HWE kernels: NFSv4.1 NULL pointer dereference
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Invalid
|
Undecided
|
Unassigned | ||
Hirsute |
Won't Fix
|
High
|
Unassigned | ||
linux-hwe-5.11 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Ubuntu 20.04 systems running as NFSv4.1 clients are experiencing crashes (in this case with a NetApp filer mounted):
[ 266.199481] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 266.199495] #PF: supervisor read access in kernel mode
[ 266.199500] #PF: error_code(0x0000) - not-present page
[ 266.199503] PGD 0 P4D 0
[ 266.199511] Oops: 0000 [#1] SMP PTI
[ 266.199518] CPU: 15 PID: 2244 Comm: tracker-extract Not tainted 5.11.0-25-generic #27~20.04.1-Ubuntu
[ 266.199525] Hardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.
[ 266.199529] RIP: 0010:pnfs_
[ 266.199631] Code: f0 41 80 4d 50 08 49 8b 06 4d 89 f5 4c 39 75 d0 75 9b 8b 45 bc 85 c0 75 3b 48 8b 45 c8 48 8b 50 38 48 83 c0 38 48 39 c2 74 23 <41> 8b 34 24 48 8b 7d c8 44 89 fa e8 42 e0 ff ff 31 c0 48 83 c4 20
[ 266.199637] RSP: 0018:ffffae23a1
[ 266.199642] RAX: ffffa048621ef238 RBX: ffffa048621ef238 RCX: 0000000000000000
[ 266.199646] RDX: ffffa04847636780 RSI: ffffa04847636780 RDI: ffffa048621ef200
[ 266.199650] RBP: ffffae23a19a7cd0 R08: 0000000000000001 R09: ffffa086febdcc10
[ 266.199653] R10: ffffa0677ffd6b80 R11: 0000000000000003 R12: 0000000000000000
[ 266.199657] R13: ffffa048621ef228 R14: ffffa048621ef228 R15: 0000000000000000
[ 266.199661] FS: 00007f9de344034
[ 266.199665] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 266.199669] CR2: 0000000000000000 CR3: 000000012ed86006 CR4: 00000000001706e0
[ 266.199674] Call Trace:
[ 266.199682] _pnfs_return_
[ 266.199755] ? nfs_put_
[ 266.199814] nfs4_evict_
[ 266.199870] evict+0xd2/0x180
[ 266.199879] iput+0x18f/0x200
[ 266.199884] nfs_dentry_
[ 266.199934] dentry_
[ 266.199946] __dentry_
[ 266.199953] dput+0x171/0x320
[ 266.199960] do_renameat2+
[ 266.199968] __x64_sys_
[ 266.199974] do_syscall_
[ 266.199987] entry_SYSCALL_
[ 266.199996] RIP: 0033:0x7f9de644200b
[ 266.200003] Code: e8 aa ce 0a 00 85 c0 0f 95 c0 0f b6 c0 f7 d8 5d c3 66 0f 1f 44 00 00 b8 ff ff ff ff 5d c3 90 f3 0f 1e fa b8 52 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 51 4e 18 00 f7 d8
[ 266.200008] RSP: 002b:00007ffe70
[ 266.200014] RAX: ffffffffffffffda RBX: 000055a5ed503070 RCX: 00007f9de644200b
[ 266.200018] RDX: 000055a5ed37b940 RSI: 000055a5ed1db250 RDI: 000055a5ed4aea00
[ 266.200022] RBP: 000055a5ed503060 R08: 0000000000000000 R09: 0000000000000000
[ 266.200025] R10: 000000000000000d R11: 0000000000000246 R12: 0000000000000001
[ 266.200029] R13: 000055a5ed503078 R14: 000055a5ed503040 R15: 000055a5ed37b980
[ 266.200036] Modules linked in: nfs_layout_
pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper mgag200 rapl joydev input_leds intel_cstate drm_kms_helper ipmi_si ipmi_devintf cec rc_core fb_sys_fops syscopyarea sysfillrect mei_me ipmi_msghandler s
ysimgblt mei ioatdma mac_hid ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 xt_hl ip6t_rt ipt_REJECT nf_reject_ipv4 xt_comment nf_log_ipv4 nf_log_common xt_addrtype xt_limit xt_LOG xt_recent xt_tcpudp sch_fq_codel xt_state xt_conn
This bug occurs in all recent 20.04 HWE kernels (both 5.8 and 5.11). I believe it is fixed by https:/
(The bug was briefly also present in the 5.4 kernels, but was fixed in 5.4.0-79: see https:/
Changed in linux-hwe-5.11 (Ubuntu Hirsute): | |
status: | New → Fix Committed |
Changed in linux-hwe-5.11 (Ubuntu Hirsute): | |
status: | Fix Committed → Invalid |
Changed in linux-hwe-5.11 (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | New → Invalid |
tags: |
added: verification-done-focal removed: verification-needed-focal |
This was fixed in Ubuntu-5.4.0-80.90 by:
Author: Anna Schumaker <email address hidden> matching_ lsegs_return( )
Date: Wed May 19 12:54:51 2021 -0400
NFSv4: Fix a NULL pointer dereference in pnfs_mark_
For 5.11 this is pending release as Ubuntu-5.11.0-26.28 (currently in -proposed).