Panic in AHDEMO mode (was: net-mgmt/aircrack-ng on FreeBSD 7+ / call for testing)

Lars Engels lars.engels at 0x20.net
Sat Oct 1 16:35:08 UTC 2011 

On Fri, 30 Sep 2011 10:51:08 +0200, Jakub Lach wrote:
> Hi list,
>
> Since some (2 years?) time, injection
> is not supported in monitor mode, but
> should work in ahdemo.
>
> aircrack-ng did not reflect this
> change, and was basically not working
> as intended.
>
> I filled a pr, since working on this
> issue was delayed in upstream, and
> there appeared to be simple workaround
> floating around (by richardpl).
>
> (ports/160564)
>
> But results are somewhat inconsistent,
> e.g. I still get
>
> wi_write(): Permission denied
>
> with AR242x / AR542x, even after
> updating aircrack for patched
> version.
>
> Others reported success.
>
> So this is basically call for testing
> net-mgmt/aircrack-ng  and/or finding
> better workaround.
>
> best regards,
> - Jakub Lach
>
> PS. Simple guide goes a long way:
>
> 1. Install net-mgmt/aircrack-ng.
>
> (e.g. portmaster net-mgmt/aircrack-ng)
>
> 2. Set card in ahdemo mode.
>
> (e.g. ifconfig wlan0 create wlandev ath0 wlanmode ahdemo)
>
> 3. Perform injection test.
>
> (e.g. aireplay-ng -9 wlan0)
>
> 4. Any "wi_write(): Permission denied"?

No, permission denied was not raised, but the kernel panicked:


Sat Oct  1 18:05:26 CEST 2011

FreeBSD maggie.bsd-geek.de 9.0-BETA2 FreeBSD 9.0-BETA2 #0: Thu Sep 15 
22:35:13 CEST 2011     
svenja at maggie.bsd-geek.de:/usr/obj/usr/src/sys/MAGGIE  i386

panic: page fault

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xffff
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0adb2da
stack pointer           = 0x28:0xed25ba4c
frame pointer           = 0x28:0xed25ba60
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 89407 (aireplay-ng)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 1h3m7s
Physical memory: 2534 MB

Loaded symbols for /boot/kernel/drm.ko
#0  doadump (textdump=1) at pcpu.h:244
244     pcpu.h: No such file or directory.
         in pcpu.h
(kgdb) #0  doadump (textdump=1) at pcpu.h:244
#1  0xc0a1344a in kern_reboot (howto=260)
     at /usr/src/sys/kern/kern_shutdown.c:430
#2  0xc0a136a8 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc0d435cc in trap_fatal (frame=0xed25ba0c, eva=65535)
     at /usr/src/sys/i386/i386/trap.c:967
#4  0xc0d43820 in trap_pfault (frame=0xed25ba0c, usermode=0, eva=65535)
     at /usr/src/sys/i386/i386/trap.c:880
#5  0xc0d43ce9 in trap (frame=0xed25ba0c) at 
/usr/src/sys/i386/i386/trap.c:555
#6  0xc0d2d90c in calltrap () at /usr/src/sys/i386/i386/exception.s:168
#7  0xc0adb2da in ieee80211_chan2mode (chan=0xffff)
     at /usr/src/sys/net80211/ieee80211.c:1427
#8  0xc0afe2de in ieee80211_node_set_chan (ni=0xcfe39000, chan=0xffff)
     at /usr/src/sys/net80211/ieee80211_node.c:285
#9  0xc0b0028b in ieee80211_dup_bss (vap=0xc7651000, macaddr=0xc725ad3c 
"")
     at /usr/src/sys/net80211/ieee80211_node.c:1219
#10 0xc0b003bc in ieee80211_fakeup_adhoc_node (vap=0xc7651000,
     macaddr=0xc725ad3c "") at 
/usr/src/sys/net80211/ieee80211_node.c:1401
#11 0xc0b00573 in ieee80211_find_txnode (vap=0xc7651000,
     macaddr=0xc725ad3c "") at 
/usr/src/sys/net80211/ieee80211_node.c:1646
#12 0xc0b029fd in ieee80211_output (ifp=0xc70b8400, m=0xc725ad00,
     dst=0xed25bb60, ro=0x0) at 
/usr/src/sys/net80211/ieee80211_output.c:440
#13 0xc0abd01b in bpfwrite (dev=0xc6d79200, uio=0xed25bc28, ioflag=4)
     at /usr/src/sys/net/bpf.c:947
#14 0xc092872f in devfs_write_f (fp=0xc86c5310, uio=0xed25bc28,
     cred=0xcf4b8e00, flags=0, td=0xcf32d5c0)
     at /usr/src/sys/fs/devfs/devfs_vnops.c:1637
#15 0xc0a57e77 in dofilewrite (td=0xcf32d5c0, fd=4, fp=0xc86c5310,
     auio=0xed25bc28, offset=-1, flags=0) at file.h:262
#16 0xc0a58188 in kern_writev (td=0xcf32d5c0, fd=4, auio=0xed25bc28)
     at /usr/src/sys/kern/sys_generic.c:449
#17 0xc0a5820f in write (td=0xcf32d5c0, uap=0xed25bcec)
     at /usr/src/sys/kern/sys_generic.c:365
#18 0xc0a53a78 in syscallenter (td=0xcf32d5c0, sa=0xed25bce4)
     at /usr/src/sys/kern/subr_trap.c:344
#19 0xc0d43874 in syscall (frame=0xed25bd28)
     at /usr/src/sys/i386/i386/trap.c:1082
#20 0xc0d2d971 in Xint0x80_syscall ()
     at /usr/src/sys/i386/i386/exception.s:266
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)

More information about the freebsd-wireless mailing list