Fedora 11 beta as of Apr 3 with kernel-2.6.29.1-46.fc11.x86_64 serving nfs to an fc10 box. Transfering a large movie to F11. Installing knfsd (copyright (C) 1996 okir.de). SELinux: initialized (dev nfsd, type nfsd), uses genfs_contexts NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory NFSD: starting 90-second grace period CE: hpet increasing min_delta_ns to 15000 nsec BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: [<ffffffff81186e28>] inode_has_perm+0x30/0x66 PGD 3d87c067 PUD 2e527067 PMD 0 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1c.3/0000:05:00.0/rfkill/rfkill0/state CPU 1 Modules linked in: nfsd lockd nfs_acl auth_rpcgss exportfs fuse sco bridge stp llc bnep l2cap bluetooth sunrpc nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath sha256_generic aes_x86_64 aes_generic cbc dm_crypt uinput snd_hda_codec_conexant snd_hda_intel snd_hda_codec snd_hwdep snd_pcm arc4 snd_timer firewire_ohci firewire_core uvcvideo videodev v4l1_compat v4l2_compat_ioctl32 ecb sdhci_pci crc_itu_t sdhci snd mmc_core e100 mii iwl3945 rfkill mac80211 lib80211 iTCO_wdt iTCO_vendor_support soundcore pcspkr snd_page_alloc i2c_i801 cfg80211 joydev wmi serio_raw i915 drm i2c_algo_bit i2c_core video output [last unloaded: microcode] Pid: 3294, comm: nfsd Not tainted 2.6.29.1-46.fc11.x86_64 #1 HP Pavilion dv2000 (RG498UA#ABA) RIP: 0010:[<ffffffff81186e28>] [<ffffffff81186e28>] inode_has_perm+0x30/0x66 RSP: 0018:ffff88001f9efc10 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 RDX: 0000000000100002 RSI: ffff88001fd34ae8 RDI: ffff88001e4189c0 RBP: ffff88001f9efc60 R08: 0000000000000000 R09: ffff88001e4189c0 R10: ffff88001f8468c0 R11: 0000000000000000 R12: ffff88001fd34ae8 R13: ffff88001e4189c0 R14: ffff88002ed3d180 R15: ffff88001fd34ae8 FS: 0000000000000000(0000) GS:ffff88003e44d080(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 0000000000000004 CR3: 000000002e525000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process nfsd (pid: 3294, threadinfo ffff88001f9ee000, task ffff88001f992e40) Stack: ffff88002096dcc0 0000000000000404 ffff88001f9efc60 0000000000000246 0000000000000001 ffffffff815f4040 ffff88001f9efc90 0000000000000246 ffff88001f9c6000 ffff88002ed3d180 ffff88001f9efc90 ffffffff811894f8 Call Trace: [<ffffffff811894f8>] selinux_dentry_open+0xe7/0xf0 [<ffffffff81181be1>] security_dentry_open+0x16/0x18 [<ffffffff810d69de>] __dentry_open+0x11b/0x273 [<ffffffff810d6bbd>] dentry_open+0x87/0x8e [<ffffffff813a9f97>] ? trace_hardirqs_on_thunk+0x3a/0x3c [<ffffffffa03390cc>] nfsd_open+0x12d/0x156 [nfsd] [<ffffffff81050686>] ? _local_bh_enable_ip+0xde/0xeb [<ffffffffa0339451>] nfsd_read+0x85/0xc4 [nfsd] [<ffffffffa033f6f8>] nfsd3_proc_read+0xe7/0x126 [nfsd] [<ffffffffa033426f>] nfsd_dispatch+0xf1/0x1cc [nfsd] [<ffffffffa02921b5>] svc_process+0x426/0x642 [sunrpc] [<ffffffffa033486e>] nfsd+0x14c/0x1aa [nfsd] [<ffffffffa0334722>] ? nfsd+0x0/0x1aa [nfsd] [<ffffffff8105edd5>] kthread+0x4d/0x78 [<ffffffff810126ca>] child_rip+0xa/0x20 [<ffffffff81011fe7>] ? restore_args+0x0/0x30 [<ffffffff8105ed88>] ? kthread+0x0/0x78 [<ffffffff810126c0>] ? child_rip+0x0/0x20 Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 RIP [<ffffffff81186e28>] inode_has_perm+0x30/0x66 RSP <ffff88001f9efc10> CR2: 0000000000000004 ---[ end trace 01f6cff0bbdd1495 ]---
Forgot to mention that this is an ext4 partition.
*** Bug 495405 has been marked as a duplicate of this bug. ***
NFSD is opening a file, which calls selinux functions; those hit a null pointer deref.
Looks very similar to: http://lkml.org/lkml/2009/3/26/326 which we believe to be a credentials problem......
Would this be fixed by commit 34574dd10b6d0697b86703388d6d6af9cbf4bb48 "keys: Handle there being no fallback destination keyring for request_key()" ??
I believe this is a problem with a null current->credentials, not the key subsystem....
I tried the patch in comment #4 with kernel-2.6.29-102 no difference at all my exported filesystem is: /dev/mapper/datavgm2-musi on /var/musi type xfs (rw,context="system_u:object_r:public_content_rw_t:s0")
There should HOPEFULLY be some additional information in dmesg before the panic. If you look back through your logs do you see a warning anywhere? There also is a new bit of debug info he added in that patch in case it is reusing a freed object. Do you have your final backtrace available from the latest carsh?
Reassigned to David since it looks like a NULL credentials
no additional message in dmesg last entry was SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts /var/log/messages: Apr 27 16:51:16 mirr2 mountd[2417]: authenticated mount request from 10.254.254.17:752 for /var/musi (/var/musi) Apr 27 16:51:28 mirr2 kernel: BUG: unable to handle kernel NULL pointer dereference at 000000000000000b Apr 27 16:51:28 mirr2 kernel: IP: [<ffffffff81187494>] inode_has_perm+0x30/0x66 Apr 27 16:51:28 mirr2 kernel: PGD 2fdd8067 PUD 2fdcf067 PMD 0 Apr 27 16:51:28 mirr2 kernel: Oops: 0000 [#1] SMP Apr 27 16:51:28 mirr2 kernel: last sysfs file: /sys/module/lockd/initstate Apr 27 16:51:28 mirr2 kernel: CPU 0 Apr 27 16:51:28 mirr2 kernel: Modules linked in: nfsd lockd nfs_acl auth_rpcgss sunrpc bridge stp llc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table dm_multipath raid1 pcspkr serio_raw k8temp forcedeth skge matroxfb_base matroxfb_DAC1064 matroxfb_accel matroxfb_Ti3026 matroxfb_g450 g450_pll matroxfb_misc pata_amd asus_atk0110 hwmon i2c_nforce2 i2c_core ata_generic pata_acpi sata_nv sata_sil raid456 async_xor async_memcpy async_tx xor xfs exportfs [last unloaded: scsi_wait_scan] Apr 27 16:51:28 mirr2 kernel: Pid: 2414, comm: nfsd Not tainted 2.6.29.1-102.local.fc11.x86_64 #1 System name Apr 27 16:51:28 mirr2 kernel: RIP: 0010:[<ffffffff81187494>] [<ffffffff81187494>] inode_has_perm+0x30/0x66 Apr 27 16:51:28 mirr2 kernel: RSP: 0018:ffff880030ac1c10 EFLAGS: 00010246 Apr 27 16:51:28 mirr2 kernel: RAX: 0000000000000007 RBX: 0000000000100004 RCX: 0000000000000000 Apr 27 16:51:28 mirr2 kernel: RDX: 0000000000100004 RSI: ffff88002d56f440 RDI: ffff88002c16b480 Apr 27 16:51:28 mirr2 kernel: RBP: ffff880030ac1c60 R08: 0000000000000000 R09: ffff88002c16b480 Apr 27 16:51:28 mirr2 kernel: R10: ffff88002c2592c0 R11: 0000000000000000 R12: ffff88002d56f440 Apr 27 16:51:28 mirr2 kernel: R13: ffff88002c16b480 R14: ffff88002c0a8900 R15: ffff88002d56f440 Apr 27 16:51:28 mirr2 kernel: FS: 00007f9ba1f2c7b0(0000) GS:ffffffff817bf000(0000) knlGS:0000000000000000 Apr 27 16:51:28 mirr2 kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Apr 27 16:51:28 mirr2 kernel: CR2: 000000000000000b CR3: 000000002fdb9000 CR4: 00000000000006e0 Apr 27 16:51:28 mirr2 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Apr 27 16:51:28 mirr2 kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Apr 27 16:51:28 mirr2 kernel: Process nfsd (pid: 2414, threadinfo ffff880030ac0000, task ffff880030a72e40) Apr 27 16:51:28 mirr2 kernel: Stack: Apr 27 16:51:28 mirr2 kernel: ffff88002c0a8a80 ffff88002c0a86c0 ffff880030ac1c60 0000000000000246 Apr 27 16:51:28 mirr2 kernel: 0000000000000001 ffffffff815fc040 ffff880030ac1c90 0000000000000246 Apr 27 16:51:28 mirr2 kernel: ffff880030aa0000 ffff88002c0a8900 ffff880030ac1c90 ffffffff81189b64 Apr 27 16:51:28 mirr2 kernel: Call Trace: Apr 27 16:51:28 mirr2 kernel: [<ffffffff81189b64>] selinux_dentry_open+0xe7/0xf0 Apr 27 16:51:28 mirr2 kernel: [<ffffffff81182245>] security_dentry_open+0x16/0x18 Apr 27 16:51:28 mirr2 kernel: [<ffffffff810d6531>] __dentry_open+0x122/0x281 Apr 27 16:51:28 mirr2 kernel: [<ffffffff810d6717>] dentry_open+0x87/0x8e Apr 27 16:51:28 mirr2 kernel: [<ffffffffa02200db>] nfsd_open+0x134/0x15d [nfsd] Apr 27 16:51:28 mirr2 kernel: [<ffffffffa022038e>] nfsd_write+0x8e/0xdb [nfsd] Apr 27 16:51:28 mirr2 kernel: [<ffffffffa0226624>] nfsd3_proc_write+0xcd/0xee [nfsd] Apr 27 16:51:28 mirr2 kernel: [<ffffffffa021b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd] Apr 27 16:51:28 mirr2 kernel: [<ffffffffa01d12dd>] svc_process+0x426/0x642 [sunrpc] Apr 27 16:51:28 mirr2 kernel: [<ffffffffa021b86e>] nfsd+0x14c/0x1aa [nfsd] Apr 27 16:51:28 mirr2 kernel: [<ffffffffa021b722>] ? nfsd+0x0/0x1aa [nfsd] Apr 27 16:51:28 mirr2 kernel: [<ffffffff8105e881>] kthread+0x4d/0x78 Apr 27 16:51:28 mirr2 kernel: [<ffffffff810126ca>] child_rip+0xa/0x20 Apr 27 16:51:28 mirr2 kernel: [<ffffffff81011fe7>] ? restore_args+0x0/0x30 Apr 27 16:51:28 mirr2 kernel: [<ffffffff8105e834>] ? kthread+0x0/0x78 Apr 27 16:51:28 mirr2 kernel: [<ffffffff810126c0>] ? child_rip+0x0/0x20 Apr 27 16:51:28 mirr2 kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 Apr 27 16:51:28 mirr2 kernel: RIP [<ffffffff81187494>] inode_has_perm+0x30/0x66 Apr 27 16:51:28 mirr2 kernel: RSP <ffff880030ac1c10> Apr 27 16:51:28 mirr2 kernel: CR2: 000000000000000b Apr 27 16:51:28 mirr2 kernel: ---[ end trace 8ecb9a6954f09dd2 ]---
any hints how to debug?
security/selinux/hooks.c:inode_has_perm(): sid = cred_sid(cred); security/selinux/hooks.c:cred_sid(): tsec = cred->security; return tsec->sid; cred->security is NULL
That's what's causing it. And now? in kernel-2.6.29-111 the bug is still there
(In reply to comment #10) > no additional message in dmesg > Wait a minute, that patch did catch something. Before, the null deref was at 0x4 and now it's at 0xb. Faulting insn: mov 0x4(%rax),%r9d rax is 0x7 now instead of NULL, probably because of this hunk: --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3236,7 +3236,7 @@ static int selinux_task_create(unsigned long clone_flags) static void selinux_cred_free(struct cred *cred) { struct task_security_struct *tsec = cred->security; - cred->security = NULL; + cred->security = (void *) 0x7UL; kfree(tsec); }
(In reply to comment #11) > any hints how to debug? You could try changing all the lines like: WARN_ON(!new->security); in the patch from comment #4 to something like: WARN_ON((unsigned long)new->security < 8);
Created attachment 343818 [details] new patch Added a new debugging patch that checks for pointer value less than 8 instead of NULL.
I have seen this since booting kernel-2.6.29.3-60.fc10. Anyone else?
Can I get everyone having this problem to give me as many details about their setup as they can? Are you using NFSv3? NFSv4? What options do you have on your exports? What is the underlying FS? What are the options the share (or shares) are being mounted with? Anything you can think of that might allow me to reproduce the problem....
server: cpu: AMD Athlon(tm) 64 Processor 3500+ kernel-2.6.29.1-111.fc11.x86_64 kernel-2.6.29.2-126.fc11.x86_64 /etc/exports: /var/musi 10.254.254.17(rw,all_squash,anonuid=500,anongid=500,async) /var/videos 10.254.254.17(rw,all_squash,anonuid=500,anongid=500,async) mount: /dev/mapper/datavgm2-musi on /var/musi type xfs (rw,context="system_u:object_r:public_content_rw_t:s0") client: cpu: AMD Phenom(tm) 9550 Quad-Core Processor kernel 2.6.29.1-30.fc10.x86_64 mount: (via autofs) mirr2:/var/musi on /net/mirr2/var/musi type nfs (rw,nosuid,nodev,sloppy,addr=10.254.254.24)
/etc/sysconfig/nfs: # # Define which protocol versions mountd # will advertise. The values are "no" or "yes" # with yes being the default #MOUNTD_NFS_V1="no" #MOUNTD_NFS_V2="no" #MOUNTD_NFS_V3="no" # # # Path to remote quota server. See rquotad(8) #RQUOTAD="/usr/sbin/rpc.rquotad" # Port rquotad should listen on. #RQUOTAD_PORT=875 # Optinal options passed to rquotad #RPCRQUOTADOPTS="" # # # Optional arguments passed to in-kernel lockd #LOCKDARG= # TCP port rpc.lockd should listen on. #LOCKD_TCPPORT=32803 # UDP port rpc.lockd should listen on. #LOCKD_UDPPORT=32769 # # # Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) # Turn off v2 and v3 protocol support #RPCNFSDARGS="-N 2 -N 3" # Turn off v4 protocol support #RPCNFSDARGS="-N 4" # Number of nfs server processes to be started. # The default is 8. #RPCNFSDCOUNT=8 # Stop the nfsd module from being pre-loaded #NFSD_MODULE="noload" # # # Optional arguments passed to rpc.mountd. See rpc.mountd(8) #RPCMOUNTDOPTS="" # Port rpc.mountd should listen on. MOUNTD_PORT=892 # # # Optional arguments passed to rpc.statd. See rpc.statd(8) #STATDARG="" # Port rpc.statd should listen on. STATD_PORT=662 # Outgoing port statd should used. The default is port # is random STATD_OUTGOING_PORT=2020 # Specify callout program #STATD_HA_CALLOUT="/usr/local/bin/foo" # # # Optional arguments passed to rpc.idmapd. See rpc.idmapd(8) #RPCIDMAPDARGS="" # # Set to turn on Secure NFS mounts. #SECURE_NFS="yes" # Optional arguments passed to rpc.gssd. See rpc.gssd(8) #RPCGSSDARGS="" # Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8) #RPCSVCGSSDARGS="" #
*** Bug 502423 has been marked as a duplicate of this bug. ***
*** Bug 504484 has been marked as a duplicate of this bug. ***
Hitting this myself. Triggers repeatedly simply copying a Fedora DVD iso from a read-only nfs share to a client (spew is on the server side), nothing at all complex about the setup. Both machines have selinux enabled, but in permissive mode.
kernel-debug-2.6.29.4-169 and later have the debug code from comment #16 included. (Note you need to install the kernel-debug package.)
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
I downgraded to nfs-utils-1.1.4-8.fc10.i386 and the same error occurs. Maybe it is only another problem with selinux ? Jun 13 16:52:28 jack kernel: BUG: unable to handle kernel NULL pointer dereference at 00000004 Jun 13 16:52:28 jack kernel: IP: [<c053b184>] inode_has_perm+0x25/0x6a Jun 13 16:52:28 jack kernel: *pdpt = 000000003505a001 *pde = 000000007f1bc067 Jun 13 16:52:28 jack kernel: Oops: 0000 [#1] SMP Jun 13 16:52:28 jack kernel: last sysfs file: /sys/devices/pci0000:00/0000:00:05.0/host4/target4:0:0/4:0:0:0/model Jun 13 16:52:28 jack kernel: Modules linked in: fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs w83781d hwmon_vid hwmon lockd sunrpc ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 dm_multipath uinput ata_generic pata_acpi i2c_piix4 sym53c8xx e100 i2c_core scsi_transport_spi pata_hpt3x2n serio_raw mii pcspkr pata_serverworks pata_hpt37x gdth [last unloaded: scsi_wait_scan] Jun 13 16:52:28 jack kernel: Jun 13 16:52:28 jack kernel: Pid: 2654, comm: nfsd Not tainted (2.6.29.4-167.fc11.i686.PAE #1) System Name Jun 13 16:52:28 jack kernel: EIP: 0060:[<c053b184>] EFLAGS: 00010246 CPU: 1 Jun 13 16:52:28 jack kernel: EIP is at inode_has_perm+0x25/0x6a Jun 13 16:52:28 jack kernel: EAX: 00000000 EBX: 00000000 ECX: 00100004 EDX: ee157710 Jun 13 16:52:28 jack kernel: ESI: 00100004 EDI: ee931c80 EBP: ef13fea8 ESP: ef13fe5c Jun 13 16:52:28 jack kernel: DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Jun 13 16:52:28 jack kernel: Process nfsd (pid: 2654, ti=ef13e000 task=f5721940 task.ti=ef13e000) Jun 13 16:52:28 jack kernel: Stack: Jun 13 16:52:28 jack kernel: ef13fe78 00000620 00001e64 ef13e000 c0568008 f111e004 11270000 ee5afd48 Jun 13 16:52:28 jack kernel: ef13fec4 f8286906 00000002 f111e01c 00000246 00000001 ef13feb4 00000246 Jun 13 16:52:28 jack kernel: ef92e500 ee157710 ee931c80 ef13fec4 c053d41d 00000000 f54bb870 ef92e500 Jun 13 16:52:28 jack kernel: Call Trace: Jun 13 16:52:28 jack kernel: [<c0568008>] ? trace_hardirqs_on_thunk+0xc/0x10 Jun 13 16:52:28 jack kernel: [<f8286906>] ? nfsd_setuser_and_check_port+0x53/0x59 [nfsd] Jun 13 16:52:28 jack kernel: [<c053d41d>] ? selinux_dentry_open+0xda/0xe2 Jun 13 16:52:28 jack kernel: [<c05366f6>] ? security_dentry_open+0x14/0x16 Jun 13 16:52:28 jack kernel: [<c04a73be>] ? __dentry_open+0xf1/0x1f9 Jun 13 16:52:28 jack kernel: [<c04a7532>] ? dentry_open+0x6c/0x76 Jun 13 16:52:28 jack kernel: [<f8288620>] ? nfsd_open+0x107/0x12e [nfsd] Jun 13 16:52:28 jack kernel: [<f82887fd>] ? nfsd_commit+0x3a/0x82 [nfsd] Jun 13 16:52:28 jack kernel: [<f828d774>] ? nfsd3_proc_commit+0x95/0xa2 [nfsd] Jun 13 16:52:28 jack kernel: [<f828e9f9>] ? nfs3svc_decode_commitargs+0x0/0x6a [nfsd] Jun 13 16:52:28 jack kernel: [<f8284218>] ? nfsd_dispatch+0xd6/0x1a2 [nfsd] Jun 13 16:52:28 jack kernel: [<f81bab8c>] ? svc_process+0x391/0x596 [sunrpc] Jun 13 16:52:28 jack kernel: [<f8284720>] ? nfsd+0xf7/0x147 [nfsd] Jun 13 16:52:28 jack kernel: [<f8284629>] ? nfsd+0x0/0x147 [nfsd] Jun 13 16:52:28 jack kernel: [<c0446fc8>] ? kthread+0x41/0x65 Jun 13 16:52:28 jack kernel: [<c0446f87>] ? kthread+0x0/0x65 Jun 13 16:52:28 jack kernel: [<c0409dbf>] ? kernel_thread_helper+0x7/0x10 Jun 13 16:52:28 jack kernel: Code: e0 ea 5b 5e 5d c3 55 89 e5 57 56 53 83 ec 40 0f 1f 44 00 00 8b 5d 08 89 c7 31 c0 f6 82 45 01 00 00 02 89 ce 75 42 8b 47 58 85 db <8b> 40 04 89 45 b4 8b 82 4c 01 00 00 89 45 b8 75 16 b9 0e 00 00 Jun 13 16:52:28 jack kernel: EIP: [<c053b184>] inode_has_perm+0x25/0x6a SS:ESP 0068:ef13fe5c Jun 13 16:52:29 jack kernel: ---[ end trace 69d50f50088a4f90 ]--- Jun 13 16:52:40 jack kerneloops: Submitted 1 kernel oopses to www.kerneloops.org
*** Bug 506061 has been marked as a duplicate of this bug. ***
This looks like a refcounting problem, or a place where we're using credentials after freeing them. Comment #14 indicates that my patch to selinux_cred_free() tripped - so we're accessing a free'd cred struct.
Created attachment 348146 [details] More comprehensive bug finder This patch does more comprehensive checking of cred struct accounting. In particular it counts the pointers from task_structs and checks that this never exceeds the total number of references on a cred struct. To enable the checks, you need to turn on CONFIG_DEBUG_CREDENTIALS.
new debug patch went in 2.6.29.5-189, anbled for all kernels, not just -debug ones.
Created attachment 348162 [details] oops on shutdown with new debug patch applied
Created attachment 348163 [details] oops on boot with new debug patch
Patch has been disabled in 2.6.29.5-191
*** Bug 506962 has been marked as a duplicate of this bug. ***
(In reply to comment #18) > Can I get everyone having this problem to give me as many details about their > setup as they can? Are you still collecting? If so, here's ours: Server: mimmi$ grep home /etc/exports /home 172.17.0.0/18(rw,sync,no_root_squash) mimmi$ grep /root /proc/mounts /dev/root / ext3 rw,relatime,errors=continue,data=ordered 0 0 Client: freddi$ grep /home /etc/fstab mimmi:/home /home nfs defaults,bg 0 0 freddi$ grep mimmi:/home /proc/mounts mimmi:/home /home nfs rw,relatime,vers=3,rsize=262144,wsize=262144,namlen=255,hard,nointr,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.17.0.1,mountvers=3,mountproto=tcp,addr=172.17.0.1 0 0 Some symptoms on the client I assume are caused by this: freddi$ grep 'server mimmi' /var/log/messages | tail -1 Jun 23 09:52:20 freddi kernel: lockd: server mimmi not responding, still trying freddi$ ps -lC firefox -ww F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD 0 Z 500 2416 2399 2 80 0 - 0 exit ? 00:30:01 firefox <defunct> 0 D 500 5243 5226 0 80 0 - 83804 rpc_wa ? 00:00:00 firefox 0 D 500 5421 5404 0 80 0 - 83804 rpc_wa ? 00:00:00 firefox 0 D 500 5440 5423 0 80 0 - 83804 rpc_wa ? 00:00:00 firefox 0 D 500 6005 5988 0 80 0 - 83804 rpc_wa ? 00:00:00 firefox freddi$ rpcinfo mimmi | grep 100021 100021 1 udp 0.0.0.0.206.241 nlockmgr unknown 100021 3 udp 0.0.0.0.206.241 nlockmgr unknown 100021 4 udp 0.0.0.0.206.241 nlockmgr unknown 100021 1 tcp 0.0.0.0.226.187 nlockmgr unknown 100021 3 tcp 0.0.0.0.226.187 nlockmgr unknown 100021 4 tcp 0.0.0.0.226.187 nlockmgr unknown freddi$ rpcinfo -t mimmi 100021 rpcinfo: RPC: Timed out program 100021 version 0 is not available The latest "BUG" post in dmesg on the server attached below.
Created attachment 349098 [details] Sample oops from server
(In reply to comment #18) > Can I get everyone having this problem to give me as many details about their > setup as they can? Are you using NFSv3? NFSv4? What options do you have on > your exports? What is the underlying FS? What are the options the share (or > shares) are being mounted with? Anything you can think of that might allow me > to reproduce the problem.... If it helps.... kernel-2.6.29.5-191.fc11.i586 nfs-utils-1.2.0-3.fc11.i586 # cat /etc/exports /var/ftp 192.168.0.0/16(rw,all_squash) [although most of the content is root:root 644] # cat /etc/fstab /dev/vg0/f11 / ext2 defaults 1 1 /dev/sda2 /boot ext2 defaults 1 2 /dev/vg0/ftp /var/ftp ext2 defaults 1 2 # rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 2052 status 100024 1 tcp 2052 status 100003 3 udp 2049 nfs 100021 1 udp 2050 nlockmgr 100021 3 udp 2050 nlockmgr 100021 4 udp 2050 nlockmgr 100021 1 tcp 2050 nlockmgr 100021 3 tcp 2050 nlockmgr 100021 4 tcp 2050 nlockmgr 100003 3 tcp 2049 nfs 100005 3 udp 2051 mountd 100005 3 tcp 2051 mountd ... and then pound the share. Sometimes for as little as 2GB. Sometimes for as much as 8GB. I'll attach my series of oopses. Each one has minor variations from the others.
Created attachment 349618 [details] Oops #1
Created attachment 349620 [details] Oops #2
Created attachment 349621 [details] Oops #3
Created attachment 349622 [details] Oops #4
Created attachment 349623 [details] Oops #5
Created attachment 349624 [details] Oops #6
kernel: 2.6.29.4-167.fc11.x86_64 NFS:1:1.1.5-6.fc11.x86_64 [root@athloncube:/etc, Fri Jun 26, 11:50 PM] 1116 # cat /etc/exports # See the exports(5) manpage for a description of the syntax of this file. # This file contains a list of all directories that are to be exported to # other computers via NFS (Network File System). # This file used by rpc.nfsd and rpc.mountd. See their manpages for details # on how make changes in this file effective. /home 192.168.0.0/24(secure,rw,sync) # /work 192.168.0.0/24(secure,rw,sync) [root@athloncube:/etc, Fri Jun 26, 11:51 PM] 1117 # [root@athloncube:/etc, Fri Jun 26, 11:51 PM] 1117 # cat /etc/fstab /dev/VolGroup00/LogVol00 / ext3 defaults 1 1 UUID=5f6e6b1b-ecd8-4370-9f78-a46fd13079a8 /home ext3 defaults 1 2 UUID=b9d2caa2-bc2a-431b-a78b-c02beda7bf8e /boot ext3 defaults 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/VolGroup00/LogVol01 swap swap defaults 0 0 [root@athloncube:/etc, Fri Jun 26, 11:52 PM] 1118 # [root@athloncube:/etc, Fri Jun 26, 11:52 PM] 1118 # rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 862 status 100024 1 tcp 862 status 100011 1 udp 875 rquotad 100011 2 udp 875 rquotad 100011 1 tcp 875 rquotad 100011 2 tcp 875 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 32769 nlockmgr 100021 3 udp 32769 nlockmgr 100021 4 udp 32769 nlockmgr 100021 1 tcp 32803 nlockmgr 100021 3 tcp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 892 mountd 100005 1 tcp 892 mountd 100005 2 udp 892 mountd 100005 2 tcp 892 mountd 100005 3 udp 892 mountd 100005 3 tcp 892 mountd [root@athloncube:/etc, Fri Jun 26, 11:53 PM] 1119 # from messages file, last night, during an across the LAN tar backup: Jun 26 00:47:43 athloncube mountd[1717]: authenticated mount request from 192.168.0.9:1010 for /home (/home) Jun 26 00:57:11 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 Jun 26 00:57:11 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 00:57:11 athloncube kernel: PGD 60080067 PUD 714c6067 PMD 0 Jun 26 00:57:11 athloncube kernel: Oops: 0000 [#1] SMP Jun 26 00:57:11 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq Jun 26 00:57:11 athloncube kernel: CPU 1 Jun 26 00:57:11 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan] Jun 26 00:57:11 athloncube kernel: Pid: 1714, comm: nfsd Not tainted 2.6.29.4-167.fc11.x86_64 #1 M61SME-S2 Jun 26 00:57:11 athloncube kernel: RIP: 0010:[<ffffffff81184289>] [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 00:57:11 athloncube kernel: RSP: 0018:ffff880071f35c10 EFLAGS: 00010246 Jun 26 00:57:11 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 Jun 26 00:57:11 athloncube kernel: RDX: 0000000000100002 RSI: ffff88005273dbc8 RDI: ffff880044c7f600 Jun 26 00:57:11 athloncube kernel: RBP: ffff880071f35c60 R08: 0000000000000000 R09: ffff880044c7f600 Jun 26 00:57:11 athloncube kernel: R10: ffff88005a1033c0 R11: 0000000000000000 R12: ffff88005273dbc8 Jun 26 00:57:11 athloncube kernel: R13: ffff880044c7f600 R14: ffff880044c64d80 R15: ffff88005273dbc8 Jun 26 00:57:11 athloncube kernel: FS: 00007f2fb4f626f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730 Jun 26 00:57:11 athloncube kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Jun 26 00:57:11 athloncube kernel: CR2: 0000000000000004 CR3: 000000006391a000 CR4: 00000000000006e0 Jun 26 00:57:11 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jun 26 00:57:11 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jun 26 00:57:11 athloncube kernel: Process nfsd (pid: 1714, threadinfo ffff880071f34000, task ffff880071e05c00) Jun 26 00:57:11 athloncube kernel: Stack: Jun 26 00:57:11 athloncube kernel: ffff8800454ba000 0000000000000404 ffff880071f35c60 0000000000000246 Jun 26 00:57:11 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071f35c90 0000000000000246 Jun 26 00:57:11 athloncube kernel: ffff880071f35c60 ffff880044c64d80 ffff880071f35c90 ffffffff81186984 Jun 26 00:57:11 athloncube kernel: Call Trace: Jun 26 00:57:11 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0 Jun 26 00:57:11 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18 Jun 26 00:57:11 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273 Jun 26 00:57:11 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e Jun 26 00:57:11 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd] Jun 26 00:57:11 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb Jun 26 00:57:11 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd] Jun 26 00:57:11 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd] Jun 26 00:57:11 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd] Jun 26 00:57:11 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc] Jun 26 00:57:11 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd] Jun 26 00:57:11 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd] Jun 26 00:57:11 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78 Jun 26 00:57:11 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20 Jun 26 00:57:11 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30 Jun 26 00:57:11 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78 Jun 26 00:57:11 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20 Jun 26 00:57:11 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 Jun 26 00:57:11 athloncube kernel: RIP [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 00:57:11 athloncube kernel: RSP <ffff880071f35c10> Jun 26 00:57:11 athloncube kernel: CR2: 0000000000000004 Jun 26 00:57:11 athloncube kernel: ---[ end trace 7fc40d2751b4b85f ]--- Jun 26 00:58:00 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org Jun 26 01:04:07 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 Jun 26 01:04:07 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:04:07 athloncube kernel: PGD 5f9f0067 PUD 5f4d9067 PMD 0 Jun 26 01:04:07 athloncube kernel: Oops: 0000 [#2] SMP Jun 26 01:04:07 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq Jun 26 01:04:07 athloncube kernel: CPU 1 Jun 26 01:04:07 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan] Jun 26 01:04:07 athloncube kernel: Pid: 1710, comm: nfsd Tainted: G D 2.6.29.4-167.fc11.x86_64 #1 M61SME-S2 Jun 26 01:04:07 athloncube kernel: RIP: 0010:[<ffffffff81184289>] [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:04:07 athloncube kernel: RSP: 0018:ffff880071dffc10 EFLAGS: 00010246 Jun 26 01:04:07 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 Jun 26 01:04:07 athloncube kernel: RDX: 0000000000100002 RSI: ffff8800465689c8 RDI: ffff8800399cfa80 Jun 26 01:04:07 athloncube kernel: RBP: ffff880071dffc60 R08: 0000000000000000 R09: ffff8800399cfa80 Jun 26 01:04:07 athloncube kernel: R10: ffff880078c54e00 R11: 0000000000000000 R12: ffff8800465689c8 Jun 26 01:04:07 athloncube kernel: R13: ffff8800399cfa80 R14: ffff880060df0b40 R15: ffff8800465689c8 Jun 26 01:04:07 athloncube kernel: FS: 00007f8f9be8d6f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730 Jun 26 01:04:07 athloncube kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Jun 26 01:04:07 athloncube kernel: CR2: 0000000000000004 CR3: 000000005f8be000 CR4: 00000000000006e0 Jun 26 01:04:07 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jun 26 01:04:07 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jun 26 01:04:07 athloncube kernel: Process nfsd (pid: 1710, threadinfo ffff880071dfe000, task ffff880071e00000) Jun 26 01:04:07 athloncube kernel: Stack: Jun 26 01:04:07 athloncube kernel: ffffffff811836a7 ffff8800399cfa80 ffff880071dffc30 ffffffff81042d14 Jun 26 01:04:07 athloncube kernel: ffff880071dffc40 ffffffff813aa05a ffff880071dffc90 0000000000000246 Jun 26 01:04:07 athloncube kernel: ffffffffffffff9e ffff880060df0b40 ffff880071dffc90 ffffffff81186984 Jun 26 01:04:07 athloncube kernel: Call Trace: Jun 26 01:04:07 athloncube kernel: [<ffffffff811836a7>] ? selinux_file_alloc_security+0x37/0x57 Jun 26 01:04:07 athloncube kernel: [<ffffffff81042d14>] ? __cond_resched+0x32/0x5b Jun 26 01:04:07 athloncube kernel: [<ffffffff813aa05a>] ? _cond_resched+0x35/0x40 Jun 26 01:04:07 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0 Jun 26 01:04:07 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18 Jun 26 01:04:07 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273 Jun 26 01:04:07 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e Jun 26 01:04:07 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb Jun 26 01:04:07 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc] Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78 Jun 26 01:04:07 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20 Jun 26 01:04:07 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30 Jun 26 01:04:07 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78 Jun 26 01:04:07 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20 Jun 26 01:04:07 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 Jun 26 01:04:07 athloncube kernel: RIP [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:04:07 athloncube kernel: RSP <ffff880071dffc10> Jun 26 01:04:07 athloncube kernel: CR2: 0000000000000004 Jun 26 01:04:07 athloncube kernel: ---[ end trace 7fc40d2751b4b860 ]--- Jun 26 01:04:07 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 Jun 26 01:04:07 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:04:07 athloncube kernel: PGD 5f9f0067 PUD 5f4d9067 PMD 0 Jun 26 01:04:07 athloncube kernel: Oops: 0000 [#3] SMP Jun 26 01:04:07 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq Jun 26 01:04:07 athloncube kernel: CPU 1 Jun 26 01:04:07 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan] Jun 26 01:04:07 athloncube kernel: Pid: 1708, comm: nfsd Tainted: G D 2.6.29.4-167.fc11.x86_64 #1 M61SME-S2 Jun 26 01:04:07 athloncube kernel: RIP: 0010:[<ffffffff81184289>] [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:04:07 athloncube kernel: RSP: 0018:ffff880071d7bc10 EFLAGS: 00010246 Jun 26 01:04:07 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 Jun 26 01:04:07 athloncube kernel: RDX: 0000000000100002 RSI: ffff8800465689c8 RDI: ffff8800411d0840 Jun 26 01:04:07 athloncube kernel: RBP: ffff880071d7bc60 R08: 0000000000000000 R09: ffff8800411d0840 Jun 26 01:04:07 athloncube kernel: R10: ffff880078c54e00 R11: 0000000000000000 R12: ffff8800465689c8 Jun 26 01:04:07 athloncube kernel: R13: ffff8800411d0840 R14: ffff880040c53780 R15: ffff8800465689c8 Jun 26 01:04:07 athloncube kernel: FS: 00007f8f9be8d6f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730 Jun 26 01:04:07 athloncube kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Jun 26 01:04:07 athloncube kernel: CR2: 0000000000000004 CR3: 000000005f8be000 CR4: 00000000000006e0 Jun 26 01:04:07 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jun 26 01:04:07 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jun 26 01:04:07 athloncube kernel: Process nfsd (pid: 1708, threadinfo ffff880071d7a000, task ffff880073b55c00) Jun 26 01:04:07 athloncube kernel: Stack: Jun 26 01:04:07 athloncube kernel: ffff880040c53a80 0000000000000404 ffff880071d7bc60 0000000000000246 Jun 26 01:04:07 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071d7bc90 0000000000000246 Jun 26 01:04:07 athloncube kernel: ffff880071ca2000 ffff880040c53780 ffff880071d7bc90 ffffffff81186984 Jun 26 01:04:07 athloncube kernel: Call Trace: Jun 26 01:04:07 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0 Jun 26 01:04:07 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18 Jun 26 01:04:07 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273 Jun 26 01:04:07 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e Jun 26 01:04:07 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb Jun 26 01:04:07 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc] Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd] Jun 26 01:04:07 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78 Jun 26 01:04:07 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20 Jun 26 01:04:07 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30 Jun 26 01:04:07 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78 Jun 26 01:04:07 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20 Jun 26 01:04:07 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 Jun 26 01:04:07 athloncube kernel: RIP [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:04:07 athloncube kernel: RSP <ffff880071d7bc10> Jun 26 01:04:07 athloncube kernel: CR2: 0000000000000004 Jun 26 01:04:07 athloncube kernel: ---[ end trace 7fc40d2751b4b861 ]--- Jun 26 01:05:01 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org Jun 26 01:15:54 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 Jun 26 01:15:54 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:15:54 athloncube kernel: PGD 71d6d067 PUD 71d6b067 PMD 0 Jun 26 01:15:54 athloncube kernel: Oops: 0000 [#4] SMP Jun 26 01:15:54 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq Jun 26 01:15:54 athloncube kernel: CPU 1 Jun 26 01:15:54 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan] Jun 26 01:15:54 athloncube kernel: Pid: 1709, comm: nfsd Tainted: G D 2.6.29.4-167.fc11.x86_64 #1 M61SME-S2 Jun 26 01:15:54 athloncube kernel: RIP: 0010:[<ffffffff81184289>] [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:15:54 athloncube kernel: RSP: 0018:ffff880071dbdc10 EFLAGS: 00010246 Jun 26 01:15:54 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 Jun 26 01:15:54 athloncube kernel: RDX: 0000000000100002 RSI: ffff8800591343c8 RDI: ffff88003e9fbb40 Jun 26 01:15:54 athloncube kernel: RBP: ffff880071dbdc60 R08: 0000000000000000 R09: ffff88003e9fbb40 Jun 26 01:15:54 athloncube kernel: R10: ffff88001eb2c480 R11: 0000000000000000 R12: ffff8800591343c8 Jun 26 01:15:54 athloncube kernel: R13: ffff88003e9fbb40 R14: ffff880070899540 R15: ffff8800591343c8 Jun 26 01:15:54 athloncube kernel: FS: 00007fa05d7826f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730 Jun 26 01:15:54 athloncube kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Jun 26 01:15:54 athloncube kernel: CR2: 0000000000000004 CR3: 0000000071d87000 CR4: 00000000000006e0 Jun 26 01:15:54 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jun 26 01:15:54 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jun 26 01:15:54 athloncube kernel: Process nfsd (pid: 1709, threadinfo ffff880071dbc000, task ffff880074b05c00) Jun 26 01:15:54 athloncube kernel: Stack: Jun 26 01:15:54 athloncube kernel: ffff88002dddbcc0 0000000000000404 ffff880071dbdc60 0000000000000246 Jun 26 01:15:54 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071dbdc90 0000000000000246 Jun 26 01:15:54 athloncube kernel: ffff880071d7c000 ffff880070899540 ffff880071dbdc90 ffffffff81186984 Jun 26 01:15:54 athloncube kernel: Call Trace: Jun 26 01:15:54 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0 Jun 26 01:15:54 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18 Jun 26 01:15:54 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273 Jun 26 01:15:54 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e Jun 26 01:15:54 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd] Jun 26 01:15:54 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb Jun 26 01:15:54 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd] Jun 26 01:15:54 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd] Jun 26 01:15:54 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd] Jun 26 01:15:54 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc] Jun 26 01:15:54 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd] Jun 26 01:15:54 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd] Jun 26 01:15:54 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78 Jun 26 01:15:54 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20 Jun 26 01:15:54 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30 Jun 26 01:15:54 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78 Jun 26 01:15:54 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20 Jun 26 01:15:54 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 Jun 26 01:15:54 athloncube kernel: RIP [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:15:54 athloncube kernel: RSP <ffff880071dbdc10> Jun 26 01:15:54 athloncube kernel: CR2: 0000000000000004 Jun 26 01:15:54 athloncube kernel: ---[ end trace 7fc40d2751b4b862 ]--- Jun 26 01:16:48 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org Jun 26 01:56:24 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 Jun 26 01:56:24 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:56:24 athloncube kernel: PGD 71d6d067 PUD 71d6b067 PMD 0 Jun 26 01:56:24 athloncube kernel: Oops: 0000 [#5] SMP Jun 26 01:56:24 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq Jun 26 01:56:24 athloncube kernel: CPU 1 Jun 26 01:56:24 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan] Jun 26 01:56:24 athloncube kernel: Pid: 1707, comm: nfsd Tainted: G D 2.6.29.4-167.fc11.x86_64 #1 M61SME-S2 Jun 26 01:56:24 athloncube kernel: RIP: 0010:[<ffffffff81184289>] [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:56:24 athloncube kernel: RSP: 0018:ffff880071ca1c10 EFLAGS: 00010246 Jun 26 01:56:24 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 Jun 26 01:56:24 athloncube kernel: RDX: 0000000000100002 RSI: ffff88006e0c5bc8 RDI: ffff880041029480 Jun 26 01:56:24 athloncube kernel: RBP: ffff880071ca1c60 R08: 0000000000000000 R09: ffff880041029480 Jun 26 01:56:24 athloncube kernel: R10: ffff88003fdc3580 R11: 0000000000000000 R12: ffff88006e0c5bc8 Jun 26 01:56:24 athloncube kernel: R13: ffff880041029480 R14: ffff8800460e3240 R15: ffff88006e0c5bc8 Jun 26 01:56:24 athloncube kernel: FS: 00007fa05d7826f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730 Jun 26 01:56:24 athloncube kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Jun 26 01:56:24 athloncube kernel: CR2: 0000000000000004 CR3: 0000000071d87000 CR4: 00000000000006e0 Jun 26 01:56:24 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jun 26 01:56:24 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jun 26 01:56:24 athloncube kernel: Process nfsd (pid: 1707, threadinfo ffff880071ca0000, task ffff880071c54500) Jun 26 01:56:24 athloncube kernel: Stack: Jun 26 01:56:24 athloncube kernel: ffff880053819e40 0000000000000404 ffff880071ca1c60 0000000000000246 Jun 26 01:56:24 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071ca1c90 0000000000000246 Jun 26 01:56:24 athloncube kernel: ffff880071c42000 ffff8800460e3240 ffff880071ca1c90 ffffffff81186984 Jun 26 01:56:24 athloncube kernel: Call Trace: Jun 26 01:56:24 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0 Jun 26 01:56:24 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18 Jun 26 01:56:24 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273 Jun 26 01:56:24 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e Jun 26 01:56:24 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd] Jun 26 01:56:24 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd] Jun 26 01:56:24 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd] Jun 26 01:56:24 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd] Jun 26 01:56:24 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc] Jun 26 01:56:24 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd] Jun 26 01:56:24 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd] Jun 26 01:56:24 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78 Jun 26 01:56:24 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20 Jun 26 01:56:24 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30 Jun 26 01:56:24 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78 Jun 26 01:56:24 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20 Jun 26 01:56:24 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 Jun 26 01:56:24 athloncube kernel: RIP [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:56:24 athloncube kernel: RSP <ffff880071ca1c10> Jun 26 01:56:24 athloncube kernel: CR2: 0000000000000004 Jun 26 01:56:24 athloncube kernel: ---[ end trace 7fc40d2751b4b863 ]--- Jun 26 01:57:22 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org Jun 26 01:57:45 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 Jun 26 01:57:45 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:57:45 athloncube kernel: PGD 65cbf067 PUD 66047067 PMD 0 Jun 26 01:57:45 athloncube kernel: Oops: 0000 [#6] SMP Jun 26 01:57:45 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq Jun 26 01:57:45 athloncube kernel: CPU 0 Jun 26 01:57:45 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan] Jun 26 01:57:45 athloncube kernel: Pid: 1711, comm: nfsd Tainted: G D 2.6.29.4-167.fc11.x86_64 #1 M61SME-S2 Jun 26 01:57:45 athloncube kernel: RIP: 0010:[<ffffffff81184289>] [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:57:45 athloncube kernel: RSP: 0018:ffff880071e49c10 EFLAGS: 00010246 Jun 26 01:57:45 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 Jun 26 01:57:45 athloncube kernel: RDX: 0000000000100002 RSI: ffff88006e0c5bc8 RDI: ffff88005a014a80 Jun 26 01:57:45 athloncube kernel: RBP: ffff880071e49c60 R08: 0000000000000000 R09: ffff88005a014a80 Jun 26 01:57:45 athloncube kernel: R10: ffff88003fdc3580 R11: 0000000000000000 R12: ffff88006e0c5bc8 Jun 26 01:57:45 athloncube kernel: R13: ffff88005a014a80 R14: ffff88003e809b40 R15: ffff88006e0c5bc8 Jun 26 01:57:45 athloncube kernel: FS: 00007f0cd96f6800(0000) GS:ffffffff817b7000(0000) knlGS:00000000c218c730 Jun 26 01:57:45 athloncube kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Jun 26 01:57:45 athloncube kernel: CR2: 0000000000000004 CR3: 0000000065dc6000 CR4: 00000000000006e0 Jun 26 01:57:45 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jun 26 01:57:45 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jun 26 01:57:45 athloncube kernel: Process nfsd (pid: 1711, threadinfo ffff880071e48000, task ffff880071e01700) Jun 26 01:57:45 athloncube kernel: Stack: Jun 26 01:57:45 athloncube kernel: ffff88003e809e40 0000000000000404 ffff880071e49c60 0000000000000246 Jun 26 01:57:45 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071e49c90 0000000000000246 Jun 26 01:57:45 athloncube kernel: ffff880071e08000 ffff88003e809b40 ffff880071e49c90 ffffffff81186984 Jun 26 01:57:45 athloncube kernel: Call Trace: Jun 26 01:57:45 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0 Jun 26 01:57:45 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18 Jun 26 01:57:45 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273 Jun 26 01:57:45 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e Jun 26 01:57:45 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd] Jun 26 01:57:45 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb Jun 26 01:57:45 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd] Jun 26 01:57:45 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd] Jun 26 01:57:45 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd] Jun 26 01:57:45 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc] Jun 26 01:57:45 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd] Jun 26 01:57:45 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd] Jun 26 01:57:45 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78 Jun 26 01:57:45 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20 Jun 26 01:57:45 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30 Jun 26 01:57:45 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78 Jun 26 01:57:45 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20 Jun 26 01:57:45 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 Jun 26 01:57:45 athloncube kernel: RIP [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 01:57:45 athloncube kernel: RSP <ffff880071e49c10> Jun 26 01:57:45 athloncube kernel: CR2: 0000000000000004 Jun 26 01:57:45 athloncube kernel: ---[ end trace 7fc40d2751b4b864 ]--- Jun 26 01:58:42 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org Jun 26 02:11:26 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 Jun 26 02:11:26 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 02:11:26 athloncube kernel: PGD 65c8e067 PUD 5f90a067 PMD 0 Jun 26 02:11:26 athloncube kernel: Oops: 0000 [#7] SMP Jun 26 02:11:26 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq Jun 26 02:11:26 athloncube kernel: CPU 1 Jun 26 02:11:26 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan] Jun 26 02:11:26 athloncube kernel: Pid: 1712, comm: nfsd Tainted: G D 2.6.29.4-167.fc11.x86_64 #1 M61SME-S2 Jun 26 02:11:26 athloncube kernel: RIP: 0010:[<ffffffff81184289>] [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 02:11:26 athloncube kernel: RSP: 0018:ffff880071e93c10 EFLAGS: 00010246 Jun 26 02:11:26 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 Jun 26 02:11:26 athloncube kernel: RDX: 0000000000100002 RSI: ffff880055e68cc8 RDI: ffff8800454ba240 Jun 26 02:11:26 athloncube kernel: RBP: ffff880071e93c60 R08: 0000000000000000 R09: ffff8800454ba240 Jun 26 02:11:26 athloncube kernel: R10: ffff88005f10dc00 R11: 0000000000000000 R12: ffff880055e68cc8 Jun 26 02:11:26 athloncube kernel: R13: ffff8800454ba240 R14: ffff880058d30b40 R15: ffff880055e68cc8 Jun 26 02:11:26 athloncube kernel: FS: 00007fbea5fb86f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730 Jun 26 02:11:26 athloncube kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b Jun 26 02:11:26 athloncube kernel: CR2: 0000000000000004 CR3: 000000005f0f4000 CR4: 00000000000006e0 Jun 26 02:11:26 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Jun 26 02:11:26 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Jun 26 02:11:26 athloncube kernel: Process nfsd (pid: 1712, threadinfo ffff880071e92000, task ffff880071e02e00) Jun 26 02:11:26 athloncube kernel: Stack: Jun 26 02:11:26 athloncube kernel: ffff880032343d80 0000000000000404 ffff880071e93c60 0000000000000246 Jun 26 02:11:26 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071e93c90 0000000000000246 Jun 26 02:11:26 athloncube kernel: ffff880071e4a000 ffff880058d30b40 ffff880071e93c90 ffffffff81186984 Jun 26 02:11:26 athloncube kernel: Call Trace: Jun 26 02:11:26 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0 Jun 26 02:11:26 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18 Jun 26 02:11:26 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273 Jun 26 02:11:26 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e Jun 26 02:11:26 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd] Jun 26 02:11:26 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb Jun 26 02:11:26 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd] Jun 26 02:11:26 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd] Jun 26 02:11:26 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd] Jun 26 02:11:26 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc] Jun 26 02:11:26 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd] Jun 26 02:11:26 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd] Jun 26 02:11:26 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78 Jun 26 02:11:26 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20 Jun 26 02:11:26 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30 Jun 26 02:11:26 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78 Jun 26 02:11:26 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20 Jun 26 02:11:26 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 Jun 26 02:11:26 athloncube kernel: RIP [<ffffffff81184289>] inode_has_perm+0x30/0x66 Jun 26 02:11:26 athloncube kernel: RSP <ffff880071e93c10> Jun 26 02:11:26 athloncube kernel: CR2: 0000000000000004 Jun 26 02:11:26 athloncube kernel: ---[ end trace 7fc40d2751b4b865 ]--- Jun 26 02:12:20 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org Jun 26 02:44:50 athloncube mountd[1717]: authenticated unmount request from 192.168.0.9:880 for /home (/home) & more mundane, unrelated stuff .... The umount was from the box that started the problems during the across-the-LAN backup of parts of /home ....
I 2nd the motion on Allen's observations: it seems to take plural GB of data access to trigger the ooops. I rebuild code (a few dozen KB total, in several directories) overnight which is resident on this box but compiled using make on another box, which access this one using NFS. That never gives me any ooops. Only the across-the-LAN backups (tar or rsync, 35-ish GB total) give me problems ....
> it seems to take plural GB of data access to trigger the oops. Is that one multi-GB file, or is it any amount of files, that total multi-GB in size, do you reckon? Note that I'm having problems debugging this because my test box is hitting an OOM problem instead (we know which commit causes this problem, but I need that patching first). I do have an updated bug finder patch, which I'll attach - hopefully this won't cause the oopses Chuck was seeing.
Created attachment 349777 [details] More comprehensive bug finder v2 This should deal with an oops introduced by the previous version of the bug finder, primarily by remembering to account for threads that are left sharing creds by copy_creds().
(In reply to comment #46) > > it seems to take plural GB of data access to trigger the oops. > > Is that one multi-GB file, or is it any amount of files, that total multi-GB in > size, do you reckon? > > [snip] For me, it's many files that add up to a few GB total. I haven't tried one super-jumbo file, but I can try later today. Of course, anyone, feel free to beat me to it.
for me, this A.M., it happened while trying to tar up my Thunderbird Inbox, which weighs in at a portly 2324153599 bytes (~2 GB), *after* successfully processing my (similarly sized) old Inbox & Sent. YMMV & all that.
New debug patch went in kernel-2.6.29.5-202
I can routinely trip it transferring a handful of DVD iso images (such as the F11 release DVD isos) or some HDTV recordings off my mythtv backend (typically ~7GB files).
Also running into this bug. I hit it when trying to allocate a new virtual disk (~20GB) on my NFS mounted storage (Fedora 11 x86_64 server) using virt-manager on another F11 box.
Backtrace from new patch: ERROR: cred->security is (null) ------------[ cut here ]------------ kernel BUG at kernel/cred.c:743! invalid opcode: 0000 [#1] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:11.0/host2/target2:0:0/2:0:0:0/block/sdb/sdb2/dev CPU 3 Modules linked in: radeon drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan] Pid: 1, comm: init Not tainted 2.6.29.5-206.fc11.x86_64 #1 GA-MA78GM-S2H RIP: 0010:[<ffffffff81061398>] [<ffffffff81061398>] __validate_creds+0x24/0x2a RSP: 0018:ffff88023f129ef8 EFLAGS: 00010296 RAX: 0000000000000023 RBX: ffff88023b4586c0 RCX: 0000000000009369 RDX: ffff88023f129dd8 RSI: 0000000000000046 RDI: 0000000000000246 RBP: ffff88023f129ef8 R08: 0000000000000000 R09: ffff880028084100 R10: ffff880028084100 R11: 0000000000000202 R12: ffff88023f120000 R13: 00007fffcbf6c8a0 R14: 00000000ffffff9c R15: 00007fffcbf6c5d0 FS: 00007f5aeffc27b0(0000) GS:ffff88023e077a00(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5aeffcb000 CR3: 000000023cb5e000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process init (pid: 1, threadinfo ffff88023f128000, task ffff88023f120000) Stack: ffff88023f129f18 ffffffff81061dbd 0000000000416166 0000000000000001 ffff88023f129f68 ffffffff810d44ea 00007fffcbf6c670 ffffffff813ac329 0000000000000246 0000000000416166 0000000000405280 00007fffcbf6c8a0 Call Trace: [<ffffffff81061dbd>] prepare_creds+0x167/0x17b [<ffffffff810d44ea>] sys_faccessat+0x37/0x193 [<ffffffff813ac329>] ? trace_hardirqs_on_thunk+0x3a/0x3c [<ffffffff810d465e>] sys_access+0x18/0x1a [<ffffffff8101133a>] system_call_fastpath+0x16/0x1b Code: 41 5c 41 5d c9 c3 90 55 48 89 e5 0f 1f 44 00 00 48 8b 77 68 48 81 fe ff 0f 00 00 77 12 48 c7 c7 42 63 4d 81 31 c0 e8 01 8d 34 00 <0f> 0b eb fe c9 c3 55 48 89 e5 53 48 83 ec 08 0f 1f 44 00 00 48 RIP [<ffffffff81061398>] __validate_creds+0x24/0x2a RSP <ffff88023f129ef8> ---[ end trace e5aa90e679fcc4c7 ]---
Created attachment 350044 [details] invalid opcode: 0000 [#1] SMP at kernel/cred.c:743! I snagged kernel-2.6.29.5-206.fc11.i586 out of koji. My trace is 3-in-1, which I'll break apart. The last one locks up everything and runs forever until I power cycle, basically losing everything in the log files, so I had to capture these using a serial console. I believe that third one is pretty much garbage, but I'll attach it, anyway. FWIW, all my nfsd crashes occurred reading only, not writing.
Created attachment 350045 [details] invalid opcode: 0000 [#2] SMP at kernel/cred.c:765!
Created attachment 350046 [details] invalid opcode: 0000 [#3] 4b/0xa8 at kernel/cred.c:765!
Due to the severe problems, CONFIG_DEBUG_CREDENTIALS is only enabled in debug kernels as of 2.6.29.6-209.rc1 . People who want to continue debugging this should install the kernel-debug package.
(In reply to comment #53) > ERROR: cred->security is (null) > ------------[ cut here ]------------ > kernel BUG at kernel/cred.c:743! What were you doing when this happened? Also, I've done something silly in the debugging patch: I carefully arranged for __validate_creds() to be given a file and a line no., but forgot to print them:-( However, given the return address back to prepare_creds() is near the end of that function, the security pointer in the newly-prepared creds would seem to be invalid:-/ I'll generate a new patch to get more info. Sorry about that.
I get this when doing local RPM builds. I have /home on NFS. On both client and server: kernel-2.6.29.5-191.fc11.i586 nfs-utils-1.1.5-6.fc11.i586 I was building vdrift, which is about 450MB, but with the untarring an dbuilding of RPMS gets to the multi-GB range quickly. What else would be helpful?
Created attachment 350123 [details] More comprehensive bug finder v3 Better bug finder patch. This one actually prints the file and line on which an invalid bug was detected, and correctly orders the bug check code at the end of copy_creds().
(In reply to comment #60) > Created an attachment (id=350123) [details] > More comprehensive bug finder v3 > > Better bug finder patch. This one actually prints the file and line on which > an invalid bug was detected, and correctly orders the bug check code at the end > of copy_creds(). That's still wrong:-( It doesn't always handle exit correctly.
Created attachment 350161 [details] the oops trace back....
Created attachment 350162 [details] A more complete oops trace.
Created attachment 350271 [details] Fix use of unrefcounted creds in nfsd_open() This ought to fix the bug. What's happening is: nfsd_open() gets an unrefcounted pointer to the current process's effective credentials at the top of the function, then calls nfsd_setuser() via fh_verify() - which may replace and destroy the current process's effective credentials - and then passes the unrefcounted pointer to dentry_open() - but the credentials may have been destroyed by this point. Instead, the value from current_cred() should be passed directly to dentry_open() as one of its arguments, rather than being cached in a variable. Possibly fh_verify() should return the creds to use.
Fix went in kernel-2.6.29.6-211
I've been running 2.6.29.6-211.fc11.x86_64 for some hours now, and so far it looks good. Copying some 16 GB data to a client didn't trigger any oops, for example. It's too early to say for sure, but it does look good so far.
I cannot find kernel-2.6.29.6-211 in repository f11-updates-testing or updates list. https://admin.fedoraproject.org/updates/F11 Plese give me a hint.
(In reply to comment #67) > I cannot find kernel-2.6.29.6-211 in repository ... > Plese give me a hint. I don't think it's sent to the repositories yet. I took it directly from Koji, the build system: http://koji.fedoraproject.org/koji/buildinfo?buildID=112824 As you might expect, things that get to the repositories are supposed to be a bit more reliable than an arbitrary build. In this case, 2.6.29.6-211 has been running for over 24 hours for me now, and so far no oopses! :-) (Or any other problems.) YMMV
Running the 2.6.29.6-211 kernel for about 12 hours now. I created a new 20GB virtual disk with no issues and the VM seems to be running fine right now over NFS.
I had now the first day with 2.6.29.6-211 kernel and no oopses by now !
kernel-2.6.29.6-213.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/kernel-2.6.29.6-213.fc11
Thanks for fixing this. I started using my F11 box as a NFS server yesterday and immediately ran into this.
(In reply to comment #71) > kernel-2.6.29.6-213.fc11 has been submitted as an update for Fedora 11. > http://admin.fedoraproject.org/updates/kernel-2.6.29.6-213.fc11 How long until it (this kernel) makes it into the repositories ? TIA ....
Being impatient, I just grabbed the packages from Koji http://koji.fedoraproject.org/koji/buildinfo?buildID=113377 and can confirm the NFS problem appears to be fixed. I have just shunted 2TB onto my Fedora 11 NAS without any problems. Many thanks!
(In reply to comment #74) > Being impatient, I just grabbed the packages from Koji > http://koji.fedoraproject.org/koji/buildinfo?buildID=113377 and can confirm the > NFS problem appears to be fixed. I have just shunted 2TB onto my Fedora 11 NAS > without any problems. Many thanks! I just tried this & got a missing dependency (kernel-firmware), tried both yum & rpm, same problem both times. Where did you find the firmware rpm ? TIA ....
I see it in koji in noarch.
I obtained the packages from koji as well and they work no problem. I blogged about how to re-build the rpmfusion Nvidia drivers rpms for this (currently) unreleased kernel. In case this is helpful to anyone else, here it is: http://blogs.gurulabs.com/dax/2009/07/rebuilding-the.html
(In reply to comment #76) > I see it in koji in noarch. Tunnel-vision :-/ .... I figured firmware would be (possibly highly) CPU/arch-specific .... I got the new kernel & related bits installed, we'll see tomorrow A.M. ....
kernel-2.6.29.6-213.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update kernel'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-7617
so far, so good w/ the new kernel. I reactivated the nightly across-the-LAN rsync of this box from another & it went off w/o a hitch last night (had been causing an ooops whenever it tried). There will be another one tonight as well as a once-weekly full tar backup (~40 GB total) this evening. If both of those go AOK, I'd say you could mark this bug .... *SQUASHED*.
Now done nearly a Terabyte over various files sizes (from basic docs to 10's of GB HD Videos) from a FC10 Server to a FC11 (with this patch) Client as an NFS share. Client was doing loads also at that time - loads of YUM updates and streaming video/audio as I was getting sloshed at the time (at home!) and NO OPPS! Faultless. Well done to the fixer --- if this OOPPS affects you then this is the fix...
kernel-2.6.29.6-213.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.