On Thu, Jan 25, 2018 at 7:14 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Fri, 2018-01-26 at 02:09 +0000, Li,Rongqing wrote: > >> >> crash> bt 8683 >> PID: 8683 TASK: ffff881faa088000 CPU: 10 COMMAND: "mynode" >> #0 [ffff881fff145e78] crash_nmi_callback at ffffffff81031712 >> #1 [ffff881fff145e88] nmi_handle at ffffffff816cafe9 >> #2 [ffff881fff145ec8] do_nmi at ffffffff816cb0f0 >> #3 [ffff881fff145ef0] end_repeat_nmi at ffffffff816ca4a1 >> [exception RIP: _raw_spin_lock_irqsave+62] >> RIP: ffffffff816c9a9e RSP: ffff881fa992b990 RFLAGS: 00000002 >> RAX: 0000000000004358 RBX: ffff88207ffd7e80 RCX: 0000000000004358 >> RDX: 0000000000004356 RSI: 0000000000000246 RDI: ffff88207ffd7ee8 >> RBP: ffff881fa992b990 R8: 0000000000000000 R9: 00000000019a16e6 >> R10: 0000000000004d24 R11: 0000000000004000 R12: 0000000000000242 >> R13: 0000000000004d24 R14: 0000000000000001 R15: 0000000000000000 >> ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 >> --- <NMI exception stack> --- >> #4 [ffff881fa992b990] _raw_spin_lock_irqsave at ffffffff816c9a9e >> #5 [ffff881fa992b998] get_page_from_freelist at ffffffff8113ce5f >> #6 [ffff881fa992ba70] __alloc_pages_nodemask at ffffffff8113d15f >> #7 [ffff881fa992bba0] alloc_pages_current at ffffffff8117ab29 >> #8 [ffff881fa992bbe8] sk_page_frag_refill at ffffffff815dd310 >> #9 [ffff881fa992bc18] tcp_sendmsg at ffffffff8163e4f3 >> #10 [ffff881fa992bcd8] inet_sendmsg at ffffffff81668434 >> #11 [ffff881fa992bd08] sock_sendmsg at ffffffff815d9719 >> #12 [ffff881fa992be58] SYSC_sendto at ffffffff815d9c81 >> #13 [ffff881fa992bf70] sys_sendto at ffffffff815da6ae >> #14 [ffff881fa992bf80] system_call_fastpath at ffffffff816d2189 >> > > Note that tcp_sendmsg() does not use sk->sk_frag, but the per task > page. > > Unless something changes sk->sk_allocation, which a user application > can not do. >
Some kernel TCP socket uses atomic allocation, e.g., o2net_open_listening_sock().
