RHEL 6.2: Kernel panic in umount.cifs [RIP: shrink_dcache_for_umount_subtree+680] after open of FIFO or other special file
Issue
- Rare kernel panic when issuing a
umount
operation on a CIFS mount. - Panic on umount after cifs code attempted to open a file that was actually a FIFO or other special file.
- Panic on umount of a CIFS filesystem similar to the following
CIFS VFS: No writable handles for inode
CIFS VFS: No writable handles for inode
CIFS VFS: No writable handles for inode
CIFS VFS: No writable handles for inode
CIFS VFS: No writable handles for inode
CIFS VFS: No writable handles for inode
BUG: Dentry ffff88011b510b00{i=ffffffff54a2876c,n=stream1.14386} still in use (1) [unmount of cifs cifs]
------------[ cut here ]------------
kernel BUG at fs/dcache.c:670!
invalid opcode: 0000 [#1] SMP
last sysfs file: /sys/devices/virtual/block/loop0/queue/scheduler
CPU 3
Modules linked in: ext3 jbd des_generic ecb md4 nls_utf8 cifs sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 virtio_balloon snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc virtio_net i2c_piix4 i2c_core ext4 mbcache jbd2 virtio_blk virtio_pci virtio_ring virtio pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]
Pid: 14772, comm: umount Not tainted 2.6.32-220.el6.x86_64 #1 Bochs Bochs
RIP: 0010:[<ffffffff8118e868>] [<ffffffff8118e868>] shrink_dcache_for_umount_subtree+0x2a8/0x2b0
RSP: 0018:ffff88011a213de8 EFLAGS: 00010296
RAX: 000000000000006f RBX: ffff88011b510b00 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000046 RDI: 0000000000000246
RBP: ffff88011a213e28 R08: ffffffff81c00680 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000000000f R12: 000000000000000e
R13: ffffffff81a83ec0 R14: ffff8801141f4bd0 R15: ffff88011b510b60
FS: 00007f45cdbb1740(0000) GS:ffff880028380000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f45cd208340 CR3: 000000011921b000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process umount (pid: 14772, threadinfo ffff88011a212000, task ffff88011bd3f540)
Stack:
ffff88011bd23670 0000000000000000 0000000000000000 ffff88011bd23400
<0> ffffffffa028e840 ffffffff81c00280 ffff88011bd23400 ffff880118e245c0
<0> ffff88011a213e48 ffffffff8118e8a6 0000000000000286 ffff88011bd23400
Call Trace:
[<ffffffff8118e8a6>] shrink_dcache_for_umount+0x36/0x60
[<ffffffff811787ef>] generic_shutdown_super+0x1f/0xe0
[<ffffffff81178916>] kill_anon_super+0x16/0x60
[<ffffffff811798a0>] deactivate_super+0x70/0x90
[<ffffffff8119581f>] mntput_no_expire+0xbf/0x110
[<ffffffff811962bb>] sys_umount+0x7b/0x3a0
[<ffffffff810d46e2>] ? audit_syscall_entry+0x272/0x2a0
[<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
Code: 50 30 4c 8b 0a 31 d2 48 85 f6 74 04 48 8b 56 40 48 05 70 02 00 00 48 89 de 48 c7 c7 78 28 7a 81 48 89 04 24 31 c0 e8 a4 db 35 00 <0f> 0b eb fe 0f 0b eb fe 55 48 89 e5 53 48 83 ec 08 0f 1f 44 00
RIP [<ffffffff8118e868>] shrink_dcache_for_umount_subtree+0x2a8/0x2b0
RSP <ffff88011a213de8>
Environment
- Red Hat Enterprise Linux 6.2
- any kernel prior to 2.6.32-220.13.1.el6
- seen on kernel 2.6.32-220.7.1.el6
- cifs mount point
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.