[Bug 1900889] [NEW] BUG: kernel NULL pointer dereference, address: 0000000000000000

Wed, 21 Oct 2020 11:20:51 -0700 

Public bug reported:

While zfs send'ing from Bionic to Focal, my send/recv hung midway and I
found this in the receiver's dmesg:

BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0 
Oops: 0000 [#1] SMP PTI
CPU: 0 PID: 94310 Comm: receive_writer Tainted: P           O      
5.4.0-52-generic #57-Ubuntu
Hardware name: System manufacturer System Product Name/C60M1-I, BIOS 0502 
05/22/2014
RIP: 0010:abd_verify+0xa/0x40 [zfs]
Code: ff 85 c0 74 12 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 5b 5d c3 e8 
04 ff ff ff eb e7 c3 90 55 48 89 e5 41 54 53 48 89 fb <8b> 3f e8 0f ff ff ff 85 
c0 75 22 44 8b 63 1c 48 8b 7b 20 4d 85 e4
RSP: 0018:ffffb797c555baa8 EFLAGS: 00010286
RAX: 0000000000004000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000004000 RSI: 0000000000004000 RDI: 0000000000000000
RBP: ffffb797c555bab8 R08: 0000000000000253 R09: 0000000000000000
R10: ffff953b56a17848 R11: 0000000000000000 R12: 0000000000004000
R13: ffff953ad201d280 R14: 0000000000004000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff953b56a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000151ab4000 CR4: 00000000000006f0
Call Trace:
 abd_borrow_buf+0x19/0x60 [zfs]
 abd_borrow_buf_copy+0x1a/0x50 [zfs]
 zio_crypt_copy_dnode_bonus+0x30/0x130 [zfs]
 arc_buf_untransform_in_place.isra.0+0x2b/0x40 [zfs]
 arc_buf_fill+0x1f0/0x4a0 [zfs]
 arc_untransform+0x22/0x90 [zfs]
 dbuf_read_verify_dnode_crypt+0xed/0x160 [zfs]
 ? atomic_cmpxchg+0x16/0x30 [zfs]
 dbuf_read_impl+0x3ea/0x610 [zfs]
 dbuf_read+0xcb/0x5f0 [zfs]
 ? arc_space_consume+0x54/0xe0 [zfs]
 ? do_raw_spin_unlock+0x9/0x10 [zfs]
 ? __raw_spin_unlock+0x9/0x10 [zfs]
 dmu_bonus_hold_by_dnode+0x92/0x190 [zfs]
 receive_object+0x442/0xae0 [zfs]
 ? __list_del_entry.isra.0+0x22/0x30 [zfs]
 ? atomic_dec+0xd/0x20 [spl]
 receive_process_record+0x170/0x1c0 [zfs]
 receive_writer_thread+0x9a/0x150 [zfs]
 ? receive_process_record+0x1c0/0x1c0 [zfs]
 thread_generic_wrapper+0x83/0xa0 [spl]
 kthread+0x104/0x140
 ? clear_bit+0x20/0x20 [spl]
 ? kthread_park+0x90/0x90
 ret_from_fork+0x22/0x40
Modules linked in: ip6table_filter ip6_tables xt_conntrack iptable_filter 
bpfilter zfs(PO) zunicode(PO) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) 
nls_iso8859_1 zlua(PO) eeepc_wmi asus_wmi sparse_keymap wmi_bmof video ccp 
radeon kvm r8169 realtek k10temp ttm i2c_piix4 drm_kms_helper i2c_algo_bit 
fb_sys_fops syscopyarea sysfillrect sysimgblt wmi sch_fq_codel nf_conntrack 
nf_defrag_ipv6 nf_defrag_ipv4 veth bridge 8021q garp mrp stp llc xt_tcpudp 
xt_owner xt_LOG nf_log_ipv6 nf_log_ipv4 nf_log_common drm ip_tables x_tables 
autofs4 btrfs libcrc32c xor zstd_compress raid6_pq hid_generic usbhid hid ahci 
libahci mac_hid
CR2: 0000000000000000
---[ end trace 374aa76997d6bc9b ]---
RIP: 0010:abd_verify+0xa/0x40 [zfs]
Code: ff 85 c0 74 12 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 5b 5d c3 e8 
04 ff ff ff eb e7 c3 90 55 48 89 e5 41 54 53 48 89 fb <8b> 3f e8 0f ff ff ff 85 
c0 75 22 44 8b 63 1c 48 8b 7b 20 4d 85 e4
RSP: 0018:ffffb797c555baa8 EFLAGS: 00010286
RAX: 0000000000004000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000004000 RSI: 0000000000004000 RDI: 0000000000000000
RBP: ffffb797c555bab8 R08: 0000000000000253 R09: 0000000000000000
R10: ffff953b56a17848 R11: 0000000000000000 R12: 0000000000004000
R13: ffff953ad201d280 R14: 0000000000004000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff953b56a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000151ab4000 CR4: 00000000000006f0

The receiving side uses ZFS native encryption and had the key manually
loaded before sending/receiving. The sending side is unencrypted. The
recv hung after 611MiB out of the 990.4 MB delta.


Additional information:

sending side is a laptop running Bionic:

$ uname -a
Linux simon-lemur 5.4.0-52-generic #57~18.04.1-Ubuntu SMP Thu Oct 15 14:04:49 
UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ dpkg -l| grep zfs
ii  libzfs2linux                               0.7.5-1ubuntu16.10               
               amd64        OpenZFS filesystem library for Linux
ii  zfsutils-linux                             0.7.5-1ubuntu16.10               
               amd64        command-line tools to manage OpenZFS filesystems

receiving side is a small server running Focal:

$ uname -a
Linux ocelot 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 
x86_64 x86_64 x86_64 GNU/Linux
$ dpkg -l| grep zfs
ii  libzfs2linux                         0.8.3-1ubuntu12.4                     
amd64        OpenZFS filesystem library for Linux
ii  zfs-zed                              0.8.3-1ubuntu12.4                     
amd64        OpenZFS Event Daemon
ii  zfsutils-linux                       0.8.3-1ubuntu12.4                     
amd64        command-line tools to manage OpenZFS filesystems

** Affects: zfs-linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1900889

Title:
  BUG: kernel NULL pointer dereference, address: 0000000000000000

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1900889/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to