I think this may be a race condition, in which case duplicating this issue and testing a fix may be problematic.
I've created a potential fix and tested this against our internal regression tests, so it may be worth tying this to see if the issue occurs with the fix. To try this out do the following: sudo add-apt-repository ppa:colin-king/zfs-src-1900889 sudo apt-get update sudo apt-get upgrade sudo apt-get install zfs-dkms This will pull in the fixed version including the kernel ZFS driver - the DKMS ZFS driver may take several minutes to build. Once done, a reboot is required. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to zfs-linux in Ubuntu. https://bugs.launchpad.net/bugs/1900889 Title: BUG: kernel NULL pointer dereference, address: 0000000000000000 Status in zfs-linux package in Ubuntu: New Bug description: While zfs send'ing from Bionic to Focal, my send/recv hung midway and I found this in the receiver's dmesg: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 94310 Comm: receive_writer Tainted: P O 5.4.0-52-generic #57-Ubuntu Hardware name: System manufacturer System Product Name/C60M1-I, BIOS 0502 05/22/2014 RIP: 0010:abd_verify+0xa/0x40 [zfs] Code: ff 85 c0 74 12 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 5b 5d c3 e8 04 ff ff ff eb e7 c3 90 55 48 89 e5 41 54 53 48 89 fb <8b> 3f e8 0f ff ff ff 85 c0 75 22 44 8b 63 1c 48 8b 7b 20 4d 85 e4 RSP: 0018:ffffb797c555baa8 EFLAGS: 00010286 RAX: 0000000000004000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000004000 RSI: 0000000000004000 RDI: 0000000000000000 RBP: ffffb797c555bab8 R08: 0000000000000253 R09: 0000000000000000 R10: ffff953b56a17848 R11: 0000000000000000 R12: 0000000000004000 R13: ffff953ad201d280 R14: 0000000000004000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff953b56a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000151ab4000 CR4: 00000000000006f0 Call Trace: abd_borrow_buf+0x19/0x60 [zfs] abd_borrow_buf_copy+0x1a/0x50 [zfs] zio_crypt_copy_dnode_bonus+0x30/0x130 [zfs] arc_buf_untransform_in_place.isra.0+0x2b/0x40 [zfs] arc_buf_fill+0x1f0/0x4a0 [zfs] arc_untransform+0x22/0x90 [zfs] dbuf_read_verify_dnode_crypt+0xed/0x160 [zfs] ? atomic_cmpxchg+0x16/0x30 [zfs] dbuf_read_impl+0x3ea/0x610 [zfs] dbuf_read+0xcb/0x5f0 [zfs] ? arc_space_consume+0x54/0xe0 [zfs] ? do_raw_spin_unlock+0x9/0x10 [zfs] ? __raw_spin_unlock+0x9/0x10 [zfs] dmu_bonus_hold_by_dnode+0x92/0x190 [zfs] receive_object+0x442/0xae0 [zfs] ? __list_del_entry.isra.0+0x22/0x30 [zfs] ? atomic_dec+0xd/0x20 [spl] receive_process_record+0x170/0x1c0 [zfs] receive_writer_thread+0x9a/0x150 [zfs] ? receive_process_record+0x1c0/0x1c0 [zfs] thread_generic_wrapper+0x83/0xa0 [spl] kthread+0x104/0x140 ? clear_bit+0x20/0x20 [spl] ? kthread_park+0x90/0x90 ret_from_fork+0x22/0x40 Modules linked in: ip6table_filter ip6_tables xt_conntrack iptable_filter bpfilter zfs(PO) zunicode(PO) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) nls_iso8859_1 zlua(PO) eeepc_wmi asus_wmi sparse_keymap wmi_bmof video ccp radeon kvm r8169 realtek k10temp ttm i2c_piix4 drm_kms_helper i2c_algo_bit fb_sys_fops syscopyarea sysfillrect sysimgblt wmi sch_fq_codel nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 veth bridge 8021q garp mrp stp llc xt_tcpudp xt_owner xt_LOG nf_log_ipv6 nf_log_ipv4 nf_log_common drm ip_tables x_tables autofs4 btrfs libcrc32c xor zstd_compress raid6_pq hid_generic usbhid hid ahci libahci mac_hid CR2: 0000000000000000 ---[ end trace 374aa76997d6bc9b ]--- RIP: 0010:abd_verify+0xa/0x40 [zfs] Code: ff 85 c0 74 12 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 5b 5d c3 e8 04 ff ff ff eb e7 c3 90 55 48 89 e5 41 54 53 48 89 fb <8b> 3f e8 0f ff ff ff 85 c0 75 22 44 8b 63 1c 48 8b 7b 20 4d 85 e4 RSP: 0018:ffffb797c555baa8 EFLAGS: 00010286 RAX: 0000000000004000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000004000 RSI: 0000000000004000 RDI: 0000000000000000 RBP: ffffb797c555bab8 R08: 0000000000000253 R09: 0000000000000000 R10: ffff953b56a17848 R11: 0000000000000000 R12: 0000000000004000 R13: ffff953ad201d280 R14: 0000000000004000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff953b56a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000151ab4000 CR4: 00000000000006f0 The receiving side uses ZFS native encryption and had the key manually loaded before sending/receiving. The sending side is unencrypted. The recv hung after 611MiB out of the 990.4 MB delta. Additional information: sending side is a laptop running Bionic: $ uname -a Linux simon-lemur 5.4.0-52-generic #57~18.04.1-Ubuntu SMP Thu Oct 15 14:04:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ dpkg -l| grep zfs ii libzfs2linux 0.7.5-1ubuntu16.10 amd64 OpenZFS filesystem library for Linux ii zfsutils-linux 0.7.5-1ubuntu16.10 amd64 command-line tools to manage OpenZFS filesystems receiving side is a small server running Focal: $ uname -a Linux ocelot 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ dpkg -l| grep zfs ii libzfs2linux 0.8.3-1ubuntu12.4 amd64 OpenZFS filesystem library for Linux ii zfs-zed 0.8.3-1ubuntu12.4 amd64 OpenZFS Event Daemon ii zfsutils-linux 0.8.3-1ubuntu12.4 amd64 command-line tools to manage OpenZFS filesystems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1900889/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
