Bug 854718
Summary: | General Protection Fault in blkdev_get | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jason Mather <goz_02451> | ||||
Component: | kernel | Assignee: | Red Hat Kernel Manager <kernel-mgr> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Red Hat Kernel QE team <kernel-qe> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.3 | ||||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-11-22 15:20:08 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
This was fixed correctly in upstream commit f992ae801a7dec34a4ed99a6598bbbbfb82af4fb, which was backported into 2.6.32-239 and which is included in the released RHEL6.3 kernel. |
Created attachment 610090 [details] Use saved value for owner. Description of problem: Call Trace: [<ffffffff811d2240>] ? blkdev_open+0x0/0xc0 [<ffffffff811d2240>] ? blkdev_open+0x0/0xc0 [<ffffffff811d2230>] blkdev_get+0x10/0x20 <- GPF [<ffffffff811d22b1>] blkdev_open+0x71/0xc0 [<ffffffff81194c6a>] __dentry_open+0x10a/0x3e0 [<ffffffff81258178>] ? devcgroup_inode_permission+0x48/0x190 [<ffffffff8123458f>] ? security_inode_permission+0x1f/0x30 [<ffffffff81194f94>] nameidata_to_filp+0x54/0x70 [<ffffffff811a85a0>] do_filp_open+0x6c0/0xd90 [<ffffffff81531137>] ? _spin_unlock_irqrestore+0x67/0x80 [<ffffffff8153117b>] ? _spin_unlock+0x2b/0x40 [<ffffffff811b4efb>] ? alloc_fd+0xab/0x160 [<ffffffff81194a19>] do_sys_open+0x69/0x140 [<ffffffff81530bd2>] ? trace_hardirqs_on_thunk+0x3a/0x3f [<ffffffff81194b30>] sys_open+0x20/0x30 [<ffffffff8100b0b2>] system_call_fastpath+0x16/0x1 Code: 00 00 48 85 ff 74 09 48 83 c7 20 e8 d4 28 1a 00 4c 89 e7 48 c7 83 f8 00 00 00 00 00 00 00 e8 81 f0 0a 00 49 8b 84 24 38 04 00 00 <48> 8b 78 58 e8 d0 c6 ee ff 48 c7 83 08 01 00 00 00 00 00 00 4c RIP [<ffffffff811d1f47>] __blkdev_get+0x107/0x3e0 Version-Release number of selected component (if applicable): How reproducible: Not sure. Happened several times when running a script to clean up after a test. Steps to Reproduce: 1. mdadm -S /dev/md5 2. blockdev --flushbufs /dev/sdd 3. echo 1 >/sys/block/sdd/device/delete Actual results: GPF Expected results: Delete device Additional info: Found the error in blkdev where disk pointer is dereferenced after being freed. Patch attached.