Crash with valgrind output.

Ben Greear greearb
Wed Feb 16 09:48:00 PST 2011 

I have a reproducible case where the supplicant crashes and dumps
core whenever I stop my app (which has previously started supplicant).

I'm having a bit of trouble figuring out how this could crash
as it does and give so little useful valgrind info...

It appears 'eloop' is totally corrupt, but it's a global
static struct...so not sure how that could come about.

I'm going to keep poking at this, but suggestions are
welcome...

Valgrind output:

==8327== For counts of detected and suppressed errors, rerun with: -v
==8327== ERROR SUMMARY: 77 errors from 55 contexts (suppressed: 0 from 0)
==8327== Invalid read of size 4
==8327==    at 0x80530A8: eloop_handle_signal (eloop.c:413)
==8327==    by 0x43899387: ??? (in /lib/libc-2.13.so)
==8327==    by 0x807957D: wpa_supplicant_run (wpa_supplicant.c:2499)
==8327==    by 0x8082935: main (main.c:274)
==8327==  Address 0x4024003 is not stack'd, malloc'd or (recently) free'd
==8327==
==8327==
==8327== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==8327==  Access not within mapped region at address 0x4024003
==8327==    at 0x80530A8: eloop_handle_signal (eloop.c:413)
==8327==    by 0x43899387: ??? (in /lib/libc-2.13.so)
==8327==    by 0x807957D: wpa_supplicant_run (wpa_supplicant.c:2499)
==8327==    by 0x8082935: main (main.c:274)
==8327==  If you believe this happened as a result of a stack
==8327==  overflow in your program's main thread (unlikely but
==8327==  possible), you can try to increase the size of the
==8327==  main thread stack using the --main-stacksize= flag.
==8327==  The main thread stack size used in this run was 8388608.
==8327==

And gdb output:

Program terminated with signal 11, Segmentation fault.
#0  eloop_handle_signal (sig=15) at ../src/utils/eloop.c:413
413	../src/utils/eloop.c: No such file or directory.
	in ../src/utils/eloop.c
(gdb) bt
#0  eloop_handle_signal (sig=15) at ../src/utils/eloop.c:413
#1  <signal handler called>
#2  0x4384d852 in ?? ()
#3  0x0807957e in wpa_supplicant_run (global=0x403a108) at wpa_supplicant.c:2499
#4  0x08082936 in main (argc=68, argv=0xbe97a084) at main.c:274
(gdb) frame 0
#0  eloop_handle_signal (sig=15) at ../src/utils/eloop.c:413
413	in ../src/utils/eloop.c
(gdb) print i
$1 = 9206
(gdb) print signal_count
No symbol "signal_count" in current context.
(gdb) print eloop
$2 = {max_sock = 252936, readers = {count = 0, table = 0x0, changed = 7168}, writers = {count = -1929379328, table = 0x4000067,
     changed = 0}, exceptions = {count = 83496960, table = 0x121408, changed = 0}, timeout = {next = 0x0, prev = 0x1c00},
   signal_count = 855638528, signals = 0x40000a3, signaled = 1, pending_terminate = 84684800, terminate = 25864,
   reader_table_changed = 0}
(gdb)

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

More information about the Hostap mailing list