2008-05-26 07:30:11     ftpd hangs and crashes in R08R1. Stack overflow?

Document created by Aaronwu Employee on Aug 6, 2013
Version 1Show Document
  • View in full screen mode

2008-05-26 07:30:11     ftpd hangs and crashes in R08R1. Stack overflow?

Alexey Demin (RUSSIAN FEDERATION)

Message: 56270   

 

Hi all.

I have a problem with ftpd in release R08R1. ftpd hangs or crashes when I try to list fs contents using ftp client.

In release R06R2 this ftpd worked ok.

I guess the problem is in small stack size for ftpd. The size is set to 8192 bytes in Makefile.

ftpd has been compiled with option -mstack-check-l1 and there is no stack overflow message...

But when I set stack size to 65535, ftpd stops crashing and starts working ok.

 

Is it really stack overflow or bug is somewhere else?

 

Is any stack usage issues by user apps in release R06R2 versus release R08R1?

 

With best regards, Lex.

 

Here the log:

 

=========================================

root:~> flthdr -p /bin/ftpd

/bin/ftpd

    Magic:        bFLT

    Rev:          4

    Build Date:   Mon May 26 10:09:56 2008

    Entry:        0x44

    Data Start:   0x10760

    Data End:     0x15470

    BSS End:      0x276e0

    Stack Size:   0x2000

    Reloc Start:  0x15470

    Reloc Count:  0xabd

    Flags:        0x1 ( Load-to-Ram )

  

root:~> ftp 127.0.0.1

Connected to 127.0.0.1.

220 localhost.localdomain FTP server (GNU inetutils 1.4.1) ready.

Name (127.0.0.1:root): anonymous

331 Guest login ok, type your name as password.

Password:

230-                            _____________________________________

230-         a8888b.           / Welcome to the uClinux distribution \

230-        d888888b.         /       _     _                         \

230-        8P"YP"Y88        /       | |   |_|            __  __ (TM)  |

230-        8|o||o|88  _____/        | |    _ ____  _   _ \ \/ /       |

230-        8'    .88       \        | |   | |  _ \| | | | \  /        |

230-        8`._.' Y8.       \       | |__ | | | | | |_| | /  \        |

230-       d/      `8b.       \      \____||_|_| |_|\____|/_/\_\       |

230-      dP   .    Y8b.       \   For embedded processors including   |

230-     d8:'  "  `::88b        \    the Analog Devices Blackfin      /

230-    d8"         'Y88b        \___________________________________/

230-   :8P    '      :888

230-    8a.   :     _a88P         For further information, check out:

230-  ._/"Yaa_:   .| 88P|            - http://blackfin.uclinux.org/

230-  \    YP"    `| 8P  `.          - http://docs.blackfin.uclinux.org/

230-  /     \.___.d|    .'           - http://www.uclinux.org/

230-  `--..__)8888P`._.'  jgs/a:f    - http://www.analog.com/blackfin

230-

230- Have a lot of fun...

230 Guest login ok, access restrictions apply.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> cd /bin

250 CWD command successful.

ftp> ls

200 PORT command sucessful.

150 Opening ASCII mode data connection for '/bin/ls'.

=== AT THIS POINT I WAS WAITING FOR REPLY ABOUT A MINUTE AND PRESSED Ctrl-C> ===

receive aborted

waiting for remote to finish abort

abort: Bad file descriptor

421 Service not available, remote server has closed connection

421 Service not available, remote server has closed connection

ftp> ls

Not connected.

ftp> quit

 

root:~> flthdr -s 65535 /bin/ftpd

root:~> flthdr -p /bin/ftpd

/bin/ftpd

    Magic:        bFLT

    Rev:          4

    Build Date:   Mon May 26 10:09:56 2008

    Entry:        0x44

    Data Start:   0x10760

    Data End:     0x15470

    BSS End:      0x276e0

    Stack Size:   0xffff

    Reloc Start:  0x15470

    Reloc Count:  0xabd

    Flags:        0x1 ( Load-to-Ram )

root:~> ftp 127.0.0.1

Connected to 127.0.0.1.

220 localhost.localdomain FTP server (GNU inetutils 1.4.1) ready.

Name (127.0.0.1:root): anonymous

331 Guest login ok, type your name as password.

Password:

230-                            _____________________________________

230-         a8888b.           / Welcome to the uClinux distribution \

230-        d888888b.         /       _     _                         \

230-        8P"YP"Y88        /       | |   |_|            __  __ (TM)  |

230-        8|o||o|88  _____/        | |    _ ____  _   _ \ \/ /       |

230-        8'    .88       \        | |   | |  _ \| | | | \  /        |

230-        8`._.' Y8.       \       | |__ | | | | | |_| | /  \        |

230-       d/      `8b.       \      \____||_|_| |_|\____|/_/\_\       |

230-      dP   .    Y8b.       \   For embedded processors including   |

230-     d8:'  "  `::88b        \    the Analog Devices Blackfin      /

230-    d8"         'Y88b        \___________________________________/

230-   :8P    '      :888

230-    8a.   :     _a88P         For further information, check out:

230-  ._/"Yaa_:   .| 88P|            - http://blackfin.uclinux.org/

230-  \    YP"    `| 8P  `.          - http://docs.blackfin.uclinux.org/

230-  /     \.___.d|    .'           - http://www.uclinux.org/

230-  `--..__)8888P`._.'  jgs/a:f    - http://www.analog.com/blackfin

230-

230- Have a lot of fun...

230 Guest login ok, access restrictions apply.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> cd /bin

250 CWD command successful.

ftp> ls

200 PORT command sucessful.

150 Opening ASCII mode data connection for '/bin/ls'.

lrwxrwxrwx    1 1007     1000            7 May 26  2008 [ -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 [[ -> busybox

-rwxr--r--    1 1007     1000        54716 May 26  2008 arp

lrwxrwxrwx    1 1007     1000            7 May 26  2008 basename -> busybox

-rwxr-xr-x    1 1007     1000       331396 May 26  2008 busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 cat -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 chgrp -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 chmod -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 chown -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 cmp -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 cp -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 date -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 df -> busybox

-rwxr--r--    1 1007     1000        28872 May 26  2008 dhrystone

-rwxr--r--    1 1007     1000         1840 May 26  2008 discard

lrwxrwxrwx    1 1007     1000            7 May 26  2008 dmesg -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 echo -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 env -> busybox

-rwxr--r--    1 1007     1000        21384 May 26  2008 erase

-rwxr--r--    1 1007     1000        23756 May 26  2008 eraseall

-rwxr--r--    1 1007     1000       103512 May 26  2008 ethtool

-rwxr--r--    1 1007     1000        15632 May 26  2008 expand

lrwxrwxrwx    1 1007     1000            7 May 26  2008 false -> busybox

-rwxr--r--    1 1007     1000        37868 May 26  2008 flthdr

lrwxrwxrwx    1 1007     1000            7 May 26  2008 free -> busybox

-rwxr--r--    1 1007     1000       105500 May 26  2008 ftp

-rwxr--r--    1 1007     1000        98148 Jan  1 00:05 ftpd

lrwxrwxrwx    1 1007     1000            7 May 26  2008 ftpget -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 ftpput -> busybox

-rwxr--r--    1 1007     1000        68976 May 26  2008 gdbserver

lrwxrwxrwx    1 1007     1000           14 May 26  2008 halt -> ../bin/busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 hostname -> busybox

lrwxrwxrwx    1 1007     1000           14 May 26  2008 ifconfig -> ../bin/busybox

-rwxr--r--    1 1007     1000        30952 May 26  2008 inetd

-rwxr-xr-x    1 1007     1000         2200 May 26  2008 inetd-echo

-rwxr--r--    1 1007     1000        27548 May 26  2008 init

lrwxrwxrwx    1 1007     1000            7 May 26  2008 ip -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 ipaddr -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 iplink -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 iproute -> busybox

-rwxr--r--    1 1007     1000        74168 May 26  2008 iwconfig

-rwxr--r--    1 1007     1000        64296 May 26  2008 iwgetid

-rwxr--r--    1 1007     1000        64320 May 26  2008 iwpriv

lrwxrwxrwx    1 1007     1000            7 May 26  2008 kill -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 killall -> busybox

lrwxrwxrwx    1 1007     1000           14 May 26  2008 klogd -> ../bin/busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 ln -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 logger -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 ls -> busybox

-rwxr--r--    1 1007     1000        40672 May 26  2008 mii-tool

lrwxrwxrwx    1 1007     1000            7 May 26  2008 mkdir -> busybox

-rwxr--r--    1 1007     1000        90356 May 26  2008 mkfs.jffs2

lrwxrwxrwx    1 1007     1000            7 May 26  2008 mknod -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 more -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 mount -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 msh -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 mv -> busybox

-rwxr--r--    1 1007     1000        27676 May 26  2008 nandwrite

-rwxr--r--    1 1007     1000       142780 May 26  2008 netperf

-rwxr--r--    1 1007     1000       145688 May 26  2008 netserver

lrwxrwxrwx    1 1007     1000            7 May 26  2008 netstat -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 nslookup -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 passwd -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 pidof -> busybox

-rwxr--r--    1 1007     1000        69912 May 26  2008 ping

lrwxrwxrwx    1 1007     1000           14 May 26  2008 poweroff -> ../bin/busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 printenv -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 printf -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 ps -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 pwd -> busybox

lrwxrwxrwx    1 1007     1000           14 May 26  2008 reboot -> ../bin/busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 renice -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 rm -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 rmdir -> busybox

-rwxr--r--    1 1007     1000        58196 May 26  2008 route

lrwxrwxrwx    1 1007     1000            7 May 26  2008 run-parts -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 sh -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 sleep -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 stty -> busybox

-rwxr--r--    1 1007     1000        26788 May 26  2008 sysctl

lrwxrwxrwx    1 1007     1000           14 May 26  2008 syslogd -> ../bin/busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 telnet -> busybox

-rwxr--r--    1 1007     1000        39912 May 26  2008 telnetd

lrwxrwxrwx    1 1007     1000            7 May 26  2008 test -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 tftp -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 time -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 top -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 touch -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 true -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 tty -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 umount -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 uptime -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 usleep -> busybox

-rwxr--r--    1 1007     1000        17868 May 26  2008 version

lrwxrwxrwx    1 1007     1000            7 May 26  2008 vi -> busybox

lrwxrwxrwx    1 1007     1000            7 May 26  2008 wget -> busybox

-rwxr--r--    1 1007     1000        22112 May 26  2008 whetstone

226 Transfer complete.

ftp> quit

221 Goodbye.

======================================

QuoteReplyEditDelete

 

 

2008-05-26 20:24:24     Re: ftpd hangs and crashes in R08R1. Stack overflow?

Robin Getz (UNITED STATES)

Message: 56279   

 

Alexey:

 

It is possible that the application (ftpd) is grabbing most of the stack, and then calling a library function (which clobbers the stack, and does not have stack checking turned on).

 

Note that the stack checking works on code that you are compiling - you would need to recompile uClibc with stack checking turned on to see if this is the problem.

 

-Robin

Attachments

    Outcomes