linux device driver - Error in accessing skb (skb->data) -

i'm trying allocate sk_buff in code , access skb->data area.
null pointer deference.

openwrt: barrier breaker

code:

struct sk_buff *skb = null; skb = __dev_alloc_skb(2400,gfp_atomic); if (skb) {     printk("head= %p \n data= %p \n tail= %p\n end= %p\n len= %d\n", skb->head,skb->data,skb->tail,skb->end,skb->len);     memset(skb->data,0,2400);     } 

dump:

i following stack trace:

[   61.200000] head = ce1dca00 [   61.200000] data = 00000b20 [   61.210000] tail = ce1dd360 [   61.210000] end = ce1dc9c0 [   61.210000] len = 0 [   61.210000] unable handle kernel null pointer dereference @ virtual address 00000b20 [   61.220000] pgd = ce240000 [   61.220000] [00000b20] *pgd=2e554831, *pte=00000000, *ppte=00000000 [   61.230000] internal error: oops: 817 [#1] smp arm [   61.230000] modules linked in: eng qcserial pppoe ppp_async option iptable_nat usb_wwan sierra_net sierra qmi_wwan pppox ppp_generic pl2303 nf_nat_ipv4 nf_conntrack_ipv4 mac80211 ipt_masquerade ftdi_sio ebtable_nat ebtable_filter ebtable_broute cfg80211 cdc_ether ath3k asix xt_time xt_tcpudp xt_tcpmss xt_string xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_id xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_tcpmss xt_redirect xt_netmap xt_log xt_hl xt_dscp xt_ct xt_classify usbserial usbnet usbhid ums_usbat ums_sddr55 ums_sddr09 ums_karma ums_jumpshot ums_isd200 ums_freecom ums_datafab ums_cypress ums_alauda ts_kmp ts_fsm ts_bm slhc rfcomm nf_nat_irc nf_nat_ftp nf_nat nf_defrag_ipv4 nf_conntrack_irc nf_conntrack_ftp iptable_raw iptable_mangle iptable_filter ipt_reject ipt_ecn ip_tables hso hidp hid_generic hci_uart gsc_input ebtables ebt_vlan ebt_stp ebt_snat ebt_redirect ebt_pkttype ebt_mark_m ebt_mark ebt_limit ebt_ip6 ebt_ip ebt_dnat ebt_arpreply ebt_arp ebt_among ebt_802_3 e1000e crc_ccitt compat cdc_wdm cdc_acm btusb bnep bluetooth act_connmark act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_hfsc sch_ingress configs hid evdev ledtrig_usbdev xt_led ledtrig_netdev ledtrig_morse ledtrig_heartbeat ledtrig_gpio batman_adv libcrc32c ip6t_reject ip6table_raw ip6table_mangle ip6table_filter ip6_tables x_tables nf_conntrack_ipv6 nf_conntrack nf_defrag_ipv6 nfsd nfsv3 nfs bonding ip_gre gre e1000 ifb ip_tunnel tun snd_compress snd_pcm_oss snd_mixer_oss snd_pcm snd_page_alloc snd_timer snd_rawmidi snd_seq_device snd_hwdep snd soundcore vfat fat ntfs lockd sunrpc nls_iso8859_1 nls_cp437 regmap_spi regmap_i2c regmap_core lzo_decompress lzo_compress rfkill input_core ipv6 arc4 crypto_blkcipher usb_storage uhci_hcd gpio_button_hotplug ext4 crc16 jbd2 mbcache exportfs ptp crc32c crypto_hash [last unloaded: iwlwifi] [   61.230000] cpu: 0 pid: 1850 comm: hostapd not tainted 3.10.49 #1 [   61.230000] task: cf97ac60 ti: ce1d6000 task.ti: ce1d6000 [   61.230000] pc @ __memzero+0x24/0x80 [   61.230000] lr @ 0x0 [   61.230000] pc : [<c000c1a4>]    lr : [<00000000>]    psr: 20000013 [   61.230000] sp : ce1d7d04  ip : 00000000  fp : ce1d7d2c [   61.230000] r10: 00008914  r9 : 00000001  r8 : ce44d400 [   61.230000] r7 : 00004000  r6 : ce44d400  r5 : 00000008  r4 : ce094560 [   61.230000] r3 : 00000000  r2 : 00000000  r1 : 000008e0  r0 : 00000b20 [   61.230000] flags: nzcv  irqs on  fiqs on  mode svc_32  isa arm  segment user [   61.230000] control: 00c5787d  table: 2e24000a  dac: 00000015 

i have tried using alloc_skb, dev_alloc_skb also.

ath5k uses __dev_alloc_skb() , uses returned skb->data on target platform.

also value of skb->data (data = 00000b20) seems relative. relative skb->head.

please help.

thanks

you don't need use private methods (starting __), use alloc_skb or dev_alloc_skb (for device drivers, freed automatically) instead.

also, better use provided api instance of sk_buff structure rather accessing private fields. see existing usages examples: http://lxr.free-electrons.com/ident?i=dev_alloc_skb