In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Fix a NULL pointer dereference in pnfsmarkmatchinglsegsreturn()
Commit de144ff4234f changes pnfsreturnlayout() to call pnfsmarkmatchinglsegsreturn() passing NULL as the struct pnfslayoutrange argument. Unfortunately, pnfsmarkmatchinglsegs_return() doesn't check if we have a value here before dereferencing it, causing an oops.
I'm able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap.