8086:4223 IPW2200 kernel panic when using NetworkManager with RTAP

Bug #657337 reported by Matthieu CERDA
26
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Linux
New
Undecided
Unassigned
linux (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

When unloading the ipw2200 module, then reloading it with option rtap_iface=1, and activating rtap with ifconfig rtap0 up, NetworkManager tries to reconnect to the wireless router. The kernel panics.

Walkthrough :
- modprobe -r ipw2200
- modprobe ipw2200 rtap_iface=1
- ifconfig rtap0 up
- wait
- Oops ...

The PC is an alienware Aurora m9700, the ipw card is an Intel PW ABG 2915, and the router a Livebox pro (Inventel DWB-200)
Connexion is made via WPA-PSK/TKIP

Security concern as it could lead to a DoS via voluntary kernel crash.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: linux-image-2.6.32-25-generic 2.6.32-25.44
Regression: Yes
Reproducible: Yes
ProcVersionSignature: Ubuntu 2.6.32-25.44-generic 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic x86_64
NonfreeKernelModules: nvidia
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.21.
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: kegeruneku 1635 F.... pulseaudio
CRDA: Error: [Errno 2] Aucun fichier ou dossier de ce type
Card0.Amixer.info:
 Card hw:0 'CK804'/'NVidia CK804 with AD1986 at irq 22'
   Mixer name : 'Analog Devices AD1986'
   Components : 'AC97a:41445378'
   Controls : 50
   Simple ctrls : 35
Date: Sat Oct 9 16:10:03 2010
HibernationDevice: RESUME=UUID=19f68b00-030d-4ca9-a819-31a2133806e1
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100406.1)
Lsusb:
 Bus 002 Device 004: ID 046d:c01f Logitech, Inc.
 Bus 002 Device 003: ID 0603:00f2 Novatek Microelectronics Corp.
 Bus 002 Device 002: ID 0a5c:2101 Broadcom Corp. Bluetooth Controller
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: alienware Aurora m9700
ProcCmdLine: BOOT_IMAGE=/vmlinuz-2.6.32-25-generic root=UUID=d4eaf12a-ea01-4e41-ae75-383be32b720d ro
ProcEnviron:
 PATH=(custom, user)
 LANG=fr_FR.utf8
 SHELL=/bin/zsh
RelatedPackageVersions: linux-firmware 1.34.1
RfKill:
 0: hci0: Bluetooth
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
dmi.bios.date: 01/25/2007
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: W830D318
dmi.board.asset.tag: W830DA AB040
dmi.board.name: Aurora m9700
dmi.board.vendor: alienware
dmi.board.version: AB040
dmi.chassis.asset.tag: W830DA AB040
dmi.chassis.type: 10
dmi.chassis.vendor: alienware
dmi.chassis.version: AB040
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrW830D318:bd01/25/2007:svnalienware:pnAuroram9700:pvrAB040:rvnalienware:rnAuroram9700:rvrAB040:cvnalienware:ct10:cvrAB040:
dmi.product.name: Aurora m9700
dmi.product.version: AB040
dmi.sys.vendor: alienware

Revision history for this message
Matthieu CERDA (matthieu-cerda) wrote :
security vulnerability: yes → no
visibility: private → public
Revision history for this message
Ivan Giuliani (giuliani.v) wrote :

This happened to me on 10.10 (kernel Linux becks 2.6.35-22-generic #35-Ubuntu SMP Sat Oct 16 20:36:48 UTC 2010 i686 GNU/Linux). The steps to reproduce are the following:

- rmmod ipw2200
- modprobe ipw2200 rtap_iface=1
- ifconfig rtap0 up

At this point everything seems to work like it should (you can even start wireshark to catch packets on rtap0), but a kernel panic occurs as soon as you try to use the real interface (i.e.: ping google.com).
I have been able to catch the oops log through netconsole.

Changed in linux (Ubuntu):
status: New → Confirmed
description: updated
Revision history for this message
Ivan Giuliani (giuliani.v) wrote :

Bug still present in 2.6.35-23-generic #41

Revision history for this message
penalvch (penalvch) wrote :

Matthieu CERDA, thank you for reporting this and helping make Ubuntu better. This bug was reported a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue? If so, could you please capture the oops following https://wiki.ubuntu.com/KernelTeam/KernelTeamBugPolicies#Capturing_OOPs ? As well, can you try with the latest development release of Ubuntu? ISO CD images are available from http://cdimage.ubuntu.com/releases/ .

If it remains an issue, could you run the following command in the development release from a Terminal (Applications->Accessories->Terminal). It will automatically gather and attach updated debug information to this report.

apport-collect -p linux <replace-with-bug-number>

Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Once you've tested the upstream kernel, please remove the 'needs-upstream-testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs-upstream-testing' text. Please let us know your results.

Thanks in advance.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Vittorio Gambaletta (VittGam) (vittgam) wrote :

I've just reported this bug on the Kernel Bugzilla, since the ipw2200 driver is in mainline, and the bug still occurs with recent kernel versions (3.0.0-16-generic).
I've now found this bug on launchpad by googling, so I'm posting here too, hoping this will be useful to other Intel 2200/2945 wifi card users like me.
https://bugzilla.kernel.org/show_bug.cgi?id=43255

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Changed in linux:
importance: Unknown → Medium
status: Unknown → Confirmed
Revision history for this message
penalvch (penalvch) wrote :

VittGam, please execute the following via the Terminal and feel free to subscribe me to it:
ubuntu-bug linux

Thanks!

summary: - IPW2200 kernel panic when using NetworkManager with RTAP
+ 8086:4223 IPW2200 kernel panic when using NetworkManager with RTAP
Changed in linux (Ubuntu):
status: Confirmed → Incomplete
Changed in linux:
importance: Medium → Undecided
status: Confirmed → New
Revision history for this message
Vittorio Gambaletta (VittGam) (vittgam) wrote :

@Christopher: I just did that! https://bugs.launchpad.net/linux/+bug/1000567
Thanks for your help.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.