e100_alloc_cbs() allocates the cb's but does not set cb->skb = NULL
which means that the following check in e100_tx_clean() will execute
even though cb->skb is not really a valid pointer an we OOPs:
if(likely(cb->skb != NULL)) {
...
nic->net_stats.tx_bytes += cb->skb->len;
}
Attached patch fixes the issue.
~Deepak
--
Deepak Saxena - dsaxena at plexity dot net - http://www.plexity.net/
> e100_alloc_cbs() allocates the cb's but does not set cb->skb
> = NULL which means that the following check in
> e100_tx_clean() will execute even though cb->skb is not
> really a valid pointer an we OOPs:
Thanks Deepak. I found one other place where we need to set
cb->skb=NULL. Patch sent to Jeff upstream.
-scott