Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp617828pxb; Wed, 11 Nov 2020 11:47:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJxdM4Iztapi8bRQHqU6Y7xbZBzRZxHUZpBcf5WokOqWzfpXHNoJx03fh1VOOe9ViRoUHqB0 X-Received: by 2002:a17:906:660b:: with SMTP id b11mr27643473ejp.190.1605124031409; Wed, 11 Nov 2020 11:47:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605124031; cv=none; d=google.com; s=arc-20160816; b=xLWrRudga9ZBk4FMz3Re5QPgTntZL+CmATSl9StJPupVw+iJmoxaG5Mh3mipdgtxaV 2OKY+OeyKegWY8SUZUe2hr7glt4KWQzMjT5JL2D3ETFWj0hlfwjO/+NQKsCZA/xitkEe paWw9AuTsAquKmOlcyIa/55ze/cq0Fuwz0iB7IKQipU9QsKx1zot83phTMsgXFZsN1eq OsjZi7+dMu/iyG7HcWL9+xNLZlDs5IDfelEr5B8YEDPit5sgNR93SigK0Y9Z18K+QFLq WT5vjHX+ExV5+ZoJM0AYtIkNUgcqm/iquK6qnN+ZhVOn4xiZKdZxtNc1yjJpDcu69Yxy C31A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=T6+8pW5jZmBDXZbPZRIztWDaBT2x4DmsxSLQ6azETAc=; b=Dip9muWJhsnuLIIri0NELWb/CQSjSmolhDGybxNBrrWKHyFMgwbAM8khk1c99pKCnP dFY0sRyUY87mauw1mcqYpoVy+wvvOw//cTdRjo7iq3LynA0Fb0ICJd7/ySAfgEQw0Bra z8UCo0pXCksAtM+nULa13VO+taah+hNmi7jMZW4ws3zpK6ag+MVR2f84wsp+IRsXeJOj gVemZ6AbtK8uP405LkoqzA/Ir42RGkCQkKroTkV2EVr7nibBTkvoYsFDjn0axScMssfd kg7aeAvdRinaZPbhSV/mCkqPCRnldH0MvWFzDErco8pjtOPoo3CRpqJVzz2O3X32Qzqd am3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=se9v8enf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u26si2319788edd.532.2020.11.11.11.46.47; Wed, 11 Nov 2020 11:47:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=se9v8enf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727851AbgKKToV (ORCPT + 99 others); Wed, 11 Nov 2020 14:44:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727660AbgKKToU (ORCPT ); Wed, 11 Nov 2020 14:44:20 -0500 Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A9791C0613D4 for ; Wed, 11 Nov 2020 11:44:20 -0800 (PST) Received: by mail-pl1-x634.google.com with SMTP id j5so1503672plk.7 for ; Wed, 11 Nov 2020 11:44:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=T6+8pW5jZmBDXZbPZRIztWDaBT2x4DmsxSLQ6azETAc=; b=se9v8enfPUYbJTt74HhR/SX2RmXprJ24MmSz0B6V6vVydIBGmJrjoTIm2zNBupmNFO GJflYMImUSVaWMip1XV6MIJvQk82VwB1y+EnGYIkN2n/kRU+haT6WrD9zXhdlSZ4p6Cp ULCa12b5tboh7sjLVMaGR+hf4Z3Bd3PFQ3QmddVufhjy0HTI8Q6Ixh0F9m9t1K9qRI7n osu4eF9sgLT3VBpn0FLT5rTt7wtOGFsgb0lzjQQLDH8Jv6bywYx1l9Ry35K0eRZZBDbp s9+EBy8mW+KuK+gots4IIw0zgZX+zl9EbkwM9xZYdF5PQ3se2xIfqNRAy04N9t5Kpfot +oVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=T6+8pW5jZmBDXZbPZRIztWDaBT2x4DmsxSLQ6azETAc=; b=IKP3frKG6E6Y0r08hXAIbUowQhAJSEitC4CpepVbbkGVm5yUku51FFG3jwQ0nR+Spv dMzMVtfxcfqazNHxzQuHj/MVv+5QhMuLnD4EG4BmsPeU6MhTLDUW+YIgyZgwuuC6Z3MC jVAQLX4haarwxdHZu2oKLxFn6K5rf+KmtUoVYABDFPeA9oY/fZOYvpwaCp//Jr5+XyeE IgcBtWo2LhPgnlKKi0zGekxptFA3IDC3rMQsC9giBN8hAlZCMYXzubiqN0WmxJQ/ehdt K5I0pNB0ojXO7SY/nOiGZH0AvcYtKzdAp10ctF9RzLEgjYk8QyrWFG3jk3L237Gn1MHW 390g== X-Gm-Message-State: AOAM530LxFdiwvKyHpenRjPZFft47otzxjGsk822A9tQEbMOgeH8C27l 8W4/Tf+Ltr2n+rVKqcdg2N1fUhkfsBqTW4ENmTTFbQ== X-Received: by 2002:a17:902:8d95:b029:d8:c2ee:7dc with SMTP id v21-20020a1709028d95b02900d8c2ee07dcmr2295427plo.57.1605123860032; Wed, 11 Nov 2020 11:44:20 -0800 (PST) MIME-Version: 1.0 References: <000000000000fe575905b3cff92c@google.com> In-Reply-To: From: Andrey Konovalov Date: Wed, 11 Nov 2020 20:44:09 +0100 Message-ID: Subject: Re: linux-next boot error: BUG: unable to handle kernel NULL pointer dereference in mempool_init_node To: Lorenzo Stoakes Cc: Qian Cai , syzbot , Andrew Morton , LKML , Linux Memory Management List , Linux-Next Mailing List , Stephen Rothwell , syzkaller-bugs , Dmitry Vyukov , Alexander Potapenko , Marco Elver Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 11, 2020 at 8:27 PM Lorenzo Stoakes wrote: > > On Wed, 11 Nov 2020 at 17:44, Andrey Konovalov wrote: > > I'll try to reproduce this and figure out the issue. Thanks for letting us know! > > I hope you don't mind me diving in here, I was taking a look just now > and managed to reproduce this locally - I bisected the issue to > 105397399 ("kasan: simplify kasan_poison_kfree"). > > If I stick a simple check in as below it fixes the issue, so I'm > guessing something is violating the assumptions in 105397399? > > > diff --git a/mm/kasan/common.c b/mm/kasan/common.c > index 7a94cebc0324..16163159a017 100644 > --- a/mm/kasan/common.c > +++ b/mm/kasan/common.c > @@ -387,6 +387,11 @@ void __kasan_slab_free_mempool(void *ptr, unsigned long ip) > struct page *page; > > page = virt_to_head_page(ptr); > + > + if (!PageSlab(page)) { > + return; > + } > + > ____kasan_slab_free(page->slab_cache, ptr, ip, false); > } Ah, by the looks of it, ceph's init_caches() functions asks for kmalloc-backed mempool, but at the same time provides a size that doesn't fit into any kmalloc cache, and kmalloc falls back onto page_alloc. Hard to say whether this is an issue in ceph, but I guess we'll have to make KASAN fool proof either way and keep the PageSlab() check in kasan_slab_free_mempool(). Thank you for debugging this, Lorenzo. I'll fix this in v10.