[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26311 [Core Tor/Tor]: Error in `/usr/bin/tor': free(): invalid next size (normal): 0x000055ed468598d0
#26311: Error in `/usr/bin/tor': free(): invalid next size (normal):
0x000055ed468598d0
--------------------------+------------------------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.4.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.3.5-rc
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by starlight):
Speculative yet plausible theory:
Allowing the possibility network storage is not directly corrupting
memory, the slowness of paging over network may be exposing a race-
condition bug where an unprotected critical-section results in corruption.
This of course is the nastiest class of bug.
My understanding is that much of the work processing consensus documents
was recently moved from the main event-loop thread to worker threads and
this might have led to the introduction of an unprotected race.
Issue may have arrived suddenly due to increasing memory pressure on the
shared container or VM from other instances; where previously paging may
have not been present, but occurs now. If successfuly locking of memory
with `DisableAllSwap` reduces or eliminates the traps, theory is further
validated.
Best way to find such bugs in my experience with the Valgrind compnent
Helgrind. Helgrind shows where the problem resides without necessarily
triggering it. Slow as Hell though. . .only runs test.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26311#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs