This bug was fixed in the package linux-gcp - 6.14.0-1006.6
---------------
linux-gcp (6.14.0-1006.6) plucky; urgency=medium
* plucky/linux-gcp: 6.14.0-1006.6 -proposed tracker (LP: #2106486)
* Null pointer dereference in gVNIC driver (LP: #2106281)
- gve: unlink old napi only if page pool exists
* GCP kernels need CONFIG_VIRTIO_BALLOON=m (not =y) (LP: #2105142)
- [Packaging] gcp: Make virtio_balloon loadable
-- Paolo Pisati <paolo.pis...@canonical.com> Tue, 08 Apr 2025 16:10:13
+0200
** Changed in: linux-gcp (Ubuntu Plucky)
Status: New => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gcp in Ubuntu.
https://bugs.launchpad.net/bugs/2106281
Title:
Null pointer dereference in gVNIC driver
Status in linux-gcp package in Ubuntu:
Fix Released
Status in linux-gcp source package in Plucky:
Fix Released
Bug description:
Observed on ubuntu-minimal-2504-amd64
[ 4.448521] BUG: kernel NULL pointer dereference, address: 0000000000000018
[ 4.449600] #PF: supervisor read access in kernel mode
[ 4.450348] #PF: error_code(0x0000) - not-present page
[ 4.451108] PGD 1043af067 P4D 0
[ 4.451716] Oops: Oops: 0000 [#1] SMP NOPTI
[ 4.452455] CPU: 0 UID: 0 PID: 396 Comm: ip Not tainted 6.14.0-1005-gcp
#5-Ubuntu
[ 4.453625] Hardware name: Google Google Compute Engine/Google Compute
Engine, BIOS Google 02/01/2025
[ 4.454914] RIP: 0010:page_pool_disable_direct_recycling+0x5/0x80
[ 4.455799] Code: 8b 45 d8 e9 5f ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00
66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 <48> 8b 47
18 c7 47 30 ff ff ff ff 48 85 c0 74 49 55 48 89 e5 53 48
[ 4.458573] RSP: 0000:ff81f068c08df338 EFLAGS: 00010246
[ 4.459317] RAX: 0000000000000000 RBX: ff4330c2429a7a80 RCX:
0000000000000000
[ 4.460289] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000000000000000
[ 4.461268] RBP: ff81f068c08df360 R08: 0000000000000000 R09:
0000000000000000
[ 4.462223] R10: 0000000000000000 R11: 0000000000000000 R12:
0000000000000000
[ 4.463183] R13: 0000000000000004 R14: ff4330c2440ee800 R15:
ff4330c2429a7000
[ 4.464178] FS: 000071c7060a3840(0000) GS:ff4330c27bc00000(0000)
knlGS:0000000000000000
[ 4.465272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4.466075] CR2: 0000000000000018 CR3: 0000000102984003 CR4:
0000000000371ef0
[ 4.467059] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 4.468026] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7:
0000000000000400
[ 4.469064] Call Trace:
[ 4.469434] <TASK>
[ 4.469760] ? show_trace_log_lvl+0x1be/0x310
[ 4.470398] ? show_trace_log_lvl+0x1be/0x310
[ 4.471183] ? gve_queues_stop+0x27a/0x380 [gve]
[ 4.471849] ? show_regs.part.0+0x22/0x30
[ 4.472470] ? __die_body.cold+0x8/0x10
[ 4.473177] ? __die+0x2a/0x40
[ 4.473625] ? page_fault_oops+0x16e/0x180
[ 4.474217] ? do_user_addr_fault+0x4a1/0x7b0
[ 4.474924] ? exc_page_fault+0x85/0x1a0
[ 4.475496] ? asm_exc_page_fault+0x27/0x30
[ 4.476100] ? page_pool_disable_direct_recycling+0x5/0x80
[ 4.476883] ? gve_rx_stop_ring_dqo+0x42/0x90 [gve]
[ 4.477587] gve_queues_stop+0x27a/0x380 [gve]
[ 4.478274] ? _raw_spin_unlock_bh+0x1d/0x30
[ 4.478924] gve_close+0x1b/0x40 [gve]
[ 4.479524] __dev_close_many+0xae/0x160
[ 4.480083] __dev_change_flags+0xe6/0x230
[ 4.480654] dev_change_flags+0x27/0x80
[ 4.481191] do_setlink.isra.0+0x321/0xd90
[ 4.481774] ? __netlink_sendskb+0x50/0x80
[ 4.482359] ? netlink_unicast+0x2cf/0x350
[ 4.482951] __rtnl_newlink+0x2fc/0x3d0
[ 4.483530] rtnl_newlink+0x4df/0x960
[ 4.484192] ? security_capable+0x44/0x80
[ 4.484977] rtnetlink_rcv_msg+0x22c/0x440
[ 4.485784] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 4.486681] netlink_rcv_skb+0x52/0x100
[ 4.487318] rtnetlink_rcv+0x15/0x30
[ 4.487891] netlink_unicast+0x226/0x350
[ 4.488518] netlink_sendmsg+0x214/0x460
[ 4.489186] ____sys_sendmsg+0x3b1/0x3f0
[ 4.489748] ___sys_sendmsg+0x9a/0xf0
[ 4.490277] __sys_sendmsg+0x8d/0xf0
[ 4.490780] __x64_sys_sendmsg+0x1d/0x30
[ 4.491556] x64_sys_call+0x6f9/0x2310
[ 4.492161] do_syscall_64+0x7e/0x170
[ 4.492430] audit: type=1400 audit(1743697813.007:9): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="Xorg" pid=391
comm="apparmor_parser"
[ 4.492684] ? fsnotify_grab_connector+0x49/0x90
[ 4.492687] ? __call_rcu_common+0xc9/0x330
[ 4.495942] ? fsnotify_destroy_marks+0x31/0x180
[ 4.496620] ? __pfx_i_callback+0x10/0x10
[ 4.497250] ? call_rcu+0x34/0x50
[ 4.497746] ? __memcg_slab_free_hook+0x103/0x180
[ 4.498389] ? __memcg_slab_free_hook+0x103/0x180
[ 4.499052] ? __fput+0x1a2/0x2d0
[ 4.499516] ? kmem_cache_free+0x3df/0x440
[ 4.500125] ? __fput+0x1a2/0x2d0
[ 4.500654] ? arch_exit_to_user_mode_prepare.isra.0+0x22/0xd0
[ 4.501518] ? syscall_exit_to_user_mode+0x38/0x1d0
[ 4.502194] ? do_syscall_64+0x8a/0x170
[ 4.502735] ? __count_memcg_events+0xd8/0x1a0
[ 4.503447] ? count_memcg_events.constprop.0+0x2a/0x50
[ 4.504159] ? handle_mm_fault+0x1b1/0x2d0
[ 4.504734] ? do_user_addr_fault+0x5af/0x7b0
[ 4.505387] ? arch_exit_to_user_mode_prepare.isra.0+0x22/0xd0
[ 4.506328] ? irqentry_exit_to_user_mode+0x2d/0x1d0
[ 4.507173] ? irqentry_exit+0x21/0x40
[ 4.507802] ? clear_bhb_loop+0x15/0x70
[ 4.508421] ? clear_bhb_loop+0x15/0x70
[ 4.509005] ? clear_bhb_loop+0x15/0x70
[ 4.509545] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 4.510300] RIP: 0033:0x71c705e9f2a6
[ 4.510888] Code: 00 00 48 8b 15 53 1b 17 00 64 89 02 48 c7 c2 ff ff ff ff
48 8b 5d f8 c9 48 89 d0 c3 0f 1f 84 00 00 00 00 00 48 8b 45 10 0f 05 <48> 63 d0
3d 00 f0 ff ff 77 10 48 8b 5d f8 48 89 d0 c9 c3 0f 1f 80
[ 4.513685] RSP: 002b:00007ffcffbb2330 EFLAGS: 00000202 ORIG_RAX:
000000000000002e
[ 4.514929] RAX: ffffffffffffffda RBX: 000071c7060a3840 RCX:
000071c705e9f2a6
[ 4.516053] RDX: 0000000000000000 RSI: 00007ffcffbb23c0 RDI:
0000000000000003
[ 4.517044] RBP: 00007ffcffbb2340 R08: 0000000000000000 R09:
0000000000000000
[ 4.518080] R10: 0000000000000000 R11: 0000000000000202 R12:
00007ffcffbb2a40
[ 4.519179] R13: 00005abc6e01e040 R14: 0000000000000000 R15:
0000000000000003
[ 4.520242] </TASK>
[ 4.520595] Modules linked in: binfmt_misc nls_iso8859_1 8021q garp mrp
stp llc polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3
sha1_ssse3 aesni_intel crypto_simd psmouse cryptd gve input_leds serio_raw
sch_fq_codel nvme_fabrics efi_pstore vsock_loopback
vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock vmw_vmci
dmi_sysfs virtio_rng ip_tables x_tables autofs4
[ 4.525736] CR2: 0000000000000018
[ 4.526307] ---[ end trace 0000000000000000 ]---
[ 4.622139] RIP: 0010:page_pool_disable_direct_recycling+0x5/0x80
[ 4.623072] Code: 8b 45 d8 e9 5f ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00
66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 <48> 8b 47
18 c7 47 30 ff ff ff ff 48 85 c0 74 49 55 48 89 e5 53 48
[ 4.625706] RSP: 0000:ff81f068c08df338 EFLAGS: 00010246
[ 4.626427] RAX: 0000000000000000 RBX: ff4330c2429a7a80 RCX:
0000000000000000
[ 4.627455] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
0000000000000000
[ 4.628498] RBP: ff81f068c08df360 R08: 0000000000000000 R09:
0000000000000000
[ 4.629475] R10: 0000000000000000 R11: 0000000000000000 R12:
0000000000000000
[ 4.630490] R13: 0000000000000004 R14: ff4330c2440ee800 R15:
ff4330c2429a7000
[ 4.631769] FS: 000071c7060a3840(0000) GS:ff4330c27bc00000(0000)
knlGS:0000000000000000
[ 4.632994] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4.633935] CR2: 0000000000000018 CR3: 0000000102984004 CR4:
0000000000371ef0
[ 4.635048] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 4.636214] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7:
0000000000000400
[ 4.637245] Kernel panic - not syncing: Fatal exception
[ 4.638384] Kernel Offset: 0x34a00000 from 0xffffffff81000000 (relocation
range: 0xffffffff80000000-0xffffffffbfffffff)
[ 4.736793] Rebooting in 10 seconds..
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2106281/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
