LZ4_uncompress_unknownOutputSize NULL Pointer Deref #18052
Description
System information
| Type | Version/Name |
|---|---|
| Distribution Name | Arch |
| Distribution Version | rolling |
| Kernel Version | 6.6.119 (grsec, zfs built-in with the patches recently upstreamed for memory fixes included) |
| Architecture | x86_64 |
| OpenZFS Version | 2.3.4 |
Describe the problem you're observing
zfs_lz4_decompress fails with a null pointer deref
Describe how to reproduce the problem
Would if i could, happened overnight on my work laptop which wasn't doing anything w/ ZFS per se at the time other than passive storage IOs in an idle state (not suspended).
Include any warning/errors/backtraces from the system logs
<1>[53495.797682][T1219102] BUG: kernel NULL pointer dereference, address: 0000000000000016
<1>[53495.797686][T1219102] #PF: supervisor write access in kernel mode
<1>[53495.797687][T1219102] #PF: error_code(0x0002) - not-present page
<6>[53495.797688][T1219102] PGD 0xffff88800332c000 0000000000000000
<6>[53495.797688][T1219102] P4D 0xffff88800332c000 0000000000000000
<4>[53495.797736][T1219102] Oops: 0002 [#1] PREEMPT SMP
<4>[53495.797737][T1219102] CPU: 9 PID: 1219102 Comm: Isolated Web Co Tainted: G U OE 6.6.119-grsec #1 b942eee061ed424af13d38c08c136db09dc042b5
Oops#1 Part3
<4>[53495.797739][T1219102] Hardware name: Micro-Star International Co., Ltd. Titan 18 HX A14VIG/MS-1822, BIOS E1822IMS.117 12/05/2024
<4>[53495.797740][T1219102] RIP: 0010:[<ffffffff81676ec9>] LZ4_uncompress_unknownOutputSize+0xb9/0x7f0
<4>[53495.797744][T1219102] Code: 8d 56 01 44 89 c1 45 89 c7 c1 e9 04 83 f9 0f 0f 84 e4 00 00 00 4c 8d 0c 0f 4c 89 c8 48 39 14 24 0f 82 a7 05 00 00 48 8b 76 01 <48> 89 37 48 8b 72 08 48 89 77 08 48 8d 34 0a 44 0f b7 36 45 89 f8
<4>[53495.797745][T1219102] RSP: 0000:ffffc9000a1e36a0 EFLAGS: 00010216
<4>[53495.797746][T1219102] RAX: 0000000000000016 RBX: ffff888902937208 RCX: 0000000000000000
<4>[53495.797747][T1219102] RBP: ffff8889029371f9 R08: 000000000000000f R09: 0000000000000016
<4>[53495.797747][T1219102] RDX: ffff888902935b5e RSI: 637ef611f41b0180 RDI: 0000000000000016
<4>[53495.797748][T1219102] R10: ffffc90098a2c000 R11: ffff888902934004 R12: ffff888902937204
<4>[53495.797748][T1219102] R13: 0000000000000280 R14: 0000000000000280 R15: 000000000000000f
<4>[53495.797771][T1219102] RSP: vmalloc[kernel_clone]+0xbb/0x380
<4>[53495.797781][T1219102] R10: vmalloc[spl_cache_grow_work]+0x9e/0x310
<4>[53495.797792][T1219102] FS: 00006e2ac6f2c7c0(0000) GS:ffff88afe5c00000(0000) knlGS:00006e2600000000
<4>[53495.797793][T1219102] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[53495.797794][T1219102] CR2: 0000000000000016 CR3: 000000000332c002 CR4: 0000000000f60ef0 shadow CR4: 0000000000f60ef0
<4>[53495.797797][T1219102] ASID: 0001
<4>[53495.797797][T1219102] PKRU: 55555554
<4>[53495.797798][T1219102] ffff8889029371f7 ffffc90098a4bfc0 ffffc90098a4c000 ffffc90098a4bfe0
<4>[53495.797798][T1219102] Stack:
<4>[53495.797800][T1219102] 0048004800480048 976c1cacc2746850 0000000000004000 0000000000020000
<4>[53495.797801][T1219102] ffff888902934000 ffffc9000a1e3770 ffff888852018bc0 ffffc90098a2c000
<4>[53495.797803][T1219102] Call Trace:
<4>[53495.797804][T1219102] <TASK>
<4>[53495.797805][T1219102] [<ffffffff81677f74>] zfs_lz4_decompress+0x64/0xb0 ffffc9000a1e3700
<4>[53495.797808][T1219102] [<ffffffff815e507d>] arc_buf_fill+0x14d/0xac0 ffffc9000a1e3740
<4>[53495.797810][T1219102] [<ffffffff815e8682>] arc_read+0x1422/0x1680 ffffc9000a1e3808
<4>[53495.797812][T1219102] [<ffffffff815fd480>] ? __pfx_dbuf_read_done+0x10/0x10 ffffc9000a1e3850
<4>[53495.797814][T1219102] [<ffffffff815ffeda>] dbuf_read_impl.constprop.0+0x29a/0x730 ffffc9000a1e3900
<4>[53495.797817][T1219102] [<ffffffff81600ef9>] dbuf_read+0x269/0x5f0 ffffc9000a1e3a10
<4>[53495.797819][T1219102] [<ffffffff8160180a>] dbuf_hold_impl+0x57a/0x7e0 ffffc9000a1e3a90
<4>[53495.797820][T1219102] [<ffffffff816329b9>] ? dmu_zfetch_prepare+0x5e9/0xbb0 ffffc9000a1e3aa8
<4>[53495.797823][T1219102] [<ffffffff81601b31>] dbuf_hold+0x31/0x70 ffffc9000a1e3af8
<4>[53495.797824][T1219102] [<ffffffff8161229e>] dmu_buf_hold_array_by_dnode+0x15e/0x590 ffffc9000a1e3b20
<4>[53495.797827][T1219102] [<ffffffff816127cd>] dmu_read_impl+0xad/0x200 ffffc9000a1e3ba8
<4>[53495.797828][T1219102] [<ffffffff81612990>] dmu_read+0x60/0xb0 ffffc9000a1e3c10
<4>[53495.797829][T1219102] [<ffffffff8118a2ee>] ? ____pax_expose_page_prot+0xde/0x170 ffffc9000a1e3c18
<4>[53495.797831][T1219102] [<ffffffff8175dda4>] zfs_fillpage+0x94/0x280 ffffc9000a1e3c50
<4>[53495.797834][T1219102] [<ffffffff8175f18f>] zfs_getpage+0xaf/0x2d0 ffffc9000a1e3c88
<4>[53495.797836][T1219102] [<ffffffff81772bd6>] zpl_read_folio+0x36/0x70 ffffc9000a1e3cd0
<4>[53495.797838][T1219102] [<ffffffff81349c74>] filemap_read_folio+0x24/0x90 ffffc9000a1e3cf8
<4>[53495.797841][T1219102] [<ffffffff8134cea8>] filemap_fault+0x7a8/0xcd0 ffffc9000a1e3d18
<4>[53495.797842][T1219102] [<ffffffff8134b13d>] ? filemap_map_pages+0x4bd/0x5c0 ffffc9000a1e3d20
<4>[53495.797844][T1219102] [<ffffffff81391cfc>] ? __do_fault+0x3c/0xe0 ffffc9000a1e3dc8
<4>[53495.797846][T1219102] [<ffffffff81391cfc>] __do_fault+0x3c/0xe0 ffffc9000a1e3dd0
<4>[53495.797847][T1219102] [<ffffffff8139ac3a>] __handle_mm_fault+0x11fa/0x19d0 ffffc9000a1e3de8
<4>[53495.797848][T1219102] [<ffffffff82009db5>] ? mt_find+0x205/0x4d0 ffffc9000a1e3df8
<4>[53495.797851][T1219102] [<ffffffff8139b519>] handle_mm_fault+0xf9/0x320 ffffc9000a1e3eb8
<4>[53495.797853][T1219102] [<ffffffff8117e20f>] do_user_addr_fault+0x20f/0x710 ffffc9000a1e3ef0
<4>[53495.797855][T1219102] [<ffffffff8202f5d6>] exc_page_fault+0x86/0xb0 ffffc9000a1e3f30
<4>[53495.797856][T1219102] [<ffffffff8100269e>] asm_exc_page_fault+0x1e/0x30 ffffc9000a1e3f58
<4>[53495.797858][T1219102] <PTREGS>
<4>[53495.797858][T1219102] </TASK>