From: Frederik Deweerdt <deweerdt@free.fr>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, alan@lxorguk.ukuu.org.uk
Subject: [-mm patch] oops in drivers/net/shaper.c
Date: Sat, 20 Jan 2007 22:38:16 +0000 [thread overview]
Message-ID: <20070120223816.GB9017@slug> (raw)
In-Reply-To: <20070111222627.66bb75ab.akpm@osdl.org>
Hi,
The following code:
[...]
s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
socket_address.sll_family = PF_PACKET;
socket_address.sll_protocol = htons(ETH_P_IP);
/*
* this happens to be shaper0 on my system
*/
=> socket_address.sll_ifindex = 2;
socket_address.sll_hatype = ARPHRD_ETHER;
socket_address.sll_pkttype = PACKET_OTHERHOST;
socket_address.sll_halen = ETH_ALEN;
socket_address.sll_addr[0] = 0x00;
socket_address.sll_addr[1] = 0x04;
socket_address.sll_addr[2] = 0x75;
socket_address.sll_addr[3] = 0xC8;
socket_address.sll_addr[4] = 0x28;
socket_address.sll_addr[5] = 0xE5;
socket_address.sll_addr[6] = 0x00;
socket_address.sll_addr[7] = 0x00;
memcpy((void *) buffer, (void *) dest_mac, ETH_ALEN);
memcpy((void *) (buffer + ETH_ALEN), (void *) src_mac, ETH_ALEN);
eh->h_proto = 0x00;
for (j = 0; j < 1500; j++) {
data[j] =
(unsigned
char) ((int) (255.0 * rand() / (RAND_MAX + 1.0)));
}
/*
* Oopses here
*/
=> send_result = sendto(s, buffer, 1499, 0,
(struct sockaddr *) &socket_address,
sizeof(socket_address));
[...]
Causes the following oops:
[ 66.355049] BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 66.355053] printing eip:
[ 66.355055] 00000000
[ 66.355056] *pde = 00000000
[ 66.355059] Oops: 0000 [#1]
[ 66.355061] PREEMPT SMP DEBUG_PAGEALLOC
[ 66.355065] last sysfs file: /devices/pci0000:00/0000:00:1e.2/modalias
[ 66.355069] Modules linked in: snd_pcm_oss snd_mixer_oss snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device af_packet ohci_hcd fuse cpufreq_stats cpufreq_powersave cpufreq_ondemand cpufreq_conservative speedstep_centrino freq_table processor ac battery i915 drm usb_storage parport_pc parport sr_mod serio_raw yenta_socket rsrc_nonstatic pcmcia_core ipw2200 tg3 snd_intel8x0 snd_ac97_codec pcspkr ac97_bus snd_pcm ehci_hcd snd_timer snd soundcore snd_page_alloc uhci_hcd usbcore shpchp pci_hotplug joydev evdev tsdev
[ 66.355115] CPU: 0
[ 66.355116] EIP: 0060:[<00000000>] Not tainted VLI
[ 66.355117] EFLAGS: 00210282 (2.6.20-rc4-mm1-def01 #2)
[ 66.355122] EIP is at 0x0
[ 66.355124] eax: f6a1f480 ebx: f705a500 ecx: 00000800 edx: 00000000
[ 66.355128] esi: f6a1f480 edi: 00000800 ebp: f6261d90 esp: f6261d70
[ 66.355131] ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
[ 66.355134] Process aze (pid: 11005, ti=f6260000 task=f62d08b0 task.ti=f6260000)
[ 66.355136] Stack: c0294465 f6261ec0 00000000 000005db f705a000 f6261f34 f6316380 f705a000
[ 66.355145] f6261dc4 f8adaf03 f6261ec0 00000000 000005db f6b1b400 f6a1f480 00080e38
[ 66.355153] f6261ec0 ffffffea f8adc1e0 000005db f6316380 f6261eac c030e1c5 000005db
[ 66.355161] Call Trace:
[ 66.355163] [<c0105265>] show_trace_log_lvl+0x1a/0x30
[ 66.355171] [<c0105324>] show_stack_log_lvl+0xa9/0xd5
[ 66.355176] [<c0105549>] show_registers+0x1f9/0x362
[ 66.355180] [<c01057de>] die+0x12c/0x261
[ 66.355184] [<c039864f>] do_page_fault+0x2ef/0x5d0
[ 66.355188] [<c0396c74>] error_code+0x7c/0x84
[ 66.355192] [<f8adaf03>] packet_sendmsg+0x147/0x201 [af_packet]
[ 66.355199] [<c030e1c5>] sock_sendmsg+0xf9/0x116
[ 66.355204] [<c030eb54>] sys_sendto+0xbf/0xe0
[ 66.355208] [<c030f494>] sys_socketcall+0x1aa/0x277
[ 66.355212] [<c01041ea>] sysenter_past_esp+0x5f/0x99
[ 66.355216] =======================
[ 66.355218] Code: Bad EIP value.
[ 66.355223] EIP: [<00000000>] 0x0 SS:ESP 0068:f6261d70
shaper_header() should check for shaper->dev not being NULL (ie. the
shaper was actually attached) as in the following patch.
This happens in mainline too (tested 2.6.19.2).
Regards,
Frederik
Signed-off-by: Frederik Deweerdt <frederik.deweerdt@gmail.com>
diff --git a/drivers/net/shaper.c b/drivers/net/shaper.c
index e886e8d..40e9e27 100644
--- a/drivers/net/shaper.c
+++ b/drivers/net/shaper.c
@@ -340,6 +340,10 @@ static int shaper_header(struct sk_buff *skb, struct net_device *dev,
{
struct shaper *sh=dev->priv;
int v;
+
+ if(sh->dev==NULL)
+ return -ENODEV;
+
if(sh_debug)
printk("Shaper header\n");
skb->dev=sh->dev;
next prev parent reply other threads:[~2007-01-20 22:40 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-12 6:26 2.6.20-rc4-mm1 Andrew Morton
2007-01-12 10:20 ` Early ACPI lockup (was Re: 2.6.20-rc4-mm1) Frederik Deweerdt
2007-01-12 22:53 ` Len Brown
2007-01-12 23:10 ` Frederik Deweerdt
2007-01-12 23:36 ` Jiri Slaby
2007-01-13 0:08 ` Michal Piotrowski
2007-01-13 0:45 ` Frederik Deweerdt
2007-01-13 0:43 ` Jiri Slaby
2007-01-12 10:25 ` 2.6.20-rc4-mm1 Mariusz Kozlowski
2007-01-12 13:18 ` 2.6.20-rc4-mm1 Frederik Deweerdt
2007-01-12 15:13 ` 2.6.20-rc4-mm1 Mariusz Kozlowski
2007-01-12 15:16 ` 2.6.20-rc4-mm1 Michal Piotrowski
2007-01-12 16:12 ` 2.6.20-rc4-mm1 Mariusz Kozlowski
2007-01-12 10:52 ` 'struct task_struct' has no member named 'mems_allowed' (was: Re: 2.6.20-rc4-mm1) Sander
2007-01-12 11:28 ` Paul Jackson
2007-01-12 19:25 ` Christoph Lameter
2007-01-12 21:20 ` Paul Jackson
2007-01-12 21:28 ` Christoph Lameter
2007-01-12 21:58 ` Paul Jackson
2007-01-12 22:00 ` Christoph Lameter
2007-01-12 22:10 ` Paul Jackson
2007-01-12 22:11 ` Andrew Morton
2007-01-12 11:55 ` spurious sparse warnings from linux/aio.h (was: 2.6.20-rc4-mm1) Tilman Schmidt
2007-01-12 13:11 ` Suparna Bhattacharya
2007-01-12 17:46 ` spurious sparse warnings from linux/aio.h Tilman Schmidt
2007-01-12 13:33 ` [-mm patch] remove tcp header from tcp_v4_check Frederik Deweerdt
2007-01-12 13:55 ` [-mm patch] remove tcp header from tcp_v4_check (take #2) Frederik Deweerdt
2007-02-05 0:44 ` David Miller
2007-01-13 7:27 ` 2.6.20-rc4-mm1: status of sn9c102_pas202bca? Adrian Bunk
2007-01-15 11:34 ` Mauro Carvalho Chehab
2007-01-13 9:56 ` [-mm patch] make mmc_sysfs.c:mmc_key_type static Adrian Bunk
2007-01-13 22:38 ` Pierre Ossman
2007-01-13 9:56 ` [-mm patch] make gfs2_change_nlink_i() static Adrian Bunk
2007-01-15 10:31 ` Steven Whitehouse
2007-01-16 21:04 ` [Cluster-devel] " Wendy Cheng
2007-01-16 21:29 ` Adrian Bunk
2007-01-14 9:10 ` 2.6.20-rc4-mm1: different values for OHCI_QUIRK_ZFMICRO Adrian Bunk
2007-01-14 14:36 ` David Brownell
2007-02-20 0:06 ` Adrian Bunk
2007-03-29 22:06 ` Randy Dunlap
2007-03-29 22:24 ` David Brownell
2007-05-08 22:17 ` [PATCH] " Randy Dunlap
2007-05-08 22:34 ` David Brownell
2007-05-08 22:37 ` Greg KH
2007-03-30 15:18 ` 2.6.20-rc4-mm1: " Tony Olech
2007-01-14 9:48 ` 2.6.20-rc4-mm1 Thomas Gleixner
2007-01-14 10:46 ` 2.6.20-rc4-mm1 Thomas Gleixner
2007-01-14 14:40 ` 2.6.20-rc4-mm1 Thomas Gleixner
2007-01-14 22:05 ` 2.6.20-rc4-mm1 Jens Axboe
2007-01-14 22:31 ` 2.6.20-rc4-mm1 Thomas Gleixner
2007-01-14 22:30 ` 2.6.20-rc4-mm1 Jens Axboe
2007-01-15 8:22 ` 2.6.20-rc4-mm1 Ingo Molnar
2007-01-15 23:55 ` 2.6.20-rc4-mm1 Jens Axboe
2007-01-14 22:20 ` 2.6.20-rc4-mm1 Jens Axboe
2007-01-14 23:52 ` i810fb fails to load (was: 2.6.20-rc4-mm1) Tilman Schmidt
2007-01-15 0:22 ` Andrew Morton
2007-01-22 13:42 ` i810fb fails to load Thomas Hellström
2007-01-22 18:30 ` Tilman Schmidt
2007-01-22 21:50 ` Dave Airlie
2007-01-23 8:10 ` Thomas Hellström
2007-01-18 21:55 ` [-mm patch] fs/unionfs/: possible cleanups Adrian Bunk
2007-01-20 22:06 ` Josef Sipek
2007-01-19 18:40 ` [-mm patch] drivers/mtd/ubi/: " Adrian Bunk
2007-01-21 11:23 ` Artem Bityutskiy
2007-01-20 22:38 ` Frederik Deweerdt [this message]
2007-01-21 19:13 ` [-mm patch] remove one remaining "#define BCM_TSO 1" Adrian Bunk
2007-01-22 18:17 ` [-mm patch] drivers/firewire/: cleanups Adrian Bunk
2007-01-22 19:41 ` Kristian Høgsberg
2007-01-22 20:04 ` Adrian Bunk
2007-01-22 20:04 ` Kristian Høgsberg
2007-01-22 20:44 ` Stefan Richter
2007-01-23 6:02 ` `make htmldocs` fails Don Mullis
2007-01-23 6:22 ` Randy Dunlap
2007-01-23 6:45 ` `make htmldocs` fails -- 2.6.20-rc4-mm1 Don Mullis
2007-01-23 6:35 ` `make htmldocs` fails Greg KH
2007-01-24 13:53 ` 2.6.20-rc4-mm1: PCI=n: drivers/net/3c59x.c compile error Adrian Bunk
2007-01-24 14:12 ` Sergei Shtylyov
2007-02-17 19:26 ` Sergei Shtylyov
2007-02-17 19:32 ` Sergei Shtylyov
2007-02-26 13:22 ` Sergei Shtylyov
2007-02-26 17:26 ` Randy Dunlap
2007-02-26 21:14 ` Greg KH
2007-03-06 16:15 ` Sergei Shtylyov
2007-03-06 16:47 ` Randy Dunlap
2007-03-09 12:54 ` Tejun Heo
2007-01-24 22:36 ` [-mm patch] MTD_CK804XROM must depend on PCI Adrian Bunk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070120223816.GB9017@slug \
--to=deweerdt@free.fr \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox