Ubuntu
zfs-linux package

NULL pointer dereference in abd_copy_to_buf_off

Bug #2002665 reported by Sevan Janiyan on 2023-01-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	zfs-linux (Ubuntu)	New	Undecided	Unassigned

Bug Description

Ubuntu 22.10 riscv64 image on lichee rv board with 3 HDDs attached, 2 in a mirrored zpool, 1 standalone zpool, rsync copying data from single pool to mirrored pool.

[Mon Nov 14 10:05:09 2022] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000019
[Mon Nov 14 10:05:09 2022] Oops [#1]
[Mon Nov 14 10:05:09 2022] Modules linked in: tls binfmt_misc 8723ds(OE) cfg80211 zfs(POE) pwrseq_simple sunxi_cir rc_core zunicode(POE) snd_soc_hdmi_codec zzstd(OE) ses enclosure scsi_transport_sas sunxi phy_generic zlua(OE) sunxi_cedrus(C) v4l2_mem2mem videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 zcommon(POE) videobuf2_common snd_soc_simple_card sun20i_codec snd_soc_dmic snd_soc_simple_card_utils znvpair(POE) zavl(POE) videodev icp(POE) leds_sun50i_r329 snd_soc_core led_class_multicolor spl(OE) mc snd_compress ac97_bus snd_pcm_dmaengine snd_pcm snd_timer snd leds_gpio soundcore nls_iso8859_1 uio_pdrv_genirq uio ramoops pstore_blk efi_pstore reed_solomon pstore_zone dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua ip_tables x_tables autofs4 efivarfs raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear dw_hdmi_i2s_audio dw_hdmi_cec sun8i_drm_hdmi dw_hdmi sun8i_mixer sun4i_drm sun4i_frontend sun4i_tcon sun8i_tcon_top
[Mon Nov 14 10:05:09 2022] display_connector drm_cma_helper drm_kms_helper backlight syscopyarea sysfillrect sysimgblt fb_sys_fops
[Mon Nov 14 10:05:09 2022] CPU: 0 PID: 796 Comm: z_rd_int Tainted: P C OE 5.17.0-1003-allwinner #3-Ubuntu
[Mon Nov 14 10:05:09 2022] Hardware name: Sipeed Lichee RV Dock (DT)
[Mon Nov 14 10:05:09 2022] epc : abd_iterate_func+0x64/0x19a [zfs]
[Mon Nov 14 10:05:09 2022] ra : abd_copy_to_buf_off+0x44/0x62 [zfs]
[Mon Nov 14 10:05:09 2022] epc : ffffffff047fcda6 ra : ffffffff047fd034 sp : ffffffd80ef7ba10
[Mon Nov 14 10:05:09 2022] gp : ffffffff81e93b80 tp : ffffffd829dd7080 t0 : ffffffd82b389780
[Mon Nov 14 10:05:09 2022] t1 : 9ae16a3b2f90404f t2 : ffffffd80d5ec480 s0 : ffffffd80ef7bab0
[Mon Nov 14 10:05:09 2022] s1 : ffffffd82b389730 a0 : 0000000000000019 a1 : 0000000000000000
[Mon Nov 14 10:05:09 2022] a2 : 0000000000020000 a3 : ffffffff047fc000 a4 : ffffffd80ef7bab0
[Mon Nov 14 10:05:09 2022] a5 : 0000000000000000 a6 : 0000000000000000 a7 : 39f52a87d3073d0d
[Mon Nov 14 10:05:09 2022] s2 : ffffffd836b043c0 s3 : 0000000000000007 s4 : 0000000000000000
[Mon Nov 14 10:05:09 2022] s5 : 0000000000020000 s6 : 000000000000000a s7 : ffffffd80d5ecbc8
[Mon Nov 14 10:05:09 2022] s8 : ffffffd80451c000 s9 : 0000000000000007 s10: 0000000000000004
[Mon Nov 14 10:05:09 2022] s11: ffffffd811d36220 t3 : 0000000000ff0000 t4 : 0000002b00000000
[Mon Nov 14 10:05:09 2022] t5 : 000000ff00000000 t6 : 0000000000000002
[Mon Nov 14 10:05:09 2022] status: 0000000200000120 badaddr: 0000000000000019 cause: 000000000000000d
[Mon Nov 14 10:05:09 2022] [<ffffffff047fd034>] abd_copy_to_buf_off+0x44/0x62 [zfs]
[Mon Nov 14 10:05:09 2022] [<ffffffff04806266>] arc_buf_fill+0x332/0xaf8 [zfs]
[Mon Nov 14 10:05:09 2022] [<ffffffff04806d82>] arc_buf_alloc_impl.isra.0+0x2be/0x3e4 [zfs]
[Mon Nov 14 10:05:09 2022] [<ffffffff04806fda>] arc_read_done+0x132/0x3be [zfs]
[Mon Nov 14 10:05:09 2022] [<ffffffff04908c42>] zio_done+0x19a/0xf34 [zfs]
[Mon Nov 14 10:05:09 2022] [<ffffffff049024bc>] zio_execute+0xd8/0x192 [zfs]
[Mon Nov 14 10:05:09 2022] [<ffffffff02279b98>] taskq_thread+0x272/0x41c [spl]
[Mon Nov 14 10:05:09 2022] [<ffffffff8004a87e>] kthread+0xc6/0xdc
[Mon Nov 14 10:05:09 2022] [<ffffffff80003b94>] ret_from_exception+0x0/0xc
[Mon Nov 14 10:05:09 2022] ---[ end trace 0000000000000000 ]---

[Thu Nov 17 09:57:35 2022] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
[Thu Nov 17 09:57:35 2022] Oops [#1]
[Thu Nov 17 09:57:35 2022] Modules linked in: tls binfmt_misc 8723ds(OE) cfg80211 zfs(POE) pwrseq_simple sunxi_cir rc_core zunicode(POE) snd_soc_hdmi_codec zzstd(OE) ses enclosure scsi_transport_sas sunxi phy_generic zlua(OE) sunxi_cedrus(C) v4l2_mem2mem videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 zcommon(POE) videobuf2_common snd_soc_simple_card sun20i_codec snd_soc_dmic snd_soc_simple_card_utils znvpair(POE) zavl(POE) videodev icp(POE) snd_soc_core leds_sun50i_r329 led_class_multicolor spl(OE) mc snd_compress ac97_bus snd_pcm_dmaengine snd_pcm snd_timer snd leds_gpio soundcore nls_iso8859_1 uio_pdrv_genirq uio pstore_blk ramoops reed_solomon pstore_zone efi_pstore dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua ip_tables x_tables autofs4 efivarfs raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear dw_hdmi_cec dw_hdmi_i2s_audio sun4i_drm sun8i_drm_hdmi sun4i_frontend dw_hdmi sun8i_mixer sun4i_tcon drm_cma_helper
[Thu Nov 17 09:57:35 2022] display_connector drm_kms_helper backlight syscopyarea sysfillrect sun8i_tcon_top sysimgblt fb_sys_fops
[Thu Nov 17 09:57:36 2022] CPU: 0 PID: 777 Comm: z_rd_int Tainted: P C OE 5.17.0-1003-allwinner #3-Ubuntu
[Thu Nov 17 09:57:36 2022] Hardware name: Sipeed Lichee RV Dock (DT)
[Thu Nov 17 09:57:36 2022] epc : abd_iterate_func+0x64/0x19a [zfs]
[Thu Nov 17 09:57:36 2022] ra : abd_copy_to_buf_off+0x44/0x62 [zfs]
[Thu Nov 17 09:57:36 2022] epc : ffffffff03b85da6 ra : ffffffff03b86034 sp : ffffffd82a50fa10
[Thu Nov 17 09:57:36 2022] gp : ffffffff81e93b80 tp : ffffffd8048f3200 t0 : ffffffd812855050
[Thu Nov 17 09:57:36 2022] t1 : 9ae16a3b2f90404f t2 : ffffffd814f14480 s0 : ffffffd82a50fab0
[Thu Nov 17 09:57:36 2022] s1 : ffffffd812855000 a0 : 0000000000000008 a1 : 0000000000000000
[Thu Nov 17 09:57:36 2022] a2 : 0000000000020000 a3 : ffffffff03b85000 a4 : ffffffd82a50fab0
[Thu Nov 17 09:57:36 2022] a5 : 0000000000000000 a6 : 0000000000000000 a7 : dc5e038f83fc71d1
[Thu Nov 17 09:57:36 2022] s2 : ffffffd830cb8640 s3 : 0000000000000007 s4 : 0000000000000000
[Thu Nov 17 09:57:36 2022] s5 : 0000000000020000 s6 : 000000000000000a s7 : ffffffd814f14808
[Thu Nov 17 09:57:36 2022] s8 : ffffffd80f4ac000 s9 : 0000000000000007 s10: 0000000000000004
[Thu Nov 17 09:57:36 2022] s11: ffffffd806554000 t3 : 000000007fffffff t4 : 0000000000000002
[Thu Nov 17 09:57:36 2022] t5 : ffffffd814f14480 t6 : 0000000000000002
[Thu Nov 17 09:57:36 2022] status: 0000000200000120 badaddr: 0000000000000008 cause: 000000000000000d
[Thu Nov 17 09:57:36 2022] [<ffffffff03b86034>] abd_copy_to_buf_off+0x44/0x62 [zfs]
[Thu Nov 17 09:57:36 2022] [<ffffffff03b8f266>] arc_buf_fill+0x332/0xaf8 [zfs]
[Thu Nov 17 09:57:36 2022] [<ffffffff03b8fd82>] arc_buf_alloc_impl.isra.0+0x2be/0x3e4 [zfs]
[Thu Nov 17 09:57:36 2022] [<ffffffff03b8ffda>] arc_read_done+0x132/0x3be [zfs]
[Thu Nov 17 09:57:36 2022] [<ffffffff03c91c42>] zio_done+0x19a/0xf34 [zfs]
[Thu Nov 17 09:57:36 2022] [<ffffffff03c8b4bc>] zio_execute+0xd8/0x192 [zfs]
[Thu Nov 17 09:57:36 2022] [<ffffffff02285b98>] taskq_thread+0x272/0x41c [spl]
[Thu Nov 17 09:57:36 2022] [<ffffffff8004a87e>] kthread+0xc6/0xdc
[Thu Nov 17 09:57:36 2022] [<ffffffff80003b94>] ret_from_exception+0x0/0xc
[Thu Nov 17 09:57:36 2022] ---[ end trace 0000000000000000 ]---

See original description

Sevan Janiyan (venture37) on 2023-01-12

summary:

- NULL pointer dereference
+ NULL pointer dereference in abd_copy_to_buf_off

Sevan Janiyan (venture37) on 2023-01-12

description:

updated

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuzfs-linux package

NULL pointer dereference in abd_copy_to_buf_off

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
zfs-linux package