From: Ben Greear <greearb@candelatech.com>
To: Salam Noureddine <noureddine@arista.com>
Cc: netdev <netdev@vger.kernel.org>
Subject: Re: Question on comment in dev_queue_xmit_nit
Date: Tue, 8 Feb 2022 16:13:07 -0800 [thread overview]
Message-ID: <69c0f515-0488-6a8b-be62-5ad0de045af7@candelatech.com> (raw)
In-Reply-To: <40bf4696-2c58-f5ba-e81f-46a2a5e7887a@candelatech.com>
On 2/8/22 3:51 PM, Ben Greear wrote:
> Hello Salam,
>
> After an 8 day torture test on a hacked 5.15.7+ kernel doing wifi testing, our system crashed
> in the dev_queue_xmit_nit method, evidently 'skb' is NULL.
>
> gdb claims it is the 'skb2 = skb_clone ...' line below. Now, this crash could
> be fault of my local patches or other random things, but the comment caught
> my attention. It is cloning once per loop as far as I can see, so why the comment
> about 'done only once' ?
>
> /* need to clone skb, done only once */
> skb2 = skb_clone(skb, GFP_ATOMIC);
> if (!skb2)
> goto out_unlock;
>
> Thanks,
> Ben
>
My question above stands, but I was looking at wrong stack frame for the actual
crash location. It is actually dying down in slub.c, so I guess it is some nasty
memory corruption and this crash site is probably not actually related to the cause...
(gdb) l *(dev_queue_xmit_nit+0xf4)
0xffffffff819bf4d4 is in dev_queue_xmit_nit (/home2/greearb/git/linux-5.15.dev.y/net/core/dev.c:2305).
2300 pt_prev = ptype;
2301 continue;
2302 }
2303
2304 /* need to clone skb, done only once */
2305 skb2 = skb_clone(skb, GFP_ATOMIC);
2306 if (!skb2)
2307 goto out_unlock;
2308
2309 net_timestamp_set(skb2);
(gdb) l *(skb_clone+0x47)
0xffffffff819a9ff7 is in skb_clone (/home2/greearb/git/linux-5.15.dev.y/net/core/skbuff.c:1521).
1516 refcount_set(&fclones->fclone_ref, 2);
1517 } else {
1518 if (skb_pfmemalloc(skb))
1519 gfp_mask |= __GFP_MEMALLOC;
1520
1521 n = kmem_cache_alloc(skbuff_head_cache, gfp_mask);
1522 if (!n)
1523 return NULL;
1524
1525 n->fclone = SKB_FCLONE_UNAVAILABLE;
(gdb) l *(kmem_cache_alloc+0x71)
0xffffffff8133b821 is in kmem_cache_alloc (/home2/greearb/git/linux-5.15.dev.y/mm/slub.c:352).
347 }
348
349 static inline void *get_freepointer(struct kmem_cache *s, void *object)
350 {
351 object = kasan_reset_tag(object);
352 return freelist_dereference(s, object + s->offset);
353 }
354
Thanks,
Ben
prev parent reply other threads:[~2022-02-09 0:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-08 23:51 Question on comment in dev_queue_xmit_nit Ben Greear
2022-02-09 0:13 ` Ben Greear [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69c0f515-0488-6a8b-be62-5ad0de045af7@candelatech.com \
--to=greearb@candelatech.com \
--cc=netdev@vger.kernel.org \
--cc=noureddine@arista.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.