[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[leafnode-list] Crashing leafnode on demand

I am able to crash version 2.0b8_ma10pre3.2 on demand.

nexus@thune[10:50am]~(509) telnet 0 nntp
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
200 Leafnode NNTP daemon, version 2.0b8_ma10pre3.2 at thune.mrc-home.org
group rec.juggling
211 8180 20914 37365 rec.juggling group selected
xover 20914-20915
Connection closed by foreign host.

Attaching gdb to leafnode:

(gdb) bt full
#0  0x080576ff in xgetxover (require_messageidlink=1, g=0x0)
    at ../leafnode-2.0b8_ma10pre3.2/xoverutil.c:495
        st = {st_dev = 14861, __pad1 = 0, st_ino = 522077, st_mode = 33200,
  st_nlink = 1, st_uid = 9, st_gid = 13, st_rdev = 0, __pad2 = 0,
  st_size = 2288790, st_blksize = 4096, st_blocks = 4480,
  st_atime = 1022867881, __unused1 = 0, st_mtime = 1022866830, __unused2 =
0,
  st_ctime = 1022866830, __unused3 = 0, __unused4 = 0, __unused5 = 0}
        overview = 0x402f5008 <Address 0x402f5008 out of bounds>
        p = 0x51b2 <Address 0x51b2 out of bounds>
        q = 0x91b1 <Address 0x91b1 out of bounds>
        dl = (char **) 0x82c4330
        t = (char **) 0x51b2
        fd = 20914
        update = 0
        current = 8180
        art = 37297
        i = 196596
#1  0x080570e7 in getxover (require_messageidlink=1)
    at ../leafnode-2.0b8_ma10pre3.2/xoverutil.c:304
No locals.
#2  0x0804db31 in doxover (group=0x402bde98, arg=0x8068a56 "20914-20915",
    artno=20914) at ../leafnode-2.0b8_ma10pre3.2/nntpd.c:1995
        group = (struct newsgroup *) 0x402bde98
---Type <return> to continue, or q <return> to quit---
        arg = 0x8068a56 "20914-20915"
        a = 20914
        b = 20915
        art = 134646358
        idx = 196596
        flag = 0
        i = 196596
#3  0x0804a712 in main_loop () at ../leafnode-2.0b8_ma10pre3.2/nntpd.c:239
        artno = 20914
        group = (struct newsgroup *) 0x402bde98
        arg = 0x8068a56 "20914-20915"
        cmd = 0x8068a50 "xover"
        n = 37365
        size = 196596
#4  0x0804e69c in main (argc=1, argv=0xbffffe94)
    at ../leafnode-2.0b8_ma10pre3.2/nntpd.c:2396
        option = -1
        reply = 196596
        err = 196596
        fodder = 16
        conffile = "/etc/leafnode/config", '\0' <repeats 700 times>,
"nÓ\0@\234C\001@\0\0\0\02\030\0@2\0\0\0Ø\205\002@2\030\0@Tñÿ¿´D\0@ä\205\002@$\030\0@\016\0\0\0òC\0@\234C\001@$\030\0@`G\001@\0Ð\021\0lÄ\021\0$\030\0@¤õÿ¿\016\0\0\0TI\001@$---Type
<return> to continue, or q <return> to quit---
\030\0@¤õÿ¿Va\0@\234C\001@Øøÿ¿è\203\002@n\210\0@\234C\001@\0\0\0\0ðòÿ¿n\210\0@\0\0\0\0\017\0\0\0è\203\002@\0\0\0\0à\216\004\b\0\0\0\0,8\a@è\203\002@\003\0\0\0\220\205"...
        se = (FILE *) 0x2fff4
        buf = 0x8060a88 "211 8180 20914 37365 rec.juggling group
selected\r\n at thune.mrc-home.org \r\n"
        sa = {sin6_family = 2, sin6_port = 30464, sin6_flowinfo = 16777343,
  sin6_addr = {in6_u = {u6_addr8 =
"\205d\022À\eh\022À\0\0\0\0\0\0\0",
      u6_addr16 = {25733, 49170, 26651, 49170, 0, 0, 0, 0}, u6_addr32 = {
        3222430853, 3222431771, 0, 0}}}, sin6_scope_id = 0}
        peer = {sin6_family = 2, sin6_port = 29447, sin6_flowinfo =
16777343,
  sin6_addr = {in6_u = {u6_addr8 = "og", '\0' <repeats 13 times>, u6_addr16
= {
        26479, 0, 0, 0, 0, 0, 0, 0}, u6_addr32 = {26479, 0, 0, 0}}},
  sin6_scope_id = 0}
#5  0x4007c74f in __libc_start_main (main=0x804e31c <main>, argc=1,
    ubp_av=0xbffffe94, init=0x8049898 <_init>, fini=0x80590e0 <_fini>,
    rtld_fini=0x4000aa00 <_dl_fini>, stack_end=0xbffffe8c)
    at ../sysdeps/generic/libc-start.c:129
        ubp_av = (char **) 0xbffffe94
        fini = (void (*)()) 0x4001490c <_dl_debug_mask>
        rtld_fini = (void (*)()) 0x91f5
        ubp_ev = (char **) 0x2fff4
(gdb)

Some interesting stats:

thune:/var/spool/news/rec/juggling# find | wc
   8182    8182   65454
thune:/var/spool/news/rec/juggling# wc .overview
   8180  181623 2288790 .overview
thune:/var/spool/news/rec/juggling# ls | head -n 1 ; ls | tail -n 1
20914
37365
thune:/var/spool/news/rec/juggling# expr 37365 - 20914
16451

So, yes, there are a LOT of expired holes in this group.

20914
20916
20921
20922
20926
20927
20931

Cheers,
mrc
-- 
     Mike Castle      dalgoda@xxxxxxxxxxxxx      www.netcom.com/~dalgoda/
    We are all of us living in the shadow of Manhattan.  -- Watchmen
fatal ("You are in a maze of twisty compiler features, all different"); -- gcc

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list