talloc & threads in rlm_eap

Phil Mayers p.mayers at imperial.ac.uk
Mon Jun 23 18:02:24 CEST 2014

On 23/06/14 16:55, Arran Cudbard-Bell wrote:
> On 23 Jun 2014, at 16:52, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>> On 23/06/14 16:45, Phil Mayers wrote:
>>> On 23/06/14 16:29, Arran Cudbard-Bell wrote:
>>>> Any better with latest v3.0.x HEAD? Just fixed all the connection pool
>>>> handle allocation.
>>> Don't think so, immediate bomb-out when hammering it with EAP; just
>>> rebuilding after make distclean to be absolutely sure I'm on the latest
>>> (it would be nice if git activity updated the version reported in "-v";
>>> seems to only be captured at ./configure time and this makes me paranoid
>>> I've not updated the binaries correctly)
>> Yeah same sort of thing:
> One more time... I found another one in the cache module...

Nope, sorry :o(

Mon Jun 23 17:00:07 2014 : Info: Ready to process requests
Mon Jun 23 17:00:09 2014 : Info: talloc: access after free error - first 
free may be at src/lib/valuepair.c:171
Mon Jun 23 17:00:09 2014 : Info: Bad talloc magic value - access after 
Mon Jun 23 17:00:09 2014 : Info: talloc abort: Bad talloc magic value - 
access after free
Mon Jun 23 17:00:09 2014 : Info: CAUGHT SIGNAL: Aborted
Mon Jun 23 17:00:09 2014 : Info: Backtrace of last 17 frames:

#0  0x000000379dcac90d in __libc_waitpid (pid=<value optimized out>, 
stat_loc=<value optimized out>, options=<value optimized out>)
     at ../sysdeps/unix/sysv/linux/waitpid.c:41
#1  0x000000379dc3e909 in do_system (line=<value optimized out>) at 
#2  0x000000379dc3ec40 in __libc_system (line=<value optimized out>) at 
#3  0x00007f47cb668837 in fr_fault (sig=6) at src/lib/debug.c:527
#4  0x00007f47cb668924 in _fr_talloc_fault (reason=0x36ad408348 "Bad 
talloc magic value - access after free") at src/lib/debug.c:563
#5  0x00000036ad402dd8 in talloc_abort_access_after_free (ptr=<value 
optimized out>) at ../talloc.c:336
#6  talloc_chunk_from_ptr (ptr=<value optimized out>) at ../talloc.c:357
#7  talloc_get_name (ptr=<value optimized out>) at ../talloc.c:1153
#8  0x00000036ad4057eb in _talloc_get_type_abort (ptr=0x11baeb0, 
name=0x7f47cb68db43 "VALUE_PAIR", location=0x7f47cb68db2f 
"src/lib/debug.c:819") at ../talloc.c:1206
#9  0x00007f47cb6690ae in fr_verify_vp (file=0x7f47cb68d470 
"src/lib/cursor.c", line=45, vp=0x11baeb0) at src/lib/debug.c:819
#10 0x00007f47cb66789f in _fr_cursor_init (cursor=0x7fff68457540, 
node=0x7fff68457520) at src/lib/cursor.c:45
#11 0x00007f47cb66954e in fr_verify_list (file=0x45b735 
"src/main/process.c", line=1446, expected=0x11a2490, vps=0x11baeb0) at 
#12 0x00007f47cb8bf9eb in verify_packet (file=0x45b735 
"src/main/process.c", line=1446, request=0x11a27d0, packet=0x11a2490) at 
#13 0x00007f47cb8bfac9 in verify_request (file=0x45b735 
"src/main/process.c", line=1446, request=0x11a27d0) at src/main/util.c:1106
#14 0x0000000000435741 in request_running (request=0x11a27d0, action=5) 
at src/main/process.c:1446
#15 0x00000000004334d9 in request_timer (ctx=0x11a27d0) at 
#16 0x00007f47cb68b3ed in fr_event_run (el=0xbe72a0, 
when=0x7fff684577f0) at src/lib/event.c:260
#17 0x00007f47cb68bcfa in fr_event_loop (el=0xbe72a0) at src/lib/event.c:483
#18 0x000000000043d710 in radius_event_process () at src/main/process.c:4923
#19 0x000000000042a3ea in main (argc=7, argv=0x7fff684579b8) at 

More information about the Freeradius-Devel mailing list