Opened 12 years ago

Last modified 7 years ago

#428 closed defect (Fixed)

r10217 seg fault, buf malloc

Reported by: arma Owned by:
Priority: High Milestone:
Component: Core Tor/Tor Version: 0.2.0.0-alpha-dev
Severity: Keywords:
Cc: arma Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

#0 0x0000002a95e8c514 in mallopt () from /lib/libc.so.6
#1 0x0000002a95e8bd80 in mallopt () from /lib/libc.so.6
#2 0x0000002a95e8aff7 in malloc () from /lib/libc.so.6
#3 0x0000002a9567494e in zcalloc () from /usr/lib/libz.so.1
#4 0x0000002a9567075c in deflateInit2_ () from /usr/lib/libz.so.1
#5 0x0000000000477999 in tor_zlib_new (compress=1, method=GZIP_METHOD)

at torgzip.c:57

#6 0x0000000000435dc9 in directory_handle_command_get (conn=0x84db30,

headers=0x5b6706c "", body=0x5b6ba90 "\026(;Odz\221©A", body_len=10944416)
at directory.c:1839

#7 0x000000000043663c in directory_handle_command (conn=0x84db30)

at directory.c:2045

#8 0x0000000000435139 in connection_dir_process_inbuf (conn=0x84db30)

at directory.c:1430

#9 0x00000000004204bf in connection_handle_read (conn=0x84db30)

at connection.c:1595

#10 0x0000000000441f23 in conn_read_callback (fd=10944544, event=0,

_conn=0x5b6ba90) at main.c:482

#11 0x0000002a9578482d in event_base_priority_init ()

from /usr/lib/libevent-1.1a.so.1

#12 0x0000002a95784a72 in event_base_loop () from /usr/lib/libevent-1.1a.so.1
#13 0x0000002a957848e5 in event_loop () from /usr/lib/libevent-1.1a.so.1
#14 0x0000000000443841 in do_main_loop () at main.c:1365
#15 0x000000000044456a in tor_main (argc=10944544, argv=0xa70000)

at main.c:2592

#16 0x0000002a95e31441 in libc_start_main () from /lib/libc.so.6
#17 0x00000000004062ea in _start () at ../sysdeps/x86_64/elf/start.S:96

(gdb) up
#6 0x0000000000435dc9 in directory_handle_command_get (conn=0x84db30,

headers=0x5b6706c "", body=0x5b6ba90 "\026(;Odz\221©A", body_len=10944416)
at directory.c:1839

1839 conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD);
(gdb) print *conn
$1 = {_base = {magic = 2575892462, type = 9 '\t', state = 6 '\006',

purpose = 10 '\n', read_blocked_on_bw = 0, write_blocked_on_bw = 0,
hold_open_until_flushed = 0, inbuf_reached_eof = 0, edge_has_sent_end = 0,
edge_blocked_on_circ = 0, or_is_obsolete = 0, chosen_exit_optional = 0,
s = 83, conn_array_index = 1777, read_event = 0x2f1f1c0,
write_event = 0x2f1f790, inbuf = 0x29c4920, outbuf = 0x5b040e0,
outbuf_flushlen = 175, timestamp_lastread = 1179561790,
timestamp_lastwritten = 1179561790, timestamp_created = 1179561790,
addr = 1418132278, port = 1568, marked_for_close = 0,
marked_for_close_file = 0x0, address = 0x6509f0 "84.134.251.54",
linked_conn = 0x0, linked = 0, reading_from_linked_conn = 0,
writing_to_linked_conn = 0, active_on_link = 0}, requested_resource = 0x0,

dirconn_direct = 0, dir_spool_src = DIR_SPOOL_SERVER_BY_DIGEST,
fingerprint_stack = 0x29c4dd0, cached_dir = 0x0, cached_dir_offset = 0,
zlib_state = 0x0, rend_query = '\0' <repeats 16 times>,
identity_digest = '\0' <repeats 19 times>}

(gdb) up
#7 0x000000000043663c in directory_handle_command (conn=0x84db30)

at directory.c:2045

2045 r = directory_handle_command_get(conn, headers, body, body_len);
(gdb) print headers
$3 = 0x5763910 "GET /tor/server/d/C079F0F9E0E36569650BB18E333B0B1D6C37E59E+196F1544419BAA1FBB554D81DC568FF0F1255AAE+3F3E59CBB2AFA7B339CF99CA9040362AC72702A9+F4CB70F7FFEBCCA0520F00D88ED8E7FAC3D01208+E201ACE150813CED8E"...

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (3)

comment:1 Changed 12 years ago by arma

Another malloc/free seg fault just now, on moria1, right after booting:

#0 0x0000002a95e8c31b in mallopt () from /lib/libc.so.6
#1 0x0000002a95e8b1a2 in free () from /lib/libc.so.6
#2 0x0000000000457fbe in local_routerstatus_free (rs=0xb53080)

at routerlist.c:2048

#3 0x000000000045bef3 in routerstatus_list_update_from_networkstatus (now=79)

at routerlist.c:4027

#4 0x000000000045b299 in routers_update_all_from_networkstatus (

now=1179573652) at routerlist.c:3577

#5 0x0000000000443007 in run_scheduled_events (now=1179573652) at main.c:975
#6 0x0000000000443399 in second_elapsed_callback (fd=11874432, event=971,

args=0x0) at main.c:1153

#7 0x0000002a9578482d in event_base_priority_init ()

from /usr/lib/libevent-1.1a.so.1

#8 0x0000002a95784a72 in event_base_loop () from /usr/lib/libevent-1.1a.so.1
#9 0x0000002a957848e5 in event_loop () from /usr/lib/libevent-1.1a.so.1
#10 0x0000000000443841 in do_main_loop () at main.c:1365
#11 0x000000000044456a in tor_main (argc=11874432, argv=0x464e03cb)

at main.c:2592

#12 0x0000002a95e31441 in libc_start_main () from /lib/libc.so.6
#13 0x00000000004062ea in _start () at ../sysdeps/x86_64/elf/start.S:96

comment:2 Changed 12 years ago by nickm

flyspray2trac: bug closed.
This is likely to be fixed as of svn trunk, since trunk seems not to explode. please re-open if this occurs again.

comment:3 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.