(I sent a similar bug report to LKML, but lacking a response there, I decided to file it here for posterity and tracking.) There seems to be some bug in the 2.6.12-1.1447_FC4 kernel NFS client: if you unmount at the right time, when the TCP connection to the NFS server is closed, and there's an outstanding request, the reconnect timer doesn't seem to be deleted(?), and RPC_REESTABLISH_TIMEOUT/HZ seconds later, the kernel panics with something like: kernel BUG at kernel/timer.c:418! invalid operand: 0000 [#1] ... Kernel panic - not syncing: Fatal exception in interrupt and the call trace is different every time. The attached shell script (and funmount.c program) reproduce the problem. Run the shell script with one argument (nfs-server:/exported/path) and it will do the following: * mount the NFS server * set up iptables to RST the TCP connection * create an outstanding request to the NFS server (statvfs) * call umount2(/mountpoint, MNT_FORCE | MNT_DETACH) * 15 seconds later, the kernel panics -- kolya
Created attachment 120081 [details] program to call umount2(MNT_FORCE | MNT_DETACH)
Created attachment 120082 [details] Shell script to trigger bug
This appears to be fixed in the latest FC4 kernel.
2.6.14-1.1637_FC4 has been released as an update for FC4. Please retest with this update, as a large amount of code has been changed in this release, which may have fixed your problem. Thank you.
This is a mass-update to all currently open kernel bugs. A new kernel update has been released (Version: 2.6.15-1.1830_FC4) based upon a new upstream kernel release. Please retest against this new kernel, as a large number of patches go into each upstream release, possibly including changes that may address this problem. This bug has been placed in NEEDINFO_REPORTER state. Due to the large volume of inactive bugs in bugzilla, if this bug is still in this state in two weeks time, it will be closed. Should this bug still be relevant after this period, the reporter can reopen the bug at any time. Any other users on the Cc: list of this bug can request that the bug be reopened by adding a comment to the bug. If this bug is a problem preventing you from installing the release this version is filed against, please see bug 169613. Thank you.
Closing per previous comments. Appears to have been fixed in the upstream kernel and in released FC4 kernels.