Re: [37/50] Fix inet_diag OOPS.
From: Dan Merillat
Date: Mon Sep 24 2007 - 18:03:54 EST
On 9/24/07, Greg KH <gregkh@xxxxxxx> wrote:
> netlink_run_queue() doesn't handle multiple processes processing the
> queue concurrently. Serialize queue processing in inet_diag to fix
> a oops in netlink_rcv_skb caused by netlink_run_queue passing a
> NULL for the skb.
I just got this one on 2.6.23-RC1, looks the same to me but posting
the oops anyway to doublecheck.
(is it possible to get gmail not to mangle code/patches/oopses without
attaching?)
[1015205.245213] Unable to handle kernel NULL pointer dereference at 0000000000000068 RIP:
[1015205.245221] [<ffffffff804eb6a5>] netlink_run_queue+0xb2/0x104
[1015205.245233] PGD a449067 PUD 2e803067 PMD 0
[1015205.245237] Oops: 0000 [1] SMP
[1015205.245240] CPU 1
[1015205.245242] Modules linked in: tcp_diag inet_diag radeon drm iscsi_tcp libiscsi scsi_transport_iscsi ipv6 fuse eeprom tsdev usbhid ff_memless snd_intel8x0 snd_ac97_codec fan ac97_bus snd_pcm thermal i2c_nforce2 k8temp ohci1394 ehci_hcd snd_timer ohci_hcd serio_raw pcspkr rtc hwmon button processor snd snd_page_alloc usbcore i2c_core ide_generic
[1015205.245267] Pid: 26036, comm: identd Not tainted 2.6.23-rc3 #1
[1015205.245269] RIP: 0010:[<ffffffff804eb6a5>] [<ffffffff804eb6a5>] netlink_run_queue+0xb2/0x104
[1015205.245274] RSP: 0018:ffff81002a1d5bf8 EFLAGS: 00010202
[1015205.245276] RAX: 0000000000000000 RBX: ffff81003d94f600 RCX: ffff81000c9fe3c0
[1015205.245278] RDX: 0000000000000009 RSI: 0000000000000202 RDI: ffff81003d91d0c4
[1015205.245281] RBP: 0000000000000000 R08: ffff8100059813c0 R09: ffff81003d91d000
[1015205.245283] R10: 000000007fffffff R11: ffff81000c9fe3c0 R12: ffff81002a1d5c44
[1015205.245286] R13: ffff81003d91d000 R14: ffff81003d91d0b0 R15: ffffffff8819aa95
[1015205.245289] FS: 0000000041001950(0063) GS:ffff81003faaaa40(0000) knlGS:00000000f7415a10
[1015205.245291] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[1015205.245294] CR2: 0000000000000068 CR3: 000000002c973000 CR4: 00000000000006e0
[1015205.245296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[1015205.245298] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[1015205.245301] Process identd (pid: 26036, threadinfo ffff81002a1d4000, task ffff81002a3d50c0)
[1015205.245303] Stack: 0000000000000000 ffff81003d91d000 000000000000004c ffff81001f219400
[1015205.245308] ffff81003d94f600 ffff81002a1d5d60 0000000000000000 ffffffff8819a024
[1015205.245311] 0000000000000292 00000001804cffe4 ffff81003d91d000 ffffffff804ebb37
[1015205.245315] Call Trace:
[1015205.245323] [<ffffffff8819a024>] :inet_diag:inet_diag_rcv+0x24/0x2f
[1015205.245328] [<ffffffff804ebb37>] netlink_data_ready+0x12/0x50
[1015205.245331] [<ffffffff804ea93d>] netlink_sendskb+0x23/0x3d
[1015205.245334] [<ffffffff804ebb12>] netlink_sendmsg+0x2a9/0x2bc
[1015205.245342] [<ffffffff8022841c>] __wake_up_common+0x3e/0x68
[1015205.245348] [<ffffffff804ca69c>] sock_aio_write+0x110/0x128
[1015205.245357] [<ffffffff802654bd>] __pagevec_lru_add_active+0xd1/0xe1
[1015205.245363] [<ffffffff80284388>] do_sync_write+0xc9/0x10c
[1015205.245371] [<ffffffff80243546>] autoremove_wake_function+0x0/0x2e
[1015205.245380] [<ffffffff80284b60>] vfs_write+0xe1/0x157
[1015205.245385] [<ffffffff802850ab>] sys_write+0x45/0x6e
[1015205.245390] [<ffffffff8020b3ce>] system_call+0x7e/0x83
[1015205.245396]
[1015205.245397]
[1015205.245397] Code: 8b 55 68 83 fa 0f 77 93 48 89 ef e8 ad 50 fe ff 41 ff 0c 24
[1015205.245405] RIP [<ffffffff804eb6a5>] netlink_run_queue+0xb2/0x104
[1015205.245409] RSP <ffff81002a1d5bf8>
[1015205.245410] CR2: 0000000000000068