SIGSEGV in uhttpd when subscribed to ubus messages over HTTP #1
Description
Describe the bug
Subscribing to ubus events over HTTP causes regular reproducible crashes of uhttpd with SIGSEGV.
OpenWrt version
r19803-9a599fee93
OpenWrt target/subtarget
ramips/mt7621
Device
TP-Link EAP615-Wall v1
Image kind
Self-built image
Steps to reproduce
- Create
/usr/share/rpcd/acl.d/repro.json:{ "repro": { "description": "Access to misc data", "read": { "ubus": { "hostapd.*": [ ":subscribe" ] } }, "write": {} } } - In a terminal window, call
export SESSIONID=$(curl -d '{ "jsonrpc": "2.0", "id": 1, "method": "call", "params": [ "00000000000000000000000000000000", "session", "login", { "username": "root", "password": "<YOUR ROOT OPENWRT PASWORD>", "timeout": 0 } ] }' http://lego/ubus | jq -r .result[1].ubus_rpc_session) - In the same window, call
curl -v -H "authorization: Bearer $SESSIONID" http://lego/ubus/subscribe/hostapd.wlan0 - Wait
Actual behaviour
After some time, curl closes the connection. The following is indicated by the OpenWrt device's dmesg output:
[171387.727896] do_page_fault(): sending SIGSEGV to uhttpd for invalid read access from 00000000
[171387.736438] epc = 77af5217 in libubus.so.20220601[77af4000+13000]
[171387.742660] ra = 77df1033 in libubox.so.20220515[77def000+18000]
Expected behaviour
No SIGSEGV.
Additional info
No response
Diffconfig
CONFIG_TARGET_ramips=y
CONFIG_TARGET_ramips_mt7621=y
CONFIG_TARGET_ramips_mt7621_DEVICE_tplink_eap615-wall-v1=y
CONFIG_DEVEL=y
CONFIG_BPF_TOOLCHAIN_BUILD_LLVM=y
# CONFIG_BPF_TOOLCHAIN_NONE is not set
CONFIG_BWMNG_EXTENDEDSTATS=y
CONFIG_BWMNG_TIME=y
CONFIG_HAS_BPF_TOOLCHAIN=y
CONFIG_IMAGEOPT=y
# CONFIG_KERNEL_DEBUG_INFO is not set
# CONFIG_KERNEL_DEBUG_KERNEL is not set
# CONFIG_KERNEL_KALLSYMS is not set
CONFIG_PACKAGE_ath10k-board-qca988x=y
CONFIG_PACKAGE_ath10k-firmware-qca988x=y
CONFIG_PACKAGE_bmon=y
CONFIG_PACKAGE_bwm-ng=y
CONFIG_PACKAGE_cgi-io=y
CONFIG_PACKAGE_confuse=y
# CONFIG_PACKAGE_dnsmasq is not set
CONFIG_PACKAGE_ethtool=y
CONFIG_PACKAGE_iperf3=y
CONFIG_PACKAGE_libiwinfo-lua=y
CONFIG_PACKAGE_liblua=y
CONFIG_PACKAGE_liblucihttp=y
CONFIG_PACKAGE_liblucihttp-lua=y
CONFIG_PACKAGE_libncurses=y
CONFIG_PACKAGE_libnl-core=y
CONFIG_PACKAGE_libnl-route=y
CONFIG_PACKAGE_libpcap=y
CONFIG_PACKAGE_libubus-lua=y
CONFIG_PACKAGE_lua=y
CONFIG_PACKAGE_luci=y
CONFIG_PACKAGE_luci-app-firewall=y
CONFIG_PACKAGE_luci-app-opkg=y
CONFIG_PACKAGE_luci-base=y
CONFIG_PACKAGE_luci-lib-base=y
CONFIG_PACKAGE_luci-lib-ip=y
CONFIG_PACKAGE_luci-lib-jsonc=y
CONFIG_PACKAGE_luci-lib-nixio=y
CONFIG_PACKAGE_luci-mod-admin-full=y
CONFIG_PACKAGE_luci-mod-network=y
CONFIG_PACKAGE_luci-mod-status=y
CONFIG_PACKAGE_luci-mod-system=y
CONFIG_PACKAGE_luci-proto-ipv6=y
CONFIG_PACKAGE_luci-proto-ppp=y
CONFIG_PACKAGE_luci-theme-bootstrap=y
# CONFIG_PACKAGE_odhcpd-ipv6only is not set
CONFIG_PACKAGE_rpcd=y
CONFIG_PACKAGE_rpcd-mod-file=y
CONFIG_PACKAGE_rpcd-mod-iwinfo=y
CONFIG_PACKAGE_rpcd-mod-luci=y
CONFIG_PACKAGE_rpcd-mod-rrdns=y
CONFIG_PACKAGE_tcpdump-mini=y
CONFIG_PACKAGE_terminfo=y
CONFIG_PACKAGE_uhttpd=y
CONFIG_PACKAGE_uhttpd-mod-ubus=y
CONFIG_PACKAGE_usteer=y
CONFIG_PACKAGE_wpad-basic-wolfssl=m
CONFIG_PACKAGE_wpad-wolfssl=y
CONFIG_REPRODUCIBLE_DEBUG_INFO=y
CONFIG_SDK_LLVM_BPF=y
CONFIG_USE_LLVM_BUILD=y
CONFIG_VERSIONOPT=y
CONFIG_VERSION_BUG_URL=""
CONFIG_VERSION_CODE=""
CONFIG_VERSION_DIST="OpenWrt"
CONFIG_VERSION_FILENAMES=y
CONFIG_VERSION_HOME_URL=""
CONFIG_VERSION_HWREV=""
CONFIG_VERSION_MANUFACTURER=""
CONFIG_VERSION_MANUFACTURER_URL=""
CONFIG_VERSION_NUMBER=""
CONFIG_VERSION_PRODUCT=""
CONFIG_VERSION_REPO="https://downloads.openwrt.org/releases/22.03.2"
CONFIG_VERSION_SUPPORT_URL=""
Terms
- I am reporting an issue for OpenWrt, not an unsupported fork.