Hi Daniel, On Mon, 2021-04-05 at 12:39 -0700, James Prestwood wrote: > Hi Daniel, > > I think I have a fix for this, but wanted to see if it worked before > sending it out. What's going on is you are trying to connect multiple > times, and the second connect happens before IWD has associated to > the > first. This causes an immediate callback which our code did not > expect > and you end up with NULL pointers which were assumed to be set. I > cant > seem to trigger this with iwctl, probably because my APs are > associating faster than my fingers can type. > > Since you are able to trigger this reliably would you mind testing it > out? Attached is the patch. I was able actually able to trigger it with a simple script (FYI, this does seem to leave a zombie iwctl process): #!/bin/bash iwctl station wlan0 disconnect iwctl station wlan0 connect $1 & sleep 0.02 iwctl station wlan0 connect $2 ./crash.sh Thanks for the very descriptive bug report as well. You basically did all my work for me :) I'll go ahead and send this patch out. Thanks, James > > Thanks, > James > > On Mon, 2021-04-05 at 20:45 +0200, Daniel Wagner wrote: > > Hi, > > > > I was hacking on ConnMan and was able to reliable trigger this > > crash > > with the current head: > > > > ++++++++ backtrace ++++++++ > > #0 0x7f4e1504e530 in /lib64/libc.so.6 > > #1 0x432b54 in network_get_security() at src/network.c:253 > > #2 0x416e92 in station_handshake_setup() at src/station.c:937 > > #3 0x41a505 in __station_connect_network() at src/station.c:2551 > > #4 0x41a683 in station_disconnect_onconnect_cb() at > > src/station.c:2581 > > #5 0x40b4ae in netdev_disconnect() at src/netdev.c:3142 > > #6 0x41a719 in station_disconnect_onconnect() at > > src/station.c:2603 > > #7 0x41a89d in station_connect_network() at src/station.c:2652 > > #8 0x433f1d in network_connect_psk() at src/network.c:886 > > #9 0x43483a in network_connect() at src/network.c:1183 > > #10 0x4add11 in _dbus_object_tree_dispatch() at ell/dbus- > > service.c:1802 > > #11 0x49ff54 in message_read_handler() at ell/dbus.c:285 > > #12 0x496d2f in io_callback() at ell/io.c:120 > > #13 0x495894 in l_main_iterate() at ell/main.c:478 > > #14 0x49599b in l_main_run() at ell/main.c:521 > > #15 0x495cb3 in l_main_run_with_signal() at ell/main.c:647 > > #16 0x404add in main() at src/main.c:490 > > #17 0x7f4e15038b25 in /lib64/libc.so.6 > > > > > > The sequence which seems to be to trigger it > > > > - set autoconnect to a known network > > - connnect to this network immediately > > > > I was not sure if setting the autoconnect will trigger the connect > > or > > not. Anyway, crashing seems a a bit harsh to let me know that me I > > am > > doing something wrong ;) > > > > The same crash happened when I blocked the STA from the AP. I've > > collected a pcap as well. Not sure if you need it. > > > > https://www.monom.org/data/blocked.pcap > > > > Thanks, > > Daniel > > > > ps: note the above call trace, the pcap and the call trace bellow > > are collected from separate crashes. > > > > > > (gdb) bt full > > #0 0x000000000043306e in network_get_security (network=0x0) at > > src/network.c:253 > > No locals. > > #1 0x00000000004172eb in station_handshake_setup > > (station=0x54bf40, > > network=0x0, bss=0x0) at src/station.c:938 > > security = 5553984 > > settings = 0x4e8070 <__func__.14> > > wiphy = 0x417de5 > > hs = 0x7fffffffe710 > > ssid = 0x54d6d0 "" > > eapol_proto_version = 0 > > value = 0x4e71eb "State" > > full_random = false > > override = false > > new_addr = "\177\000\000QwA" > > __func__ = "station_handshake_setup" > > #2 0x000000000041a9b7 in __station_connect_network > > (station=0x54bf40, network=0x0, bss=0x0) at src/station.c:2553 > > extra_ies = 0x7fffffffe810 > > iov_elems = 0 > > hs = 0x0 > > r = 0 > > __func__ = "__station_connect_network" > > #3 0x000000000041ab35 in station_disconnect_onconnect_cb > > (netdev=0x54b4a0, success=true, user_data=0x54bf40) at > > src/station.c:2583 > > station = 0x54bf40 > > err = 0 > > #4 0x000000000040b81e in netdev_disconnect (netdev=0x54b4a0, > > cb=0x41aae8 , user_data=0x54bf40) > > at src/netdev.c:3242 > > disconnect = 0x7fffffffe7d8 > > send_disconnect = false > > #5 0x000000000041abcb in station_disconnect_onconnect > > (station=0x54bf40, network=0x558720, bss=0x5593e0, > > message=0x557bc0) > > at src/station.c:2605 > > No locals. > > #6 0x000000000041ad60 in station_connect_network > > (station=0x54bf40, > > network=0x558720, bss=0x5593e0, message=0x557bc0) > > at src/station.c:2653 > > dbus = 0x538d00 > > err = 2 > > #7 0x0000000000434437 in network_connect_psk (network=0x558720, > > bss=0x5593e0, message=0x557bc0) at src/network.c:884 > > station = 0x54bf40 > > need_passphrase = false > > __func__ = "network_connect_psk" > > #8 0x0000000000434d54 in network_connect (dbus=0x538d00, > > message=0x557bc0, user_data=0x558720) at src/network.c:1183 > > network = 0x558720 > > station = 0x54bf40 > > bss = 0x5593e0 > > __func__ = "network_connect" > > #9 0x00000000004ae3f7 in _dbus_object_tree_dispatch > > (tree=0x53bee0, > > dbus=0x538d00, message=0x557bc0) at ell/dbus-service.c:1802 > > path = 0x558c38 "/net/connman/iwd/2/39/41636865726f6e_psk" > > interface = 0x558c88 "net.connman.iwd.Network" > > member = 0x558ca8 "Connect" > > msg_sig = 0x4fadd9 "" > > sig = 0x5464a5 "" > > node = 0x54cd10 > > instance = 0x551b70 > > method = 0x546490 > > reply = 0x0 > > #10 0x00000000004a063a in message_read_handler (io=0x539df0, > > user_data=0x538d00) at ell/dbus.c:285 > > dbus = 0x538d00 > > message = 0x557bc0 > > header = 0x558c20 > > body = 0x0 > > header_size = 160 > > body_size = 0 > > msgtype = DBUS_MESSAGE_TYPE_METHOD_CALL > > #11 0x0000000000497415 in io_callback (fd=6, events=1, > > user_data=0x539df0) at ell/io.c:120 > > io = 0x539df0 > > #12 0x0000000000495f7a in l_main_iterate (timeout=-1) at > > ell/main.c:478 > > events = {{events = 1, data = {ptr = 0x539e70, fd = > > 5480048, > > u32 = 5480048, u64 = 5480048}}, {events = 4, data = {ptr = > > 0x539e70, > > fd = 5480048, u32 = 5480048, u64 = 5480048}}, {events > > = > > 4, data = {ptr = 0x539e70, fd = 5480048, u32 = 5480048, > > u64 = 5480048}}, {events = 5, data = {ptr = 0x539e70, > > fd = 5480048, u32 = 5480048, u64 = 5480048}}, {events = 1, data = { > > ptr = 0x54ff50, fd = 5570384, u32 = 5570384, u64 = > > 5570384}}, {events = 0, data = {ptr = 0x10, fd = 16, u32 = 16, > > u64 = 16}}, {events = 4294967224, data = {ptr = > > 0xffffffff, fd = -1, u32 = 4294967295, u64 = 4294967295}}, {events > > = > > 0, > > data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events > > = > > 0, data = {ptr = 0xf7e6334400000000, fd = 0, u32 = 0, > > u64 = 17863021339162443776}}, {events = 32767, data = > > {ptr = 0x53e6b0, fd = 5498544, u32 = 5498544, u64 = 5498544}}} > > data = 0x539e70 > > n = 0 > > nfds = 1 > > #13 0x0000000000496081 in l_main_run () at ell/main.c:525 > > timeout = -1 > > #14 0x0000000000496399 in l_main_run_with_signal (callback=0x403a2e > > , user_data=0x0) at ell/main.c:647 > > data = 0x53e4e0 > > sigint = 0x53e500 > > sigterm = 0x53e680 > > result = 0 > > #15 0x0000000000404add in main (argc=2, argv=0x7fffffffec58) at > > src/main.c:490 > > enable_dbus_debug = false > > exit_status = 1 > > dbus = 0x538d00 > > config_dir = 0x4e3a51 "/etc/iwd" > > config_dirs = 0x5347a0 > > i = 1 > > __func__ = "main" > > _______________________________________________ > > iwd mailing list -- iwd(a)lists.01.org > > To unsubscribe send an email to iwd-leave(a)lists.01.org