Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 232209 - kernel panic after rmmod cifs
Summary: kernel panic after rmmod cifs
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Jeff Layton
QA Contact: Martin Jenner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-14 11:37 UTC by Vasily Averin
Modified: 2008-01-09 17:30 UTC (History)
3 users (show)

Fixed In Version: 2.6.9-55.EL
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-05-02 18:46:30 UTC


Attachments (Terms of Use)

Description Vasily Averin 2007-03-14 11:37:29 UTC
SWsoft Virtuozzo/OpenVZ Linux kernel team has discovered that 

Kernel crashes because cifsd kernel thread can still alive after "rmmod cifs"

# uname -a
Linux dhcp17-60.qa.sw.ru 2.6.9-42.0.8.EL #1 Tue Jan 23 12:34:49 EST 2007 x86_64
x86_64 x86_64 GNU/Linux
# mount -t cifs //<share> /mnt -o
user=****,pass=***,uid=root,gid=root,file_mode=0644,dir_mode=0755
# umount /mnt
# rmmod cifs
# ps ax | grep cifsd
 3654 ?        D      0:00 [cifsd]

{wait sometime ==> oops}

Unable to handle kernel paging request at ffffffffa025d05c RIP:
[<ffffffffa025d05c>]
PML4 103027 PGD 105027 PMD 981e067 PTE 0
Oops: 0010 [1]
CPU 0
Modules linked in: netconsole netdump nls_utf8 md5 ipv6 parport_pc lp parport
autofs4 sunrpc iptable_filter ip_tables ds yenta_socket pcmcia_core dm_mirror
button battery ac uhci_hcd snd_ens1371 snd_rawmidi snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_ac97_codec snd soundcore
e1000 floppy ext3 jbd dm_mod mptscsih mptsas mptspi mptfc mptscsi mptbase sd_mod
scsi_mod
Pid: 3654, comm: cifsd Not tainted 2.6.9-42.0.8.EL
RIP: 0010:[<ffffffffa025d05c>] [<ffffffffa025d05c>]
RSP: 0018:00000100093dde98  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffa0287150 RCX: 00000100093dc000
RDX: 00000100093dc000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000fffffffc R08: 00000100093dc000 R09: 000001000ef72ce0
R10: 0000000000000246 R11: 0000000000000206 R12: 0000000000000027
R13: 0000000000000400 R14: 0000010001705400 R15: 000001000ab77d80
FS:  0000002a9555eb00(0000) GS:ffffffff80545480(0000) knlGS:00000000f7ff58e0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffffffffa025d05c CR3: 0000000000101000 CR4: 00000000000006e0
Process cifsd (pid: 3654, threadinfo 00000100093dc000, task 00000100089d6ee0)
Stack: 0000010008130ea0 0000000000000000 0000010008130630 0000010008a25c00
       000001000ab77d80 00000100083e8240 000001000ab77d80 0000000000000004
       00000100089d77f0 0000010000000000
Call Trace:<ffffffff801509b3>{worker_thread+0} <ffffffff801115cb>{child_rip+8}
       <ffffffff801115c3>{child_rip+0}

Code:  Bad RIP value.
RIP [<ffffffffa025d05c>] RSP <00000100093dde98>
CR2: ffffffffa025d05c

Comment 1 Vasily Averin 2007-03-14 11:40:17 UTC
This issue has been fixed in mainstream by the following patch:

[CIFS] rmmod cifs can oops if done soon after the last cifs unmount

Signed-off-by: Shaggy (shaggy@austin.ibm.com)
Signed-off-by: Steve French (sfrench@us.ibm.com

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f191401f5906f4d942fac87ebeb4671faf1ba7d6

Comment 2 Jeff Layton 2007-05-02 18:46:30 UTC
This patch is present in the 4.5 release kernel. Please test on -55.EL or
greater and reopen this bug if it's not fixed.



Note You need to log in before you can comment on or make changes to this bug.