[Open-FCoE] fcoe: BUG() in skb_gso_segment

Joe Eykholt jeykholt at cisco.com
Fri Apr 17 21:07:15 UTC 2009


FYI.  I just got a WARN and BUG in skb_gso_segment().
I'm testing FIP, so it might not happen in non-FIP configurations.

The WARN is just warn_slowpath() where skb_gso_segment() is being
called in a worker thread to start discovery.  I'm not sure what's
wrong with that.

The BUG is because the skb is shared in pskb_expand_head().
Note, we have a share count so it won't be freed on queue full.
Maybe we should do gso before queuing to avoid this?

I haven't totally figured this out yet, so if it's real obvious
to someone what is wrong here, let me know.  Maybe we're not zeroing
gso_size or something else we need to clear?  This is a small frame,
so we shouldn't need to segment.

Log follows.  This is in a very recent fcoe-features tree with Oplin NIC.
Note the stack trace isn't quite right, kernel has no frame pointers.

	Joe


fip: New FCF for fab 2001000dec309881 map efc01 val 0
fip: consider FCF for fab 2001000dec309881 VFID 0 map efc01 val 1
libfcoe: host8: FIP selected Fibre-Channel Forwarder MAC 00:0d:ec:6d:b2:c0
libfc: Assigned FID (710000) in FLOGI response
------------[ cut here ]------------
WARNING: at net/core/dev.c:1550 skb_gso_segment+0x105/0x27c()
Hardware name: X7DB8
ixgbe: caps=(0x114bb3, 0x0) len=88 data_len=0 ip_summed=0Modules linked in: sch_multiq fcoe libfcoe libfc ixgbe e1000e
ata_generic ata_piix
Pid: 5397, comm: fc_rport_eq Not tainted 2.6.29-feat #3
Call Trace:
 [<ffffffff802376f5>] warn_slowpath+0xb1/0xed
 [<ffffffff80394d45>] ? sprintf+0x40/0x42
 [<ffffffff803991c7>] ? __debug_check_no_obj_freed+0x68/0x1a3
 [<ffffffffa003eda0>] ? ixgbe_get_drvinfo+0xa8/0xed [ixgbe]
 [<ffffffff8051f285>] skb_gso_segment+0x105/0x27c
 [<ffffffff80257adc>] ? trace_hardirqs_on_caller+0xfa/0x138
 [<ffffffff8051f5e1>] dev_hard_start_xmit+0x1e5/0x29f
 [<ffffffff8051f457>] ? dev_hard_start_xmit+0x5b/0x29f
 [<ffffffff8052ea1a>] __qdisc_run+0xed/0x1fe
 [<ffffffff8051fa20>] dev_queue_xmit+0x273/0x3aa
 [<ffffffff8051f920>] ? dev_queue_xmit+0x173/0x3aa
 [<ffffffffa006a696>] fcoe_xmit+0x424/0x504 [fcoe]
 [<ffffffffa00538da>] ? fc_lport_rpn_id_resp+0x0/0x147 [libfc]
 [<ffffffffa0051312>] fc_exch_seq_send+0x157/0x23e [libfc]
 [<ffffffffa0052059>] fc_elsct_send+0x54c/0x55f [libfc]
 [<ffffffff80518722>] ? __alloc_skb+0x6f/0x143
 [<ffffffffa00538da>] ? fc_lport_rpn_id_resp+0x0/0x147 [libfc]
 [<ffffffffa00535e6>] fc_lport_enter_rpn_id+0xa8/0xc1 [libfc]
 [<ffffffffa0053691>] fc_lport_rport_callback+0x92/0x131 [libfc]
 [<ffffffffa0056260>] fc_rport_work+0x23e/0x2d7 [libfc]
 [<ffffffffa0056022>] ? fc_rport_work+0x0/0x2d7 [libfc]
 [<ffffffff80247622>] worker_thread+0x1ac/0x2b4
 [<ffffffff802475d0>] ? worker_thread+0x15a/0x2b4
 [<ffffffff8024b42c>] ? autoremove_wake_function+0x0/0x38
 [<ffffffff80257b27>] ? trace_hardirqs_on+0xd/0xf
 [<ffffffff80247476>] ? worker_thread+0x0/0x2b4
 [<ffffffff80247476>] ? worker_thread+0x0/0x2b4
 [<ffffffff8024b0b4>] kthread+0x49/0x76
 [<ffffffff8020bf7a>] child_rip+0xa/0x20
 [<ffffffff802344f2>] ? finish_task_switch+0x3b/0xe3
 [<ffffffff8020b97c>] ? restore_args+0x0/0x30
 [<ffffffff8024b06b>] ? kthread+0x0/0x76
 [<ffffffff8020bf70>] ? child_rip+0x0/0x20
---[ end trace 7e8d2ab7411a29bf ]---
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:798!
invalid opcode: 0000 [#1] SMP
last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
CPU 0
Modules linked in: sch_multiq fcoe libfcoe libfc ixgbe e1000e ata_generic ata_piix
Pid: 5397, comm: fc_rport_eq Tainted: G        W  2.6.29-feat #3 X7DB8
RIP: 0010:[<ffffffff80517bbe>]  [<ffffffff80517bbe>] pskb_expand_head+0x32/0x168
RSP: 0018:ffff8801318ffa10  EFLAGS: 00010202
RAX: 0000000000000001 RBX: ffff880126945818 RCX: 0000000000000080
RDX: 0000000000000000 RSI: 0000000000000020 RDI: ffff880126945818
RBP: ffff8801318ffa50 R08: 0000000000000082 R09: ffffffff8024e9d7
R10: 0000000000000082 R11: 0000000000000010 R12: 0000000000000000
R13: ffffffff8080f2e0 R14: ffff88013b9e0689 R15: 0000000000114bb3
FS:  0000000000000000(0000) GS:ffff880028054000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000619df8 CR3: 000000013ac3a000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process fc_rport_eq (pid: 5397, threadinfo ffff8801318fe000, task ffff88012754d100)
Stack:
 ffff00302d372e31 ffff8801318ffa84 0000000000114bb3 ffff880126945818
 ffff88013b9e0000 ffffffff8080f2e0 ffff88013b9e0689 0000000000114bb3
 ffff8801318ffb80 ffffffff8051f2b7 ffff880100000058 ffff880100000000
Call Trace:
 [<ffffffff8051f2b7>] skb_gso_segment+0x137/0x27c
 [<ffffffff80257adc>] ? trace_hardirqs_on_caller+0xfa/0x138
 [<ffffffff8051f5e1>] dev_hard_start_xmit+0x1e5/0x29f
 [<ffffffff8051f457>] ? dev_hard_start_xmit+0x5b/0x29f
 [<ffffffff8052ea1a>] __qdisc_run+0xed/0x1fe
 [<ffffffff8051fa20>] dev_queue_xmit+0x273/0x3aa
 [<ffffffff8051f920>] ? dev_queue_xmit+0x173/0x3aa
 [<ffffffffa006a696>] fcoe_xmit+0x424/0x504 [fcoe]
 [<ffffffffa00538da>] ? fc_lport_rpn_id_resp+0x0/0x147 [libfc]
 [<ffffffffa0051312>] fc_exch_seq_send+0x157/0x23e [libfc]
 [<ffffffffa0052059>] fc_elsct_send+0x54c/0x55f [libfc]
 [<ffffffff80518722>] ? __alloc_skb+0x6f/0x143
 [<ffffffffa00538da>] ? fc_lport_rpn_id_resp+0x0/0x147 [libfc]
 [<ffffffffa00535e6>] fc_lport_enter_rpn_id+0xa8/0xc1 [libfc]
 [<ffffffffa0053691>] fc_lport_rport_callback+0x92/0x131 [libfc]
 [<ffffffffa0056260>] fc_rport_work+0x23e/0x2d7 [libfc]
 [<ffffffffa0056022>] ? fc_rport_work+0x0/0x2d7 [libfc]
 [<ffffffff80247622>] worker_thread+0x1ac/0x2b4
 [<ffffffff802475d0>] ? worker_thread+0x15a/0x2b4
 [<ffffffff8024b42c>] ? autoremove_wake_function+0x0/0x38
 [<ffffffff80257b27>] ? trace_hardirqs_on+0xd/0xf
 [<ffffffff80247476>] ? worker_thread+0x0/0x2b4
 [<ffffffff80247476>] ? worker_thread+0x0/0x2b4
 [<ffffffff8024b0b4>] kthread+0x49/0x76
 [<ffffffff8020bf7a>] child_rip+0xa/0x20
 [<ffffffff802344f2>] ? finish_task_switch+0x3b/0xe3
 [<ffffffff8020b97c>] ? restore_args+0x0/0x30
 [<ffffffff8024b06b>] ? kthread+0x0/0x76
 [<ffffffff8020bf70>] ? child_rip+0x0/0x20
Code: 56 41 55 41 54 41 89 f4 89 ce 53 48 89 fb 48 83 ec 18 45 85 e4 8b 8f a4 00 00 00 79 04 0f 0b eb fe 8b 87 bc 00 00
00 ff c8 74 04 <0f> 0b eb fe 41 8d 04 0c 44 8d 7c 02 3f 41 83 e7 c0 4d 63 f7 49
RIP  [<ffffffff80517bbe>] pskb_expand_head+0x32/0x168
 RSP <ffff8801318ffa10>
---[ end trace 7e8d2ab7411a29c0 ]---



More information about the devel mailing list