3.0.1: good old "die on exit" again

Stefan Winter stefan.winter at restena.lu
Tue Feb 4 08:39:35 CET 2014


Hi,

>   Is there a minimal config which reproduces this problem?

I'm building one right now. I noticed immediately that, depending what I
delete from the config, I see two distinct issues.

Despite running 3.0.x from yesterday with the first fix, I still
"sometimes" see "unknown value". At other config constellations, I see
"access after free".

Particularly, I get the "unknown value" after commenting my last
occurence of an rlm_sql_null in the vserver; as soon as I *un*comment
that line again, I get "access after free".

Maybe the null driver is at fault? As you see below I still instantiate
more sql instances than I actually use in the vserver. Maybe that
exacerbates the problem.

I'm attaching a gdb bt of both instances. It's both in a config with
just one vserver, and stripped-down authorize. I'm minimising more
gradually, but attach that one vserver config to this mail...


"unknown value" (sql_null commented)
====================================
Ready to process requests.

Program received signal SIGTERM, Terminated.
0x00007ffff5b048f3 in __select_nocancel () from /lib64/libc.so.6
(gdb) c
Continuing.
Signalled to terminate
Exiting normally.
rlm_sql (cuisql): Removing connection pool
rlm_sql (cuisql): Closing connection (4)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (cuisql): Closing connection (3)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (cuisql): Closing connection (2)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (cuisql): Closing connection (1)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (cuisql): Closing connection (0)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (sql-imap-hash): Removing connection pool
rlm_sql (sql-imap-hash): Closing connection (4)
rlm_sql (sql-imap-hash): Closing connection (3)
rlm_sql (sql-imap-hash): Closing connection (2)
rlm_sql (sql-imap-hash): Closing connection (1)
rlm_sql (sql-imap-hash): Closing connection (0)
rlm_sql (sql-null-postauth): Removing connection pool
rlm_sql (sql-null-postauth): Closing connection (2)
rlm_sql (sql-null-postauth): Closing connection (1)
rlm_sql (sql-null-postauth): Closing connection (0)
rlm_sql (sql-null-lastusage): Removing connection pool
rlm_sql (sql-null-lastusage): Closing connection (2)
rlm_sql (sql-null-lastusage): Closing connection (1)
rlm_sql (sql-null-lastusage): Closing connection (0)
rlm_sql (sql-webmailsso-users): Removing connection pool
rlm_sql (sql-webmailsso-users): Closing connection (4)
rlm_sql (sql-webmailsso-users): Closing connection (3)
rlm_sql (sql-webmailsso-users): Closing connection (2)
rlm_sql (sql-webmailsso-users): Closing connection (1)
rlm_sql (sql-webmailsso-users): Closing connection (0)
rlm_sql (sql-null-staff-tacacsaccounting): Removing connection pool
rlm_sql (sql-null-staff-tacacsaccounting): Closing connection (2)
rlm_sql (sql-null-staff-tacacsaccounting): Closing connection (1)
rlm_sql (sql-null-staff-tacacsaccounting): Closing connection (0)
Bad talloc magic value - unknown value

Program received signal SIGABRT, Aborted.
0x00007ffff5a59849 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff5a59849 in raise () from /lib64/libc.so.6
#1  0x00007ffff5a5acd8 in abort () from /lib64/libc.so.6
#2  0x00007ffff70fafac in ?? () from /usr/lib64/libtalloc.so.2
#3  0x00007ffff70fe1da in ?? () from /usr/lib64/libtalloc.so.2
#4  0x00007ffff70fde73 in ?? () from /usr/lib64/libtalloc.so.2
#5  0x00007ffff70fde73 in ?? () from /usr/lib64/libtalloc.so.2
#6  0x00007ffff70faabb in _talloc_free () from /usr/lib64/libtalloc.so.2
#7  0x00007ffff7bc13a6 in cf_file_free (cs=0x68cd30) at <command-line>:2024
#8  0x000000000041fc0d in free_mainconfig () at <command-line>:1023
#9  0x0000000000428c1f in main (argc=2, argv=0x7fffffffdc78) at
<command-line>:596
(gdb) c
Continuing.
FATAL SIGNAL: Aborted
Missing separate debuginfo for /lib64/libgcc_s.so.1
Try: zypper install -C
"debuginfo(build-id)=26253bec1076626f73b8b13bed9510ae626e1ead"
Backtrace of last 14 frames:
/usr/local/freeradius/3.0.2-pre-201402023/lib64/libfreeradius-radius.so(+0x988f)
[0x7ffff798288f]
/lib64/libpthread.so.0(+0xf9f0) [0x7ffff64cb9f0]
/lib64/libc.so.6(gsignal+0x39) [0x7ffff5a59849]
/lib64/libc.so.6(abort+0x148) [0x7ffff5a5acd8]
/usr/lib64/libtalloc.so.2(+0x2fac) [0x7ffff70fafac]
/usr/lib64/libtalloc.so.2(+0x61da) [0x7ffff70fe1da]
/usr/lib64/libtalloc.so.2(+0x5e73) [0x7ffff70fde73]
/usr/lib64/libtalloc.so.2(+0x5e73) [0x7ffff70fde73]
/usr/lib64/libtalloc.so.2(_talloc_free+0x10b) [0x7ffff70faabb]
/usr/local/freeradius/3.0.2-pre-201402023/lib64/libfreeradius-server.so(cf_file_free+0x1f)
[0x7ffff7bc13a6]
/usr/local/freeradius/3.0.2-pre-201402023/sbin/radiusd(free_mainconfig+0x59)
[0x41fc0d]
/usr/local/freeradius/3.0.2-pre-201402023/sbin/radiusd(main+0xc90)
[0x428c1f]
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7ffff5a45be5]
/usr/local/freeradius/3.0.2-pre-201402023/sbin/radiusd() [0x40d7b9]
No panic action set
_EXIT CALLED <command-line>[261]: 1:

Access after free (sql_null uncommented)
========================================
Ready to process requests.

Program received signal SIGTERM, Terminated.
0x00007ffff5b048f3 in __select_nocancel () from /lib64/libc.so.6
(gdb) c
Continuing.
Signalled to terminate
Exiting normally.
rlm_sql (cuisql): Removing connection pool
rlm_sql (cuisql): Closing connection (4)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (cuisql): Closing connection (3)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (cuisql): Closing connection (2)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (cuisql): Closing connection (1)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (cuisql): Closing connection (0)
rlm_sql_sqlite: Socket destructor called, closing socket
rlm_sql (sql-imap-hash): Removing connection pool
rlm_sql (sql-imap-hash): Closing connection (4)
rlm_sql (sql-imap-hash): Closing connection (3)
rlm_sql (sql-imap-hash): Closing connection (2)
rlm_sql (sql-imap-hash): Closing connection (1)
rlm_sql (sql-imap-hash): Closing connection (0)
rlm_sql (sql-null-postauth): Removing connection pool
rlm_sql (sql-null-postauth): Closing connection (2)
rlm_sql (sql-null-postauth): Closing connection (1)
rlm_sql (sql-null-postauth): Closing connection (0)
rlm_sql (sql-null-lastusage): Removing connection pool
rlm_sql (sql-null-lastusage): Closing connection (2)
rlm_sql (sql-null-lastusage): Closing connection (1)
rlm_sql (sql-null-lastusage): Closing connection (0)
rlm_sql (sql-webmailsso-users): Removing connection pool
rlm_sql (sql-webmailsso-users): Closing connection (4)
rlm_sql (sql-webmailsso-users): Closing connection (3)
rlm_sql (sql-webmailsso-users): Closing connection (2)
rlm_sql (sql-webmailsso-users): Closing connection (1)
rlm_sql (sql-webmailsso-users): Closing connection (0)
rlm_sql (sql-null-staff-tacacsaccounting): Removing connection pool
rlm_sql (sql-null-staff-tacacsaccounting): Closing connection (2)
rlm_sql (sql-null-staff-tacacsaccounting): Closing connection (1)
rlm_sql (sql-null-staff-tacacsaccounting): Closing connection (0)
talloc: access after free error - first free may be at <command-line>:2024
Bad talloc magic value - access after free

Program received signal SIGABRT, Aborted.
0x00007ffff5a59849 in raise () from /lib64/libc.so.6
(gdb) c
Continuing.
FATAL SIGNAL: Aborted
Missing separate debuginfo for /lib64/libgcc_s.so.1
Try: zypper install -C
"debuginfo(build-id)=26253bec1076626f73b8b13bed9510ae626e1ead"
Backtrace of last 15 frames:
/usr/local/freeradius/3.0.2-pre-201402023/lib64/libfreeradius-radius.so(+0x988f)
[0x7ffff798288f]
/lib64/libpthread.so.0(+0xf9f0) [0x7ffff64cb9f0]
/lib64/libc.so.6(gsignal+0x39) [0x7ffff5a59849]
/lib64/libc.so.6(abort+0x148) [0x7ffff5a5acd8]
/usr/lib64/libtalloc.so.2(+0x2fac) [0x7ffff70fafac]
/usr/lib64/libtalloc.so.2(+0x26ff) [0x7ffff70fa6ff]
/usr/lib64/libtalloc.so.2(+0x6198) [0x7ffff70fe198]
/usr/lib64/libtalloc.so.2(+0x5e73) [0x7ffff70fde73]
/usr/lib64/libtalloc.so.2(+0x5e73) [0x7ffff70fde73]
/usr/lib64/libtalloc.so.2(_talloc_free+0x10b) [0x7ffff70faabb]
/usr/local/freeradius/3.0.2-pre-201402023/lib64/libfreeradius-server.so(cf_file_free+0x1f)
[0x7ffff7bc13a6]
/usr/local/freeradius/3.0.2-pre-201402023/sbin/radiusd(free_mainconfig+0x59)
[0x41fc0d]
/usr/local/freeradius/3.0.2-pre-201402023/sbin/radiusd(main+0xc90)
[0x428c1f]
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7ffff5a45be5]
/usr/local/freeradius/3.0.2-pre-201402023/sbin/radiusd() [0x40d7b9]
No panic action set
_EXIT CALLED <command-line>[261]: 1:





-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140204/0794af17/attachment.key>
-------------- next part --------------
server IMAP {

authorize {
       	sql-imap-hash
	pap
}

authenticate {
	Auth-Type PAP{
		pap_hash_debugfallback
	}
}

preacct {
}

accounting {
}

session {
}

post-auth {
#	restena_log_policy
	sql-null-lastusage

        # if user logged in via valid mushroom, extend its lifetime

        if ( "%{strlen:%{User-Password}}" == "96" ) {
                sql-webmailsso-users
        }

	Post-Auth-Type REJECT {
		restena_log_policy
	}
}

pre-proxy {
}

post-proxy {
}

}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140204/0794af17/attachment.pgp>


More information about the Freeradius-Devel mailing list