conflux_launch_leg infinite loop
I finally got a proper core from the seg fault that my tor has been hitting periodically.
The seg fault seems to happen because my stack has thousands of entries on it, presumably because we are calling functions that call themselves in a circle and it keeps stacking deeper.
It happens in practice when my Tor is minding its own business (not actively being used) but then my wifi goes away.
Here is a sample of the 'where' output from gdb
#69 0x000055a2356ef88a in circuit_establish_circuit_conflux (
conflux_nonce=conflux_nonce@entry=0x7ffc342cc320 "\215Oĩaa8\307R\325\035\344C\304_2\020\205\354\347&O\213\221\300D\251\301g\343,M\320\323\325<\242U",
purpose=purpose@entry=25 '\031', exit_ei=exit_ei@entry=0x55a236878cd0,
flags=flags@entry=70) at src/core/or/circuitbuild.c:547
#70 0x000055a23571aae7 in conflux_launch_leg (
nonce=nonce@entry=0x7ffc342cc320 "\215Oĩaa8\307R\325\035\344C\304_2\020\205\354\347&O\213\221\300D\251\301g\343,M\320\323\325<\242U")
at src/core/or/conflux_pool.c:1110
#71 0x000055a23571bcb7 in unlinked_circuit_closed (circ=0x55a23cd5d3d0)
at src/core/or/conflux_pool.c:1426
#72 conflux_circuit_has_closed (circ=circ@entry=0x55a23cd5d3d0)
at src/core/or/conflux_pool.c:1632
#73 0x000055a2356f6875 in circuit_mark_for_close_ (circ=0x55a23cd5d3d0,
reason=0, line=line@entry=547,
file=file@entry=0x55a23582f102 "src/core/or/circuitbuild.c")
at src/core/or/circuitlist.c:2262
#74 0x000055a2356ef88a in circuit_establish_circuit_conflux (
conflux_nonce=conflux_nonce@entry=0x7ffc342cc450 "\215Oĩaa8\307R\325\035\344C\304_2\020\205\354\347&O\213\221\300D\251\301g\343,MP\305\325<\242U",
purpose=purpose@entry=25 '\031', exit_ei=exit_ei@entry=0x55a236878cd0,
flags=flags@entry=70) at src/core/or/circuitbuild.c:547
#75 0x000055a23571aae7 in conflux_launch_leg (
nonce=nonce@entry=0x7ffc342cc450 "\215Oĩaa8\307R\325\035\344C\304_2\020\205\354\347&O\213\221\300D\251\301g\343,MP\305\325<\242U")
at src/core/or/conflux_pool.c:1110
#76 0x000055a23571bcb7 in unlinked_circuit_closed (circ=0x55a23cd5c550)
at src/core/or/conflux_pool.c:1426
#77 conflux_circuit_has_closed (circ=circ@entry=0x55a23cd5c550)
at src/core/or/conflux_pool.c:1632
#78 0x000055a2356f6875 in circuit_mark_for_close_ (circ=0x55a23cd5c550,
reason=0, line=line@entry=547,
file=file@entry=0x55a23582f102 "src/core/or/circuitbuild.c")
at src/core/or/circuitlist.c:2262
#79 0x000055a2356ef88a in circuit_establish_circuit_conflux (
conflux_nonce=conflux_nonce@entry=0x7ffc342cc580 "\215Oĩaa8\307R\325\035\344C\304_2\020\205\354\347&O\213\221\300D\251\301g\343,Mж\325<\242U",
purpose=purpose@entry=25 '\031', exit_ei=exit_ei@entry=0x55a236878cd0,
flags=flags@entry=70) at src/core/or/circuitbuild.c:547
#80 0x000055a23571aae7 in conflux_launch_leg (
nonce=nonce@entry=0x7ffc342cc580 "\215Oĩaa8\307R\325\035\344C\304_2\020\205\354\347&O\213\221\300D\251\301g\343,Mж\325<\242U")
at src/core/or/conflux_pool.c:1110
#81 0x000055a23571bcb7 in unlinked_circuit_closed (circ=0x55a23cd5b6d0)
at src/core/or/conflux_pool.c:1426
#82 conflux_circuit_has_closed (circ=circ@entry=0x55a23cd5b6d0)
at src/core/or/conflux_pool.c:1632
#83 0x000055a2356f6875 in circuit_mark_for_close_ (circ=0x55a23cd5b6d0,
reason=0, line=line@entry=547,
file=file@entry=0x55a23582f102 "src/core/or/circuitbuild.c")
at src/core/or/circuitlist.c:2262
#84 0x000055a2356ef88a in circuit_establish_circuit_conflux (
conflux_nonce=conflux_nonce@entry=0x7ffc342cc6b0 "\215Oĩaa8\307R\325\035\344C\304_2\020\205\354\347&O\213\221\300D\251\301g\343,MP\250\325<\242U",
purpose=purpose@entry=25 '\031', exit_ei=exit_ei@entry=0x55a236878cd0,
flags=flags@entry=70) at src/core/or/circuitbuild.c:547
I still have the core, but my internet for the next days is pretty crappy so I will try to respond as I can. :)
This is Tor running from git commit d5306e10. I can't easily trigger it, or I would try a git bisect. It's been happening since before the Tor 0.4.8.1-alpha release. I am just a client.