[Bug 258527] wpa_supplicant(8) from the base is not able to bring up wlan(4) interface correctly due to SIGSEGV after EAP/PEAP MSCHAPv2 authentication

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 05 Oct 2021 08:26:11 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258527

Dominic Fandrey <kami@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kami@freebsd.org

--- Comment #20 from Dominic Fandrey <kami@freebsd.org> ---
Just so you know, I'm affected, too. At least it looks like exactly the same
problem too me. Right now I'm using my phones Wifi via urndis to post this.

# lldb /usr/sbin/wpa_supplicant
(lldb) target create "/usr/sbin/wpa_supplicant"
Current executable set to '/usr/sbin/wpa_supplicant' (x86_64).
(lldb) run -i wlan0 -c /etc/wpa_supplicant.conf
Process 2100 launched: '/usr/sbin/wpa_supplicant' (x86_64)
Successfully initialized wpa_supplicant
ioctl[SIOCS80211, op=20, val=0, arg_len=7]: Invalid argument
ioctl[SIOCS80211, op=20, val=0, arg_len=7]: Invalid argument
wlan0: Trying to associate with xx:xx:xx:xx:xx:xx (SSID='xxxxxxxx' freq=2412
MHz)
Failed to add supported operating classes IE
wlan0: Associated with xx:xx:xx:xx:xx:xx
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=XX/L=Xxxxxxxx/O=Xxxxxxx
A/S/CN=Danfoss Intermediate'
hash=3bd98e88f7577e8b90023e91a20b80af290b1713ed8ff07c95b792f516823a3f
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=XXXXXXXXX.xxxxxxxxx.xxx'
hash=4629a4c514ab0635d965018515d30253bc60071699067c0cb6af92e58b0a37e8
wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:XXXXXXXX.xxxxxxxx.xxx
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
Process 2100 stopped
* thread #1, name = 'wpa_supplicant', stop reason = signal SIGSEGV: invalid
address (fault address: 0x8000000076)
    frame #0: 0x0000008000000076
error: memory read failed for 0x8000000000
(lldb) bt
* thread #1, name = 'wpa_supplicant', stop reason = signal SIGSEGV: invalid
address (fault address: 0x8000000076)
  * frame #0: 0x0000008000000076
    frame #1: 0x00000000002c59f0 wpa_supplicant`wpa_sm_rx_eapol [inlined]
wpa_sm_key_mgmt_set_pmk(sm=0x0000000800e12700,
pmk="\"\xe0m\xb8\U00000002b%\xb3\xe5\xd8\xf5r\xfe+\U0000001d\xbd-\xb8Yq\xa5M\xe3\xe3\x82\U00000013\x9f\xd1&\U0000000eJ\xfc",
pmk_len=32) at wpa_i.h:393:9
    frame #2: 0x00000000002c59e1 wpa_supplicant`wpa_sm_rx_eapol [inlined]
wpa_supplicant_key_mgmt_set_pmk(sm=0x0000000800e12700) at wpa.c:252
    frame #3: 0x00000000002c5993 wpa_supplicant`wpa_sm_rx_eapol at wpa.c:374
    frame #4: 0x00000000002c58aa wpa_supplicant`wpa_sm_rx_eapol [inlined]
wpa_supplicant_process_1_of_4(sm=<unavailable>, src_addr=<unavailable>,
key=0x0000000800e64a04, ver=<unavailable>, key_data=<unavailable>,
key_data_len=<unavailable>) at wpa.c:621
    frame #5: 0x00000000002c58aa
wpa_supplicant`wpa_sm_rx_eapol(sm=<unavailable>,
src_addr="\xb4]P\x9e8@\x88\x8e\U00000001\U00000003",
buf="\U00000001\U00000003", len=<unavailable>) at wpa.c:2438
    frame #6: 0x0000000000291592
wpa_supplicant`wpa_supplicant_rx_eapol(ctx=0x0000000800e2e000,
src_addr="\xb4]P\x9e8@\x88\x8e\U00000001\U00000003",
buf="\U00000001\U00000003", len=121) at wpa_supplicant.c:4303:3
    frame #7: 0x00000000002bf799
wpa_supplicant`l2_packet_receive(sock=<unavailable>,
eloop_ctx=0x0000000800e25be0, sock_ctx=<unavailable>) at
l2_packet_freebsd.c:98:2
    frame #8: 0x00000000002fa187 wpa_supplicant`eloop_run [inlined]
eloop_sock_table_dispatch(table=<unavailable>, fds=0x0000000800e64700) at
eloop.c:600:4
    frame #9: 0x00000000002fa132 wpa_supplicant`eloop_run at eloop.c:1223
    frame #10: 0x0000000000293254
wpa_supplicant`wpa_supplicant_run(global=0x0000000800e2a000) at
wpa_supplicant.c:6526:2
    frame #11: 0x0000000000281a54 wpa_supplicant`main(argc=<unavailable>,
argv=<unavailable>) at main.c:397:14
    frame #12: 0x000000000025e0f0 wpa_supplicant`_start(ap=<unavailable>,
cleanup=<unavailable>) at crt1_c.c:75:7
(lldb)

-- 
You are receiving this mail because:
You are on the CC list for the bug.