Bug 854718

Summary: General Protection Fault in blkdev_get
Product: Red Hat Enterprise Linux 6 Reporter: Jason Mather <goz_02451>
Component: kernelAssignee: Red Hat Kernel Manager <kernel-mgr>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3   
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-22 15:20:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Use saved value for owner. none

Description Jason Mather 2012-09-05 16:10:58 UTC
Created attachment 610090 [details]
Use saved value for owner.

Description of problem:
Call Trace:
 [<ffffffff811d2240>] ? blkdev_open+0x0/0xc0
 [<ffffffff811d2240>] ? blkdev_open+0x0/0xc0
 [<ffffffff811d2230>] blkdev_get+0x10/0x20                     <- GPF 
 [<ffffffff811d22b1>] blkdev_open+0x71/0xc0
 [<ffffffff81194c6a>] __dentry_open+0x10a/0x3e0
 [<ffffffff81258178>] ? devcgroup_inode_permission+0x48/0x190
 [<ffffffff8123458f>] ? security_inode_permission+0x1f/0x30
 [<ffffffff81194f94>] nameidata_to_filp+0x54/0x70
 [<ffffffff811a85a0>] do_filp_open+0x6c0/0xd90
 [<ffffffff81531137>] ? _spin_unlock_irqrestore+0x67/0x80
 [<ffffffff8153117b>] ? _spin_unlock+0x2b/0x40
 [<ffffffff811b4efb>] ? alloc_fd+0xab/0x160
 [<ffffffff81194a19>] do_sys_open+0x69/0x140
 [<ffffffff81530bd2>] ? trace_hardirqs_on_thunk+0x3a/0x3f
 [<ffffffff81194b30>] sys_open+0x20/0x30
 [<ffffffff8100b0b2>] system_call_fastpath+0x16/0x1
Code: 00 00 48 85 ff 74 09 48 83 c7 20 e8 d4 28 1a 00 4c 89 e7 48 c7 83 f8 00 00 00 00 00 00 00 e8 81 f0 0a 00 49 8b 84 24 38 04 00 00 <48> 8b 78 58 e8 d0 c6 ee ff 48 c7 83 08 01 00 00 00 00 00 00 4c 
RIP  [<ffffffff811d1f47>] __blkdev_get+0x107/0x3e0

Version-Release number of selected component (if applicable):


How reproducible:  Not sure.  Happened several times when running a script to clean up after a test.


Steps to Reproduce:
1. mdadm -S /dev/md5
2. blockdev --flushbufs /dev/sdd
3. echo 1 >/sys/block/sdd/device/delete
  
Actual results:
GPF

Expected results:
Delete device

Additional info:  Found the error in blkdev where disk pointer is dereferenced after being freed.  Patch attached.

Comment 2 Jes Sorensen 2012-11-22 15:20:08 UTC
This was fixed correctly in upstream commit
f992ae801a7dec34a4ed99a6598bbbbfb82af4fb, which was backported into 2.6.32-239
and which is included in the released RHEL6.3 kernel.