Re: [next-20260216]NULL pointer dereference in drain_obj_stock() (RCU free path)

Next message: Joel Fernandes: "[PATCH v7 09/23] nova-core: mm: Add unified page table entry wrapper enums"
Previous message: Joel Fernandes: "[PATCH v7 16/23] nova-core: mm: Add BAR1 user interface"
In reply to: Vlastimil Babka: "Re: [next-20260216]NULL pointer dereference in drain_obj_stock() (RCU free path)"
Next in thread: Venkat Rao Bagalkote: "Re: [next-20260216]NULL pointer dereference in drain_obj_stock() (RCU free path)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Shakeel Butt

Date: Wed Feb 18 2026 - 16:26:17 EST

On Wed, Feb 18, 2026 at 12:36:06PM +0100, Vlastimil Babka wrote:
> On 2/17/26 13:40, Carlos Maiolino wrote:
> > On Tue, Feb 17, 2026 at 04:59:12PM +0530, Venkat Rao Bagalkote wrote:
> >> Greetings!!!
> >>
> >> I am observing below OOPs, while running xfstests generic/428 test case. But
> >> I am not able to reproduce this consistently.
> >>
> >>
> >> Platform: IBM Power11 (pSeries LPAR), Radix MMU, LE, 64K pages
> >> Kernel: 6.19.0-next-20260216
> >> Tests: generic/428
> >>
> >> local.config >>>
> >> [xfs_4k]
> >> export RECREATE_TEST_DEV=true
> >> export TEST_DEV=/dev/loop0
> >> export TEST_DIR=/mnt/test
> >> export SCRATCH_DEV=/dev/loop1
> >> export SCRATCH_MNT=/mnt/scratch
> >> export MKFS_OPTIONS="-b size=4096"
> >> export FSTYP=xfs
> >> export MOUNT_OPTIONS=""-
> >>
> >>
> >>
> >> Attached is .config file used.
> >>
> >>
> >> Traces:
> >>
> >
> > /me fixing trace's indentation
>
> CCing memcg and slab folks.
> Would be nice to figure out where in drain_obj_stock things got wrong. Any
> change for e.g. ./scripts/faddr2line ?
>
> I wonder if we have either some bogus objext pointer, or maybe the
> rcu_free_sheaf() context is new (or previously rare) for memcg and we have
> some locking issues being exposed in refill/drain.
>

Yes output of ./scripts/faddr2line would be really helpful. I can't think of
anything that might go wrong in refill/drain.