View Issue Details

IDProjectCategoryView StatusLast Update
0002032unrealircdpublic2004-10-16 19:50
ReporterGilou Assigned Tosyzop  
PrioritynormalSeveritycrashReproducibilityhave not tried
Status resolvedResolutionfixed 
PlatformPentium 2.8 GhzOSLinux DebianOS Versionstable
Product Version3.2.1 
Fixed in Version3.2.2 
Summary0002032: Weird crash, maybe parse again, or something else ..
DescriptionStill the same thing, just running normally .. and crashed
Additional Information(gdb) bt
#0 0x400e3f79 in free () from /lib/libc.so.6
#1 0x080a6c74 in add_history (cptr=0x8476bb0, online=0) at whowas.c:59
#2 0x0807b86e in remove_client_from_list (cptr=0x8476bb0) at list.c:310
#3 0x08098126 in exit_one_client (cptr=0x821d2f8, sptr=0x8476bb0,
    from=0x8476bb0, comment=0x821d3e8 "Quit: ", split=0) at s_misc.c:762
#4 0x08097ed3 in exit_client (cptr=0x821d2f8, sptr=0x8476bb0, from=0x8476bb0,
    comment=0x821d3e8 "Quit: ") at s_misc.c:634
#5 0x401be5ef in ?? ()
#6 0x0807f063 in parse (cptr=0x821d2f8, buffer=0x821d3dc ":Shura09 ,",
    bufend=0x821d3ee "") at parse.c:440
#7 0x0807de68 in dopacket (cptr=0x821d2f8,
    buffer=0x81dea80 ":Shura09 , :Quit: \r\n8ans :Les MAJUSCULES, les ASCII, le gras et le souligné sont interdits !\r\neggs.botstats.com\r\n:Gaia H #amusemen BotStats18 :001\r\nwanadoo.fr 3 0 +x * UfjYFg== :Utilisateur de http://"...,
    length=20) at packet.c:138
0000008 0x0808414f in read_packet (cptr=0x821d2f8, rfd=0xbffffc98) at s_bsd.c:1447
#9 0x08084a21 in read_message (delay=2, listp=0x81f9a00) at s_bsd.c:1937
#10 0x0807ace1 in main (argc=1, argv=0xbffffdb4) at ircd.c:1548
TagsNo tags attached.
3rd party modules

Relationships

related to 0001883 closed Another weird crash 

Activities

Gilou

2004-08-20 10:58

reporter   ~0007408

Similar crash on another serv (Celeron 500 Mhz, running Debian)
(gdb) bt
#0 0x401b7a3b in free () from /lib/libc.so.6
#1 0x08090344 in add_history (cptr=0x8508cf0, online=0) at whowas.c:59
#2 0x08064f3e in remove_client_from_list (cptr=0x8508cf0) at list.c:310
#3 0x080817f6 in exit_one_client (cptr=0x81a2878, sptr=0x8508cf0,
    from=0x8508cf0, comment=0x81a2965 "Eric", split=0) at s_misc.c:762
#4 0x080815a3 in exit_client (cptr=0x81a2878, sptr=0x8508cf0, from=0x8508cf0,
    comment=0x81a2965 "Eric") at s_misc.c:634
#5 0x4027e58f in ?? ()
#6 0x08068733 in parse (cptr=0x81a2878, buffer=0x81a295c ":eric ,",
    bufend=0x81a2969 "") at parse.c:440
#7 0x08067538 in dopacket (cptr=0x81a2878,
    buffer=0x8140980 ":olympe.epiknet.org n MaitreDragon +d 1\r\n:eric , :Eric\r\n", length=56) at packet.c:138
0000008 0x0806d81f in read_packet (cptr=0x81a2878, rfd=0xbffffd2c) at s_bsd.c:1447
#9 0x0806e0f1 in read_message (delay=1, listp=0x8154fe0) at s_bsd.c:1937
#10 0x08064308 in main (argc=1, argv=0xbffffe74) at ircd.c:1529

m339

2004-09-22 15:41

reporter   ~0007765

Similar free()

#0 0x402039f9 in free () from /lib/libc.so.6
(gdb) bt
#0 0x402039f9 in free () from /lib/libc.so.6
#1 0x0805c062 in sub1_from_channel (chptr=0x80017c0) at channel.c:3729
#2 0x08083fd7 in exit_one_client (cptr=0x828de28, sptr=0x828de28, from=0x828de28,
    comment=0x4030c9a0 "Quit: ][ <= iCon ScripT=> ][ Version 4.0 ][ to be a BeautiFuL ScRipts is Very Diff. ][ DownLoad: *****//i.am/iConOnLine ][ ", split=0) at s_misc.c:804
#3 0x080837f3 in exit_client (cptr=0x828de28, sptr=0x828de28, from=0x828de28,
    comment=0x4030c9a0 "Quit: ][ <= iCon ScripT=> ][ Version 4.0 ][ to be a BeautiFuL ScRipts is Very Diff. ][ DownLoad: *****//i.am/iConOnLine ][ ") at s_misc.c:703

m339

2004-09-22 16:04

reporter   ~0007766

#1 0x0805c062 in sub1_from_channel (chptr=0x80017c0) at channel.c:3729
3729 MyFree(chptr->topic_nick);
(gdb) up
#2 0x08083fd7 in exit_one_client (cptr=0x828de28, sptr=0x828de28, from=0x828de28,
    comment=0x4030c9a0 "Quit: ][ <= iCon ScripT=> ][ Version 4.0 ][ to be a BeautiFuL ScRipts is Very Diff. ][ DownLoad: *****//i.am/iConOnLine ][ ", split=0) at s_misc.c:804
804 remove_user_from_channel(sptr, mp->chptr);
(gdb) up
#3 0x080837f3 in exit_client (cptr=0x828de28, sptr=0x828de28, from=0x828de28,
    comment=0x4030c9a0 "Quit: ][ <= iCon ScripT=> ][ Version 4.0 ][ to be a BeautiFuL ScRipts is Very Diff. ][ DownLoad: *****//i.am/iConOnLine ][ ") at s_misc.c:703
703 exit_one_client(cptr, sptr, from, comment, recurse);

codemastr

2004-09-22 19:43

reporter   ~0007767

m339, I don't see any relation between these two bugs. Why exactly did you decide to post that here?

al5001

2004-09-23 04:48

reporter   ~0007768

What modules have you loaded? Have you modified the IRCd in any way?

syzop

2004-09-23 15:02

administrator   ~0007770

Gilou: what's the current status on this?
I don't know if my comments (via codemastr) came trough, but.. last thing I saw coming by was some mpatrol output with quite some unresolved symbols [shown as '???'], my reply at that was to use an mpatrol patch for this which would provide meaningful output [http://www.cbmamiga.demon.co.uk/mpatrol/, patch2, apply & recompile/reinstall mpatrol and make clean; make @ unreal]
[note that with this patch the ircd shouldn't be /rehash'ed since that often causes a crash]
Or perhaps this bug was already solved? Or are you working on it codemastr?
I've no idea, it seems most communication went outside bugs* so I couldn't track what's going on ;)
As you know, I've been "ill" for over a month, but I'm able to debug now.

m339

2004-09-23 18:46

reporter   ~0007772

Where is the patch? URL?

syzop

2004-09-23 18:54

administrator   ~0007773

Last edited: 2004-09-23 19:16

China is an interesting country indeed.

[in other words: "huh??"]

edited on: 2004-09-23 19:16

syzop

2004-09-26 19:58

administrator   ~0007803

Could whoever is experiencing this bug (Gilou.. m339) keep us up to date etc?
I mean, if nobody is cooperating/responding, there's little we can do...
Furthermore, that kinda makes us feel like you don't care much / it isn't important.
Thanks.

m339

2004-09-27 15:05

reporter   ~0007808

I asked where could i download mpatrol patch for unreal so i would examine but nobody considered.

syzop

2004-09-27 18:26

administrator   ~0007809

The url was mentioned, along with the instructions on what to do... go to http://www.cbmamiga.demon.co.uk/mpatrol/ and download patch 2. Also, please re-read the comment(s) again, since you obviously didn't, else we'll probably have trouble later (like: if you forget to recompile).

syzop

2004-09-29 16:53

administrator   ~0007824

Just FYI Gilou: I've reset your password, so you should receive a new password on your gilou at epiknet d-o-t org email.

syzop

2004-10-08 03:49

administrator   ~0007906

Ok, that was like 10 days ago..
I wonder what you guys are doing over there... All I asked was to install 1 library with a full tutorial/howto on how to do that (ok, except for applying a patch.. but that's like 1 command).
I didn't ask anyone to actually trace down the bug or spent hours/days/weeks on reading the source, that's what we (unreal coders) are for ;).
So, let us know any results.

Really, the longer you wait, the more releases you will have with your bug in it (assuming that it is indeed a real bug). You can't really blame us that we aren't willing to help you out, I've been ready for interpreting any results for over 2 weeks now!

Gilou

2004-10-08 07:10

reporter   ~0007913

Last edited: 2004-10-08 07:39

Hey ... I've been waiting a long time before being able to have those kind of answers, now I'm a bit busy, and things have changed, so I'll work with you when I'll have time to ... Anyway, we're getting used to those crashes you know, that'll be ... 3 months that we have the problem, so we're not that in a hurry ...
I'll contact you when I'm ok, or someone of my team is ...

Thanks for answering anyway

edited on: 2004-10-08 07:39

Gilou

2004-10-09 12:41

reporter   ~0007930

Here is the "nice output" (mpatrol log then sent to mpsym) of a crash we have by running a "test" Unreal3.2 with mpatrol at link time to our network :

    0x0D65FFF0 (16 bytes) {malloc:7544:0} [MyMallocEx|support.c|1667]
0x0808E81D MyMallocEx+45 at support.c:1667
0x08073527 _conf_oper+771 at s_conf.c:3032
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D662FEC (20 bytes) {strdup:7545:0} [_conf_oper|s_conf.c|3033] (char x 20)
0x08073581 _conf_oper+861 at s_conf.c:3033
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D665FBC (68 bytes) {malloc:7546:0} [MyMallocEx|support.c|1667]
0x0808E81D MyMallocEx+45 at support.c:1667
0x0807762A _conf_link+22 at s_conf.c:5282
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D668FEC (20 bytes) {strdup:7547:0} [_conf_link|s_conf.c|5283] (char x 20)
0x0807764D _conf_link+57 at s_conf.c:5283
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D66BFFE (2 bytes) {strdup:7548:0} [_conf_link|s_conf.c|5285] (char x 2)
0x08077689 _conf_link+117 at s_conf.c:5285
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D66EFF1 (15 bytes) {strdup:7549:0} [_conf_link|s_conf.c|5286] (char x 15)
0x080776C5 _conf_link+177 at s_conf.c:5286
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D671FFE (2 bytes) {strdup:7550:0} [_conf_link|s_conf.c|5287] (char x 2)
0x08077701 _conf_link+237 at s_conf.c:5287
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D674FF8 (8 bytes) {malloc:7551:0} [Auth_ConvertConf2AuthStruct|auth.c|162]
0x08054E09 Auth_ConvertConf2AuthStruct+77 at auth.c:162
0x0807774E _conf_link+314 at s_conf.c:5289
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D677FF6 (10 bytes) {strdup:7552:0} [Auth_ConvertConf2AuthStruct|auth.c|163] (char x 10)
0x08054E2E Auth_ConvertConf2AuthStruct+114 at auth.c:163
0x0807774E _conf_link+314 at s_conf.c:5289
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D67AFF6 (10 bytes) {strdup:7553:0} [_conf_link|s_conf.c|5290] (char x 10)
0x0807778A _conf_link+374 at s_conf.c:5290
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D67DFF2 (14 bytes) {strdup:7554:0} [_conf_link|s_conf.c|5323] (char x 14)
0x080778CA _conf_link+694 at s_conf.c:5323
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D680FF0 (16 bytes) {malloc:7555:0} [MyMallocEx|support.c|1667]
0x0808E81D MyMallocEx+45 at support.c:1667
0x0807403A _conf_ulines+74 at s_conf.c:3471
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D683FED (19 bytes) {strdup:7556:0} [_conf_ulines|s_conf.c|3472] (char x 19)
0x0807408B _conf_ulines+155 at s_conf.c:3472
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D686FF0 (16 bytes) {malloc:7557:0} [MyMallocEx|support.c|1667]
0x0808E81D MyMallocEx+45 at support.c:1667
0x0807403A _conf_ulines+74 at s_conf.c:3471
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D689FEE (18 bytes) {strdup:7558:0} [_conf_ulines|s_conf.c|3472] (char x 18)
0x0807408B _conf_ulines+155 at s_conf.c:3472
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D68CFF0 (16 bytes) {malloc:7559:0} [MyMallocEx|support.c|1667]
0x0808E81D MyMallocEx+45 at support.c:1667
0x0807403A _conf_ulines+74 at s_conf.c:3471
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

    0x0D68FFEB (21 bytes) {strdup:7560:0} [_conf_ulines|s_conf.c|3472] (char x 21)
0x0807408B _conf_ulines+155 at s_conf.c:3472
0x08071D52 config_run+102 at s_conf.c:2087
0x080703E0 init_conf+280 at s_conf.c:1565
0x08062C04 main+1452 at ircd.c:1245
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105
system page size: 4096 bytes
default alignment: 4 bytes
overflow size: 4096 bytes
overflow byte: 0xAA
allocation byte: 0xFF
free byte: 0x55
allocation stop: 0
reallocation stop: 0
free stop: 0
unfreed abort: 0
small boundary: 32 bytes
medium boundary: 256 bytes
large boundary: 2048 bytes
lower check range: 0
upper check range: 0
check frequency: 1
failure frequency: 0
failure seed: 1097320012
prologue function: <unset>
epilogue function: <unset>
handler function: <unset>
log file: mpatrol.log
profiling file: mpatrol.out
tracing file: mpatrol.trace
program filename: /home/ircd/test/ircd
symbols read: 5559
autosave count: 0
freed queue size: 200
allocation count: 39278
allocation peak: 32746 (1735091 bytes)
allocation limit: 0 bytes
allocated blocks: 32746 (1735091 bytes)
marked blocks: 0 (0 bytes)
freed blocks: 200 (6345 bytes)
free blocks: 11 (69632 bytes)
internal blocks: 659 (10797056 bytes)
total heap usage: 415707136 bytes
total compared: 92 bytes
total located: 6 bytes
total copied: 587646 bytes
total set: 3055448 bytes
total warnings: 9
total errors: 0

ERROR: [ILLMEM]: illegal memory access at address 0x00000004
    0x00000004 not in heap

    call stack
0x08056B1D add_user_to_channel+29 at channel.c:684
0x40363AED ???
0x08067C73 parse+1515 at parse.c:440
0x08066948 dopacket+296 at packet.c:138
0x0806D0CF read_packet+479 at s_bsd.c:1443
0x0806D96B read_message+1959 at s_bsd.c:1933
0x08063368 main+3344 at ircd.c:1530
0x40107DC6 __libc_start_main+198
0x08054C11 _start+33 at ../sysdeps/i386/elf/start.S:105

gdb backtrace won't be really helpful :
Core was generated by `/home/ircd/test/ircd'.
Program terminated with signal 6, Aborted.
#0 0x4011b571 in ?? ()


This was running on a test server, with no memory faults nor any other hardware problems, and it has a 2.8 Ghz Intel processor and 1 GB RAM ...

syzop

2004-10-09 15:30

administrator   ~0007931

Odd, is that with the patched mpatrol + all instructions followed? ;)
Anyway, could you somewhere upload or mail (zipped) the following files:
- src/ircd
- src/modules/commands.so
- the core file
- the mpatrol log file
Also, you said this is Unreal3.2?
- Unmodified, no 3rd party mods I presume? ;p
- With what options compiled? ssl? zip? ipv6?
Thanks.

Gilou

2004-10-09 23:16

reporter   ~0007934

This happens using a recent mpatrol, with the patch n°2 as you asked.
It's a vanilla version, just tar'ed out of your files, and it's compiled with no special features (no ssl, no zip, no ipv6, no remote includes).

I'll let you know how to retrieve what you asked for.

syzop

2004-10-10 00:19

administrator   ~0007938

Hm, I see what you mean now. The core file seems corrupt indeed.
Could you check:
- if you haven't reached your quota limit on the machine? ('quota'.. although you probably would have noticed it ;p)
- could you paste the output of 'ulimit -a', 'ulimit -a -H' and 'ulimit -c'?
Thanks.

Gilou

2004-10-10 07:45

reporter   ~0007941

Please ...
There are NO quota on the computer ...
and ulimit won't be helpful, limits are "defaults"...
$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 7168
virtual memory (kbytes, -v) unlimited
$ ulimit -a -H
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) 7168
virtual memory (kbytes, -v) unlimited

aquanight

2004-10-10 15:16

reporter   ~0007942

Last edited: 2004-10-10 15:17

>$ ulimit -a
>core file size (blocks, -c) 0

Hm... doesn't that need to be, well, not 0? :P

edited on: 2004-10-10 15:17

syzop

2004-10-10 15:34

administrator   ~0007943

Why do you have to be so rude all the time?
If someone from an opensource project is trying to help you out, then you usually shouldn't go annoy them and be arrogant and such things.
I try to put these things aside, but I must admit I'm not good at that. If it keeps going on you shouldn't be surprised if suddenly all help dissapeared.

Anyway, the core (and mpatrol stuff) is pretty much useless... Nearly all data in the core is 0x00 which cannot not be true (whole &me is 0x00, same for IRCstats, clientTable, local, etc)... so it's clearly corrupt, my thoughts were you had hit your hard core size limit, but apperantly that's not the case.. Well, whatever it is.. we cannot debug now.
The only alternative I can think of is attaching a gdb right from the start.
--
gdb src/ircd
handle SIGPIPE nostop noprint
c
--
Probably best to put that into a 'screen' or something since it will have to sit like that till it crashes.
Then, when the irc crashes (note: it will hang instead of disconnect your users), you can do things like:
--
bt
bt full
p *sptr
p *cptr
frame 1
p *sptr
p *cptr
[whatever]
--
But obviously this is a very imperfect solution since you would have to print any valuable data immediately and while doing that you cannot start a new ircd and all your users will hang, etc... (unless of course, this is ok, then just leave the gdb around to wait for further instructions or so I can logon, whatever..).
Still, if you somehow manage to trace why that box isn't producing proper core files and are able to fix that, then that's even better ;).

You said this was a test server. Were there any clients connected? Was it linked to your network? Basically... what kind of traffic did the server get? (local/global)

And another one.. do all servers of your network have this problem? Or some don't? [since you reported like xx bugs and changed names it's hard to find your whole bug-history back]

Gilou

2004-10-10 15:44

reporter   ~0007944

Yeah maybe ;)
Strange ... it may have been changed at a moment I wasn't looking at it as I had not corrupted cores on it, let me test with something with more sense...

Gilou

2004-10-11 23:37

reporter   ~0007977

All our servers randomly crash, for a reason we haven't find, that's a fact.
So we're using a test server to run mpatrol, to work with Unreal team to find out what's going wrong.
This test server is linked to the network, and crash at about link time, with a 132 MB core file which looks corrupted as you said. I can't find out why, ulimit -c is set to "unlimited", so maybe a system limit is applied, but I have no idea how to set that ... If someone have a clue about it (I'll ask our gurus huh).
I don't have another server able to run mpatrol correctly (system with hard core (aha) limits, too poor CPU / RAM ...), but I think it should be enough.
Now, I can run the ircd in gdb if it's needed, but I agree that a nice mpatrol output would be better.
Another point someone of my team pointed at is the fact that on BSD it seems to crash less often, so we thought about the core limits not being the same ... but this way is obscure :)

If you think you need an access to the box, we can think about it also...

About being rude, sorry for that, you maybe didn't deserved it, but ... you should understand we've been waiting a long time and that we're thinking about changing ircd software if we can't get Unreal more reliable, but it'll be a lot of work migrating, getting features we need (without spamfilters, our net is down) on it blabla ... And also, we're experiencing lower user counts, and although I'm not sure reliability is the reason of it, it's a bit annoying to think it could :) A few reasons which make us not feel that comfortable

syzop

2004-10-11 23:56

administrator   ~0007978

About 'rudeness' and stuff.. I don't think you can blame *us* for like 70% of the time delay, it's pretty much the refusal of following instructions on your side that kept delaying this and the lack of proper communication.
You first reported an issue in mid-June, we are now mid-October, that's 4 months. I'm probably responsible for like 1-1.5 month delay due to my physical problems (which I obviously could not do anything about), but those other ~2.5 months you cannot blame on me.
In fact between 2004-06-23 when I asked you to use a clean version w/mpatrol (0001883, last bugnote) and 2004-08-19 when you actually announced you were going to report the stuff, that's a 2 months delay!

Back on-topic..
So it crashed when linking already? Now that's interresting/fast ;).
[somehow I interpreted it like 'mpatrol at link time' previous time]

Yeah, could you mail me with login info of that box / where to find the ircd that I/we can use. Then I'll try to start it in gdb etc and see if I can find out the cause.
That's pretty much my last hope really, I hope we will be able to find it then :).

syzop

2004-10-16 19:50

administrator   ~0008023

Fixed in CVS [.155]. Patch for 3.2.1 mailed.

SUMMARY: If a remote client changed his/her nick into a qlined nick (eg: an oper using a qlined nick, or: a user using a qlined nick that is not qlined on the other server) then it would slowly corrupt the heap.

Since this was a quite complex bug (although easy to find with mpatrol), perhaps it's worth explaining in-detail to other coders what happend :) :

When getting a nickchange...
    if (!IsULine(sptr) && (tklban = find_qline(sptr, nick, &ishold)))
.. and find_qline() got called for a remote client, and it matched..

    for (lp = tklines[tkl_hash('q')]; lp; lp = lp->next)
    {
        points = 0;

        if (!(lp->type & TKL_NICK))
            continue;
        if (!match(lp->hostmask, nick))
        {
            points = 1; <-- true
            break;
        }
    }

    if (points != 1) <-- false
        return NULL;

    /* It's a services hold */
    if (*lp->usermask == 'H') <-- false
    {
        *ishold = 1;
        return lp;
    }

.. it continued to prepare for checking excepts...
    chost = cptr->sockhost; <-- bug part I
    cname = cptr->user ? cptr->user->username : "unknown";
    strcpy(host, make_user_host(cname, chost)); <-- bug part II

For remote clients cptr->sockhost is out of memory, so it might contain anything.. like '\0' ("", alias.. empty host), or like 0x46463243 or whatever...
Then make_user_host got called....
char *make_user_host(char *name, char *host)
{
    static char namebuf[USERLEN + HOSTLEN + 6];
    char *s = namebuf;

    bzero(namebuf, sizeof(namebuf));
    name = check_string(name);
    strncpyzt(s, name, USERLEN + 1);
    s += strlen(s);
    *s++ = '@';
    host = check_string(host); <--- bug part III
    strncpyzt(s, host, HOSTLEN + 1);
    s += strlen(s);
    *s = '\0';
    return (namebuf);
}
.. which called check_string on 'host' (which is our cptr->sockhost)...
/*
 * Fixes a string so that the first white space found becomes an end of
 * string marker (`\-`). returns the 'fixed' string or "*" if the string
 * was NULL length or a NULL pointer.
 */
char *check_string(char *s)
{
    static char star[2] = "*";
    char *str = s;

    if (BadPtr(s))
        return star;

    for (; *s; s++)
        if (isspace(*s))
        {
            *s = '\0'; <--- corruption!!!
            break;
        }

    return (BadPtr(str)) ? star : str;
}
.. which could cause corruption since if it encountered a "space character" before the "end of string" (=untill a 0x00 was encountered) it would replace it with 0x00. So, it would slowly corrupt the heap.
Ex: a pointer to <whatever> containing 0x8020bf12 would become 0x8000bf12 since the 0x20 [space] would become a 0x00.

Issue History

Date Modified Username Field Change
2004-08-19 11:50 Gilou New Issue
2004-08-20 10:58 Gilou Note Added: 0007408
2004-09-22 15:41 m339 Note Added: 0007765
2004-09-22 16:04 m339 Note Added: 0007766
2004-09-22 19:43 codemastr Note Added: 0007767
2004-09-23 04:48 al5001 Note Added: 0007768
2004-09-23 15:02 syzop Note Added: 0007770
2004-09-23 18:46 m339 Note Added: 0007772
2004-09-23 18:54 syzop Note Added: 0007773
2004-09-23 19:16 syzop Note Edited: 0007773
2004-09-26 19:58 syzop Note Added: 0007803
2004-09-27 15:05 m339 Note Added: 0007808
2004-09-27 18:26 syzop Note Added: 0007809
2004-09-29 16:53 syzop Note Added: 0007824
2004-10-08 03:49 syzop Note Added: 0007906
2004-10-08 07:10 Gilou Note Added: 0007913
2004-10-08 07:39 Gilou Note Edited: 0007913
2004-10-09 12:41 Gilou Note Added: 0007930
2004-10-09 15:30 syzop Note Added: 0007931
2004-10-09 23:16 Gilou Note Added: 0007934
2004-10-10 00:19 syzop Note Added: 0007938
2004-10-10 07:45 Gilou Note Added: 0007941
2004-10-10 15:16 aquanight Note Added: 0007942
2004-10-10 15:17 aquanight Note Edited: 0007942
2004-10-10 15:17 aquanight Note Edited: 0007942
2004-10-10 15:34 syzop Note Added: 0007943
2004-10-10 15:44 Gilou Note Added: 0007944
2004-10-10 17:55 syzop Relationship added related to 0001883
2004-10-11 23:37 Gilou Note Added: 0007977
2004-10-11 23:56 syzop Note Added: 0007978
2004-10-16 19:50 syzop Status new => resolved
2004-10-16 19:50 syzop Fixed in Version => 3.2.2
2004-10-16 19:50 syzop Resolution open => fixed
2004-10-16 19:50 syzop Assigned To => syzop
2004-10-16 19:50 syzop Note Added: 0008023