RHEL6: kernel crashes in shrink_dcache_for_umount_subtree on CIFS filesystem as a result of 'umount' immediately after 'find' and 'cp' operations

Solution Unverified - Updated -

Issue

  • Calling 'umount' immediately after a 'find' and 'cp' on a CIFS filesystem caused machine to crash.
  • System crashed with the following message
BUG: Dentry ffff880123d1f380{i=3300000001c862,n=UNIX_bcadrdb1.pod} still in use (1) [unmount of cifs cifs]
------------[ cut here ]------------
kernel BUG at fs/dcache.c:670!
invalid opcode: 0000 [#1] SMP
last sysfs file: /sys/devices/system/cpu/cpu11/cache/index2/shared_cpu_map
CPU 9
Modules linked in: des_generic ecb md4 nls_utf8 cifs ipt_MASQUERADE xt_CONNMARK iptable_nat nf_nat iptable_mangle nf_conntrack_ipv4 nf_defrag_ipv4 xt_connmark iptable_filter ip_tables bonding fuse bridge nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc 8021q garp stp llc ipt_REJECT ipt_LOG xt_CHECKSUM ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 vhost_net macvtap macvlan tun kvm_intel kvm power_meter hpwdt hpilo sg be2net igb(U) microcode serio_raw iTCO_wdt iTCO_vendor_support ioatdma dca shpchp ext4 dm_round_robin mbcache jbd2 scsi_dh_rdac sd_mod crc_t10dif qla2xxx scsi_transport_fc scsi_tgt hpsa(U) be2iscsi(U) pata_acpi ata_generic ata_piix dm_multipath dm_mirror dm_region_hash dm_log dm_mod [last unloaded: xt_connmark]

Pid: 45972, comm: umount Tainted: G        W  ---------------    2.6.32-279.2.1.el6.x86_64 #1 HP ProLiant DL380p Gen8
RIP: 0010:[<ffffffff81193508>]  [<ffffffff81193508>] shrink_dcache_for_umount_subtree+0x2a8/0x2b0
RSP: 0018:ffff880428307de8  EFLAGS: 00010296
RAX: 0000000000000071 RBX: ffff880123d1f380 RCX: 0000000000003811
RDX: 0000000000000000 RSI: 0000000000000046 RDI: 0000000000000246
RBP: ffff880428307e28 R08: 0000000000000000 R09: ffffffff8163ab80
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002
R13: ffffffff81a83fc0 R14: ffff880236ef1800 R15: ffff880123d1f3e0
FS:  00007f8181d5f740(0000) GS:ffff880114320000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f81813d2360 CR3: 00000002e57ed000 CR4: 00000000000406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process umount (pid: 45972, threadinfo ffff880428306000, task ffff8803f8782040)
Stack:
 ffff880b2bf60270 ffff8802fd38e080 ffffffff81060250 ffff880b2bf60000
<d> ffffffffa0539980 ffffffff81c015c0 ffff880b2bf60000 ffff882fc03f2880
<d> ffff880428307e48 ffffffff81193546 0000000000000286 ffff880b2bf60000
Call Trace:
 [<ffffffff81060250>] ? default_wake_function+0x0/0x20
 [<ffffffff81193546>] shrink_dcache_for_umount+0x36/0x60
 [<ffffffff8117d30f>] generic_shutdown_super+0x1f/0xe0
 [<ffffffff8117d436>] kill_anon_super+0x16/0x60
 [<ffffffff8117e4b0>] deactivate_super+0x70/0x90
 [<ffffffff8119a4ef>] mntput_no_expire+0xbf/0x110
 [<ffffffff8119af8b>] sys_umount+0x7b/0x3a0
 [<ffffffff810d6b12>] ? audit_syscall_entry+0x272/0x2a0
 [<ffffffff8100b0f2>] system_call_fastpath+0x16/0x1b
Code: 50 30 4c 8b 0a 31 d2 48 85 f6 74 04 48 8b 56 40 48 05 70 02 00 00 48 89 de 48 c7 c7 88 6f 7a 81 48 89 04 24 31 c0 e8 0a 9e 36 00 <0f> 0b eb fe 0f 0b eb fe 55 48 89 e5 53 48 83 ec 08 0f 1f 44 00
RIP  [<ffffffff81193508>] shrink_dcache_for_umount_subtree+0x2a8/0x2b0
 RSP <ffff880428307de8>

Environment

  • Red Hat Enterprise Linux 6
    • potentially all kernels prior to 2.6.32-431.el6 (RHEL 6.5)
    • seen on kernel 2.6.32-279.2.1.el6
  • cifs

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In