In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesnt check if we have a value here before dereferencing it, causing an oops.
Im able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap.