Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #1731 (new defect)

Opened 14 years ago

Last modified 14 years ago

Paket injection causes system freeze on AMD64

Reported by: j_marc_olivieri@hotmail.com Assigned to:
Priority: major Milestone:
Component: madwifi: driver Version: trunk
Keywords: Cc:
Patch is attached: 0 Pending:

Description

Hi all, I successfully compiled and installed madwifi-ng-r3123. * Computer : AMD Opteron 64 bits * Distro : Debian 4.0 * Kernel : Linux version 2.6.23.12 (root@heisenberg) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP PREEMPT Mon Jan 7 23:56:24 CET 2008 * Compiled in 64 bits mode * Injection patch applied on kernel : ieee80211_inject-2.6.22.patch * aircrack-ng : 0.9.1

I did following : wlanconfig ath1 create wlandev wifi0 wlanmode monitor ifconfig ath1 up airodump-ng -w d1 ath1

In an another konsole aireplay-ng -3 -b XX:XX:XX:XX:XX -h 00:11:22:33:44:55 -r d0.cap ath1

d0.cap was pretty big : 305 MB aireplay-ng started and froze the computer after a few packets were injected (less than 200)

Attachments

dmesg.txt (22.6 kB) - added by j_marc_olivieri@hotmail.com on 01/11/08 18:37:54.
dmesg
config-2.6.23.12-2008-01-16-01-jmo (73.4 kB) - added by j_marc_olivieri@hotmail.com on 01/16/08 16:37:16.
kernel .config file
menu.lst (8.7 kB) - added by j_marc_olivieri@hotmail.com on 01/16/08 16:38:59.
grub file menu
capture.txt (30.1 kB) - added by j_marc_olivieri@hotmail.com on 01/16/08 16:41:10.
kernel log + oops

Change History

01/11/08 18:37:54 changed by j_marc_olivieri@hotmail.com

  • attachment dmesg.txt added.

dmesg

01/11/08 20:02:48 changed by j_marc_olivieri@hotmail.com

More details

* I put another computer close the first one and I saw that aireplay sent 25 packets

* The board is WPN311G

* Chipset is : 03:07.0 Ethernet controller: Atheros Communications, Inc. AR5212 802.11abg NIC (rev 01)

(in reply to: ↑ description ; follow-up: ↓ 3 ) 01/14/08 06:12:22 changed by mrenzmann

  • priority changed from critical to major.

Replying to j_marc_olivieri@hotmail.com:

* Injection patch applied on kernel : ieee80211_inject-2.6.22.patch

I wonder why you need to patch the kernel's softmac stack, as MadWifi does not use this stack.

aireplay-ng started and froze the computer after a few packets were injected (less than 200)

Can this entirely be reproduced?

(in reply to: ↑ 2 ; follow-up: ↓ 4 ) 01/14/08 09:43:23 changed by j_marc_olivieri@hotmail.com

Replying to mrenzmann:

Replying to j_marc_olivieri@hotmail.com:

* Injection patch applied on kernel : ieee80211_inject-2.6.22.patch

I wonder why you need to patch the kernel's softmac stack, as MadWifi does not use this stack.

I didn't know about that. But I tested as well an RT61 based board and they said to patch the kernel...

aireplay-ng started and froze the computer after a few packets were injected (less than 200)

Can this entirely be reproduced?

Yes you can. It has exactly the same behavior each I try to inject packets.

It causes a kernel panic but due to X I wasn't able to look at console after system's crash. Let me know if you need more information or if could help you and how

Regards

(in reply to: ↑ 3 ; follow-up: ↓ 5 ) 01/15/08 05:59:11 changed by mrenzmann

Replying to j_marc_olivieri@hotmail.com:

It causes a kernel panic but due to X I wasn't able to look at console after system's crash.

DevDocs/KernelOops explains various ways that allow you to grab the oops message in such situations.

(in reply to: ↑ 4 ) 01/16/08 16:35:57 changed by j_marc_olivieri@hotmail.com

* I first recompiled kernel in the way shown in DevDocs/KernelOops (cf attached file : config-2.6.23.12-2008-01-16-01-jmo)

* Then added following parameters to the kernel, using grub as boot loader : console=tty0 console=ttyS0,115200n8 (cf attached file : menu.lst)

* Ran a terminal (Hyperterminal on windoze)

* Booted-up again the computer and got oops message. Look at capture.txt

01/16/08 16:37:16 changed by j_marc_olivieri@hotmail.com

  • attachment config-2.6.23.12-2008-01-16-01-jmo added.

kernel .config file

01/16/08 16:38:59 changed by j_marc_olivieri@hotmail.com

  • attachment menu.lst added.

grub file menu

01/16/08 16:41:10 changed by j_marc_olivieri@hotmail.com

  • attachment capture.txt added.

kernel log + oops

01/16/08 17:27:54 changed by j_marc_olivieri@hotmail.com

What could I do next to help you ?

Regards

01/20/08 11:55:31 changed by anonymous

I had a similar problem and I think if a amd64 based chipset or cpu problem. I can inject deauth patckes with aireplay, but using the interactive packet injecting, once I choose the desired packet, It freezes (not the system, just only aircrack-ng)

I'm using last kernel, last madwifi, bt2, and the same atheros pci card that works in other sistem, with the same os and config.

01/23/08 23:27:16 changed by Xcoder

I have freezes or oops while injecting with r3233. As it is a headless i386 (Celeron) I was only able to log the oops: 

Jan 22 20:08:54 localhost kernel: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000006
Jan 22 20:08:54 localhost kernel:  printing eip:
Jan 22 20:08:54 localhost kernel: c022435f
Jan 22 20:08:54 localhost kernel: *pde = 00000000
Jan 22 20:08:54 localhost kernel: Oops: 0002 [#1]
Jan 22 20:08:54 localhost kernel: SMP 
Jan 22 20:08:54 localhost kernel: Modules linked in: ipt_MASQUERADE iptable_nat ip_nat ip_conntrack nfnetlink ip_tables x_tables ipv6 wlan_wep wlan_scan_sta wlan_scan_ap i8xx_tco dm_snapshot dm_mirror dm_mod sd_mod scsi_mod ide_generic ide_cd cdrom ath_rate_sample ath_pci wlan ath_hal pcmcia firmware_class i810_audio ac97_codec evdev parport_pc yenta_socket rsrc_nonstatic parport snd_intel8x0 pcmcia_core rtc snd_ac97_codec snd_ac97_bus psmouse snd_pcm snd_timer snd serio_raw soundcore shpchp pcspkr i2c_i801 pci_hotplug snd_page_alloc i2c_core intel_agp agpgart ext2 mbcache ide_disk piix e100 mii generic ide_core ehci_hcd uhci_hcd usbcore thermal processor fan
Jan 22 20:08:54 localhost kernel: CPU:    0
Jan 22 20:08:54 localhost kernel: EIP:    0060:[<c022435f>]    Tainted: P      VLI
Jan 22 20:08:54 localhost kernel: EFLAGS: 00010003   (2.6.18-5-686 #1) 
Jan 22 20:08:54 localhost kernel: EIP is at skb_dequeue+0x22/0x3f
Jan 22 20:08:54 localhost kernel: eax: 00000002   ebx: cf3bc860   ecx: cf2378c0   edx: 00000246
Jan 22 20:08:54 localhost kernel: esi: cd478080   edi: cf3bc86c   ebp: cf2d2580   esp: cd4d3ef0
Jan 22 20:08:54 localhost kernel: ds: 007b   es: 007b   ss: 0068
Jan 22 20:08:54 localhost kernel: Process aireplay-ng (pid: 2946, ti=cd4d2000 task=cf327000 task.ti=cd4d2000)
Jan 22 20:08:54 localhost kernel: Stack: cf3bc860 cf3bc800 cf2d25a8 c02250b6 cf3bc8d0 c02784e7 c022228f cf3bc800 
Jan 22 20:08:54 localhost kernel:        00000000 c022024e 00000000 00000000 cf2d2580 cf2d25a8 ce706324 c0220e47 
Jan 22 20:08:54 localhost kernel:        cf2d25a8 ceb87cc0 c022110f 00000008 c015ae1d cf22b5c0 ceb87cc0 cf3293c0 
Jan 22 20:08:54 localhost kernel: Call Trace:
Jan 22 20:08:54 localhost kernel:  [<c02250b6>] skb_queue_purge+0x11/0x17
Jan 22 20:08:54 localhost kernel:  [<c02784e7>] packet_release+0x144/0x160
Jan 22 20:08:54 localhost kernel:  [<c022228f>] release_sock+0xc/0x91
Jan 22 20:08:54 localhost kernel:  [<c022024e>] sock_fasync+0x105/0x111
Jan 22 20:08:54 localhost kernel:  [<c0220e47>] sock_release+0x11/0x86
Jan 22 20:08:54 localhost kernel:  [<c022110f>] sock_close+0x26/0x2a
Jan 22 20:08:54 localhost kernel:  [<c015ae1d>] __fput+0x8a/0x13f
Jan 22 20:08:54 localhost kernel:  [<c0158986>] filp_close+0x4e/0x54
Jan 22 20:08:54 localhost kernel:  [<c011ead3>] put_files_struct+0x65/0xa7
Jan 22 20:08:54 localhost kernel:  [<c011fa44>] do_exit+0x1d1/0x71b
Jan 22 20:08:54 localhost kernel:  [<c0120004>] sys_exit_group+0x0/0xd
Jan 22 20:08:54 localhost kernel:  [<c0102c11>] sysenter_past_esp+0x56/0x79
Jan 22 20:08:54 localhost kernel: Code: c6 05 00 89 d8 5b 5e 5f c3 57 56 8d 78 0c 53 89 c3 89 f8 e8 fc c5 05 00 8b 33 39 de 89 c2 75 04 31 f6 eb 17 8b 06 ff 4b 08 89 03 <89> 58 04 c7 06 00 00 00 00 c7 46 04 00 00 00 00 89 f8 e8 32 c6 
Jan 22 20:08:54 localhost kernel: EIP: [<c022435f>] skb_dequeue+0x22/0x3f SS:ESP 0068:cd4d3ef0
Jan 22 20:08:54 localhost kernel:  <1>Fixing recursive fault but reboot is needed!