Bug 494067 - kernel oops in NFS caused by null credentials
Summary: kernel oops in NFS caused by null credentials
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 11
Hardware: x86_64
OS: Linux
low
high
Target Milestone: ---
Assignee: David Howells
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 495405 502423 504484 506061 506962 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-04-04 00:23 UTC by louisgtwo
Modified: 2009-07-22 21:58 UTC (History)
24 users (show)

Fixed In Version: 2.6.29.6-213.fc11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-22 21:58:24 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
new patch (2.78 KB, text/plain)
2009-05-13 16:56 UTC, Chuck Ebbert 		no flags Details
More comprehensive bug finder (13.57 KB, patch)
2009-06-16 18:25 UTC, David Howells 		no flags Details | Diff
oops on shutdown with new debug patch applied (474.24 KB, image/jpeg)
2009-06-16 20:28 UTC, Chuck Ebbert 		no flags Details
oops on boot with new debug patch (3.00 KB, text/plain)
2009-06-16 20:37 UTC, Chuck Ebbert 		no flags Details
Sample oops from server (3.14 KB, text/plain)
2009-06-23 14:48 UTC, Göran Uddeborg 		no flags Details
Oops #1 (3.43 KB, text/plain)
2009-06-27 02:54 UTC, Allen Kistler 		no flags Details
Oops #2 (3.49 KB, text/plain)
2009-06-27 02:55 UTC, Allen Kistler 		no flags Details
Oops #3 (3.44 KB, text/plain)
2009-06-27 02:56 UTC, Allen Kistler 		no flags Details
Oops #4 (3.44 KB, text/plain)
2009-06-27 02:56 UTC, Allen Kistler 		no flags Details
Oops #5 (3.40 KB, text/plain)
2009-06-27 02:57 UTC, Allen Kistler 		no flags Details
Oops #6 (3.40 KB, text/plain)
2009-06-27 02:57 UTC, Allen Kistler 		no flags Details
More comprehensive bug finder v2 (17.17 KB, patch)
2009-06-29 12:41 UTC, David Howells 		no flags Details | Diff
invalid opcode: 0000 [#1] SMP at kernel/cred.c:743! (1.86 KB, text/plain)
2009-07-01 02:01 UTC, Allen Kistler 		no flags Details
invalid opcode: 0000 [#2] SMP at kernel/cred.c:765! (2.44 KB, text/plain)
2009-07-01 02:02 UTC, Allen Kistler 		no flags Details
invalid opcode: 0000 [#3] 4b/0xa8 at kernel/cred.c:765! (759.81 KB, text/plain)
2009-07-01 02:04 UTC, Allen Kistler 		no flags Details
More comprehensive bug finder v3 (17.74 KB, patch)
2009-07-01 14:31 UTC, David Howells 		no flags Details | Diff
the oops trace back.... (3.21 KB, text/plain)
2009-07-01 17:43 UTC, Steve Dickson 		no flags Details
A more complete oops trace. (6.29 KB, text/plain)
2009-07-01 17:47 UTC, Steve Dickson 		no flags Details
Fix use of unrefcounted creds in nfsd_open() (1.45 KB, patch)
2009-07-02 13:37 UTC, David Howells 		no flags Details | Diff
Show Obsolete (4) View All

Description louisgtwo 2009-04-04 00:23:18 UTC 
Fedora 11 beta as of Apr 3 with kernel-2.6.29.1-46.fc11.x86_64 serving nfs to an fc10 box. Transfering a large movie to F11.


Installing knfsd (copyright (C) 1996 okir.de).
SELinux: initialized (dev nfsd, type nfsd), uses genfs_contexts
NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
NFSD: starting 90-second grace period
CE: hpet increasing min_delta_ns to 15000 nsec
BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
IP: [<ffffffff81186e28>] inode_has_perm+0x30/0x66
PGD 3d87c067 PUD 2e527067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:1c.3/0000:05:00.0/rfkill/rfkill0/state
CPU 1 
Modules linked in: nfsd lockd nfs_acl auth_rpcgss exportfs fuse sco bridge stp llc bnep l2cap bluetooth sunrpc nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath sha256_generic aes_x86_64 aes_generic cbc dm_crypt uinput snd_hda_codec_conexant snd_hda_intel snd_hda_codec snd_hwdep snd_pcm arc4 snd_timer firewire_ohci firewire_core uvcvideo videodev v4l1_compat v4l2_compat_ioctl32 ecb sdhci_pci crc_itu_t sdhci snd mmc_core e100 mii iwl3945 rfkill mac80211 lib80211 iTCO_wdt iTCO_vendor_support soundcore pcspkr snd_page_alloc i2c_i801 cfg80211 joydev wmi serio_raw i915 drm i2c_algo_bit i2c_core video output [last unloaded: microcode]
Pid: 3294, comm: nfsd Not tainted 2.6.29.1-46.fc11.x86_64 #1 HP Pavilion dv2000 (RG498UA#ABA)
RIP: 0010:[<ffffffff81186e28>]  [<ffffffff81186e28>] inode_has_perm+0x30/0x66
RSP: 0018:ffff88001f9efc10  EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
RDX: 0000000000100002 RSI: ffff88001fd34ae8 RDI: ffff88001e4189c0
RBP: ffff88001f9efc60 R08: 0000000000000000 R09: ffff88001e4189c0
R10: ffff88001f8468c0 R11: 0000000000000000 R12: ffff88001fd34ae8
R13: ffff88001e4189c0 R14: ffff88002ed3d180 R15: ffff88001fd34ae8
FS:  0000000000000000(0000) GS:ffff88003e44d080(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000004 CR3: 000000002e525000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nfsd (pid: 3294, threadinfo ffff88001f9ee000, task ffff88001f992e40)
Stack:
 ffff88002096dcc0 0000000000000404 ffff88001f9efc60 0000000000000246
 0000000000000001 ffffffff815f4040 ffff88001f9efc90 0000000000000246
 ffff88001f9c6000 ffff88002ed3d180 ffff88001f9efc90 ffffffff811894f8
Call Trace:
 [<ffffffff811894f8>] selinux_dentry_open+0xe7/0xf0
 [<ffffffff81181be1>] security_dentry_open+0x16/0x18
 [<ffffffff810d69de>] __dentry_open+0x11b/0x273
 [<ffffffff810d6bbd>] dentry_open+0x87/0x8e
 [<ffffffff813a9f97>] ? trace_hardirqs_on_thunk+0x3a/0x3c
 [<ffffffffa03390cc>] nfsd_open+0x12d/0x156 [nfsd]
 [<ffffffff81050686>] ? _local_bh_enable_ip+0xde/0xeb
 [<ffffffffa0339451>] nfsd_read+0x85/0xc4 [nfsd]
 [<ffffffffa033f6f8>] nfsd3_proc_read+0xe7/0x126 [nfsd]
 [<ffffffffa033426f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
 [<ffffffffa02921b5>] svc_process+0x426/0x642 [sunrpc]
 [<ffffffffa033486e>] nfsd+0x14c/0x1aa [nfsd]
 [<ffffffffa0334722>] ? nfsd+0x0/0x1aa [nfsd]
 [<ffffffff8105edd5>] kthread+0x4d/0x78
 [<ffffffff810126ca>] child_rip+0xa/0x20
 [<ffffffff81011fe7>] ? restore_args+0x0/0x30
 [<ffffffff8105ed88>] ? kthread+0x0/0x78
 [<ffffffff810126c0>] ? child_rip+0x0/0x20
Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
RIP  [<ffffffff81186e28>] inode_has_perm+0x30/0x66
 RSP <ffff88001f9efc10>
CR2: 0000000000000004
---[ end trace 01f6cff0bbdd1495 ]---
Comment 1 louisgtwo 2009-04-05 16:43:20 UTC 
Forgot to mention that this is an ext4 partition.
Comment 2 Chuck Ebbert 2009-04-13 16:26:16 UTC 
*** Bug 495405 has been marked as a duplicate of this bug. ***
Comment 3 Chuck Ebbert 2009-04-13 16:45:42 UTC 
NFSD is opening a file, which calls selinux functions; those hit a null pointer deref.
Comment 4 Eric Paris 2009-04-14 00:35:37 UTC 
Looks very similar to:
http://lkml.org/lkml/2009/3/26/326

which we believe to be a credentials problem......
Comment 5 Chuck Ebbert 2009-04-15 16:37:22 UTC 
Would this be fixed by commit 34574dd10b6d0697b86703388d6d6af9cbf4bb48
"keys: Handle there being no fallback destination keyring for request_key()" ??
Comment 6 Eric Paris 2009-04-15 18:36:59 UTC 
I believe this is a problem with a null current->credentials, not the key subsystem....
Comment 7 Leonhard Zachl 2009-04-27 15:29:04 UTC 
I tried the patch in comment #4 with kernel-2.6.29-102
no difference at all

my exported filesystem is:
/dev/mapper/datavgm2-musi on /var/musi type xfs (rw,context="system_u:object_r:public_content_rw_t:s0")
Comment 8 Eric Paris 2009-04-27 16:55:59 UTC 
There should HOPEFULLY be some additional information in dmesg before the panic.  If you look back through your logs do you see a warning anywhere?

There also is a new bit of debug info he added in that patch in case it is reusing a freed object.  Do you have your final backtrace available from the latest carsh?
Comment 9 Steve Dickson 2009-04-27 17:02:01 UTC 
Reassigned to David since it looks like a NULL credentials
Comment 10 Leonhard Zachl 2009-04-27 21:20:45 UTC 
no additional message in dmesg

last entry was
SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts

/var/log/messages:

Apr 27 16:51:16 mirr2 mountd[2417]: authenticated mount request from 10.254.254.17:752 for /var/musi (/var/musi)                                        Apr 27 16:51:28 mirr2 kernel: BUG: unable to handle kernel NULL pointer dereference at 000000000000000b                                                 Apr 27 16:51:28 mirr2 kernel: IP: [<ffffffff81187494>] inode_has_perm+0x30/0x66                                                                         Apr 27 16:51:28 mirr2 kernel: PGD 2fdd8067 PUD 2fdcf067 PMD 0                                                                                           Apr 27 16:51:28 mirr2 kernel: Oops: 0000 [#1] SMP                                                                                                       Apr 27 16:51:28 mirr2 kernel: last sysfs file: /sys/module/lockd/initstate                                                                              Apr 27 16:51:28 mirr2 kernel: CPU 0                                                                                                                     Apr 27 16:51:28 mirr2 kernel: Modules linked in: nfsd lockd nfs_acl auth_rpcgss sunrpc bridge stp llc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table dm_multipath raid1 pcspkr serio_raw k8temp forcedeth skge matroxfb_base matroxfb_DAC1064 matroxfb_accel matroxfb_Ti3026 matroxfb_g450 g450_pll matroxfb_misc pata_amd asus_atk0110 hwmon i2c_nforce2 i2c_core ata_generic pata_acpi sata_nv sata_sil raid456 async_xor async_memcpy async_tx xor xfs exportfs [last unloaded: scsi_wait_scan]                                                               Apr 27 16:51:28 mirr2 kernel: Pid: 2414, comm: nfsd Not tainted 2.6.29.1-102.local.fc11.x86_64 #1 System name                                           Apr 27 16:51:28 mirr2 kernel: RIP: 0010:[<ffffffff81187494>]  [<ffffffff81187494>] inode_has_perm+0x30/0x66                                             Apr 27 16:51:28 mirr2 kernel: RSP: 0018:ffff880030ac1c10  EFLAGS: 00010246                                                                              Apr 27 16:51:28 mirr2 kernel: RAX: 0000000000000007 RBX: 0000000000100004 RCX: 0000000000000000                                                         Apr 27 16:51:28 mirr2 kernel: RDX: 0000000000100004 RSI: ffff88002d56f440 RDI: ffff88002c16b480                                                         Apr 27 16:51:28 mirr2 kernel: RBP: ffff880030ac1c60 R08: 0000000000000000 R09: ffff88002c16b480                                                         Apr 27 16:51:28 mirr2 kernel: R10: ffff88002c2592c0 R11: 0000000000000000 R12: ffff88002d56f440                                                         Apr 27 16:51:28 mirr2 kernel: R13: ffff88002c16b480 R14: ffff88002c0a8900 R15: ffff88002d56f440                                                         Apr 27 16:51:28 mirr2 kernel: FS:  00007f9ba1f2c7b0(0000) GS:ffffffff817bf000(0000) knlGS:0000000000000000                                              Apr 27 16:51:28 mirr2 kernel: CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b                                                                         Apr 27 16:51:28 mirr2 kernel: CR2: 000000000000000b CR3: 000000002fdb9000 CR4: 00000000000006e0                                                         Apr 27 16:51:28 mirr2 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000                                                         Apr 27 16:51:28 mirr2 kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400                                                         Apr 27 16:51:28 mirr2 kernel: Process nfsd (pid: 2414, threadinfo ffff880030ac0000, task ffff880030a72e40)                                              Apr 27 16:51:28 mirr2 kernel: Stack:                                                                                                                    Apr 27 16:51:28 mirr2 kernel: ffff88002c0a8a80 ffff88002c0a86c0 ffff880030ac1c60 0000000000000246                                                       Apr 27 16:51:28 mirr2 kernel: 0000000000000001 ffffffff815fc040 ffff880030ac1c90 0000000000000246                                                       Apr 27 16:51:28 mirr2 kernel: ffff880030aa0000 ffff88002c0a8900 ffff880030ac1c90 ffffffff81189b64                                                       Apr 27 16:51:28 mirr2 kernel: Call Trace:                                                                                                               Apr 27 16:51:28 mirr2 kernel: [<ffffffff81189b64>] selinux_dentry_open+0xe7/0xf0                                                                        Apr 27 16:51:28 mirr2 kernel: [<ffffffff81182245>] security_dentry_open+0x16/0x18                                                                       Apr 27 16:51:28 mirr2 kernel: [<ffffffff810d6531>] __dentry_open+0x122/0x281                                                                            Apr 27 16:51:28 mirr2 kernel: [<ffffffff810d6717>] dentry_open+0x87/0x8e                                                                                Apr 27 16:51:28 mirr2 kernel: [<ffffffffa02200db>] nfsd_open+0x134/0x15d [nfsd]                                                                         Apr 27 16:51:28 mirr2 kernel: [<ffffffffa022038e>] nfsd_write+0x8e/0xdb [nfsd]                                                                          Apr 27 16:51:28 mirr2 kernel: [<ffffffffa0226624>] nfsd3_proc_write+0xcd/0xee [nfsd]                                                                    Apr 27 16:51:28 mirr2 kernel: [<ffffffffa021b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd]                                                                      Apr 27 16:51:28 mirr2 kernel: [<ffffffffa01d12dd>] svc_process+0x426/0x642 [sunrpc]                                                                     Apr 27 16:51:28 mirr2 kernel: [<ffffffffa021b86e>] nfsd+0x14c/0x1aa [nfsd]                                                                              Apr 27 16:51:28 mirr2 kernel: [<ffffffffa021b722>] ? nfsd+0x0/0x1aa [nfsd]                                                                              Apr 27 16:51:28 mirr2 kernel: [<ffffffff8105e881>] kthread+0x4d/0x78                                                                                    Apr 27 16:51:28 mirr2 kernel: [<ffffffff810126ca>] child_rip+0xa/0x20                                                                                   Apr 27 16:51:28 mirr2 kernel: [<ffffffff81011fe7>] ? restore_args+0x0/0x30                                                                              Apr 27 16:51:28 mirr2 kernel: [<ffffffff8105e834>] ? kthread+0x0/0x78                                                                                   Apr 27 16:51:28 mirr2 kernel: [<ffffffff810126c0>] ? child_rip+0x0/0x20                                                                                 Apr 27 16:51:28 mirr2 kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7                                                                           Apr 27 16:51:28 mirr2 kernel: RIP  [<ffffffff81187494>] inode_has_perm+0x30/0x66                                                                        Apr 27 16:51:28 mirr2 kernel: RSP <ffff880030ac1c10>                                                                                                    Apr 27 16:51:28 mirr2 kernel: CR2: 000000000000000b
Apr 27 16:51:28 mirr2 kernel: ---[ end trace 8ecb9a6954f09dd2 ]---
Comment 11 Leonhard Zachl 2009-04-28 10:11:13 UTC 
any hints how to debug?
Comment 12 Chuck Ebbert 2009-04-29 03:49:15 UTC 
security/selinux/hooks.c:inode_has_perm():
        sid = cred_sid(cred);

security/selinux/hooks.c:cred_sid():
        tsec = cred->security;
        return tsec->sid;

  cred->security is NULL
Comment 13 Leonhard Zachl 2009-04-29 12:38:20 UTC 
That's what's causing it.

And now?

in kernel-2.6.29-111 the bug is still there
Comment 14 Chuck Ebbert 2009-05-09 06:17:52 UTC 
(In reply to comment #10)
> no additional message in dmesg
> 

Wait a minute, that patch did catch something. Before, the null deref was at 0x4 and now it's at 0xb.

Faulting insn:
  mov    0x4(%rax),%r9d

rax is 0x7 now instead of NULL, probably because of this hunk:

--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3236,7 +3236,7 @@ static int selinux_task_create(unsigned long clone_flags)
 static void selinux_cred_free(struct cred *cred)
 {
 	struct task_security_struct *tsec = cred->security;
-	cred->security = NULL;
+	cred->security = (void *) 0x7UL;
 	kfree(tsec);
 }
Comment 15 Chuck Ebbert 2009-05-09 22:45:01 UTC 
(In reply to comment #11)
> any hints how to debug?  

You could try changing all the lines like:

  WARN_ON(!new->security);

in the patch from comment #4 to something like:

  WARN_ON((unsigned long)new->security < 8);
Comment 16 Chuck Ebbert 2009-05-13 16:56:40 UTC 
Created attachment 343818 [details]
new patch

Added a new debugging patch that checks for pointer value less than 8 instead of NULL.
Comment 17 Orion Poplawski 2009-05-15 15:07:01 UTC 
I have seen this since booting kernel-2.6.29.3-60.fc10.  Anyone else?
Comment 18 Eric Paris 2009-05-15 17:51:36 UTC 
Can I get everyone having this problem to give me as many details about their setup as they can?  Are you using NFSv3? NFSv4?  What options do you have on your exports? What is the underlying FS?  What are the options the share (or shares) are being mounted with?  Anything you can think of that might allow me to reproduce the problem....
Comment 19 Leonhard Zachl 2009-05-15 18:56:02 UTC 
server:
cpu: AMD Athlon(tm) 64 Processor 3500+

kernel-2.6.29.1-111.fc11.x86_64
kernel-2.6.29.2-126.fc11.x86_64

/etc/exports:
/var/musi 10.254.254.17(rw,all_squash,anonuid=500,anongid=500,async)
/var/videos 10.254.254.17(rw,all_squash,anonuid=500,anongid=500,async)

mount:
/dev/mapper/datavgm2-musi on /var/musi type xfs (rw,context="system_u:object_r:public_content_rw_t:s0")


client:
cpu: AMD Phenom(tm) 9550 Quad-Core Processor
kernel 2.6.29.1-30.fc10.x86_64

mount: (via autofs)
mirr2:/var/musi on /net/mirr2/var/musi type nfs (rw,nosuid,nodev,sloppy,addr=10.254.254.24)
Comment 20 Leonhard Zachl 2009-05-19 16:30:37 UTC 
/etc/sysconfig/nfs:
#
# Define which protocol versions mountd 
# will advertise. The values are "no" or "yes"
# with yes being the default
#MOUNTD_NFS_V1="no"
#MOUNTD_NFS_V2="no"
#MOUNTD_NFS_V3="no"
#
#
# Path to remote quota server. See rquotad(8)
#RQUOTAD="/usr/sbin/rpc.rquotad"
# Port rquotad should listen on.
#RQUOTAD_PORT=875
# Optinal options passed to rquotad
#RPCRQUOTADOPTS=""
#
#
# Optional arguments passed to in-kernel lockd
#LOCKDARG=
# TCP port rpc.lockd should listen on.
#LOCKD_TCPPORT=32803
# UDP port rpc.lockd should listen on.
#LOCKD_UDPPORT=32769
#
#
# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8)
# Turn off v2 and v3 protocol support
#RPCNFSDARGS="-N 2 -N 3"
# Turn off v4 protocol support
#RPCNFSDARGS="-N 4"
# Number of nfs server processes to be started.
# The default is 8. 
#RPCNFSDCOUNT=8
# Stop the nfsd module from being pre-loaded
#NFSD_MODULE="noload"
#
#
# Optional arguments passed to rpc.mountd. See rpc.mountd(8)
#RPCMOUNTDOPTS=""
# Port rpc.mountd should listen on.
MOUNTD_PORT=892
#
#
# Optional arguments passed to rpc.statd. See rpc.statd(8)
#STATDARG=""
# Port rpc.statd should listen on.
STATD_PORT=662
# Outgoing port statd should used. The default is port
# is random
STATD_OUTGOING_PORT=2020
# Specify callout program 
#STATD_HA_CALLOUT="/usr/local/bin/foo"
#
#
# Optional arguments passed to rpc.idmapd. See rpc.idmapd(8)
#RPCIDMAPDARGS=""
#
# Set to turn on Secure NFS mounts. 
#SECURE_NFS="yes"
# Optional arguments passed to rpc.gssd. See rpc.gssd(8)
#RPCGSSDARGS=""
# Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8)
#RPCSVCGSSDARGS=""
#
Comment 21 Chuck Ebbert 2009-05-27 14:43:20 UTC 
*** Bug 502423 has been marked as a duplicate of this bug. ***
Comment 22 Eric Paris 2009-06-08 12:33:07 UTC 
*** Bug 504484 has been marked as a duplicate of this bug. ***
Comment 23 Jarod Wilson 2009-06-08 20:43:43 UTC 
Hitting this myself. Triggers repeatedly simply copying a Fedora DVD iso from a read-only nfs share to a client (spew is on the server side), nothing at all complex about the setup. Both machines have selinux enabled, but in permissive mode.
Comment 24 Chuck Ebbert 2009-06-08 22:02:33 UTC 
kernel-debug-2.6.29.4-169 and later have the debug code from comment #16 included.
(Note you need to install the kernel-debug package.)
Comment 25 Bug Zapper 2009-06-09 13:14:16 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 26 Matthias Bruegge 2009-06-13 14:56:05 UTC 
I downgraded to nfs-utils-1.1.4-8.fc10.i386 and the same  error occurs.
Maybe it is only another problem with selinux ?

Jun 13 16:52:28 jack kernel: BUG: unable to handle kernel NULL pointer dereference at 00000004
Jun 13 16:52:28 jack kernel: IP: [<c053b184>] inode_has_perm+0x25/0x6a
Jun 13 16:52:28 jack kernel: *pdpt = 000000003505a001 *pde = 000000007f1bc067 
Jun 13 16:52:28 jack kernel: Oops: 0000 [#1] SMP 
Jun 13 16:52:28 jack kernel: last sysfs file: /sys/devices/pci0000:00/0000:00:05.0/host4/target4:0:0/4:0:0:0/model
Jun 13 16:52:28 jack kernel: Modules linked in: fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs w83781d hwmon_vid hwmon lockd sunrpc ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 dm_multipath uinput ata_generic pata_acpi i2c_piix4 sym53c8xx e100 i2c_core scsi_transport_spi pata_hpt3x2n serio_raw mii pcspkr pata_serverworks pata_hpt37x gdth [last unloaded: scsi_wait_scan]
Jun 13 16:52:28 jack kernel:
Jun 13 16:52:28 jack kernel: Pid: 2654, comm: nfsd Not tainted (2.6.29.4-167.fc11.i686.PAE #1) System Name
Jun 13 16:52:28 jack kernel: EIP: 0060:[<c053b184>] EFLAGS: 00010246 CPU: 1
Jun 13 16:52:28 jack kernel: EIP is at inode_has_perm+0x25/0x6a
Jun 13 16:52:28 jack kernel: EAX: 00000000 EBX: 00000000 ECX: 00100004 EDX: ee157710
Jun 13 16:52:28 jack kernel: ESI: 00100004 EDI: ee931c80 EBP: ef13fea8 ESP: ef13fe5c
Jun 13 16:52:28 jack kernel: DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Jun 13 16:52:28 jack kernel: Process nfsd (pid: 2654, ti=ef13e000 task=f5721940 task.ti=ef13e000)
Jun 13 16:52:28 jack kernel: Stack:
Jun 13 16:52:28 jack kernel: ef13fe78 00000620 00001e64 ef13e000 c0568008 f111e004 11270000 ee5afd48
Jun 13 16:52:28 jack kernel: ef13fec4 f8286906 00000002 f111e01c 00000246 00000001 ef13feb4 00000246
Jun 13 16:52:28 jack kernel: ef92e500 ee157710 ee931c80 ef13fec4 c053d41d 00000000 f54bb870 ef92e500
Jun 13 16:52:28 jack kernel: Call Trace:
Jun 13 16:52:28 jack kernel: [<c0568008>] ? trace_hardirqs_on_thunk+0xc/0x10
Jun 13 16:52:28 jack kernel: [<f8286906>] ? nfsd_setuser_and_check_port+0x53/0x59 [nfsd]
Jun 13 16:52:28 jack kernel: [<c053d41d>] ? selinux_dentry_open+0xda/0xe2
Jun 13 16:52:28 jack kernel: [<c05366f6>] ? security_dentry_open+0x14/0x16
Jun 13 16:52:28 jack kernel: [<c04a73be>] ? __dentry_open+0xf1/0x1f9
Jun 13 16:52:28 jack kernel: [<c04a7532>] ? dentry_open+0x6c/0x76
Jun 13 16:52:28 jack kernel: [<f8288620>] ? nfsd_open+0x107/0x12e [nfsd]
Jun 13 16:52:28 jack kernel: [<f82887fd>] ? nfsd_commit+0x3a/0x82 [nfsd]
Jun 13 16:52:28 jack kernel: [<f828d774>] ? nfsd3_proc_commit+0x95/0xa2 [nfsd]
Jun 13 16:52:28 jack kernel: [<f828e9f9>] ? nfs3svc_decode_commitargs+0x0/0x6a [nfsd]
Jun 13 16:52:28 jack kernel: [<f8284218>] ? nfsd_dispatch+0xd6/0x1a2 [nfsd]
Jun 13 16:52:28 jack kernel: [<f81bab8c>] ? svc_process+0x391/0x596 [sunrpc]
Jun 13 16:52:28 jack kernel: [<f8284720>] ? nfsd+0xf7/0x147 [nfsd]
Jun 13 16:52:28 jack kernel: [<f8284629>] ? nfsd+0x0/0x147 [nfsd]
Jun 13 16:52:28 jack kernel: [<c0446fc8>] ? kthread+0x41/0x65
Jun 13 16:52:28 jack kernel: [<c0446f87>] ? kthread+0x0/0x65
Jun 13 16:52:28 jack kernel: [<c0409dbf>] ? kernel_thread_helper+0x7/0x10
Jun 13 16:52:28 jack kernel: Code: e0 ea 5b 5e 5d c3 55 89 e5 57 56 53 83 ec 40 0f 1f 44 00 00 8b 5d 08 89 c7 31 c0 f6 82 45 01 00 00 02 89 ce 75 42 8b 47 58 85 db <8b> 40 04 89 45 b4 8b 82 4c 01 00 00 89 45 b8 75 16 b9 0e 00 00 
Jun 13 16:52:28 jack kernel: EIP: [<c053b184>] inode_has_perm+0x25/0x6a SS:ESP 0068:ef13fe5c
Jun 13 16:52:29 jack kernel: ---[ end trace 69d50f50088a4f90 ]---
Jun 13 16:52:40 jack kerneloops: Submitted 1 kernel oopses to www.kerneloops.org
Comment 27 Chuck Ebbert 2009-06-16 05:30:42 UTC 
*** Bug 506061 has been marked as a duplicate of this bug. ***
Comment 28 David Howells 2009-06-16 10:12:46 UTC 
This looks like a refcounting problem, or a place where we're using credentials after freeing them.  Comment #14 indicates that my patch to selinux_cred_free() tripped - so we're accessing a free'd cred struct.
Comment 29 David Howells 2009-06-16 18:25:44 UTC 
Created attachment 348146 [details]
More comprehensive bug finder

This patch does more comprehensive checking of cred struct accounting.  In particular it counts the pointers from task_structs and checks that this never exceeds the total number of references on a cred struct.  To enable the checks, you need to turn on CONFIG_DEBUG_CREDENTIALS.
Comment 30 Chuck Ebbert 2009-06-16 19:06:53 UTC 
new debug patch went in  2.6.29.5-189, anbled for all kernels, not just -debug ones.
Comment 31 Chuck Ebbert 2009-06-16 20:28:19 UTC 
Created attachment 348162 [details]
oops on shutdown with new debug patch applied
Comment 32 Chuck Ebbert 2009-06-16 20:37:44 UTC 
Created attachment 348163 [details]
oops on boot with new debug patch
Comment 33 Chuck Ebbert 2009-06-17 00:23:20 UTC 
Patch has been disabled in 2.6.29.5-191
Comment 34 Chuck Ebbert 2009-06-20 10:18:41 UTC 
*** Bug 506962 has been marked as a duplicate of this bug. ***
Comment 35 Göran Uddeborg 2009-06-23 14:47:23 UTC 
(In reply to comment #18)
> Can I get everyone having this problem to give me as many details about their
> setup as they can?

Are you still collecting?  If so, here's ours:

Server:
mimmi$ grep home /etc/exports 
/home                   172.17.0.0/18(rw,sync,no_root_squash)
mimmi$ grep /root /proc/mounts
/dev/root / ext3 rw,relatime,errors=continue,data=ordered 0 0

Client:
freddi$ grep /home /etc/fstab
mimmi:/home             /home                   nfs     defaults,bg     0 0
freddi$ grep mimmi:/home /proc/mounts
mimmi:/home /home nfs rw,relatime,vers=3,rsize=262144,wsize=262144,namlen=255,hard,nointr,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=172.17.0.1,mountvers=3,mountproto=tcp,addr=172.17.0.1 0 0

Some symptoms on the client I assume are caused by this:
freddi$ grep 'server mimmi' /var/log/messages | tail -1
Jun 23 09:52:20 freddi kernel: lockd: server mimmi not responding, still trying
freddi$ ps -lC firefox -ww
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
0 Z   500  2416  2399  2  80   0 -     0 exit   ?        00:30:01 firefox <defunct>
0 D   500  5243  5226  0  80   0 - 83804 rpc_wa ?        00:00:00 firefox
0 D   500  5421  5404  0  80   0 - 83804 rpc_wa ?        00:00:00 firefox
0 D   500  5440  5423  0  80   0 - 83804 rpc_wa ?        00:00:00 firefox
0 D   500  6005  5988  0  80   0 - 83804 rpc_wa ?        00:00:00 firefox
freddi$ rpcinfo mimmi | grep 100021
    100021    1    udp       0.0.0.0.206.241        nlockmgr   unknown
    100021    3    udp       0.0.0.0.206.241        nlockmgr   unknown
    100021    4    udp       0.0.0.0.206.241        nlockmgr   unknown
    100021    1    tcp       0.0.0.0.226.187        nlockmgr   unknown
    100021    3    tcp       0.0.0.0.226.187        nlockmgr   unknown
    100021    4    tcp       0.0.0.0.226.187        nlockmgr   unknown
freddi$ rpcinfo -t mimmi 100021
rpcinfo: RPC: Timed out
program 100021 version 0 is not available

The latest "BUG" post in dmesg on the server attached below.
Comment 36 Göran Uddeborg 2009-06-23 14:48:28 UTC 
Created attachment 349098 [details]
Sample oops from server
Comment 37 Allen Kistler 2009-06-27 02:54:11 UTC 
(In reply to comment #18)
> Can I get everyone having this problem to give me as many details about their
> setup as they can?  Are you using NFSv3? NFSv4?  What options do you have on
> your exports? What is the underlying FS?  What are the options the share (or
> shares) are being mounted with?  Anything you can think of that might allow me
> to reproduce the problem....  

If it helps....

kernel-2.6.29.5-191.fc11.i586
nfs-utils-1.2.0-3.fc11.i586

# cat /etc/exports
/var/ftp        192.168.0.0/16(rw,all_squash)

[although most of the content is root:root 644]

# cat /etc/fstab
/dev/vg0/f11    /               ext2    defaults                        1 1
/dev/sda2       /boot           ext2    defaults                        1 2
/dev/vg0/ftp    /var/ftp        ext2    defaults                        1 2

# rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp   2052  status
    100024    1   tcp   2052  status
    100003    3   udp   2049  nfs
    100021    1   udp   2050  nlockmgr
    100021    3   udp   2050  nlockmgr
    100021    4   udp   2050  nlockmgr
    100021    1   tcp   2050  nlockmgr
    100021    3   tcp   2050  nlockmgr
    100021    4   tcp   2050  nlockmgr
    100003    3   tcp   2049  nfs
    100005    3   udp   2051  mountd
    100005    3   tcp   2051  mountd

... and then pound the share.
Sometimes for as little as 2GB.
Sometimes for as much as 8GB.

I'll attach my series of oopses.  Each one has minor variations from the others.
Comment 38 Allen Kistler 2009-06-27 02:54:55 UTC 
Created attachment 349618 [details]
Oops #1
Comment 39 Allen Kistler 2009-06-27 02:55:35 UTC 
Created attachment 349620 [details]
Oops #2
Comment 40 Allen Kistler 2009-06-27 02:56:08 UTC 
Created attachment 349621 [details]
Oops #3
Comment 41 Allen Kistler 2009-06-27 02:56:38 UTC 
Created attachment 349622 [details]
Oops #4
Comment 42 Allen Kistler 2009-06-27 02:57:09 UTC 
Created attachment 349623 [details]
Oops #5
Comment 43 Allen Kistler 2009-06-27 02:57:43 UTC 
Created attachment 349624 [details]
Oops #6
Comment 44 William A. Mahaffey III 2009-06-27 04:54:07 UTC 
kernel: 2.6.29.4-167.fc11.x86_64
NFS:1:1.1.5-6.fc11.x86_64

[root@athloncube:/etc, Fri Jun 26, 11:50 PM] 1116 # cat /etc/exports
# See the exports(5) manpage for a description of the syntax of this file.
# This file contains a list of all directories that are to be exported to
# other computers via NFS (Network File System).
# This file used by rpc.nfsd and rpc.mountd. See their manpages for details
# on how make changes in this file effective.

/home   192.168.0.0/24(secure,rw,sync)
# /work 192.168.0.0/24(secure,rw,sync)
[root@athloncube:/etc, Fri Jun 26, 11:51 PM] 1117 #

[root@athloncube:/etc, Fri Jun 26, 11:51 PM] 1117 # cat /etc/fstab
/dev/VolGroup00/LogVol00 /                       ext3    defaults        1 1
UUID=5f6e6b1b-ecd8-4370-9f78-a46fd13079a8 /home                   ext3    defaults        1 2
UUID=b9d2caa2-bc2a-431b-a78b-c02beda7bf8e /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0
[root@athloncube:/etc, Fri Jun 26, 11:52 PM] 1118 #

[root@athloncube:/etc, Fri Jun 26, 11:52 PM] 1118 # rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    862  status
    100024    1   tcp    862  status
    100011    1   udp    875  rquotad
    100011    2   udp    875  rquotad
    100011    1   tcp    875  rquotad
    100011    2   tcp    875  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   udp  32769  nlockmgr
    100021    3   udp  32769  nlockmgr
    100021    4   udp  32769  nlockmgr
    100021    1   tcp  32803  nlockmgr
    100021    3   tcp  32803  nlockmgr
    100021    4   tcp  32803  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100005    1   udp    892  mountd
    100005    1   tcp    892  mountd
    100005    2   udp    892  mountd
    100005    2   tcp    892  mountd
    100005    3   udp    892  mountd
    100005    3   tcp    892  mountd
[root@athloncube:/etc, Fri Jun 26, 11:53 PM] 1119 #

from messages file, last night, during an across the LAN tar backup:



Jun 26 00:47:43 athloncube mountd[1717]: authenticated mount request from 192.168.0.9:1010 for /home (/home)
Jun 26 00:57:11 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
Jun 26 00:57:11 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 00:57:11 athloncube kernel: PGD 60080067 PUD 714c6067 PMD 0 
Jun 26 00:57:11 athloncube kernel: Oops: 0000 [#1] SMP 
Jun 26 00:57:11 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
Jun 26 00:57:11 athloncube kernel: CPU 1 
Jun 26 00:57:11 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Jun 26 00:57:11 athloncube kernel: Pid: 1714, comm: nfsd Not tainted 2.6.29.4-167.fc11.x86_64 #1 M61SME-S2
Jun 26 00:57:11 athloncube kernel: RIP: 0010:[<ffffffff81184289>]  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 00:57:11 athloncube kernel: RSP: 0018:ffff880071f35c10  EFLAGS: 00010246
Jun 26 00:57:11 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
Jun 26 00:57:11 athloncube kernel: RDX: 0000000000100002 RSI: ffff88005273dbc8 RDI: ffff880044c7f600
Jun 26 00:57:11 athloncube kernel: RBP: ffff880071f35c60 R08: 0000000000000000 R09: ffff880044c7f600
Jun 26 00:57:11 athloncube kernel: R10: ffff88005a1033c0 R11: 0000000000000000 R12: ffff88005273dbc8
Jun 26 00:57:11 athloncube kernel: R13: ffff880044c7f600 R14: ffff880044c64d80 R15: ffff88005273dbc8
Jun 26 00:57:11 athloncube kernel: FS:  00007f2fb4f626f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730
Jun 26 00:57:11 athloncube kernel: CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Jun 26 00:57:11 athloncube kernel: CR2: 0000000000000004 CR3: 000000006391a000 CR4: 00000000000006e0
Jun 26 00:57:11 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jun 26 00:57:11 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jun 26 00:57:11 athloncube kernel: Process nfsd (pid: 1714, threadinfo ffff880071f34000, task ffff880071e05c00)
Jun 26 00:57:11 athloncube kernel: Stack:
Jun 26 00:57:11 athloncube kernel: ffff8800454ba000 0000000000000404 ffff880071f35c60 0000000000000246
Jun 26 00:57:11 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071f35c90 0000000000000246
Jun 26 00:57:11 athloncube kernel: ffff880071f35c60 ffff880044c64d80 ffff880071f35c90 ffffffff81186984
Jun 26 00:57:11 athloncube kernel: Call Trace:
Jun 26 00:57:11 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0
Jun 26 00:57:11 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18
Jun 26 00:57:11 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273
Jun 26 00:57:11 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e
Jun 26 00:57:11 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd]
Jun 26 00:57:11 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb
Jun 26 00:57:11 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd]
Jun 26 00:57:11 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd]
Jun 26 00:57:11 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
Jun 26 00:57:11 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc]
Jun 26 00:57:11 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd]
Jun 26 00:57:11 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd]
Jun 26 00:57:11 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78
Jun 26 00:57:11 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20
Jun 26 00:57:11 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30
Jun 26 00:57:11 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78
Jun 26 00:57:11 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20
Jun 26 00:57:11 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
Jun 26 00:57:11 athloncube kernel: RIP  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 00:57:11 athloncube kernel: RSP <ffff880071f35c10>
Jun 26 00:57:11 athloncube kernel: CR2: 0000000000000004
Jun 26 00:57:11 athloncube kernel: ---[ end trace 7fc40d2751b4b85f ]---
Jun 26 00:58:00 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org
Jun 26 01:04:07 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
Jun 26 01:04:07 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:04:07 athloncube kernel: PGD 5f9f0067 PUD 5f4d9067 PMD 0 
Jun 26 01:04:07 athloncube kernel: Oops: 0000 [#2] SMP 
Jun 26 01:04:07 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
Jun 26 01:04:07 athloncube kernel: CPU 1 
Jun 26 01:04:07 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Jun 26 01:04:07 athloncube kernel: Pid: 1710, comm: nfsd Tainted: G      D    2.6.29.4-167.fc11.x86_64 #1 M61SME-S2
Jun 26 01:04:07 athloncube kernel: RIP: 0010:[<ffffffff81184289>]  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:04:07 athloncube kernel: RSP: 0018:ffff880071dffc10  EFLAGS: 00010246
Jun 26 01:04:07 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
Jun 26 01:04:07 athloncube kernel: RDX: 0000000000100002 RSI: ffff8800465689c8 RDI: ffff8800399cfa80
Jun 26 01:04:07 athloncube kernel: RBP: ffff880071dffc60 R08: 0000000000000000 R09: ffff8800399cfa80
Jun 26 01:04:07 athloncube kernel: R10: ffff880078c54e00 R11: 0000000000000000 R12: ffff8800465689c8
Jun 26 01:04:07 athloncube kernel: R13: ffff8800399cfa80 R14: ffff880060df0b40 R15: ffff8800465689c8
Jun 26 01:04:07 athloncube kernel: FS:  00007f8f9be8d6f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730
Jun 26 01:04:07 athloncube kernel: CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Jun 26 01:04:07 athloncube kernel: CR2: 0000000000000004 CR3: 000000005f8be000 CR4: 00000000000006e0
Jun 26 01:04:07 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jun 26 01:04:07 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jun 26 01:04:07 athloncube kernel: Process nfsd (pid: 1710, threadinfo ffff880071dfe000, task ffff880071e00000)
Jun 26 01:04:07 athloncube kernel: Stack:
Jun 26 01:04:07 athloncube kernel: ffffffff811836a7 ffff8800399cfa80 ffff880071dffc30 ffffffff81042d14
Jun 26 01:04:07 athloncube kernel: ffff880071dffc40 ffffffff813aa05a ffff880071dffc90 0000000000000246
Jun 26 01:04:07 athloncube kernel: ffffffffffffff9e ffff880060df0b40 ffff880071dffc90 ffffffff81186984
Jun 26 01:04:07 athloncube kernel: Call Trace:
Jun 26 01:04:07 athloncube kernel: [<ffffffff811836a7>] ? selinux_file_alloc_security+0x37/0x57
Jun 26 01:04:07 athloncube kernel: [<ffffffff81042d14>] ? __cond_resched+0x32/0x5b
Jun 26 01:04:07 athloncube kernel: [<ffffffff813aa05a>] ? _cond_resched+0x35/0x40
Jun 26 01:04:07 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0
Jun 26 01:04:07 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18
Jun 26 01:04:07 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273
Jun 26 01:04:07 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e
Jun 26 01:04:07 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb
Jun 26 01:04:07 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78
Jun 26 01:04:07 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20
Jun 26 01:04:07 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30
Jun 26 01:04:07 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78
Jun 26 01:04:07 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20
Jun 26 01:04:07 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
Jun 26 01:04:07 athloncube kernel: RIP  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:04:07 athloncube kernel: RSP <ffff880071dffc10>
Jun 26 01:04:07 athloncube kernel: CR2: 0000000000000004
Jun 26 01:04:07 athloncube kernel: ---[ end trace 7fc40d2751b4b860 ]---
Jun 26 01:04:07 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
Jun 26 01:04:07 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:04:07 athloncube kernel: PGD 5f9f0067 PUD 5f4d9067 PMD 0 
Jun 26 01:04:07 athloncube kernel: Oops: 0000 [#3] SMP 
Jun 26 01:04:07 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
Jun 26 01:04:07 athloncube kernel: CPU 1 
Jun 26 01:04:07 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Jun 26 01:04:07 athloncube kernel: Pid: 1708, comm: nfsd Tainted: G      D    2.6.29.4-167.fc11.x86_64 #1 M61SME-S2
Jun 26 01:04:07 athloncube kernel: RIP: 0010:[<ffffffff81184289>]  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:04:07 athloncube kernel: RSP: 0018:ffff880071d7bc10  EFLAGS: 00010246
Jun 26 01:04:07 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
Jun 26 01:04:07 athloncube kernel: RDX: 0000000000100002 RSI: ffff8800465689c8 RDI: ffff8800411d0840
Jun 26 01:04:07 athloncube kernel: RBP: ffff880071d7bc60 R08: 0000000000000000 R09: ffff8800411d0840
Jun 26 01:04:07 athloncube kernel: R10: ffff880078c54e00 R11: 0000000000000000 R12: ffff8800465689c8
Jun 26 01:04:07 athloncube kernel: R13: ffff8800411d0840 R14: ffff880040c53780 R15: ffff8800465689c8
Jun 26 01:04:07 athloncube kernel: FS:  00007f8f9be8d6f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730
Jun 26 01:04:07 athloncube kernel: CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Jun 26 01:04:07 athloncube kernel: CR2: 0000000000000004 CR3: 000000005f8be000 CR4: 00000000000006e0
Jun 26 01:04:07 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jun 26 01:04:07 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jun 26 01:04:07 athloncube kernel: Process nfsd (pid: 1708, threadinfo ffff880071d7a000, task ffff880073b55c00)
Jun 26 01:04:07 athloncube kernel: Stack:
Jun 26 01:04:07 athloncube kernel: ffff880040c53a80 0000000000000404 ffff880071d7bc60 0000000000000246
Jun 26 01:04:07 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071d7bc90 0000000000000246
Jun 26 01:04:07 athloncube kernel: ffff880071ca2000 ffff880040c53780 ffff880071d7bc90 ffffffff81186984
Jun 26 01:04:07 athloncube kernel: Call Trace:
Jun 26 01:04:07 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0
Jun 26 01:04:07 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18
Jun 26 01:04:07 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273
Jun 26 01:04:07 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e
Jun 26 01:04:07 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb
Jun 26 01:04:07 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd]
Jun 26 01:04:07 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78
Jun 26 01:04:07 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20
Jun 26 01:04:07 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30
Jun 26 01:04:07 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78
Jun 26 01:04:07 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20
Jun 26 01:04:07 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
Jun 26 01:04:07 athloncube kernel: RIP  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:04:07 athloncube kernel: RSP <ffff880071d7bc10>
Jun 26 01:04:07 athloncube kernel: CR2: 0000000000000004
Jun 26 01:04:07 athloncube kernel: ---[ end trace 7fc40d2751b4b861 ]---
Jun 26 01:05:01 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org
Jun 26 01:15:54 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
Jun 26 01:15:54 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:15:54 athloncube kernel: PGD 71d6d067 PUD 71d6b067 PMD 0 
Jun 26 01:15:54 athloncube kernel: Oops: 0000 [#4] SMP 
Jun 26 01:15:54 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
Jun 26 01:15:54 athloncube kernel: CPU 1 
Jun 26 01:15:54 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Jun 26 01:15:54 athloncube kernel: Pid: 1709, comm: nfsd Tainted: G      D    2.6.29.4-167.fc11.x86_64 #1 M61SME-S2
Jun 26 01:15:54 athloncube kernel: RIP: 0010:[<ffffffff81184289>]  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:15:54 athloncube kernel: RSP: 0018:ffff880071dbdc10  EFLAGS: 00010246
Jun 26 01:15:54 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
Jun 26 01:15:54 athloncube kernel: RDX: 0000000000100002 RSI: ffff8800591343c8 RDI: ffff88003e9fbb40
Jun 26 01:15:54 athloncube kernel: RBP: ffff880071dbdc60 R08: 0000000000000000 R09: ffff88003e9fbb40
Jun 26 01:15:54 athloncube kernel: R10: ffff88001eb2c480 R11: 0000000000000000 R12: ffff8800591343c8
Jun 26 01:15:54 athloncube kernel: R13: ffff88003e9fbb40 R14: ffff880070899540 R15: ffff8800591343c8
Jun 26 01:15:54 athloncube kernel: FS:  00007fa05d7826f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730
Jun 26 01:15:54 athloncube kernel: CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Jun 26 01:15:54 athloncube kernel: CR2: 0000000000000004 CR3: 0000000071d87000 CR4: 00000000000006e0
Jun 26 01:15:54 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jun 26 01:15:54 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jun 26 01:15:54 athloncube kernel: Process nfsd (pid: 1709, threadinfo ffff880071dbc000, task ffff880074b05c00)
Jun 26 01:15:54 athloncube kernel: Stack:
Jun 26 01:15:54 athloncube kernel: ffff88002dddbcc0 0000000000000404 ffff880071dbdc60 0000000000000246
Jun 26 01:15:54 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071dbdc90 0000000000000246
Jun 26 01:15:54 athloncube kernel: ffff880071d7c000 ffff880070899540 ffff880071dbdc90 ffffffff81186984
Jun 26 01:15:54 athloncube kernel: Call Trace:
Jun 26 01:15:54 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0
Jun 26 01:15:54 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18
Jun 26 01:15:54 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273
Jun 26 01:15:54 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e
Jun 26 01:15:54 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd]
Jun 26 01:15:54 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb
Jun 26 01:15:54 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd]
Jun 26 01:15:54 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd]
Jun 26 01:15:54 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
Jun 26 01:15:54 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc]
Jun 26 01:15:54 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd]
Jun 26 01:15:54 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd]
Jun 26 01:15:54 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78
Jun 26 01:15:54 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20
Jun 26 01:15:54 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30
Jun 26 01:15:54 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78
Jun 26 01:15:54 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20
Jun 26 01:15:54 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
Jun 26 01:15:54 athloncube kernel: RIP  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:15:54 athloncube kernel: RSP <ffff880071dbdc10>
Jun 26 01:15:54 athloncube kernel: CR2: 0000000000000004
Jun 26 01:15:54 athloncube kernel: ---[ end trace 7fc40d2751b4b862 ]---
Jun 26 01:16:48 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org
Jun 26 01:56:24 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
Jun 26 01:56:24 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:56:24 athloncube kernel: PGD 71d6d067 PUD 71d6b067 PMD 0 
Jun 26 01:56:24 athloncube kernel: Oops: 0000 [#5] SMP 
Jun 26 01:56:24 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
Jun 26 01:56:24 athloncube kernel: CPU 1 
Jun 26 01:56:24 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Jun 26 01:56:24 athloncube kernel: Pid: 1707, comm: nfsd Tainted: G      D    2.6.29.4-167.fc11.x86_64 #1 M61SME-S2
Jun 26 01:56:24 athloncube kernel: RIP: 0010:[<ffffffff81184289>]  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:56:24 athloncube kernel: RSP: 0018:ffff880071ca1c10  EFLAGS: 00010246
Jun 26 01:56:24 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
Jun 26 01:56:24 athloncube kernel: RDX: 0000000000100002 RSI: ffff88006e0c5bc8 RDI: ffff880041029480
Jun 26 01:56:24 athloncube kernel: RBP: ffff880071ca1c60 R08: 0000000000000000 R09: ffff880041029480
Jun 26 01:56:24 athloncube kernel: R10: ffff88003fdc3580 R11: 0000000000000000 R12: ffff88006e0c5bc8
Jun 26 01:56:24 athloncube kernel: R13: ffff880041029480 R14: ffff8800460e3240 R15: ffff88006e0c5bc8
Jun 26 01:56:24 athloncube kernel: FS:  00007fa05d7826f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730
Jun 26 01:56:24 athloncube kernel: CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Jun 26 01:56:24 athloncube kernel: CR2: 0000000000000004 CR3: 0000000071d87000 CR4: 00000000000006e0
Jun 26 01:56:24 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jun 26 01:56:24 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jun 26 01:56:24 athloncube kernel: Process nfsd (pid: 1707, threadinfo ffff880071ca0000, task ffff880071c54500)
Jun 26 01:56:24 athloncube kernel: Stack:
Jun 26 01:56:24 athloncube kernel: ffff880053819e40 0000000000000404 ffff880071ca1c60 0000000000000246
Jun 26 01:56:24 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071ca1c90 0000000000000246
Jun 26 01:56:24 athloncube kernel: ffff880071c42000 ffff8800460e3240 ffff880071ca1c90 ffffffff81186984
Jun 26 01:56:24 athloncube kernel: Call Trace:
Jun 26 01:56:24 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0
Jun 26 01:56:24 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18
Jun 26 01:56:24 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273
Jun 26 01:56:24 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e
Jun 26 01:56:24 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd]
Jun 26 01:56:24 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd]
Jun 26 01:56:24 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd]
Jun 26 01:56:24 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
Jun 26 01:56:24 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc]
Jun 26 01:56:24 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd]
Jun 26 01:56:24 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd]
Jun 26 01:56:24 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78
Jun 26 01:56:24 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20
Jun 26 01:56:24 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30
Jun 26 01:56:24 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78
Jun 26 01:56:24 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20
Jun 26 01:56:24 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
Jun 26 01:56:24 athloncube kernel: RIP  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:56:24 athloncube kernel: RSP <ffff880071ca1c10>
Jun 26 01:56:24 athloncube kernel: CR2: 0000000000000004
Jun 26 01:56:24 athloncube kernel: ---[ end trace 7fc40d2751b4b863 ]---
Jun 26 01:57:22 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org
Jun 26 01:57:45 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
Jun 26 01:57:45 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:57:45 athloncube kernel: PGD 65cbf067 PUD 66047067 PMD 0 
Jun 26 01:57:45 athloncube kernel: Oops: 0000 [#6] SMP 
Jun 26 01:57:45 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
Jun 26 01:57:45 athloncube kernel: CPU 0 
Jun 26 01:57:45 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Jun 26 01:57:45 athloncube kernel: Pid: 1711, comm: nfsd Tainted: G      D    2.6.29.4-167.fc11.x86_64 #1 M61SME-S2
Jun 26 01:57:45 athloncube kernel: RIP: 0010:[<ffffffff81184289>]  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:57:45 athloncube kernel: RSP: 0018:ffff880071e49c10  EFLAGS: 00010246
Jun 26 01:57:45 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
Jun 26 01:57:45 athloncube kernel: RDX: 0000000000100002 RSI: ffff88006e0c5bc8 RDI: ffff88005a014a80
Jun 26 01:57:45 athloncube kernel: RBP: ffff880071e49c60 R08: 0000000000000000 R09: ffff88005a014a80
Jun 26 01:57:45 athloncube kernel: R10: ffff88003fdc3580 R11: 0000000000000000 R12: ffff88006e0c5bc8
Jun 26 01:57:45 athloncube kernel: R13: ffff88005a014a80 R14: ffff88003e809b40 R15: ffff88006e0c5bc8
Jun 26 01:57:45 athloncube kernel: FS:  00007f0cd96f6800(0000) GS:ffffffff817b7000(0000) knlGS:00000000c218c730
Jun 26 01:57:45 athloncube kernel: CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Jun 26 01:57:45 athloncube kernel: CR2: 0000000000000004 CR3: 0000000065dc6000 CR4: 00000000000006e0
Jun 26 01:57:45 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jun 26 01:57:45 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jun 26 01:57:45 athloncube kernel: Process nfsd (pid: 1711, threadinfo ffff880071e48000, task ffff880071e01700)
Jun 26 01:57:45 athloncube kernel: Stack:
Jun 26 01:57:45 athloncube kernel: ffff88003e809e40 0000000000000404 ffff880071e49c60 0000000000000246
Jun 26 01:57:45 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071e49c90 0000000000000246
Jun 26 01:57:45 athloncube kernel: ffff880071e08000 ffff88003e809b40 ffff880071e49c90 ffffffff81186984
Jun 26 01:57:45 athloncube kernel: Call Trace:
Jun 26 01:57:45 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0
Jun 26 01:57:45 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18
Jun 26 01:57:45 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273
Jun 26 01:57:45 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e
Jun 26 01:57:45 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd]
Jun 26 01:57:45 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb
Jun 26 01:57:45 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd]
Jun 26 01:57:45 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd]
Jun 26 01:57:45 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
Jun 26 01:57:45 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc]
Jun 26 01:57:45 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd]
Jun 26 01:57:45 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd]
Jun 26 01:57:45 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78
Jun 26 01:57:45 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20
Jun 26 01:57:45 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30
Jun 26 01:57:45 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78
Jun 26 01:57:45 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20
Jun 26 01:57:45 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
Jun 26 01:57:45 athloncube kernel: RIP  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 01:57:45 athloncube kernel: RSP <ffff880071e49c10>
Jun 26 01:57:45 athloncube kernel: CR2: 0000000000000004
Jun 26 01:57:45 athloncube kernel: ---[ end trace 7fc40d2751b4b864 ]---
Jun 26 01:58:42 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org
Jun 26 02:11:26 athloncube kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
Jun 26 02:11:26 athloncube kernel: IP: [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 02:11:26 athloncube kernel: PGD 65c8e067 PUD 5f90a067 PMD 0 
Jun 26 02:11:26 athloncube kernel: Oops: 0000 [#7] SMP 
Jun 26 02:11:26 athloncube kernel: last sysfs file: /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
Jun 26 02:11:26 athloncube kernel: CPU 1 
Jun 26 02:11:26 athloncube kernel: Modules linked in: udf crc_itu_t cifs nfs tun nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat bridge stp llc nfsd nfs_acl auth_rpcgss exportfs autofs4 it87 hwmon_vid lockd sunrpc ipt_LOG ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand powernow_k8 freq_table kqemu dm_multipath kvm_amd kvm uinput snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_timer snd forcedeth ppdev parport_pc soundcore snd_page_alloc k8temp hwmon i2c_nforce2 pcspkr parport pata_amd ata_generic pata_acpi sata_nv nouveau drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Jun 26 02:11:26 athloncube kernel: Pid: 1712, comm: nfsd Tainted: G      D    2.6.29.4-167.fc11.x86_64 #1 M61SME-S2
Jun 26 02:11:26 athloncube kernel: RIP: 0010:[<ffffffff81184289>]  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 02:11:26 athloncube kernel: RSP: 0018:ffff880071e93c10  EFLAGS: 00010246
Jun 26 02:11:26 athloncube kernel: RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
Jun 26 02:11:26 athloncube kernel: RDX: 0000000000100002 RSI: ffff880055e68cc8 RDI: ffff8800454ba240
Jun 26 02:11:26 athloncube kernel: RBP: ffff880071e93c60 R08: 0000000000000000 R09: ffff8800454ba240
Jun 26 02:11:26 athloncube kernel: R10: ffff88005f10dc00 R11: 0000000000000000 R12: ffff880055e68cc8
Jun 26 02:11:26 athloncube kernel: R13: ffff8800454ba240 R14: ffff880058d30b40 R15: ffff880055e68cc8
Jun 26 02:11:26 athloncube kernel: FS:  00007fbea5fb86f0(0000) GS:ffff88007ab6f100(0000) knlGS:00000000c2165730
Jun 26 02:11:26 athloncube kernel: CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Jun 26 02:11:26 athloncube kernel: CR2: 0000000000000004 CR3: 000000005f0f4000 CR4: 00000000000006e0
Jun 26 02:11:26 athloncube kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jun 26 02:11:26 athloncube kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Jun 26 02:11:26 athloncube kernel: Process nfsd (pid: 1712, threadinfo ffff880071e92000, task ffff880071e02e00)
Jun 26 02:11:26 athloncube kernel: Stack:
Jun 26 02:11:26 athloncube kernel: ffff880032343d80 0000000000000404 ffff880071e93c60 0000000000000246
Jun 26 02:11:26 athloncube kernel: 0000000000000001 ffffffff815f7040 ffff880071e93c90 0000000000000246
Jun 26 02:11:26 athloncube kernel: ffff880071e4a000 ffff880058d30b40 ffff880071e93c90 ffffffff81186984
Jun 26 02:11:26 athloncube kernel: Call Trace:
Jun 26 02:11:26 athloncube kernel: [<ffffffff81186984>] selinux_dentry_open+0xe7/0xf0
Jun 26 02:11:26 athloncube kernel: [<ffffffff8117f029>] security_dentry_open+0x16/0x18
Jun 26 02:11:26 athloncube kernel: [<ffffffff810d38fa>] __dentry_open+0x11b/0x273
Jun 26 02:11:26 athloncube kernel: [<ffffffff810d3ad9>] dentry_open+0x87/0x8e
Jun 26 02:11:26 athloncube kernel: [<ffffffffa03200a8>] nfsd_open+0x12d/0x156 [nfsd]
Jun 26 02:11:26 athloncube kernel: [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb
Jun 26 02:11:26 athloncube kernel: [<ffffffffa032042d>] nfsd_read+0x85/0xc4 [nfsd]
Jun 26 02:11:26 athloncube kernel: [<ffffffffa03266d0>] nfsd3_proc_read+0xe7/0x126 [nfsd]
Jun 26 02:11:26 athloncube kernel: [<ffffffffa031b26f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
Jun 26 02:11:26 athloncube kernel: [<ffffffffa02aa1b5>] svc_process+0x426/0x642 [sunrpc]
Jun 26 02:11:26 athloncube kernel: [<ffffffffa031b83c>] nfsd+0x11a/0x178 [nfsd]
Jun 26 02:11:26 athloncube kernel: [<ffffffffa031b722>] ? nfsd+0x0/0x178 [nfsd]
Jun 26 02:11:26 athloncube kernel: [<ffffffff8105c6b5>] kthread+0x4d/0x78
Jun 26 02:11:26 athloncube kernel: [<ffffffff8101264a>] child_rip+0xa/0x20
Jun 26 02:11:26 athloncube kernel: [<ffffffff81011f67>] ? restore_args+0x0/0x30
Jun 26 02:11:26 athloncube kernel: [<ffffffff8105c668>] ? kthread+0x0/0x78
Jun 26 02:11:26 athloncube kernel: [<ffffffff81012640>] ? child_rip+0x0/0x20
Jun 26 02:11:26 athloncube kernel: Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
Jun 26 02:11:26 athloncube kernel: RIP  [<ffffffff81184289>] inode_has_perm+0x30/0x66
Jun 26 02:11:26 athloncube kernel: RSP <ffff880071e93c10>
Jun 26 02:11:26 athloncube kernel: CR2: 0000000000000004
Jun 26 02:11:26 athloncube kernel: ---[ end trace 7fc40d2751b4b865 ]---
Jun 26 02:12:20 athloncube kerneloops: Submitted 1 kernel oopses to www.kerneloops.org
Jun 26 02:44:50 athloncube mountd[1717]: authenticated unmount request from 192.168.0.9:880 for /home (/home)


   & more mundane, unrelated stuff .... The umount was from the box that started the problems during the across-the-LAN backup of parts of /home ....
Comment 45 William A. Mahaffey III 2009-06-27 13:18:54 UTC 
I 2nd the motion on Allen's observations: it seems to take plural GB of data access to trigger the ooops. I rebuild code (a few dozen KB total, in several directories) overnight which is resident on this box but compiled using make on another box, which access this one using NFS. That never gives me any ooops. Only the across-the-LAN backups (tar or rsync, 35-ish GB total) give me problems ....
Comment 46 David Howells 2009-06-29 12:36:09 UTC 
> it seems to take plural GB of data access to trigger the oops.

Is that one multi-GB file, or is it any amount of files, that total multi-GB in size, do you reckon?

Note that I'm having problems debugging this because my test box is hitting an OOM problem instead (we know which commit causes this problem, but I need that patching first).

I do have an updated bug finder patch, which I'll attach - hopefully this won't cause the oopses Chuck was seeing.
Comment 47 David Howells 2009-06-29 12:41:50 UTC 
Created attachment 349777 [details]
More comprehensive bug finder v2

This should deal with an oops introduced by the previous version of the bug finder, primarily by remembering to account for threads that are left sharing creds by copy_creds().
Comment 48 Allen Kistler 2009-06-29 14:20:20 UTC 
(In reply to comment #46)
> > it seems to take plural GB of data access to trigger the oops.
> 
> Is that one multi-GB file, or is it any amount of files, that total multi-GB in
> size, do you reckon?
> 
> [snip]

For me, it's many files that add up to a few GB total.

I haven't tried one super-jumbo file, but I can try later today.
Of course, anyone, feel free to beat me to it.
Comment 49 William A. Mahaffey III 2009-06-29 15:52:38 UTC 
for me, this A.M., it happened while trying to tar up my Thunderbird Inbox, which weighs in at a portly 2324153599 bytes (~2 GB), *after* successfully processing my (similarly sized) old Inbox & Sent. YMMV & all that.
Comment 50 Chuck Ebbert 2009-06-29 17:53:02 UTC 
New debug patch went in kernel-2.6.29.5-202
Comment 51 Jarod Wilson 2009-06-30 02:44:02 UTC 
I can routinely trip it transferring a handful of DVD iso images (such as the F11 release DVD isos) or some HDTV recordings off my mythtv backend (typically ~7GB files).
Comment 52 Jay Modi 2009-06-30 03:17:34 UTC 
Also running into this bug. I hit it when trying to allocate a new virtual disk (~20GB) on my NFS mounted storage (Fedora 11 x86_64 server) using virt-manager on another F11 box.
Comment 53 Chuck Ebbert 2009-06-30 08:14:48 UTC 
Backtrace from new patch:

ERROR: cred->security is (null)
------------[ cut here ]------------
kernel BUG at kernel/cred.c:743!
invalid opcode: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:11.0/host2/target2:0:0/2:0:0:0/block/sdb/sdb2/dev
CPU 3 
Modules linked in: radeon drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Pid: 1, comm: init Not tainted 2.6.29.5-206.fc11.x86_64 #1 GA-MA78GM-S2H
RIP: 0010:[<ffffffff81061398>]  [<ffffffff81061398>] __validate_creds+0x24/0x2a
RSP: 0018:ffff88023f129ef8  EFLAGS: 00010296
RAX: 0000000000000023 RBX: ffff88023b4586c0 RCX: 0000000000009369
RDX: ffff88023f129dd8 RSI: 0000000000000046 RDI: 0000000000000246
RBP: ffff88023f129ef8 R08: 0000000000000000 R09: ffff880028084100
R10: ffff880028084100 R11: 0000000000000202 R12: ffff88023f120000
R13: 00007fffcbf6c8a0 R14: 00000000ffffff9c R15: 00007fffcbf6c5d0
FS:  00007f5aeffc27b0(0000) GS:ffff88023e077a00(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5aeffcb000 CR3: 000000023cb5e000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process init (pid: 1, threadinfo ffff88023f128000, task ffff88023f120000)
Stack:
 ffff88023f129f18 ffffffff81061dbd 0000000000416166 0000000000000001
 ffff88023f129f68 ffffffff810d44ea 00007fffcbf6c670 ffffffff813ac329
 0000000000000246 0000000000416166 0000000000405280 00007fffcbf6c8a0
Call Trace:
 [<ffffffff81061dbd>] prepare_creds+0x167/0x17b
 [<ffffffff810d44ea>] sys_faccessat+0x37/0x193
 [<ffffffff813ac329>] ? trace_hardirqs_on_thunk+0x3a/0x3c
 [<ffffffff810d465e>] sys_access+0x18/0x1a
 [<ffffffff8101133a>] system_call_fastpath+0x16/0x1b
Code: 41 5c 41 5d c9 c3 90 55 48 89 e5 0f 1f 44 00 00 48 8b 77 68 48 81 fe ff 0f 00 00 77 12 48 c7 c7 42 63 4d 81 31 c0 e8 01 8d 34 00 <0f> 0b eb fe c9 c3 55 48 89 e5 53 48 83 ec 08 0f 1f 44 00 00 48 
RIP  [<ffffffff81061398>] __validate_creds+0x24/0x2a
 RSP <ffff88023f129ef8>
---[ end trace e5aa90e679fcc4c7 ]---
Comment 54 Allen Kistler 2009-07-01 02:01:12 UTC 
Created attachment 350044 [details]
invalid opcode: 0000 [#1] SMP at kernel/cred.c:743!

I snagged kernel-2.6.29.5-206.fc11.i586 out of koji.

My trace is 3-in-1, which I'll break apart.  The last one locks up everything and runs forever until I power cycle, basically losing everything in the log files, so I had to capture these using a serial console.  I believe that third one is pretty much garbage, but I'll attach it, anyway.

FWIW, all my nfsd crashes occurred reading only, not writing.
Comment 55 Allen Kistler 2009-07-01 02:02:44 UTC 
Created attachment 350045 [details]
invalid opcode: 0000 [#2] SMP at kernel/cred.c:765!
Comment 56 Allen Kistler 2009-07-01 02:04:53 UTC 
Created attachment 350046 [details]
invalid opcode: 0000 [#3] 4b/0xa8 at kernel/cred.c:765!
Comment 57 Chuck Ebbert 2009-07-01 02:29:56 UTC 
Due to the severe problems, CONFIG_DEBUG_CREDENTIALS is only enabled in debug kernels as of 2.6.29.6-209.rc1 . People who want to continue debugging this should install the kernel-debug package.
Comment 58 David Howells 2009-07-01 10:31:15 UTC 
(In reply to comment #53)

> ERROR: cred->security is (null)
> ------------[ cut here ]------------
> kernel BUG at kernel/cred.c:743!

What were you doing when this happened?

Also, I've done something silly in the debugging patch:  I carefully arranged for __validate_creds() to be given a file and a line no., but forgot to print them:-(

However, given the return address back to prepare_creds() is near the end of that function, the security pointer in the newly-prepared creds would seem to be invalid:-/  I'll generate a new patch to get more info.  Sorry about that.
Comment 59 Gwyn Ciesla 2009-07-01 13:47:33 UTC 
I get this when doing local RPM builds.  I have /home on NFS.

On both client and server:

kernel-2.6.29.5-191.fc11.i586
nfs-utils-1.1.5-6.fc11.i586

I was building vdrift, which is about 450MB, but with the untarring an dbuilding of RPMS gets to the multi-GB range quickly.  What else would be helpful?
Comment 60 David Howells 2009-07-01 14:31:02 UTC 
Created attachment 350123 [details]
More comprehensive bug finder v3

Better bug finder patch.  This one actually prints the file and line on which an invalid bug was detected, and correctly orders the bug check code at the end of copy_creds().
Comment 61 David Howells 2009-07-01 16:38:01 UTC 
(In reply to comment #60)
> Created an attachment (id=350123) [details]
> More comprehensive bug finder v3
> 
> Better bug finder patch.  This one actually prints the file and line on which
> an invalid bug was detected, and correctly orders the bug check code at the end
> of copy_creds().  

That's still wrong:-(  It doesn't always handle exit correctly.
Comment 62 Steve Dickson 2009-07-01 17:43:53 UTC 
Created attachment 350161 [details]
the oops trace back....
Comment 63 Steve Dickson 2009-07-01 17:47:24 UTC 
Created attachment 350162 [details]
A more complete oops trace.
Comment 64 David Howells 2009-07-02 13:37:59 UTC 
Created attachment 350271 [details]
Fix use of unrefcounted creds in nfsd_open()

This ought to fix the bug.  What's happening is:

nfsd_open() gets an unrefcounted pointer to the current process's effective
credentials at the top of the function, then calls nfsd_setuser() via
fh_verify() - which may replace and destroy the current process's effective
credentials - and then passes the unrefcounted pointer to dentry_open() - but
the credentials may have been destroyed by this point.

Instead, the value from current_cred() should be passed directly to
dentry_open() as one of its arguments, rather than being cached in a variable.

Possibly fh_verify() should return the creds to use.
Comment 65 Chuck Ebbert 2009-07-03 02:38:35 UTC 
Fix went in kernel-2.6.29.6-211
Comment 66 Göran Uddeborg 2009-07-03 21:18:39 UTC 
I've been running 2.6.29.6-211.fc11.x86_64 for some hours now, and so far it looks good.  Copying some 16 GB data to a client didn't trigger any oops, for example.

It's too early to say for sure, but it does look good so far.
Comment 67 Matthias Bruegge 2009-07-04 14:59:28 UTC 
I cannot find kernel-2.6.29.6-211 in repository f11-updates-testing or updates list.

https://admin.fedoraproject.org/updates/F11

Plese give me a hint.
Comment 68 Göran Uddeborg 2009-07-04 16:28:26 UTC 
(In reply to comment #67)
> I cannot find kernel-2.6.29.6-211 in repository ...

> Plese give me a hint.  

I don't think it's sent to the repositories yet.  I took it directly from Koji, the build system:

http://koji.fedoraproject.org/koji/buildinfo?buildID=112824

As you might expect, things that get to the repositories are supposed to be a bit more reliable than an arbitrary build.  In this case, 2.6.29.6-211 has been running for over 24 hours for me now, and so far no oopses! :-)  (Or any other problems.) YMMV
Comment 69 Jay Modi 2009-07-05 14:41:02 UTC 
Running the 2.6.29.6-211 kernel for about 12 hours now. I created a new 20GB virtual disk with no issues and the VM seems to be running fine right now over NFS.
Comment 70 Matthias Bruegge 2009-07-06 19:46:56 UTC 
I had now the first day with 2.6.29.6-211 kernel and no oopses by now !
Comment 71 Fedora Update System 2009-07-08 12:13:43 UTC 
kernel-2.6.29.6-213.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/kernel-2.6.29.6-213.fc11
Comment 72 Dax Kelson 2009-07-09 17:44:06 UTC 
Thanks for fixing this. I started using my F11 box as a NFS server yesterday and immediately ran into this.
Comment 73 William A. Mahaffey III 2009-07-13 19:24:27 UTC 
(In reply to comment #71)
> kernel-2.6.29.6-213.fc11 has been submitted as an update for Fedora 11.
> http://admin.fedoraproject.org/updates/kernel-2.6.29.6-213.fc11  


How long until it (this kernel) makes it into the repositories ? TIA ....
Comment 74 Michael Cutler 2009-07-15 16:18:03 UTC 
Being impatient, I just grabbed the packages from Koji http://koji.fedoraproject.org/koji/buildinfo?buildID=113377 and can confirm the NFS problem appears to be fixed. I have just shunted 2TB onto my Fedora 11 NAS without any problems. Many thanks!
Comment 75 William A. Mahaffey III 2009-07-15 19:36:48 UTC 
(In reply to comment #74)
> Being impatient, I just grabbed the packages from Koji
> http://koji.fedoraproject.org/koji/buildinfo?buildID=113377 and can confirm the
> NFS problem appears to be fixed. I have just shunted 2TB onto my Fedora 11 NAS
> without any problems. Many thanks!  

I just tried this & got a missing dependency (kernel-firmware), tried both yum & rpm, same problem both times. Where did you find the firmware rpm ? TIA ....
Comment 76 Gwyn Ciesla 2009-07-15 19:42:44 UTC 
I see it in koji in noarch.
Comment 77 Dax Kelson 2009-07-15 19:54:31 UTC 
I obtained the packages from koji as well and they work no problem. I blogged about how to re-build the rpmfusion Nvidia drivers rpms for this (currently) unreleased kernel. In case this is helpful to anyone else, here it is:

http://blogs.gurulabs.com/dax/2009/07/rebuilding-the.html
Comment 78 William A. Mahaffey III 2009-07-15 21:49:21 UTC 
(In reply to comment #76)
> I see it in koji in noarch.  

Tunnel-vision :-/ .... I figured firmware would be (possibly highly) CPU/arch-specific .... I got the new kernel & related bits installed, we'll see tomorrow A.M. ....
Comment 79 Fedora Update System 2009-07-16 07:12:43 UTC 
kernel-2.6.29.6-213.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update kernel'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-7617
Comment 80 William A. Mahaffey III 2009-07-16 14:00:29 UTC 
so far, so good w/ the new kernel. I reactivated the nightly across-the-LAN rsync of this box from another & it went off w/o a hitch last night (had been causing an ooops whenever it tried). There will be another one tonight as well as a once-weekly full tar backup (~40 GB total) this evening. If both of those go AOK, I'd say you could mark this bug .... *SQUASHED*.
Comment 81 greg neumann 2009-07-17 17:21:48 UTC 
Now done nearly a Terabyte over various files sizes (from basic docs to 10's of GB HD Videos) from a FC10 Server to a FC11 (with this patch) Client as an NFS share. Client was doing loads also at that time - loads of YUM updates and streaming video/audio as I was getting sloshed at the time (at home!) and NO OPPS! Faultless. Well done to the fixer --- if this OOPPS affects you then this is the fix...
Comment 82 Fedora Update System 2009-07-22 21:57:22 UTC 
kernel-2.6.29.6-213.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.