Re: crash when running kismet with urtw(4) device [FIXED]

[Benjamin Nadland]

This commit fixed the problem. Thanks!

| CVSROOT:  /cvs
| Module name:  src
| Changes by:   dam...@cvs.openbsd.org  2011/01/11 14:04:46
| 
| Modified files:
|   sys/dev/usb: if_urtw.c 
| 
| Log message:
| use ic-ic_ibss_chan instead of ic-ic_bss-ni_chan for Rx radiotap
| since the latter is not initialized in monitor mode.
| 
| should fix a panic reported by Benjamin Nadland with kismet.

On Tue, Jan 11, 2011 at 07:07:30PM +, Jacob Meuser wrote:
 On Tue, Jan 11, 2011 at 04:14:50PM +0100, Benjamin Nadland wrote:
   [...]
  (
   Additional entries:
   ksh, 4x getty, cron, apmd, polipo, tor, adsuck,
   srdis, aucat, inetd, 9x smtpd, sshd, 2x pflogd, 2x syslogd,
   aiodoned, update, cleaner, reaper, pagedaemon, crypto,
   pfpurge, usbtask, usbatsk, sdmmc0, intelrel, acpi0,
   idle1, syswq, idle0, kmthread, init, swapper
   
   Note: usbatsk (?!)
 
 why is that curious?  that is present in all machines with a USB bus
 in -current.

I was not sure if I mistyped usbtask and made this note to check the sources
as soon as the machine comes back up. This was not meant to be sent this via 
this report, I simply forgot to edit it out again. Sorry for that.

Re: crash when running kismet with urtw(4) device [FIXED]

[Damien Bergamini]

 I was not sure if I mistyped usbtask and made this note to check the sources
 as soon as the machine comes back up. This was not meant to be sent this via
 this report, I simply forgot to edit it out again. Sorry for that.

You did not mistype usbtask.  usbatsk stands for usb abort task.
Probably usbabrt would have been a better choice.
I too am not a big fan of this kind of puns in ps output.

Damien

crash when running kismet with urtw(4) device

[Benjamin Nadland]

If I run kismet this (handwritten transcript) happens:

# kismet
[some kismet initialization output]
Gathering packets...
[from now on text is white on blue]
uvm_fault(0xd0a26a60, 0xf000, 0, 1) - e
kernel: page fault trap, code=0
Stopped at  urtw_rxeof+0x215:  movzwl 0(%eax),%eax
ddb{0} trace
urtw_rxeof(d1e8a100,d204e038,0,a,d1e8a100) at urtw_rxeof+0x215
usb_transfer_complete(d1e8a100,d1e8a100,dcc10ef0,dcc10ef4,d1e52200) at 
usb_transfer_complete+0x22b
ehci_softintr(d1ef5800,282,0,0,d02021ae) at ehci_softintr+0x37
softintr_dispatch(1) at softintr_dispatch+0x4f
Xsoftnet() at Xsoftnet+0x17
--- interrupt ---
cpu_idle_cycle(d0ae34a0) at cpu_idle_cycle+0xf
Bad frame pointer: 0xd0b9ae48
ddb{0} ps
   PID   PPID  PGRP  UID  S  FLAGSWAIT  COMMAND
29416   31101  32050  3  0x280  select  kismet_server
311013205  3205  547  3  0x2004180  select  kismet_server
 3205   19753  32050  3  0x2004080  select  kismet
 [...]
(
 Additional entries:
 ksh, 4x getty, cron, apmd, polipo, tor, adsuck,
 srdis, aucat, inetd, 9x smtpd, sshd, 2x pflogd, 2x syslogd,
 aiodoned, update, cleaner, reaper, pagedaemon, crypto,
 pfpurge, usbtask, usbatsk, sdmmc0, intelrel, acpi0,
 idle1, syswq, idle0, kmthread, init, swapper
 
 Note: usbatsk (?!)
)
ddb{0} show panic
the kernel did not panic
ddb{0} machine ddbcpu 1
Stopped at  Debugger+0x4:  popl  %ebp
ddb{1} trace
Debugger(d1d66,1,dcc14f1c,1,d1d66034) at Debugger+0x4
i386_ipi_handler(0,d03e0058, d0a20010,10,dcc10010) at i386_ipi_handler+0x5f
Xintripi() at Xintripi+0x47
--- interrupt ---
cpu_idle_cycle(d1d66000) at cpu_idle_cycle+0xf
Bad frame pointer: 0xd0b9ae48
ddb{1} boot reboot
(machine completely hangs, does not react to any keypresses anymore)

After 2h still no reaction. (pulling battery and DC connector, to reboot)

Any ideas? Any other information needed?

dmesg:
OpenBSD 4.8-current (GENERIC.MP) #660: Tue Jan  4 23:47:59 MST 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE
real mem  = 1060163584 (1011MB)
avail mem = 1032712192 (984MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/09/08, SMBIOS rev. 2.4 @ 0xe8e70 (32 
entries)
bios0: vendor Acer version v0.3114 date 05/09/2008
bios0: Acer AOA150
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT HPET APIC MCFG ASF! SLIC BOOT
acpi0: wakeup devices P32_(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) ECHI(S3) 
EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) AZAL(S0) MODM(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P32_)
acpiprt2 at acpi0: bus 1 (EXP1)
acpiprt3 at acpi0: bus 2 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpiprt5 at acpi0: bus 3 (EXP4)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpibtn2 at acpi0: SLPB
acpibat0 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpivideo0 at acpi0: OVGA
acpivout0 at acpivideo0: CRT1
acpivout1 at acpivideo0: DTV1
acpivout2 at acpivideo0: DFP1
acpivout3 at acpivideo0: LCD_
acpivout4 at acpivideo0: DTV2
acpivout5 at acpivideo0: DFP2
bios0: ROM list: 0xc/0xec00! 0xcf000/0x1000
cpu0: Enhanced SpeedStep 1597 MHz: speeds: 1600, 1333, 1066, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82945GME Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82945GME Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0x4000, size 0x1000
inteldrm0 at vga1: apic 4 int 16 (irq 11)
drm0 at inteldrm0
Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: apic 4 int 
16 (irq 11)
azalia0: codecs: Realtek ALC268
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 4 int 16 
(irq 255)
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 4 int 17 
(irq 255)
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 Realtek 8101E rev 0x02: 

Re: crash when running kismet with urtw(4) device

[Pedro la Peu]

On Tuesday 11 January 2011 15:14:50 Benjamin Nadland wrote:
[...]
 +source=radiotap_bsd_ab,urtw0,radiotap_bsd_ab

Why radiotap_bsd_ab? urtw(4) is an 802.11b/g only device and does not 
support 802.11a operation. This still doesn't explain your crash as 
kismet_server should receive an error and bail.

Can you retest with the correct capture source (radiotap_bsd_b)?

Re: crash when running kismet with urtw(4) device

[Benjamin Nadland]

On Tue, Jan 11, 2011 at 03:46:46PM +, Pedro la Peu wrote:
 On Tuesday 11 January 2011 15:14:50 Benjamin Nadland wrote:
 [...]
  +source=radiotap_bsd_ab,urtw0,radiotap_bsd_ab
 
 Why radiotap_bsd_ab?

Probably mindless copying from an old config where I had a rum(4) device.

 urtw(4) is an 802.11b/g only device and does not 
 support 802.11a operation. This still doesn't explain your crash as 
 kismet_server should receive an error and bail.
 
 Can you retest with the correct capture source (radiotap_bsd_b)?

Just tested with radiotap_bsd_b and I get the same crash with the same traces.

Re: crash when running kismet with urtw(4) device

[Pedro la Peu]

On Tuesday 11 January 2011 16:29:07 Benjamin Nadland wrote:

 Just tested with radiotap_bsd_b and I get the same crash with the same
 traces. 

There is nothing that kismet_server does with the device that cannot be 
replicated with ifconfig(8) and tcpdump(8). If you can reproduce the 
crash with these it would aid debugging.

I don't have a urtw(4) unfortunately.

Re: crash when running kismet with urtw(4) device

[Jacob Meuser]

On Tue, Jan 11, 2011 at 04:14:50PM +0100, Benjamin Nadland wrote:
 If I run kismet this (handwritten transcript) happens:
 
 # kismet
 [some kismet initialization output]
 Gathering packets...
 [from now on text is white on blue]
 uvm_fault(0xd0a26a60, 0xf000, 0, 1) - e
 kernel: page fault trap, code=0
 Stopped at  urtw_rxeof+0x215:  movzwl 0(%eax),%eax
 ddb{0} trace
 urtw_rxeof(d1e8a100,d204e038,0,a,d1e8a100) at urtw_rxeof+0x215
 usb_transfer_complete(d1e8a100,d1e8a100,dcc10ef0,dcc10ef4,d1e52200) at 
 usb_transfer_complete+0x22b
 ehci_softintr(d1ef5800,282,0,0,d02021ae) at ehci_softintr+0x37
 softintr_dispatch(1) at softintr_dispatch+0x4f
 Xsoftnet() at Xsoftnet+0x17
 --- interrupt ---
 cpu_idle_cycle(d0ae34a0) at cpu_idle_cycle+0xf
 Bad frame pointer: 0xd0b9ae48
 ddb{0} ps
PID   PPID  PGRP  UID  S  FLAGSWAIT  COMMAND
 29416   31101  32050  3  0x280  select  kismet_server
 311013205  3205  547  3  0x2004180  select  kismet_server
  3205   19753  32050  3  0x2004080  select  kismet
  [...]
 (
  Additional entries:
  ksh, 4x getty, cron, apmd, polipo, tor, adsuck,
  srdis, aucat, inetd, 9x smtpd, sshd, 2x pflogd, 2x syslogd,
  aiodoned, update, cleaner, reaper, pagedaemon, crypto,
  pfpurge, usbtask, usbatsk, sdmmc0, intelrel, acpi0,
  idle1, syswq, idle0, kmthread, init, swapper
  
  Note: usbatsk (?!)

why is that curious?  that is present in all machines with a USB bus
in -current.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org