System crash when NULL pointer dereferenced in __disk_get_part() due to use-after-free on gendisk

Solution Unverified - Updated -

Issue

  • NULL pointer dereference in __disk_get_part() due to use-after-free on gendisk:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
PGD 0 P4D 0 
Oops: 0000 [#1] SMP NOPTI
CPU: 43 PID: 1741841 Comm: mount Kdump: loaded Tainted: G        W  OE    --------- -  - 4.18.0-372.9.1.el8.x86_64 #1
Hardware name: Inspur AS13000G6-CGN24/AS13000G6-CGN24, BIOS 5.05.01 2022-05-16
RIP: 0010:__disk_get_part+0xd/0x30
....
Call Trace:
 generic_make_request_checks+0x87/0x530
 ? finish_wait+0x80/0x80
 generic_make_request+0x30/0x350
 ? __switch_to_asm+0x35/0x70
 submit_bio+0x3c/0x160
 ? bio_add_page+0x42/0x50
 _xfs_buf_ioapply+0x2af/0x420 [xfs]
 ? xfs_buf_get_uncached+0x1ad/0x240 [xfs]
 ? xfs_buf_read_uncached+0x99/0x130 [xfs]
 __xfs_buf_submit+0x63/0x1d0 [xfs]
 xfs_buf_read_uncached+0x99/0x130 [xfs]
 ? pcpu_alloc+0x406/0x770
 xfs_readsb+0xcb/0x1b0 [xfs]
 xfs_fs_fill_super+0x199/0x6a0 [xfs]
 ? xfs_mount_free+0x30/0x30 [xfs]
 get_tree_bdev+0x186/0x260
 vfs_get_tree+0x25/0xb0
 do_mount+0x2e2/0x950
 ksys_mount+0xb6/0xd0
 __x64_sys_mount+0x21/0x30
 do_syscall_64+0x5b/0x1a0
 entry_SYSCALL_64_after_hwframe+0x65/0xca
RIP: 0033:0x7fe95763fb0e
  • Additionally, a warning was hit in regard to blkdev_put():
WARNING: CPU: 96 PID: 1740565 at fs/block_dev.c:1792 __blkdev_put+0x202/0x210
Modules linked in: ib_core nft_counter nft_compat nf_tables nfnetlink xfs bonding libcrc32c tls sunrpc vfat fat crct10dif_pclmul crc32_pclmul ipmi_si ghash_clmulni_intel ipmi_devintf ipmi_msghandler pcspkr ast drm_vram_helper i2c_algo_bit drm_ttm_helper ttm sg drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm k10temp ip_tables ext4 mbcache jbd2 sd_mod crc32c_intel ice nvme megaraid_sas(OE) ahci libahci nvme_core libata t10_pi ngbe(OE)
CPU: 96 PID: 1740565 Comm: systemd-udevd Kdump: loaded Tainted: G        W  OE    --------- -  - 4.18.0-372.9.1.el8.x86_64 #1
Hardware name: Inspur AS13000G6-CGN24/AS13000G6-CGN24, BIOS 5.05.01 2022-05-16
RIP: 0010:__blkdev_put+0x202/0x210
....
Call Trace:
 blkdev_put+0x4c/0xe0
 blkdev_close+0x21/0x30
 __fput+0xbe/0x250
 task_work_run+0x8a/0xb0
 exit_to_usermode_loop+0xeb/0xf0
 do_syscall_64+0x198/0x1a0
 entry_SYSCALL_64_after_hwframe+0x65/0xca
RIP: 0033:0x7f6d6750b955
....

Environment

  • Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content