BugZero | Veeam BugID kb4404 - Veeam Agent for Linux crash with null pointer dere...

Veeam - Defect ID: kb4404

Veeam Agent for Linux crash with null pointer dereference on 5.9+ kernels

Veeam - Defect ID: kb4404

Veeam Agent for Linux crash with null pointer dereference on 5.9+ kernels

Last updated on February 10th, 2023

BugZero Risk Score
9.8 High

Overall: 9.8

Severity: 10.0

Community: 8.9

What is the BugZero Risk Score?

Veeam Integration

Learn more about where this data comes from

Veeam Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Issue
Status: Solved

Description

Challenge

Symptom Shortly after Veeam Agent for Linux creates a veeamsnap snapshot, the system hangs or crashes with a null pointer dereference: Example of dmesg: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000000003a47067 P4D 8000000003a47067 PUD 3a48067 PMD 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 396645 Comm: VeeamService se Kdump: loaded Tainted: G OE 5.10.0-17-amd64 #1 Debian 5.10.136-1 Associated Environment Specifications This issue occurs when all 3 of the following are true: Linux kernel 5.9 or higher is in use. Veeam Agent for Linux version 5.0.2.4567 is installed and uses the veeamsnap kernel module. /proc/kallsyms shows all symbol addresses as zeroes: $ sudo tail /proc/kallsyms 0000000000000000 t fuse_open_common [fuse] 0000000000000000 t fuse_flush_writepages [fuse] 0000000000000000 t fuse_fill_super_common [fuse] 0000000000000000 t fuse_simple_background [fuse] 0000000000000000 t fuse_getxattr [fuse] 0000000000000000 r fuse_dentry_operations [fuse] 0000000000000000 t fuse_free_conn [fuse] 0000000000000000 t fuse_write_update_size [fuse] 0000000000000000 t fuse_sync_release [fuse] 0000000000000000 t fuse_direct_io [fuse]

Cause

On kernels newer than 5.9, Veeam Agent for Linux 5.0.2.4567 has to retrieve symbols usually exposed through /proc/kallsyms. However, several configuration options may restrict this file, causing zero values to be returned instead of valid addresses. A null pointer dereference occurs when Veeam Agent for Linux attempts to use those zero addresses.

Solution

To resolve this, ensure that /proc/kallsyms returns non-zero addresses. One of the most common ways those values become restricted is through the use of the following sysctl parameters: kernel.perf_event_paranoid kernel.kptr_restrict

More Information

Description of kernel sysctl parameters, including kptr_restrict and perf_event_paranoid sysctl(8)

Change history

2023-02-10 Added: 5.0

Relevant Products

Click on a version to see all relevant bugs

Affected versions:5.0

Fixed versions: No known fixed versions

Relevant Products

Click on a version to see all relevant bugs

Affected versions:5.0

Fixed versions: No known fixed versions

Top Veeam Defects

9.9Defect ID: kb4470
Increase in API Calls when Performing Direct Backups to Immutable Object Storage
9.8Defect ID: kb4804
How-to Restore Lost Access to Cache Database After Using Custom SSL Certificate
9.8Defect ID: kb2744
Volume groups created by proxy got stuck in UI
9.7Defect ID: kb4754
Files with Microsoft Purview Sensitivity Labels Are Not Accessible After Being Restored
9.7Defect ID: kb4796
The HTTP request was forbidden with client authentication scheme

Ready to prevent the next vendor outage?

Get a demo

Veeam - Defect ID: kb4404

Veeam Agent for Linux crash with null pointer dereference on 5.9+ kernels

Veeam - Defect ID: kb4404

Veeam Agent for Linux crash with null pointer dereference on 5.9+ kernels

Last updated on February 10th, 2023

BugZero Risk Score9.8 High

Bug Details

Challenge

Cause

Solution

More Information

Top Veeam Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
9.8 High