[pkg-wpa-devel] Bug#450530: wpasupplicant: Segfaults after "Group Key Handshake"

Kim Hansen kimhanse at gmail.com
Wed Nov 7 21:59:33 UTC 2007 

Package: wpasupplicant
Version: 0.6.0-4
Severity: normal


I have a a lot of difficulties when I want to use wireless network, they
seem to work only 1 time out of 10. It was a lot better a month ago.

I think I have isolated my problem to a segfault in wpa_suplicant, I
will attach a log of the segfault.

I have tried to get a backtrace with gdb, but the binary is stripped so
it might not be of much use:
Program received signal SIGSEGV, Segmentation fault.
0xb7e06954 in ?? () from /usr/lib/i686/cmov/libcrypto.so.0.9.8
(gdb) bt
#0  0xb7e06954 in ?? () from /usr/lib/i686/cmov/libcrypto.so.0.9.8
#1  0xb7e0751b in AES_decrypt () from
/usr/lib/i686/cmov/libcrypto.so.0.9.8
#2  0xbfcfd28c in ?? ()
#3  0x00000001 in ?? ()
#4  0x00000000 in ?? ()
(gdb) 

If you want me to rebuild the package with debug symbols or do something
else in order to pinpoint the bug just ask.

Thanks for the package,
Kim Hansen

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (1050, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wpasupplicant depends on:
ii  adduser                   3.105          add and remove users and groups
ii  libc6                     2.6.1-6        GNU C Library: Shared libraries
ii  libdbus-1-3               1.1.1-3        simple interprocess messaging syst
ii  libncurses5               5.6+20071013-1 Shared libraries for terminal hand
ii  libreadline5              5.2-3          GNU readline and history libraries
ii  libssl0.9.8               0.9.8g-2       SSL shared libraries
ii  lsb-base                  3.1-24         Linux Standard Base 3.1 init scrip

Versions of packages wpasupplicant recommends:
ii  dhcp3-client                3.0.6.dfsg-1 DHCP client

-- no debconf information
-------------- next part --------------
raph:/etc/wpa_supplicant# wpa_supplicant -d -Dwext -iwlan9 -c wpa_supplicant.conf-debug 
Initializing interface 'wlan9' conf 'wpa_supplicant.conf-debug' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
Configuration file 'wpa_supplicant.conf-debug' -> '/etc/wpa_supplicant/wpa_supplicant.conf-debug'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf-debug'
ctrl_interface='/var/run/wpa_supplicant'
Priority group 0
   id=0 ssid='i9.dk'
Initializing interface (2) 'wlan9'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=22 WE(source)=16 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:19:d2:16:1f:20
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
RSN: flushing PMKID list in the driver
Setting scan request: 0 sec 100000 usec
Using existing control interface directory.
ctrl_iface bind(PF_UNIX) failed: Address already in use
ctrl_iface exists, but does not allow connections - assuming it was leftover from forced program termination
Successfully replaced leftover ctrl_iface socket '/var/run/wpa_supplicant/wlan9'
Added interface wlan9
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=8
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Trying to get current scan results first without requesting a new scan to speed up initial association
Received 269 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
Try to find WPA-enabled AP
0: 00:13:10:83:c8:9c ssid='i9.dk' wpa_ie_len=30 rsn_ie_len=0 caps=0x11
   selected based on WPA IE
   selected WPA AP 00:13:10:83:c8:9c ssid='i9.dk'
Try to find non-WPA AP
Trying to associate with 00:13:10:83:c8:9c (SSID='i9.dk' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 2 proto 1
WPA: set AP WPA IE - hexdump(len=30): dd 1c 00 50 f2 01 01 00 00 50 f2 02 02 00 00 50 f2 04 00 50 f2 02 01 00 00 50 f2 02 00 00
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 04 01 00 00 50 f2 02
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Added BSSID 00:13:10:83:c8:9c into blacklist
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
State: ASSOCIATING -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b04 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=13
Authentication with 00:00:00:00:00:00 timed out.
Added BSSID 00:00:00:00:00:00 into blacklist
No keys have been configured - skip key clearing
State: DISCONNECTED -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Scan timeout - try to get results
Received 966 bytes of scan results (4 BSSes)
Scan results: 4
Selecting BSS from priority group 0
Try to find WPA-enabled AP
0: 00:13:10:83:c8:9c ssid='i9.dk' wpa_ie_len=30 rsn_ie_len=0 caps=0x11
   selected based on WPA IE
   selected WPA AP 00:13:10:83:c8:9c ssid='i9.dk'
Try to find non-WPA AP
Trying to associate with 00:13:10:83:c8:9c (SSID='i9.dk' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 2 proto 1
WPA: set AP WPA IE - hexdump(len=30): dd 1c 00 50 f2 01 01 00 00 50 f2 02 02 00 00 50 f2 04 00 50 f2 02 01 00 00 50 f2 02 00 00
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 04 01 00 00 50 f2 02
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b04 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=13
RX EAPOL from 00:13:10:83:c8:9c
Setting authentication timeout: 10 sec 0 usec
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=254
  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
  key_length=16 key_data_length=0
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_nonce - hexdump(len=32): 63 6e 8a 5e 50 cc c5 8e 5c 11 13 58 91 2a a0 4a ec 47 bd 90 ae 25 de 75 49 2c 81 b4 a9 ad 6c 26
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
State: ASSOCIATING -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:13:10:83:c8:9c (ver=2)
WPA: Renewed SNonce - hexdump(len=32): 8c 01 bd f3 0a 29 9f c5 b2 d1 32 1b e5 33 c4 da b4 06 52 83 b9 ef c0 a6 07 6f 42 48 d3 ab df ed
WPA: PTK derivation - A1=00:19:d2:16:1f:20 A2=00:00:00:00:00:00
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 04 01 00 00 50 f2 02
WPA: Sending EAPOL-Key 2/4
WPA: Use BSSID (00:13:10:83:c8:9c) as the destination for EAPOL-Key
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan9' added
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:13:10:83:c8:9c
State: 4WAY_HANDSHAKE -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
Associated to a new BSS: BSSID=00:13:10:83:c8:9c
No keys have been configured - skip key clearing
Associated with 00:13:10:83:c8:9c
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
RX EAPOL from 00:13:10:83:c8:9c
Setting authentication timeout: 10 sec 0 usec
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=254
  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
  key_length=16 key_data_length=0
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 01
  key_nonce - hexdump(len=32): 63 6e 8a 5e 50 cc c5 8e 5c 11 13 58 91 2a a0 4a ec 47 bd 90 ae 25 de 75 49 2c 81 b4 a9 ad 6c 26
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
State: ASSOCIATED -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:13:10:83:c8:9c (ver=2)
WPA: Renewed SNonce - hexdump(len=32): 5b 50 d7 16 1c 84 f9 93 ae b6 f7 d4 a4 f5 8d 8e b6 5d 23 0c c0 73 f5 f0 9f 89 fe f3 1d c5 96 27
WPA: PTK derivation - A1=00:19:d2:16:1f:20 A2=00:13:10:83:c8:9c
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 04 01 00 00 50 f2 02
WPA: Sending EAPOL-Key 2/4
RX EAPOL from 00:13:10:83:c8:9c
IEEE 802.1X RX: version=1 type=3 length=125
  EAPOL-Key type=254
  key_info 0x1ca (ver=2 keyidx=0 rsvd=0 Pairwise Install Ack MIC)
  key_length=16 key_data_length=30
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 02
  key_nonce - hexdump(len=32): 63 6e 8a 5e 50 cc c5 8e 5c 11 13 58 91 2a a0 4a ec 47 bd 90 ae 25 de 75 49 2c 81 b4 a9 ad 6c 26
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): ff d0 00 1b 4a 25 19 f9 11 3c ad ca 54 fd f0 e0
State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
WPA: RX message 3 of 4-Way Handshake from 00:13:10:83:c8:9c (ver=2)
WPA: IE KeyData - hexdump(len=30): dd 1c 00 50 f2 01 01 00 00 50 f2 02 02 00 00 50 f2 04 00 50 f2 02 01 00 00 50 f2 02 00 00
WPA: Sending EAPOL-Key 4/4
WPA: Installing PTK to the driver.
WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
wpa_driver_wext_set_key: alg=3 key_idx=0 set_tx=1 seq_len=6 key_len=16
State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
RX EAPOL from 00:13:10:83:c8:9c
IEEE 802.1X RX: version=1 type=3 length=135
  EAPOL-Key type=254
  key_info 0x392 (ver=2 keyidx=1 rsvd=0 Group Ack MIC Secure)
  key_length=32 key_data_length=40
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 03
  key_nonce - hexdump(len=32): 63 6e 8a 5e 50 cc c5 8e 5c 11 13 58 91 2a a0 4a ec 47 bd 90 ae 25 de 75 49 2c 81 b4 a9 ad 6c 25
  key_iv - hexdump(len=16): ec 47 bd 90 ae 25 de 75 49 2c 81 b4 a9 ad 6c 27
  key_rsc - hexdump(len=8): 01 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): f9 d2 69 d1 4c 64 17 f0 7c b3 7d a9 6e 48 2f 39
WPA: RX message 1 of Group Key Handshake from 00:13:10:83:c8:9c (ver=2)
Segmentation fault
raph:/etc/wpa_supplicant#

More information about the Pkg-wpa-devel mailing list