SUSE Support

Here When You Need Us

kernel crashes due to NULL pointer dereference bug in the nfsd module

This document (000021042) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP2

Situation

A SLES15 SP3 system crashes due to NULL pointer dereference bug in the nfsd module.
An example of the crash stack trace in the kernel kdump's "dmesg.txt" is shown below:
  [1149777.870651] BUG: kernel NULL pointer dereference, address: 0000000000000010
  [1149777.870662] #PF: supervisor write access in kernel mode
  [1149777.870665] #PF: error_code(0x0002) - not-present page
  [1149777.870666] PGD 0 P4D 0
  [1149777.870670] Oops: 0002 [#1] SMP PTI
  [1149777.870673] CPU: 1 PID: 28663 Comm: kworker/u4:1 Kdump: loaded Tainted: P           OE     N 5.3.18-150300.59.68-default #1 SLE15-SP3
  [1149777.870677] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
  [1149777.870701] Workqueue: nfsd4 laundromat_main [nfsd]
  [1149777.870707] RIP: 0010:_raw_spin_lock+0xc/0x20
  [1149777.870710] Code: 01 00 00 75 05 48 89 d8 5b c3 e8 0f 36 7d ff 48 89 d8 5b c3 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 31 c0 ba 01 00 00 00 <f0> 0f b1 17 75 02 f3 c3 89 c6 e8 d5 1c 7d ff 66 90 c3 66 90 66 66
  [1149777.870714] RSP: 0018:ffffb29000773e08 EFLAGS: 00010246
  [1149777.870716] RAX: 0000000000000000 RBX: ffffa01f5b749e80 RCX: 0000000000000054
  [1149777.870718] RDX: 0000000000000001 RSI: 0000000000000080 RDI: 0000000000000010
  [1149777.870720] RBP: 0000000000000010 R08: ffffa01fabea4c98 R09: 8080808080808080
  [1149777.870721] R10: ffffb2900008fdc8 R11: fefefefefefefeff R12: ffffa01f5b749eb8
  [1149777.870723] R13: ffffa01fabea4d30 R14: ffffa01f5b749ed8 R15: 0000000000000000
  [1149777.870725] FS:  0000000000000000(0000) GS:ffffa0203fd00000(0000) knlGS:0000000000000000
  [1149777.870727] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [1149777.870729] CR2: 0000000000000010 CR3: 00000001e8064000 CR4: 00000000000006e0
  [1149777.870761] Call Trace:
  [1149777.870772]  unhash_delegation_locked+0x39/0xa0 [nfsd]
  [1149777.870781]  laundromat_main+0x23e/0x530 [nfsd]
  [1149777.870787]  process_one_work+0x1f4/0x3e0
  [1149777.870790]  worker_thread+0x2d/0x3e0
  [1149777.870793]  ? process_one_work+0x3e0/0x3e0
  [1149777.870795]  kthread+0x10d/0x130
  [1149777.870797]  ? kthread_park+0xa0/0xa0
  [1149777.870799]  ret_from_fork+0x35/0x40

Resolution

This bug is fixed in SLES15 SP3 kernel version 5.3.18-150300.59.106.1 or later.

The bug fix is also back ported to SLES15 SP2 LTSS kernel version 5.3.18-150200.24.145.1 or later.

Cause

The issue is caused by a NULL pointer dereference bug in the nfsd module of the kernel.

Status

Top Issue

Additional Information

The release notes for the kernel patches ("SUSE-SLE-Module-Basesystem-15-SP3-2022-3264" and "SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-778") contains the following description:
- nfsd: fix use-after-free due to delegation race

The changelog for the fix in the "kernel-default" package also contains similar description:
# rpm -q --changelog kernel-default
...
- nfsd: fix use-after-free due to delegation race.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021042
  • Creation Date: 17-Apr-2023
  • Modified Date:17-Apr-2023
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.