Performing verification for jammy
I started a i3.8xlarge instance on AWS, and installed 5.15.0-144-generic from
-updates.
$ uname -rv
5.15.0-144-generic #157-Ubuntu SMP Mon Jun 16 07:33:10 UTC 2025
I ran through the reproducer:
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
xvda 202:0 0 8G 0 disk
├─xvda1 202:1 0 7.9G 0 part /
├─xvda14 202:14 0 4M 0 part
└─xvda15 202:15 0 106M 0 part /boot/efi
nvme0n1 259:0 0 1.7T 0 disk
nvme2n1 259:1 0 1.7T 0 disk
nvme1n1 259:2 0 1.7T 0 disk
nvme3n1 259:3 0 1.7T 0 disk
$ sudo mdadm --create --verbose /dev/md0 --level=10 --raid-devices=4
/dev/nvme0n1 /dev/nvme1n1 /dev/nvme2n1 /dev/nvme3n1
mdadm: layout defaults to n2
mdadm: layout defaults to n2
mdadm: chunk size defaults to 512K
mdadm: size set to 1855336448K
mdadm: automatically enabling write-intent bitmap on large array
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
$ sudo mkfs.xfs -K /dev/md0
log stripe unit (524288 bytes) is too large (maximum is 256KiB)
log stripe unit adjusted to 32KiB
meta-data=/dev/md0 isize=512 agcount=32, agsize=28989568 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=0 inobtcount=0
data = bsize=4096 blocks=927666176, imaxpct=5
= sunit=128 swidth=256 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=452968, version=2
= sectsz=512 sunit=8 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
$ sudo mkdir /mnt/disk
$ sudo mount /dev/md0 /mnt/disk
Ran the trim:
$ sudo fstrim /mnt/disk
Checked dmesg:
$ sudo dmesg
kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
kernel: #PF: supervisor instruction fetch in kernel mode
kernel: #PF: error_code(0x0010) - not-present page
kernel: PGD 0 P4D 0
kernel: Oops: 0010 [#1] SMP PTI
kernel: CPU: 2 PID: 1536 Comm: fstrim Not tainted 5.15.0-144-generic #157-Ubuntu
kernel: Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006
kernel: RIP: 0010:0x0
kernel: Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
kernel: RSP: 0018:ffffafdec35eb768 EFLAGS: 00010206
kernel: RAX: 0000000000000000 RBX: 0000000000092800 RCX: 0000000000000001
kernel: RDX: ffff8fd6dcb066f0 RSI: 0000000000000000 RDI: 0000000000092800
kernel: RBP: ffffafdec35eb7d8 R08: ffff8fd6fa3806c0 R09: ffff8fd6c106e650
kernel: R10: 0000000000000246 R11: ffff8fd6c0210390 R12: 0000000000092c00
kernel: R13: 0000000000000400 R14: ffff8fd6dcb06708 R15: ffff8fd6ca8ee600
kernel: FS: 00007fe63cb48800(0000) GS:ffff901249e80000(0000)
knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: ffffffffffffffd6 CR3: 0000000135a1e003 CR4: 00000000001706e0
kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
kernel: Call Trace:
kernel: <TASK>
kernel: mempool_alloc+0x64/0x1b0
kernel: ? __kmalloc+0x179/0x330
kernel: bio_alloc_bioset+0x9d/0x370
kernel: ? r10bio_pool_alloc+0x26/0x30 [raid10]
kernel: bio_clone_fast+0x1f/0x90
kernel: md_account_bio+0x42/0x80
kernel: raid10_handle_discard+0x56f/0x6b0 [raid10]
kernel: ? finish_wait+0x5b/0x80
kernel: ? wait_woken+0x70/0x70
kernel: raid10_make_request+0x147/0x180 [raid10]
kernel: md_handle_request+0x12d/0x1b0
kernel: ? submit_bio_checks+0x1a5/0x580
kernel: md_submit_bio+0x76/0xc0
kernel: __submit_bio+0x1a5/0x220
kernel: ? mempool_alloc_slab+0x17/0x20
kernel: __submit_bio_noacct+0x85/0x200
kernel: submit_bio_noacct+0x4e/0x120
kernel: ? bio_alloc_bioset+0x9d/0x370
kernel: submit_bio+0x4a/0x130
kernel: __blkdev_issue_discard+0x141/0x280
kernel: ? xfs_btree_lookup+0x22c/0x5c0 [xfs]
kernel: blkdev_issue_discard+0x65/0xd0
kernel: xfs_trim_extents+0x1cc/0x3b0 [xfs]
kernel: xfs_ioc_trim+0x19c/0x260 [xfs]
kernel: xfs_file_ioctl+0x7c3/0xb00 [xfs]
kernel: ? putname+0x59/0x70
kernel: ? kmem_cache_free+0x24f/0x290
kernel: ? putname+0x59/0x70
kernel: ? do_sys_openat2+0x8b/0x160
kernel: __x64_sys_ioctl+0x95/0xd0
kernel: x64_sys_call+0x1e5f/0x1fa0
kernel: do_syscall_64+0x56/0xb0
I can reproduce.
I then rebooted, and enabled Kernel Team PPA2 for security cycle
kernels:
https://launchpad.net/~canonical-kernel-
team/+archive/ubuntu/ppa2/+packages?field.name_filter=&field.status_filter=published&field.series_filter=jammy
I then installed 5.15.0-151-generic.
$ uname -rv
5.15.0-151-generic #161-Ubuntu SMP Tue Jul 22 14:25:40 UTC 2025
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 27.2M 1 loop /snap/amazon-ssm-agent/11320
loop1 7:1 0 63.8M 1 loop /snap/core20/2571
loop2 7:2 0 73.9M 1 loop /snap/core22/1963
loop3 7:3 0 89.4M 1 loop /snap/lxd/31333
loop4 7:4 0 50.9M 1 loop /snap/snapd/24671
xvda 202:0 0 8G 0 disk
├─xvda1 202:1 0 7.9G 0 part /
├─xvda14 202:14 0 4M 0 part
└─xvda15 202:15 0 106M 0 part /boot/efi
nvme0n1 259:0 0 1.7T 0 disk
nvme2n1 259:1 0 1.7T 0 disk
nvme3n1 259:2 0 1.7T 0 disk
nvme1n1 259:3 0 1.7T 0 disk
$ sudo mdadm --create --verbose /dev/md0 --level=10 --raid-devices=4
/dev/nvme0n1 /dev/nvme1n1 /dev/nvme2n1 /dev/nvme3n1
mdadm: layout defaults to n2
mdadm: layout defaults to n2
mdadm: chunk size defaults to 512K
mdadm: size set to 1855336448K
mdadm: automatically enabling write-intent bitmap on large array
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
$ sudo fstrim -v /mnt/disk
/mnt/disk: 3.5 TiB (3797863956480 bytes) trimmed
$ sudo dmesg
<clean>
The 5.15.0-151-generic kernel in -ppa2 fixes the issue. Happy to mark verified
for jammy.
** Tags added: verification-done-jammy-linux
** Tags added: sts
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2117395
Title:
raid10: block discard causes a NULL pointer dereference after
5.15.0-144-generic
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2117395/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
