[krbdev.mit.edu #3087]

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #3087]

Greg Hudson via RT
> Running kinit, klist, kadmin, telnet etc all produce messages
> similar to:
>
> klist in free(): error: chunk is already free
> Abort trap

I've tried static builds on x86-linux, and can't find any problems using valgrind or electric
fence.  I've also tried alpha-netbsd2.0 with shared libraries and enabled debugging options
in the native malloc, still no hints.

> anquetil.bath.ac.uk ?// MALLOC_OPTIONS=a /kerberosV/bin/klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_526)
>
>
> Kerberos 4 ticket cache: /tmp/tkt526
> klist: You have no tickets cached
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> anquetil.bath.ac.uk ?//
>
> Note that the command always seems to work OK and the error seems to
> occur as part of the cleanup before the command exits.  This is most
> noticable with the telnet command.  The failure occurs after the
> connection to the remote site has been closed.
>
> Running a simple program under gdb gives:
>
>
> a.out in free(): error: chunk is already free
>
> Program received signal SIGABRT, Aborted.
> 0x0e16b71d in kill () from /usr/lib/libc.so.34.2
> (gdb) bt
> #0  0x0e16b71d in kill () from /usr/lib/libc.so.34.2
> #1  0x0e19830f in abort () from /usr/lib/libc.so.34.2
> #2  0x0e16fb71 in execve () from /usr/lib/libc.so.34.2
> #3  0x00000002 in ?? ()
> #4  0xcfbf82bc in ?? ()

This stack trace is pretty clearly corrupted.

Could you try running the program under GDB, with a breakpoint in remove_error_table, and
each time it's hit, print out the argument passed in and the stack trace?

I'd also be interested in seeing the order in which profile_library_finalizer and
com_err_terminate get called (profile_library_finalizer should be first), and the value of the
variable 'terminated' in error_message.c when the problem happens.
_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs