RHEL6: kernel crashes in shrink_dcache_for_umount_subtree on CIFS filesystem as a result of 'umount' immediately after 'find' and 'cp' operations
Issue
- Calling 'umount' immediately after a 'find' and 'cp' on a CIFS filesystem caused machine to crash.
- System crashed with the following message
BUG: Dentry ffff880123d1f380{i=3300000001c862,n=UNIX_bcadrdb1.pod} still in use (1) [unmount of cifs cifs]
------------[ cut here ]------------
kernel BUG at fs/dcache.c:670!
invalid opcode: 0000 [#1] SMP
last sysfs file: /sys/devices/system/cpu/cpu11/cache/index2/shared_cpu_map
CPU 9
Modules linked in: des_generic ecb md4 nls_utf8 cifs ipt_MASQUERADE xt_CONNMARK iptable_nat nf_nat iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_connmark iptable_filter ip_tables bonding fuse bridge nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc 8021q garp stp llc ipt_REJECT ipt_LOG xt_CHECKSUM ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 vhost_net macvtap macvlan tun kvm_intel kvm power_meter hpwdt hpilo sg be2net igb(U) microcode serio_raw iTCO_wdt iTCO_vendor_support ioatdma dca shpchp ext4 dm_round_robin mbcache jbd2 scsi_dh_rdac sd_mod crc_t10dif qla2xxx scsi_transport_fc scsi_tgt hpsa(U) be2iscsi(U) pata_acpi ata_generic ata_piix dm_multipath dm_mirror dm_region_hash dm_log dm_mod [last unloaded: xt_connmark]
Pid: 45972, comm: umount Tainted: G W --------------- 2.6.32-279.2.1.el6.x86_64 #1 HP ProLiant DL380p Gen8
RIP: 0010:[<ffffffff81193508>] [<ffffffff81193508>] shrink_dcache_for_umount_subtree+0x2a8/0x2b0
RSP: 0018:ffff880428307de8 EFLAGS: 00010296
RAX: 0000000000000071 RBX: ffff880123d1f380 RCX: 0000000000003811
RDX: 0000000000000000 RSI: 0000000000000046 RDI: 0000000000000246
RBP: ffff880428307e28 R08: 0000000000000000 R09: ffffffff8163ab80
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002
R13: ffffffff81a83fc0 R14: ffff880236ef1800 R15: ffff880123d1f3e0
FS: 00007f8181d5f740(0000) GS:ffff880114320000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f81813d2360 CR3: 00000002e57ed000 CR4: 00000000000406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process umount (pid: 45972, threadinfo ffff880428306000, task ffff8803f8782040)
Stack:
ffff880b2bf60270 ffff8802fd38e080 ffffffff81060250 ffff880b2bf60000
<d> ffffffffa0539980 ffffffff81c015c0 ffff880b2bf60000 ffff882fc03f2880
<d> ffff880428307e48 ffffffff81193546 0000000000000286 ffff880b2bf60000
Call Trace:
[<ffffffff81060250>] ? default_wake_function+0x0/0x20
[<ffffffff81193546>] shrink_dcache_for_umount+0x36/0x60
[<ffffffff8117d30f>] generic_shutdown_super+0x1f/0xe0
[<ffffffff8117d436>] kill_anon_super+0x16/0x60
[<ffffffff8117e4b0>] deactivate_super+0x70/0x90
[<ffffffff8119a4ef>] mntput_no_expire+0xbf/0x110
[<ffffffff8119af8b>] sys_umount+0x7b/0x3a0
[<ffffffff810d6b12>] ? audit_syscall_entry+0x272/0x2a0
[<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
Code: 50 30 4c 8b 0a 31 d2 48 85 f6 74 04 48 8b 56 40 48 05 70 02 00 00 48 89 de 48 c7 c7 88 6f 7a 81 48 89 04 24 31 c0 e8 0a 9e 36 00 <0f> 0b eb fe 0f 0b eb fe 55 48 89 e5 53 48 83 ec 08 0f 1f 44 00
RIP [<ffffffff81193508>] shrink_dcache_for_umount_subtree+0x2a8/0x2b0
RSP <ffff880428307de8>
Environment
- Red Hat Enterprise Linux 6
- potentially all kernels prior to 2.6.32-431.el6 (RHEL 6.5)
- seen on kernel 2.6.32-279.2.1.el6
- cifs
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.