[tor-bugs] #30629 [Core Tor/Tor]: We seem to be reading some freed events on exit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun May 26 22:07:44 UTC 2019
#30629: We seem to be reading some freed events on exit
------------------------------+--------------------------------
Reporter: arma | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.4.1.x-final
Component: Core Tor/Tor | Version: Tor: 0.4.1.1-alpha
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
Run your Tor master as a client under valgrind:
{{{
$ valgrind --leak-check=full src/app/tor
}}}
and wait for it to bootstrap to 100%. Then ctrl-c it.
On exit, valgrind will give you a pile of complaints like
{{{
==4119== Invalid read of size 8
==4119== at 0x4C1DB9C: ??? (in /usr/lib/x86_64-linux-
gnu/libevent-2.1.so.6.0.2)
==4119== by 0x4C21A78: event_free (in /usr/lib/x86_64-linux-
gnu/libevent-2.1.so.6.0.2)
==4119== by 0x2ADA19: tor_event_free_ (compat_libevent.c:76)
==4119== by 0x2ADA19: mainloop_event_free_ (compat_libevent.c:461)
==4119== by 0x17748B: tor_mainloop_free_all (mainloop.c:2523)
==4119== by 0x1665FB: subsystems_shutdown_downto (subsysmgr.c:185)
==4119== by 0x165FB4: tor_free_all (shutdown.c:162)
==4119== by 0x164B54: tor_run_main (main.c:1360)
==4119== by 0x1620F9: tor_main (tor_api.c:164)
==4119== by 0x161CB8: main (tor_main.c:32)
==4119== Address 0x5489ec0 is 432 bytes inside a block of size 664 free'd
==4119== at 0x48369AB: free (vg_replace_malloc.c:530)
==4119== by 0x2ADB20: tor_libevent_free_all (compat_libevent.c:490)
==4119== by 0x165FAF: tor_free_all (shutdown.c:160)
==4119== by 0x164B54: tor_run_main (main.c:1360)
==4119== by 0x1620F9: tor_main (tor_api.c:164)
==4119== by 0x161CB8: main (tor_main.c:32)
==4119== Block was alloc'd at
==4119== at 0x483577F: malloc (vg_replace_malloc.c:299)
==4119== by 0x310F47: tor_malloc_ (malloc.c:45)
==4119== by 0x4C1E9B3: event_mm_calloc_ (in /usr/lib/x86_64-linux-
gnu/libevent-2.1.so.6.0.2)
==4119== by 0x4C224D9: event_base_new_with_config (in /usr/lib/x86_64
-linux-gnu/libevent-2.1.so.6.0.2)
==4119== by 0x2AD284: tor_libevent_initialize (compat_libevent.c:158)
==4119== by 0x28E879: init_libevent (config.c:8031)
==4119== by 0x28E879: options_act_reversible (config.c:1466)
==4119== by 0x28E879: set_options (config.c:934)
==4119== by 0x290721: options_init_from_string (config.c:5529)
==4119== by 0x290CA9: options_init_from_torrc (config.c:5293)
==4119== by 0x1632A6: tor_init (main.c:619)
==4119== by 0x163B13: tor_run_main (main.c:1297)
==4119== by 0x1620F9: tor_main (tor_api.c:164)
==4119== by 0x161CB8: main (tor_main.c:32)
}}}
maint-0.4.0 does not have this bug, and tor-0.4.1.1-alpha does.
A git bisect brought me to commit 6eb1b8da0ab2, which is about periodic
events so it looks promising. It's from #30293.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30629>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list