Bug 121731
Summary: | (SELINUX)oops in selinux_socket_sock | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Dan Christian <dac> | ||||||||||||||
Component: | kernel | Assignee: | Dave Jones <davej> | ||||||||||||||
Status: | CLOSED WORKSFORME | QA Contact: | |||||||||||||||
Severity: | high | Docs Contact: | |||||||||||||||
Priority: | medium | ||||||||||||||||
Version: | 2 | CC: | jmorris, pfrields, sdsmall | ||||||||||||||
Target Milestone: | --- | ||||||||||||||||
Target Release: | --- | ||||||||||||||||
Hardware: | i686 | ||||||||||||||||
OS: | Linux | ||||||||||||||||
Whiteboard: | |||||||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||||
Clone Of: | Environment: | ||||||||||||||||
Last Closed: | 2004-12-07 06:24:30 UTC | Type: | --- | ||||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||||
Documentation: | --- | CRM: | |||||||||||||||
Verified Versions: | Category: | --- | |||||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||
Embargoed: | |||||||||||||||||
Attachments: |
|
Description
Dan Christian
2004-04-26 20:46:44 UTC
Created attachment 99697 [details]
text of stack trace (from serial console)
I've reproduced this multiple times under 2.6.3. The stack traces are very
similar.
Created attachment 99702 [details]
Stack trace from oops in 2.6.3
Created attachment 99707 [details]
Another oops (same top level, but different call trace)
Created attachment 99717 [details]
Another stack trace
Created attachment 99718 [details]
yet another stack trace
I'll stop posting stack traces unless someone asks for one.
It certainly seems to be repeatable (given a few hours).
Could you please post a trace using kernel-smp-2.6.5-1.327.i686.rpm ? Looks similar to the problem reported earlier by akpm. Unless I misread the code, it looks like isec is null at the point of the dereferencing of isec->sclass after the self_netif_lookup, which implies that the socket inode was freed in the midst of sock_rcv_skb. Suggestions: - Add an explicit null test for isec and return with a warning. - Take the sk_callback_lock around the use of the socket inode? - Eliminate the need for accessing the socket inode by applying the patch I sent a while back to allow use of sk security field for INET sockets. I have yet to see an oops on 326 or 327. All of them have the vdso=0 boot argument. I have 4 machines running them now. I can take days for this to show, I'll post an oops when I get one. Created attachment 99760 [details]
Call trace from 3.6.5-1.327smp
Thanks for that, it confirms that the oops is happening at the first dereference of the inode security field. isec = inode->i_security; <--- here switch (isec->sclass) { case SECCLASS_UDP_SOCKET: netif_perm = NETIF__UDP_RECV; A fix has been included in the latest Fedora kernel. Please let us know if this works. 6 months with no comment - closing. |