wpa_supplicant segfault in large WLAN

Ben Greear greearb at candelatech.com
Fri Sep 27 00:22:38 EDT 2013



On 09/26/2013 06:37 PM, Matt Causey wrote:

> I've attached the full and compressed valgrind log, though it may end up being scrubbed by the server.
>
> Thoughts?

These errors below (from your log) are nasty and can easily cause crashes.  There were more after this in
the logs, but probably best to start fixing the first ones first and then re-run until
you get a clean run...

==25997== Memcheck, a memory error detector
==25997== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==25997== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==25997== Command: wpa_supplicant -f /dev/null -t -Dnl80211 -onl80211 -i wlan0 -c /var/tmp/nerf.conf
==25997== Parent PID: 7949
==25997==
==25997== Invalid read of size 4
==25997==    at 0x8051874: wpa_bss_get_vendor_ie (bss.c:909)
==25997==    by 0x8086DE8: wpas_select_network_from_last_scan (events.c:645)
==25997==    by 0x8087E22: _wpa_supplicant_event_scan_results (events.c:1186)
==25997==    by 0x8087ED2: wpa_supplicant_event_scan_results (events.c:1269)
==25997==    by 0x808893C: wpa_supplicant_event (events.c:2438)
==25997==    by 0x8099370: send_scan_event (driver_nl80211.c:1679)
==25997==    by 0x8099D4A: do_process_drv_event (driver_nl80211.c:2201)
==25997==    by 0x809A4FB: process_global_event (driver_nl80211.c:2346)
==25997==    by 0x404147B: nl_cb_call (in /tmp/tcloop/libnl1/usr/local/lib/libnl.so.1.1)
==25997==    by 0x4041B79: nl_recvmsgs (in /tmp/tcloop/libnl1/usr/local/lib/libnl.so.1.1)
==25997==    by 0x8055172: eloop_sock_table_dispatch (eloop.c:393)
==25997==    by 0x8055A07: eloop_run (eloop.c:769)
==25997==  Address 0x4b7cb50 is 120 bytes inside a block of size 355 free'd
==25997==    at 0x40235BD: free (in /tmp/tcloop/valgrind/usr/local/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==25997==    by 0x8051E51: wpa_bss_remove (bss.c:199)
==25997==    by 0x8052F74: wpa_bss_update_scan_res (bss.c:282)
==25997==    by 0x808B039: wpa_supplicant_get_scan_results (scan.c:1533)
==25997==    by 0x8087CE4: _wpa_supplicant_event_scan_results (events.c:1099)
==25997==    by 0x8087ED2: wpa_supplicant_event_scan_results (events.c:1269)
==25997==    by 0x808893C: wpa_supplicant_event (events.c:2438)
==25997==    by 0x8099370: send_scan_event (driver_nl80211.c:1679)
==25997==    by 0x8099D4A: do_process_drv_event (driver_nl80211.c:2201)
==25997==    by 0x809A4FB: process_global_event (driver_nl80211.c:2346)
==25997==    by 0x404147B: nl_cb_call (in /tmp/tcloop/libnl1/usr/local/lib/libnl.so.1.1)
==25997==    by 0x4041B79: nl_recvmsgs (in /tmp/tcloop/libnl1/usr/local/lib/libnl.so.1.1)
==25997==

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com



More information about the HostAP mailing list