Bug 608156 - kernel panic if bonding initialization fails
Summary: kernel panic if bonding initialization fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.5
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Andy Gospodarek
QA Contact: Boris Ranto
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-25 20:27 UTC by Konstantin Khorenko
Modified: 2014-06-29 23:02 UTC (History)
5 users (show)

Fixed In Version: kernel-2.6.18-284.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-21 03:28:02 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0150 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux 5.8 kernel update 2012-02-21 07:35:24 UTC

Description Konstantin Khorenko 2010-06-25 20:27:16 UTC 
Our customer experienced a kernel panic after a kernel upgrade on the node boot stage.

Kernel panic calltrace (process - 'modprobe'):

flush_workqueue
destroy_workqueue
bond_destructor
netdev_run_todo
bonding_init
sys_init_module

The affected kernel is based on 2.6.18-194.3.1.el5.

Checking the code:
destroy_workqueue() is called in bonding_init() on err path AND in bond_destructor() one after another.

This issue has been already fixed in mainstream:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9d34d1a20e8171be819a6c8c4de4eea6104d174e

----
bonding: fix panic if initialization fails

If module initialisation failed (e.g. because the bonding sysfs entry
cannot be created), kernel panics:
 IP: [<ffffffff8024910a>] destroy_workqueue+0x2d/0x146
Call Trace:
 [<ffffffff808268c4>] bond_destructor+0x28/0x78
 [<ffffffff80b64471>] netdev_run_todo+0x231/0x25a
 [<ffffffff80b6dbcd>] rtnl_unlock+0x9/0xb
 [<ffffffff81567907>] bonding_init+0x83e/0x84a

Remove the calls to bond_work_cancel_all() and destroy_workqueue();
both are also called/scheduled via bond_free_all().

bond_destroy_sysfs is unecessary because the sysfs entry has
not been created in the error case.

Signed-off-by: Florian Westphal <fw>
Signed-off-by: Jay Vosburgh <fubar.com>
Signed-off-by: Jiri Pirko <jpirko>
Signed-off-by: David S. Miller <davem>
----

Please, apply the patch too.

Thank you.

--
Best regards,

Konstantin Khorenko,
PVCfL/OpenVZ developer,
Parallels
Comment 3 RHEL Program Management 2011-08-31 02:29:39 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 6 Jarod Wilson 2011-09-02 15:37:57 UTC 
Patch(es) available in kernel-2.6.18-284.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.
Comment 7 Jarod Wilson 2011-09-02 17:39:55 UTC 
Patch(es) available in kernel-2.6.18-284.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.
Comment 10 errata-xmlrpc 2012-02-21 03:28:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0150.html
Note You need to log in before you can comment on or make changes to this bug.