Bug 854718 - General Protection Fault in blkdev_get
General Protection Fault in blkdev_get
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
6.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Red Hat Kernel Manager
Red Hat Kernel QE team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-05 12:10 EDT by Jason Mather
Modified: 2012-11-22 10:20 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-11-22 10:20:08 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Use saved value for owner. (410 bytes, application/octet-stream)
2012-09-05 12:10 EDT, Jason Mather
no flags Details

  None (edit)
Description Jason Mather 2012-09-05 12:10:58 EDT
Created attachment 610090 [details]
Use saved value for owner.

Description of problem:
Call Trace:
 [<ffffffff811d2240>] ? blkdev_open+0x0/0xc0
 [<ffffffff811d2240>] ? blkdev_open+0x0/0xc0
 [<ffffffff811d2230>] blkdev_get+0x10/0x20                     <- GPF 
 [<ffffffff811d22b1>] blkdev_open+0x71/0xc0
 [<ffffffff81194c6a>] __dentry_open+0x10a/0x3e0
 [<ffffffff81258178>] ? devcgroup_inode_permission+0x48/0x190
 [<ffffffff8123458f>] ? security_inode_permission+0x1f/0x30
 [<ffffffff81194f94>] nameidata_to_filp+0x54/0x70
 [<ffffffff811a85a0>] do_filp_open+0x6c0/0xd90
 [<ffffffff81531137>] ? _spin_unlock_irqrestore+0x67/0x80
 [<ffffffff8153117b>] ? _spin_unlock+0x2b/0x40
 [<ffffffff811b4efb>] ? alloc_fd+0xab/0x160
 [<ffffffff81194a19>] do_sys_open+0x69/0x140
 [<ffffffff81530bd2>] ? trace_hardirqs_on_thunk+0x3a/0x3f
 [<ffffffff81194b30>] sys_open+0x20/0x30
 [<ffffffff8100b0b2>] system_call_fastpath+0x16/0x1
Code: 00 00 48 85 ff 74 09 48 83 c7 20 e8 d4 28 1a 00 4c 89 e7 48 c7 83 f8 00 00 00 00 00 00 00 e8 81 f0 0a 00 49 8b 84 24 38 04 00 00 <48> 8b 78 58 e8 d0 c6 ee ff 48 c7 83 08 01 00 00 00 00 00 00 4c 
RIP  [<ffffffff811d1f47>] __blkdev_get+0x107/0x3e0

Version-Release number of selected component (if applicable):


How reproducible:  Not sure.  Happened several times when running a script to clean up after a test.


Steps to Reproduce:
1. mdadm -S /dev/md5
2. blockdev --flushbufs /dev/sdd
3. echo 1 >/sys/block/sdd/device/delete
  
Actual results:
GPF

Expected results:
Delete device

Additional info:  Found the error in blkdev where disk pointer is dereferenced after being freed.  Patch attached.
Comment 2 Jes Sorensen 2012-11-22 10:20:08 EST
This was fixed correctly in upstream commit
f992ae801a7dec34a4ed99a6598bbbbfb82af4fb, which was backported into 2.6.32-239
and which is included in the released RHEL6.3 kernel.

Note You need to log in before you can comment on or make changes to this bug.