Site Navigation

Date:      Wed, 13 Apr 2022 10:53:14 +0000
From:      Dan Kotowski <dan.kotowski@a9development.com>
To:        "freebsd-wireless@FreeBSD.org" <freebsd-wireless@FreeBSD.org>
Subject:   wpa_supplicant segfault in stable/13
Message-ID:  <riO2CyOOX2uym9TOHKn9wV58TwGSMrWDeQ5XyqCHt_HK9MdJ1IJ2HsuD7Bvei-iNO5diVi_YWIiD_WUlSPgb0Ju3RErQKMy1VZUQFUrvEDU=@a9development.com>

---

index | next in thread | raw e-mail

---

[-- Attachment #1 --]
Recently started seeing wpa_supplicant core dumps in messages:

Core was generated by `/usr/sbin/wpa_supplicant -s -B -i wlan99 -c /etc/wpa_supplicant.conf -D bsd -P /'.
Program terminated with signal SIGSEGV, Segmentation fault.
Address not mapped to object.
#0 memcpy () at /usr/src/lib/libc/amd64/string/memmove.S:314
314 MEMMOVE erms=0 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END(gdb) bt
#0 memcpy () at /usr/src/lib/libc/amd64/string/memmove.S:314
#1 0x00000000011468e3 in wpabuf_put_data (buf=0x802a00dc0, data=0x801e680e8, len=3595206685) at /usr/src/contrib/wpa/src/utils/wpabuf.h:170
#2 wpabuf_alloc_copy (data=data@entry=0x801e680e8, len=len@entry=3595206685) at /usr/src/contrib/wpa/src/utils/wpabuf.c:164
#3 0x00000000010cbeff in wpa_supplicant_rx_eapol (ctx=0x801e39000, src_addr=0x801e680e0 "l\256\366Ӎf\210\216\002\003", buf=0x803398cf5 "",
len=3595206685) at /usr/src/contrib/wpa/wpa_supplicant/wpa_supplicant.c:5037
#4 0x00000000010ff5c8 in l2_packet_receive (sock=, eloop_ctx=0x801e28be0, sock_ctx=)
at /usr/src/contrib/wpa/src/l2_packet/l2_packet_freebsd.c:102
#5 0x0000000001143bd3 in eloop_sock_table_dispatch (fds=0x801e64780, table=) at /usr/src/contrib/wpa/src/utils/eloop.c:603
#6 eloop_run () at /usr/src/contrib/wpa/src/utils/eloop.c:1233
#7 0x00000000010cf7cc in wpa_supplicant_run (global=, global@entry=0x801e2d000)
at /usr/src/contrib/wpa/wpa_supplicant/wpa_supplicant.c:7470#8 0x00000000010b164a in main (argc=, argv=) at /usr/src/contrib/wpa/wpa_supplicant/main.c:391

I have not had time to bisect and won't for at least another week, but it's almost certainly in the range 453b4f81939..7ae00874e5c

Dan Kotowski
----------------------------------------------------------------
"I've been cold before, and I'll be cold again, but right now I'm duck hunting." -Roger Powell
[-- Attachment #2 --]
<div style="font-family: arial; font-size: 14px;">Recently started seeing wpa_supplicant core dumps in messages:<br></div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;"><span>Core was generated by `/usr/sbin/wpa_supplicant -s -B -i wlan99 -c /etc/wpa_supplicant.conf -D bsd -P /'.</span><div><span>Program terminated with signal SIGSEGV, Segmentation fault.</span></div><div><span>Address not mapped to object.</span></div><div><span>#0 &nbsp;memcpy () at /usr/src/lib/libc/amd64/string/memmove.S:314</span></div><div><span>314 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MEMMOVE erms=0 overlap=1 begin=MEMMOVE_BEGIN end=MEMMOVE_END</span></div><span></span><span>(gdb) bt</span><div><span>#0 &nbsp;memcpy () at /usr/src/lib/libc/amd64/string/memmove.S:314</span></div><div><span>#1
 &nbsp;0x00000000011468e3 in wpabuf_put_data (buf=0x802a00dc0,
data=0x801e680e8, len=3595206685) at
/usr/src/contrib/wpa/src/utils/wpabuf.h:170</span></div><div><span>#2 &nbsp;wpabuf_alloc_copy (data=data@entry=0x801e680e8, len=len@entry=3595206685) at /usr/src/contrib/wpa/src/utils/wpabuf.c:164</span></div><div><span>#3
 &nbsp;0x00000000010cbeff in wpa_supplicant_rx_eapol (ctx=0x801e39000,
src_addr=0x801e680e0 "l\256\366Ӎf\210\216\002\003", buf=0x803398cf5 "",</span></div><div><span>&nbsp; &nbsp; len=3595206685) at /usr/src/contrib/wpa/wpa_supplicant/wpa_supplicant.c:5037</span></div><div><span>#4 &nbsp;0x00000000010ff5c8 in l2_packet_receive (sock=<span>, eloop_ctx=0x801e28be0, sock_ctx=<span>)</span></span></span></div><div><span>&nbsp; &nbsp; at /usr/src/contrib/wpa/src/l2_packet/l2_packet_freebsd.c:102</span></div><div><span>#5 &nbsp;0x0000000001143bd3 in eloop_sock_table_dispatch (fds=0x801e64780, table=<span>) at /usr/src/contrib/wpa/src/utils/eloop.c:603</span></span></div><div><span>#6 &nbsp;eloop_run () at /usr/src/contrib/wpa/src/utils/eloop.c:1233</span></div><div><span>#7 &nbsp;0x00000000010cf7cc in wpa_supplicant_run (global=<span>, global@entry=0x801e2d000)</span></span></div><div><span>&nbsp; &nbsp; at /usr/src/contrib/wpa/wpa_supplicant/wpa_supplicant.c:7470</span></div><span><span>#8 &nbsp;0x00000000010b164a in main (argc=<span>, argv=<span>) at /usr/src/contrib/wpa/wpa_supplicant/main.c:391</span></span></span></span><br></div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;">I have not had time to bisect and won't for at least another week, but it's almost certainly in the range <span>453b4f81939..7ae00874e5c</span><br></div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;"><br></div>
<div class="protonmail_signature_block" style="font-family: arial; font-size: 14px;">
    <div class="protonmail_signature_block-user">
        Dan Kotowski<br>----------------------------------------------------------------<br>"I've been cold before, and I'll be cold again, but right now I'm duck hunting." -Roger Powell
    </div>

            <div class="protonmail_signature_block-proton protonmail_signature_block-empty">

            </div>
</div>

help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?riO2CyOOX2uym9TOHKn9wV58TwGSMrWDeQ5XyqCHt_HK9MdJ1IJ2HsuD7Bvei-iNO5diVi_YWIiD_WUlSPgb0Ju3RErQKMy1VZUQFUrvEDU=>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact