From: Frederik Deweerdt <deweerdt@free.fr>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, alan@lxorguk.ukuu.org.uk
Subject: [-mm patch] oops in drivers/net/shaper.c
Date: Sat, 20 Jan 2007 22:38:16 +0000 [thread overview]
Message-ID: <20070120223816.GB9017@slug> (raw)
In-Reply-To: <20070111222627.66bb75ab.akpm@osdl.org>
Hi,
The following code:
[...]
s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
socket_address.sll_family = PF_PACKET;
socket_address.sll_protocol = htons(ETH_P_IP);
/*
* this happens to be shaper0 on my system
*/
=> socket_address.sll_ifindex = 2;
socket_address.sll_hatype = ARPHRD_ETHER;
socket_address.sll_pkttype = PACKET_OTHERHOST;
socket_address.sll_halen = ETH_ALEN;
socket_address.sll_addr[0] = 0x00;
socket_address.sll_addr[1] = 0x04;
socket_address.sll_addr[2] = 0x75;
socket_address.sll_addr[3] = 0xC8;
socket_address.sll_addr[4] = 0x28;
socket_address.sll_addr[5] = 0xE5;
socket_address.sll_addr[6] = 0x00;
socket_address.sll_addr[7] = 0x00;
memcpy((void *) buffer, (void *) dest_mac, ETH_ALEN);
memcpy((void *) (buffer + ETH_ALEN), (void *) src_mac, ETH_ALEN);
eh->h_proto = 0x00;
for (j = 0; j < 1500; j++) {
data[j] =
(unsigned
char) ((int) (255.0 * rand() / (RAND_MAX + 1.0)));
}
/*
* Oopses here
*/
=> send_result = sendto(s, buffer, 1499, 0,
(struct sockaddr *) &socket_address,
sizeof(socket_address));
[...]
Causes the following oops:
[ 66.355049] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 66.355053] printing eip:
[ 66.355055] 00000000
[ 66.355056] *pde = 00000000
[ 66.355059] Oops: 0000 [#1]
[ 66.355061] PREEMPT SMP DEBUG_PAGEALLOC
[ 66.355065] last sysfs file: /devices/pci0000:00/0000:00:1e.2/modalias
[ 66.355069] Modules linked in: snd_pcm_oss snd_mixer_oss snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device af_packet ohci_hcd fuse cpufreq_stats cpufreq_powersave cpufreq_ondemand cpufreq_conservative speedstep_centrino freq_table processor ac battery i915 drm usb_storage parport_pc parport sr_mod serio_raw yenta_socket rsrc_nonstatic pcmcia_core ipw2200 tg3 snd_intel8x0 snd_ac97_codec pcspkr ac97_bus snd_pcm ehci_hcd snd_timer snd soundcore snd_page_alloc uhci_hcd usbcore shpchp pci_hotplug joydev evdev tsdev
[ 66.355115] CPU: 0
[ 66.355116] EIP: 0060:[<00000000>] Not tainted VLI
[ 66.355117] EFLAGS: 00210282 (2.6.20-rc4-mm1-def01 #2)
[ 66.355122] EIP is at 0x0
[ 66.355124] eax: f6a1f480 ebx: f705a500 ecx: 00000800 edx: 00000000
[ 66.355128] esi: f6a1f480 edi: 00000800 ebp: f6261d90 esp: f6261d70
[ 66.355131] ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
[ 66.355134] Process aze (pid: 11005, ti=f6260000 task=f62d08b0 task.ti=f6260000)
[ 66.355136] Stack: c0294465 f6261ec0 00000000 000005db f705a000 f6261f34 f6316380 f705a000
[ 66.355145] f6261dc4 f8adaf03 f6261ec0 00000000 000005db f6b1b400 f6a1f480 00080e38
[ 66.355153] f6261ec0 ffffffea f8adc1e0 000005db f6316380 f6261eac c030e1c5 000005db
[ 66.355161] Call Trace:
[ 66.355163] [<c0105265>] show_trace_log_lvl+0x1a/0x30
[ 66.355171] [<c0105324>] show_stack_log_lvl+0xa9/0xd5
[ 66.355176] [<c0105549>] show_registers+0x1f9/0x362
[ 66.355180] [<c01057de>] die+0x12c/0x261
[ 66.355184] [<c039864f>] do_page_fault+0x2ef/0x5d0
[ 66.355188] [<c0396c74>] error_code+0x7c/0x84
[ 66.355192] [<f8adaf03>] packet_sendmsg+0x147/0x201 [af_packet]
[ 66.355199] [<c030e1c5>] sock_sendmsg+0xf9/0x116
[ 66.355204] [<c030eb54>] sys_sendto+0xbf/0xe0
[ 66.355208] [<c030f494>] sys_socketcall+0x1aa/0x277
[ 66.355212] [<c01041ea>] sysenter_past_esp+0x5f/0x99
[ 66.355216] =======================
[ 66.355218] Code: Bad EIP value.
[ 66.355223] EIP: [<00000000>] 0x0 SS:ESP 0068:f6261d70
shaper_header() should check for shaper->dev not being NULL (ie. the
shaper was actually attached) as in the following patch.
This happens in mainline too (tested 2.6.19.2).
Regards,
Frederik
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@gmail.com>
diff --git a/drivers/net/shaper.c b/drivers/net/shaper.c
index e886e8d..40e9e27 100644
--- a/drivers/net/shaper.c
+++ b/drivers/net/shaper.c
@@ -340,6 +340,10 @@ static int shaper_header(struct sk_buff *skb, struct net_device *dev,
{
struct shaper *sh=dev->priv;
int v;
+
+ if(sh->dev==NULL)
+ return -ENODEV;
+
if(sh_debug)
printk("Shaper header\n");
skb->dev=sh->dev;
next prev parent reply other threads:[~2007-01-20 22:40 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-12 6:26 2.6.20-rc4-mm1 Andrew Morton
2007-01-12 10:20 ` Early ACPI lockup (was Re: 2.6.20-rc4-mm1) Frederik Deweerdt
2007-01-12 22:53 ` Len Brown
2007-01-12 23:10 ` Frederik Deweerdt
2007-01-12 23:36 ` Jiri Slaby
2007-01-13 0:08 ` Michal Piotrowski
2007-01-13 0:45 ` Frederik Deweerdt
2007-01-13 0:43 ` Jiri Slaby
2007-01-12 10:25 ` 2.6.20-rc4-mm1 Mariusz Kozlowski
2007-01-12 13:18 ` 2.6.20-rc4-mm1 Frederik Deweerdt
2007-01-12 15:13 ` 2.6.20-rc4-mm1 Mariusz Kozlowski
2007-01-12 15:16 ` 2.6.20-rc4-mm1 Michal Piotrowski
2007-01-12 16:12 ` 2.6.20-rc4-mm1 Mariusz Kozlowski
2007-01-12 10:52 ` 'struct task_struct' has no member named 'mems_allowed' (was: Re: 2.6.20-rc4-mm1) Sander
2007-01-12 11:28 ` Paul Jackson
2007-01-12 19:25 ` Christoph Lameter
2007-01-12 21:20 ` Paul Jackson
2007-01-12 21:28 ` Christoph Lameter
2007-01-12 21:58 ` Paul Jackson
2007-01-12 22:00 ` Christoph Lameter
2007-01-12 22:10 ` Paul Jackson
2007-01-12 22:11 ` Andrew Morton
2007-01-12 11:55 ` spurious sparse warnings from linux/aio.h (was: 2.6.20-rc4-mm1) Tilman Schmidt
2007-01-12 13:11 ` Suparna Bhattacharya
2007-01-12 17:46 ` spurious sparse warnings from linux/aio.h Tilman Schmidt
2007-01-12 13:33 ` [-mm patch] remove tcp header from tcp_v4_check Frederik Deweerdt
2007-01-12 13:55 ` [-mm patch] remove tcp header from tcp_v4_check (take #2) Frederik Deweerdt
2007-02-05 0:44 ` David Miller
2007-01-13 7:27 ` 2.6.20-rc4-mm1: status of sn9c102_pas202bca? Adrian Bunk
2007-01-15 11:34 ` Mauro Carvalho Chehab
2007-01-13 9:56 ` [-mm patch] make mmc_sysfs.c:mmc_key_type static Adrian Bunk
2007-01-13 22:38 ` Pierre Ossman
2007-01-13 9:56 ` [Cluster-devel] [-mm patch] make gfs2_change_nlink_i() static Adrian Bunk
2007-01-13 9:56 ` Adrian Bunk
2007-01-15 10:31 ` [Cluster-devel] " Steven Whitehouse
2007-01-15 10:31 ` Steven Whitehouse
2007-01-16 21:04 ` [Cluster-devel] " Wendy Cheng
2007-01-16 21:04 ` Wendy Cheng
2007-01-16 21:29 ` Adrian Bunk
2007-01-16 21:29 ` Adrian Bunk
2007-01-14 9:10 ` 2.6.20-rc4-mm1: different values for OHCI_QUIRK_ZFMICRO Adrian Bunk
2007-01-14 14:36 ` David Brownell
2007-02-20 0:06 ` Adrian Bunk
2007-03-29 22:06 ` Randy Dunlap
2007-03-29 22:24 ` David Brownell
2007-05-08 22:17 ` [PATCH] " Randy Dunlap
2007-05-08 22:34 ` David Brownell
2007-05-08 22:37 ` Greg KH
2007-03-30 15:18 ` 2.6.20-rc4-mm1: " Tony Olech
2007-01-14 9:48 ` 2.6.20-rc4-mm1 Thomas Gleixner
2007-01-14 10:46 ` 2.6.20-rc4-mm1 Thomas Gleixner
2007-01-14 14:40 ` 2.6.20-rc4-mm1 Thomas Gleixner
2007-01-14 22:05 ` 2.6.20-rc4-mm1 Jens Axboe
2007-01-14 22:31 ` 2.6.20-rc4-mm1 Thomas Gleixner
2007-01-14 22:30 ` 2.6.20-rc4-mm1 Jens Axboe
2007-01-15 8:22 ` 2.6.20-rc4-mm1 Ingo Molnar
2007-01-15 23:55 ` 2.6.20-rc4-mm1 Jens Axboe
2007-01-14 22:20 ` 2.6.20-rc4-mm1 Jens Axboe
2007-01-14 23:52 ` i810fb fails to load (was: 2.6.20-rc4-mm1) Tilman Schmidt
2007-01-15 0:22 ` Andrew Morton
2007-01-15 0:22 ` Andrew Morton
2007-01-22 13:42 ` i810fb fails to load Thomas Hellström
2007-01-22 18:30 ` Tilman Schmidt
2007-01-22 21:50 ` Dave Airlie
2007-01-23 8:10 ` Thomas Hellström
2007-01-23 8:10 ` Thomas Hellström
2007-01-18 21:55 ` [-mm patch] fs/unionfs/: possible cleanups Adrian Bunk
2007-01-20 22:06 ` Josef Sipek
2007-01-19 18:40 ` [-mm patch] drivers/mtd/ubi/: " Adrian Bunk
2007-01-19 18:40 ` Adrian Bunk
2007-01-21 11:23 ` Artem Bityutskiy
2007-01-20 22:38 ` Frederik Deweerdt [this message]
2007-01-21 19:13 ` [-mm patch] remove one remaining "#define BCM_TSO 1" Adrian Bunk
2007-01-22 18:17 ` [-mm patch] drivers/firewire/: cleanups Adrian Bunk
2007-01-22 19:41 ` Kristian Høgsberg
2007-01-22 20:04 ` Adrian Bunk
2007-01-22 20:04 ` Kristian Høgsberg
2007-01-22 20:44 ` Stefan Richter
2007-01-23 6:02 ` `make htmldocs` fails Don Mullis
2007-01-23 6:22 ` Randy Dunlap
2007-01-23 6:45 ` `make htmldocs` fails -- 2.6.20-rc4-mm1 Don Mullis
2007-01-23 6:35 ` `make htmldocs` fails Greg KH
2007-01-24 13:53 ` 2.6.20-rc4-mm1: PCI=n: drivers/net/3c59x.c compile error Adrian Bunk
2007-01-24 14:12 ` Sergei Shtylyov
2007-02-17 19:26 ` Sergei Shtylyov
2007-02-17 19:32 ` Sergei Shtylyov
2007-02-26 13:22 ` Sergei Shtylyov
2007-02-26 17:26 ` Randy Dunlap
2007-02-26 21:14 ` Greg KH
2007-03-06 16:15 ` Sergei Shtylyov
2007-03-06 16:47 ` Randy Dunlap
2007-03-09 12:54 ` Tejun Heo
2007-01-24 22:36 ` [-mm patch] MTD_CK804XROM must depend on PCI Adrian Bunk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070120223816.GB9017@slug \
--to=deweerdt@free.fr \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.