Bug 232209 - kernel panic after rmmod cifs
Summary: kernel panic after rmmod cifs
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Jeff Layton
QA Contact: Martin Jenner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-14 11:37 UTC by Vasily Averin
Modified: 2008-01-09 17:30 UTC (History)
3 users (show)

Fixed In Version: 2.6.9-55.EL
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-05-02 18:46:30 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Vasily Averin 2007-03-14 11:37:29 UTC 
SWsoft Virtuozzo/OpenVZ Linux kernel team has discovered that 

Kernel crashes because cifsd kernel thread can still alive after "rmmod cifs"

# uname -a
Linux dhcp17-60.qa.sw.ru 2.6.9-42.0.8.EL #1 Tue Jan 23 12:34:49 EST 2007 x86_64
x86_64 x86_64 GNU/Linux
# mount -t cifs //<share> /mnt -o
user=****,pass=***,uid=root,gid=root,file_mode=0644,dir_mode=0755
# umount /mnt
# rmmod cifs
# ps ax | grep cifsd
 3654 ?        D      0:00 [cifsd]

{wait sometime ==> oops}

Unable to handle kernel paging request at ffffffffa025d05c RIP:
[<ffffffffa025d05c>]
PML4 103027 PGD 105027 PMD 981e067 PTE 0
Oops: 0010 [1]
CPU 0
Modules linked in: netconsole netdump nls_utf8 md5 ipv6 parport_pc lp parport
autofs4 sunrpc iptable_filter ip_tables ds yenta_socket pcmcia_core dm_mirror
button battery ac uhci_hcd snd_ens1371 snd_rawmidi snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_ac97_codec snd soundcore
e1000 floppy ext3 jbd dm_mod mptscsih mptsas mptspi mptfc mptscsi mptbase sd_mod
scsi_mod
Pid: 3654, comm: cifsd Not tainted 2.6.9-42.0.8.EL
RIP: 0010:[<ffffffffa025d05c>] [<ffffffffa025d05c>]
RSP: 0018:00000100093dde98  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffa0287150 RCX: 00000100093dc000
RDX: 00000100093dc000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000fffffffc R08: 00000100093dc000 R09: 000001000ef72ce0
R10: 0000000000000246 R11: 0000000000000206 R12: 0000000000000027
R13: 0000000000000400 R14: 0000010001705400 R15: 000001000ab77d80
FS:  0000002a9555eb00(0000) GS:ffffffff80545480(0000) knlGS:00000000f7ff58e0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffffffffa025d05c CR3: 0000000000101000 CR4: 00000000000006e0
Process cifsd (pid: 3654, threadinfo 00000100093dc000, task 00000100089d6ee0)
Stack: 0000010008130ea0 0000000000000000 0000010008130630 0000010008a25c00
       000001000ab77d80 00000100083e8240 000001000ab77d80 0000000000000004
       00000100089d77f0 0000010000000000
Call Trace:<ffffffff801509b3>{worker_thread+0} <ffffffff801115cb>{child_rip+8}
       <ffffffff801115c3>{child_rip+0}

Code:  Bad RIP value.
RIP [<ffffffffa025d05c>] RSP <00000100093dde98>
CR2: ffffffffa025d05c
Comment 1 Vasily Averin 2007-03-14 11:40:17 UTC 
This issue has been fixed in mainstream by the following patch:

[CIFS] rmmod cifs can oops if done soon after the last cifs unmount

Signed-off-by: Shaggy (shaggy@austin.ibm.com)
Signed-off-by: Steve French (sfrench@us.ibm.com

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f191401f5906f4d942fac87ebeb4671faf1ba7d6
Comment 2 Jeff Layton 2007-05-02 18:46:30 UTC 
This patch is present in the 4.5 release kernel. Please test on -55.EL or
greater and reopen this bug if it's not fixed.
Note You need to log in before you can comment on or make changes to this bug.