[Commotion-dev] strange segfault in commotiond @ wpa_ctrl

Dan Staples danstaples at opentechinstitute.org
Sat Aug 2 10:47:04 EDT 2014 

I was doing some testing of the new serval-dna library and refactored
serval plugin for commotiond, and was noticing frequent crashes of olsrd
and commotiond when route signing was turned on with the olsrd-mdp plugin.

Sometimes just olsrd would crash, but more often it would be commotiond
crashing, thus bringing olsrd down with it (due to the MDP plugin
failing to connect to the commotiond management socket).

After doing some remote debugging, three times in a row the cause of the
commotiond crash was from extern/wpa_ctrl.c:251. Here's the GDB output:

---

(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
wpa_ctrl_pending (ctrl=<value optimized out>) at
/opt/build/commotion-router/openwrt/build_dir/target-mips_r2_uClibc-0.9.33.2/commotiond/commotiond-refactoring/src/extern/wpa_ctrl.c:251
251	}
(gdb) where
#0  wpa_ctrl_pending (ctrl=<value optimized out>) at
/opt/build/commotion-router/openwrt/build_dir/target-mips_r2_uClibc-0.9.33.2/commotiond/commotiond-refactoring/src/extern/wpa_ctrl.c:251
#1  0x77035640 in ?? ()
warning: GDB can't find the start of the function at 0x7703563f.

    GDB is unable to find the start of the function at 0x7703563f
and thus can't determine the size of that function's stack frame.
This means that GDB may be unable to access that stack frame, or
the frames below it.
    This problem is most likely caused by an invalid program counter or
stack pointer.
    However, if you think GDB should simply search farther back
from 0x7703563f for code which looks like the beginning of a
function, you can increase the range of the search using the `set
heuristic-fence-post' command.

---

The memory location of the mystery function on the stack was different
each time I debugged it. Not sure why GDB failed to find it, but that's
what I've got so far.

I'll keep looking into it next week, but wanted to give a heads up,
since I haven't seen this before and wpa_ctrl.c isn't any different
between the refactoring and master branches of commotiond. I was testing
on a 3-node network with 1 picostation and 2 rockets.

-Dan


-- 
Dan Staples

Open Technology Institute
https://commotionwireless.net
OpenPGP key: http://disman.tl/pgp.asc
Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9

More information about the Commotion-dev mailing list