FS#26817 - [wpa_supplicant] crash on scan
Attached to Project:
Arch Linux
Opened by Tom Gundersen (tomegun) - Wednesday, 09 November 2011, 05:23 GMT
Last edited by Thomas Bächler (brain0) - Saturday, 13 October 2012, 20:51 GMT
Opened by Tom Gundersen (tomegun) - Wednesday, 09 November 2011, 05:23 GMT
Last edited by Thomas Bächler (brain0) - Saturday, 13 October 2012, 20:51 GMT
|
Details
Running wpa_supplicant manually with debugging enabled gives
this crash:
Scan requested (ret=0) - scan timeout 30 seconds nl80211: Event message available nl80211: Scan trigger nl80211: Event message available nl80211: New scan results available Received scan results (9 BSSes) nl80211: Scan results indicate BSS status with 00:60:64:23:f5:76 as associated BSS: Start scan result update 4 BSS: Add new id 10 BSSID f4:ec:38:c8:d5:b0 SSID 'edwinahu' dbus: Register BSS object '/fi/w1/wpa_supplicant1/Interfaces/1/BSSs/10' wpa_parse_wpa_ie_wpa: ie count botch (pairwise), count 0 left 2 process 3553: arguments to dbus_message_new_error() were incorrect, assertion "reply_to != NULL" failed in file dbus-message.c line 1335. This is normally a bug in some application using the D-Bus library. D-Bus not built with -rdynamic so unable to print a backtrace This always happens on the same SSID (edwinahu). "iwlist wlan0 scan" tells this about the SSID: Cell 06 - Address: F4:EC:38:C8:D5:B0 Channel:5 Frequency:2.432 GHz (Channel 5) Quality=22/70 Signal level=-88 dBm Encryption key:on ESSID:"edwinahu" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 9 Mb/s; 12 Mb/s; 18 Mb/s Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=0000000928ccbd80 Extra: Last beacon: 6273ms ago IE: Unknown: 0008656477696E616875 IE: Unknown: 010882848B960C121824 IE: Unknown: 030105 IE: Unknown: 050400010000 IE: Unknown: 2A0100 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : WEP-40 Pairwise Ciphers (0) : Authentication Suites (0) : IE: WPA Version 1 Group Cipher : WEP-40 Pairwise Ciphers (0) : Authentication Suites (0) : IE: Unknown: 32043048606C IE: Unknown: DD180050F2020101880003A4000027A4000042435E0062322F00 IE: Unknown: DD1E00904C334E111BFF00000000000000000000000000000000000000000000 IE: Unknown: 2D1A4E111BFF00000000000000000000000000000000000000000000 IE: Unknown: DD1A00904C3405071B00000000000000000000000000000000000000 IE: Unknown: 3D1605071B00000000000000000000000000000000000000 IE: Unknown: DD0900037F01010000FF7F IE: Unknown: DD0A00037F04010000004000 It seems to me that the problem is, firstly, that there is an error whilst parsing the IE stuff. The crash is however caused by an invalid use of the dbus_message_new_error() function used when reporting the parsing error. I tried rebuilding dbus with --enable-aserts (which should pass -rdynamic to libtool), but I still could not get a backtrace. |
This task depends upon
Closed by Thomas Bächler (brain0)
Saturday, 13 October 2012, 20:51 GMT
Reason for closing: Works for me
Additional comments about closing: It is probably fixed, but nobody can reproduce it anymore.
Saturday, 13 October 2012, 20:51 GMT
Reason for closing: Works for me
Additional comments about closing: It is probably fixed, but nobody can reproduce it anymore.
(This is the link to the patch the used (don't know if it exactly the same as in the bug report): <http://pkgs.fedoraproject.org/gitweb/?p=wpa_supplicant.git;a=blob_plain;f=0001-dbus-clean-up-new-D-Bus-interface-getters-setters.patch;h=e06b5db9e49690620f8ae2ff8c9b7fb22369bd1b;hb=HEAD>).
(Side note, #25465 appears to be a duplicate of this bug.)