On Fri, 2018-01-26 at 02:09 +0000, Li,Rongqing wrote: > > crash> bt 8683 > PID: 8683 TASK: ffff881faa088000 CPU: 10 COMMAND: "mynode" > #0 [ffff881fff145e78] crash_nmi_callback at ffffffff81031712 > #1 [ffff881fff145e88] nmi_handle at ffffffff816cafe9 > #2 [ffff881fff145ec8] do_nmi at ffffffff816cb0f0 > #3 [ffff881fff145ef0] end_repeat_nmi at ffffffff816ca4a1 > [exception RIP: _raw_spin_lock_irqsave+62] > RIP: ffffffff816c9a9e RSP: ffff881fa992b990 RFLAGS: 00000002 > RAX: 0000000000004358 RBX: ffff88207ffd7e80 RCX: 0000000000004358 > RDX: 0000000000004356 RSI: 0000000000000246 RDI: ffff88207ffd7ee8 > RBP: ffff881fa992b990 R8: 0000000000000000 R9: 00000000019a16e6 > R10: 0000000000004d24 R11: 0000000000004000 R12: 0000000000000242 > R13: 0000000000004d24 R14: 0000000000000001 R15: 0000000000000000 > ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 > --- <NMI exception stack> --- > #4 [ffff881fa992b990] _raw_spin_lock_irqsave at ffffffff816c9a9e > #5 [ffff881fa992b998] get_page_from_freelist at ffffffff8113ce5f > #6 [ffff881fa992ba70] __alloc_pages_nodemask at ffffffff8113d15f > #7 [ffff881fa992bba0] alloc_pages_current at ffffffff8117ab29 > #8 [ffff881fa992bbe8] sk_page_frag_refill at ffffffff815dd310 > #9 [ffff881fa992bc18] tcp_sendmsg at ffffffff8163e4f3 > #10 [ffff881fa992bcd8] inet_sendmsg at ffffffff81668434 > #11 [ffff881fa992bd08] sock_sendmsg at ffffffff815d9719 > #12 [ffff881fa992be58] SYSC_sendto at ffffffff815d9c81 > #13 [ffff881fa992bf70] sys_sendto at ffffffff815da6ae > #14 [ffff881fa992bf80] system_call_fastpath at ffffffff816d2189 >
Note that tcp_sendmsg() does not use sk->sk_frag, but the per task page. Unless something changes sk->sk_allocation, which a user application can not do. Are you using a pristine upstream kernel ?
