[krbdev.mit.edu #3087]

Ken Raeburn via RT rt-comment at krbdev.mit.edu
Wed Jun 8 20:43:24 EDT 2005 

> Running kinit, klist, kadmin, telnet etc all produce messages
> similar to:
> 
> klist in free(): error: chunk is already free
> Abort trap

I've tried static builds on x86-linux, and can't find any problems using valgrind or electric 
fence.  I've also tried alpha-netbsd2.0 with shared libraries and enabled debugging options 
in the native malloc, still no hints.

> anquetil.bath.ac.uk ?// MALLOC_OPTIONS=a /kerberosV/bin/klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_526)
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt526
> klist: You have no tickets cached
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> klist in free(): warning: chunk is already free
> anquetil.bath.ac.uk ?//
> 
> Note that the command always seems to work OK and the error seems to
> occur as part of the cleanup before the command exits.  This is most
> noticable with the telnet command.  The failure occurs after the
> connection to the remote site has been closed.
> 
> Running a simple program under gdb gives:
> 
> 
> a.out in free(): error: chunk is already free
> 
> Program received signal SIGABRT, Aborted.
> 0x0e16b71d in kill () from /usr/lib/libc.so.34.2
> (gdb) bt
> #0  0x0e16b71d in kill () from /usr/lib/libc.so.34.2
> #1  0x0e19830f in abort () from /usr/lib/libc.so.34.2
> #2  0x0e16fb71 in execve () from /usr/lib/libc.so.34.2
> #3  0x00000002 in ?? ()
> #4  0xcfbf82bc in ?? ()

This stack trace is pretty clearly corrupted.

Could you try running the program under GDB, with a breakpoint in remove_error_table, and 
each time it's hit, print out the argument passed in and the stack trace?

I'd also be interested in seeing the order in which profile_library_finalizer and 
com_err_terminate get called (profile_library_finalizer should be first), and the value of the 
variable 'terminated' in error_message.c when the problem happens.

More information about the krb5-bugs mailing list