Launchpad has imported 6 comments from the remote bug at https://bugzilla.kernel.org/show_bug.cgi?id=221374. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2026-04-16T17:09:50+00:00 colin.i.king wrote: Null ptr deference in: RIP: 0010:gfs2_trans_add_revoke+0x2b/0x50 [gfs2] How to reproduce: Using Ubuntu resolute with Linux 7.0 (Linux resolute-amd64-uefi 7.0.0-14-generic #14-Ubuntu SMP PREEMPT_DYNAMIC Mon Apr 13 11:09:53 UTC 2026 x86_64 GNU/Linux) Using an AMD64 QEMU VM, 8GB RAM, 24 CPUs on a 10GB virtual disk with 1 partition: sudo apt install gfs2-utils sudo mkfs.gfs2 /dev/vdb1 -p lock_nolock sudo mount /dev/vdb1 /mnt sudo mkdir /mnt/test sudo chmod 777 /mnt/test/ and then with the current version of stress-ng: git clone https://github.com/ColinIanKing/stress-ng cd stress-ng make clean make -j $(nproc) cd stress-ng ./stress-ng --temp-path /mnt/test --chattr 8 -t 30 in another console wait 30 seconds, type dmesg and you see the following kernel splat: [ 70.910532] gfs2: GFS2 installed [ 70.911169] gfs2: fsid=vdb1: Trying to join cluster "lock_nolock", "vdb1" [ 70.911172] gfs2: fsid=vdb1: Now mounting FS (format 1802)... [ 70.912437] gfs2: fsid=vdb1.0: journal 0 mapped with 1 extents in 0ms [ 70.912533] gfs2: fsid=vdb1.0: jid=0, already locked for use [ 70.912535] gfs2: fsid=vdb1.0: jid=0: Looking at journal... [ 70.925816] gfs2: fsid=vdb1.0: jid=0: Journal head lookup took 13ms [ 70.925839] gfs2: fsid=vdb1.0: jid=0: Done [ 70.925848] gfs2: fsid=vdb1.0: first mount done, others may mount [ 129.723242] BUG: kernel NULL pointer dereference, address: 0000000000000018 [ 129.723262] #PF: supervisor write access in kernel mode [ 129.723268] #PF: error_code(0x0002) - not-present page [ 129.723275] PGD 0 P4D 0 [ 129.723280] Oops: Oops: 0002 [#1] SMP NOPTI [ 129.723287] CPU: 6 UID: 1000 PID: 1996 Comm: stress-ng-chatt Not tainted 7.0.0-14-generic #14-Ubuntu PREEMPT(lazy) [ 129.723298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 2025.02-8+deb13u1 11/08/2025 [ 129.723307] RIP: 0010:gfs2_trans_add_revoke+0x2b/0x50 [gfs2] [ 129.723336] Code: 1f 44 00 00 48 8b 56 18 48 8d 46 18 48 39 c2 75 34 55 65 48 8b 05 6d 81 2e e0 48 89 e5 53 48 8b 98 70 0e 00 00 e8 c5 e6 fd ff <f0> 80 4b 18 02 83 43 30 01 48 8b 5d f8 c9 31 c0 31 d2 31 f6 31 ff [ 129.723352] RSP: 0018:ffffcd7c015e3800 EFLAGS: 00010246 [ 129.723358] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 129.723365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 129.723372] RBP: ffffcd7c015e3808 R08: 0000000000000000 R09: 0000000000000000 [ 129.723378] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 129.723385] R13: ffff8d5789156d00 R14: fffff5e7c496cc00 R15: 0000000000000000 [ 129.723392] FS: 00007f7f188bab00(0000) GS:ffff8d585af00000(0000) knlGS:0000000000000000 [ 129.723399] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.723405] CR2: 0000000000000018 CR3: 0000000107b58001 CR4: 0000000000772ef0 [ 129.723414] PKRU: 55555554 [ 129.723418] Call Trace: [ 129.723422] <TASK> [ 129.723428] gfs2_remove_from_journal+0x6b/0x210 [gfs2] [ 129.723448] ? _raw_spin_unlock+0xe/0x40 [ 129.723473] gfs2_invalidate_folio+0x103/0x240 [gfs2] [ 129.723491] truncate_cleanup_folio+0xb3/0xe0 [ 129.723498] truncate_inode_pages_range+0x13c/0x560 [ 129.723506] truncate_inode_pages+0x15/0x30 [ 129.723511] do_gfs2_set_flags+0x13d/0x240 [gfs2] [ 129.723529] ? gfs2_holder_uninit+0x1f/0x40 [gfs2] [ 129.723546] ? gfs2_fileattr_set+0xb4/0x200 [gfs2] [ 129.723564] gfs2_fileattr_set+0xb4/0x200 [gfs2] [ 129.723581] ? fileattr_set_prepare+0x47/0x170 [ 129.723587] ? vfs_fileattr_get+0x4b/0x70 [ 129.723593] vfs_fileattr_set+0x101/0x1e0 [ 129.723599] ioctl_setflags+0xa6/0xc0 [ 129.723603] do_vfs_ioctl+0x21a/0x860 [ 129.723609] ? hook_file_ioctl+0x10/0x20 [ 129.723615] __x64_sys_ioctl+0x81/0x100 [ 129.723621] x64_sys_call+0x103b/0x2390 [ 129.723627] do_syscall_64+0x115/0x5a0 [ 129.723634] ? ksys_write+0x71/0xf0 [ 129.723640] ? arch_exit_to_user_mode_prepare.isra.0+0xc5/0xe0 [ 129.723647] ? do_syscall_64+0x150/0x5a0 [ 129.723653] ? __x64_sys_ioctl+0x81/0x100 [ 129.723658] ? arch_exit_to_user_mode_prepare.isra.0+0xd/0xe0 [ 129.723664] ? do_syscall_64+0x150/0x5a0 [ 129.723826] ? do_syscall_64+0x150/0x5a0 [ 129.723984] ? arch_exit_to_user_mode_prepare.isra.0+0xc5/0xe0 [ 129.724134] ? do_syscall_64+0x150/0x5a0 [ 129.724280] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 129.724424] RIP: 0033:0x7f7f18332cbd [ 129.724567] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 [ 129.724880] RSP: 002b:00007fff9a20be10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 129.725038] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7f18332cbd [ 129.725193] RDX: 00007fff9a20bea8 RSI: 0000000040086602 RDI: 0000000000000004 [ 129.725346] RBP: 00007fff9a20be60 R08: 0000000000000000 R09: 0000000000000000 [ 129.725492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff9a20c020 [ 129.725642] R13: 0000000000000004 R14: 00000000208bc0ff R15: 00007f7f1844e3c8 [ 129.725800] </TASK> Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148595/comments/1 ------------------------------------------------------------------------ On 2026-04-16T21:58:19+00:00 colin.i.king wrote: Also reported at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148595 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148595/comments/4 ------------------------------------------------------------------------ On 2026-04-16T21:59:43+00:00 colin.i.king wrote: This is not a regression for 7.0, it also occurs with the ubuntu questing 6.17.0-9-generic kernel too Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148595/comments/5 ------------------------------------------------------------------------ On 2026-04-17T11:12:26+00:00 andyp wrote: It looks like the null pointer deref was fixed in commit f4e4c4e6acdc20a9065064dd164db52e2e0d44ad "gfs2: fix address space truncation during withdraw" which was merged in the current merge window, but I'm still getting a hang with this test so that will need looking at. Thanks. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148595/comments/6 ------------------------------------------------------------------------ On 2026-04-17T12:56:40+00:00 andyp wrote: Created attachment 309884 Hang logs Attaching the logs from testing the master branch at 43cfbdda5af60ffc6272a7b8c5c37d1d0a181ca9 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148595/comments/7 ------------------------------------------------------------------------ On 2026-04-17T13:26:00+00:00 agruenba wrote: This is with chattr +j files (data journaling). We are looking at a number of data journaling related bugs at the moment. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148595/comments/8 ** Changed in: linux Status: Unknown => In Progress ** Changed in: linux Importance: Unknown => Medium -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2148595 Title: resolute-amd64-uefi 7.0.0-14-generic gfs2 oopses Status in Linux: In Progress Status in linux package in Ubuntu: Confirmed Status in linux source package in Resolute: Confirmed Bug description: How to reproduce: Using an AMD64 QEMU VM, 8GB RAM, 24 CPUs on a 10GB virtual disk with 1 partition: sudo apt install gfs2-utils sudo mkfs.gfs2 /dev/vdb1 -p lock_nolock sudo mount /dev/vdb1 /mnt sudo mkdir /mnt/test sudo chmod 777 /mnt/test/ and then with the current version of stress-ng: git clone https://github.com/ColinIanKing/stress-ng cd stress-ng make clean make -j $(nproc) ./stress-ng --temp-path /mnt/test --chattr 8 -t 30 in another console wait 30 seconds, type dmesg and you see the following kernel splat: [ 70.910532] gfs2: GFS2 installed [ 70.911169] gfs2: fsid=vdb1: Trying to join cluster "lock_nolock", "vdb1" [ 70.911172] gfs2: fsid=vdb1: Now mounting FS (format 1802)... [ 70.912437] gfs2: fsid=vdb1.0: journal 0 mapped with 1 extents in 0ms [ 70.912533] gfs2: fsid=vdb1.0: jid=0, already locked for use [ 70.912535] gfs2: fsid=vdb1.0: jid=0: Looking at journal... [ 70.925816] gfs2: fsid=vdb1.0: jid=0: Journal head lookup took 13ms [ 70.925839] gfs2: fsid=vdb1.0: jid=0: Done [ 70.925848] gfs2: fsid=vdb1.0: first mount done, others may mount [ 129.723242] BUG: kernel NULL pointer dereference, address: 0000000000000018 [ 129.723262] #PF: supervisor write access in kernel mode [ 129.723268] #PF: error_code(0x0002) - not-present page [ 129.723275] PGD 0 P4D 0 [ 129.723280] Oops: Oops: 0002 [#1] SMP NOPTI [ 129.723287] CPU: 6 UID: 1000 PID: 1996 Comm: stress-ng-chatt Not tainted 7.0.0-14-generic #14-Ubuntu PREEMPT(lazy) [ 129.723298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 2025.02-8+deb13u1 11/08/2025 [ 129.723307] RIP: 0010:gfs2_trans_add_revoke+0x2b/0x50 [gfs2] [ 129.723336] Code: 1f 44 00 00 48 8b 56 18 48 8d 46 18 48 39 c2 75 34 55 65 48 8b 05 6d 81 2e e0 48 89 e5 53 48 8b 98 70 0e 00 00 e8 c5 e6 fd ff <f0> 80 4b 18 02 83 43 30 01 48 8b 5d f8 c9 31 c0 31 d2 31 f6 31 ff [ 129.723352] RSP: 0018:ffffcd7c015e3800 EFLAGS: 00010246 [ 129.723358] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 129.723365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 129.723372] RBP: ffffcd7c015e3808 R08: 0000000000000000 R09: 0000000000000000 [ 129.723378] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 129.723385] R13: ffff8d5789156d00 R14: fffff5e7c496cc00 R15: 0000000000000000 [ 129.723392] FS: 00007f7f188bab00(0000) GS:ffff8d585af00000(0000) knlGS:0000000000000000 [ 129.723399] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.723405] CR2: 0000000000000018 CR3: 0000000107b58001 CR4: 0000000000772ef0 [ 129.723414] PKRU: 55555554 [ 129.723418] Call Trace: [ 129.723422] <TASK> [ 129.723428] gfs2_remove_from_journal+0x6b/0x210 [gfs2] [ 129.723448] ? _raw_spin_unlock+0xe/0x40 [ 129.723473] gfs2_invalidate_folio+0x103/0x240 [gfs2] [ 129.723491] truncate_cleanup_folio+0xb3/0xe0 [ 129.723498] truncate_inode_pages_range+0x13c/0x560 [ 129.723506] truncate_inode_pages+0x15/0x30 [ 129.723511] do_gfs2_set_flags+0x13d/0x240 [gfs2] [ 129.723529] ? gfs2_holder_uninit+0x1f/0x40 [gfs2] [ 129.723546] ? gfs2_fileattr_set+0xb4/0x200 [gfs2] [ 129.723564] gfs2_fileattr_set+0xb4/0x200 [gfs2] [ 129.723581] ? fileattr_set_prepare+0x47/0x170 [ 129.723587] ? vfs_fileattr_get+0x4b/0x70 [ 129.723593] vfs_fileattr_set+0x101/0x1e0 [ 129.723599] ioctl_setflags+0xa6/0xc0 [ 129.723603] do_vfs_ioctl+0x21a/0x860 [ 129.723609] ? hook_file_ioctl+0x10/0x20 [ 129.723615] __x64_sys_ioctl+0x81/0x100 [ 129.723621] x64_sys_call+0x103b/0x2390 [ 129.723627] do_syscall_64+0x115/0x5a0 [ 129.723634] ? ksys_write+0x71/0xf0 [ 129.723640] ? arch_exit_to_user_mode_prepare.isra.0+0xc5/0xe0 [ 129.723647] ? do_syscall_64+0x150/0x5a0 [ 129.723653] ? __x64_sys_ioctl+0x81/0x100 [ 129.723658] ? arch_exit_to_user_mode_prepare.isra.0+0xd/0xe0 [ 129.723664] ? do_syscall_64+0x150/0x5a0 [ 129.723826] ? do_syscall_64+0x150/0x5a0 [ 129.723984] ? arch_exit_to_user_mode_prepare.isra.0+0xc5/0xe0 [ 129.724134] ? do_syscall_64+0x150/0x5a0 [ 129.724280] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 129.724424] RIP: 0033:0x7f7f18332cbd [ 129.724567] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 [ 129.724880] RSP: 002b:00007fff9a20be10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 129.725038] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7f18332cbd [ 129.725193] RDX: 00007fff9a20bea8 RSI: 0000000040086602 RDI: 0000000000000004 [ 129.725346] RBP: 00007fff9a20be60 R08: 0000000000000000 R09: 0000000000000000 [ 129.725492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff9a20c020 [ 129.725642] R13: 0000000000000004 R14: 00000000208bc0ff R15: 00007f7f1844e3c8 [ 129.725800] </TASK> To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/2148595/+subscriptions
Комментариев нет:
Отправить комментарий