Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp606660pxb;
        Wed, 11 Nov 2020 11:28:47 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxCVhvkUU7E2J1Fd/sAvTtNl63Cf4jlyB2RuxtC30ELifKDFTpUgE+pdT0SHwyIxVelHWAR
X-Received: by 2002:a17:906:903:: with SMTP id i3mr11093839ejd.218.1605122926941;
        Wed, 11 Nov 2020 11:28:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1605122926; cv=none;
        d=google.com; s=arc-20160816;
        b=yoyynaPDwyOISRbofu8+X9bFtXAx4q6Nv2S1LWlq0ry/Sl9zI+E5J7NzeFObVP0Bzh
         WtWtybW0jTMya9Wyd0VfxV59WYI7MWZmjPCn5mciACfexFjwFY13peK+EiSdn+6N7c/d
         Wx3BNRz+3ksbGxb87d02C715kU4K/eXlYP+xVMyZBGb8X7jmjk7sqeT+Bgq79HW/Ub4W
         /bwD0eDNu53MX7P09KEzwgZHPHn/5zwA4EZYlunGolIchEQhk6YfXh6rcbmzewKVcu/i
         f1Vtsgi5mRYKvJXIvBxsPDct7OEEDIhdt8HHjYqGAuQrz+r7yA0z3U7yvhv92geRd6Xf
         OJgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=bMLjI/601C9OPQNA+LqIrQMDDAlDxJCIUFBAsIL0uwg=;
        b=orQ/6PDOomvG+A3mrE6CI58JSxBoP9XBBUxgOJVYt4KQsOyC8jse8Fz9b9OcP/H/hD
         o5I05srFsAlhUvGJY0RZqd4xFdK8itw7Fl/pMbSdGqSwI9uSCijlSlSz5GcUNSblOSPa
         +vMkjOhCjS0ZcbEYMMnFtO7Wpbudm+DoI5lb4ZMra1iZzi61jC93qqL/vr28HhLwrArb
         xnDWQjiAE1mcpi3rrq1GI9lFkYr3hRXOrLG3HRDdvDHftMyh61YrjdUpvGg9J3op4LF7
         vyDgaKOz/U2awYcIJKWfkgqdFShvaq0u9FdvdGN2ZttnvYzr8mrHdPOkK8WAu1QK3pV8
         ZdFA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=h4IYp7gb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id hr13si2079334ejc.429.2020.11.11.11.28.23;
        Wed, 11 Nov 2020 11:28:46 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=h4IYp7gb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727622AbgKKT1A (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Wed, 11 Nov 2020 14:27:00 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52448 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725955AbgKKT1A (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Nov 2020 14:27:00 -0500
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F068FC0613D1;
        Wed, 11 Nov 2020 11:26:59 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id l5so3490387edq.11;
        Wed, 11 Nov 2020 11:26:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=bMLjI/601C9OPQNA+LqIrQMDDAlDxJCIUFBAsIL0uwg=;
        b=h4IYp7gble1Q0vh1fdFK2sJupdlvWR5d0OIhAe6P5UgZJy1fZvGi94CO54o5vE13t/
         r77GkOUsUtPP7qmQU+ZVPii+N188Lr97JOAz2L06eFxv5YO3bkrlZH0zZwhVKtbaDoly
         GDpwZ72xniQ9c4hqmscXHQ3XMD1sA2rE0KqrGNEIMhMA8WS9pTHabamdU/43SqZ4gS0W
         vcZzR8O6+5nR5DCuN6PMtYFjdI+IRul12llL3HYSlxq9j6n1/W25a5jrKDWQW2s4F/Yb
         8Uj2ANCjF9fFpjwS0T2gF5O4bDXVxbXUSHTzQugsr1zhdqb+NGdU5UBXfWqkSLpxcQ89
         nz2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=bMLjI/601C9OPQNA+LqIrQMDDAlDxJCIUFBAsIL0uwg=;
        b=qohmdC+AK71qKnbKyeXCs3v/8ALedXSwki6BGKPl9ny6W+MaWqOrXjccN517OtmB+v
         YOVpOqQfW0fF/NyZFo/YKEc0JuA5DWrNXlO528t50npU0lKGUXK8qxU8jT0P1t/qRvnA
         9fw0dE4HCXdCcXOZ0sEojL1j0ArSXt1aSHQhZEjtylkHOJnelF1DqIRsc7mpAjq3aQvq
         JxoQhXjY7XP7u6kINdN3jaNOn7edEDFkP1qqBQTXqLagIZNkap5s0Tex9hDMHjINjjRM
         mSVVaCbpIM0btKos8YgIRqmWsr9OWXbi+MQxFaUGbKmAQ8vcUjt71GB2nS2F8fsKMLsd
         PqOA==
X-Gm-Message-State: AOAM532gleKHk1cc4hEJ1Yici7aoOldXdEHtnTX2t3nXy7Rk8W1a2OLc
        noaVnc6+/0B2h4brJGSSTt//yvEcr9eaa8GawLGt6tVJ2f8=
X-Received: by 2002:a50:eb0a:: with SMTP id y10mr1199265edp.342.1605122818353;
 Wed, 11 Nov 2020 11:26:58 -0800 (PST)
MIME-Version: 1.0
References: <000000000000fe575905b3cff92c@google.com> <bf31020f4e50b303fd0dd3dfda0e50de79ed25db.camel@redhat.com>
 <CAAeHK+yLgDYOS35sWT8=4_d-gZKU_B10D9ZEBPZDC1P6MO2D6Q@mail.gmail.com>
In-Reply-To: <CAAeHK+yLgDYOS35sWT8=4_d-gZKU_B10D9ZEBPZDC1P6MO2D6Q@mail.gmail.com>
From:   Lorenzo Stoakes <lstoakes@gmail.com>
Date:   Wed, 11 Nov 2020 19:26:47 +0000
Message-ID: <CAA5enKY8mBicpc7kZKKLG5LeVFhVJtRQ73MYVFM0Az2bbiGv8g@mail.gmail.com>
Subject: Re: linux-next boot error: BUG: unable to handle kernel NULL pointer
 dereference in mempool_init_node
To:     Andrey Konovalov <andreyknvl@google.com>
Cc:     Qian Cai <cai@redhat.com>,
        syzbot <syzbot+2d6f3dad1a42d86a5801@syzkaller.appspotmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Linux Memory Management List <linux-mm@kvack.org>,
        Linux-Next Mailing List <linux-next@vger.kernel.org>,
        Stephen Rothwell <sfr@canb.auug.org.au>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Alexander Potapenko <glider@google.com>,
        Marco Elver <elver@google.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 11 Nov 2020 at 17:44, Andrey Konovalov <andreyknvl@google.com> wrote:
> I'll try to reproduce this and figure out the issue. Thanks for letting us know!

I hope you don't mind me diving in here, I was taking a look just now
and managed to reproduce this locally - I bisected the issue to
105397399 ("kasan: simplify kasan_poison_kfree").

If I stick a simple check in as below it fixes the issue, so I'm
guessing something is violating the assumptions in 105397399?


diff --git a/mm/kasan/common.c b/mm/kasan/common.c
index 7a94cebc0324..16163159a017 100644
--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -387,6 +387,11 @@ void __kasan_slab_free_mempool(void *ptr, unsigned long ip)
        struct page *page;

        page = virt_to_head_page(ptr);
+
+       if (!PageSlab(page)) {
+               return;
+       }
+
        ____kasan_slab_free(page->slab_cache, ptr, ip, false);
 }


--
Lorenzo Stoakes
https://ljs.io