talloc: access after free error

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Mar 31 10:50:22 CEST 2014


On 31 Mar 2014, at 09:39, Christian Hesse <list at eworm.de> wrote:

> Christian Hesse <list at eworm.de> on Wed, 2014/03/26 19:09:
>> Arran Cudbard-Bell <a.cudbardb at freeradius.org> on Wed, 2014/03/26 17:47:
>>> 
>>> On 26 Mar 2014, at 17:10, Christian Hesse <list at eworm.de> wrote:
>>>> Still the same issue with version 3.0.2 final... Looks like we have to
>>>> debug this remotely. Any hints where to start?
>>> 
>>> Install gdb on the system, uncomment this line:
>>> https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/radiusd.conf.in#L150
>> 
>> Done.
>> 
>>> and provide the backtrace please.
>> 
>> Waiting for the next failure now. Stay tuned...
> 
> And here we go...
> 
> My binaries are stripped down, so no debug symbols are available.

Could you please install the debugging symbols for both FreeRADIUS and libtalloc.

#3  <signal handler called>
No symbol table info available.
#4  0x00007fafbc1e5389 in raise () from /usr/lib/libc.so.6
No symbol table info available.
#5  0x00007fafbc1e6788 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#6  0x00007fafbd22595c in ?? () from /usr/lib/libtalloc.so.2
No symbol table info available.
#7  0x00007fafbd2250bf in ?? () from /usr/lib/libtalloc.so.2
No symbol table info available.
#8  0x00007fafbd225825 in _talloc_free () from /usr/lib/libtalloc.so.2
No symbol table info available.
#9  0x00007fafbd64e797 in pairmemcpy ()
   from /usr/lib/freeradius/libfreeradius-radius.so
No symbol table info available.
#10 0x00007fafb80c76cc in ?? () from /usr/lib/freeradius/rlm_pap.so
No symbol table info available.
#11 0x00007fafb80c7b21 in ?? () from /usr/lib/freeradius/rlm_pap.so
No symbol table info available.
#12 0x000000000041e6bb in ?? ()
No symbol table info available.
#13 0x000000000041dde0 in ?? ()
No symbol table info available.
#14 0x000000000041dfdf in ?? ()
No symbol table info available.
#15 0x000000000041f29d in modcall ()

Isn't very enlightening, other than it appears the crash is actually happening in rlm_pap, not in the connection pool code.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/mailman/private/freeradius-devel/attachments/20140331/3f1c0fe8/attachment.pgp>


More information about the Freeradius-Devel mailing list