Trying to send a copied skb crashes the kernel

[ahuguet at cttc.es]

Greetings,

I'm having issues when it comes to send with dev_queue_xmit a skb that is
the copy of another one. This causes a kernel crash.

At first, I thought it could be due to the disagreement between the
addresses specified in the skb packet, and the address of the machine
trying to send it. Even if I readjusted the MAC header, this did not solve
the issue.

Currently, and since I was able to workaround the issue with a non-elegant
way, my suspicions are that I either used a wrong function to copy the skb
(I did try pskb_copy and skb_copy, skb_clone doesn't work fine as the
structure is lost and then I'm unable to retreive information such as the
MAC header from the resulting skb) or that the copied skb is still bound
to some list (sk_buff_head), and since a skb can only be in one list at a
time, this causes the crash when trying to send the copied skb. I tried
unlinking the skb from the list I thought it could be in (local->rx_list)
but this failed too.

My workaround has been to allocate a new skb, and then copy to it the data
from the last_data_rx (that's the name of the resulting copied skb) and
then send this newly made skb, instead of the copy.
It's not a solution I'm comfortable using, but so far I've been unable to
find out how to solve the original problem. Even if I checked on
/var/log/kern.log the system seems unable to write there any output as to
help me find out what is missing as for the code to work as wanted.

I'd like to be able to properly make use of that copied skb (which
contains the data correctly) without the need of using that odd workaround
I'm now forced to. If you need more information as to be able to help
finding out what is missing, don't hesitate to ask, and I'll try to
provide it.

Thanks in advance.