All of lore.kernel.org
 help / color / mirror / Atom feed
From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.01.org
Subject: Re: network_connect crashes
Date: Mon, 05 Apr 2021 13:05:14 -0700	[thread overview]
Message-ID: <6a951b7adc3b5af018153fb0df1bd32c8dac9610.camel@gmail.com> (raw)
In-Reply-To: <601b77bfd6a7015c7d959d260fa03bdd40e8884e.camel@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 8470 bytes --]

Hi Daniel,

On Mon, 2021-04-05 at 12:39 -0700, James Prestwood wrote:
> Hi Daniel,
> 
> I think I have a fix for this, but wanted to see if it worked before
> sending it out. What's going on is you are trying to connect multiple
> times, and the second connect happens before IWD has associated to
> the
> first. This causes an immediate callback which our code did not
> expect
> and you end up with NULL pointers which were assumed to be set. I
> cant
> seem to trigger this with iwctl, probably because my APs are
> associating faster than my fingers can type.
> 
> Since you are able to trigger this reliably would you mind testing it
> out? Attached is the patch.

I was able actually able to trigger it with a simple script (FYI, this
does seem to leave a zombie iwctl process):

#!/bin/bash

iwctl station wlan0 disconnect
iwctl station wlan0 connect $1 &
sleep 0.02
iwctl station wlan0 connect $2

./crash.sh <network1> <network2>

Thanks for the very descriptive bug report as well. You basically did
all my work for me :)

I'll go ahead and send this patch out.

Thanks,
James

> 
> Thanks,
> James
> 
> On Mon, 2021-04-05 at 20:45 +0200, Daniel Wagner wrote:
> > Hi,
> > 
> > I was hacking on ConnMan and was able to reliable trigger this
> > crash
> > with the current head:
> > 
> > ++++++++ backtrace ++++++++
> > #0  0x7f4e1504e530 in /lib64/libc.so.6
> > #1  0x432b54 in network_get_security() at src/network.c:253
> > #2  0x416e92 in station_handshake_setup() at src/station.c:937
> > #3  0x41a505 in __station_connect_network() at src/station.c:2551
> > #4  0x41a683 in station_disconnect_onconnect_cb() at
> > src/station.c:2581
> > #5  0x40b4ae in netdev_disconnect() at src/netdev.c:3142
> > #6  0x41a719 in station_disconnect_onconnect() at
> > src/station.c:2603
> > #7  0x41a89d in station_connect_network() at src/station.c:2652
> > #8  0x433f1d in network_connect_psk() at src/network.c:886
> > #9  0x43483a in network_connect() at src/network.c:1183
> > #10 0x4add11 in _dbus_object_tree_dispatch() at ell/dbus-
> > service.c:1802
> > #11 0x49ff54 in message_read_handler() at ell/dbus.c:285
> > #12 0x496d2f in io_callback() at ell/io.c:120
> > #13 0x495894 in l_main_iterate() at ell/main.c:478
> > #14 0x49599b in l_main_run() at ell/main.c:521
> > #15 0x495cb3 in l_main_run_with_signal() at ell/main.c:647
> > #16 0x404add in main() at src/main.c:490
> > #17 0x7f4e15038b25 in /lib64/libc.so.6
> > 
> > 
> > The sequence which seems to be to trigger it
> > 
> >   - set autoconnect to a known network
> >   - connnect to this network immediately
> > 
> > I was not sure if setting the autoconnect will trigger the connect
> > or
> > not. Anyway, crashing seems a a bit harsh to let me know that me I
> > am
> > doing something wrong ;)
> > 
> > The same crash happened when I blocked the STA from the AP. I've
> > collected a pcap as well. Not sure if you need it.
> > 
> >   https://www.monom.org/data/blocked.pcap
> > 
> > Thanks,
> > Daniel
> > 
> > ps: note the above call trace, the pcap and the call trace bellow
> > are collected from separate crashes.
> > 
> > 
> > (gdb) bt full
> > #0  0x000000000043306e in network_get_security (network=0x0) at
> > src/network.c:253
> > No locals.
> > #1  0x00000000004172eb in station_handshake_setup
> > (station=0x54bf40,
> > network=0x0, bss=0x0) at src/station.c:938
> >         security = 5553984
> >         settings = 0x4e8070 <__func__.14>
> >         wiphy = 0x417de5 <station_enter_state+681>
> >         hs = 0x7fffffffe710
> >         ssid = 0x54d6d0 ""
> >         eapol_proto_version = 0
> >         value = 0x4e71eb "State"
> >         full_random = false
> >         override = false
> >         new_addr = "\177\000\000QwA"
> >         __func__ = "station_handshake_setup"
> > #2  0x000000000041a9b7 in __station_connect_network
> > (station=0x54bf40, network=0x0, bss=0x0) at src/station.c:2553
> >         extra_ies = 0x7fffffffe810
> >         iov_elems = 0
> >         hs = 0x0
> >         r = 0
> >         __func__ = "__station_connect_network"
> > #3  0x000000000041ab35 in station_disconnect_onconnect_cb
> > (netdev=0x54b4a0, success=true, user_data=0x54bf40) at
> > src/station.c:2583
> >         station = 0x54bf40
> >         err = 0
> > #4  0x000000000040b81e in netdev_disconnect (netdev=0x54b4a0,
> > cb=0x41aae8 <station_disconnect_onconnect_cb>, user_data=0x54bf40)
> >     at src/netdev.c:3242
> >         disconnect = 0x7fffffffe7d8
> >         send_disconnect = false
> > #5  0x000000000041abcb in station_disconnect_onconnect
> > (station=0x54bf40, network=0x558720, bss=0x5593e0,
> > message=0x557bc0)
> >     at src/station.c:2605
> > No locals.
> > #6  0x000000000041ad60 in station_connect_network
> > (station=0x54bf40,
> > network=0x558720, bss=0x5593e0, message=0x557bc0)
> >     at src/station.c:2653
> >         dbus = 0x538d00
> >         err = 2
> > #7  0x0000000000434437 in network_connect_psk (network=0x558720,
> > bss=0x5593e0, message=0x557bc0) at src/network.c:884
> >         station = 0x54bf40
> >         need_passphrase = false
> >         __func__ = "network_connect_psk"
> > #8  0x0000000000434d54 in network_connect (dbus=0x538d00,
> > message=0x557bc0, user_data=0x558720) at src/network.c:1183
> >         network = 0x558720
> >         station = 0x54bf40
> >         bss = 0x5593e0
> >         __func__ = "network_connect"
> > #9  0x00000000004ae3f7 in _dbus_object_tree_dispatch
> > (tree=0x53bee0,
> > dbus=0x538d00, message=0x557bc0) at ell/dbus-service.c:1802
> >         path = 0x558c38 "/net/connman/iwd/2/39/41636865726f6e_psk"
> >         interface = 0x558c88 "net.connman.iwd.Network"
> >         member = 0x558ca8 "Connect"
> >         msg_sig = 0x4fadd9 ""
> >         sig = 0x5464a5 ""
> >         node = 0x54cd10
> >         instance = 0x551b70
> >         method = 0x546490
> >         reply = 0x0
> > #10 0x00000000004a063a in message_read_handler (io=0x539df0,
> > user_data=0x538d00) at ell/dbus.c:285
> >         dbus = 0x538d00
> >         message = 0x557bc0
> >         header = 0x558c20
> >         body = 0x0
> >         header_size = 160
> >         body_size = 0
> >         msgtype = DBUS_MESSAGE_TYPE_METHOD_CALL
> > #11 0x0000000000497415 in io_callback (fd=6, events=1,
> > user_data=0x539df0) at ell/io.c:120
> >         io = 0x539df0
> > #12 0x0000000000495f7a in l_main_iterate (timeout=-1) at
> > ell/main.c:478
> >         events = {{events = 1, data = {ptr = 0x539e70, fd =
> > 5480048,
> > u32 = 5480048, u64 = 5480048}}, {events = 4, data = {ptr =
> > 0x539e70, 
> >               fd = 5480048, u32 = 5480048, u64 = 5480048}}, {events
> > =
> > 4, data = {ptr = 0x539e70, fd = 5480048, u32 = 5480048, 
> >               u64 = 5480048}}, {events = 5, data = {ptr = 0x539e70,
> > fd = 5480048, u32 = 5480048, u64 = 5480048}}, {events = 1, data = {
> >               ptr = 0x54ff50, fd = 5570384, u32 = 5570384, u64 =
> > 5570384}}, {events = 0, data = {ptr = 0x10, fd = 16, u32 = 16, 
> >               u64 = 16}}, {events = 4294967224, data = {ptr =
> > 0xffffffff, fd = -1, u32 = 4294967295, u64 = 4294967295}}, {events
> > =
> > 0, 
> >             data = {ptr = 0x0, fd = 0, u32 = 0, u64 = 0}}, {events
> > =
> > 0, data = {ptr = 0xf7e6334400000000, fd = 0, u32 = 0, 
> >               u64 = 17863021339162443776}}, {events = 32767, data =
> > {ptr = 0x53e6b0, fd = 5498544, u32 = 5498544, u64 = 5498544}}}
> >         data = 0x539e70
> >         n = 0
> >         nfds = 1
> > #13 0x0000000000496081 in l_main_run () at ell/main.c:525
> >         timeout = -1
> > #14 0x0000000000496399 in l_main_run_with_signal (callback=0x403a2e
> > <signal_handler>, user_data=0x0) at ell/main.c:647
> >         data = 0x53e4e0
> >         sigint = 0x53e500
> >         sigterm = 0x53e680
> >         result = 0
> > #15 0x0000000000404add in main (argc=2, argv=0x7fffffffec58) at
> > src/main.c:490
> >         enable_dbus_debug = false
> >         exit_status = 1
> >         dbus = 0x538d00
> >         config_dir = 0x4e3a51 "/etc/iwd"
> >         config_dirs = 0x5347a0
> >         i = 1
> >         __func__ = "main"
> > _______________________________________________
> > iwd mailing list -- iwd(a)lists.01.org
> > To unsubscribe send an email to iwd-leave(a)lists.01.org

  reply	other threads:[~2021-04-05 20:05 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-05 18:45 network_connect crashes Daniel Wagner
2021-04-05 19:39 ` James Prestwood
2021-04-05 20:05   ` James Prestwood [this message]
2021-04-06  7:06     ` Daniel Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6a951b7adc3b5af018153fb0df1bd32c8dac9610.camel@gmail.com \
    --to=prestwoj@gmail.com \
    --cc=iwd@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.