Bug 168854 - Kernel panic when removing logical volume with name length greater than 16 characters
Summary: Kernel panic when removing logical volume with name length greater than 16 ch...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Alasdair Kergon
QA Contact: Cluster QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-09-20 18:08 UTC by Henry Harris
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-12-05 16:29:49 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Henry Harris 2005-09-20 18:08:26 UTC
Description of problem: Attempting to remove logical volume with a name length 
greater than 16 characters causes a kernel panic.


Version-Release number of selected component (if applicable):
2.01.14-1.0

How reproducible: Every time


Steps to Reproduce:
1. Create a logical volume with a name greater than 16 characters long
2. lmremove the lv just created
3.
  
Actual results: Kernel paniced


Expected results: LV removed


Additional info:

This looks like the same issue that Ben Marzinski fixed
  before where a pointer was dereferenced to and invalid
  low memory address causing a panic. This panic stack
  is coming from the thread, clvmd, that called the unlink() 
  system call (i.e. so the clvmd app was removing a file 
  from a directory).
 
  e1000: eth6: e1000_watchdog: NIC Link is Down

  <1>Unable to handle kernel NULL pointer dereference at 

  0000000000000049 RIP:

  
  Stack traceback for pid 2589

  0x00000100e58e77f0     2589        1  1    1   R  0x00000100e58e7bf0 *clvmd

  RSP           RIP                Function (args)

  0x100e52c7e50 0xffffffff801e54ed rb_first+0xa

  0x100e52c7e68 0xffffffff8016dc0d mpol_free_shared_policy+0x35

  0x100e52c7e88 0xffffffff801707e7 shmem_destroy_inode+0x11

  0x100e52c7e98 0xffffffff8018a593 destroy_inode+0x42 (0xffffffff8018ba72)

  0x100e52c7ea8 0xffffffff8018bb9f generic_delete_inode+0x12d (0x0)

  0x100e52c7ec8 0xffffffff8018a9e1 iput+0x78

  0x100e52c7ed8 0xffffffff8018226a sys_unlink+0x105

Comment 1 Alasdair Kergon 2005-09-20 18:39:51 UTC
Since this was a kernel panic, exactly which kernel was it from?

Comment 3 Christine Caulfield 2005-09-21 13:44:13 UTC
Reassign to agk. It should be assigned to RHEL4/kernel but I can't seem to do that.

Comment 4 Alasdair Kergon 2005-12-05 16:29:49 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-514.html


Note You need to log in before you can comment on or make changes to this bug.