Bug 183664 - dm: make sure don't give out the same minor number twice
Summary: dm: make sure don't give out the same minor number twice
Status: CLOSED DUPLICATE of bug 185445
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Jun'ichi Nomura (Red Hat)
QA Contact: Brian Brock
Depends On:
Blocks: 181409
TreeView+ depends on / blocked
Reported: 2006-03-02 15:59 UTC by Jason Baron
Modified: 2013-04-02 23:51 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-14 21:21:33 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Free minor number after unregistering (511 bytes, patch)
2006-03-09 19:18 UTC, Jun'ichi Nomura (Red Hat)
no flags Details | Diff
Regression test for this bug (778 bytes, application/x-shellscript)
2006-03-09 20:46 UTC, Jun'ichi Nomura (Red Hat)
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0575 normal SHIPPED_LIVE Important: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 4 2006-08-10 04:00:00 UTC

Description Jason Baron 2006-03-02 15:59:46 UTC
Description of problem:


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Jun'ichi Nomura (Red Hat) 2006-03-09 19:18:21 UTC
Created attachment 125894 [details]
Free minor number after unregistering

This is a RHEL4-backported patch from upstream.

Comment 2 Jun'ichi Nomura (Red Hat) 2006-03-09 20:46:00 UTC
Created attachment 125903 [details]
Regression test for this bug

Regression test for this bug.
Without the proposed patch, kernel will panic eventually.

Comment 3 Jun'ichi Nomura (Red Hat) 2006-03-09 20:47:32 UTC
Typical Oops with this bug and the testcase in Comment #2
Badness in kref_get at lib/kref.c:32

Call Trace:<ffffffff801e74c9>{kref_get+46} <ffffffff801e6f8a>{kobject_get+18}
       <ffffffff801e6fbc>{kobject_init+45} <ffffffff8024d170>{alloc_disk+170}
       <ffffffff80189319>{sys_ioctl+853} <ffffffff801101c6>{system_call+126}

Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP:
PML4 1915da067 PGD 1a26b8067 PMD 0
Oops: 0000 [1] SMP
Modules linked in: nfsd exportfs lockd nfs_acl md5 ipv6 parport_pc lp parport
autofs4 i2c_dev i2c_core sunrpc ds yenta_socket pcmcia_core scsi_dump diskdump
zlib_deflate dm_mirror dm_multipath button battery ac uhci_hcd ehci_hcd
e752x_edac edac_mc e1000 floppy sg ext3 jbd dm_mod aic79xx sd_mod scsi_mod
Pid: 16910, comm: dmsetup Not tainted 2.6.9-34.ELlargesmp
RIP: 0010:[<ffffffff801e6bb1>] <ffffffff801e6bb1>{kobject_get_path+41}
RSP: 0018:00000101a9d63c48  EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000002180 RCX: ffffffffffffffff
RDX: 0000000000000006 RSI: 00000000000000d0 RDI: 0000000000000000
RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000003
R10: 0000000000000000 R11: 0000000000000000 R12: 0000010195f01ec0
R13: 00000100cfd964a8 R14: 0000000000000000 R15: 0000010190539800
FS:  0000002a95585380(0000) GS:ffffffff804eac00(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000037e14000 CR4: 00000000000006e0
Process dmsetup (pid: 16910, threadinfo 00000101a9d62000, task
00000101a18fa030)Stack: ffffffff803fda00 ffffffff803fda00 0000000000002180
       0000010195f01ec0 ffffffff803fda00 00000100cfd964a8 ffffffff801e6db6
       ffffffff803de100 ffffffff803fda28
Call Trace:<ffffffff801e6db6>{kobject_hotplug+384}
       <ffffffffa0062528>{:dm_mod:dev_create+0} <ffffffff801e728c>{kobject_add+332}
       <ffffffff801ae26c>{register_disk+67} <ffffffff8024c81b>{add_disk+52}
       <ffffffff80189319>{sys_ioctl+853} <ffffffff801101c6>{system_call+126}

Code: f2 ae 48 f7 d1 48 ff c9 4d 85 c0 8d 2c 0a 8d 55 01 75 db 48
RIP <ffffffff801e6bb1>{kobject_get_path+41} RSP <00000101a9d63c48>
CR2: 0000000000000000

Comment 4 Jun'ichi Nomura (Red Hat) 2006-03-14 21:03:07 UTC
This bug is a duplicate of BZ#185455.

Jason, Alasdair,
please close this bug if it's ok.

Comment 5 Alasdair Kergon 2006-03-14 21:21:33 UTC
Sorry - I forgot to check for bugs cc'd to me like this when submitting these
patches to U4!

*** This bug has been marked as a duplicate of 185445 ***

Comment 6 Jeff Burke 2006-03-30 19:36:50 UTC
This test case have been added to the RHTS system

Comment 7 Linda Wang 2006-05-09 21:51:28 UTC
errata tool clean up, add to U4 CANFIX list for tracking purposes.

Note You need to log in before you can comment on or make changes to this bug.