From: "Jesse Brandeburg" <[EMAIL PROTECTED]> Date: Mon, 27 Mar 2006 12:39:43 -0800
> The reports of this seem awful intermittent and on the surface it > seems like a stack bug. I need some help connecting the dots. That assertion would trigger if the driver caused a double-free of the SKB, or somehow otherwise modified the SKB from it's original form at transmit time. For example, if you were to move the page offset and length pointers around (to work around a hw bug or similar), it could break the accounting if not done correctly. There was a recent case of a use-after-free in the transmit path, if you remember, where -EFAULT was being returned from the ->hard_start_xmit() method of the e1000 driver instead of a proper NETDEV_TX_* value, which causes the caller to think the packet had not been freed, when in fact it was, so it would loop and try to resend the freed SKB. There may be other kinds of bugs lurking in the e1000 transmit path. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
