[ircd-ratbox] core in match.c [long msg]

Eric Dyer blackice at darksoulz.net
Sat Mar 13 09:59:36 EST 2004


We had 4 of our 5 servers crash at what appears to be the exact same point.  
We have done some modification to the code but haven't changed anything in the 
neighborhood of the crash.  gdb backtrace from the 3 I could get follows.  
all servers running ratbox-1.3-1 stable (20040305_0)

--------------------------------------
Server 1 - FreeBSD 5.1-RELEASE

(gdb) bt full
#0  0x0805d553 in irccmp (s1=0x2841ffa7 "d226-45-13.home.cgocable.net", 
s2=0x2854cf57 <Address 0x2854cf57 out of bounds>)
    at match.c:377
        str1 = (const unsigned char *) 0x2841ffa7 "d226-45-13.home.cgocable.
net"
        str2 = (const unsigned char *) 0x2854cf57 <Address 0x2854cf57 out of 
bounds>
        res = 100
#1  0x08069ea8 in attach_iline (client_p=0x2841ff04, aconf=0x8475680) at 
s_conf.c:703
        target_p = (struct Client *) 0x2854ceb4
        ptr = (struct _dlink_node *) 0x2856f820
        local_count = 0
        global_count = 0
        ident_count = 0
        unidented = 0
#2  0x08069bc7 in verify_access (client_p=0x2841ff04, username=0xbfbff9b0 
"john") at s_conf.c:585
        aconf = (struct ConfItem *) 0x8475680
        non_ident = " \0\0\0\024ø-(\230ö¿"
#3  0x080697fc in check_client (client_p=0x2841ff04, source_p=0x2841ff04, 
username=0xbfbff9b0 "john") at s_conf.c:396
        i = 675413764
#4  0x08070691 in register_local_user (client_p=0x2841ff04, 
source_p=0x2841ff04, nick=0x2841ff5c "Selket", 
    username=0xbfbff9b0 "john") at s_user.c:349
        aconf = (struct ConfItem *) 0x282df814
        user = (struct User *) 0x28434660
        tmpstr2 = "DÞG\b+", '\0' <repeats 11 times>, 
"DÞG\bÉù¿¿Èø¿¿\024ø-(\200\0\0\0Ðø¿¿Hø¿¿bn&(à÷¿¿\023Ó\a\b|ø¿¿\r\0\0\0\r\0\0\0\0
01\0\0\0>7", '\0' <repeats 26 times>, 
">\0\0\0\001\0\0\0\001\0\0\0$CH\b\004\0\0\0s\0\0\0\b\002ÿÿ\030CH\b\177\0\0\0\0
\0\0\0\220ø¿¿ë\001\0\0>\0\0\0\r\0\0\0\r\0\0\0â\fS@\236¬\003\0À÷¿¿Â÷,( 
\201\0\0\004ÿA(Hø¿¿\031;\a\b BG\bÐø¿¿hø¿¿à\217\005\bÐø¿¿\004ÿA(h"...
        ipaddr = " ÷¿¿\0\0\0\0\0\0\0\0\236¬\003"
        myusername = "\001\0\0\0\0ßG\bHø¿"
        status = 100
        ptr = (struct _dlink_node *) 0x64
        id = 0x28424920 "\004ÿA("
        gecos_buf = 
"\0ßG\b\025\0\0\0\200 at G\bÌ\203\a\b\023Ó\a\b\006\0\0\0Ðø¿¿\006\0\0\0\0ßG\b`XS\b
X÷¿¿å\206\a\b`XS"
        newuser = "\0ßG\b\0¨\b\b(÷¿"
#5  0x284c8ca9 in mr_pong (client_p=0x2841ff04, source_p=0x2841ff04, parc=2, 
parv=0x64) at m_pong.c:134
        buf = "john\0\0\0\0\001\0"
        incoming_ping = 68
#6  0x08065132 in handle_command (mptr=0x284c9e40, client_p=0x2841ff04, 
from=0x2841ff04, i=2, hpara=0x83cb9e0) at parse.c:388
        handler = (void (*)(struct Client *, struct Client *, int, char **)) 
0x2841ff64
#7  0x08064e06 in parse (client_p=0x2841ff04, pbuffer=0x83c79c0 "PONG", 
bufend=0x83c79cf "") at parse.c:301
        from = (struct Client *) 0x2841ff04
        ch = 0x83c79c0 "PONG"
        s = 0x83c79c5 ":799F54DE"
        end = 0x83c79ce ""
        i = 100
        numeric = 0x0
        mptr = (struct Message *) 0x284c9e40
#8  0x0806477e in parse_client_queued (client_p=0x2841ff04) at packet.c:75
        i = 0
        dolen = 100
        checkflood = 1
        lclient_p = (struct LocalUser *) 0x28424920
#9  0x08064b0a in read_packet (fd=21, data=0x2841ff04) at packet.c:424
        client_p = (struct Client *) 0x2841ff04
        lclient_p = (struct LocalUser *) 0x28424920
        length = 2
        lbuf_len = 100
        fd_r = 21
        binary = 1
#10 0x080693a5 in comm_select (delay=21) at s_bsd_poll.c:254
        num = 64
        ci = 24
        hdl = (void (*)(int, void *)) 0x8064a50 <read_packet>
#11 0x0805aebe in io_loop () at ircd.c:316
        delay = 100
#12 0x0805b805 in main (argc=0, argv=0xbfbffb68) at ircd.c:762
No locals.
#13 0x08050685 in _start ()
No symbol table info available.

---------------------------------------------
Server 2 - OpenBSD 3.5-beta

(gdb) bt full
No symbol "full" in current context.
(gdb) bt
#0  0x1c015439 in irccmp (s1=0x8a6b63b3 "d226-45-13.home.cgocable.net", 
s2=0x88a25bc7 <Address 0x88a25bc7 out of bounds>)
    at match.c:383
#1  0x1c0221ca in attach_iline (client_p=0x8a6b6310, aconf=0x3c4d4280) at 
s_conf.c:703
#2  0x1c021f88 in verify_access (client_p=0x44, username=0xcfbeedf0 
"blackice") at s_conf.c:585
#3  0x1c021b08 in check_client (client_p=0x8a6b6310, source_p=0x8a6b6310, 
username=0xcfbeedf0 "blackice") at s_conf.c:396
#4  0x1c028e82 in register_local_user (client_p=0x8a6b6310, 
source_p=0x8a6b6310, nick=0x8a6b6368 "Selket_", 
    username=0xcfbeedf0 "blackice") at s_user.c:349
#5  0xd6f3c6b in mr_pong (client_p=0x8a6b6310, source_p=0xcfbeedf0, parc=2, 
parv=0x44) at m_pong.c:134
#6  0x1c01d37b in handle_command (mptr=0x2d6f40a0, client_p=0x8a6b6310, 
from=0x8a6b6310, i=2, hpara=0x3c3509e0) at parse.c:388
#7  0x1c01d1ba in parse (client_p=0x8a6b6310, pbuffer=0x3c34c9c0 "PONG", 
bufend=0x3c34c9cf "") at parse.c:301
#8  0x1c01ce92 in client_dopacket (client_p=0x8a6b6310, buffer=0x3c34c9c0 
"PONG", length=15) at packet.c:513
#9  0x1c01c833 in parse_client_queued (client_p=0x8a6b6310) at packet.c:75
#10 0x1c01cd63 in read_packet (fd=22, data=0x8a6b6310) at packet.c:424
#11 0x1c02162e in comm_select (delay=500) at s_bsd_poll.c:254
#12 0x1c012da2 in io_loop () at ircd.c:316
#13 0x1c01384e in main (argc=0, argv=0xcfbef024) at ircd.c:762
#14 0x1c008621 in ___start ()
#15 0x1c008597 in _start ()
#16 0xcfbef170 in ?? ()
#17 0x448a6b63 in ?? ()
Cannot access memory at address 0xb3000000.
(gdb) frame 0
#0  0x1c015439 in irccmp (s1=0x8a6b63b3 "d226-45-13.home.cgocable.net", 
s2=0x88a25bc7 <Address 0x88a25bc7 out of bounds>)
    at match.c:383
383             }
(gdb) print s1
$1 = 0x8a6b63b3 "d226-45-13.home.cgocable.net"
(gdb) print s2
$2 = 0x88a25bc7 <Address 0x88a25bc7 out of bounds>

----------------------------------------------
Server 3 - OpenBSD 3.3

(gdb) bt full
No symbol "full" in current context.
(gdb) bt
#0  0x107d5 in irccmp (s1=0x40369537 "d226-45-13.home.cgocable.net", 
s2=0x40484fff <Address 0x40484fff out of bounds>)
    at match.c:383
#1  0x22e4d in attach_iline (client_p=0x40369494, aconf=0x42e500) at s_conf.c:
703
#2  0x22c14 in verify_access (client_p=0x44, username=0xcfbfd878 "john") at 
s_conf.c:585
#3  0x22710 in check_client (client_p=0x40369494, source_p=0x40369494, 
username=0xcfbfd878 "john") at s_conf.c:396
#4  0x2b75a in register_local_user (client_p=0x40369494, source_p=0x40369494, 
nick=0x403694ec "Selket_", 
    username=0xcfbfd878 "john") at s_user.c:349
#5  0x4040d2cf in mr_pong (client_p=0x40369494, source_p=0xcfbfd878, parc=2, 
parv=0x44) at m_pong.c:134
#6  0x1ce1b in handle_command (mptr=0x4040e0e0, client_p=0x40369494, 
from=0x40369494, i=2, hpara=0x384360) at parse.c:388
#7  0x1cb76 in parse (client_p=0x40369494, pbuffer=0x380358 "PONG", 
bufend=0x380367 "") at parse.c:301
#8  0x1c7ca in client_dopacket (client_p=0x40369494, buffer=0x380358 "PONG", 
length=15) at packet.c:513
#9  0x1c15f in parse_client_queued (client_p=0x40369494) at packet.c:75
#10 0x1c697 in read_packet (fd=21, data=0x40369494) at packet.c:424
#11 0x21e9b in comm_select (delay=500) at s_bsd_poll.c:254
#12 0xd859 in io_loop () at ircd.c:316
#13 0xe978 in main (argc=0, argv=0xcfbfda90) at ircd.c:762
(gdb) frame 0
#0  0x107d5 in irccmp (s1=0x40369537 "d226-45-13.home.cgocable.net", 
s2=0x40484fff <Address 0x40484fff out of bounds>)
    at match.c:383
383             }
(gdb) print s1
$1 = 0x40369537 "d226-45-13.home.cgocable.net"
(gdb) print s2
$2 = 0x40484fff <Address 0x40484fff out of bounds>


Other server is on Solaris and I'm not sure how to get the same info from it.  


More information about the ircd-ratbox mailing list