FR 3.0.1 (radsec) crashes

JB list.freeradius at me.com
Thu Jan 23 18:21:08 CET 2014


Hello!

Can anyone confirm this?
Is further information needed to investigate?

Thanks,
JB


JB wrote:

> Hi!
> 
> We're currently testing FR 3.0.1 with RadSec and we're seeing crashes when we turn off an access point.
> In the log below you can see that the access point sends an accounting stop request before it powers down.
> FR crashes after closing the socket.
> I also pasted the GDB stack trace below.
> 
> 
> BTW, we're also seeing these warnings a lot and we're not sure what they mean or how to prevent them:
> 
> Debug: (19) Writing to socket 12
> Debug: (19) Finished request 19.
> Debug: Thread 1 waiting to be assigned a request
> WARNING: WARNING: Socket was closed while processing request 19: Stopping it.
> Debug: (19) Cleaning up request packet ID 73 with timestamp +1053
> Debug: Waking up in 1.1 seconds.
> 
> Cheers,
> JB
> 
> 
> == Log ==
> 
> Sending Accounting-Response of id 1 from 0.0.0.0 port 2083 to XXX.XXX.XXX.XXX port 2159
> (0) Finished request 0.
> Thread 5 waiting to be assigned a request
> Waking up in 0.3 seconds.
> Client has closed connection
> ... closing socket auth+acct from client (XXX.XXX.XXX.XXX, 2159) -> (*, 2083, virtual-server=testserver)
> Waking up in 0.3 seconds.
> WARNING: Socket was closed while processing request 0: Stopping it.
> (0) Cleaning up request packet ID 1 with timestamp +10
> talloc: access after free error - first free may be at src/main/listen.c:3287 
> Bad talloc magic value - access after free 
> Program received signal SIGABRT, Aborted.
> 0xb7fe1424 in __kernel_vsyscall ()
> 
> 
> == GDB stacktrace ==
> 
> #0  0xb7fe1424 in __kernel_vsyscall ()
> No symbol table info available.
> #1  0xb7b5d941 in raise () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> No symbol table info available.
> #2  0xb7b60d72 in abort () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> No symbol table info available.
> #3  0xb7f2bd99 in talloc_abort () from /usr/local/lib/libtalloc.so.2
> No symbol table info available.
> #4  0xb7f2be50 in talloc_abort_access_after_free () from /usr/local/lib/libtalloc.so.2
> No symbol table info available.
> #5  0xb7f2bedf in talloc_chunk_from_ptr () from /usr/local/lib/libtalloc.so.2
> No symbol table info available.
> #6  0xb7f2dafb in _talloc_free () from /usr/local/lib/libtalloc.so.2
> No symbol table info available.
> #7  0xb7fd2a99 in request_free (request_ptr=0xbffff330) at src/main/util.c:229
>        request = 0x8293630
> #8  0x0807446c in request_done (request=0x8293630, action=2) at src/main/process.c:599
>        now = {tv_sec = -1073745096, tv_usec = 134690952}
>        when = {tv_sec = 17, tv_usec = 134838992}
>        __FUNCTION__ = "request_done"
> #9  0x080748dd in request_process_timer (request=0x8293630) at src/main/process.c:753
>        now = {tv_sec = 136778432, tv_usec = 134553804}
>        when = {tv_sec = 136790696, tv_usec = 136791168}
> #10 0x08074d1f in request_common (request=0x8293630, action=5) at src/main/process.c:906
>        buffer = "\250B'\b@\364\377\277\370\363\377\277\004\364\377\277\000\f\376\267\000\f\376\267\000\000\000\000d\364\377\277\250\254\370\267\343\312\370\267d\372\377\267\000\000\000\000\000\000\000\000p\364\377\277(\364\377\277\064\364\377\277\000\f\376\267\000\f\376\267\000\000\000\000\b\364\377\277\274>\n\b\226Q\272\267\370\266\370\267\000\f\376\267\000\000\000\000\377\377\377\377\364\357\377\267\343\312\370\267\005\000\000\000P\364\377\277\026\374\376\267\270\r\376\267"
>        __FUNCTION__ = "request_common"
> #11 0x08075849 in request_running (request=0x8293630, action=5) at src/main/process.c:1214
>        __FUNCTION__ = "request_running"
> #12 0x08073d0e in request_timer (ctx=0x8293630) at src/main/process.c:352
>        request = 0x8293630
>        action = 5
> #13 0xb7fabe7a in fr_event_run (el=0x82540b0, when=0xbffff608) at src/lib/event.c:219
>        callback = 0x8073ce4 <request_timer>
>        ctx = 0x8293630
>        ev = 0x0
> #14 0xb7fac4ab in fr_event_loop (el=0x82540b0) at src/lib/event.c:405
>        i = 4
>        rcode = 0
>        maxfd = 16
>        when = {tv_sec = 1390328421, tv_usec = 338121}
>        wake = 0xbffff608
>        read_fds = {fds_bits = {0 <repeats 32 times>}}
>        master_fds = {fds_bits = {61440, 0 <repeats 31 times>}}
> #15 0x0807c34c in radius_event_process () at src/main/process.c:4251
> No locals.
> #16 0x0806b8ef in main (argc=4, argv=0xbffff804) at src/main/radiusd.c:533
>        rcode = 0
>        status = -1073744040
>        argval = -1
>        spawn_flag = 1
>        dont_fork = 1
>        write_pid = 0
>        flag = 0
>        from_child = {-1, -1}
>        act = {__sigaction_handler = {sa_handler = 0x806bcf7 <sig_fatal>, sa_sigaction = 0x806bcf7 <sig_fatal>}, sa_mask = {__val = {
>              0 <repeats 32 times>}}, sa_flags = 0, sa_restorer = 0}



More information about the Freeradius-Users mailing list