THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#173 - Double Free -- Crash/Coredump and possible security vulnerability
User who did this - Bayan Towfiq (btowfiq)
----------
I set dlg_match_mode to 1 and it is still crashing the same way. One other thing I
noticed is that I am getting two separate coredumps from two processes. After the first
coredump (same as above), there is a second coredump about 1 minute later, before all the
processes end. Here is the short and long backtrace for the second coredump from the
other process 1 min after the first crash:
(gdb) bt
#0 0x00007f1cb918ea75 in raise () from /lib/libc.so.6
#1 0x00007f1cb91925c0 in abort () from /lib/libc.so.6
#2 0x000000000045ff41 in sig_alarm_abort (signo=<value optimized out>) at
main.c:661
#3 <signal handler called>
#4 0x00007f1cb923d877 in syscall () from /lib/libc.so.6
#5 0x00007f1cb1ae5f05 in futex_get (ticks=<value optimized out>, param=<value
optimized out>) at ../../mem/../futexlock.h:123
#6 dialog_update_db (ticks=<value optimized out>, param=<value optimized
out>) at dlg_db_handler.c:828
#7 0x00007f1cb1adbd21 in mod_destroy () at dialog.c:692
#8 0x00000000004e23f4 in destroy_modules () at sr_module.c:782
#9 0x000000000046154f in cleanup (show_status=1) at main.c:536
#10 0x00000000004621bb in shutdown_children (show_status=1, sig=<value optimized
out>) at main.c:678
#11 0x00000000004631d2 in handle_sigs () at main.c:769
#12 0x000000000046436e in main_loop () at main.c:1713
#13 0x0000000000465dd2 in main (argc=11, argv=0x7fffc752dbc8) at main.c:2475
(gdb) bt
#0 0x00007f1cb918ea75 in raise () from /lib/libc.so.6
#1 0x00007f1cb91925c0 in abort () from /lib/libc.so.6
#2 0x000000000045ff41 in sig_alarm_abort (signo=<value optimized out>) at
main.c:661
#3 <signal handler called>
#4 0x00007f1cb923d877 in syscall () from /lib/libc.so.6
#5 0x00007f1cb1ae5f05 in futex_get (ticks=<value optimized out>, param=<value
optimized out>) at ../../mem/../futexlock.h:123
#6 dialog_update_db (ticks=<value optimized out>, param=<value optimized
out>) at dlg_db_handler.c:828
#7 0x00007f1cb1adbd21 in mod_destroy () at dialog.c:692
#8 0x00000000004e23f4 in destroy_modules () at sr_module.c:782
#9 0x000000000046154f in cleanup (show_status=1) at main.c:536
#10 0x00000000004621bb in shutdown_children (show_status=1, sig=<value optimized
out>) at main.c:678
#11 0x00000000004631d2 in handle_sigs () at main.c:769
#12 0x000000000046436e in main_loop () at main.c:1713
#13 0x0000000000465dd2 in main (argc=11, argv=0x7fffc752dbc8) at main.c:2475
(gdb) bt full
#0 0x00007f1cb918ea75 in raise () from /lib/libc.so.6
No symbol table info available.
#1 0x00007f1cb91925c0 in abort () from /lib/libc.so.6
No symbol table info available.
#2 0x000000000045ff41 in sig_alarm_abort (signo=<value optimized out>) at
main.c:661
No locals.
#3 <signal handler called>
No symbol table info available.
#4 0x00007f1cb923d877 in syscall () from /lib/libc.so.6
No symbol table info available.
#5 0x00007f1cb1ae5f05 in futex_get (ticks=<value optimized out>, param=<value
optimized out>) at ../../mem/../futexlock.h:123
v = <value optimized out>
#6 dialog_update_db (ticks=<value optimized out>, param=<value optimized
out>) at dlg_db_handler.c:828
index = <value optimized out>
cell = <value optimized out>
#7 0x00007f1cb1adbd21 in mod_destroy () at dialog.c:692
No locals.
#8 0x00000000004e23f4 in destroy_modules () at sr_module.c:782
t = 0x7f1cb8da6578
foo = 0x7f1cb8da6108
__FUNCTION__ = "destroy_modules"
#9 0x000000000046154f in cleanup (show_status=1) at main.c:536
memlog = <value optimized out>
__FUNCTION__ = "cleanup"
#10 0x00000000004621bb in shutdown_children (show_status=1, sig=<value optimized
out>) at main.c:678
No locals.
#11 0x00000000004631d2 in handle_sigs () at main.c:769
chld = 0
chld_status = 134
memlog = <value optimized out>
#12 0x000000000046436e in main_loop () at main.c:1713
i = 8
pid = <value optimized out>
si = 0x0
si_desc = "udp receiver child=7
sock=70.167.153.130:5160\000\000\000\000\000@\020", '\000' <repeats 12
times>,
"\016\b\000\000\000\000\000\000\000h\244@N\225\342\362&\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\300\v\215\000\000\000\000\000\"\000\000\000\000\000\000\000\000\000@\020",
'\000' <repeats 11 times>
#13 0x0000000000465dd2 in main (argc=11, argv=0x7fffc752dbc8) at main.c:2475
cfg_stream = <value optimized out>
c = <value optimized out>
r = <value optimized out>
tmp = 0x7fffc752ee83 ""
tmp_len = 0
port = <value optimized out>
proto = <value optimized out>
ret = <value optimized out>
---Type <return> to continue, or q <return> to quit---
seed = 48325081
rfd = <value optimized out>
debug_save = 272629760
debug_flag = 34
dont_fork_cnt = 0
n_lst = 0x10400000
p = <value optimized out>
----------
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=173#comment3…
You are receiving this message because you have requested it from the Flyspray bugtracking
system. If you did not expect this message or don't want to receive mails in future,
you can change your notification settings at the URL shown above.