Opened 11 years ago

Last modified 7 years ago

#996 closed defect (Fixed)

tor-0.2.1.14-rc dies on SIGILL shortly after receiving SIGHUP

Reported by: JonCharge Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: 0.2.1.14-rc
Severity: Keywords:
Cc: JonCharge, nickm, Sebastian Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This bug report submitted on behalf of Scott.
On two successive tor runs as a relay, tor terminated abnormally on

SIGILL after receiving a SIGHUP. The operating system is FreeBSD
7-STABLE, and tor is 0.2.1.14-rc. A SIGHUP was sent to tor, which
issued the following messages to /var/log/notices.log in the second
case.

Jun 04 10:36:10.957 [notice] Received reload signal (hup). Reloading config and resetting internal state.
Jun 04 10:36:10.966 [notice] Tor 0.2.1.14-rc (r19307) opening log file.
Jun 04 10:36:10.966 [warn] Can't log to stdout with RunAsDaemon set; skipping stdout
Jun 04 10:36:10.966 [warn] Can't log to stdout with RunAsDaemon set; skipping stdout

It then terminated on a SIGILL, leaving a tor.core file in /var/db/tor,
and the FreeBSD kernel noted the following in /var/log/messages.

Jun 4 10:36:12 hellas kernel: pid 16788 (tor), uid 256: exited on signal 4 (core dumped)

The first case did exactly the same with, of course, different date and
timestamps and a different pid in the messages. In each case, I
appended the date to the name of the tor.core file to prevent it from
being overwritten/replaced by any later occurrence of this crash. The
two tor.core files do have different sizes:

-rw------- 1 _tor _tor 30973952 Jun 3 03:28 tor.core.03jun2009
-rw------- 1 _tor _tor 68128768 Jun 4 10:36 tor.core.04jun2009

gdb backtraces are shown for each tor.core file in the typescript file
below.

Script started on Fri Jun 5 00:40:45 2009
hellas# gdb /usr/local/bin/tor tor.core.03jun2009
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `tor'.
Program terminated with signal 4, Illegal instruction.
Reading symbols from /lib/libz.so.4...done.
Loaded symbols for /lib/libz.so.4
Reading symbols from /usr/local/lib/libevent-1.4.so.3...done.
Loaded symbols for /usr/local/lib/libevent-1.4.so.3
Reading symbols from /usr/lib/libssl.so.5...done.
Loaded symbols for /usr/lib/libssl.so.5
Reading symbols from /lib/libcrypto.so.5...done.
Loaded symbols for /lib/libcrypto.so.5
Reading symbols from /lib/libthr.so.3...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x080b0f1e in policies_parse_from_options (options=0x3499bc00)

at policies.c:431

431 if (load_policy_from_option(options->DirPolicy, &dir_policy, -1) < 0)
[New Thread 0x34102030 (LWP 100195)]
[New Thread 0x34101f20 (LWP 100194)]
[New Thread 0x34101040 (LWP 100193)]
(gdb) bt
#0 0x080b0f1e in policies_parse_from_options (options=0x3499bc00)

at policies.c:431

#1 0x08068824 in options_act (old_options=0x34123400) at config.c:1298
#2 0x080697b6 in set_options (new_val=0x3499bc00, msg=0xbfbfe4a8)

at config.c:807

#3 0x0806a262 in options_init_from_string (

cf=0x344f1000 "## Configuration file for a typical Tor user\n## Last updated 8 October 2006 for Tor 0.1.2.3-alpha.\n## (May or may not work for older or newer versions of Tor.)\n##\n## Lines that begin with \"## \" try to"...,
command=0, command_arg=0x0, msg=0xbfbfe4a8) at config.c:4087

#4 0x0806a909 in options_init_from_torrc (argc=11, argv=0xbfbfe694)

at config.c:3961

#5 0x080a715c in signal_callback (fd=1, events=8, arg=Variable "arg" is not available.
) at main.c:1306
#6 0x33d81565 in event_base_loop () from /usr/local/lib/libevent-1.4.so.3
#7 0x33d81899 in event_loop () from /usr/local/lib/libevent-1.4.so.3
#8 0x080a936a in do_main_loop () at main.c:1435
#9 0x080a951d in tor_main (argc=11, argv=0xbfbfe694) at main.c:2060
#10 0x080e5422 in main (argc=100193, argv=0x0) at tor_main.c:30
(gdb) quit
hellas# gdb /usr/local/bin/tor tor.core.04jun2009
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `tor'.
Program terminated with signal 4, Illegal instruction.
Reading symbols from /lib/libz.so.4...done.
Loaded symbols for /lib/libz.so.4
Reading symbols from /usr/local/lib/libevent-1.4.so.3...done.
Loaded symbols for /usr/local/lib/libevent-1.4.so.3
Reading symbols from /usr/lib/libssl.so.5...done.
Loaded symbols for /usr/lib/libssl.so.5
Reading symbols from /lib/libcrypto.so.5...done.
Loaded symbols for /lib/libcrypto.so.5
Reading symbols from /lib/libthr.so.3...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x080b0f1e in policies_parse_from_options (options=0x37df1c00)

at policies.c:431

431 if (load_policy_from_option(options->DirPolicy, &dir_policy, -1) < 0)
[New Thread 0x34102030 (LWP 100195)]
[New Thread 0x34101f20 (LWP 100194)]
[New Thread 0x34101040 (LWP 100240)]
(gdb) bt
#0 0x080b0f1e in policies_parse_from_options (options=0x37df1c00)

at policies.c:431

#1 0x08068824 in options_act (old_options=0x34123400) at config.c:1298
#2 0x080697b6 in set_options (new_val=0x37df1c00, msg=0xbfbfe4b8)

at config.c:807

#3 0x0806a262 in options_init_from_string (

cf=0x37ece000 "## Configuration file for a typical Tor user\n## Last updated 8 October 2006 for Tor 0.1.2.3-alpha.\n## (May or may not work for older or newer versions of Tor.)\n##\n## Lines that begin with \"## \" try to"...,
command=0, command_arg=0x0, msg=0xbfbfe4b8) at config.c:4087

#4 0x0806a909 in options_init_from_torrc (argc=11, argv=0xbfbfe6a0)

at config.c:3961

#5 0x080a715c in signal_callback (fd=1, events=8, arg=Variable "arg" is not available.
) at main.c:1306
#6 0x33d81565 in event_base_loop () from /usr/local/lib/libevent-1.4.so.3
#7 0x33d81899 in event_loop () from /usr/local/lib/libevent-1.4.so.3
#8 0x080a936a in do_main_loop () at main.c:1435
#9 0x080a951d in tor_main (argc=11, argv=0xbfbfe6a0) at main.c:2060
#10 0x080e5422 in main (argc=100240, argv=0x0) at tor_main.c:30
(gdb) quit
hellas# exit
exit

Script done on Fri Jun 5 00:42:13 2009

The torrc file can be made available upon request if needed.

Comments:

I have no recollection of any prior version of tor failing in this
manner in response to a SIGHUP. It is very restricting not to dare to
send SIGHUPs at all with this version in order to avoid causing yet
another crash. I am considering reviving 0.2.1.13-alpha to regain
this functionality. I have built 0.2.1.15-rc, but am reluctant to
install and use it, given that this bug most likely still exists in
0.2.1.15-rc, whereas it didn't seem to happen in the earlier version.

Submitted (via Jon <scream@…>) by:

Scott Bennett <bennett@…>

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (6)

comment:1 Changed 11 years ago by nickm

Oh wow; this is wild. I think I have a fix for it. Try this patch?

diff --git a/src/or/policies.c b/src/or/policies.c
index cb914d1..d55e86c 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -411,6 +411,7 @@ load_policy_from_option(config_line_t *config, smartlist_t policy,

memcpy(&newp, n, sizeof(newp));
newp.prt_min = 1;
newp.prt_max = 65535;

+ newp.is_canonical = 0;

c = addr_policy_get_canonical_entry(&newp);
SMARTLIST_REPLACE_CURRENT(*policy, n, c);
addr_policy_free(n);

comment:2 Changed 10 years ago by Sebastian

Is this still a problem with 0.2.1.19?

comment:3 Changed 10 years ago by nickm

Well, that patch was certainly important, and certainly fixed _a_ bug that would have the same symptoms as this one.
Unless the bug has been sighted in some version 0.2.1.16-rc or later, we probably fixed it then.

Has anybody seen this happen since 0.2.1.16-rc?

comment:4 Changed 10 years ago by arma

Scott says he's happy. Closing.

comment:5 Changed 10 years ago by arma

flyspray2trac: bug closed.

comment:6 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.