John Morrissey wrote:
We recently upgraded from 2.0.4 to 2.1.8 and are now noticing occasional segfaults when handling received auth packets. Representative backtraces are below. In all cases, all threads are idle except one, which is receiving an auth packet.
Ugh. This looks like: https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35
In the first case, auth_socket_recv() passes a NULL packet to received_request(), which is strange since auth_socket_recv() checks for that case immediately before.
Yup.
In the second case, received_request() gets a bogus pointer to the packet, apparently from rad_recv().
Which should never happen.
I'm always hesitant to trust backtraces from optimized binaries, but the code paths relative to the packet pointers being passed around are bizarre and strike me as stack or heap corruption.
Any ideas?
Cry. I've run *billions* of packets through the server in a variety of environments in an attempt to reproduce bug #35. No luck. I don't know what to say at this point... Alan DeKok.