[IRCServices Coding] CORE DUMPED! BUG!
Diego B. Contezini
diego at redesul.net
Tue Nov 4 16:43:45 PST 2003
I found a bug (occuring on the old-last vesion of ircservices -
ircservices-5.0.22 services.redesul.net build #2, compiled Thu Sep 18
18:41:36 BRT 2003)
yes, 5.0.23 is the last.. but nothing has changed about the bug...
here is the debugging:
ChanServ at services.redesul.net :op #manaus paulinhu-dissi-q-mi-ama
[Oct 18 16:05:31.152195 2003] debug: Sent: :ChanServ NOTICE
paulinhu-dissi-q-mi-ama :Permission denied.
[Oct 18 16:05:31.152274 2003] debug: Received: :pRiCkLy SJOIN 1066501295
#Euevc
[Oct 18 16:05:31.152353 2003] protocol/bahamut: debug: pRiCkLy SJOINs #Euevc
[Oct 18 16:05:31.152490 2003] debug: Sent: :ChanServ MODE #EUeVC +o pRiCkLy
[Oct 18 16:05:31.269153 2003] debug: Received: :Hellskitty PRIVMSG
ChanServ at services.redesul.net :unban #EMOCORE
[Oct 18 16:05:31.269425 2003] debug: Sent: :ChanServ NOTICE Hellskitty
:Permission denied.
[Oct 18 16:05:31.288596 2003] debug: Received: :|-Frango-| MODE #EMOCORE
+stmipl 1
[Oct 18 16:05:31.288768 2003] debug: Received: :|-Frango-| TOPIC #EMOCORE
|-Frango-| 1066460927 :TakeOver by 14,1 -15=0[ 14He15l0lR15ai14ser 0]15=14-
S15c0ri15p14t 15v3.8
[Oct 18 16:05:31.288944 2003] debug: Sent: :ChanServ TOPIC #EMOCORE reffer
1066055037 :1i?? Festival HARDcoCOREcore dia 25 de outubro em blumenau no
rio bravo bar (proximo a resima agua verde), com as bandas: Zero Ltda
(curitiba), Swallow the Waffle (bc), chymia(bnu), crazy frogs (lages),
surpise set e slipper (bnu)...3 pila entrada inicio as 15:00 horas'
[Oct 18 16:05:31.289032 2003] debug: Received: :|-Frango-| MODE
#EMOCORE -oooooo CHoPP CbRS-oFF caroll BRYAN brunaH balsanelli
Segmentation fault (core dumped)
Debugging my core... i can found:
#0 0x0804d830 in add_mode_with_params (md=0x806aa00, mode=111 'o',
is_add=1, params=1, parambuf=0xbfffe280 "balsanelli",
len=10) at actions.c:568
568 md->params[md->nopmodes][len] = 0;
(gdb) bt'
#0 0x0804d830 in add_mode_with_params (md=0x806aa00, mode=111 'o',
is_add=1, params=1, parambuf=0xbfffe280 "balsanelli",
len=10) at actions.c:568
s = 0x806aa3e ""
#1 0x0804d342 in set_cmode (sender=0x81db058 "ChanServ", channel=0xa905d00)
at actions.c:446
parambuf =
"balsanelli\000\b\025\225\002BWi??\022B\024\032\023Bi??i??i??i??\000\000\000
\000\034 \006\bi??i??i??i??hi??i??i??i??i??i??i??\025\224\004B\034
\006\b\000\000\000\000i??m\tBdi??\022Bi??q\a\b\000\000\000\000eR :\0037[
\0034#\003di??\022B\000\000\000\000i??\037\006\bi??\037\006\bi??i??i??i??$i?
?\006Bi??i??i??i??\bi??i??i??\000\000\000\000Hi??i??i??\025\224\004B@\002\a\
b8i??i??i??6\020\aBpi??i??i??@i??\006\b@\002\a\b\000\000\000\000i??<\023BLi?
?i??i??=S\004B\024\032\023B\001\020\000\000 at i??\006\bhi??i??i??\204i??\006Bp
i??i??i??i??\037\006\b"...
len = 10
flag = 1
params = 1
is_chanuser = 1
args = 0xbfffe6d0 "RDcoCOREcorei??i??i??i??o"
modes = 0xbfffeae2 ""
modes_orig = 0xbfffeae0 "+o"
md = (struct modedata *) 0x806aa00
which = 0
add = 1
i = 1
c = 111 'o'
#2 0x400895ff in local_set_cumodes (c=0xa905d00, plusminus=43 '+', modes=1,
nick=0xab7f2e8 "balsanelli") at check.c:432
buf = "+o"
modestr = "o\000\000 de outubro em blumenau no rio bravo bar
(proximo a resima agua verde), com as bandas: Zero
L\v\000\000\000(curitiba), \000\000\000\000low the Waff\000\000\000\000bc),
chymia(bnu), crazy frogs (lages), surpise set e slipper (bnu).."...
s = 0xbfffe6e1 ""
#3 0x40088d74 in check_chan_user_modes (source=0xbfffeed0 "|-Frango-|",
u=0xab34ff0, c=0xa905d00, oldmodes=1)
at check.c:214
user = (User *) 0xab7f2d8
ci = (ChannelInfo *) 0xa571940
modes = 0
is_servermode = 0
res = 1
#4 0x400820ed in do_channel_umode_change (source=0xbfffeed0 "|-Frango-|",
c=0xa905d00, u=0xab34ff0, oldmodes=1)
at main.c:354
No locals.
#5 0x0805890d in call_callback_5 (module=0x806a5c0, id=23, arg1=0xbfffeed0,
arg2=0xa905d00, arg3=0xab34ff0, arg4=0x1,
arg5=0x0) at modules.c:666
cl = (CallbackList *) 0x8077cb8
res = 0
i = 0
#6 0x0804edc8 in do_cumode (source=0xbfffeed0 "|-Frango-|", chan=0xa905d00,
flag=1, add=0, nick=0xbfffecc9 "balsanelli")
---Type <return> to continue, or q <return> to quit---
at channels.c:409
u = (struct c_userlist *) 0xab34ff0
user = (User *) 0xab7f2d8
oldmode = 1
#7 0x0804e97e in do_cmode (source=0xbfffeed0 "|-Frango-|", ac=0,
av=0xa853130) at channels.c:302
modechar = 111 'o'
flag = 1
params = -1073746288
chan = (Channel *) 0xa905d00
s = 0xbfffeca5 ""
add = 0
modestr = 0xbfffec9e "-oooooo"
#8 0x080557ff in m_mode (source=0xbfffeed0 "|-Frango-|", ac=8,
av=0xa853110) at messages.c:101
No locals.
#9 0x0805920e in process () at process.c:133
m = (Message *) 0x8067dd8
source =
"|-Frango-|\000\000G\000\000\000Y\e\205\n\t+\205\n\bi??i??i??i??i??\005\b at j\
a\b\000\004\000\000i??\032\205\n\t\000\000\000 at j\a\b\216j\a\b(i??i??i??qP\00
5\b"
cmd =
"MODE\000\000\000i??8i??i??i??i??\005\b\000\000\000\000i??i??i??i??\000\000\
000\000\000\000\000\000\001H\000\000Pi??i??i??\000Y\a\bVi??\005\b\207j\a\bP\
e\205\n\t\000\000\000i??i??\005\b"
buf =
"MODE\000#EMOCORE\000-oooooo\000CHoPP\000CbRS-oFF\000caroll\000BRYAN\000brun
aH\000balsanelli\000 balsanelli\000\000ai\00314ser \0030]\00315=\00314-
S\00315c\0030ri\00315p\00314t \00315\037v\0373.8 \003\000\00315\037v\0373.8
\003\000\000\0003)\000\0006\037\002Pi??Ti??\00313\037\002]\037\002\0036i??i?
? \000i??Ti??\00313\037\002]\037\002\0036i??i?? \000\000\003\000\000r
\003", '\0' <repeats 11 times>...
s = 0xbfffec95 "#EMOCORE"
ac = 8
av = (char **) 0xa853110
#10 0x0805507d in readline_callback (s=0xa851ae0, param_unused=0x50) at
main.c:177
No locals.
#11 0x0805b617 in check_sockets () at sockets.c:491
newline = 0xa851b58 "\nrct-sc.br irc.creativenet.com.br 0 3364349034
:aNiNhHa[du]DoNaTeLo\n:Toh_Pensanu PART #ilheus\n:_LoKo_SuL_ SJOIN
1063565447 #elias\n:_MoRgAnA_ PRIVMSG NickServ at services.redesul.net :set
nomemo off\n:irc."...
left = 80
newleft = 80
rfds = {fds_bits = {16, 0 <repeats 31 times>}}
wfds = {fds_bits = {0 <repeats 32 times>}}
tv = {tv_sec = 2, tv_usec = 980000}
i = 4
res = 260
s = (Socket *) 0xa851ae0
s2 = (Socket *) 0x0
#12 0x0805538a in main (ac=3, av=0xbffff164, envp=0xbffff174) at main.c:266
---Type <return> to continue, or q <return> to quit---
now = 1066500331
now_msec = 1348441861
last_update = 1066500208
last_check = 1348441182
#13 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6
No symbol table info available.
(gdb) info registers
eax 0xd6b2bf8a -692928630
ecx 0x806aa00 134654464
edx 0x656e6173 1701732723
ebx 0x42131a14 1108548116
esp 0xbfffd910 0xbfffd910
ebp 0xbfffe238 0xbfffe238
esi 0x8075900 134699264
edi 0xbffff050 -1073745840
eip 0x804d830 0x804d830
eflags 0x10282 66178
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x33 51
(gdb)
root at irc(/home/ircadmin/services/lib)# ls -la core.12631
-rw------- 1 ircadmin ircadmin 47374336 Oct 18 16:05 core.12631
root at irc(/home/ircadmin/services)# ldd ircservices
libdl.so.2 => /lib/libdl.so.2 (0x4001e000)
libc.so.6 => /lib/tls/libc.so.6 (0x42000000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
root at irc(/home/ircadmin/services)# uname -a
Linux XXXXXX.xyz.0xdeadbeef 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686
i686 i386 GNU/Linux
root at irc(/home/ircadmin/services)# cat /etc/redhat-release
Red Hat Linux release 9 (Shrike)
root at irc(/home/ircadmin/services)# cat /proc/cpuinfo
...
model name : Pentium III (Coppermine)
stepping : 10
cpu MHz : 999.752
cache size : 256 KB
...
root at irc(/home/ircadmin/services)# free
total used free shared buffers cached
Mem: 513792 482248 31544 0 69492 274980
I changed version of linux, runned it on 3 different machines, on
slackware/redhat, pentiumIII, K5, P200.
This bug is as older as i run services... dont know if its the same of the
4.X (that i changed to 5.X to "solve" this bug), but from 5.12 to now, it
continue happening... aways...
Dont have a exactly time to happen, its insane... i think that its a
coincidence of some commands that on the memory ends fucking some variable.
if you want look the incidence, here its:
root at irc(/home/ircadmin/services/lib)# ls -la core*
-rw------- 1 ircadmin ircadmin 49025024 Oct 5 19:32 core.27214
-rw------- 1 ircadmin ircadmin 45932544 Oct 5 21:01 core.14414
-rw------- 1 ircadmin ircadmin 46948352 Oct 6 14:00 core.18016
-rw------- 1 ircadmin ircadmin 45936640 Oct 11 04:30 core.1347
-rw------- 1 ircadmin ircadmin 50479104 Oct 14 01:29 core.16481
-rw------- 1 ircadmin ircadmin 44982272 Oct 15 13:54 core.22332
-rw------- 1 ircadmin ircadmin 47374336 Oct 18 16:05 core.12631
-rw------- 1 ircadmin ircadmin 48099328 Oct 19 14:16 core.5362
-rw------- 1 ircadmin ircadmin 44863488 Oct 19 14:22 core.32708
-rw------- 1 ircadmin ircadmin 45355008 Nov 1 15:13 core.28309
-rw------- 1 ircadmin ircadmin 50360320 Nov 3 18:24 core.5160
If it helps, here is the debugging of the last two cores, on gdb:
----------------
FIRST:
#0 0x0804e8bf in do_cmode (source=0x806aa08 "ChanServ", ac=-1,
av=0xbfffdc38)
at channels.c:278
278 while (*s) {
(gdb) bt'
#0 0x0804e8bf in do_cmode (source=0x806aa08 "ChanServ", ac=-1,
av=0xbfffdc38)
at channels.c:278
chan = (Channel *) 0xa87d1e0
s = 0x1f73746f <Address 0x1f73746f out of bounds>
add = 1
modestr = 0x1f73746f <Address 0x1f73746f out of bounds>
#1 0x0804dc8e in flush_cmode (md=0x806aa00, clear=1) at actions.c:680
buf = "-imsl\000HA___\000\000\000\000\000W
\022B\000\000\000L\000\000\000\000\000y\000nossaTZ\000\000\000\000\000\000yy
yyA<\023B\001\000\000\000\bYy?Om\tBd
\022BDq\a\bOUy?NO\006B\210o\a\b3\035\rB\024\032\023BAa\006B\003\000\000\000a
Yy?\027\000\000\000\024\032\023B\024\032\023BTZ\000\000\004\000\000\000\005\
000\000\000\210o\a\baYy?\030Yy?NO\006B\210o\a\baYy?\027\000\000\000$u\006B\2
10o\a\bIo\a\b\vO\006B\024\032\023B\024\032\023B@\002\a\bHYy?$u\006B\200Yy?@o
\006\b"...
s = 0xbfffdc60 "-imsl"
argv = {0xa87d1e8 "#soad",
0x1f73746f <Address 0x1f73746f out of bounds>,
0x5303200f <Address 0x5303200f out of bounds>,
0x6c6c6568 <Address 0x6c6c6568 out of bounds>,
0x4323203a <Address 0x4323203a out of bounds>,
0x65746e65 <Address 0x65746e65 out of bounds>,
0x65685372 <Address 0x65685372 out of bounds>,
0x52426c6c <Address 0x52426c6c out of bounds>}
len = 5
---Type <return> to continue, or q <return> to quit---
i = 0
lastc = 45 '-'
#2 0x0804cebd in set_cmode (sender=0x0, channel=0x0) at actions.c:321
args = 0x0
modes = 0x0
modes_orig = 0x0
md = (struct modedata *) 0x0
which = -1
add = 0
i = 0
c = 0 '\0'
#3 0x080553a3 in main (ac=1, av=0xbfffe574, envp=0xbfffe57c) at main.c:269
now = 1067891066
now_msec = -1555790286
last_update = 1067890538
last_check = 2739174210
#4 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6
No symbol table info available.
-----------
SECOND:
#0 0x0804e8bf in do_cmode (source=0x806aa08 "ChanServ", ac=-1,
av=0xbffff2b8)
at channels.c:278
278 while (*s) {
(gdb) bt'
#0 0x0804e8bf in do_cmode (source=0x806aa08 "ChanServ", ac=-1,
av=0xbffff2b8)
at channels.c:278
chan = (Channel *) 0xa9be840
s = 0xbf000000 <Address 0xbf000000 out of bounds>
add = 1
modestr = 0xbf000000 <Address 0xbf000000 out of bounds>
#1 0x0804dc8e in flush_cmode (md=0x806aa00, clear=1) at actions.c:680
buf = "-imsl\000\a\b\000len\000\000\000\000W
\022B3\035\rB\024\032\023BAa\006B\003\000\000\000
oy?\027\000\000\000yyyyA<\023BTZ\000\000\004\000\000\000\005\000\000\000\210
o\a\b oy?Xoy?NO\006B\210o\a\b
oy?\027\000\000\000$u\006B\210o\a\bIo\a\b\vO\006B\024\032\023B\024\032\023B@
\002\a\b\210oy?$u\006BAoy?@o\006\b@\002\a\b\000\000\000\000\024\032\023B@\00
2\a\b¨oy?6\020\aBaoy?@o\006\b@\002\a\b\000\000\000\000Aoy?I\037\006\b=S\004B
\024\032\023B\001\020\000\000 at o\006\b"...
s = 0xbffff2e0 "-imsl"
argv = {0xa9be848 "#zoera",
0xbf000000 <Address 0xbf000000 out of bounds>, 0x0,
0x806f240 "ircservices.log", 0x806f240 "ircservices.log",
0x5a54 <Address 0x5a54 out of bounds>, 0x0,
0xffffffff <Address 0xffffffff out of bounds>}
len = 5
i = 0
lastc = 45 '-'
#2 0x0804cebd in set_cmode (sender=0x0, channel=0x0) at actions.c:321
---Type <return> to continue, or q <return> to quit---
args = 0x0
modes = 0x0
modes_orig = 0x0
md = (struct modedata *) 0x0
which = -1
add = 0
i = 0
c = 0 '\0'
#3 0x080553a3 in main (ac=1, av=0xbffffbf4, envp=0xbffffbfc) at main.c:269
now = 1067706795
now_msec = -1740061222
last_update = 1067706282
last_check = 2554904000
#4 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6
No symbol table info available.
(gdb)
-------
Im running it more a time on Screen to can get exactly where occur the bug
(with -nofork -debug), to look for more examples of commands that causes
this bug...
if have something (more) that i can to add/do to helps on debugging, please,
tell me.. i have the core (i cant send it, for secure reasons... have all my
db on the core... ), but im open to helps anytime anywhere... with
anything....
Thanks for all development, this is really a bealtifull software...
(and sorry for my bad english)
Diego B. Contezini aka destruct_ #irc.redesul.net