Bug 421 – Usage of Fragmentation causes panic

Bug 421 - Usage of Fragmentation causes panic

Summary:

Usage of Fragmentation causes panic

Status:	VERIFIED FIXED

Product:	IPW2200
Component:	Fragmentation
Version:	0.14
Platform:	All All

Importance:	P1 major
Assigned To:	James Ketrenos
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2004-11-25 08:16 by Aleksander Paliswiat
Modified:	2005-10-04 13:33 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Aleksander Paliswiat 2004-11-25 08:16:13

this is for 0.15
repro:
- load driver
- associate to a BSS network 
- iwconfig eth1 frag 256
- send ping of data size 500 (only example) from card to a station in 
Distribution System
--> Linux with card hangs on - cannot perform any action on system, hard 
restart required

------- Comment #1 From Salwan Searty 2004-12-02 16:57:57 -------

skput:over: d891b917:252 put:220 dev:<NULL>------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:91!
invalid operand: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in: ipw2200 ieee80211 ieee80211_crypt_wep ieee80211_crypt arc4 
firmware_class ipv6 autofs4 pcmcia_core sunrpc fan button batdCPU:    0
EIP:    0060:[<c037c138>]    Not tainted VLI
EFLAGS: 00010092   (2.6.9debug)
EIP is at skb_over_panic+0x38/0x50
eax: 0000002e   ebx: c0424de6   ecx: c0460298   edx: c0460298
esi: c0424de6   edi: cb105e28   ebp: c5c8fad4   esp: c5c8fab8
ds: 007b   es: 007b   ss: 0068
Process ping (pid: 17485, threadinfo=c5c8e000 task=c225aab0)
Stack: c0444fc0 d891b917 000000fc 000000dc c0424de6 c3edcf48 cb105e20 c5c8fb84
       d891bd90 c037c451 c3edc000 d7e6ef78 d7f12a40 c3edcf48 c5c8fb08 00000282
       00000800 00000002 d891b917 00000000 000000dc 00000000 d2d85a84 00000286
Call Trace:
 [<c010822a>] show_stack+0x7a/0x90
 [<c01083a9>] show_registers+0x149/0x1c0
 [<c0108625>] die+0x155/0x2e0
 [<c0108bd7>] do_invalid_op+0xd7/0x100
 [<c0107d45>] error_code+0x2d/0x38
 [<d891bd90>] ieee80211_xmit+0x6f0/0x9c0 [ieee80211]
 [<c03944ed>] qdisc_restart+0xbd/0x6f0
 [<c03832be>] dev_queue_xmit+0x26e/0x5e0
 [<c03a6ad8>] ip_finish_output+0xe8/0x250
 [<c03a8cd9>] ip_push_pending_frames+0x269/0x4a0
 [<c03c8177>] raw_sendmsg+0x4d7/0x4e0
 [<c03d1b57>] inet_sendmsg+0x47/0x60
 [<c037791c>] sock_sendmsg+0xac/0xe0
 [<c03794bf>] sys_sendmsg+0x13f/0x250
 [<c03799b4>] sys_socketcall+0x224/0x230
 [<c0107b49>] sysenter_past_esp+0x52/0x71
Code: c0 89 5d f8 8b 58 18 89 54 24 0c 85 db 0f 44 de 89 5c 24 10 8b 40 60 89 
4c 24 04 c7 04 24 c0 4f 44 c0 89 44 24 08 e8 78 65 da ff <0f>
 <0>Kernel panic - not syncing: Fatal exception in interrupt

------- Comment #2 From James Ketrenos 2004-12-03 14:16:22 -------

Fixed in 0.16

NOTE:  Fragmentation itself is currently broken (related to the bug dealing with
'Too many fragment' message) but it shouldn't panic anymore.

------- Comment #3 From Aleksander Paliswiat 2004-12-07 02:52:58 -------

verified on 0.16