Bug 187841

Summary: CVE-2006-1855 Old thread debugging causes false BUG() in choose_new_parent
Product: Red Hat Enterprise Linux 4 Reporter: David Thompson <thomas>
Component: kernelAssignee: Jason Baron <jbaron>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 4.0CC: jbaron, knoel, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard: source=bugzilla,reported=20060403,impact=important,public=20060518
Fixed In Version: RHSA-2006-0493 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-24 09:29:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
discussion and code snippets
none
panic trace
none
here is the upstream fix none

Description David Thompson 2006-04-03 20:48:20 UTC 
Description of problem:

From Nathan Rosenblum <nater.edu>:

I have identified a bug in the linux kernel 
that causes this kernel panic on my machine. More details are below, but 
the executive summary is this: the code that triggers the bug appears to 
have been eliminated in 2.6.11.12, but I have not tested on the 
intervening releases between 2.6.9 and that version, so I cannot 
guarantee that it was not fixed previous to 2.6.11.12.  It is unclear 
whether the developer that made the change in that version was aware of 
the severity of the problem, or even if a problem existed; the commit 
comments suggest that the change was only cleanup.  This is apparently 
left-over debugging code that is stripped out in 2.6.11.12.


Version-Release number of selected component (if applicable):

2.6.9-34.EL

How reproducible:

Always

Steps to Reproduce:

See attachments
  
Actual results:

Crashed kernel

Expected results:

Running kernel
Comment 1 David Thompson 2006-04-03 20:48:21 UTC 
Created attachment 127259 [details]
discussion and code snippets
Comment 2 Jason Baron 2006-04-04 15:53:30 UTC 
Created attachment 127301 [details]
panic trace
Comment 3 Jason Baron 2006-04-04 16:10:36 UTC 
Created attachment 127302 [details]
here is the upstream fix
Comment 8 Paul Gampe 2006-05-18 18:38:18 UTC 
Reviewed with Jay and Linda, approved exception moving to CanFix.
Comment 10 Jason Baron 2006-05-22 19:14:16 UTC 
committed in stream U4 build 36.1. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/
Comment 12 Red Hat Bugzilla 2006-05-24 09:29:00 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0493.html