On Fri, Feb 26, 2016 at 6:03 PM, Fei Yang <phar...@gmail.com> wrote: > I'm running into a panic with 4.4 kernel after applying google patches from > Android common.git. > The panic is apparently triggered by the rwlock introduced in the following > patch. Somehow the sk structure is pointing to an uninitialized rwlock, > sk_callback_lock. > I found that the sk I'm getting in qtaguid_mt() is initially NULL, thus it > tries to find a valid sk by calling qtaguid_find_sk(). But somehow this sk > has an uninitialized rwlock. > My question is how does a sk found from qtaguid_find_sk() get allocated? I'm > running out of idea to trace it back and figure out why the sk is not > initialized properly. > Shouldn't all sk initialized through either sock_init_data() or > sk_clone_lock() which guarantee a valid rwlock?
Sorry for not replying to this earlier, it got filtered away and I missed it. So I'm curious how you're hitting this (or if you still are seeing it)? We ran into some xt_qtaguid use-after-free issues early after 4.4 came out (back when this email was written), but those were addressed by the following commits: 4e461c777e34 xt_qtaguid: Fix panic caused by synack processing cc0063b8eb44 xt_qtaguid: Fix panic caused by processing non-full socket. So If you're seeing the issue with these two fixes applied, I'd be interested in how you're triggering it. thanks -john -- -- unsubscribe: android-kernel+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-kernel --- You received this message because you are subscribed to the Google Groups "Android Linux Kernel Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-kernel+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
