path": "/",
        "root_cert_file": ""
    }
}

[ssrlive]

I have test your settings with the following script, but I can't meet any crash.

#!/bin/bash

index=0
while(( ${index}<=500 )); do
  curl -x socks5h://localhost:1080 https://www.google.com.hk/
  curl -x socks5h://localhost:1080 https://www.baidu.com/

  let "index++"
done  

Can you provide some test web sites?

[ssrlive]

It looks like this lines

https://github.com/ShadowsocksR-Live/shadowsocksr-native/blob/9dc5740d72f4451fbf9067df93fe9054c840f18a/src/server/server.c#L1431-L1435

Can you make some condition breakpoints inside function auth_chain_a_server_post_decrypt to detect the error with gdb?

https://github.com/ShadowsocksR-Live/shadowsocksr-native/blob/43b48b0c72568978a3576f0dbb4ef13776b4077a/src/obfs/auth_chain.c#L874-L878