[openib-general] Re: [PATCH]Repost: IPoIB skb panic
Shirley Ma
mashirle at us.ibm.com
Fri Jun 2 08:25:13 PDT 2006
Roland,
More clarification: we saw two races here:
1. path_free() was called by both unicast_arp_send() and
ipoib_flush_paths() in the same time.
0xc0000004bff0a0d0 3 1 1 0 R 0xc0000004bff0a580
*ksoftirqd/0
SP(esp) PC(eip) Function(args)
0xc00000000f707c80 0xc0000000003199d0 .skb_release_data +0x7c
0xc00000000f707c80 0xc000000000319688 (lr) .kfree_skbmem +0x20
0xc00000000f707d10 0xc000000000319688 .kfree_skbmem +0x20
0xc00000000f707da0 0xc0000000003197fc .__kfree_skb +0x148
0xc00000000f707e50 0xc00000000031e2a8 .net_tx_action +0xa4
0xc00000000f707f00 0xc00000000006ab38 .__do_softirq +0xa8
0xc00000000f707f90 0xc0000000000177b0 .call_do_softirq +0x14
0xc0000000cff83d90 0xc000000000012064 .do_softirq +0x90
0xc0000000cff83e20 0xc00000000006b0fc .ksoftirqd +0xfc
0xc0000000cff83ed0 0xc000000000081d74 .kthread +0x17c
0xc0000000cff83f90 0xc000000000017d24 .kernel_thread +0x4c
KERNEL: assertion (!atomic_read(&skb->users)) failed at net/core/dev.c
2. during unicast arp skb retransmission, unicast_arp_send() appended
the skb on the list, while ipoib_flush_paths() calling path_free() to
free the same skb from the list.
<3>KERNEL: assertion (!atomic_read(&skb->users)) failed at
net/core/dev.c
(1742)
<4>Warning: kfree_skb passed an skb still on a list (from c00000000031e2a8).
<2>kernel BUG in __kfree_skb at net/core/skbuff.c:225! (sles9 sp3 kernel)
void __kfree_skb(struct sk_buff *skb)
{
if (skb->list) {
printk(KERN_WARNING "Warning: kfree_skb passed an skb still "
"on a list (from %p).\n", NET_CALLER(skb));
BUG();
}
The patch will fix both problems by using priv->lock to protect path->queue list. Am I right?
Thanks
Shirley Ma
IBM LTC
More information about the general
mailing list