lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 22 Oct 2013 15:23:03 +0200
From:	Simon Wunderlich <simon.wunderlich@...03.tu-chemnitz.de>
To:	Dirk Gouders <dirk@...ders.net>
Cc:	Simon Wunderlich <siwu@....tu-chemnitz.de>,
	Mathias Kretschmer <mathias.kretschmer@...us.fraunhofer.de>,
	Johannes Berg <johannes.berg@...el.com>,
	Linux Kernel <linux-kernel@...r.kernel.org>,
	sw@...onwunderlich.de
Subject: Re: [BUG bisected] WARNING: CPU: 0 PID: 1550 at
 net/wireless/chan.c:373 cfg80211_chandef_usable+0x30/0x15f()

Hey Dirk,

thanks a lot for your report. I have looked at your trace and the patch
again, but so far I'm not sure where the problem comes from. Could you
please help by providing:

 * your wpa_supplicant config (censor your passwords!) - I guess you have
   some ad-hoc networks configured?
 * your wpa_supplicant command line parameters when running
 * environment infos - are there IBSS networks next to your notebook?

From what I've seen so far:

 * the following warning in cfg80211_chandef_usable() fails: 

     if (WARN_ON(!cfg80211_chandef_valid(chandef)))

 * cfg80211_chandef_usable() is most probably called by
   cfg80211_reg_can_beacon(), which is called from __ieee80211_sta_join_ibss()
 * the worker appearently creates the IBSS network using ifibss->chandef,
   which appearently turns out to be invalid.
 * ifibss->chandef gets initialized from in ieee80211_ibss_join() from the upper
   level parameters and is not changed later.
 * at least nl80211 calls reg_can_bacon() as well and checks the chandef before
   proceeding. wext looks ok too.

Therefore I'm not sure how the chandef gets broken ...

Thanks,
	Simon

On Mon, Oct 21, 2013 at 02:09:40PM +0200, Dirk Gouders wrote:
> Hello Simon, all,
> 
> Recently, I noticed many traces (find a sample attached) in situations
> when wpa_supplicant is running but no appropriate access-point available.
> 
> I started a bisect and ended at commit 3aede78aad2a7e
> (mac80211: change IBSS channel state to chandef).
> 
> Please let me know if you need more information to inspect this problem.
> 
> Best regards,
> 
> Dirk
> 
> ------------------------------------------------------------------------
> Oct 21 13:56:06 lena kernel: ------------[ cut here ]------------
> Oct 21 13:56:06 lena kernel: WARNING: CPU: 0 PID: 1550 at net/wireless/chan.c:373 cfg80211_chandef_usable+0x30/0x15f()
> Oct 21 13:56:06 lena kernel: Modules linked in: brcmsmac cordic brcmutil bcma
> Oct 21 13:56:06 lena kernel: CPU: 0 PID: 1550 Comm: kworker/u4:5 Tainted: G        W    3.12.0-rc6+ #20
> Oct 21 13:56:06 lena kernel: Hardware name: LENOVO 08946MG/MoutCook, BIOS 33CN14WW        05/10/2010
> Oct 21 13:56:06 lena kernel: Workqueue: phy0 ieee80211_iface_work
> Oct 21 13:56:06 lena kernel: 0000000000000000 0000000000000009 ffffffff8161e3c7 0000000000000000
> Oct 21 13:56:06 lena kernel: ffffffff81068b00 ffff88006f8be7c0 ffffffff815e79e4 0000000000000000
> Oct 21 13:56:06 lena kernel: 000000000000000f ffff8800703e5dc2 ffff8800703e5d50 ffff88006f8bc200
> Oct 21 13:56:06 lena kernel: Call Trace:
> Oct 21 13:56:06 lena kernel: [<ffffffff8161e3c7>] ? dump_stack+0x50/0x80
> Oct 21 13:56:06 lena kernel: [<ffffffff81068b00>] ? warn_slowpath_common+0x73/0x8b
> Oct 21 13:56:06 lena kernel: [<ffffffff815e79e4>] ? cfg80211_chandef_usable+0x30/0x15f
> Oct 21 13:56:06 lena kernel: [<ffffffff815e79e4>] ? cfg80211_chandef_usable+0x30/0x15f
> Oct 21 13:56:06 lena kernel: [<ffffffff815f7c2e>] ? __ieee80211_sta_join_ibss+0x162/0x6e2
> Oct 21 13:56:06 lena kernel: [<ffffffff8161b8cd>] ? printk+0x4f/0x54
> Oct 21 13:56:06 lena kernel: [<ffffffff815f8439>] ? ieee80211_sta_create_ibss+0xc8/0xce
> Oct 21 13:56:06 lena kernel: [<ffffffff815f91ed>] ? ieee80211_ibss_work+0x255/0x3c5
> Oct 21 13:56:06 lena kernel: [<ffffffff8107addb>] ? process_one_work+0x1c7/0x2e6
> Oct 21 13:56:06 lena kernel: [<ffffffff81078c58>] ? pwq_activate_delayed_work+0x1e/0x28
> Oct 21 13:56:06 lena kernel: [<ffffffff8107b346>] ? worker_thread+0x1cb/0x2c4
> Oct 21 13:56:06 lena kernel: [<ffffffff8107b17b>] ? rescuer_thread+0x25c/0x25c
> Oct 21 13:56:06 lena kernel: [<ffffffff8107ff37>] ? kthread+0xad/0xb5
> Oct 21 13:56:06 lena kernel: [<ffffffff81080000>] ? kthread_create_on_node+0xc1/0x115
> Oct 21 13:56:06 lena kernel: [<ffffffff8107fe8a>] ? kthread_freezable_should_stop+0x3b/0x3b
> Oct 21 13:56:06 lena kernel: [<ffffffff816247bc>] ? ret_from_fork+0x7c/0xb0
> Oct 21 13:56:06 lena kernel: [<ffffffff8107fe8a>] ? kthread_freezable_should_stop+0x3b/0x3b
> Oct 21 13:56:06 lena kernel: ---[ end trace ade89af8f1b5d90f ]---
> ------------------------------------------------------------------------

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ