[tor-bugs] #14759 [Tor]: Tor is killed with Bad system call

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 6 13:07:11 UTC 2015


#14759: Tor is killed with Bad system call
--------------------+------------------------------------
 Reporter:  tholin  |          Owner:
     Type:  defect  |         Status:  new
 Priority:  normal  |      Milestone:
Component:  Tor     |        Version:  Tor: 0.2.6.2-alpha
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
--------------------+------------------------------------
 I've setup a tor bridge but it dies with "Bad system call" after a few
 days. This is likely because I use the sandbox.

 The log output is:
 {{{
 Feb 05 05:41:47.000 [notice] Heartbeat: Tor's uptime is 6 days 18:00
 hours, with 1 circuits open. I've sent 23.40 MB and received 213.94 MB.
 Feb 05 05:41:47.000 [notice] Average packaged cell fullness: 87.064%
 Feb 05 05:41:47.000 [notice] TLS write overhead: 6%
 Bad system call
 }}}

 This happens with both tor-0.2.5.10 and tor-0.2.6.2-alpha. Both dies after
 6 days 18:00 hours uptime. I'm currently testing latest git but it will
 probably take 6 days before I know if it works. After tor has been killed
 it will again die with Bad system call if I try to restart it. After
 restarting it a few times it will successfully start but die after 6 days.

 The log when restarting:
 {{{
 Feb 06 13:45:14.593 [notice] Tor v0.2.6.2-alpha (git-6cb1daf062df5252)
 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.1k and Zlib
 1.2.8.
 Feb 06 13:45:14.594 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 Feb 06 13:45:14.594 [notice] This version is not a stable Tor release.
 Expect more bugs than usual.
 Feb 06 13:45:14.594 [notice] Read configuration file "/etc/tor/torrc".
 Feb 06 13:45:14.619 [notice] Your ContactInfo config option is not set.
 Please consider setting it, so we can contact you if your server is
 misconfigured or something else goes wrong.
 Feb 06 13:45:14.619 [notice] MaxMemInQueues is set to 8192 MB. You can
 override this by setting MaxMemInQueues by hand.
 Feb 06 13:45:14.622 [notice] Opening OR listener on 0.0.0.0:443
 Feb 06 13:45:14.623 [notice] Caching new entry tor for tor
 Feb 06 13:45:14.624 [notice] Caching new entry tor for tor
 Feb 06 13:45:14.593 [notice] Tor v0.2.6.2-alpha (git-6cb1daf062df5252)
 running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.1k and Zlib
 1.2.8.
 Feb 06 13:45:14.594 [notice] Tor can't help you if you use it wrong! Learn
 how to be safe at https://www.torproject.org/download/download#warning
 Feb 06 13:45:14.594 [notice] This version is not a stable Tor release.
 Expect more bugs than usual.
 Feb 06 13:45:14.594 [notice] Read configuration file "/etc/tor/torrc".
 Feb 06 13:45:14.619 [notice] Your ContactInfo config option is not set.
 Please consider setting it, so we can contact you if your server is
 misconfigured or something else goes wrong.
 Feb 06 13:45:14.619 [notice] MaxMemInQueues is set to 8192 MB. You can
 override this by setting MaxMemInQueues by hand.
 Feb 06 13:45:14.622 [notice] Opening OR listener on 0.0.0.0:443
 Feb 06 13:45:14.623 [notice] Caching new entry tor for tor
 Feb 06 13:45:14.624 [notice] Caching new entry tor for tor
 Feb 06 13:45:14.000 [notice] Not disabling debugger attaching for
 unprivileged users.
 Feb 06 13:45:14.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
 Feb 06 13:45:14.000 [notice] Parsing GEOIP IPv6 file
 /usr/share/tor/geoip6.
 Feb 06 13:45:15.000 [notice] Configured to measure statistics. Look for
 the *-stats files that will first be written to the data directory in 24
 hours from now.
 Feb 06 13:45:15.000 [notice] Your Tor server's identity key fingerprint is
 '<REDACTED>'
 Feb 06 13:45:15.000 [notice] Your Tor bridge's hashed identity key
 fingerprint is '<REDACTED>'
 Feb 06 13:45:15.000 [notice] Bootstrapped 0%: Starting
 Feb 06 13:45:21.000 [notice] Bootstrapped 5%: Connecting to directory
 server
 Feb 06 13:45:21.000 [notice] Signaling readyness to systemd
 Feb 06 13:45:21.000 [notice] Bootstrapped 10%: Finishing handshake with
 directory server
 Feb 06 13:45:21.000 [notice] Bootstrapped 15%: Establishing an encrypted
 directory connection
 Feb 06 13:45:21.000 [notice] Bootstrapped 20%: Asking for networkstatus
 consensus
 Feb 06 13:45:21.000 [notice] Bootstrapped 50%: Loading relay descriptors
 Bad system call (core dumped)
 }}}

 I'm running an Arch Linux system with tor running in a chroot according to
 the instructions on the arch wiki.

 torrc
 {{{
 SocksPort 0
 ORPort 443
 BridgeRelay 1
 Exitpolicy reject *:*
 BandwidthRate 200 KBytes
 BandwidthBurst 10 MBits
 User tor
 Sandbox 1
 Log notice stdout
 DisableDebuggerAttachment 0
 }}}

 DisableDebuggerAttachment was added to get a coredump.
 Here is some of the info from the coredump with potentially sensitive data
 redacted.

 {{{
 # gdb torchroot/usr/bin/tor torchroot/tmp/core.tor.11879.1423224556
 GNU gdb (GDB) 7.8.2
 Copyright (C) 2014 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later
 <http://gnu.org/licenses/gpl.html>
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
 and "show warranty" for details.
 This GDB was configured as "x86_64-unknown-linux-gnu".
 Type "show configuration" for configuration details.
 For bug reporting instructions, please see:
 <http://www.gnu.org/software/gdb/bugs/>.
 Find the GDB manual and other documentation resources online at:
 <http://www.gnu.org/software/gdb/documentation/>.
 For help, type "help".
 Type "apropos word" to search for commands related to "word"...
 Reading symbols from torchroot/usr/bin/tor...done.
 [New LWP 11880]
 [New LWP 11879]
 [New LWP 11881]

 warning: Could not load shared library symbols for linux-vdso.so.1.
 Do you need "set solib-search-path" or "set sysroot"?
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/usr/lib/libthread_db.so.1".
 Core was generated by `/usr/bin/tor'.
 Program terminated with signal SIGSYS, Bad system call.
 #0  0x00007f179c9c9200 in __open_nocancel () from /usr/lib/libc.so.6
 (gdb) info threads
   Id   Target Id         Frame
   3    Thread 0x7f1798a57700 (LWP 11881) 0x00007f179cea46bf in recv ()
    from /usr/lib/libpthread.so.0
   2    Thread 0x7f179e2c1700 (LWP 11879) config_free_lines (front=0x0,
     front at entry=0x7f17a3cc7460) at src/or/confparse.c:173
 * 1    Thread 0x7f1799258700 (LWP 11880) (Exiting) 0x00007f179c9c9200 in
 __open_nocancel
     () from /usr/lib/libc.so.6
 (gdb) thread apply all bt full

 Thread 3 (Thread 0x7f1798a57700 (LWP 11881)):
 #0  0x00007f179cea46bf in recv () from /usr/lib/libpthread.so.0
 No symbol table info available.
 #1  0x00007f179e3f9a0a in recv (__flags=0, __n=552, __buf=0x7f1798a569b0,
 __fd=14)
     at /usr/include/bits/socket2.h:44
 No locals.
 #2  read_all (fd=14, buf=0x7f1798a569b0 "", count=552, isSocket=1)
     at src/common/util.c:1972
         numread = 0
         result = <optimized out>
 #3  0x00007f179e3ba11b in cpuworker_main (data=0xe,
 data at entry=0x7f179f649c40)
     at src/or/cpuworker.c:422
         fd = 14
         onion_keys = {my_identity = "<REDACTED>",
           onion_key = 0x7f178c0008c0, last_onion_key = 0x7f178c000fb0,
           curve25519_key_map = 0x7f178c0010b0, junk_keypair =
 0x7f178c0010f0}
         req = {magic = 0, tag = '\000' <repeats 11 times>, task = 0
 '\000', timed = 0,
           started_at = {tv_sec = 0, tv_usec = 0}, create_cell = {cell_type
 = 0 '\000',
             handshake_type = 0, handshake_len = 0,
             onionskin = '\000' <repeats 504 times>}}
         rpl = {magic = 0, tag = '\000' <repeats 11 times>, success = 0
 '\000',
           timed = 0, handshake_type = 0, started_at = {tv_sec = 0, tv_usec
 = 0},
           n_usec = 0, created_cell = {cell_type = 0 '\000', handshake_len
 = 0,
             reply = '\000' <repeats 506 times>}, keys = '\000' <repeats 71
 times>,
           rend_auth_material = '\000' <repeats 19 times>}
         __PRETTY_FUNCTION__ = "cpuworker_main"
         __func__ = "cpuworker_main"
 #4  0x00007f179e3e91ac in tor_pthread_helper_fn (_data=0x0) at
 src/common/compat.c:2572
         data = 0x7f179f641cf0
         func = 0x7f179e3ba070 <cpuworker_main>
         arg = 0x7f179f649c40
         sigs = {__val = {<REDACTED>, <REDACTED> <repeats 15 times>}}
 #5  0x00007f179ce9c314 in start_thread () from /usr/lib/libpthread.so.0
 No symbol table info available.
 #6  0x00007f179c9d624d in clone () from /usr/lib/libc.so.6
 No symbol table info available.

 Thread 2 (Thread 0x7f179e2c1700 (LWP 11879)):
 #0  config_free_lines (front=0x0, front at entry=0x7f17a3cc7460) at
 src/or/confparse.c:173
         tmp = 0x7f17a3cc7460
 #1  0x00007f179e3991d3 in config_reset (fmt=fmt at entry=0x7f179e69e160
 <state_format>,
     options=options at entry=0x7f17a34aa6c0, var=0x7f179e6a53c0
 <state_vars_+704>,
     use_defaults=use_defaults at entry=1) at src/or/confparse.c:932
         c = 0x7f17a3cc7460
         msg = 0x0
         __func__ = "config_reset"
         __PRETTY_FUNCTION__ = "config_reset"
 #2  0x00007f179e39a1e7 in config_init (fmt=0x7f179e69e160 <state_format>,
     options=0x7f17a34aa6c0) at src/or/confparse.c:1049
         i = 22
         var = <optimized out>
 #3  0x00007f179e39a4f0 in config_dump (fmt=fmt at entry=0x7f179e69e160
 <state_format>,
     default_options=default_options at entry=0x0, options=0x7f179f1d1060,
     minimal=minimal at entry=1, comment_defaults=comment_defaults at entry=0)
     at src/or/confparse.c:1072
         elements = <optimized out>
         defaults = 0x7f17a34aa6c0
         defaults_tmp = 0x7f17a34aa6c0
         line = <optimized out>
         assigned = <optimized out>
         result = <optimized out>
         i = <optimized out>
         msg = 0x0
         __PRETTY_FUNCTION__ = "config_dump"
         __func__ = "config_dump"
 #4  0x00007f179e35a4aa in or_state_save (now=now at entry=1423224555)
     at src/or/statefile.c:440
         state = <optimized out>
         fname = <optimized out>
         tbuf = "<REDACTED>"
         now = 1423224555
 #5  0x00007f179e307bc8 in run_scheduled_events (now=1423224555) at
 src/or/main.c:1600
         have_dir_info = <optimized out>
         last_rotated_x509_certificate = 1423224555
         time_to_add_entropy = 1423228155
         time_to_downrate_stability = 1423267755
         time_to_check_for_expired_networkstatus = 1423224675
         time_to_write_stats_files = 1423228155
         should_init_bridge_stats = 0
         time_to_save_stability = 0
         time_to_clean_caches = 1423226355
         time_to_retry_dns_init = 1423225155
         i = <optimized out>
         time_to_check_v3_certificate = 1423224855
         time_to_download_networkstatus = 1423224615
         time_to_write_bridge_status_file = 0
         time_to_write_bridge_stats = 1423310955
         time_to_shrink_memory = 1423224615
         time_to_try_getting_descriptors = 1423224565
         time_to_reset_descriptor_failures = 1423228155
         time_to_recheck_bandwidth = 0
         time_to_launch_reachability_tests = 0
         time_to_next_heartbeat = 0
         options = 0x7f179f1d1310
         is_server = 1
         time_to_check_listeners = 1423224615
         time_to_check_port_forwarding = 0
 #6  second_elapsed_callback (timer=<optimized out>, arg=<optimized out>)
     at src/or/main.c:1761
         current_second = 0
         now = 1423224555
         bytes_written = <optimized out>
         bytes_read = <optimized out>
         seconds_elapsed = <optimized out>
         options = <optimized out>
         __PRETTY_FUNCTION__ = "second_elapsed_callback"
 #7  0x00007f179d95aca6 in event_base_loop () from
 /usr/lib/libevent-2.0.so.5
 No symbol table info available.
 #8  0x00007f179e308ea4 in do_main_loop () at src/or/main.c:2105
         loop_result = -1568300031
         now = 139739487642625
         __PRETTY_FUNCTION__ = "do_main_loop"
         __func__ = "do_main_loop"
 #9  0x00007f179e30bca5 in tor_main (argc=<optimized out>, argv=<optimized
 out>)
     at src/or/main.c:3075
         result = 0
         __PRETTY_FUNCTION__ = "tor_main"
 #10 0x00007f179c90e040 in __libc_start_main () from /usr/lib/libc.so.6
 No symbol table info available.
 #11 0x00007f179e30532b in _start ()
 No symbol table info available.

 Thread 1 (Thread 0x7f1799258700 (LWP 11880)):
 #0  0x00007f179c9c9200 in __open_nocancel () from /usr/lib/libc.so.6
 No symbol table info available.
 #1  0x00007f179c96104b in __libc_message () from /usr/lib/libc.so.6
 No symbol table info available.
 #2  0x00007f179c9612de in __libc_fatal () from /usr/lib/libc.so.6
 No symbol table info available.
 #3  0x00007f179cea5a59 in pthread_cancel_init () from
 /usr/lib/libpthread.so.0
 No symbol table info available.
 #4  0x00007f179cea5b64 in _Unwind_ForcedUnwind () from
 /usr/lib/libpthread.so.0
 No symbol table info available.
 #5  0x00007f179cea3f20 in __pthread_unwind () from
 /usr/lib/libpthread.so.0
 No symbol table info available.
 #6  0x00007f179ce9d395 in pthread_exit () from /usr/lib/libpthread.so.0
 No symbol table info available.
 #7  0x00007f179e3ebb7b in spawn_exit () at src/common/compat.c:2641
 No locals.
 #8  0x00007f179e3ba418 in cpuworker_main (data=0x7f179ca53b80,
     data at entry=0x7f17a149d590) at src/or/cpuworker.c:500
         fd = 12
         onion_keys = {my_identity = '\000' <repeats 19 times>, onion_key =
 0x0,
           last_onion_key = 0x0, curve25519_key_map = 0x0, junk_keypair =
 0x0}
         req = {magic = 0, tag = '\000' <repeats 11 times>, task = 0
 '\000', timed = 0,
           started_at = {tv_sec = 0, tv_usec = 0}, create_cell = {cell_type
 = 0 '\000',
             handshake_type = 0, handshake_len = 0,
             onionskin = '\000' <repeats 504 times>}}
         rpl = {magic = 0, tag = '\000' <repeats 11 times>, success = 0
 '\000',
           timed = 0, handshake_type = 0, started_at = {tv_sec = 0, tv_usec
 = 0},
           n_usec = 0, created_cell = {cell_type = 0 '\000', handshake_len
 = 0,
             reply = '\000' <repeats 506 times>}, keys = '\000' <repeats 71
 times>,
           rend_auth_material = "<REDACTED>"}
         __PRETTY_FUNCTION__ = "cpuworker_main"
         __func__ = "cpuworker_main"
 #9  0x00007f179e3e91ac in tor_pthread_helper_fn (_data=0x0) at
 src/common/compat.c:2572
         data = 0x7f17a3974fa0
         func = 0x7f179e3ba070 <cpuworker_main>
         arg = 0x7f17a149d590
         sigs = {__val = {<REDACTED>, <REDACTED> <repeats 15 times>}}
 #10 0x00007f179ce9c314 in start_thread () from /usr/lib/libpthread.so.0
 No symbol table info available.
 #11 0x00007f179c9d624d in clone () from /usr/lib/libc.so.6
 No symbol table info available.
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14759>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list