Double free or corruption with latest GIT tree
Marcel Holtmann
marcel
Fri Jan 1 17:30:56 PST 2010
Hi Jouni,
so I got this double free out of the blue while using the latest GIT
tree from today.
*** glibc detected *** ./wpa_supplicant: double free or corruption (out): 0x0000000002511340 ***
======= Backtrace: =========
/lib64/libc.so.6[0x391e874576]
./wpa_supplicant[0x43c931]
/lib64/libdbus-1.so.3[0x3924c1cf1c]
/lib64/libdbus-1.so.3(dbus_connection_unregister_object_path+0xaa)[0x3924c0c6ba]
./wpa_supplicant[0x43c98c]
./wpa_supplicant[0x43d6b4]
./wpa_supplicant[0x409af0]
./wpa_supplicant[0x40a1c2]
./wpa_supplicant[0x40a27f]
./wpa_supplicant[0x445e88]
./wpa_supplicant[0x44a033]
./wpa_supplicant[0x44b3c5]
./wpa_supplicant[0x457670]
/usr/lib64/libnl.so.1(nl_recvmsgs+0x284)[0x392001c4e4]
./wpa_supplicant[0x452ac8]
./wpa_supplicant[0x40c02b]
./wpa_supplicant[0x40c669]
./wpa_supplicant[0x445bb8]
./wpa_supplicant[0x44d870]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x391e81eb1d]
./wpa_supplicant[0x406a69]
Program terminated with signal 6, Aborted.
#0 0x000000391e8326b5 in raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install libgcc-4.4.2-20.fc12.x86_64
(gdb) bt
#0 0x000000391e8326b5 in raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x000000391e833e95 in abort () at abort.c:92
#2 0x000000391e86ebe3 in __libc_message (do_abort=<value optimized out>,
fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#3 0x000000391e874576 in malloc_printerr (action=3,
str=0x391e93dc88 "double free or corruption (out)", ptr=<value optimized out>)
at malloc.c:6264
#4 0x000000000043c931 in free_dbus_object_desc (obj_dsc=0x251b260)
at dbus/dbus_new_helpers.c:506
#5 0x0000003924c1cf1c in _dbus_object_tree_unregister_and_unlock (tree=<value optimized out>,
path=<value optimized out>) at dbus-object-tree.c:514
#6 0x0000003924c0c6ba in dbus_connection_unregister_object_path (connection=0x24f1460,
path=0x251b1c0 "/fi/w1/wpa_supplicant1/Interfaces/1/BSSs/105") at dbus-connection.c:5615
#7 0x000000000043c98c in wpa_dbus_unregister_object_per_iface (
ctrl_iface=<value optimized out>, path=<value optimized out>)
at dbus/dbus_new_helpers.c:640
#8 0x000000000043d6b4 in wpas_dbus_unregister_bss (wpa_s=0x24f4e00,
bssid=<value optimized out>, id=<value optimized out>) at dbus/dbus_new.c:1329
#9 0x0000000000409af0 in wpas_notify_bss_removed (wpa_s=0x24f4e00, bssid=0x251b060 "", id=105)
at notify.c:205
#10 0x000000000040a1c2 in wpa_bss_remove (wpa_s=0x24f4e00, bss=0x251b030) at bss.c:63
#11 0x000000000040a27f in wpa_bss_update_end (wpa_s=0x24f4e00) at bss.c:214
#12 0x0000000000445e88 in wpa_supplicant_get_scan_results (wpa_s=0x24f4e00)
at wpa_supplicant.c:1597
#13 0x000000000044a033 in wpa_supplicant_event_scan_results (wpa_s=0x24f4e00) at events.c:773
#14 0x000000000044b3c5 in wpa_supplicant_event (ctx=0x24f4e00, event=<value optimized out>,
data=0x0) at events.c:1405
#15 0x0000000000457670 in process_event (msg=<value optimized out>, arg=0x24f1ab0)
at ../src/drivers/driver_nl80211.c:755
#16 0x000000392001c4e4 in recvmsgs (cb=<value optimized out>, handle=<value optimized out>)
at nl.c:724
#17 nl_recvmsgs (cb=<value optimized out>, handle=<value optimized out>) at nl.c:772
#18 0x0000000000452ac8 in wpa_driver_nl80211_event_receive (sock=<value optimized out>,
eloop_ctx=0x24f1ab0, sock_ctx=<value optimized out>) at ../src/drivers/driver_nl80211.c:814
#19 0x000000000040c02b in eloop_sock_table_dispatch (table=0x684988, fds=0x24f48a0)
at ../src/utils/eloop.c:216
#20 0x000000000040c669 in eloop_run () at ../src/utils/eloop.c:548
#21 0x0000000000445bb8 in wpa_supplicant_run (global=0x24f0850) at wpa_supplicant.c:2382
#22 0x000000000044d870 in main (argc=<value optimized out>, argv=<value optimized out>)
at main.c:274
Regards
Marcel
More information about the Hostap
mailing list