seg fault in cell_queue_append()
View options
moria1 running git master (e1d3b444) seg faults reliably, soon after startup.
#0 0x000000000042181f in cell_queue_append (queue=0x56e9cf8,
cell=0x7fffad841db0, wide_circ_ids=1, use_stats=0) at src/or/relay.c:2141
#1 cell_queue_append_packed_copy (queue=0x56e9cf8, cell=0x7fffad841db0,
wide_circ_ids=1, use_stats=0) at src/or/relay.c:2181
#2 0x000000000048003d in circuitmux_append_destroy_cell (chan=0x56e9b70,
cmux=0x56e9cd0, circ_id=2147507178, reason=<value optimized out>)
at src/or/circuitmux.c:1874
#3 0x000000000046ae09 in channel_send_destroy (circ_id=2147507178,
chan=0x56e9b70, reason=<value optimized out>) at src/or/channel.c:2687
#4 0x000000000047f39c in circuit_mark_for_close_ (circ=0x53d7170, reason=0,
line=1250, file=0x53f9fb "src/or/circuituse.c")
at src/or/circuitlist.c:1568
#5 0x0000000000478db8 in circuit_send_next_onion_skin (circ=0x53d7170)
at src/or/circuitbuild.c:808
#6 0x000000000042595a in connection_edge_process_relay_cell (
cell=0x7fffad842970, circ=0x53d7170, conn=<value optimized out>,
layer_hint=<value optimized out>) at src/or/relay.c:1443
#7 0x00000000004264a0 in circuit_receive_relay_cell (cell=0x7fffad842970,
circ=0x53d7170, cell_direction=CELL_DIRECTION_IN) at src/or/relay.c:226
#8 0x000000000048d9ae in command_process_relay_cell (chan=0x56e9b70,
cell=0x7fffad842970) at src/or/command.c:462
#9 command_process_cell (chan=0x56e9b70, cell=0x7fffad842970)
at src/or/command.c:148
#10 0x000000000047249b in channel_tls_handle_cell (cell=0x7fffad842970,
conn=0x56e9dd0) at src/or/channeltls.c:924
#11 0x00000000004af256 in connection_or_process_cells_from_inbuf (
conn=0x56e9dd0) at src/or/connection_or.c:1972
#12 0x00000000004a4008 in connection_handle_read_impl (conn=0x56e9dd0)
at src/or/connection.c:2949
#13 connection_handle_read (conn=0x56e9dd0) at src/or/connection.c:2990
#14 0x000000000040c076 in conn_read_callback (fd=<value optimized out>,
event=8112, _conn=0x1) at src/or/main.c:716
#15 0x00007f5b3a481344 in event_base_loop () from /usr/lib/libevent-1.4.so.2
#16 0x0000000000409e81 in do_main_loop () at src/or/main.c:1996
#17 0x000000000040a1dd in tor_main (argc=<value optimized out>,
argv=<value optimized out>) at src/or/main.c:2720
#18 0x00007f5b39732c8d in __libc_start_main (main=<value optimized out>,
argc=<value optimized out>, ubp_av=<value optimized out>,
init=<value optimized out>, fini=<value optimized out>,
rtld_fini=<value optimized out>, stack_end=0x7fffad8430b8)
at libc-start.c:228
#19 0x0000000000408789 in _start ()(gdb) print *queue
$1 = {head = {sqh_first = 0x362c323700000000, sqh_last = 0x1799620},
n = 24820072, insertion_times = 0x17bd00424603d237}First noticed on #9286 (moved) (unrelated), and you can see another very similar backtrace over there.