Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 232209

Summary: kernel panic after rmmod cifs
Product: Red Hat Enterprise Linux 4 Reporter: Vasily Averin <vvs>
Component: kernelAssignee: Jeff Layton <jlayton>
Status: CLOSED CURRENTRELEASE QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4CC: khorenko, staubach, steved
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.6.9-55.EL Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-02 18:46:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vasily Averin 2007-03-14 11:37:29 UTC 
SWsoft Virtuozzo/OpenVZ Linux kernel team has discovered that 

Kernel crashes because cifsd kernel thread can still alive after "rmmod cifs"

# uname -a
Linux dhcp17-60.qa.sw.ru 2.6.9-42.0.8.EL #1 Tue Jan 23 12:34:49 EST 2007 x86_64
x86_64 x86_64 GNU/Linux
# mount -t cifs //<share> /mnt -o
user=****,pass=***,uid=root,gid=root,file_mode=0644,dir_mode=0755
# umount /mnt
# rmmod cifs
# ps ax | grep cifsd
 3654 ?        D      0:00 [cifsd]

{wait sometime ==> oops}

Unable to handle kernel paging request at ffffffffa025d05c RIP:
[<ffffffffa025d05c>]
PML4 103027 PGD 105027 PMD 981e067 PTE 0
Oops: 0010 [1]
CPU 0
Modules linked in: netconsole netdump nls_utf8 md5 ipv6 parport_pc lp parport
autofs4 sunrpc iptable_filter ip_tables ds yenta_socket pcmcia_core dm_mirror
button battery ac uhci_hcd snd_ens1371 snd_rawmidi snd_seq_device snd_pcm_oss
snd_mixer_oss snd_pcm snd_timer snd_page_alloc snd_ac97_codec snd soundcore
e1000 floppy ext3 jbd dm_mod mptscsih mptsas mptspi mptfc mptscsi mptbase sd_mod
scsi_mod
Pid: 3654, comm: cifsd Not tainted 2.6.9-42.0.8.EL
RIP: 0010:[<ffffffffa025d05c>] [<ffffffffa025d05c>]
RSP: 0018:00000100093dde98  EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffa0287150 RCX: 00000100093dc000
RDX: 00000100093dc000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000fffffffc R08: 00000100093dc000 R09: 000001000ef72ce0
R10: 0000000000000246 R11: 0000000000000206 R12: 0000000000000027
R13: 0000000000000400 R14: 0000010001705400 R15: 000001000ab77d80
FS:  0000002a9555eb00(0000) GS:ffffffff80545480(0000) knlGS:00000000f7ff58e0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffffffffa025d05c CR3: 0000000000101000 CR4: 00000000000006e0
Process cifsd (pid: 3654, threadinfo 00000100093dc000, task 00000100089d6ee0)
Stack: 0000010008130ea0 0000000000000000 0000010008130630 0000010008a25c00
       000001000ab77d80 00000100083e8240 000001000ab77d80 0000000000000004
       00000100089d77f0 0000010000000000
Call Trace:<ffffffff801509b3>{worker_thread+0} <ffffffff801115cb>{child_rip+8}
       <ffffffff801115c3>{child_rip+0}

Code:  Bad RIP value.
RIP [<ffffffffa025d05c>] RSP <00000100093dde98>
CR2: ffffffffa025d05c
Comment 1 Vasily Averin 2007-03-14 11:40:17 UTC 
This issue has been fixed in mainstream by the following patch:

[CIFS] rmmod cifs can oops if done soon after the last cifs unmount

Signed-off-by: Shaggy (shaggy.com)
Signed-off-by: Steve French (sfrench.com

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f191401f5906f4d942fac87ebeb4671faf1ba7d6
Comment 2 Jeff Layton 2007-05-02 18:46:30 UTC 
This patch is present in the 4.5 release kernel. Please test on -55.EL or
greater and reopen this bug if it's not fixed.