RHEL6: kernel crashes in shrink_dcache_for_umount_subtree on CIFS filesystem as a result of 'umount' immediately after 'find' and 'cp' operations

Solution Unverified - Updated -

Issue

  • Calling 'umount' immediately after a 'find' and 'cp' on a CIFS filesystem caused machine to crash.
  • System crashed with the following message
BUG: Dentry ffff880123d1f380{i=3300000001c862,n=UNIX_bcadrdb1.pod} still in use (1) [unmount of cifs cifs]
------------[ cut here ]------------
kernel BUG at fs/dcache.c:670!
invalid opcode: 0000 [#1] SMP
last sysfs file: /sys/devices/system/cpu/cpu11/cache/index2/shared_cpu_map
CPU 9
Modules linked in: des_generic ecb md4 nls_utf8 cifs ipt_MASQUERADE xt_CONNMARK iptable_nat nf_nat iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_connmark iptable_filter ip_tables bonding fuse bridge nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc 8021q garp stp llc ipt_REJECT ipt_LOG xt_CHECKSUM ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 vhost_net macvtap macvlan tun kvm_intel kvm power_meter hpwdt hpilo sg be2net igb(U) microcode serio_raw iTCO_wdt iTCO_vendor_support ioatdma dca shpchp ext4 dm_round_robin mbcache jbd2 scsi_dh_rdac sd_mod crc_t10dif qla2xxx scsi_transport_fc scsi_tgt hpsa(U) be2iscsi(U) pata_acpi ata_generic ata_piix dm_multipath dm_mirror dm_region_hash dm_log dm_mod [last unloaded: xt_connmark]

Pid: 45972, comm: umount Tainted: G        W  ---------------    2.6.32-279.2.1.el6.x86_64 #1 HP ProLiant DL380p Gen8
RIP: 0010:[<ffffffff81193508>]  [<ffffffff81193508>] shrink_dcache_for_umount_subtree+0x2a8/0x2b0
RSP: 0018:ffff880428307de8  EFLAGS: 00010296
RAX: 0000000000000071 RBX: ffff880123d1f380 RCX: 0000000000003811
RDX: 0000000000000000 RSI: 0000000000000046 RDI: 0000000000000246
RBP: ffff880428307e28 R08: 0000000000000000 R09: ffffffff8163ab80
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002
R13: ffffffff81a83fc0 R14: ffff880236ef1800 R15: ffff880123d1f3e0
FS:  00007f8181d5f740(0000) GS:ffff880114320000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f81813d2360 CR3: 00000002e57ed000 CR4: 00000000000406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process umount (pid: 45972, threadinfo ffff880428306000, task ffff8803f8782040)
Stack:
 ffff880b2bf60270 ffff8802fd38e080 ffffffff81060250 ffff880b2bf60000
<d> ffffffffa0539980 ffffffff81c015c0 ffff880b2bf60000 ffff882fc03f2880
<d> ffff880428307e48 ffffffff81193546 0000000000000286 ffff880b2bf60000
Call Trace:
 [<ffffffff81060250>] ? default_wake_function+0x0/0x20
 [<ffffffff81193546>] shrink_dcache_for_umount+0x36/0x60
 [<ffffffff8117d30f>] generic_shutdown_super+0x1f/0xe0
 [<ffffffff8117d436>] kill_anon_super+0x16/0x60
 [<ffffffff8117e4b0>] deactivate_super+0x70/0x90
 [<ffffffff8119a4ef>] mntput_no_expire+0xbf/0x110
 [<ffffffff8119af8b>] sys_umount+0x7b/0x3a0
 [<ffffffff810d6b12>] ? audit_syscall_entry+0x272/0x2a0
 [<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
Code: 50 30 4c 8b 0a 31 d2 48 85 f6 74 04 48 8b 56 40 48 05 70 02 00 00 48 89 de 48 c7 c7 88 6f 7a 81 48 89 04 24 31 c0 e8 0a 9e 36 00 <0f> 0b eb fe 0f 0b eb fe 55 48 89 e5 53 48 83 ec 08 0f 1f 44 00
RIP  [<ffffffff81193508>] shrink_dcache_for_umount_subtree+0x2a8/0x2b0
 RSP <ffff880428307de8>

Environment

  • Red Hat Enterprise Linux 6
    • potentially all kernels prior to 2.6.32-431.el6 (RHEL 6.5)
    • seen on kernel 2.6.32-279.2.1.el6
  • cifs

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content