segmentation fault when setting "StrictNodes 1" in torrc

version 2.2.27-beta

When I set "StrictNodes 1" in torrc I get this:

May 23 22:56:15 test1 Tor[6418]: You have asked to exclude certain relays from all positions in your circuits. Expect hidden services and other Tor features to be broken in unpredictable ways. May 23 22:56:15 test1 kernel: [160149.317366] tor[6418]: segfault at 0 ip 0052c3d1 sp bfc1e1bc error 4 in libc-2.12.2.so[4b5000+184000]

After which tor dies! My machine is i686 (P2) using .35 version of the Linux kernel (tor is compiled/built from source).

Trac:
Username: mr-4

changed milestone to %Tor: 0.2.2.x-final

added component::core tor/tor milestone::Tor: 0.2.2.x-final priority::high reporter::mr-4 resolution::user disappeared status::closed tor-client type::defect version::tor 0.2.2.27-beta labels

Which other configuration options did you set? I'm mostly interested in the other *Nodes options. Feel free to leave out which nodes you're actually ignoring/using

Just the address of the segfault alone doesn't tell us much, and I'm not able to reproduce this myself. Can you get a stack trace?

Trac:
Priority: critical to major
Milestone: N/A to Tor: 0.2.2.x-final
Version: N/A to Tor: 0.2.2.27-beta

Hello? I'd like to fix this, but I can't do anything without more information.

IDK if my report can help , but I had a segfault too after adding a node to the ExcludeExitNodes list and then reloading tor :

tor[2207]: segfault at 0 ip b730fcc1 sp bfe020fc error 4 in libc-2.13.so[b729d000+153000]

• Tor 0.2.3.1-alpha-dev (git-cb7fff193e2749f2)
• openssl 1.0.0d
• libevent 2.0.10

tor self compiled with -O3 , --enable-openbsd-malloc , hardening flags , gcc version 4.6.1 20110521 (prerelease) (Debian 4.6.0-8) , debian sid x32

Trac:
Username: tornewbie

I still can't confirm this. Can you try to either get a stack trace or maybe compile with -O2?

Right; it's the stack trace that would be most helpful here. Would you like instructions for that?

Replying to nickm:

Right; it's the stack trace that would be most helpful here. Would you like instructions for that? Yes, please!

One thing I should also clarify, which I forgot to do when submitted this report - I added the two new options introduced recently: ControlSocketsGroupWritable 0 and StrictNodes 1 (these were absent before) then did "killall -HUP tor" - I did not stop and restart tor. When tor bailed out I did "rm -rf /var/lib/tor/* && service tor start" - all was OK then. Hope this helps!

Trac:
Username: mr-4

ok. So the idea is to make Tor produce a core dump file when it crashes, then use gdb to extract a stack trace from that core dump.

It's easiest to get a core dump if you're not running it as a service: if you can this crash from the command line, that'll be easiest. To get a core dump, run "ulimit -c unlimited" in bash before you start Tor. (That's "unlimit coredumpsize" if you use tcsh.) Then after Tor crashes, it should produce a core file. Don't send us the core file -- it has keys and sensitive data in it. Just run "gdb TOR CORE" where TOR is the path to your Tor executable, and CORE is a path to the core file. gdb will load the core. To get a stack trace, say "bt". gdb will print a back trace. Copy this verbatim into the bug report.

The problem is, Nick, I am running tor on a low-end machine, which has no dev tools of any kind installed (it is part of my dmz) and has hardened kernel and other such tools - I do not normally run tor outside dmz.

What I could do, though, is install the debug package of tor (instead of the "normal" package) - would that be of any help to you?

Trac:
Username: mr-4

I've just tried to reproduce this again by doing exactly the same thing I did when I first got this error, but I can't (tried doing this 4 times) - tor reloads normally. I haven't changed anything on that system since then. I don't know what to suggest really!

Trac:
Username: mr-4

Replying to mr-4:

The problem is, Nick, I am running tor on a low-end machine, which has no dev tools of any kind installed (it is part of my dmz) and has hardened kernel and other such tools - I do not normally run tor outside dmz.

What I could do, though, is install the debug package of tor (instead of the "normal" package) - would that be of any help to you?

I'm afraid that you must have gdb installed to follow nickm's instructions.

If you don't want to install it, you might be 'lucky' and your Linux distro might have gdb installed by default.

Closing this as user disappeared. Without any kind of debug info and nobody else reproducing, it seems likely that we can't fix this. Please reopen if it keeps happening and there's some more input

Trac:
Status: new to closed
Resolution: N/A to user disappeared

Trac:
Keywords: N/A deleted, tor-client added

Trac:
Component: Tor Client to Tor

closed

moved to tpo/core/tor#3274 (closed)