Crash with valgrind output.

Ben Greear greearb at candelatech.com
Wed Feb 16 16:08:27 EST 2011 

On 02/16/2011 09:48 AM, Ben Greear wrote:
> I have a reproducible case where the supplicant crashes and dumps
> core whenever I stop my app (which has previously started supplicant).

Hrm, I think I found the problem:  My install script
wasn't properly stopping wpa_supplicant, and it was writing
over the supplicant libraries and binary files.  Seems that
causes the crash.

I found some funny things in the meantime..will post an
RFC patch for that just in case it's a real problem.

Thanks,
Ben

>
> I'm having a bit of trouble figuring out how this could crash
> as it does and give so little useful valgrind info...
>
> It appears 'eloop' is totally corrupt, but it's a global
> static struct...so not sure how that could come about.
>
> I'm going to keep poking at this, but suggestions are
> welcome...
>
> Valgrind output:
>
> ==8327== For counts of detected and suppressed errors, rerun with: -v
> ==8327== ERROR SUMMARY: 77 errors from 55 contexts (suppressed: 0 from 0)
> ==8327== Invalid read of size 4
> ==8327==    at 0x80530A8: eloop_handle_signal (eloop.c:413)
> ==8327==    by 0x43899387: ??? (in /lib/libc-2.13.so)
> ==8327==    by 0x807957D: wpa_supplicant_run (wpa_supplicant.c:2499)
> ==8327==    by 0x8082935: main (main.c:274)
> ==8327==  Address 0x4024003 is not stack'd, malloc'd or (recently) free'd
> ==8327==
> ==8327==
> ==8327== Process terminating with default action of signal 11 (SIGSEGV): dumping core
> ==8327==  Access not within mapped region at address 0x4024003
> ==8327==    at 0x80530A8: eloop_handle_signal (eloop.c:413)
> ==8327==    by 0x43899387: ??? (in /lib/libc-2.13.so)
> ==8327==    by 0x807957D: wpa_supplicant_run (wpa_supplicant.c:2499)
> ==8327==    by 0x8082935: main (main.c:274)
> ==8327==  If you believe this happened as a result of a stack
> ==8327==  overflow in your program's main thread (unlikely but
> ==8327==  possible), you can try to increase the size of the
> ==8327==  main thread stack using the --main-stacksize= flag.
> ==8327==  The main thread stack size used in this run was 8388608.
> ==8327==
>
> And gdb output:
>
> Program terminated with signal 11, Segmentation fault.
> #0  eloop_handle_signal (sig=15) at ../src/utils/eloop.c:413
> 413	../src/utils/eloop.c: No such file or directory.
> 	in ../src/utils/eloop.c
> (gdb) bt
> #0  eloop_handle_signal (sig=15) at ../src/utils/eloop.c:413
> #1<signal handler called>
> #2  0x4384d852 in ?? ()
> #3  0x0807957e in wpa_supplicant_run (global=0x403a108) at wpa_supplicant.c:2499
> #4  0x08082936 in main (argc=68, argv=0xbe97a084) at main.c:274
> (gdb) frame 0
> #0  eloop_handle_signal (sig=15) at ../src/utils/eloop.c:413
> 413	in ../src/utils/eloop.c
> (gdb) print i
> $1 = 9206
> (gdb) print signal_count
> No symbol "signal_count" in current context.
> (gdb) print eloop
> $2 = {max_sock = 252936, readers = {count = 0, table = 0x0, changed = 7168}, writers = {count = -1929379328, table = 0x4000067,
>       changed = 0}, exceptions = {count = 83496960, table = 0x121408, changed = 0}, timeout = {next = 0x0, prev = 0x1c00},
>     signal_count = 855638528, signals = 0x40000a3, signaled = 1, pending_terminate = 84684800, terminate = 25864,
>     reader_table_changed = 0}
> (gdb)
>


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

More information about the HostAP mailing list