2008-05-26 07:30:11 ftpd hangs and crashes in R08R1. Stack overflow?
Alexey Demin (RUSSIAN FEDERATION)
Message: 56270
Hi all.
I have a problem with ftpd in release R08R1. ftpd hangs or crashes when I try to list fs contents using ftp client.
In release R06R2 this ftpd worked ok.
I guess the problem is in small stack size for ftpd. The size is set to 8192 bytes in Makefile.
ftpd has been compiled with option -mstack-check-l1 and there is no stack overflow message...
But when I set stack size to 65535, ftpd stops crashing and starts working ok.
Is it really stack overflow or bug is somewhere else?
Is any stack usage issues by user apps in release R06R2 versus release R08R1?
With best regards, Lex.
Here the log:
=========================================
root:~> flthdr -p /bin/ftpd
/bin/ftpd
Magic: bFLT
Rev: 4
Build Date: Mon May 26 10:09:56 2008
Entry: 0x44
Data Start: 0x10760
Data End: 0x15470
BSS End: 0x276e0
Stack Size: 0x2000
Reloc Start: 0x15470
Reloc Count: 0xabd
Flags: 0x1 ( Load-to-Ram )
root:~> ftp 127.0.0.1
Connected to 127.0.0.1.
220 localhost.localdomain FTP server (GNU inetutils 1.4.1) ready.
Name (127.0.0.1:root): anonymous
331 Guest login ok, type your name as password.
Password:
230- _____________________________________
230- a8888b. / Welcome to the uClinux distribution \
230- d888888b. / _ _ \
230- 8P"YP"Y88 / | | |_| __ __ (TM) |
230- 8|o||o|88 _____/ | | _ ____ _ _ \ \/ / |
230- 8' .88 \ | | | | _ \| | | | \ / |
230- 8`._.' Y8. \ | |__ | | | | | |_| | / \ |
230- d/ `8b. \ \____||_|_| |_|\____|/_/\_\ |
230- dP . Y8b. \ For embedded processors including |
230- d8:' " `::88b \ the Analog Devices Blackfin /
230- d8" 'Y88b \___________________________________/
230- :8P ' :888
230- 8a. : _a88P For further information, check out:
230- ._/"Yaa_: .| 88P| - http://blackfin.uclinux.org/
230- \ YP" `| 8P `. - http://docs.blackfin.uclinux.org/
230- / \.___.d| .' - http://www.uclinux.org/
230- `--..__)8888P`._.' jgs/a:f - http://www.analog.com/blackfin
230-
230- Have a lot of fun...
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /bin
250 CWD command successful.
ftp> ls
200 PORT command sucessful.
150 Opening ASCII mode data connection for '/bin/ls'.
=== AT THIS POINT I WAS WAITING FOR REPLY ABOUT A MINUTE AND PRESSED Ctrl-C> ===
receive aborted
waiting for remote to finish abort
abort: Bad file descriptor
421 Service not available, remote server has closed connection
421 Service not available, remote server has closed connection
ftp> ls
Not connected.
ftp> quit
root:~> flthdr -s 65535 /bin/ftpd
root:~> flthdr -p /bin/ftpd
/bin/ftpd
Magic: bFLT
Rev: 4
Build Date: Mon May 26 10:09:56 2008
Entry: 0x44
Data Start: 0x10760
Data End: 0x15470
BSS End: 0x276e0
Stack Size: 0xffff
Reloc Start: 0x15470
Reloc Count: 0xabd
Flags: 0x1 ( Load-to-Ram )
root:~> ftp 127.0.0.1
Connected to 127.0.0.1.
220 localhost.localdomain FTP server (GNU inetutils 1.4.1) ready.
Name (127.0.0.1:root): anonymous
331 Guest login ok, type your name as password.
Password:
230- _____________________________________
230- a8888b. / Welcome to the uClinux distribution \
230- d888888b. / _ _ \
230- 8P"YP"Y88 / | | |_| __ __ (TM) |
230- 8|o||o|88 _____/ | | _ ____ _ _ \ \/ / |
230- 8' .88 \ | | | | _ \| | | | \ / |
230- 8`._.' Y8. \ | |__ | | | | | |_| | / \ |
230- d/ `8b. \ \____||_|_| |_|\____|/_/\_\ |
230- dP . Y8b. \ For embedded processors including |
230- d8:' " `::88b \ the Analog Devices Blackfin /
230- d8" 'Y88b \___________________________________/
230- :8P ' :888
230- 8a. : _a88P For further information, check out:
230- ._/"Yaa_: .| 88P| - http://blackfin.uclinux.org/
230- \ YP" `| 8P `. - http://docs.blackfin.uclinux.org/
230- / \.___.d| .' - http://www.uclinux.org/
230- `--..__)8888P`._.' jgs/a:f - http://www.analog.com/blackfin
230-
230- Have a lot of fun...
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /bin
250 CWD command successful.
ftp> ls
200 PORT command sucessful.
150 Opening ASCII mode data connection for '/bin/ls'.
lrwxrwxrwx 1 1007 1000 7 May 26 2008 [ -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 [[ -> busybox
-rwxr--r-- 1 1007 1000 54716 May 26 2008 arp
lrwxrwxrwx 1 1007 1000 7 May 26 2008 basename -> busybox
-rwxr-xr-x 1 1007 1000 331396 May 26 2008 busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 cat -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 chgrp -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 chmod -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 chown -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 cmp -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 cp -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 date -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 df -> busybox
-rwxr--r-- 1 1007 1000 28872 May 26 2008 dhrystone
-rwxr--r-- 1 1007 1000 1840 May 26 2008 discard
lrwxrwxrwx 1 1007 1000 7 May 26 2008 dmesg -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 echo -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 env -> busybox
-rwxr--r-- 1 1007 1000 21384 May 26 2008 erase
-rwxr--r-- 1 1007 1000 23756 May 26 2008 eraseall
-rwxr--r-- 1 1007 1000 103512 May 26 2008 ethtool
-rwxr--r-- 1 1007 1000 15632 May 26 2008 expand
lrwxrwxrwx 1 1007 1000 7 May 26 2008 false -> busybox
-rwxr--r-- 1 1007 1000 37868 May 26 2008 flthdr
lrwxrwxrwx 1 1007 1000 7 May 26 2008 free -> busybox
-rwxr--r-- 1 1007 1000 105500 May 26 2008 ftp
-rwxr--r-- 1 1007 1000 98148 Jan 1 00:05 ftpd
lrwxrwxrwx 1 1007 1000 7 May 26 2008 ftpget -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 ftpput -> busybox
-rwxr--r-- 1 1007 1000 68976 May 26 2008 gdbserver
lrwxrwxrwx 1 1007 1000 14 May 26 2008 halt -> ../bin/busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 hostname -> busybox
lrwxrwxrwx 1 1007 1000 14 May 26 2008 ifconfig -> ../bin/busybox
-rwxr--r-- 1 1007 1000 30952 May 26 2008 inetd
-rwxr-xr-x 1 1007 1000 2200 May 26 2008 inetd-echo
-rwxr--r-- 1 1007 1000 27548 May 26 2008 init
lrwxrwxrwx 1 1007 1000 7 May 26 2008 ip -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 ipaddr -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 iplink -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 iproute -> busybox
-rwxr--r-- 1 1007 1000 74168 May 26 2008 iwconfig
-rwxr--r-- 1 1007 1000 64296 May 26 2008 iwgetid
-rwxr--r-- 1 1007 1000 64320 May 26 2008 iwpriv
lrwxrwxrwx 1 1007 1000 7 May 26 2008 kill -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 killall -> busybox
lrwxrwxrwx 1 1007 1000 14 May 26 2008 klogd -> ../bin/busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 ln -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 logger -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 ls -> busybox
-rwxr--r-- 1 1007 1000 40672 May 26 2008 mii-tool
lrwxrwxrwx 1 1007 1000 7 May 26 2008 mkdir -> busybox
-rwxr--r-- 1 1007 1000 90356 May 26 2008 mkfs.jffs2
lrwxrwxrwx 1 1007 1000 7 May 26 2008 mknod -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 more -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 mount -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 msh -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 mv -> busybox
-rwxr--r-- 1 1007 1000 27676 May 26 2008 nandwrite
-rwxr--r-- 1 1007 1000 142780 May 26 2008 netperf
-rwxr--r-- 1 1007 1000 145688 May 26 2008 netserver
lrwxrwxrwx 1 1007 1000 7 May 26 2008 netstat -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 nslookup -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 passwd -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 pidof -> busybox
-rwxr--r-- 1 1007 1000 69912 May 26 2008 ping
lrwxrwxrwx 1 1007 1000 14 May 26 2008 poweroff -> ../bin/busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 printenv -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 printf -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 ps -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 pwd -> busybox
lrwxrwxrwx 1 1007 1000 14 May 26 2008 reboot -> ../bin/busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 renice -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 rm -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 rmdir -> busybox
-rwxr--r-- 1 1007 1000 58196 May 26 2008 route
lrwxrwxrwx 1 1007 1000 7 May 26 2008 run-parts -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 sh -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 sleep -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 stty -> busybox
-rwxr--r-- 1 1007 1000 26788 May 26 2008 sysctl
lrwxrwxrwx 1 1007 1000 14 May 26 2008 syslogd -> ../bin/busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 telnet -> busybox
-rwxr--r-- 1 1007 1000 39912 May 26 2008 telnetd
lrwxrwxrwx 1 1007 1000 7 May 26 2008 test -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 tftp -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 time -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 top -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 touch -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 true -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 tty -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 umount -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 uptime -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 usleep -> busybox
-rwxr--r-- 1 1007 1000 17868 May 26 2008 version
lrwxrwxrwx 1 1007 1000 7 May 26 2008 vi -> busybox
lrwxrwxrwx 1 1007 1000 7 May 26 2008 wget -> busybox
-rwxr--r-- 1 1007 1000 22112 May 26 2008 whetstone
226 Transfer complete.
ftp> quit
221 Goodbye.
======================================
QuoteReplyEditDelete
2008-05-26 20:24:24 Re: ftpd hangs and crashes in R08R1. Stack overflow?
Robin Getz (UNITED STATES)
Message: 56279
Alexey:
It is possible that the application (ftpd) is grabbing most of the stack, and then calling a library function (which clobbers the stack, and does not have stack checking turned on).
Note that the stack checking works on code that you are compiling - you would need to recompile uClibc with stack checking turned on to see if this is the problem.
-Robin