wpa_supplicant segfault in large WLAN

Matt Causey matt.causey
Wed Sep 25 15:51:34 PDT 2013 

Hello,

We run wpa_supplicant on embedded machines and have today noticed that the
supplicant dies with segmentation fault.  We are seeing sporadic timeouts
from the infrastructure as well, which may or may not be related.  The only
change on our side is that we installed in a very dense RF environment with
a large number of BSSIDs.  Are there any details pertaining to BSSID count
or beacon count that could cause a segmentation fault?  I'll start looking
in the code but wanted to ask first so that hopefully someone can point me
in a more useful direction.  :-)

Here is a log snippet.  It's got to be abbreviated because in some cases we
have over 988 BSSIDs visible from the client:

wpa_supplicant v2.0
random: Trying to read entropy from /dev/random
Successfully initialized wpa_supplicant
Override interface parameter: driver ('nl80211' -> 'nl80211')
Initializing interface 'wlan0' conf '[REMOVED]' driver 'nl80211'
ctrl_interface 'N/A' bridge 'N/A'
Configuration file '[REMOVED]
Reading configuration file '[REMOVED]'
fast_reauth=0
ctrl_interface='/var/run/wpa_
supplicant'
Line: 3 - start of a new network block
proactive_key_caching=1 (0x1)
ssid - hexdump_ascii(len=7):
     61 73 69 6e 32 38 32                              [REMOVED]
bgscan - hexdump_ascii(len=19):
     73 69 6d 70 6c 65 3a 36 30 30 3a 2d 36 36 3a 31   [REMOVED]     32 30
30                                          200
identity - hexdump_ascii(len=12):
     73 6d 65 61 67 6f 6c 2d 70 72 6f 64               smeagol-prod
key_mgmt: 0x1
proto: 0x2
pairwise: 0x10
group: 0x10
eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00
00
ca_cert - hexdump_ascii(len=18):
     2f 65 74 63 2f 63 65 72 74 2f 72 6f 6f 74 2e 70
[REMOVED]
client_cert - hexdump_ascii(len=23):
     2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 5f 63  [REMOVED]
private_key - hexdump_ascii(len=22):
     2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 5f 6b   [REMOVED]
private_key_passwd - hexdump_ascii(len=29): [REMOVED]
Priority group 0
   id=0 ssid='[REMOVED]'
nl80211: interface wlan0 in phy phy0
rfkill: Cannot open RFKILL control device
nl80211: RFKILL status not available
nl80211: Set mode ifindex 4 iftype 2 (STATION)
nl80211: Subscribe to mgmt frames with non-AP handle 0x90152b0
nl80211: Register frame type=0xd0 nl_handle=0x90152b0
nl80211: Register frame match - hexdump(len=1): 06
nl80211: Register frame type=0xd0 nl_handle=0x90152b0
nl80211: Register frame match - hexdump(len=2): 0a 07
nl80211: Register frame type=0xd0 nl_handle=0x90152b0
nl80211: Register frame match - hexdump(len=2): 0a 11
netlink: Operstate: linkmode=1, operstate=5
nl80211: Using driver-based off-channel TX
nl80211: Use separate P2P group interface (driver advertised support)
nl80211: TDLS supported
nl80211: TDLS external setup
nl80211: driver param='(null)'
nl80211: Regulatory information - country=00
nl80211: 2402-2472 @ 40 MHz
nl80211: 2457-2482 @ 40 MHz
nl80211: 2474-2494 @ 20 MHz
nl80211: 5170-5250 @ 40 MHz
nl80211: 5735-5835 @ 40 MHz
nl80211: Added 802.11b mode based on 802.11g information
wlan0: Own MAC address: 00:0e:8e:47:1a:45
wpa_driver_nl80211_set_key: ifindex=4 alg=0 addr=(nil) key_idx=0 set_tx=0
seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=4 alg=0 addr=(nil) key_idx=1 set_tx=0
seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=4 alg=0 addr=(nil) key_idx=2 set_tx=0
seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=4 alg=0 addr=(nil) key_idx=3 set_tx=0
seq_len=0 key_len=0
wlan0: RSN: flushing PMKID list in the driver
nl80211: Flush PMKIDs
wlan0: Setting scan request: 0 sec 100000 usec
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: Supplicant port status: Unauthorized
EAPOL: Supplicant port status: Unauthorized
wlan0: Added interface wlan0
wlan0: State: DISCONNECTED -> DISCONNECTED
wpa_driver_nl80211_set_operstate: operstate 0->0 (DORMANT)
netlink: Operstate: linkmode=-1, operstate=5
random: Got 20/20 bytes from /dev/random
wlan0: State: DISCONNECTED -> SCANNING
wlan0: Starting AP scan for wildcard SSID
nl80211: Scan SSID - hexdump_ascii(len=0): [NULL]
Scan requested (ret=0) - scan timeout 10 seconds
nl80211: Event message available
nl80211: Scan trigger
EAPOL: disable timer tick
EAPOL: Supplicant port status: Unauthorized
nl80211: Event message available
nl80211: New scan results available
wlan0: Event SCAN_RESULTS (3) received
nl80211: Remove duplicated scan result for 0c:27:24:6d:ba:cf
nl80211: Remove duplicated scan result for d0:c7:89:a0:28:0a
nl80211: Remove duplicated scan result for d0:c7:89:25:51:58
nl80211: Remove duplicated scan result for 0c:27:24:68:f3:58
nl80211: Remove duplicated scan result for 08:cc:68:ad:26:af
nl80211: Remove duplicated scan result for 0c:27:24:51:10:b8
nl80211: Received scan results (945 BSSes)
Sorted scan results
0c:27:24:6d:be:b8 freq=5180 qual=0 noise=-91 level=-57 snr=34* flags=0x9
IEs - hexdump(len=221): 00 07 61 73 69 6e 32 37 35 01 08 0c 12 98 24 b0 48
60 6c 05 04 00 01 00 00 07 12 55 53 20 24 04 11 34 04 18 64 05 18 84 03 18
95 05 1e 0b 05 00 00 50 8d 5b 2d 1a ee 19 1b ff ff ff 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 30 14 01 00 00 0f ac 04 01 00 00 0f
ac 04 01 00 00 0f ac 02 28 00 3d 16 24 08 04 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 85 1e 01 00 8f 00 0f 00 ff 03 59 00 4f 41 4b 33
2d 49 44 46 31 32 2d 42 42 35 2d 00 00 00 00 3f 96 06 00 40 96 00 02 00 dd
18 00 50 f2 02 01 01 80 00 03 a4 00 00 27 a4 00 00 42 43 5e 00 72 32 2f 00
dd 06 00 40 96 01 01 04 dd 05 00 40 96 03 05 dd 05 00 40 96 0b 09 dd 05 00
40 96 14 08
d0:c7:89:25:57:08 freq=5180 qual=0 noise=-91 level=-50 snr=41* flags=0x9

..... SNIP .....

wlan0: BSS: Remove id 5751 BSSID f4:1f:c2:bf:d5:a1 SSID '[REMOVED]' due to
wpa_bss_remove_oldest_unknown
wlan0: BSS: Add new id 5752 BSSID 50:06:04:5a:ed:31 SSID '[REMOVED]'
wlan0: BSS: Remove id 5752 BSSID 50:06:04:5a:ed:31 SSID '[REMOVED]' due to
wpa_bss_remove_oldest_unknown
wlan0: BSS: Add new id 5753 BSSID f4:1f:c2:71:90:01 SSID '[REMOVED]'
wlan0: BSS: Remove id 5753 BSSID f4:1f:c2:71:90:01 SSID '[REMOVED]' due to
wpa_bss_remove_oldest_unknown
BSS: last_scan_res_used=357/512 last_scan_full=0
Add randomness: count=51 entropy=50
random pool - hexdump(len=128): [REMOVED]
random_mix_pool - hexdump(len=8): [REMOVED]
random_mix_pool - hexdump(len=5): [REMOVED]
random pool - hexdump(len=128): [REMOVED]
Add randomness: count=52 entropy=51
random pool - hexdump(len=128): [REMOVED]
random_mix_pool - hexdump(len=8): [REMOVED]
random_mix_pool - hexdump(len=5): [REMOVED]
random pool - hexdump(len=128): [REMOVED]
Add randomness: count=53 entropy=52
random pool - hexdump(len=128): [REMOVED]
random_mix_pool - hexdump(lenSegmentation fault

Cheers,

--
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20130925/d340b3ea/attachment-0001.htm>

More information about the Hostap mailing list