#158 double free with gssproxy 0.6.1
Closed: Fixed 7 years ago Opened 7 years ago by pkerling.

My distro (ArchLinux) has recently updated to gssproxy 0.6.1. Ever since then, I get a SIGABRT due to a libc double free or corruption immediately when trying to access my NFS share.
I confirmed by downgrading to 0.5.1 that the crash does not happen there. I can try to bisect the commit if it helps.

Log with backtrace:

(gdb) run
Starting program: /root/gss-proxy/proxy/gssproxy -i -d -d -d -d
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[2017/01/24 17:52:45]: Debug Enabled (level: 0)
[New Thread 0x7ffff4b26700 (LWP 29995)]
[New Thread 0x7ffff4325700 (LWP 29996)]
[New Thread 0x7ffff3b24700 (LWP 29997)]
[New Thread 0x7ffff3323700 (LWP 29998)]
[New Thread 0x7ffff2b22700 (LWP 29999)]
[2017/01/24 17:52:45]: Failed to get peer's SELinux context (95:Die Operation wird nicht unterstützt)
[2017/01/24 17:52:45]: Client connected (fd = 9)[2017/01/24 17:52:45]:  (pid = 29991) (uid = 0) (gid = 0)[2017/01/24 17:52:45]: 


[2017/01/24 17:52:58]: gp_rpc_execute: executing 9 (GSSX_ACCEPT_SEC_CONTEXT) for service "nfs-server", euid: 0,socket: /run/gssproxy.sock
*** Error in `/root/gss-proxy/proxy/gssproxy': double free or corruption (out): 0x00007fffec000c10 ***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x70c4b)[0x7ffff60bdc4b]
/usr/lib/libc.so.6(+0x76fe6)[0x7ffff60c3fe6]
/usr/lib/libc.so.6(+0x777de)[0x7ffff60c47de]
/root/gss-proxy/proxy/gssproxy(+0x5a1d)[0x555555559a1d]
/root/gss-proxy/proxy/gssproxy(+0x97d8)[0x55555555d7d8]
/root/gss-proxy/proxy/gssproxy(+0x133f6)[0x5555555673f6]
/root/gss-proxy/proxy/gssproxy(+0xfb53)[0x555555563b53]
/root/gss-proxy/proxy/gssproxy(+0x8b6b)[0x55555555cb6b]
/usr/lib/libpthread.so.0(+0x7454)[0x7ffff63f2454]
/usr/lib/libc.so.6(clone+0x5f)[0x7ffff61357df]
======= Memory map: ========
555555554000-55555556f000 r-xp 00000000 fe:00 3171840                    /root/gss-proxy/proxy/gssproxy
55555576f000-555555770000 r--p 0001b000 fe:00 3171840                    /root/gss-proxy/proxy/gssproxy
555555770000-555555771000 rw-p 0001c000 fe:00 3171840                    /root/gss-proxy/proxy/gssproxy
555555771000-5555557b3000 rw-p 00000000 00:00 0                          [heap]
7fffec000000-7fffec021000 rw-p 00000000 00:00 0 
7fffec021000-7ffff0000000 ---p 00000000 00:00 0 
7ffff1ef1000-7ffff1f07000 r-xp 00000000 fe:00 6557303                    /usr/lib/libgcc_s.so.1
7ffff1f07000-7ffff2106000 ---p 00016000 fe:00 6557303                    /usr/lib/libgcc_s.so.1
7ffff2106000-7ffff2107000 r--p 00015000 fe:00 6557303                    /usr/lib/libgcc_s.so.1
7ffff2107000-7ffff2108000 rw-p 00016000 fe:00 6557303                    /usr/lib/libgcc_s.so.1
7ffff2108000-7ffff2121000 r-xp 00000000 fe:00 6815920                    /usr/lib/gssproxy/proxymech.so
7ffff2121000-7ffff2320000 ---p 00019000 fe:00 6815920                    /usr/lib/gssproxy/proxymech.so
7ffff2320000-7ffff2321000 r--p 00018000 fe:00 6815920                    /usr/lib/gssproxy/proxymech.so
7ffff2321000-7ffff2322000 rw-p 00019000 fe:00 6815920                    /usr/lib/gssproxy/proxymech.so
7ffff2322000-7ffff2323000 ---p 00000000 00:00 0 
7ffff2323000-7ffff2b23000 rw-p 00000000 00:00 0 
7ffff2b23000-7ffff2b24000 ---p 00000000 00:00 0 
7ffff2b24000-7ffff3324000 rw-p 00000000 00:00 0 
7ffff3324000-7ffff3325000 ---p 00000000 00:00 0 
7ffff3325000-7ffff3b25000 rw-p 00000000 00:00 0 
7ffff3b25000-7ffff3b26000 ---p 00000000 00:00 0 
7ffff3b26000-7ffff4326000 rw-p 00000000 00:00 0 
7ffff4326000-7ffff4327000 ---p 00000000 00:00 0 
7ffff4327000-7ffff4b27000 rw-p 00000000 00:00 0 
7ffff4b27000-7ffff5107000 r--p 00000000 fe:00 6957420                    /usr/lib/locale/locale-archive
7ffff5107000-7ffff5111000 r-xp 00000000 fe:00 6572845                    /usr/lib/libnss_files-2.24.so
7ffff5111000-7ffff5311000 ---p 0000a000 fe:00 6572845                    /usr/lib/libnss_files-2.24.so
7ffff5311000-7ffff5312000 r--p 0000a000 fe:00 6572845                    /usr/lib/libnss_files-2.24.so
7ffff5312000-7ffff5313000 rw-p 0000b000 fe:00 6572845                    /usr/lib/libnss_files-2.24.so
7ffff5313000-7ffff5319000 rw-p 00000000 00:00 0 
7ffff5319000-7ffff531b000 r-xp 00000000 fe:00 6571924                    /usr/lib/libdl-2.24.so
7ffff531b000-7ffff551b000 ---p 00002000 fe:00 6571924                    /usr/lib/libdl-2.24.so
7ffff551b000-7ffff551c000 r--p 00002000 fe:00 6571924                    /usr/lib/libdl-2.24.so
7ffff551c000-7ffff551d000 rw-p 00003000 fe:00 6571924                    /usr/lib/libdl-2.24.so
7ffff551d000-7ffff5520000 r-xp 00000000 fe:00 6572982                    /usr/lib/libpath_utils.so.1.0.1
7ffff5520000-7ffff571f000 ---p 00003000 fe:00 6572982                    /usr/lib/libpath_utils.so.1.0.1
7ffff571f000-7ffff5720000 r--p 00002000 fe:00 6572982                    /usr/lib/libpath_utils.so.1.0.1
7ffff5720000-7ffff5721000 rw-p 00003000 fe:00 6572982                    /usr/lib/libpath_utils.so.1.0.1
7ffff5721000-7ffff5824000 r-xp 00000000 fe:00 6572684                    /usr/lib/libm-2.24.so
7ffff5824000-7ffff5a23000 ---p 00103000 fe:00 6572684                    /usr/lib/libm-2.24.so
7ffff5a23000-7ffff5a24000 r--p 00102000 fe:00 6572684                    /usr/lib/libm-2.24.so
7ffff5a24000-7ffff5a25000 rw-p 00103000 fe:00 6572684                    /usr/lib/libm-2.24.so
7ffff5a25000-7ffff5a39000 r-xp 00000000 fe:00 6573169                    /usr/lib/libresolv-2.24.so
7ffff5a39000-7ffff5c38000 ---p 00014000 fe:00 6573169                    /usr/lib/libresolv-2.24.so
7ffff5c38000-7ffff5c39000 r--p 00013000 fe:00 6573169                    /usr/lib/libresolv-2.24.so
7ffff5c39000-7ffff5c3a000 rw-p 00014000 fe:00 6573169                    /usr/lib/libresolv-2.24.so
7ffff5c3a000-7ffff5c3c000 rw-p 00000000 00:00 0 
7ffff5c3c000-7ffff5c3f000 r-xp 00000000 fe:00 6572493                    /usr/lib/libkeyutils.so.1.5
7ffff5c3f000-7ffff5e3e000 ---p 00003000 fe:00 6572493                    /usr/lib/libkeyutils.so.1.5
7ffff5e3e000-7ffff5e3f000 r--p 00002000 fe:00 6572493                    /usr/lib/libkeyutils.so.1.5
7ffff5e3f000-7ffff5e40000 rw-p 00003000 fe:00 6572493                    /usr/lib/libkeyutils.so.1.5
7ffff5e40000-7ffff5e4c000 r-xp 00000000 fe:00 6572529                    /usr/lib/libkrb5support.so.0.1
7ffff5e4c000-7ffff604b000 ---p 0000c000 fe:00 6572529                    /usr/lib/libkrb5support.so.0.1
7ffff604b000-7ffff604c000 r--p 0000b000 fe:00 6572529                    /usr/lib/libkrb5support.so.0.1
7ffff604c000-7ffff604d000 rw-p 0000c000 fe:00 6572529                    /usr/lib/libkrb5support.so.0.1
7ffff604d000-7ffff61e2000 r-xp 00000000 fe:00 6571734                    /usr/lib/libc-2.24.so
7ffff61e2000-7ffff63e1000 ---p 00195000 fe:00 6571734                    /usr/lib/libc-2.24.so
7ffff63e1000-7ffff63e5000 r--p 00194000 fe:00 6571734                    /usr/lib/libc-2.24.so
7ffff63e5000-7ffff63e7000 rw-p 00198000 fe:00 6571734                    /usr/lib/libc-2.24.so
7ffff63e7000-7ffff63eb000 rw-p 00000000 00:00 0 
7ffff63eb000-7ffff6403000 r-xp 00000000 fe:00 6573094                    /usr/lib/libpthread-2.24.so
7ffff6403000-7ffff6602000 ---p 00018000 fe:00 6573094                    /usr/lib/libpthread-2.24.so
7ffff6602000-7ffff6603000 r--p 00017000 fe:00 6573094                    /usr/lib/libpthread-2.24.so
7ffff6603000-7ffff6604000 rw-p 00018000 fe:00 6573094                    /usr/lib/libpthread-2.24.so
7ffff6604000-7ffff6608000 rw-p 00000000 00:00 0 
7ffff6608000-7ffff6652000 r-xp 00000000 fe:00 6572245                    /usr/lib/libgssapi_krb5.so.2.2
7ffff6652000-7ffff6852000 ---p 0004a000 fe:00 6572245                    /usr/lib/libgssapi_krb5.so.2.2
7ffff6852000-7ffff6854000 r--p 0004a000 fe:00 6572245                    /usr/lib/libgssapi_krb5.so.2.2
7ffff6854000-7ffff6856000 rw-p 0004c000 fe:00 6572245                    /usr/lib/libgssapi_krb5.so.2.2
7ffff6856000-7ffff6875000 r-xp 00000000 fe:00 6572248                    /usr/lib/libgssrpc.so.4.2
7ffff6875000-7ffff6a74000 ---p 0001f000 fe:00 6572248                    /usr/lib/libgssrpc.so.4.2
7ffff6a74000-7ffff6a75000 r--p 0001e000 fe:00 6572248                    /usr/lib/libgssrpc.so.4.2
7ffff6a75000-7ffff6a76000 rw-p 0001f000 fe:00 6572248                    /usr/lib/libgssrpc.so.4.2
7ffff6a76000-7ffff6a82000 r-xp 00000000 fe:00 6571847                    /usr/lib/libcollection.so.4.1.0
7ffff6a82000-7ffff6c81000 ---p 0000c000 fe:00 6571847                    /usr/lib/libcollection.so.4.1.0
7ffff6c81000-7ffff6c82000 r--p 0000b000 fe:00 6571847                    /usr/lib/libcollection.so.4.1.0
7ffff6c82000-7ffff6c83000 rw-p 0000c000 fe:00 6571847                    /usr/lib/libcollection.so.4.1.0
7ffff6c83000-7ffff6c85000 r-xp 00000000 fe:00 6573164                    /usr/lib/libref_array.so.1.2.1
7ffff6c85000-7ffff6e84000 ---p 00002000 fe:00 6573164                    /usr/lib/libref_array.so.1.2.1
7ffff6e84000-7ffff6e85000 r--p 00001000 fe:00 6573164                    /usr/lib/libref_array.so.1.2.1
7ffff6e85000-7ffff6e86000 rw-p 00002000 fe:00 6573164                    /usr/lib/libref_array.so.1.2.1
7ffff6e86000-7ffff6e87000 r-xp 00000000 fe:00 6571633                    /usr/lib/libbasicobjects.so.0.1.0
7ffff6e87000-7ffff7087000 ---p 00001000 fe:00 6571633                    /usr/lib/libbasicobjects.so.0.1.0
7ffff7087000-7ffff7088000 r--p 00001000 fe:00 6571633                    /usr/lib/libbasicobjects.so.0.1.0
7ffff7088000-7ffff7089000 rw-p 00002000 fe:00 6571633                    /usr/lib/libbasicobjects.so.0.1.0
7ffff7089000-7ffff70a2000 r-xp 00000000 fe:00 6572410                    /usr/lib/libini_config.so.5.2.0
7ffff70a2000-7ffff72a1000 ---p 00019000 fe:00 6572410                    /usr/lib/libini_config.so.5.2.0
7ffff72a1000-7ffff72a2000 r--p 00018000 fe:00 6572410                    /usr/lib/libini_config.so.5.2.0
7ffff72a2000-7ffff72a3000 rw-p 00019000 fe:00 6572410                    /usr/lib/libini_config.so.5.2.0
7ffff72a3000-7ffff72b2000 r-xp 00000000 fe:00 6573473                    /usr/lib/libverto.so.0.0
7ffff72b2000-7ffff74b1000 ---p 0000f000 fe:00 6573473                    /usr/lib/libverto.so.0.0
7ffff74b1000-7ffff74b2000 r--p 0000e000 fe:00 6573473                    /usr/lib/libverto.so.0.0
7ffff74b2000-7ffff74b3000 rw-p 0000f000 fe:00 6573473                    /usr/lib/libverto.so.0.0
7ffff74b3000-7ffff74b6000 r-xp 00000000 fe:00 6571853                    /usr/lib/libcom_err.so.2.1
7ffff74b6000-7ffff76b5000 ---p 00003000 fe:00 6571853                    /usr/lib/libcom_err.so.2.1
7ffff76b5000-7ffff76b6000 r--p 00002000 fe:00 6571853                    /usr/lib/libcom_err.so.2.1
7ffff76b6000-7ffff76b7000 rw-p 00003000 fe:00 6571853                    /usr/lib/libcom_err.so.2.1
7ffff76b7000-7ffff76e5000 r-xp 00000000 fe:00 6572455                    /usr/lib/libk5crypto.so.3.1
7ffff76e5000-7ffff78e4000 ---p 0002e000 fe:00 6572455                    /usr/lib/libk5crypto.so.3.1
7ffff78e4000-7ffff78e6000 r--p 0002d000 fe:00 6572455                    /usr/lib/libk5crypto.so.3.1
7ffff78e6000-7ffff78e7000 rw-p 0002f000 fe:00 6572455                    /usr/lib/libk5crypto.so.3.1
7ffff78e7000-7ffff78e8000 rw-p 00000000 00:00 0 
7ffff78e8000-7ffff79bd000 r-xp 00000000 fe:00 6572528                    /usr/lib/libkrb5.so.3.3
7ffff79bd000-7ffff7bbd000 ---p 000d5000 fe:00 6572528                    /usr/lib/libkrb5.so.3.3
7ffff7bbd000-7ffff7bca000 r--p 000d5000 fe:00 6572528                    /usr/lib/libkrb5.so.3.3
7ffff7bca000-7ffff7bcd000 rw-p 000e2000 fe:00 6572528                    /usr/lib/libkrb5.so.3.3
7ffff7bcd000-7ffff7bd8000 r-xp 00000000 fe:00 6573069                    /usr/lib/libpopt.so.0.0.0
7ffff7bd8000-7ffff7dd8000 ---p 0000b000 fe:00 6573069                    /usr/lib/libpopt.so.0.0.0
7ffff7dd8000-7ffff7dd9000 r--p 0000b000 fe:00 6573069                    /usr/lib/libpopt.so.0.0.0
7ffff7dd9000-7ffff7dda000 rw-p 0000c000 fe:00 6573069                    /usr/lib/libpopt.so.0.0.0
7ffff7dda000-7ffff7dfd000 r-xp 00000000 fe:00 6571011                    /usr/lib/ld-2.24.so
7ffff7f8a000-7ffff7f94000 rw-p 00000000 00:00 0 
7ffff7fd1000-7ffff7fd2000 rw-p 00000000 00:00 0 
7ffff7fd2000-7ffff7ff8000 r--p 00000000 fe:00 4073176                    /usr/share/locale/de/LC_MESSAGES/libc.mo
7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0                          [vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00022000 fe:00 6571011                    /usr/lib/ld-2.24.so
7ffff7ffd000-7ffff7ffe000 rw-p 00023000 fe:00 6571011                    /usr/lib/ld-2.24.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Thread 6 "gssproxy" received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff2b22700 (LWP 29999)]
0x00007ffff608004f in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff608004f in raise () from /usr/lib/libc.so.6
#1  0x00007ffff608147a in abort () from /usr/lib/libc.so.6
#2  0x00007ffff60bdc50 in __libc_message () from /usr/lib/libc.so.6
#3  0x00007ffff60c3fe6 in malloc_printerr () from /usr/lib/libc.so.6
#4  0x00007ffff60c47de in _int_free () from /usr/lib/libc.so.6
#5  0x0000555555559a1d in free_cred_store_elements (cs=cs@entry=0x7ffff2a21550) at src/gp_config.c:65
#6  0x000055555555d7d8 in gp_add_krb5_creds (min=min@entry=0x7ffff2a21660, gpcall=gpcall@entry=0x7ffff2b21ab0, acquire_type=acquire_type@entry=ACQ_NORMAL, 
    in_cred=in_cred@entry=0x0, desired_name=desired_name@entry=0x0, cred_usage=<optimized out>, cred_usage@entry=2, initiator_time_req=0, acceptor_time_req=0, 
    output_cred_handle=0x7ffff2a21670, actual_mechs=0x0, initiator_time_rec=0x0, acceptor_time_rec=0x0) at src/gp_creds.c:752
#7  0x00005555555673f6 in gp_accept_sec_context (gpcall=0x7ffff2b21ab0, arg=0x7ffff2a21880, res=0x7ffff2a217e0) at src/gp_rpc_accept_sec_context.c:58
#8  0x0000555555563b53 in gp_rpc_execute (res=0x7ffff2a21518, arg=0x7ffff2a21880, proc=32767, gpcall=0x7ffff2b21ab0) at src/gp_rpc_process.c:321
#9  gp_rpc_process_call (gpcall=gpcall@entry=0x7ffff2b21ab0, inbuf=<optimized out>, inlen=<optimized out>, outbuf=0x0, outbuf@entry=0x7ffff2b21aa0, 
    outlen=0x555555559a1d <free_cred_store_elements+61>, outlen@entry=0x7ffff2b21aa8) at src/gp_rpc_process.c:378
#10 0x000055555555cb6b in gp_handle_query (w=<optimized out>, q=0x55555579e800) at src/gp_workers.c:424
#11 gp_worker_main (pvt=0x55555579bda0) at src/gp_workers.c:378
#12 0x00007ffff63f2454 in start_thread () from /usr/lib/libpthread.so.0
#13 0x00007ffff61357df in clone () from /usr/lib/libc.so.6

Metadata Update from @pkerling:
- Issue assigned to simo
- Issue set to the milestone: 0.0 NEEDS TRIAGE

7 years ago

Metadata Update from @rharwood:
- Issue assigned to rharwood (was: simo)

7 years ago

Hi @pkerling, any chance you could check this with v0.6.2? I think I fixed the issue there but I am not sure. Thanks!

Metadata Update from @rharwood:
- Issue close_status updated to: None
- Issue priority set to: None (was: 2)

7 years ago

Confirmed working in v0.6.2. Much appreciated!

Metadata Update from @pkerling:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

7 years ago

Login to comment on this ticket.

Metadata