3.0.x HEAD crashing

Phil Mayers p.mayers at imperial.ac.uk
Wed Jun 18 14:55:06 CEST 2014


On 18/06/14 11:24, Phil Mayers wrote:

> Ok, runs now. Will set it going and see if it dies after time.

Still crashing after a while with 5c9c917592 :o(

Valgrind says:

Thread 1:
Invalid read of size 4
    at 0x36AD402D84: talloc_get_name (talloc.c:349)
    by 0x36AD4057EA: _talloc_get_type_abort (talloc.c:1206)
    by 0x4E4708D: fr_verify_vp (debug.c:823)
    by 0x4E458DE: _fr_cursor_init (cursor.c:45)
    by 0x4E4752D: fr_verify_list (debug.c:910)
    by 0x4C2EA3B: verify_request (util.c:1105)
    by 0x4354B8: request_running (process.c:1446)
    by 0x433250: request_timer (process.c:471)
    by 0x4E69304: fr_event_run (event.c:260)
    by 0x4E69C11: fr_event_loop (event.c:483)
    by 0x43D487: radius_event_process (process.c:4923)
    by 0x42A1A4: main (radiusd.c:565)
  Address 0x9d4bb70 is 64 bytes inside a block of size 160 free'd
    at 0x4A063F0: free (vg_replace_malloc.c:446)
    by 0x36AD402388: _talloc_free_internal (talloc.c:876)
    by 0x4E62601: pairfree (valuepair.c:171)
    by 0x4351F9: request_finish (process.c:1366)
    by 0x435617: request_running (process.c:1526)
    by 0x430D90: request_handler_thread (threads.c:685)
    by 0x379E4079D0: start_thread (pthread_create.c:301)
    by 0x379DCE8B7C: clone (clone.S:115)

Invalid read of size 8
    at 0x36AD402DBA: talloc_get_name (talloc.c:356)
    by 0x36AD4057EA: _talloc_get_type_abort (talloc.c:1206)
    by 0x4E4708D: fr_verify_vp (debug.c:823)
    by 0x4E458DE: _fr_cursor_init (cursor.c:45)
    by 0x4E4752D: fr_verify_list (debug.c:910)
    by 0x4C2EA3B: verify_request (util.c:1105)
    by 0x4354B8: request_running (process.c:1446)
    by 0x433250: request_timer (process.c:471)
    by 0x4E69304: fr_event_run (event.c:260)
    by 0x4E69C11: fr_event_loop (event.c:483)
    by 0x43D487: radius_event_process (process.c:4923)
    by 0x42A1A4: main (radiusd.c:565)
  Address 0x9d4bb60 is 48 bytes inside a block of size 160 free'd
    at 0x4A063F0: free (vg_replace_malloc.c:446)
    by 0x36AD402388: _talloc_free_internal (talloc.c:876)
    by 0x4E62601: pairfree (valuepair.c:171)
    by 0x4351F9: request_finish (process.c:1366)
    by 0x435617: request_running (process.c:1526)
    by 0x430D90: request_handler_thread (threads.c:685)
    by 0x379E4079D0: start_thread (pthread_create.c:301)
    by 0x379DCE8B7C: clone (clone.S:115)

I didn't get a talloc report (or a valid core, grr valgrind!) but it 
looks like it might have then died inside fr_fault after getting the 
signal, hence no talloc report.


More information about the Freeradius-Devel mailing list