| 2019-04-16 22:15:19 |
tdotreppe |
bug |
|
|
added bug |
| 2019-04-16 22:30:06 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2019-04-16 22:30:07 |
Ubuntu Kernel Bot |
tags |
|
bionic |
|
| 2019-04-17 02:10:20 |
tdotreppe |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2019-04-17 03:10:47 |
Po-Hsu Lin |
tags |
bionic |
bionic cosmic |
|
| 2019-04-17 06:17:08 |
Po-Hsu Lin |
linux (Ubuntu): assignee |
|
You-Sheng Yang (vicamo) |
|
| 2019-04-17 06:17:33 |
You-Sheng Yang |
nominated for series |
|
Ubuntu Cosmic |
|
| 2019-04-17 06:17:33 |
You-Sheng Yang |
bug task added |
|
linux (Ubuntu Cosmic) |
|
| 2019-04-17 06:17:33 |
You-Sheng Yang |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-04-17 06:17:33 |
You-Sheng Yang |
bug task added |
|
linux (Ubuntu Bionic) |
|
| 2019-04-17 06:17:44 |
You-Sheng Yang |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
| 2019-04-17 06:17:47 |
You-Sheng Yang |
linux (Ubuntu Cosmic): status |
New |
In Progress |
|
| 2019-04-18 05:42:30 |
You-Sheng Yang |
description |
The issue happens on 16.04 with linux-image-4.15.0-47-generic (as well as linux-image-4.15.0-45-generic). It also happens with linux-image-4.15.0-47-generic on 18.04 as well as the HWE kernel (4.18.0-17-generic). All test were done on 64 bit in a virtual machine and can be reproduced. It doesn't happen on 18.10 (mac80211_hwsim has other issues on this kernel that are solved in 19.04, most likely unrelated to this) or 19.04.
Output:
[ 406.036796] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 406.048785] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 406.110060] mac80211_hwsim: initializing netlink
[ 406.153872] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[ 406.154217] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht'
[ 406.316376] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 406.316829] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 406.894434] device wlan1 entered promiscuous mode
[ 407.623768] mac80211_hwsim: initializing netlink
[ 407.627809] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
[ 407.761474] device wlan0 entered promiscuous mode
[ 412.293557] mac80211_hwsim: initializing netlink
[ 412.298984] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
[ 412.410453] device wlan0 entered promiscuous mode
[ 417.040581] mac80211_hwsim: initializing netlink
[ 417.045603] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
[ 417.048093] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 417.221470] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 417.223812] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 417.755334] device wlan1 entered promiscuous mode
[ 419.690453] mac80211_hwsim: initializing netlink
[ 419.696569] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 419.697137] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht'
[ 419.870739] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 419.871090] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 420.406242] device wlan1 entered promiscuous mode
[ 422.434785] mac80211_hwsim: initializing netlink
[ 422.435399] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht'
[ 422.579207] device wlan0 entered promiscuous mode
[ 427.126059] mac80211_hwsim: initializing netlink
[ 427.128889] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht'
[ 427.133435] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht'
[ 427.135756] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht'
[ 427.385722] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 427.386258] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 427.932765] device wlan2 entered promiscuous mode
[ 430.923486] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 434.757426] wlan1: authenticate with 02:00:00:00:00:00
[ 434.757476] wlan1: send auth to 02:00:00:00:00:00 (try 1/3)
[ 434.758851] wlan1: authenticated
[ 434.758940] mac80211_hwsim hwsim1 wlan1: disabling HT/VHT due to WEP/TKIP use
[ 434.758942] mac80211_hwsim hwsim1 wlan1: disabling HT as WMM/QoS is not supported by the AP
[ 434.758943] mac80211_hwsim hwsim1 wlan1: disabling VHT as WMM/QoS is not supported by the AP
[ 434.761333] wlan1: associate with 02:00:00:00:00:00 (try 1/3)
[ 434.761750] wlan1: RX AssocResp from 02:00:00:00:00:00 (capab=0x11 status=0 aid=1)
[ 434.761761] wlan1: associated
[ 434.762107] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 437.039513] wlan1: deauthenticating from 02:00:00:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[ 437.133996] mac80211_hwsim: initializing netlink
[ 437.138685] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht'
[ 437.139801] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht'
[ 437.140661] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 437.140668] IP: hrtimer_active+0xd/0x50
[ 437.140689] PGD 0 P4D 0
[ 437.140692] Oops: 0000 [#1] SMP PTI
[ 437.140693] Modules linked in: mac80211_hwsim(+) arc4 mac80211 cfg80211 coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc snd_ens1371 snd_ac97_codec aesni_intel gameport ac97_bus vmw_balloon snd_pcm aes_x86_64 crypto_simd glue_helper cryptd intel_rapl_perf snd_seq_midi snd_seq_midi_event snd_rawmidi input_leds joydev serio_raw snd_seq vmwgfx ttm drm_kms_helper snd_seq_device snd_timer snd drm fb_sys_fops soundcore syscopyarea sysfillrect sysimgblt shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 hid_generic usbhid hid psmouse mptspi ahci libahci e1000 mptscsih mptbase scsi_transport_spi i2c_piix4 pata_acpi [last unloaded: mac80211_hwsim]
[ 437.140726] CPU: 0 PID: 27091 Comm: wpa_supplicant Not tainted 4.15.0-47-generic #50-Ubuntu
[ 437.140727] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[ 437.140729] RIP: 0010:hrtimer_active+0xd/0x50
[ 437.140730] RSP: 0018:ffffac6b42837b68 EFLAGS: 00010246
[ 437.140731] RAX: 0000000000000000 RBX: ffff99611ded6720 RCX: 0000000000000000
[ 437.140732] RDX: 0000000000000000 RSI: ffff99611ded5618 RDI: ffff99611ded6720
[ 437.140733] RBP: ffffac6b42837b68 R08: 0000000000000000 R09: ffff99611ded4760
[ 437.140734] R10: 00000000000003ff R11: 0000000000000000 R12: 0000000000000000
[ 437.140753] R13: ffff99611ded6700 R14: 00000000ffffffff R15: ffff996122936000
[ 437.140754] FS: 00007f3b6104c800(0000) GS:ffff99617b600000(0000) knlGS:0000000000000000
[ 437.140755] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 437.140756] CR2: 0000000000000000 CR3: 0000000077606003 CR4: 00000000003606f0
[ 437.140845] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 437.140847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 437.140848] Call Trace:
[ 437.140852] hrtimer_try_to_cancel+0x2a/0x110
[ 437.140853] hrtimer_cancel+0x19/0x20
[ 437.140861] mac80211_hwsim_config+0x1cc/0x2d0 [mac80211_hwsim]
[ 437.140876] ieee80211_hw_config+0x1c1/0x350 [mac80211]
[ 437.140886] ieee80211_do_open+0x564/0x860 [mac80211]
[ 437.140896] ieee80211_open+0x52/0x60 [mac80211]
[ 437.140898] __dev_open+0xd3/0x160
[ 437.140900] __dev_change_flags+0x17e/0x1c0
[ 437.140902] dev_change_flags+0x29/0x60
[ 437.140904] devinet_ioctl+0x5de/0x700
[ 437.140907] inet_ioctl+0x56/0x80
[ 437.140909] ? inet_ioctl+0x56/0x80
[ 437.140911] sock_do_ioctl+0x2b/0x60
[ 437.140912] sock_ioctl+0x1a1/0x2c0
[ 437.140915] do_vfs_ioctl+0xa8/0x630
[ 437.140918] ? __sys_recvmsg+0x51/0x90
[ 437.140919] ? __sys_recvmsg+0x51/0x90
[ 437.140921] SyS_ioctl+0x79/0x90
[ 437.140924] do_syscall_64+0x73/0x130
[ 437.140927] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 437.140928] RIP: 0033:0x7f3b5f7fd5d7
[ 437.140947] RSP: 002b:00007ffd6eb15458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 437.140948] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3b5f7fd5d7
[ 437.140949] RDX: 00007ffd6eb15460 RSI: 0000000000008914 RDI: 0000000000000007
[ 437.140950] RBP: 0000000000000007 R08: 00007ffd6eb1546f R09: 00007f3b5fad2c40
[ 437.140951] R10: 0000000000000007 R11: 0000000000000246 R12: 00007ffd6eb15460
[ 437.140952] R13: 000055bfb1458f50 R14: 0000000000000001 R15: 0000000000000000
[ 437.140954] Code: 89 4f 18 4c 89 4f 20 7c ba 48 83 c0 01 4c 89 da e9 5b ff ff ff 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 57 30 55 48 89 e5 <48> 8b 02 8b 50 04 f6 c2 01 75 21 80 7f 38 00 75 2b 48 39 78 08
[ 437.140974] RIP: hrtimer_active+0xd/0x50 RSP: ffffac6b42837b68
[ 437.140975] CR2: 0000000000000000
[ 437.140977] ---[ end trace 8d74331518e00fab ]---
Output 2:
[ 43.756417] rfkill: input handler disabled
[ 68.383884] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 68.391224] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 68.420682] mac80211_hwsim: initializing netlink
[ 68.449135] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[ 68.449775] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht'
[ 68.619017] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 68.620189] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 68.638189] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 68.642074] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 68.702978] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 68.712256] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 68.982710] mac80211_hwsim: initializing netlink
[ 68.984991] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
[ 69.045866] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 69.106433] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 69.133926] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 69.223211] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 69.345731] device wlan0 entered promiscuous mode
[ 74.005516] mac80211_hwsim: initializing netlink
[ 74.009514] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
[ 74.111173] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 74.111307] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 74.133480] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 74.189180] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 74.193947] device wlan0 entered promiscuous mode
[ 78.861183] mac80211_hwsim: initializing netlink
[ 78.862581] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
[ 78.879061] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 79.011024] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.011196] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.037837] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.068188] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.068328] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.090001] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.269492] mac80211_hwsim: initializing netlink
[ 79.273288] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 79.294993] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht'
[ 79.418566] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.419207] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.441601] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.441732] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.469307] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.471547] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.664702] mac80211_hwsim: initializing netlink
[ 79.671392] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht'
[ 79.766695] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.766988] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.794044] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.847582] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.851159] device wlan0 entered promiscuous mode
[ 84.447352] mac80211_hwsim: initializing netlink
[ 84.449056] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht'
[ 84.461724] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht'
[ 84.464591] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht'
[ 84.666028] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 84.666167] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 84.690446] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 84.719246] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready
[ 84.719422] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready
[ 84.745048] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready
[ 84.757556] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 84.757950] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 84.778793] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 84.998007] mac80211_hwsim: initializing netlink
[ 85.014445] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht'
[ 85.014782] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht'
[ 85.197526] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 85.197721] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 85.233345] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 85.249866] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 85.250698] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 85.275950] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 85.333333] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 85.379878] device wlan1 entered promiscuous mode
[ 95.057749] mac80211_hwsim: initializing netlink
[ 95.072452] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht'
[ 95.072888] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht'
[ 95.240206] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 95.240333] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 95.271167] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 95.295968] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 95.296309] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 95.317319] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 95.423964] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 95.454765] device wlan1 entered promiscuous mode
[ 105.142161] mac80211_hwsim: initializing netlink
[ 105.143819] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht'
[ 105.237719] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 105.237844] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 105.267342] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 105.345384] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 105.519550] device wlan0 entered promiscuous mode
[ 110.659816] mac80211_hwsim: initializing netlink
[ 110.661118] ieee80211 phy17: Selected rate control algorithm 'minstrel_ht'
[ 110.821583] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 110.822521] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 110.853368] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 117.129124] mac80211_hwsim: initializing netlink
[ 117.141829] ieee80211 phy18: Selected rate control algorithm 'minstrel_ht'
[ 117.271440] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 117.271609] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 117.298259] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 176.594975] mac80211_hwsim: initializing netlink
[ 176.605829] ieee80211 phy19: Selected rate control algorithm 'minstrel_ht'
[ 176.608801] ieee80211 phy20: Selected rate control algorithm 'minstrel_ht'
[ 176.794994] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 176.795896] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 177.330822] device wlan1 entered promiscuous mode
[ 177.705780] mac80211_hwsim: initializing netlink
[ 177.708274] ieee80211 phy21: Selected rate control algorithm 'minstrel_ht'
[ 177.842779] device wlan0 entered promiscuous mode
[ 182.410311] mac80211_hwsim: initializing netlink
[ 182.415919] ieee80211 phy22: Selected rate control algorithm 'minstrel_ht'
[ 182.529819] device wlan0 entered promiscuous mode
[ 187.183817] mac80211_hwsim: initializing netlink
[ 187.185800] ieee80211 phy23: Selected rate control algorithm 'minstrel_ht'
[ 187.186318] ieee80211 phy24: Selected rate control algorithm 'minstrel_ht'
[ 187.363226] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 187.363818] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 187.898435] device wlan1 entered promiscuous mode
[ 189.854901] mac80211_hwsim: initializing netlink
[ 189.856496] ieee80211 phy25: Selected rate control algorithm 'minstrel_ht'
[ 189.860203] ieee80211 phy26: Selected rate control algorithm 'minstrel_ht'
[ 190.039309] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 190.040294] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 190.577060] device wlan1 entered promiscuous mode
[ 192.589068] mac80211_hwsim: initializing netlink
[ 192.590565] ieee80211 phy27: Selected rate control algorithm 'minstrel_ht'
[ 192.711314] device wlan0 entered promiscuous mode
[ 197.310173] mac80211_hwsim: initializing netlink
[ 197.311798] ieee80211 phy28: Selected rate control algorithm 'minstrel_ht'
[ 197.313855] ieee80211 phy29: Selected rate control algorithm 'minstrel_ht'
[ 197.318312] ieee80211 phy30: Selected rate control algorithm 'minstrel_ht'
[ 197.572944] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 197.573419] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 198.113615] device wlan2 entered promiscuous mode
[ 201.117009] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 204.949915] wlan1: authenticate with 02:00:00:00:00:00
[ 204.949944] wlan1: send auth to 02:00:00:00:00:00 (try 1/3)
[ 204.950967] wlan1: authenticated
[ 204.951056] mac80211_hwsim hwsim1 wlan1: disabling HT/VHT due to WEP/TKIP use
[ 204.951057] mac80211_hwsim hwsim1 wlan1: disabling HT as WMM/QoS is not supported by the AP
[ 204.951058] mac80211_hwsim hwsim1 wlan1: disabling VHT as WMM/QoS is not supported by the AP
[ 204.953283] wlan1: associate with 02:00:00:00:00:00 (try 1/3)
[ 204.954013] wlan1: RX AssocResp from 02:00:00:00:00:00 (capab=0x11 status=0 aid=1)
[ 204.954024] wlan1: associated
[ 204.954270] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 207.225120] wlan1: deauthenticating from 02:00:00:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[ 207.313322] mac80211_hwsim: initializing netlink
[ 207.316424] ieee80211 phy31: Selected rate control algorithm 'minstrel_ht'
[ 207.316954] ieee80211 phy32: Selected rate control algorithm 'minstrel_ht'
[ 207.317513] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[ 207.317516] PGD 0 P4D 0
[ 207.317519] Oops: 0000 [#1] SMP PTI
[ 207.317521] CPU: 0 PID: 6920 Comm: wpa_supplicant Not tainted 4.18.0-17-generic #18~18.04.1-Ubuntu
[ 207.317523] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[ 207.317527] RIP: 0010:hrtimer_active+0xd/0x50
[ 207.317528] Code: 4f 18 4c 89 4f 20 7c ba 48 83 c0 01 4c 89 da e9 5b ff ff ff 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 48 8b 47 30 <8b> 50 10 f6 c2 01 75 1e 80 7f 38 00 75 28 48 39 78 18 74 22 39 50
[ 207.317546] RSP: 0018:ffffc03202963a18 EFLAGS: 00010246
[ 207.317547] RAX: 0000000000000000 RBX: ffff9d32f52ce708 RCX: 0000000000000000
[ 207.317548] RDX: ffff9d32f621c500 RSI: ffff9d32f52cd620 RDI: ffff9d32f52ce708
[ 207.317549] RBP: ffffc03202963a18 R08: 0000000000000000 R09: 0000000000000003
[ 207.317550] R10: 0000000000000000 R11: 00000000000003ff R12: 0000000000000000
[ 207.317551] R13: ffff9d32f52ce6e8 R14: 00000000ffffffff R15: ffff9d32ade90000
[ 207.317553] FS: 00007fd57add4800(0000) GS:ffff9d32fb600000(0000) knlGS:0000000000000000
[ 207.317554] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 207.317555] CR2: 0000000000000010 CR3: 000000002de64006 CR4: 00000000003606f0
[ 207.317594] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 207.317595] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 207.317596] Call Trace:
[ 207.317603] hrtimer_try_to_cancel+0x2a/0x110
[ 207.317605] hrtimer_cancel+0x19/0x20
[ 207.317611] mac80211_hwsim_config+0x1c6/0x2d0 [mac80211_hwsim]
[ 207.317625] ieee80211_hw_config+0x1c1/0x350 [mac80211]
[ 207.317636] ieee80211_do_open+0x572/0x870 [mac80211]
[ 207.317645] ieee80211_open+0x52/0x60 [mac80211]
[ 207.317648] __dev_open+0xd7/0x170
[ 207.317650] __dev_change_flags+0x17e/0x1d0
[ 207.317651] dev_change_flags+0x29/0x60
[ 207.317654] devinet_ioctl+0x588/0x6a0
[ 207.317655] inet_ioctl+0xae/0x1a0
[ 207.317657] ? inet_ioctl+0xae/0x1a0
[ 207.317660] ? _copy_to_user+0x26/0x30
[ 207.317662] ? dev_get_by_name_rcu+0x74/0xa0
[ 207.317663] ? dev_get_by_name_rcu+0x74/0xa0
[ 207.317666] sock_do_ioctl+0x52/0x170
[ 207.317667] ? inet_getname+0x80/0x80
[ 207.317669] ? sock_do_ioctl+0x52/0x170
[ 207.317670] sock_ioctl+0x1e8/0x340
[ 207.317672] ? sock_ioctl+0x1e8/0x340
[ 207.317675] do_vfs_ioctl+0xa8/0x630
[ 207.317676] ? routing_ioctl+0x2b0/0x2b0
[ 207.317678] ? do_vfs_ioctl+0xa8/0x630
[ 207.317680] ? __sys_recvmsg+0x60/0xa0
[ 207.317681] ? __sys_recvmsg+0x60/0xa0
[ 207.317683] ksys_ioctl+0x75/0x80
[ 207.317685] __x64_sys_ioctl+0x1a/0x20
[ 207.317687] do_syscall_64+0x5a/0x120
[ 207.317690] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 207.317691] RIP: 0033:0x7fd5795855d7
[ 207.317692] Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 f7 d8 64 89 01 48
[ 207.317710] RSP: 002b:00007ffe8deaae58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 207.317712] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd5795855d7
[ 207.317713] RDX: 00007ffe8deaae60 RSI: 0000000000008914 RDI: 0000000000000007
[ 207.317714] RBP: 0000000000000007 R08: 00007ffe8deaae6f R09: 00007fd57985ac40
[ 207.317715] R10: 0000000000000007 R11: 0000000000000246 R12: 00007ffe8deaae60
[ 207.317716] R13: 0000562cd254ef50 R14: 0000000000000001 R15: 0000000000000000
[ 207.317717] Modules linked in: mac80211_hwsim(+) arc4 mac80211 cfg80211 coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc vmw_balloon aesni_intel aes_x86_64 crypto_simd cryptd glue_helper intel_rapl_perf joydev input_leds serio_raw vmwgfx ttm drm_kms_helper drm fb_sys_fops syscopyarea sysfillrect sysimgblt mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 psmouse mptspi mptscsih mptbase ahci libahci e1000 scsi_transport_spi i2c_piix4 pata_acpi [last unloaded: mac80211_hwsim]
[ 207.317778] CR2: 0000000000000010
[ 207.317780] ---[ end trace 90e2389d7805f2b7 ]---
[ 207.317782] RIP: 0010:hrtimer_active+0xd/0x50
[ 207.317783] Code: 4f 18 4c 89 4f 20 7c ba 48 83 c0 01 4c 89 da e9 5b ff ff ff 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 48 8b 47 30 <8b> 50 10 f6 c2 01 75 1e 80 7f 38 00 75 28 48 39 78 18 74 22 39 50
[ 207.317801] RSP: 0018:ffffc03202963a18 EFLAGS: 00010246
[ 207.317802] RAX: 0000000000000000 RBX: ffff9d32f52ce708 RCX: 0000000000000000
[ 207.317803] RDX: ffff9d32f621c500 RSI: ffff9d32f52cd620 RDI: ffff9d32f52ce708
[ 207.317804] RBP: ffffc03202963a18 R08: 0000000000000000 R09: 0000000000000003
[ 207.317805] R10: 0000000000000000 R11: 00000000000003ff R12: 0000000000000000
[ 207.317806] R13: ffff9d32f52ce6e8 R14: 00000000ffffffff R15: ffff9d32ade90000
[ 207.317808] FS: 00007fd57add4800(0000) GS:ffff9d32fb600000(0000) knlGS:0000000000000000
[ 207.317809] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 207.317810] CR2: 0000000000000010 CR3: 000000002de64006 CR4: 00000000003606f0
[ 207.317866] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 207.317867] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
How to reproduce:
git clone https://github.com/aircrack-ng/aircrack-ng
# Tested with 69a406c
cd aircrack-ng
grep 'sudo apt' README.md > a && bash a
rm a
autoreconf -i
./configure --with-experimental
make check
bash scripts/airmon-ng.linux check kill
make integration
It will freeze after the test/test-aireplay-ng-0007.sh (while running test/test-airbase-ng-0001.sh) test while doing "modprobe mac80211_hwsim radios=2". You may have to run them twice before this happens |
[Impact]
Kernel NULL pointer dereference in mac80211_hwsim.
[Fix]
a1881c9b8a1e mac80211_hwsim: Timer should be initialized before device registered
This fix has been included in 4.19.9 or above.
[Test Case]
$ git clone https://github.com/aircrack-ng/aircrack-ng
# Tested with 69a406c
$ cd aircrack-ng
$ grep 'sudo apt' README.md | bash
$ autoreconf -i
$ ./configure --with-experimental
$ make check
$ sudo bash scripts/airmon-ng.linux check kill
$ sudo make integration
# Run integration test again and check dmesg
$ sudo bash scripts/airmon-ng.linux check kill
$ sudo make integration
Verified with VMs setup locally.
[Regression Risk]
Low. Move forward data structure initialization only. This patch has
also been included in LTS stable kernel.
==== Original Bug Report ====
The issue happens on 16.04 with linux-image-4.15.0-47-generic (as well as linux-image-4.15.0-45-generic). It also happens with linux-image-4.15.0-47-generic on 18.04 as well as the HWE kernel (4.18.0-17-generic). All test were done on 64 bit in a virtual machine and can be reproduced. It doesn't happen on 18.10 (mac80211_hwsim has other issues on this kernel that are solved in 19.04, most likely unrelated to this) or 19.04.
Output:
[ 406.036796] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 406.048785] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 406.110060] mac80211_hwsim: initializing netlink
[ 406.153872] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[ 406.154217] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht'
[ 406.316376] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 406.316829] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 406.894434] device wlan1 entered promiscuous mode
[ 407.623768] mac80211_hwsim: initializing netlink
[ 407.627809] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
[ 407.761474] device wlan0 entered promiscuous mode
[ 412.293557] mac80211_hwsim: initializing netlink
[ 412.298984] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
[ 412.410453] device wlan0 entered promiscuous mode
[ 417.040581] mac80211_hwsim: initializing netlink
[ 417.045603] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
[ 417.048093] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 417.221470] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 417.223812] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 417.755334] device wlan1 entered promiscuous mode
[ 419.690453] mac80211_hwsim: initializing netlink
[ 419.696569] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 419.697137] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht'
[ 419.870739] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 419.871090] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 420.406242] device wlan1 entered promiscuous mode
[ 422.434785] mac80211_hwsim: initializing netlink
[ 422.435399] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht'
[ 422.579207] device wlan0 entered promiscuous mode
[ 427.126059] mac80211_hwsim: initializing netlink
[ 427.128889] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht'
[ 427.133435] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht'
[ 427.135756] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht'
[ 427.385722] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 427.386258] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 427.932765] device wlan2 entered promiscuous mode
[ 430.923486] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 434.757426] wlan1: authenticate with 02:00:00:00:00:00
[ 434.757476] wlan1: send auth to 02:00:00:00:00:00 (try 1/3)
[ 434.758851] wlan1: authenticated
[ 434.758940] mac80211_hwsim hwsim1 wlan1: disabling HT/VHT due to WEP/TKIP use
[ 434.758942] mac80211_hwsim hwsim1 wlan1: disabling HT as WMM/QoS is not supported by the AP
[ 434.758943] mac80211_hwsim hwsim1 wlan1: disabling VHT as WMM/QoS is not supported by the AP
[ 434.761333] wlan1: associate with 02:00:00:00:00:00 (try 1/3)
[ 434.761750] wlan1: RX AssocResp from 02:00:00:00:00:00 (capab=0x11 status=0 aid=1)
[ 434.761761] wlan1: associated
[ 434.762107] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 437.039513] wlan1: deauthenticating from 02:00:00:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[ 437.133996] mac80211_hwsim: initializing netlink
[ 437.138685] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht'
[ 437.139801] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht'
[ 437.140661] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 437.140668] IP: hrtimer_active+0xd/0x50
[ 437.140689] PGD 0 P4D 0
[ 437.140692] Oops: 0000 [#1] SMP PTI
[ 437.140693] Modules linked in: mac80211_hwsim(+) arc4 mac80211 cfg80211 coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc snd_ens1371 snd_ac97_codec aesni_intel gameport ac97_bus vmw_balloon snd_pcm aes_x86_64 crypto_simd glue_helper cryptd intel_rapl_perf snd_seq_midi snd_seq_midi_event snd_rawmidi input_leds joydev serio_raw snd_seq vmwgfx ttm drm_kms_helper snd_seq_device snd_timer snd drm fb_sys_fops soundcore syscopyarea sysfillrect sysimgblt shpchp mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 hid_generic usbhid hid psmouse mptspi ahci libahci e1000 mptscsih mptbase scsi_transport_spi i2c_piix4 pata_acpi [last unloaded: mac80211_hwsim]
[ 437.140726] CPU: 0 PID: 27091 Comm: wpa_supplicant Not tainted 4.15.0-47-generic #50-Ubuntu
[ 437.140727] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[ 437.140729] RIP: 0010:hrtimer_active+0xd/0x50
[ 437.140730] RSP: 0018:ffffac6b42837b68 EFLAGS: 00010246
[ 437.140731] RAX: 0000000000000000 RBX: ffff99611ded6720 RCX: 0000000000000000
[ 437.140732] RDX: 0000000000000000 RSI: ffff99611ded5618 RDI: ffff99611ded6720
[ 437.140733] RBP: ffffac6b42837b68 R08: 0000000000000000 R09: ffff99611ded4760
[ 437.140734] R10: 00000000000003ff R11: 0000000000000000 R12: 0000000000000000
[ 437.140753] R13: ffff99611ded6700 R14: 00000000ffffffff R15: ffff996122936000
[ 437.140754] FS: 00007f3b6104c800(0000) GS:ffff99617b600000(0000) knlGS:0000000000000000
[ 437.140755] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 437.140756] CR2: 0000000000000000 CR3: 0000000077606003 CR4: 00000000003606f0
[ 437.140845] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 437.140847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 437.140848] Call Trace:
[ 437.140852] hrtimer_try_to_cancel+0x2a/0x110
[ 437.140853] hrtimer_cancel+0x19/0x20
[ 437.140861] mac80211_hwsim_config+0x1cc/0x2d0 [mac80211_hwsim]
[ 437.140876] ieee80211_hw_config+0x1c1/0x350 [mac80211]
[ 437.140886] ieee80211_do_open+0x564/0x860 [mac80211]
[ 437.140896] ieee80211_open+0x52/0x60 [mac80211]
[ 437.140898] __dev_open+0xd3/0x160
[ 437.140900] __dev_change_flags+0x17e/0x1c0
[ 437.140902] dev_change_flags+0x29/0x60
[ 437.140904] devinet_ioctl+0x5de/0x700
[ 437.140907] inet_ioctl+0x56/0x80
[ 437.140909] ? inet_ioctl+0x56/0x80
[ 437.140911] sock_do_ioctl+0x2b/0x60
[ 437.140912] sock_ioctl+0x1a1/0x2c0
[ 437.140915] do_vfs_ioctl+0xa8/0x630
[ 437.140918] ? __sys_recvmsg+0x51/0x90
[ 437.140919] ? __sys_recvmsg+0x51/0x90
[ 437.140921] SyS_ioctl+0x79/0x90
[ 437.140924] do_syscall_64+0x73/0x130
[ 437.140927] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 437.140928] RIP: 0033:0x7f3b5f7fd5d7
[ 437.140947] RSP: 002b:00007ffd6eb15458 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 437.140948] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3b5f7fd5d7
[ 437.140949] RDX: 00007ffd6eb15460 RSI: 0000000000008914 RDI: 0000000000000007
[ 437.140950] RBP: 0000000000000007 R08: 00007ffd6eb1546f R09: 00007f3b5fad2c40
[ 437.140951] R10: 0000000000000007 R11: 0000000000000246 R12: 00007ffd6eb15460
[ 437.140952] R13: 000055bfb1458f50 R14: 0000000000000001 R15: 0000000000000000
[ 437.140954] Code: 89 4f 18 4c 89 4f 20 7c ba 48 83 c0 01 4c 89 da e9 5b ff ff ff 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 57 30 55 48 89 e5 <48> 8b 02 8b 50 04 f6 c2 01 75 21 80 7f 38 00 75 2b 48 39 78 08
[ 437.140974] RIP: hrtimer_active+0xd/0x50 RSP: ffffac6b42837b68
[ 437.140975] CR2: 0000000000000000
[ 437.140977] ---[ end trace 8d74331518e00fab ]---
Output 2:
[ 43.756417] rfkill: input handler disabled
[ 68.383884] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 68.391224] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 68.420682] mac80211_hwsim: initializing netlink
[ 68.449135] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[ 68.449775] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht'
[ 68.619017] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 68.620189] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 68.638189] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 68.642074] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 68.702978] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 68.712256] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 68.982710] mac80211_hwsim: initializing netlink
[ 68.984991] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
[ 69.045866] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 69.106433] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 69.133926] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 69.223211] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 69.345731] device wlan0 entered promiscuous mode
[ 74.005516] mac80211_hwsim: initializing netlink
[ 74.009514] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
[ 74.111173] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 74.111307] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 74.133480] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 74.189180] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 74.193947] device wlan0 entered promiscuous mode
[ 78.861183] mac80211_hwsim: initializing netlink
[ 78.862581] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
[ 78.879061] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 79.011024] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.011196] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.037837] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.068188] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.068328] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.090001] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.269492] mac80211_hwsim: initializing netlink
[ 79.273288] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 79.294993] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht'
[ 79.418566] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.419207] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.441601] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.441732] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.469307] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.471547] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 79.664702] mac80211_hwsim: initializing netlink
[ 79.671392] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht'
[ 79.766695] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.766988] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.794044] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.847582] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 79.851159] device wlan0 entered promiscuous mode
[ 84.447352] mac80211_hwsim: initializing netlink
[ 84.449056] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht'
[ 84.461724] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht'
[ 84.464591] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht'
[ 84.666028] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 84.666167] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 84.690446] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 84.719246] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready
[ 84.719422] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready
[ 84.745048] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready
[ 84.757556] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 84.757950] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 84.778793] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 84.998007] mac80211_hwsim: initializing netlink
[ 85.014445] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht'
[ 85.014782] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht'
[ 85.197526] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 85.197721] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 85.233345] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 85.249866] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 85.250698] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 85.275950] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 85.333333] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 85.379878] device wlan1 entered promiscuous mode
[ 95.057749] mac80211_hwsim: initializing netlink
[ 95.072452] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht'
[ 95.072888] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht'
[ 95.240206] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 95.240333] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 95.271167] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 95.295968] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 95.296309] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 95.317319] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 95.423964] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 95.454765] device wlan1 entered promiscuous mode
[ 105.142161] mac80211_hwsim: initializing netlink
[ 105.143819] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht'
[ 105.237719] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 105.237844] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 105.267342] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 105.345384] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 105.519550] device wlan0 entered promiscuous mode
[ 110.659816] mac80211_hwsim: initializing netlink
[ 110.661118] ieee80211 phy17: Selected rate control algorithm 'minstrel_ht'
[ 110.821583] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 110.822521] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 110.853368] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 117.129124] mac80211_hwsim: initializing netlink
[ 117.141829] ieee80211 phy18: Selected rate control algorithm 'minstrel_ht'
[ 117.271440] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 117.271609] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 117.298259] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 176.594975] mac80211_hwsim: initializing netlink
[ 176.605829] ieee80211 phy19: Selected rate control algorithm 'minstrel_ht'
[ 176.608801] ieee80211 phy20: Selected rate control algorithm 'minstrel_ht'
[ 176.794994] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 176.795896] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 177.330822] device wlan1 entered promiscuous mode
[ 177.705780] mac80211_hwsim: initializing netlink
[ 177.708274] ieee80211 phy21: Selected rate control algorithm 'minstrel_ht'
[ 177.842779] device wlan0 entered promiscuous mode
[ 182.410311] mac80211_hwsim: initializing netlink
[ 182.415919] ieee80211 phy22: Selected rate control algorithm 'minstrel_ht'
[ 182.529819] device wlan0 entered promiscuous mode
[ 187.183817] mac80211_hwsim: initializing netlink
[ 187.185800] ieee80211 phy23: Selected rate control algorithm 'minstrel_ht'
[ 187.186318] ieee80211 phy24: Selected rate control algorithm 'minstrel_ht'
[ 187.363226] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 187.363818] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 187.898435] device wlan1 entered promiscuous mode
[ 189.854901] mac80211_hwsim: initializing netlink
[ 189.856496] ieee80211 phy25: Selected rate control algorithm 'minstrel_ht'
[ 189.860203] ieee80211 phy26: Selected rate control algorithm 'minstrel_ht'
[ 190.039309] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 190.040294] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 190.577060] device wlan1 entered promiscuous mode
[ 192.589068] mac80211_hwsim: initializing netlink
[ 192.590565] ieee80211 phy27: Selected rate control algorithm 'minstrel_ht'
[ 192.711314] device wlan0 entered promiscuous mode
[ 197.310173] mac80211_hwsim: initializing netlink
[ 197.311798] ieee80211 phy28: Selected rate control algorithm 'minstrel_ht'
[ 197.313855] ieee80211 phy29: Selected rate control algorithm 'minstrel_ht'
[ 197.318312] ieee80211 phy30: Selected rate control algorithm 'minstrel_ht'
[ 197.572944] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 197.573419] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 198.113615] device wlan2 entered promiscuous mode
[ 201.117009] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[ 204.949915] wlan1: authenticate with 02:00:00:00:00:00
[ 204.949944] wlan1: send auth to 02:00:00:00:00:00 (try 1/3)
[ 204.950967] wlan1: authenticated
[ 204.951056] mac80211_hwsim hwsim1 wlan1: disabling HT/VHT due to WEP/TKIP use
[ 204.951057] mac80211_hwsim hwsim1 wlan1: disabling HT as WMM/QoS is not supported by the AP
[ 204.951058] mac80211_hwsim hwsim1 wlan1: disabling VHT as WMM/QoS is not supported by the AP
[ 204.953283] wlan1: associate with 02:00:00:00:00:00 (try 1/3)
[ 204.954013] wlan1: RX AssocResp from 02:00:00:00:00:00 (capab=0x11 status=0 aid=1)
[ 204.954024] wlan1: associated
[ 204.954270] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 207.225120] wlan1: deauthenticating from 02:00:00:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING)
[ 207.313322] mac80211_hwsim: initializing netlink
[ 207.316424] ieee80211 phy31: Selected rate control algorithm 'minstrel_ht'
[ 207.316954] ieee80211 phy32: Selected rate control algorithm 'minstrel_ht'
[ 207.317513] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[ 207.317516] PGD 0 P4D 0
[ 207.317519] Oops: 0000 [#1] SMP PTI
[ 207.317521] CPU: 0 PID: 6920 Comm: wpa_supplicant Not tainted 4.18.0-17-generic #18~18.04.1-Ubuntu
[ 207.317523] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[ 207.317527] RIP: 0010:hrtimer_active+0xd/0x50
[ 207.317528] Code: 4f 18 4c 89 4f 20 7c ba 48 83 c0 01 4c 89 da e9 5b ff ff ff 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 48 8b 47 30 <8b> 50 10 f6 c2 01 75 1e 80 7f 38 00 75 28 48 39 78 18 74 22 39 50
[ 207.317546] RSP: 0018:ffffc03202963a18 EFLAGS: 00010246
[ 207.317547] RAX: 0000000000000000 RBX: ffff9d32f52ce708 RCX: 0000000000000000
[ 207.317548] RDX: ffff9d32f621c500 RSI: ffff9d32f52cd620 RDI: ffff9d32f52ce708
[ 207.317549] RBP: ffffc03202963a18 R08: 0000000000000000 R09: 0000000000000003
[ 207.317550] R10: 0000000000000000 R11: 00000000000003ff R12: 0000000000000000
[ 207.317551] R13: ffff9d32f52ce6e8 R14: 00000000ffffffff R15: ffff9d32ade90000
[ 207.317553] FS: 00007fd57add4800(0000) GS:ffff9d32fb600000(0000) knlGS:0000000000000000
[ 207.317554] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 207.317555] CR2: 0000000000000010 CR3: 000000002de64006 CR4: 00000000003606f0
[ 207.317594] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 207.317595] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 207.317596] Call Trace:
[ 207.317603] hrtimer_try_to_cancel+0x2a/0x110
[ 207.317605] hrtimer_cancel+0x19/0x20
[ 207.317611] mac80211_hwsim_config+0x1c6/0x2d0 [mac80211_hwsim]
[ 207.317625] ieee80211_hw_config+0x1c1/0x350 [mac80211]
[ 207.317636] ieee80211_do_open+0x572/0x870 [mac80211]
[ 207.317645] ieee80211_open+0x52/0x60 [mac80211]
[ 207.317648] __dev_open+0xd7/0x170
[ 207.317650] __dev_change_flags+0x17e/0x1d0
[ 207.317651] dev_change_flags+0x29/0x60
[ 207.317654] devinet_ioctl+0x588/0x6a0
[ 207.317655] inet_ioctl+0xae/0x1a0
[ 207.317657] ? inet_ioctl+0xae/0x1a0
[ 207.317660] ? _copy_to_user+0x26/0x30
[ 207.317662] ? dev_get_by_name_rcu+0x74/0xa0
[ 207.317663] ? dev_get_by_name_rcu+0x74/0xa0
[ 207.317666] sock_do_ioctl+0x52/0x170
[ 207.317667] ? inet_getname+0x80/0x80
[ 207.317669] ? sock_do_ioctl+0x52/0x170
[ 207.317670] sock_ioctl+0x1e8/0x340
[ 207.317672] ? sock_ioctl+0x1e8/0x340
[ 207.317675] do_vfs_ioctl+0xa8/0x630
[ 207.317676] ? routing_ioctl+0x2b0/0x2b0
[ 207.317678] ? do_vfs_ioctl+0xa8/0x630
[ 207.317680] ? __sys_recvmsg+0x60/0xa0
[ 207.317681] ? __sys_recvmsg+0x60/0xa0
[ 207.317683] ksys_ioctl+0x75/0x80
[ 207.317685] __x64_sys_ioctl+0x1a/0x20
[ 207.317687] do_syscall_64+0x5a/0x120
[ 207.317690] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 207.317691] RIP: 0033:0x7fd5795855d7
[ 207.317692] Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 f7 d8 64 89 01 48
[ 207.317710] RSP: 002b:00007ffe8deaae58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 207.317712] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd5795855d7
[ 207.317713] RDX: 00007ffe8deaae60 RSI: 0000000000008914 RDI: 0000000000000007
[ 207.317714] RBP: 0000000000000007 R08: 00007ffe8deaae6f R09: 00007fd57985ac40
[ 207.317715] R10: 0000000000000007 R11: 0000000000000246 R12: 00007ffe8deaae60
[ 207.317716] R13: 0000562cd254ef50 R14: 0000000000000001 R15: 0000000000000000
[ 207.317717] Modules linked in: mac80211_hwsim(+) arc4 mac80211 cfg80211 coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc vmw_balloon aesni_intel aes_x86_64 crypto_simd cryptd glue_helper intel_rapl_perf joydev input_leds serio_raw vmwgfx ttm drm_kms_helper drm fb_sys_fops syscopyarea sysfillrect sysimgblt mac_hid vmw_vsock_vmci_transport vsock vmw_vmci sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 psmouse mptspi mptscsih mptbase ahci libahci e1000 scsi_transport_spi i2c_piix4 pata_acpi [last unloaded: mac80211_hwsim]
[ 207.317778] CR2: 0000000000000010
[ 207.317780] ---[ end trace 90e2389d7805f2b7 ]---
[ 207.317782] RIP: 0010:hrtimer_active+0xd/0x50
[ 207.317783] Code: 4f 18 4c 89 4f 20 7c ba 48 83 c0 01 4c 89 da e9 5b ff ff ff 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 48 8b 47 30 <8b> 50 10 f6 c2 01 75 1e 80 7f 38 00 75 28 48 39 78 18 74 22 39 50
[ 207.317801] RSP: 0018:ffffc03202963a18 EFLAGS: 00010246
[ 207.317802] RAX: 0000000000000000 RBX: ffff9d32f52ce708 RCX: 0000000000000000
[ 207.317803] RDX: ffff9d32f621c500 RSI: ffff9d32f52cd620 RDI: ffff9d32f52ce708
[ 207.317804] RBP: ffffc03202963a18 R08: 0000000000000000 R09: 0000000000000003
[ 207.317805] R10: 0000000000000000 R11: 00000000000003ff R12: 0000000000000000
[ 207.317806] R13: ffff9d32f52ce6e8 R14: 00000000ffffffff R15: ffff9d32ade90000
[ 207.317808] FS: 00007fd57add4800(0000) GS:ffff9d32fb600000(0000) knlGS:0000000000000000
[ 207.317809] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 207.317810] CR2: 0000000000000010 CR3: 000000002de64006 CR4: 00000000003606f0
[ 207.317866] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 207.317867] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
How to reproduce:
git clone https://github.com/aircrack-ng/aircrack-ng
# Tested with 69a406c
cd aircrack-ng
grep 'sudo apt' README.md > a && bash a
rm a
autoreconf -i
./configure --with-experimental
make check
bash scripts/airmon-ng.linux check kill
make integration
It will freeze after the test/test-aireplay-ng-0007.sh (while running test/test-airbase-ng-0001.sh) test while doing "modprobe mac80211_hwsim radios=2". You may have to run them twice before this happens |
|
| 2019-04-18 09:51:39 |
Stefan Bader |
linux (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2019-04-23 04:15:29 |
Khaled El Mously |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2019-04-23 04:15:32 |
Khaled El Mously |
linux (Ubuntu Cosmic): status |
In Progress |
Fix Committed |
|
| 2019-04-25 22:32:24 |
Ubuntu Kernel Bot |
tags |
bionic cosmic |
bionic cosmic verification-needed-cosmic |
|
| 2019-04-26 01:52:55 |
tdotreppe |
tags |
bionic cosmic verification-needed-cosmic |
bionic cosmic verification-done-cosmic |
|
| 2019-04-29 16:03:41 |
Ubuntu Kernel Bot |
tags |
bionic cosmic verification-done-cosmic |
bionic cosmic verification-done-cosmic verification-needed-bionic |
|
| 2019-05-01 01:43:36 |
tdotreppe |
tags |
bionic cosmic verification-done-cosmic verification-needed-bionic |
bionic cosmic verification-done-bionic verification-done-cosmic |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2017-5715 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2017-5753 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2017-5754 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2018-12126 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2018-12127 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2018-12130 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2018-16884 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2018-3620 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2018-3639 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2018-3646 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2019-3874 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2019-3882 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2019-9500 |
|
| 2019-05-14 19:00:51 |
Launchpad Janitor |
cve linked |
|
2019-9503 |
|
| 2019-05-14 19:04:10 |
Launchpad Janitor |
linux (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
| 2019-05-14 19:04:10 |
Launchpad Janitor |
cve linked |
|
2019-3887 |
|
