From: Andreas Gruenbacher <agruen@suse.de>

Could it be that security/selinux/hooks.c:inode_doinit_with_dentry has a
race?  It does a d_find_alias(inode) and assumes that the d_inode field of
the result is valid.  I did not try to reproduce the Oops so far, but this
would be my first guess:



---

 25-akpm/security/selinux/hooks.c |    1 +
 1 files changed, 1 insertion(+)

diff -puN security/selinux/hooks.c~selinux-inode-race-trap security/selinux/hooks.c
--- 25/security/selinux/hooks.c~selinux-inode-race-trap	2004-04-06 21:08:54.823722344 -0700
+++ 25-akpm/security/selinux/hooks.c	2004-04-06 21:08:54.829721432 -0700
@@ -753,6 +753,7 @@ static int inode_doinit_with_dentry(stru
 			       inode->i_ino);
 			goto out;
 		}
+               BUG_ON(inode != dentry->d_inode);
 
 		len = INITCONTEXTLEN;
 		context = kmalloc(len, GFP_KERNEL);

_