Freeradius crashes with SIGABRT

Alan DeKok aland at deployingradius.com
Wed Mar 6 23:17:00 CET 2019 

On Mar 6, 2019, at 10:52 AM, Daniel Feuchtinger <daniel.feuchtinger at lrz.de> wrote:
> We are proxying a lot of radius messages on this server:
> grep home_server proxy.conf|wc -l
> 101
> grep client clients.conf|wc -l
> 131

  That shouldn't matter.   The clients and home servers are placed into data structure, and never modified.

  Are you executing other programs?  Sending CoA packets?

> Most of the traffic should be eduroam authentication. 
> The server does load balancing with 3 servers
> that do the real authentication for us
> (and crash too from time to time, but
> that's another story), talks to a radsecproxy
> for external eduroam users and a ton of small
> other radius servers owned by university institutes.
> 
> I'll check, if I'm able to reduce the configuration
> without impact on the users. 

  Another alternative is to use LLVM.  If you install the LLVM RPM, you can then build FreeRADIUS with some more options.

1) install LLVM
2) grab the 3.0.18 source (or the source from GitHub)
3) do: CC=clang ./configure --prefix=/opt/freeradius ... args ...

  I think the name of the compiler on Suse is "clang".  If not, you'll have to find that out

  You're best to put this build into a unique directory, so it's easy to get rid of it later.

4) Edit "Make.inc", and look for the line "CFLAGS = ..."  add this:

	-fsanitize=address -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-address-use-after-scope

5) run "make; make install"

  You can then run that version with some extra environment variables:

export ASAN_SYMBOLIZER_PATH="/usr/local/opt/llvm/bin/llvm-symbolizer"

   You'll have to find out where that executable is located...

export ASAN_OPTIONS="malloc_context_size=50 detect_leaks=1 symbolize=1"

  Then run FreeRADIUS: /usr/freeradius/sbin/radiusd -f -d /etc/raddb

  With some luck, the address sanitizer may find the issue.  Note that the server will run much slower than normal, but that's likely fine.

  These issues are very, very, difficult to track down without tools like the address sanitizer.  We're using that in the v4 / master branch, and it's a huge help.

  Alan DeKok.

More information about the Freeradius-Users mailing list