Skip to content

null deref RIP: 0010:sa_find_idx_tab+0x89/0x270 [zfs] #18159

New issue
New issue
Open
Open
null deref RIP: 0010:sa_find_idx_tab+0x89/0x270 [zfs]#18159
Labels
Type: DefectIncorrect behavior (e.g. crash, hang)
@evrim

Description

@evrim
evrim
opened on Jan 28, 2026

System information

Type Version/Name
Distribution Name Nixos
Distribution Version 26
Kernel Version Linux 6.6.119
Architecture amd64
OpenZFS Version 2.4.0

Describe the problem you're observing

[    5.180801] BUG: kernel NULL pointer dereference, address: 0000000000000058
[    5.182575] #PF: supervisor read access in kernel mode
[    5.183663] #PF: error_code(0x0000) - not-present page
[    5.184789] PGD 0 P4D 0
[    5.185505] Oops: 0000 [#1] PREEMPT SMP NOPTI
[    5.186628] CPU: 1 PID: 401 Comm: mount.zfs Tainted: P           O       6.6.119 #1-NixOS
[    5.188700] Hardware name: Linode Compute Instance, BIOS Not Specified
[    5.190272] RIP: 0010:sa_find_idx_tab+0x89/0x270 [zfs]
[    5.191514] Code: ba 01 00 00 00 66 25 ff 03 0f 44 c2 0f b7 c0 48 8d 95 58 ff ff ff 49 8d 7e 68 48 89 45 90 e8 7e fa e6 ff 49 89 c0 4c 8d 50 58 <48> 8b 40 58 49 39 c2 0f 84 9c 00 00 00 4d 8b 78 58 4d 2b 78 50 4d
[    5.195737] RSP: 0018:ffffd24100cc38b8 EFLAGS: 00010246
[    5.196841] RAX: 0000000000000000 RBX: ffff8967424c4200 RCX: 0000000000000000
[    5.198706] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[    5.200390] RBP: ffffd24100cc3978 R08: 0000000000000000 R09: 0000000000000001
[    5.202134] R10: 0000000000000058 R11: ffff89677fff8000 R12: ffff8967486ee800
[    5.203819] R13: 000000000000002c R14: ffff8967485bbf00 R15: ffff8967469cbcc0
[    5.205699] FS:  00007f123afc2600(0000) GS:ffff89677bd00000(0000) knlGS:0000000000000000
[    5.207777] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    5.209190] CR2: 0000000000000058 CR3: 00000001024c6006 CR4: 0000000000770ee0
[    5.211055] PKRU: 55555554
[    5.211835] Call Trace:
[    5.212570]  <TASK>
[    5.213045]  ? srso_alias_return_thunk+0x5/0xfbef5
[    5.214236]  ? kmem_cache_alloc+0x1c0/0x370
[    5.215321]  sa_build_index+0x98/0x2f0 [zfs]
[    5.216758]  sa_handle_get_from_db+0x137/0x190 [zfs]
[    5.218155]  zfs_znode_sa_init+0xae/0xe0 [zfs]
[    5.219616]  zfs_znode_alloc+0x1a8/0x810 [zfs]
[    5.220881]  zfs_zget+0x24b/0x290 [zfs]
[    5.221813]  zfs_domount+0x3f5/0x630 [zfs]
[    5.222804]  ? srso_alias_return_thunk+0x5/0xfbef5
[    5.224015]  zpl_mount+0x2a8/0x370 [zfs]
[    5.225172]  legacy_get_tree+0x2b/0x50
[    5.226131]  vfs_get_tree+0x29/0xf0
[    5.226885]  ? srso_alias_return_thunk+0x5/0xfbef5
[    5.228105]  path_mount+0x542/0xaf0
[    5.228862]  ? srso_alias_return_thunk+0x5/0xfbef5
[    5.230055]  __x64_sys_mount+0x117/0x150
[    5.231098]  do_syscall_64+0x39/0x90
[    5.232072]  entry_SYSCALL_64_after_hwframe+0x78/0xe2
[    5.233141] RIP: 0033:0x7f123b7efd1e
[    5.233916] Code: 48 8b 0d f5 70 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 70 0d 00 f7 d8 64 89 01 48
[    5.237772] RSP: 002b:00007ffff4333e98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[    5.239349] RAX: ffffffffffffffda RBX: 000055761da10de0 RCX: 00007f123b7efd1e
[    5.240927] RDX: 00007f123c2e4737 RSI: 00007ffff4339320 RDI: 000055761da10df0
[    5.242424] RBP: 00007ffff4335f00 R08: 00007ffff4334ec0 R09: 0000000000000000
[    5.243920] R10: 0000000000200000 R11: 0000000000000246 R12: 0000000000000004
[    5.245439] R13: 00007ffff4339320 R14: 000055761da10df0 R15: 00007ffff43361d0
[    5.246921]  </TASK>
[    5.247412] Modules linked in: atkbd libps2 vivaldi_fmap i8042 crc32c_intel serio zfs(PO) spl(O) vmxnet3 vmwgfx vmw_vmci vmw_pvscsi virtio_pci virtio virtio_pci_legacy_dev virtio_pci_modern_dev virtio_ring sr_mod cdrom sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_pclmul crct10dif_common pata_acpi lpc_ich intel_agp intel_gtt i2c_piix4 i2c_i801 i2c_smbus dm_mod dax cirrus bochs drm_vram_helper drm_ttm_helper ttm ata_piix ata_generic ahci libahci libata scsi_mod scsi_common
[    5.256454] CR2: 0000000000000058
[    5.257175] ---[ end trace 0000000000000000 ]---
[    5.258156] RIP: 0010:sa_find_idx_tab+0x89/0x270 [zfs]
[    5.259376] Code: ba 01 00 00 00 66 25 ff 03 0f 44 c2 0f b7 c0 48 8d 95 58 ff ff ff 49 8d 7e 68 48 89 45 90 e8 7e fa e6 ff 49 89 c0 4c 8d 50 58 <48> 8b 40 58 49 39 c2 0f 84 9c 00 00 00 4d 8b 78 58 4d 2b 78 50 4d
[    5.263223] RSP: 0018:ffffd24100cc38b8 EFLAGS: 00010246
[    5.264325] RAX: 0000000000000000 RBX: ffff8967424c4200 RCX: 0000000000000000
[    5.265844] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[    5.267337] RBP: ffffd24100cc3978 R08: 0000000000000000 R09: 0000000000000001
[    5.268829] R10: 0000000000000058 R11: ffff89677fff8000 R12: ffff8967486ee800
[    5.270325] R13: 000000000000002c R14: ffff8967485bbf00 R15: ffff8967469cbcc0
[    5.271819] FS:  00007f123afc2600(0000) GS:ffff89677bd00000(0000) knlGS:0000000000000000
[    5.273503] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    5.274734] CR2: 0000000000000058 CR3: 00000001024c6006 CR4: 0000000000770ee0
[    5.276226] PKRU: 55555554
[    5.276818] note: mount.zfs[401] exited with irqs disabled

Describe how to reproduce the problem

This is a VM on the cloud with 2.4.0 failing to mount root fs. Hence cant debug it further. Maybe it needs more RAM?

Any ideas?

best,
evrim.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type: DefectIncorrect behavior (e.g. crash, hang)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions