[Kernel-packages] [Bug 1939157] Re: HWE kernels: NFSv4.1 NULL pointer dereference

Wed, 11 Aug 2021 07:05:49 -0700 

** Also affects: linux-hwe-5.11 (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: linux-hwe-5.11 (Ubuntu Hirsute)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1939157

Title:
  HWE kernels: NFSv4.1 NULL pointer dereference

Status in linux package in Ubuntu:
  Fix Released
Status in linux-hwe-5.11 package in Ubuntu:
  New
Status in linux source package in Hirsute:
  Fix Committed
Status in linux-hwe-5.11 source package in Hirsute:
  Fix Committed

Bug description:
  Ubuntu 20.04 systems running as NFSv4.1 clients are experiencing
  crashes (in this case with a NetApp filer mounted):

  [  266.199481] BUG: kernel NULL pointer dereference, address: 0000000000000000
  [  266.199495] #PF: supervisor read access in kernel mode
  [  266.199500] #PF: error_code(0x0000) - not-present page
  [  266.199503] PGD 0 P4D 0
  [  266.199511] Oops: 0000 [#1] SMP PTI
  [  266.199518] CPU: 15 PID: 2244 Comm: tracker-extract Not tainted 
5.11.0-25-generic #27~20.04.1-Ubuntu
  [  266.199525] Hardware name: Intel Corporation S2600GZ/S2600GZ, BIOS 
SE5C600.86B.02.06.0006.032420170950 03/24/2017
  [  266.199529] RIP: 0010:pnfs_mark_matching_lsegs_return+0xfe/0x140 [nfsv4]
  [  266.199631] Code: f0 41 80 4d 50 08 49 8b 06 4d 89 f5 4c 39 75 d0 75 9b 8b 
45 bc 85 c0 75 3b 48 8b 45 c8 48 8b 50 38 48 83 c0 38 48 39 c2 74 23 <41> 8b 34 
24 48 8b 7d c8 44 89 fa e8 42 e0 ff ff 31 c0 48 83 c4 20
  [  266.199637] RSP: 0018:ffffae23a19a7c88 EFLAGS: 00010297
  [  266.199642] RAX: ffffa048621ef238 RBX: ffffa048621ef238 RCX: 
0000000000000000
  [  266.199646] RDX: ffffa04847636780 RSI: ffffa04847636780 RDI: 
ffffa048621ef200
  [  266.199650] RBP: ffffae23a19a7cd0 R08: 0000000000000001 R09: 
ffffa086febdcc10
  [  266.199653] R10: ffffa0677ffd6b80 R11: 0000000000000003 R12: 
0000000000000000
  [  266.199657] R13: ffffa048621ef228 R14: ffffa048621ef228 R15: 
0000000000000000
  [  266.199661] FS:  00007f9de3440340(0000) GS:ffffa086febc0000(0000) 
knlGS:0000000000000000
  [  266.199665] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [  266.199669] CR2: 0000000000000000 CR3: 000000012ed86006 CR4: 
00000000001706e0
  [  266.199674] Call Trace:
  [  266.199682]  _pnfs_return_layout+0x13d/0x2c0 [nfsv4]
  [  266.199755]  ? nfs_put_delegation+0x4c/0x70 [nfsv4]
  [  266.199814]  nfs4_evict_inode+0x78/0x80 [nfsv4]
  [  266.199870]  evict+0xd2/0x180
  [  266.199879]  iput+0x18f/0x200
  [  266.199884]  nfs_dentry_iput+0x33/0x60 [nfs]
  [  266.199934]  dentry_unlink_inode+0xb8/0x110
  [  266.199946]  __dentry_kill+0xdf/0x180
  [  266.199953]  dput+0x171/0x320
  [  266.199960]  do_renameat2+0x387/0x500
  [  266.199968]  __x64_sys_rename+0x45/0x50
  [  266.199974]  do_syscall_64+0x38/0x90
  [  266.199987]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
  [  266.199996] RIP: 0033:0x7f9de644200b
  [  266.200003] Code: e8 aa ce 0a 00 85 c0 0f 95 c0 0f b6 c0 f7 d8 5d c3 66 0f 
1f 44 00 00 b8 ff ff ff ff 5d c3 90 f3 0f 1e fa b8 52 00 00 00 0f 05 <48> 3d 00 
f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 51 4e 18 00 f7 d8
  [  266.200008] RSP: 002b:00007ffe70e5f008 EFLAGS: 00000246 ORIG_RAX: 
0000000000000052
  [  266.200014] RAX: ffffffffffffffda RBX: 000055a5ed503070 RCX: 
00007f9de644200b
  [  266.200018] RDX: 000055a5ed37b940 RSI: 000055a5ed1db250 RDI: 
000055a5ed4aea00
  [  266.200022] RBP: 000055a5ed503060 R08: 0000000000000000 R09: 
0000000000000000
  [  266.200025] R10: 000000000000000d R11: 0000000000000246 R12: 
0000000000000001
  [  266.200029] R13: 000055a5ed503078 R14: 000055a5ed503040 R15: 
000055a5ed37b980
  [  266.200036] Modules linked in: nfs_layout_nfsv41_files rpcsec_gss_krb5 
auth_rpcgss nfsv4 nfs lockd grace nfs_ssc fscache intel_rapl_msr 
intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp 
crct10dif_
  pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper mgag200 
rapl joydev input_leds intel_cstate drm_kms_helper ipmi_si ipmi_devintf cec 
rc_core fb_sys_fops syscopyarea sysfillrect mei_me ipmi_msghandler s
  ysimgblt mei ioatdma mac_hid ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 xt_hl 
ip6t_rt ipt_REJECT nf_reject_ipv4 xt_comment nf_log_ipv4 nf_log_common 
xt_addrtype xt_limit xt_LOG xt_recent xt_tcpudp sch_fq_codel xt_state xt_conn

  This bug occurs in all recent 20.04 HWE kernels (both 5.8 and 5.11).
  I believe it is fixed by https://patchwork.kernel.org/project/linux-
  nfs/patch/20210519165451.412566-1-anna.schuma...@netapp.com/ -- please
  consider backporting this patch.

  (The bug was briefly also present in the 5.4 kernels, but was fixed in
  5.4.0-79: see
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1936673)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1939157/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to