Operational Defect Database
BugZero found this defect 483 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4404
Veeam Agent for Linux crash with null pointer dereference on 5.9+ kernels
Last update date:
2/10/2023
Affected products:
Veeam Agent for Linux
Affected releases:
5.0
Fixed releases:
No fixed releases provided.
Description:
Challenge
Symptom Shortly after Veeam Agent for Linux creates a veeamsnap snapshot, the system hangs or crashes with a null pointer dereference: Example of dmesg: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000000003a47067 P4D 8000000003a47067 PUD 3a48067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 396645 Comm: VeeamService se Kdump: loaded Tainted: G OE 5.10.0-17-amd64 #1 Debian 5.10.136-1 Associated Environment Specifications This issue occurs when all 3 of the following are true: Linux kernel 5.9 or higher is in use. Veeam Agent for Linux version 5.0.2.4567 is installed and uses the veeamsnap kernel module. /proc/kallsyms shows all symbol addresses as zeroes: $ sudo tail /proc/kallsyms 0000000000000000 t fuse_open_common [fuse] 0000000000000000 t fuse_flush_writepages [fuse] 0000000000000000 t fuse_fill_super_common [fuse] 0000000000000000 t fuse_simple_background [fuse] 0000000000000000 t fuse_getxattr [fuse] 0000000000000000 r fuse_dentry_operations [fuse] 0000000000000000 t fuse_free_conn [fuse] 0000000000000000 t fuse_write_update_size [fuse] 0000000000000000 t fuse_sync_release [fuse] 0000000000000000 t fuse_direct_io [fuse]
Cause
On kernels newer than 5.9, Veeam Agent for Linux 5.0.2.4567 has to retrieve symbols usually exposed through /proc/kallsyms. However, several configuration options may restrict this file, causing zero values to be returned instead of valid addresses. A null pointer dereference occurs when Veeam Agent for Linux attempts to use those zero addresses.
Solution
To resolve this, ensure that /proc/kallsyms returns non-zero addresses. One of the most common ways those values become restricted is through the use of the following sysctl parameters: kernel.perf_event_paranoid kernel.kptr_restrict
More Information
Description of kernel sysctl parameters, including kptr_restrict and perf_event_paranoid sysctl(8)
