While fragmentation and unloading of 6lowpan module I got this kernel Oops after few seconds:
BUG: unable to handle kernel paging request at f88bbc30 IP: [<f88bbc30>] 0xf88bbc30 *pde = 371ee067 *pte = 00000000 Oops: 0000 [#1] SMP Modules linked in: ipv6 [last unloaded: 6lowpan] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.14.0-rc3-00831-g1f8ca2c-dirty #114 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 task: c0540870 ti: f700c000 task.ti: c0536000 EIP: 0060:[<f88bbc30>] EFLAGS: 00210286 CPU: 0 EIP is at 0xf88bbc30 EAX: f7096080 EBX: 00000100 ECX: 00000000 EDX: 00000000 ESI: f88bbc30 EDI: f700df8c EBP: f700df98 ESP: f700df60 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 CR0: 8005003b CR2: f88bbc30 CR3: 372cf000 CR4: 00000690 Stack: c012af4c 00000000 00000002 00000000 c012aef8 f7096080 f88bbc30 c0ac181c c0828200 00000000 c050ca53 c05d6340 f70960a0 f7096080 f700dfc4 c012b66b c05d6d70 c05d6b70 f700dfb0 f88bbc30 f71dadf8 f71dadf8 00000002 c053a204 Call Trace: [<c012af4c>] ? call_timer_fn+0x54/0xb3 [<c012aef8>] ? process_timeout+0xa/0xa [<c012b66b>] run_timer_softirq+0x140/0x15f [<c0126ec1>] __do_softirq+0xd5/0x1bc [<c0126dec>] ? tasklet_hi_action+0xa8/0xa8 <IRQ> [<c012714a>] ? irq_exit+0x39/0x82 [<c0119ef1>] ? smp_apic_timer_interrupt+0x25/0x2f [<c03e7e1f>] ? apic_timer_interrupt+0x2f/0x40 [<c014007b>] ? wake_up_new_task+0x5a/0x85 [<c010743c>] ? default_idle+0xa/0xc [<c01078d8>] ? arch_cpu_idle+0x12/0x1c [<c0152afc>] ? cpu_startup_entry+0xb2/0x114 [<c03ddd74>] ? rest_init+0x92/0x97 [<c05728d5>] ? start_kernel+0x2b7/0x2bc [<c05722af>] ? i386_start_kernel+0x79/0x7d It seems that the inet_frag_queue is deleted but the timer is running. This patch adds a for loop to iterate over all frag_queue entries in the frag_bucket and calling del_timer for each frag_queue entry while unloading the 6lowpan module. Signed-off-by: Alexander Aring <alex.ar...@gmail.com> Reported-by: Phoebe Buckheister <phoebe.buckheis...@itwm.fraunhofer.de> --- I am not sure about that I can do that in this simply way without hold any lock of the inet_frag_queue or inet_frag_bucket. Please help there. The kernel oops never occurs afterwards, but this isn't simple to test. I can't test all cases. net/ieee802154/reassembly.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/net/ieee802154/reassembly.c b/net/ieee802154/reassembly.c index 59db7b5..833b6ad 100644 --- a/net/ieee802154/reassembly.c +++ b/net/ieee802154/reassembly.c @@ -560,6 +560,18 @@ out: void lowpan_net_frag_exit(void) { + int i; + + for (i = 0; i < INETFRAGS_HASHSZ; i++) { + struct inet_frag_bucket *hb; + struct inet_frag_queue *q; + struct hlist_node *n; + + hb = &lowpan_frags.hash[i]; + hlist_for_each_entry_safe(q, n, &hb->chain, list) + del_timer(&q->timer); + } + inet_frags_fini(&lowpan_frags); lowpan_frags_sysctl_unregister(); unregister_pernet_subsys(&lowpan_frags_ops); -- 1.9.0 ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Linux-zigbee-devel mailing list Linux-zigbee-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-zigbee-devel