Crash related to p2p

Ben Greear greearb at candelatech.com
Wed May 9 14:06:27 EDT 2012


On 05/09/2012 10:12 AM, Ben Greear wrote:
> We're seeing this crash.  It appears that by the time we get to frame 2, ctx
> is corrupted.  It is not a wpa_s, or at least not a good one.

I updated to latest upstream, enabled valgrind, and I'm seeing
access of freed memory.  I think this is probably the root
cause of this and similar crashes that I see.  Must not be cleaning
up the the p2p msg_ctx reference or something?

For counts of detected and suppressed errors, rerun with: -v
==31996== ERROR SUMMARY: 59 errors from 59 contexts (suppressed: 6 from 6)
==31996== Invalid read of size 1
==31996==    at 0x3108E46781: vfprintf (in /lib64/libc-2.13.so)
==31996==    by 0x3108E6EF31: vsnprintf (in /lib64/libc-2.13.so)
==31996==    by 0x3108E4FBF2: snprintf (in /lib64/libc-2.13.so)
==31996==    by 0x40F995: wpa_msg (wpa_debug.c:613)
==31996==    by 0x433D37: p2p_stop_find_for_freq (p2p.c:1027)
==31996==    by 0x433EFD: p2p_stop_find (p2p.c:1069)
==31996==    by 0x437924: p2p_flush (p2p.c:2305)
==31996==    by 0x437829: p2p_deinit (p2p.c:2286)
==31996==    by 0x42B38C: wpas_p2p_deinit_global (p2p_supplicant.c:2571)
==31996==    by 0x4CA169: wpa_supplicant_deinit (wpa_supplicant.c:3049)
==31996==    by 0x4D5E08: main (main.c:288)
==31996==  Address 0x504661e is 46 bytes inside a block of size 1,600 free'd
==31996==    at 0x4A05187: free (vg_replace_malloc.c:325)
==31996==    by 0x4C9C2E: wpa_supplicant_remove_iface (wpa_supplicant.c:2830)
==31996==    by 0x4BA40E: wpa_supplicant_global_iface_remove (ctrl_iface.c:4441)
==31996==    by 0x4BA859: wpa_supplicant_global_ctrl_iface_process (ctrl_iface.c:4555)
==31996==    by 0x4BBE4D: wpa_supplicant_global_ctrl_iface_receive (ctrl_iface_unix.c:631)
==31996==    by 0x4115B0: eloop_sock_table_dispatch_table (eloop.c:335)
==31996==    by 0x41161D: eloop_sock_table_dispatch (eloop.c:352)
==31996==    by 0x4120EC: eloop_run (eloop.c:766)
==31996==    by 0x4CA13F: wpa_supplicant_run (wpa_supplicant.c:3028)
==31996==    by 0x4D5DF9: main (main.c:286)
==31996==


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com



More information about the HostAP mailing list