Description of problem: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: [<ffffffff811840c4>] inode_has_perm+0x30/0x66 PGD 65cf1067 PUD 65cf2067 PMD 0 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/1-2/devnum CPU 0 Modules linked in: usblp fuse nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc ipt_MASQUERADE xt_mark iptable_nat nf_nat xt_MARK iptable_mangle ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath uinput mt352 dvb_bt8xx dvb_core bt878 snd_hda_codec_idt i82975x_edac edac_core bttv ir_common v4l2_common videodev v4l1_compat v4l2_compat_ioctl32 videobuf_dma_sg snd_hda_intel ppdev snd_hda_codec snd_hwdep parport_pc snd_pcm snd_timer snd soundcore snd_page_alloc i2c_i801 e1000e videobuf_core btcx_risc tveeprom ne2k_pci 8390 firewire_ohci parport iTCO_wdt iTCO_vendor_support firewire_core sata_sil pcspkr crc_itu_t ata_generic pata_acpi radeon drm i2c_algo_bit i2c_core [last unloaded: microcode] Pid: 2161, comm: nfsd Not tainted 2.6.29.3-155.fc11.x86_64 #1 RIP: 0010:[<ffffffff811840c4>] [<ffffffff811840c4>] inode_has_perm+0x30/0x66 RSP: 0018:ffff880066119c10 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 RDX: 0000000000100002 RSI: ffff880068c755c8 RDI: ffff880018ab09c0 RBP: ffff880066119c60 R08: 0000000000000000 R09: ffff880018ab09c0 R10: ffff880061df7740 R11: 0000000000000000 R12: ffff880068c755c8 R13: ffff880018ab09c0 R14: ffff88001d9e7540 R15: ffff880068c755c8 FS: 0000000000000000(0000) GS:ffffffff817b7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 0000000000000004 CR3: 0000000065cf0000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process nfsd (pid: 2161, threadinfo ffff880066118000, task ffff880066110000) Stack: 0000000000000000 ffffffff8105613a ffff880066119c50 0000000000000246 0000000000000001 ffffffff815f6040 ffff880066119c90 0000000000000246 ffff880066119c60 ffff88001d9e7540 ffff880066119c90 ffffffff81186794 Call Trace: [<ffffffff8105613a>] ? in_group_p+0x2e/0x30 [<ffffffff81186794>] selinux_dentry_open+0xe7/0xf0 [<ffffffff8117ee7d>] security_dentry_open+0x16/0x18 [<ffffffff810d3836>] __dentry_open+0x11b/0x273 [<ffffffff810d3a15>] dentry_open+0x87/0x8e [<ffffffffa036a09c>] nfsd_open+0x12d/0x156 [nfsd] [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb [<ffffffffa036a421>] nfsd_read+0x85/0xc4 [nfsd] [<ffffffffa03706c4>] nfsd3_proc_read+0xe7/0x126 [nfsd] [<ffffffffa036526f>] nfsd_dispatch+0xf1/0x1cc [nfsd] [<ffffffffa030e1b5>] svc_process+0x426/0x642 [sunrpc] [<ffffffffa036583c>] nfsd+0x11a/0x178 [nfsd] [<ffffffffa0365722>] ? nfsd+0x0/0x178 [nfsd] [<ffffffff8105c6b5>] kthread+0x4d/0x78 [<ffffffff8101264a>] child_rip+0xa/0x20 [<ffffffff81011f67>] ? restore_args+0x0/0x30 [<ffffffff8105c668>] ? kthread+0x0/0x78 [<ffffffff81012640>] ? child_rip+0x0/0x20 Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 RIP [<ffffffff811840c4>] inode_has_perm+0x30/0x66 RSP <ffff880066119c10> CR2: 0000000000000004 ---[ end trace 4399421d6a89d344 ]--- ... BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: [<ffffffff811840c4>] inode_has_perm+0x30/0x66 PGD 65cf1067 PUD 65cf2067 PMD 0 Oops: 0000 [#2] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/1-2/devnum CPU 0 Modules linked in: usblp fuse nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc ipt_MASQUERADE xt_mark iptable_nat nf_nat xt_MARK iptable_mangle ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath uinput mt352 dvb_bt8xx dvb_core bt878 snd_hda_codec_idt i82975x_edac edac_core bttv ir_common v4l2_common videodev v4l1_compat v4l2_compat_ioctl32 videobuf_dma_sg snd_hda_intel ppdev snd_hda_codec snd_hwdep parport_pc snd_pcm snd_timer snd soundcore snd_page_alloc i2c_i801 e1000e videobuf_core btcx_risc tveeprom ne2k_pci 8390 firewire_ohci parport iTCO_wdt iTCO_vendor_support firewire_core sata_sil pcspkr crc_itu_t ata_generic pata_acpi radeon drm i2c_algo_bit i2c_core [last unloaded: microcode] Pid: 2162, comm: nfsd Tainted: G D 2.6.29.3-155.fc11.x86_64 #1 RIP: 0010:[<ffffffff811840c4>] [<ffffffff811840c4>] inode_has_perm+0x30/0x66 RSP: 0018:ffff88006615bc10 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 RDX: 0000000000100002 RSI: ffff880060dcd8c8 RDI: ffff88005c4d5480 RBP: ffff88006615bc60 R08: 0000000000000000 R09: ffff88005c4d5480 R10: ffff880079133900 R11: 0000000000000000 R12: ffff880060dcd8c8 R13: ffff88005c4d5480 R14: ffff88005782ae40 R15: ffff880060dcd8c8 FS: 0000000000000000(0000) GS:ffffffff817b7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 0000000000000004 CR3: 0000000065cf0000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process nfsd (pid: 2162, threadinfo ffff88006615a000, task ffff880066111700) Stack: 000002e9b9712f92 0000000000000001 0000000000000000 0000000000000246 0000000000000001 ffffffff815f6040 ffff88006615bc90 0000000000000246 ffff88006615bc60 ffff88005782ae40 ffff88006615bc90 ffffffff81186794 Call Trace: [<ffffffff81186794>] selinux_dentry_open+0xe7/0xf0 [<ffffffff8117ee7d>] security_dentry_open+0x16/0x18 [<ffffffff810d3836>] __dentry_open+0x11b/0x273 [<ffffffff810d3a15>] dentry_open+0x87/0x8e [<ffffffffa036a09c>] nfsd_open+0x12d/0x156 [nfsd] [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb [<ffffffffa036a421>] nfsd_read+0x85/0xc4 [nfsd] [<ffffffffa03706c4>] nfsd3_proc_read+0xe7/0x126 [nfsd] [<ffffffffa036526f>] nfsd_dispatch+0xf1/0x1cc [nfsd] [<ffffffffa030e1b5>] svc_process+0x426/0x642 [sunrpc] [<ffffffffa036583c>] nfsd+0x11a/0x178 [nfsd] [<ffffffffa0365722>] ? nfsd+0x0/0x178 [nfsd] [<ffffffff8105c6b5>] kthread+0x4d/0x78 [<ffffffff8101264a>] child_rip+0xa/0x20 [<ffffffff81011f67>] ? restore_args+0x0/0x30 [<ffffffff8105c668>] ? kthread+0x0/0x78 [<ffffffff81012640>] ? child_rip+0x0/0x20 Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 RIP [<ffffffff811840c4>] inode_has_perm+0x30/0x66 RSP <ffff88006615bc10> CR2: 0000000000000004 ---[ end trace 4399421d6a89d345 ]--- ... BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: [<ffffffff811840c4>] inode_has_perm+0x30/0x66 PGD 65cf1067 PUD 65cf2067 PMD 0 Oops: 0000 [#6] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1f.2/host3/target3:0:1/3:0:1:0/model CPU 0 Modules linked in: usblp fuse nfsd lockd nfs_acl auth_rpcgss exportfs sunrpc ipt_MASQUERADE xt_mark iptable_nat nf_nat xt_MARK iptable_mangle ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath uinput mt352 dvb_bt8xx dvb_core bt878 snd_hda_codec_idt i82975x_edac edac_core bttv ir_common v4l2_common videodev v4l1_compat v4l2_compat_ioctl32 videobuf_dma_sg snd_hda_intel ppdev snd_hda_codec snd_hwdep parport_pc snd_pcm snd_timer snd soundcore snd_page_alloc i2c_i801 e1000e videobuf_core btcx_risc tveeprom ne2k_pci 8390 firewire_ohci parport iTCO_wdt iTCO_vendor_support firewire_core sata_sil pcspkr crc_itu_t ata_generic pata_acpi radeon drm i2c_algo_bit i2c_core [last unloaded: microcode] Pid: 2158, comm: nfsd Tainted: G D 2.6.29.3-155.fc11.x86_64 #1 RIP: 0010:[<ffffffff811840c4>] [<ffffffff811840c4>] inode_has_perm+0x30/0x66 RSP: 0018:ffff880066043c10 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000100002 RCX: 0000000000000000 RDX: 0000000000100002 RSI: ffff88001aaffcc8 RDI: ffff8800661fa240 RBP: ffff880066043c60 R08: 0000000000000000 R09: ffff8800661fa240 R10: ffff8800799372c0 R11: 0000000000000000 R12: ffff88001aaffcc8 R13: ffff8800661fa240 R14: ffff880059015000 R15: ffff88001aaffcc8 FS: 0000000000000000(0000) GS:ffffffff817b7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 0000000000000004 CR3: 0000000065cf0000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process nfsd (pid: 2158, threadinfo ffff880066042000, task ffff880066575c00) Stack: ffffffff811834fb ffff8800661fa240 ffff880066043c30 ffffffff81042d14 ffff880066043c40 ffffffff813a9dda ffff880066043c90 0000000000000246 ffffffffffffff7e ffff880059015000 ffff880066043c90 ffffffff81186794 Call Trace: [<ffffffff811834fb>] ? selinux_file_alloc_security+0x37/0x57 [<ffffffff81042d14>] ? __cond_resched+0x32/0x5b [<ffffffff813a9dda>] ? _cond_resched+0x35/0x40 [<ffffffff81186794>] selinux_dentry_open+0xe7/0xf0 [<ffffffff8117ee7d>] security_dentry_open+0x16/0x18 [<ffffffff810d3836>] __dentry_open+0x11b/0x273 [<ffffffff810d3a15>] dentry_open+0x87/0x8e [<ffffffffa036a09c>] nfsd_open+0x12d/0x156 [nfsd] [<ffffffff8104df8a>] ? _local_bh_enable_ip+0xde/0xeb [<ffffffffa036a421>] nfsd_read+0x85/0xc4 [nfsd] [<ffffffffa03706c4>] nfsd3_proc_read+0xe7/0x126 [nfsd] [<ffffffffa036526f>] nfsd_dispatch+0xf1/0x1cc [nfsd] [<ffffffffa030e1b5>] svc_process+0x426/0x642 [sunrpc] [<ffffffffa036583c>] nfsd+0x11a/0x178 [nfsd] [<ffffffffa0365722>] ? nfsd+0x0/0x178 [nfsd] [<ffffffff8105c6b5>] kthread+0x4d/0x78 [<ffffffff8101264a>] child_rip+0xa/0x20 [<ffffffff81011f67>] ? restore_args+0x0/0x30 [<ffffffff8105c668>] ? kthread+0x0/0x78 [<ffffffff81012640>] ? child_rip+0x0/0x20 Code: 83 ec 50 0f 1f 44 00 00 44 8b 9e 18 02 00 00 31 c0 49 89 c8 41 81 e3 00 02 00 00 75 42 48 8b 47 68 48 85 c9 4c 8b 96 20 02 00 00 <44> 8b 48 04 75 19 4c 8d 45 b0 b9 12 00 00 00 44 89 d8 4c 89 c7 RIP [<ffffffff811840c4>] inode_has_perm+0x30/0x66 RSP <ffff880066043c10> CR2: 0000000000000004 ---[ end trace 4399421d6a89d349 ]--- Version-Release number of selected component (if applicable): 2.6.29.3-155.fc11.x86_64 How reproducible: serving an ext3 filesystem (F9 created, but I believe has acls for all files) from rawhide server to rawhide clients. I've been copying ~ 930GB of .5GB - 5GB files from the nfs volume, and the server kernel oopsed from time to time, yet the copying finished. cat /selinux/enforce 1 (on the server as well as the client).
This is a bug in the credentials subsystem. Also reported against the F10 2.6.29 kernel as bug 499427. *** This bug has been marked as a duplicate of bug 494067 ***