Operational Defect Database

BugZero found this defect 483 days ago.

Veeam | kb4404

Veeam Agent for Linux crash with null pointer dereference on 5.9+ kernels

Last update date:


Affected products:

Veeam Agent for Linux

Affected releases:


Fixed releases:

No fixed releases provided.



Symptom Shortly after Veeam Agent for Linux creates a veeamsnap snapshot, the system hangs or crashes with a null pointer dereference: Example of dmesg: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000000003a47067 P4D 8000000003a47067 PUD 3a48067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 396645 Comm: VeeamService se Kdump: loaded Tainted: G           OE     5.10.0-17-amd64 #1 Debian 5.10.136-1   Associated Environment Specifications This issue occurs when all 3 of the following are true: Linux kernel 5.9 or higher is in use. Veeam Agent for Linux version is installed and uses the veeamsnap kernel module. /proc/kallsyms shows all symbol addresses as zeroes: $ sudo tail /proc/kallsyms 0000000000000000 t fuse_open_common [fuse] 0000000000000000 t fuse_flush_writepages [fuse] 0000000000000000 t fuse_fill_super_common [fuse] 0000000000000000 t fuse_simple_background [fuse] 0000000000000000 t fuse_getxattr [fuse] 0000000000000000 r fuse_dentry_operations [fuse] 0000000000000000 t fuse_free_conn [fuse] 0000000000000000 t fuse_write_update_size [fuse] 0000000000000000 t fuse_sync_release [fuse] 0000000000000000 t fuse_direct_io [fuse]


On kernels newer than 5.9, Veeam Agent for Linux has to retrieve symbols usually exposed through /proc/kallsyms. However, several configuration options may restrict this file, causing zero values to be returned instead of valid addresses. A null pointer dereference occurs when Veeam Agent for Linux attempts to use those zero addresses.


To resolve this, ensure that /proc/kallsyms returns non-zero addresses. One of the most common ways those values become restricted is through the use of the following sysctl parameters: kernel.perf_event_paranoid kernel.kptr_restrict

More Information

Description of kernel sysctl parameters, including kptr_restrict and perf_event_paranoid sysctl(8)

Additional Resources / Links


BugZero® Risk Score

What's this?

Coming soon



Learn More