502423 – knfsd oopses with 2.6.29.3-155.fc11.x86_64

Bug 502423 - knfsd oopses with 2.6.29.3-155.fc11.x86_64

Summary: knfsd oopses with 2.6.29.3-155.fc11.x86_64

Keywords:
Status:	CLOSED DUPLICATE of bug 494067
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	rawhide
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-05-25 06:42 UTC by Jakub Jelinek
Modified:	2009-05-27 14:43 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-05-27 14:43:20 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jakub Jelinek 2009-05-25 06:42:57 UTC

Description of problem:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
IP: [<ffffffff811840c4>] inode_has_perm+0x30/0x66
PGD 65cf1067 PUD 65cf2067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/1-2/devnum
CPU 0 
Modules linked in: usblp fuse nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc ipt_MASQUERADE xt_mark iptable_nat nf_nat xt_MARK iptable_mangle ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath uinput mt352 dvb_bt8xx dvb_core bt878 snd_hda_codec_idt i82975x_edac edac_core bttv ir_common v4l2_common videodev v4l1_compat v4l2_compat_ioctl32 videobuf_dma_sg snd_hda_intel ppdev snd_hda_codec snd_hwdep parport_pc snd_pcm snd_timer snd soundcore snd_page_alloc i2c_i801 e1000e videobuf_core btcx_risc tveeprom ne2k_pci 8390 firewire_ohci parport iTCO_wdt iTCO_vendor_support firewire_core sata_sil pcspkr crc_itu_t ata_generic pata_acpi radeon drm i2c_algo_bit i2c_core [last unloaded: microcode]
Pid: 2161, comm: nfsd Not tainted 2.6.29.3-155.fc11.x86_64 #1         
RIP: 0010:[<ffffffff811840c4>]  [<ffffffff811840c4>] inode_has_perm+0x30/0x66
RSP: 0018:ffff880066119c10  EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
RDX: 0000000000100002 RSI: ffff880068c755c8 RDI: ffff880018ab09c0
RBP: ffff880066119c60 R08: 0000000000000000 R09: ffff880018ab09c0
R10: ffff880061df7740 R11: 0000000000000000 R12: ffff880068c755c8
R13: ffff880018ab09c0 R14: ffff88001d9e7540 R15: ffff880068c755c8
FS:  0000000000000000(0000) GS:ffffffff817b7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000004 CR3: 0000000065cf0000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nfsd (pid: 2161, threadinfo ffff880066118000, task ffff880066110000)
Stack:
 0000000000000000 ffffffff8105613a ffff880066119c50 0000000000000246
 0000000000000001 ffffffff815f6040 ffff880066119c90 0000000000000246
 ffff880066119c60 ffff88001d9e7540 ffff880066119c90 ffffffff81186794
Call Trace:
 [<ffffffff8105613a>] ? in_group_p+0x2e/0x30
 [<ffffffff81186794>] selinux_dentry_open+0xe7/0xf0
 [<ffffffff8117ee7d>] security_dentry_open+0x16/0x18
 [<ffffffff810d3836>] __dentry_open+0x11b/0x273
 [<ffffffff810d3a15>] dentry_open+0x87/0x8e
 [<ffffffffa036a09c>] nfsd_open+0x12d/0x156 [nfsd]
 [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb
 [<ffffffffa036a421>] nfsd_read+0x85/0xc4 [nfsd]
 [<ffffffffa03706c4>] nfsd3_proc_read+0xe7/0x126 [nfsd]
 [<ffffffffa036526f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
 [<ffffffffa030e1b5>] svc_process+0x426/0x642 [sunrpc]
 [<ffffffffa036583c>] nfsd+0x11a/0x178 [nfsd]
 [<ffffffffa0365722>] ? nfsd+0x0/0x178 [nfsd]
 [<ffffffff8105c6b5>] kthread+0x4d/0x78
 [<ffffffff8101264a>] child_rip+0xa/0x20
 [<ffffffff81011f67>] ? restore_args+0x0/0x30
 [<ffffffff8105c668>] ? kthread+0x0/0x78
 [<ffffffff81012640>] ? child_rip+0x0/0x20
Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
RIP  [<ffffffff811840c4>] inode_has_perm+0x30/0x66
 RSP <ffff880066119c10>
CR2: 0000000000000004
---[ end trace 4399421d6a89d344 ]---

...

BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
IP: [<ffffffff811840c4>] inode_has_perm+0x30/0x66
PGD 65cf1067 PUD 65cf2067 PMD 0 
Oops: 0000 [#2] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/1-2/devnum
CPU 0 
Modules linked in: usblp fuse nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc ipt_MASQUERADE xt_mark iptable_nat nf_nat xt_MARK iptable_mangle ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath uinput mt352 dvb_bt8xx dvb_core bt878 snd_hda_codec_idt i82975x_edac edac_core bttv ir_common v4l2_common videodev v4l1_compat v4l2_compat_ioctl32 videobuf_dma_sg snd_hda_intel ppdev snd_hda_codec snd_hwdep parport_pc snd_pcm snd_timer snd soundcore snd_page_alloc i2c_i801 e1000e videobuf_core btcx_risc tveeprom ne2k_pci 8390 firewire_ohci parport iTCO_wdt iTCO_vendor_support firewire_core sata_sil pcspkr crc_itu_t ata_generic pata_acpi radeon drm i2c_algo_bit i2c_core [last unloaded: microcode]
Pid: 2162, comm: nfsd Tainted: G      D    2.6.29.3-155.fc11.x86_64 #1         
RIP: 0010:[<ffffffff811840c4>]  [<ffffffff811840c4>] inode_has_perm+0x30/0x66
RSP: 0018:ffff88006615bc10  EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
RDX: 0000000000100002 RSI: ffff880060dcd8c8 RDI: ffff88005c4d5480
RBP: ffff88006615bc60 R08: 0000000000000000 R09: ffff88005c4d5480
R10: ffff880079133900 R11: 0000000000000000 R12: ffff880060dcd8c8
R13: ffff88005c4d5480 R14: ffff88005782ae40 R15: ffff880060dcd8c8
FS:  0000000000000000(0000) GS:ffffffff817b7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000004 CR3: 0000000065cf0000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nfsd (pid: 2162, threadinfo ffff88006615a000, task ffff880066111700)
Stack:
 000002e9b9712f92 0000000000000001 0000000000000000 0000000000000246
 0000000000000001 ffffffff815f6040 ffff88006615bc90 0000000000000246
 ffff88006615bc60 ffff88005782ae40 ffff88006615bc90 ffffffff81186794
Call Trace:
 [<ffffffff81186794>] selinux_dentry_open+0xe7/0xf0
 [<ffffffff8117ee7d>] security_dentry_open+0x16/0x18
 [<ffffffff810d3836>] __dentry_open+0x11b/0x273
 [<ffffffff810d3a15>] dentry_open+0x87/0x8e
 [<ffffffffa036a09c>] nfsd_open+0x12d/0x156 [nfsd]
 [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb
 [<ffffffffa036a421>] nfsd_read+0x85/0xc4 [nfsd]
 [<ffffffffa03706c4>] nfsd3_proc_read+0xe7/0x126 [nfsd]
 [<ffffffffa036526f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
 [<ffffffffa030e1b5>] svc_process+0x426/0x642 [sunrpc]
 [<ffffffffa036583c>] nfsd+0x11a/0x178 [nfsd]
 [<ffffffffa0365722>] ? nfsd+0x0/0x178 [nfsd]
 [<ffffffff8105c6b5>] kthread+0x4d/0x78
 [<ffffffff8101264a>] child_rip+0xa/0x20
 [<ffffffff81011f67>] ? restore_args+0x0/0x30
 [<ffffffff8105c668>] ? kthread+0x0/0x78
 [<ffffffff81012640>] ? child_rip+0x0/0x20
Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
RIP  [<ffffffff811840c4>] inode_has_perm+0x30/0x66
 RSP <ffff88006615bc10>
CR2: 0000000000000004
---[ end trace 4399421d6a89d345 ]---

...

BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
IP: [<ffffffff811840c4>] inode_has_perm+0x30/0x66
PGD 65cf1067 PUD 65cf2067 PMD 0 
Oops: 0000 [#6] SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host3/target3:0:1/3:0:1:0/model
CPU 0 
Modules linked in: usblp fuse nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc ipt_MASQUERADE xt_mark iptable_nat nf_nat xt_MARK iptable_mangle ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath uinput mt352 dvb_bt8xx dvb_core bt878 snd_hda_codec_idt i82975x_edac edac_core bttv ir_common v4l2_common videodev v4l1_compat v4l2_compat_ioctl32 videobuf_dma_sg snd_hda_intel ppdev snd_hda_codec snd_hwdep parport_pc snd_pcm snd_timer snd soundcore snd_page_alloc i2c_i801 e1000e videobuf_core btcx_risc tveeprom ne2k_pci 8390 firewire_ohci parport iTCO_wdt iTCO_vendor_support firewire_core sata_sil pcspkr crc_itu_t ata_generic pata_acpi radeon drm i2c_algo_bit i2c_core [last unloaded: microcode]
Pid: 2158, comm: nfsd Tainted: G      D    2.6.29.3-155.fc11.x86_64 #1         
RIP: 0010:[<ffffffff811840c4>]  [<ffffffff811840c4>] inode_has_perm+0x30/0x66
RSP: 0018:ffff880066043c10  EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000
RDX: 0000000000100002 RSI: ffff88001aaffcc8 RDI: ffff8800661fa240
RBP: ffff880066043c60 R08: 0000000000000000 R09: ffff8800661fa240
R10: ffff8800799372c0 R11: 0000000000000000 R12: ffff88001aaffcc8
R13: ffff8800661fa240 R14: ffff880059015000 R15: ffff88001aaffcc8
FS:  0000000000000000(0000) GS:ffffffff817b7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000004 CR3: 0000000065cf0000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nfsd (pid: 2158, threadinfo ffff880066042000, task ffff880066575c00)
Stack:
 ffffffff811834fb ffff8800661fa240 ffff880066043c30 ffffffff81042d14
 ffff880066043c40 ffffffff813a9dda ffff880066043c90 0000000000000246
 ffffffffffffff7e ffff880059015000 ffff880066043c90 ffffffff81186794
Call Trace:
 [<ffffffff811834fb>] ? selinux_file_alloc_security+0x37/0x57
 [<ffffffff81042d14>] ? __cond_resched+0x32/0x5b
 [<ffffffff813a9dda>] ? _cond_resched+0x35/0x40
 [<ffffffff81186794>] selinux_dentry_open+0xe7/0xf0
 [<ffffffff8117ee7d>] security_dentry_open+0x16/0x18
 [<ffffffff810d3836>] __dentry_open+0x11b/0x273
 [<ffffffff810d3a15>] dentry_open+0x87/0x8e
 [<ffffffffa036a09c>] nfsd_open+0x12d/0x156 [nfsd]
 [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb
 [<ffffffffa036a421>] nfsd_read+0x85/0xc4 [nfsd]
 [<ffffffffa03706c4>] nfsd3_proc_read+0xe7/0x126 [nfsd]
 [<ffffffffa036526f>] nfsd_dispatch+0xf1/0x1cc [nfsd]
 [<ffffffffa030e1b5>] svc_process+0x426/0x642 [sunrpc]
 [<ffffffffa036583c>] nfsd+0x11a/0x178 [nfsd]
 [<ffffffffa0365722>] ? nfsd+0x0/0x178 [nfsd]
 [<ffffffff8105c6b5>] kthread+0x4d/0x78
 [<ffffffff8101264a>] child_rip+0xa/0x20
 [<ffffffff81011f67>] ? restore_args+0x0/0x30
 [<ffffffff8105c668>] ? kthread+0x0/0x78
 [<ffffffff81012640>] ? child_rip+0x0/0x20
Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 
RIP  [<ffffffff811840c4>] inode_has_perm+0x30/0x66
 RSP <ffff880066043c10>
CR2: 0000000000000004
---[ end trace 4399421d6a89d349 ]---


Version-Release number of selected component (if applicable):

2.6.29.3-155.fc11.x86_64 

How reproducible:

serving an ext3 filesystem (F9 created, but I believe has acls for all files) from rawhide server to rawhide clients.  I've been copying ~ 930GB of .5GB - 5GB files from the nfs volume, and the server kernel oopsed from time to time, yet the copying finished.

cat /selinux/enforce
1

(on the server as well as the client).

Comment 1 Chuck Ebbert 2009-05-27 14:43:20 UTC

This is a bug in the credentials subsystem. Also reported against the F10 2.6.29 kernel as bug 499427.

*** This bug has been marked as a duplicate of bug 494067 ***

Note You need to log in before you can comment on or make changes to this bug.