[linux-cifs] kernel BUG at fs/dcache.c:873!


BUG() at the client side during umount. Easy to reproduce using the following
program from the client running under the mount point.

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

int main(void)
{
   int fd;
   char buffer[4096];
   char *file = "/mnt/MYFIFO";

   unlink(file);
   perror("unlink");
   mknod(file, S_IFIFO|0666, 0);
   perror("mknod");
   fd = open(file, O_RDWR|O_CREAT, 0777);
   perror("open");
   write(fd, buffer, 4096);
   perror("write");

   return 0;
}

# ./test
unlink: Success
mknod: Success
open: Success
write: Invalid argument

# umount /mnt 
Segmentation fault

[  278.108849] fs/cifs/inode.c: Update attributes: /MYFIFO inode 0xffff8801005482e0 count 1 dentry: 0xffff8800ca830c00 d_time 0 jiffies 4294945404
[  278.108851] fs/cifs/inode.c: Getting info on /MYFIFO
[  278.108853] fs/cifs/cifssmb.c: In QPathInfo (Unix) the path /MYFIFO
[  278.108860] fs/cifs/transport.c: For smb_command 50
[  278.108862] fs/cifs/transport.c: Sending smb:  total_len 92
[  278.109393] fs/cifs/connect.c: rfc1002 length 0xa4
[  278.109494] fs/cifs/transport.c: cifs_sync_mid_result: cmd=50 mid=21 state=4
[  278.109500] fs/cifs/inode.c: cifs_revalidate_cache: revalidating inode 2628394
[  278.109502] fs/cifs/inode.c: cifs_revalidate_cache: inode 2628394 is unchanged
[  278.109505] fs/cifs/inode.c: inode 0xffff8801005482e0 old_time=4294942124 new_time=4294945405
[  278.109508] fs/cifs/inode.c: CIFS VFS: leaving cifs_revalidate_dentry_attr (xid = 23) rc = 0
[  278.109592] fs/cifs/inode.c: cifs_unlink, dir=0xffff8800ca834050, dentry=0xffff8800ca830c00
[  278.109595] fs/cifs/inode.c: CIFS VFS: in cifs_unlink as Xid: 24 with uid: 0
[  278.109598] fs/cifs/cifssmb.c: In POSIX delete
[  278.109601] fs/cifs/transport.c: For smb_command 50
[  278.109603] fs/cifs/transport.c: Sending smb:  total_len 96
[  278.120706] fs/cifs/connect.c: rfc1002 length 0x3e
[  278.120784] fs/cifs/transport.c: cifs_sync_mid_result: cmd=50 mid=22 state=4
[  278.120789] fs/cifs/inode.c: posix del rc 0
[  278.120792] fs/cifs/inode.c: CIFS VFS: leaving cifs_unlink (xid = 24) rc = 0
[  278.120970] fs/cifs/dir.c: CIFS VFS: in cifs_lookup as Xid: 25 with uid: 0
[  278.120972] fs/cifs/dir.c: parent inode = 0xffff8800ca834050 name is: MYFIFO and dentry = 0xffff8800d2d67cc0
[  278.120975] fs/cifs/dir.c: CIFS VFS: leaving cifs_lookup (xid = 25) rc = 0
[  278.121175] fs/cifs/dir.c: CIFS VFS: in cifs_mknod as Xid: 26 with uid: 0
[  278.121177] fs/cifs/cifssmb.c: In SetUID/GID/Mode
[  278.121182] fs/cifs/transport.c: For smb_command 50
[  278.121190] fs/cifs/transport.c: Sending smb:  total_len 194
[  278.122010] fs/cifs/connect.c: rfc1002 length 0x3e
[  278.122078] fs/cifs/transport.c: cifs_sync_mid_result: cmd=50 mid=23 state=4
[  278.122081] fs/cifs/inode.c: Getting info on /MYFIFO
[  278.122083] fs/cifs/cifssmb.c: In QPathInfo (Unix) the path /MYFIFO
[  278.122087] fs/cifs/transport.c: For smb_command 50
[  278.122089] fs/cifs/transport.c: Sending smb:  total_len 92
[  278.122601] fs/cifs/connect.c: rfc1002 length 0xa4
[  278.122654] fs/cifs/transport.c: cifs_sync_mid_result: cmd=50 mid=24 state=4
[  278.122659] fs/cifs/inode.c: looking for uniqueid=2628393
[  278.122696] fs/cifs/inode.c: cifs_revalidate_cache: revalidating inode 2628393
[  278.122697] fs/cifs/inode.c: cifs_revalidate_cache: inode 2628393 is new
[  278.122699] fs/cifs/inode.c: inode 0xffff88010054c050 old_time=0 new_time=4294945418
[  278.122702] fs/cifs/dir.c: CIFS VFS: leaving cifs_mknod (xid = 26) rc = 0
[  278.122782] fs/cifs/dir.c: CIFS VFS: in cifs_lookup as Xid: 27 with uid: 0
[  278.122784] fs/cifs/dir.c: parent inode = 0xffff8800ca834050 name is: MYFIFO and dentry = 0xffff8800d2d67cc0
[  278.122786] fs/cifs/dir.c: NULL inode in lookup
[  278.122787] fs/cifs/dir.c: Full path: /MYFIFO inode = 0x          (null)
[  278.122789] fs/cifs/file.c: posix open /MYFIFO
[  278.122791] fs/cifs/cifssmb.c: In POSIX Create
[  278.122793] fs/cifs/transport.c: For smb_command 50
[  278.122794] fs/cifs/transport.c: Sending smb:  total_len 112
[  278.123351] fs/cifs/connect.c: rfc1002 length 0xb0
[  278.123432] fs/cifs/transport.c: cifs_sync_mid_result: cmd=50 mid=25 state=4
[  278.123435] fs/cifs/cifssmb.c: copying inode info
[  278.123437] fs/cifs/inode.c: looking for uniqueid=2628393
[  278.123439] fs/cifs/inode.c: cifs_revalidate_cache: revalidating inode 2628393
[  278.123440] fs/cifs/inode.c: cifs_revalidate_cache: inode 2628393 is unchanged
[  278.123442] fs/cifs/inode.c: inode 0xffff88010054c050 old_time=4294945418 new_time=4294945419
[  278.123448] fs/cifs/dir.c: CIFS VFS: leaving cifs_lookup (xid = 27) rc = 0
[  278.123561] fs/cifs/file.c: closing last open instance for inode ffff880100548d20
[  278.123564] fs/cifs/file.c: CIFS VFS: in cifsFileInfo_put as Xid: 28 with uid: 0
[  278.123566] fs/cifs/cifssmb.c: In CIFSSMBClose
[  278.123568] fs/cifs/transport.c: For smb_command 4
[  278.123569] fs/cifs/transport.c: Sending smb:  total_len 45
[  278.124322] fs/cifs/connect.c: rfc1002 length 0x27
[  278.124354] fs/cifs/transport.c: cifs_sync_mid_result: cmd=4 mid=26 state=4
[  278.124357] fs/cifs/file.c: CIFS VFS: leaving cifsFileInfo_put (xid = 28) rc = 0
[  280.658202] fs/cifs/inode.c: CIFS VFS: in cifs_revalidate_dentry_attr as Xid: 29 with uid: 0
[  280.658208] fs/cifs/inode.c: Update attributes:  inode 0xffff8800ca834050 count 1 dentry: 0xffff8800d2ff0b40 d_time 0 jiffies 4294947954
[  280.658210] fs/cifs/inode.c: Getting info on 
[  280.658213] fs/cifs/cifssmb.c: In QPathInfo (Unix) the path 
[  280.658219] fs/cifs/transport.c: For smb_command 50
[  280.658221] fs/cifs/transport.c: Sending smb:  total_len 78
[  280.659131] fs/cifs/connect.c: rfc1002 length 0xa4
[  280.659151] fs/cifs/transport.c: cifs_sync_mid_result: cmd=50 mid=27 state=4
[  280.659156] fs/cifs/inode.c: cifs_revalidate_cache: revalidating inode 2621442
[  280.659158] fs/cifs/inode.c: cifs_revalidate_cache: invalidating inode 2621442 mapping
[  280.659161] fs/cifs/inode.c: inode 0xffff8800ca834050 old_time=0 new_time=4294947955
[  280.659164] fs/cifs/inode.c: CIFS VFS: leaving cifs_revalidate_dentry_attr (xid = 29) rc = 0
[  294.478745] BUG: Dentry ffff8800d2d67cc0{i=281b29,n=MYFIFO} still in use (1) [unmount of cifs cifs]
[  294.481213] ------------[ cut here ]------------
[  294.482318] kernel BUG at fs/dcache.c:873!
[  294.483212] invalid opcode: 0000 [#1] SMP 
[  294.484290] CPU 1 
[  294.484444] Modules linked in: des_generic md4 nls_utf8 cifs fscache lockd nf_conntrack_ipv4 ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv4 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm i2c_piix4 i2c_core snd_timer snd soundcore snd_page_alloc joydev microcode virtio_net virtio_balloon uinput sunrpc virtio_blk [last unloaded: scsi_wait_scan]
[  294.496648] 
[  294.497454] Pid: 1557, comm: umount Not tainted 3.1.0-7.fc16.x86_64 #1 Bochs Bochs
[  294.499308] RIP: 0010:[]  [] shrink_dcache_for_umount_subtree+0x91/0x146
[  294.501161] RSP: 0018:ffff8800da021dd8  EFLAGS: 00010292
[  294.502657] RAX: 000000000000006d RBX: ffff8800d2d67cc0 RCX: 000000000000b31c
[  294.503846] RDX: 0000000000000000 RSI: 0000000000000046 RDI: 0000000000000246
[  294.505036] RBP: ffff8800da021e08 R08: 0000000000000000 R09: 0000000000000000
[  294.506215] R10: 0000ffff00066c0a R11: 0000000000000000 R12: ffffffffa0158a80
[  294.507478] R13: ffff880036815f40 R14: ffff880036815f00 R15: 0000000000000000
[  294.508725] FS:  00007f1a479bf800(0000) GS:ffff88011fc80000(0000) knlGS:0000000000000000
[  294.511058] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  294.511945] CR2: 00007f1a479e9aa0 CR3: 0000000036acc000 CR4: 00000000000006e0
[  294.512893] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  294.513831] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  294.514740] Process umount (pid: 1557, threadinfo ffff8800da020000, task ffff880036961730)
[  294.516381] Stack:
[  294.517137]  ffff880036b99680 0000000000000001 ffff880036b99400 ffffffffa0158a80
[  294.519000]  ffff880036815f40 ffff880036815f00 ffff8800da021e28 ffffffff8113a7c8
[  294.521040]  ffffffff8113f68d ffff880036b99400 ffff8800da021e58 ffffffff8112a901
[  294.522872] Call Trace:
[  294.523647]  [] shrink_dcache_for_umount+0x38/0x49
[  294.524602]  [] ? free_vfsmnt+0x38/0x3c
[  294.525553]  [] generic_shutdown_super+0x23/0xb9
[  294.526452]  [] kill_anon_super+0x13/0x1e
[  294.527339]  [] cifs_kill_sb+0x17/0x23 [cifs]
[  294.528233]  [] deactivate_locked_super+0x37/0x68
[  294.529551]  [] deactivate_super+0x37/0x3b
[  294.530837]  [] mntput_no_expire+0xcc/0xd1
[  294.532155]  [] sys_umount+0x2ac/0x2da
[  294.533471]  [] system_call_fastpath+0x16/0x1b
[  294.534759] Code: 00 00 48 8b 40 28 4c 8b 08 48 8b 43 30 48 85 c0 74 04 48 8b 50 40 48 89 34 24 48 c7 c7 c5 8f 7c 81 48 89 de 31 c0 e8 a2 2c 37 00 <0f> 0b 4c 8b 63 18 48 8d bb 90 00 00 00 4c 39 e3 75 0a e8 81 56 
[  294.543795] RIP  [] shrink_dcache_for_umount_subtree+0x91/0x146
[  294.545396]  RSP 
[  294.546185] ---[ end trace e5f76c63d051dca7 ]---

CAI Qian

This message from: http://www.mailbrowse.com/linux-cifs/5512.html
Previous message: Re: [linux-cifs-client] [PATCH] cifs: hard mount option behaviour implementation
Next message:Re: [PATCH] CIFS: Do not kmalloc under the flocks spinlock