Skip to content

Instantly share code, notes, and snippets.

@spscream

spscream/crash.log

Created January 24, 2023 15:41
Show Gist options
  • Save spscream/6ee8265dbc7d0c8f7fa24c2c9c0f8eef to your computer and use it in GitHub Desktop.
Save spscream/6ee8265dbc7d0c8f7fa24c2c9c0f8eef to your computer and use it in GitHub Desktop.
Download ZIP
janus segmentation fault output
Raw
crash.log
=================================================================
==1==ERROR: AddressSanitizer: heap-use-after-free on address 0x6070006f7e70 at pc 0x7fc3ce6eafa8 bp 0x7fc380c63bc0 sp 0x7fc380c63bb8
WRITE of size 4 at 0x6070006f7e70 thread T269 (hloop 125040446)
#0 0x7fc3ce6eafa7 in janus_videoroom_hangup_media_internal plugins/janus_videoroom.c:8912
#1 0x7fc3ce6ef5d3 in janus_videoroom_hangup_media plugins/janus_videoroom.c:8871
#2 0x560af99bdfab in janus_ice_outgoing_traffic_handle /build/janus-gateway/src/ice.c:4440
#3 0x560af99c8f36 in janus_ice_outgoing_traffic_dispatch /build/janus-gateway/src/ice.c:495
#4 0x7fc3d536ce6a in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51e6a)
#5 0x7fc3d536d117 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x52117)
#6 0x7fc3d536d40a in g_main_loop_run (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5240a)
#7 0x560af9994654 in janus_ice_handle_thread /build/janus-gateway/src/ice.c:1298
#8 0x7fc3d53960bc (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7b0bc)
#9 0x7fc3d51e6ea6 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7ea6)
#10 0x7fc3d5104a2e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfca2e)
0x6070006f7e70 is located 64 bytes inside of 72-byte region [0x6070006f7e30,0x6070006f7e78)
freed by thread T2546 (hloop 453929890) here:
#0 0x7fc3d598db6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
#1 0x7fc3d56bbec1 in stun_sha1 ../stun/stunhmac.c:207
previously allocated by thread T2546 (hloop 453929890) here:
#0 0x7fc3d598de8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x7fc3d4d1d8e3 in gnutls_hmac_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x738e3)
Thread T269 (hloop 125040446) created by T5 here:
#0 0x7fc3d59392a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
#1 0x7fc3d53bdff0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xa2ff0)
Thread T5 created by T0 here:
#0 0x7fc3d59392a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
#1 0x7fc3d53bdff0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xa2ff0)
Thread T2546 (hloop 453929890) created by T5 here:
#0 0x7fc3d59392a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
#1 0x7fc3d53bdff0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xa2ff0)
SUMMARY: AddressSanitizer: heap-use-after-free plugins/janus_videoroom.c:8912 in janus_videoroom_hangup_media_internal
Shadow bytes around the buggy address:
0x0c0e800d6f70: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0e800d6f80: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fd fd
0x0c0e800d6f90: fd fd fd fd fd fd fd fd fa fa fa fa 00 00 00 00
0x0c0e800d6fa0: 00 00 00 00 00 00 fa fa fa fa fd fd fd fd fd fd
0x0c0e800d6fb0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c0e800d6fc0: fd fd fa fa fa fa fd fd fd fd fd fd fd fd[fd]fa
0x0c0e800d6fd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fa fa
0x0c0e800d6fe0: fa fa fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0e800d6ff0: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fd fd
0x0c0e800d7000: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0e800d7010: fd fd fd fd fd fd fa fa fa fa 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1==ABORTING
=================================================================
==1==ERROR: AddressSanitizer: heap-use-after-free on address 0x607001ae00a0 at pc 0x7f8fbe7eafa8 bp 0x7f8fb5acfbc0 sp 0x7f8fb5acfbb8
WRITE of size 4 at 0x607001ae00a0 thread T5040 (hloop 536079927)
#0 0x7f8fbe7eafa7 in janus_videoroom_hangup_media_internal plugins/janus_videoroom.c:8912
#1 0x7f8fbe7ef5d3 in janus_videoroom_hangup_media plugins/janus_videoroom.c:8871
#2 0x557654f3efab in janus_ice_outgoing_traffic_handle /build/janus-gateway/src/ice.c:4440
#3 0x557654f49f36 in janus_ice_outgoing_traffic_dispatch /build/janus-gateway/src/ice.c:495
#4 0x7f8fc550ae6a in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51e6a)
#5 0x7f8fc550b117 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x52117)
#6 0x7f8fc550b40a in g_main_loop_run (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5240a)
#7 0x557654f15654 in janus_ice_handle_thread /build/janus-gateway/src/ice.c:1298
#8 0x7f8fc55340bc (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7b0bc)
#9 0x7f8fc5384ea6 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7ea6)
#10 0x7f8fc52a2a2e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfca2e)
0x607001ae00a0 is located 64 bytes inside of 72-byte region [0x607001ae0060,0x607001ae00a8)
freed by thread T6072 (hloop 721351711) here:
#0 0x7f8fc5b2bb6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
#1 0x7f8fc5859ec1 in stun_sha1 ../stun/stunhmac.c:207
previously allocated by thread T6072 (hloop 721351711) here:
#0 0x7f8fc5b2be8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x7f8fc4ebb8e3 in gnutls_hmac_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x738e3)
Thread T5040 (hloop 536079927) created by T5 here:
#0 0x7f8fc5ad72a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
#1 0x7f8fc555bff0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xa2ff0)
Thread T5 created by T0 here:
#0 0x7f8fc5ad72a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
#1 0x7f8fc555bff0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xa2ff0)
Thread T6072 (hloop 721351711) created by T5 here:
#0 0x7f8fc5ad72a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
#1 0x7f8fc555bff0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xa2ff0)
SUMMARY: AddressSanitizer: heap-use-after-free plugins/janus_videoroom.c:8912 in janus_videoroom_hangup_media_internal
Shadow bytes around the buggy address:
0x0c0e80353fc0: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80353fd0: fa fa fa fa fd fd fd fd fd fd fd fd fd fa fa fa
0x0c0e80353fe0: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0e80353ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80354000: fa fa fa fa fa fa fa fa fa fa fa fa fd fd fd fd
=>0x0c0e80354010: fd fd fd fd[fd]fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80354020: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0e80354030: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80354040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e80354050: fa fa fd fd fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0e80354060: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1==ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment