RHEL6: kernel panic in locks_remove_flock called from nfsd: kernel BUG at fs/locks.c:2037!

Issue

• Kernel crash looks similar to RHEL5 mvfs crash in locks_remove_flock but no mvfs involved and this is RHEL6.4 kernel.
• NFSv4 server (nfsd) crashes while servicing an exported filesystem
• Kernel crash with the following message.

------------[ cut here ]------------
kernel BUG at fs/locks.c:2037!
invalid opcode: 0000 [#1] SMP 
last sysfs file: /sys/devices/system/cpu/cpu15/cache/index2/shared_cpu_map
CPU 11 
Modules linked in: nfsd nfs_acl auth_rpcgss mptctl mptbase autofs4 lockd sunrpc bonding 8021q garp stp llc ipv6 xfs exportfs power_meter e1000e ses enclosure microcode serio_raw sg iTCO_wdt iTCO_vendor_support hpilo hpwdt bnx2 i7core_edac edac_core shpchp ext4 mbcache jbd2 dm_round_robin sr_mod cdrom qla2xxx scsi_transport_fc scsi_tgt sd_mod crc_t10dif pata_acpi ata_generic ata_piix hpsa radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core dm_multipath dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]

Pid: 18115, comm: nfsd Not tainted 2.6.32-358.2.1.el6.x86_64 #1 HP ProLiant DL380 G7
RIP: 0010:[<ffffffff811cf56d>]  [<ffffffff811cf56d>] locks_remove_flock+0xfd/0x120
RSP: 0018:ffff880805d15b90  EFLAGS: 00010246
RAX: 0000000000000001 RBX: ffff88070fd492c0 RCX: 000000000000a3e9
RDX: ffff880805d13500 RSI: 0000000000000008 RDI: ffff88070fd492c0
RBP: ffff880805d15c60 R08: ffffffffa04276e0 R09: 0000000000000000
R10: 0000000000044ef7 R11: 0000000000000000 R12: ffff8806654ef298
R13: ffff8806654ef188 R14: ffff8807aeab6500 R15: ffff880417f1c780
FS:  0000000000000000(0000) GS:ffff88042e4a0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00007f467419b000 CR3: 0000000001a85000 CR4: 00000000000007e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nfsd (pid: 18115, threadinfo ffff880805d14000, task ffff880805d13500)
Stack:
 ffff880805d15ba0 ffffffff8121bf66 ffff880805d15c00 ffffffff8109fac5
<d> ffff88080571ae00 0000000000000003 ffff8804cd294540 000000038109fce6
<d> ffff880805d15be0 ffff8804cd294540 ffff88065fcfd8c0 ffffffff8100b9ce
Call Trace:
 [<ffffffff8121bf66>] ? security_task_setgroups+0x16/0x20
 [<ffffffff8109fac5>] ? set_groups+0x25/0x190
 [<ffffffff8100b9ce>] ? common_interrupt+0xe/0x13
 [<ffffffff81182800>] __fput+0xd0/0x210
 [<ffffffff81182965>] fput+0x25/0x30
 [<ffffffffa05bb17d>] __nfs4_file_put_access+0x6d/0xa0 [nfsd]
 [<ffffffffa05bb1ed>] nfs4_file_put_access+0x3d/0x50 [nfsd]
 [<ffffffffa05bdb15>] nfsd4_open_downgrade+0x195/0x280 [nfsd]
 [<ffffffffa05b0f78>] nfsd4_proc_compound+0x3d8/0x490 [nfsd]
 [<ffffffffa059e43e>] nfsd_dispatch+0xfe/0x240 [nfsd]
 [<ffffffffa0531654>] svc_process_common+0x344/0x640 [sunrpc]
 [<ffffffff81063310>] ? default_wake_function+0x0/0x20
 [<ffffffffa0531c90>] svc_process+0x110/0x160 [sunrpc]
 [<ffffffffa059eb62>] nfsd+0xc2/0x160 [nfsd]
 [<ffffffffa059eaa0>] ? nfsd+0x0/0x160 [nfsd]
 [<ffffffff81096936>] kthread+0x96/0xa0
 [<ffffffff8100c0ca>] child_rip+0xa/0x20
 [<ffffffff810968a0>] ? kthread+0x0/0xa0
 [<ffffffff8100c0c0>] ? child_rip+0x0/0x20
Code: 49 89 c4 49 8b 04 24 48 85 c0 75 ee e8 fd 0e 34 00 48 81 c4 b8 00 00 00 5b 41 5c 41 5d c9 c3 0f b6 40 30 a8 02 75 09 a8 20 75 0f <0f> 0b 90 eb fd 4c 89 e7 e8 e6 fc ff ff eb b7 be 02 00 00 00 4c 
RIP  [<ffffffff811cf56d>] locks_remove_flock+0xfd/0x120
 RSP <ffff880805d15b90>