[tor-dev] Segfault trying to start tor in 0.2.4.16-rc with bufferevents

Ian Goldberg iang at cs.uwaterloo.ca
Thu Aug 22 14:17:41 UTC 2013 

I just tried to upgrade my tor exit node to 0.2.4.16-rc, and got this:

Aug 22 09:55:09.000 [warn] Something tried to close an or_connection_t
without going through channels at src/or/connection.c:3185
Aug 22 09:55:10.000 [warn] Something tried to close an or_connection_t
without going through channels at src/or/connection.c:3185
Aug 22 09:55:12.000 [warn] Something tried to close an or_connection_t
without going through channels at src/or/connection.c:3185
Aug 22 09:55:12.000 [warn] Something tried to close an or_connection_t
without going through channels at src/or/connection.c:3185
Aug 22 09:55:12.000 [warn] Something tried to close an or_connection_t
without going through channels at src/or/connection.c:3185
Aug 22 09:55:16.000 [warn] Something tried to close an or_connection_t
without going through channels at src/or/connection.c:3185
Aug 22 09:55:17.000 [warn] Something tried to close an or_connection_t
without going through channels at src/or/connection.c:3185
Segmentation fault

The configure line was:

./configure --with-openssl-dir=../openssl-1.0.1e --enable-bufferevents

Running under gdb, I see:

Program received signal SIGSEGV, Segmentation fault.
buf_datalen (buf=0x0) at src/or/buffers.c:523
523       return buf->datalen;

(gdb) bt
#0  buf_datalen (buf=0x0) at src/or/buffers.c:523
#1  0x0000555555611b89 in connection_write_to_buf_impl_ (
    string=0x7fffffffdd20 "\026\003\001", len=168, conn=0x55555682d070, zlib=0)
    at src/or/connection.c:3598
#2  0x0000555555587779 in connection_write_to_buf (conn=0x55555682d070, 
    len=<optimized out>, string=<optimized out>) at src/or/connection.h:136
#3  connection_edge_process_relay_cell (cell=0x7fffffffdd10, 
    circ=0x555557282610, conn=0x55555682d070, layer_hint=<optimized out>)
    at src/or/relay.c:1340
#4  0x0000555555589391 in circuit_receive_relay_cell (cell=0x7fffffffdd10, 
    circ=0x555557282610, cell_direction=CELL_DIRECTION_OUT)
    at src/or/relay.c:212
#5  0x00005555555fa57c in command_process_relay_cell (chan=0x5555575b9f40, 
    cell=0x7fffffffdd10) at src/or/command.c:462
#6  command_process_cell (chan=0x5555575b9f40, cell=0x7fffffffdd10)
    at src/or/command.c:148
#7  0x00005555555db873 in channel_tls_handle_cell (cell=0x7fffffffdd10, 
    conn=0x555557ccc140) at src/or/channeltls.c:923
#8  0x000055555561c3f9 in connection_or_process_cells_from_inbuf (
    conn=0x555557ccc140) at src/or/connection_or.c:1972
#9  0x000055555560f965 in connection_handle_read_cb (bufev=<optimized out>, 
    arg=0x555557ccc140) at src/or/connection.c:3114
#10 0x00007ffff749457e in ?? () from /usr/lib/libevent-2.0.so.5
---Type <return> to continue, or q <return> to quit---
#11 0x00007ffff748ae47 in event_base_loop () from /usr/lib/libevent-2.0.so.5
#12 0x000055555556b1fe in do_main_loop () at src/or/main.c:1987
#13 0x000055555556c9cf in tor_main (argc=<optimized out>, argv=0x7fffffffe3c8)
    at src/or/main.c:2703
#14 0x00007ffff689c76d in __libc_start_main ()
   from /lib/x86_64-linux-gnu/libc.so.6
#15 0x0000555555566cdd in _start ()

I rebuilt without bufferevents, and it hasn't crashed yet.  (I also
don't see the "Something tried to close an or_connection_t" warnings.)

   - Ian

More information about the tor-dev mailing list