Re: [OpenWrt-Tickets] [OpenWrt] #18913: ath9k monitor packet injection problem

Fri, 13 Feb 2015 08:58:51 -0800 

#18913: ath9k monitor packet injection problem
--------------------------+----------------------------
  Reporter:  mario_lopes  |      Owner:  developers
      Type:  defect       |     Status:  new
  Priority:  normal       |  Milestone:
 Component:  packages     |    Version:  Trunk
Resolution:               |   Keywords:  ath9k mac80211
--------------------------+----------------------------

Comment (by mario_lopes):

 Changing frame source MAC address at QoS Header (sort of MAC spoofing)
 results in following error:

 {{{
 [  304.350000] Unable to handle kernel NULL pointer dereference at virtual
 addr0
 [  304.360000] pgd = cf334000
 [  304.360000] [000000f0] *pgd=2e904831, *pte=00000000, *ppte=00000000
 [  304.360000] Internal error: Oops: 17 [#1] SMP ARM
 [  304.360000] Modules linked in: ath9k ath9k_common pppoe ppp_async
 iptable_nar
 [  304.360000] CPU: 0 PID: 1287 Comm: MyFrameInjector Not tainted 3.10.49
 #11
 [  304.360000] task: cf8b8320 ti: ce902000 task.ti: ce902000
 [  304.360000] PC is at ieee80211_nullfunc_get+0x1794/0x1940 [mac80211]
 [  304.360000] LR is at ieee80211_nullfunc_get+0x173c/0x1940 [mac80211]
 [  304.360000] pc : [<bf1e2f84>]    lr : [<bf1e2f2c>]    psr: 60000013
 [  304.360000] sp : ce903b70  ip : ce903b70  fp : ce903bbc
 [  304.360000] r10: ce903bd0  r9 : 00000000  r8 : 00000002
 [  304.360000] r7 : cfa34e10  r6 : cfa34b00  r5 : ce89d2e0  r4 : ce903bd0
 [  304.360000] r3 : 00000088  r2 : 00000000  r1 : 00000000  r0 : 00000000
 [  304.360000] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM
 Segment user
 [  304.360000] Control: 00c5787d  Table: 2f33400a  DAC: 00000015
 [  304.360000] Process MyFrameInjector (pid: 1287, stack limit =
 0xce9021b8)
 [  304.360000] Stack: (0xce903b70 to 0xce904000)
 [  304.360000] 3b60:                                     cf20016c ce9b8b68
 00000
 [  304.360000] 3b80: 00000000 00000088 00000000 00000000 00000001 ce89d2e0
 00002
 [  304.360000] 3ba0: 00000022 00000001 cfa34b00 00000000 ce903c24 ce903bc0
 bf1ec
 [  304.360000] 3bc0: 00000000 00000020 ce89d2e0 00000000 ce903bd0 ce903bd0
 00000
 [  304.360000] 3be0: cfa34b00 ce9b8400 00000000 00000000 00000a00 00000002
 00000
 [  304.360000] 3c00: ce9b8400 cfa34b00 00000001 00000844 00000840 00000842
 ce908
 [  304.360000] 3c20: bf1e435c bf1e3708 00000000 bf19f7fc ce89d2e0 cfa35570
 cfa30
 [  304.360000] 3c40: ce903cbc ce903c50 bf1e4694 bf1e427c 00000000 cfa34b00
 cfa30
 [  304.360000] 3c60: bf1a3db4 ce1a4c5b 00000000 ce1a4c58 ce1a4c5a 0000000b
 00001
 [  304.360000] 3c80: 0000000b 0000001f 00000000 00000000 ce903cbc 00000000
 ce890
 [  304.360000] 3ca0: ce9b8000 bf209978 00000000 00000000 ce903cfc ce903cc0
 c0230
 [  304.360000] 3cc0: ce9b8000 ce9b8000 00006000 00000000 0000002d ce883180
 cea1c
 [  304.360000] 3ce0: ce9b8000 ce89d2e0 00000000 00000000 ce903d24 ce903d00
 c0248
 [  304.360000] 3d00: ce89d2e0 ce883180 ce9b8000 cea1705c cea17000 00000000
 ce908
 [  304.360000] 3d20: c0239ba8 c024fec8 cea1705c 0024b000 ce903ec4 00000000
 c0040
 [  304.360000] 3d40: ce9b8000 0000002d 00000000 0000002d 00000000 ce1a4c5e
 ce908
 [  304.360000] 3d60: c02b2518 c0239978 0000002d cf8b8320 c05fe3a0 c05fe3a0
 c03b0
 [  304.360000] 3d80: c03b33a0 00000000 ce903ecc cf4e9840 00000300 00000050
 00000
 [  304.360000] 3da0: 00000000 00000000 00000000 cf930000 00000000 00000000
 00000
 [  304.360000] 3dc0: ce903ddc cf4e9840 0000002d ce903ecc cf8b8320 ce903df0
 00000
 [  304.360000] 3de0: ce903eb4 ce903df0 c0223108 c02b19b0 00000001 00000004
 ce90d
 [  304.360000] 3e00: cf4e9840 ce903e10 00000000 ce903ecc 00000004 00000000
 ce900
 [  304.360000] 3e20: ce86cc00 00000002 cf93c000 cf162a70 00000001 00000000
 00000
 [  304.360000] 3e40: 00000000 cf8b8320 00000000 00000000 00000000 00000000
 ce900
 [  304.360000] 3e60: 00000000 00000000 00000000 00000000 00000000 00000000
 00000
 [  304.360000] 3e80: 00000000 00000000 00000000 00000000 cf4e9840 0000002d
 00000
 [  304.360000] 3ea0: beae63e8 00000000 ce903f8c ce903eb8 c02256c8 c0223094
 c0047
 [  304.360000] 3ec0: 00000000 beae63e8 0000002d 00000000 00000000 ce903ec4
 00000
 [  304.360000] 3ee0: 00000000 00000000 c016b958 c0011344 00000001 00000000
 ce9e1
 [  304.360000] 3f00: cf55dd20 00000002 cea14b20 00000000 00000000 00000000
 c0040
 [  304.360000] 3f20: 0000002f cf55dd20 00000002 00000000 ce9e8848 00000000
 ce908
 [  304.360000] 3f40: c00a7538 c00dbd64 00000000 00000000 00000000 00000000
 ce9e0
 [  304.360000] 3f60: 0000002f b6fa2674 00000007 00d5b008 beae6c90 00000121
 c0000
 [  304.360000] 3f80: ce903fa4 ce903f90 c022570c c0225618 00000000 00000000
 00008
 [  304.360000] 3fa0: c0008e20 c02256f8 00000007 00d5b008 00000005 beae63e8
 00000
 [  304.360000] 3fc0: 00000007 00d5b008 beae6c90 00000121 00000000 00000000
 b6fbc
 [  304.360000] 3fe0: 00000000 beae5ff8 b6f114dc b6f8217c 60000010 00000005
 00000
 [  304.360000] Backtrace:
 [  304.360000] [<bf1e2d00>] (ieee80211_nullfunc_get+0x1510/0x1940
 [mac80211]) f)
 [  304.360000] [<bf1e36fc>] (ieee80211_tx_prepare_skb+0x94/0x16c
 [mac80211]) fr)
 [  304.360000] [<bf1e4270>] (ieee80211_xmit+0x0/0xf4 [mac80211]) from
 [<bf1e469)
 [  304.360000]  r7:ce9b8400 r6:cfa34140 r5:cfa35570 r4:ce89d2e0
 [  304.360000] [<bf1e4364>] (ieee80211_monitor_start_xmit+0x0/0x35c
 [mac80211]))
 [  304.360000] [<c02394ec>] (dev_hard_start_xmit+0x0/0x480) from
 [<c024ff48>] ()
 [  304.360000] [<c024febc>] (sch_direct_xmit+0x0/0x208) from [<c0239ba8>]
 (dev_)
 [  304.360000]  r9:00000000 r8:cea17000 r7:cea1705c r6:ce9b8000
 r5:ce883180
 r4:ce89d2e0
 [  304.360000] [<c023996c>] (dev_queue_xmit+0x0/0x524) from [<c02b2518>]
 (packe)
 [  304.360000] [<c02b19a4>] (packet_sendmsg+0x0/0xcbc) from [<c0223108>]
 (sock_)
 [  304.360000] [<c0223088>] (sock_sendmsg+0x0/0x94) from [<c02256c8>]
 (SyS_send)
 [  304.360000]  r9:00000000 r8:beae63e8 r7:00000000 r6:00000000
 r5:0000002d
 r4:cf4e9840
 [  304.360000] [<c022560c>] (SyS_sendto+0x0/0xe0) from [<c022570c>]
 (SyS_send+0)
 [  304.360000]  r9:ce902000 r8:c0008fa4 r7:00000121 r6:beae6c90
 r5:00d5b008
 r4:00000007
 [  304.360000] [<c02256ec>] (SyS_send+0x0/0x28) from [<c0008e20>]
 (ret_fast_sys)
 [  304.360000] Code: 1595305c 051b203c 1203300f 12833014 (059270f0)
 [  304.950000] ---[ end trace 8af7d3c3c496bf58 ]---
 [  304.960000] Kernel panic - not syncing: Fatal exception in interrupt
 [  304.960000] CPU1: stopping
 [  304.960000] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G      D
 3.10.49 #11
 [  304.960000] Backtrace:
 [  304.960000] [<c0019e24>] (dump_backtrace+0x0/0x114) from [<c001a040>]
 (show_)
 [  304.960000]  r6:c03b2b44 r5:c03b72c8 r4:00000001 r3:00000000
 [  304.960000] [<c001a028>] (show_stack+0x0/0x1c) from [<c0137e54>]
 (dump_stack)
 [  304.960000] [<c0137e34>] (dump_stack+0x0/0x28) from [<c001bdbc>]
 (handle_IPI)
 [  304.960000] [<c001bcec>] (handle_IPI+0x0/0x154) from [<c00084f4>]
 (gic_handl)
 [  304.960000]  r8:c03b9a06 r7:fb004100 r6:cf865f70 r5:c03b73f0
 r4:fb00410c
 r3:c0017584
 [  304.960000] [<c0008498>] (gic_handle_irq+0x0/0x64) from [<c0008aa0>]
 (__irq_)
 [  304.960000] Exception stack(0xcf865f70 to 0xcf865fb8)
 [  304.960000] 5f60:                                     c0605760 00000000
 00020
 [  304.960000] 5f80: cf864000 c03b70d0 c0325fe0 cf864000 c03b9a06 c03b9a06
 cf864
 [  304.960000] 5fa0: cf865fc8 cf865fb8 c0017584 c0017588 60000013 ffffffff
 [  304.960000]  r7:cf865fa4 r6:ffffffff r5:60000013 r4:c0017588
 [  304.960000] [<c001755c>] (arch_cpu_idle+0x0/0x34) from [<c0056284>]
 (cpu_sta)
 [  304.960000] [<c00561b4>] (cpu_startup_entry+0x0/0x130) from
 [<c03a52c4>] (se)
 [  304.960000]  r7:c03f7270 r3:00000000
 [  304.960000] [<c03a51b4>] (secondary_start_kernel+0x0/0x130) from
 [<203a4a00>)
 [  304.960000] Rebooting in 3 seconds..
 }}}

--
Ticket URL: <https://dev.openwrt.org/ticket/18913#comment:3>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets

Reply via email to