** Also affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: linux-hwe-5.11 (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: linux-hwe-5.11 (Ubuntu Hirsute)
Status: Fix Committed => Invalid
** Changed in: linux-hwe-5.11 (Ubuntu Focal)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Focal)
Status: New => Invalid
--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/1939157
Title:
HWE kernels: NFSv4.1 NULL pointer dereference
Status in linux package in Ubuntu:
Fix Released
Status in linux-hwe-5.11 package in Ubuntu:
New
Status in linux source package in Focal:
Invalid
Status in linux-hwe-5.11 source package in Focal:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Status in linux-hwe-5.11 source package in Hirsute:
Invalid
Bug description:
Ubuntu 20.04 systems running as NFSv4.1 clients are experiencing
crashes (in this case with a NetApp filer mounted):
[ 266.199481] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 266.199495] #PF: supervisor read access in kernel mode
[ 266.199500] #PF: error_code(0x0000) - not-present page
[ 266.199503] PGD 0 P4D 0
[ 266.199511] Oops: 0000 [#1] SMP PTI
[ 266.199518] CPU: 15 PID: 2244 Comm: tracker-extract Not tainted 5.11.0-25-generic #27~20.04.1-Ubuntu
[ 266.199525] Hardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.86B.02.06.0006.032420170950 03/24/2017
[ 266.199529] RIP: 0010:pnfs_mark_matching_lsegs_return+0xfe/0x140 [nfsv4]
[ 266.199631] Code: f0 41 80 4d 50 08 49 8b 06 4d 89 f5 4c 39 75 d0 75 9b 8b 45 bc 85 c0 75 3b 48 8b 45 c8 48 8b 50 38 48 83 c0 38 48 39 c2 74 23 <41> 8b 34 24 48 8b 7d c8 44 89 fa e8 42 e0 ff ff 31 c0 48 83 c4 20
[ 266.199637] RSP: 0018:ffffae23a19a7c88 EFLAGS: 00010297
[ 266.199642] RAX: ffffa048621ef238 RBX: ffffa048621ef238 RCX: 0000000000000000
[ 266.199646] RDX: ffffa04847636780 RSI: ffffa04847636780 RDI: ffffa048621ef200
[ 266.199650] RBP: ffffae23a19a7cd0 R08: 0000000000000001 R09: ffffa086febdcc10
[ 266.199653] R10: ffffa0677ffd6b80 R11: 0000000000000003 R12: 0000000000000000
[ 266.199657] R13: ffffa048621ef228 R14: ffffa048621ef228 R15: 0000000000000000
[ 266.199661] FS: 00007f9de3440340(0000) GS:ffffa086febc0000(0000) knlGS:0000000000000000
[ 266.199665] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 266.199669] CR2: 0000000000000000 CR3: 000000012ed86006 CR4: 00000000001706e0
[ 266.199674] Call Trace:
[ 266.199682] _pnfs_return_layout+0x13d/0x2c0 [nfsv4]
[ 266.199755] ? nfs_put_delegation+0x4c/0x70 [nfsv4]
[ 266.199814] nfs4_evict_inode+0x78/0x80 [nfsv4]
[ 266.199870] evict+0xd2/0x180
[ 266.199879] iput+0x18f/0x200
[ 266.199884] nfs_dentry_iput+0x33/0x60 [nfs]
[ 266.199934] dentry_unlink_inode+0xb8/0x110
[ 266.199946] __dentry_kill+0xdf/0x180
[ 266.199953] dput+0x171/0x320
[ 266.199960] do_renameat2+0x387/0x500
[ 266.199968] __x64_sys_rename+0x45/0x50
[ 266.199974] do_syscall_64+0x38/0x90
[ 266.199987] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 266.199996] RIP: 0033:0x7f9de644200b
[ 266.200003] Code: e8 aa ce 0a 00 85 c0 0f 95 c0 0f b6 c0 f7 d8 5d c3 66 0f 1f 44 00 00 b8 ff ff ff ff 5d c3 90 f3 0f 1e fa b8 52 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 8b 15 51 4e 18 00 f7 d8
[ 266.200008] RSP: 002b:00007ffe70e5f008 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[ 266.200014] RAX: ffffffffffffffda RBX: 000055a5ed503070 RCX: 00007f9de644200b
[ 266.200018] RDX: 000055a5ed37b940 RSI: 000055a5ed1db250 RDI: 000055a5ed4aea00
[ 266.200022] RBP: 000055a5ed503060 R08: 0000000000000000 R09: 0000000000000000
[ 266.200025] R10: 000000000000000d R11: 0000000000000246 R12: 0000000000000001
[ 266.200029] R13: 000055a5ed503078 R14: 000055a5ed503040 R15: 000055a5ed37b980
[ 266.200036] Modules linked in: nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace nfs_ssc fscache intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_
pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper mgag200 rapl joydev input_leds intel_cstate drm_kms_helper ipmi_si ipmi_devintf cec rc_core fb_sys_fops syscopyarea sysfillrect mei_me ipmi_msghandler s
ysimgblt mei ioatdma mac_hid ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 xt_hl ip6t_rt ipt_REJECT nf_reject_ipv4 xt_comment nf_log_ipv4 nf_log_common xt_addrtype xt_limit xt_LOG xt_recent xt_tcpudp sch_fq_codel xt_state xt_conn
This bug occurs in all recent 20.04 HWE kernels (both 5.8 and 5.11).
I believe it is fixed by https://patchwork.kernel.org/project/linux-
nfs/patch/20210519165451.412566-1-Anna.Schumaker@Netapp.com/ -- please
consider backporting this patch.
(The bug was briefly also present in the 5.4 kernels, but was fixed in
5.4.0-79: see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1936673)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1939157/+subscriptions
Комментариев нет:
Отправить комментарий