From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=MJ7E=ER=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-14.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D2622C5517A
	for <linux-mm@archiver.kernel.org>; Wed, 11 Nov 2020 19:44:23 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 406D4207F7
	for <linux-mm@archiver.kernel.org>; Wed, 11 Nov 2020 19:44:23 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="se9v8enf"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 406D4207F7
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 715A36B0036; Wed, 11 Nov 2020 14:44:22 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6EA606B005D; Wed, 11 Nov 2020 14:44:22 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5FFC56B0068; Wed, 11 Nov 2020 14:44:22 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0094.hostedemail.com [216.40.44.94])
	by kanga.kvack.org (Postfix) with ESMTP id 33E616B0036
	for <linux-mm@kvack.org>; Wed, 11 Nov 2020 14:44:22 -0500 (EST)
Received: from smtpin07.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id D95593626
	for <linux-mm@kvack.org>; Wed, 11 Nov 2020 19:44:21 +0000 (UTC)
X-FDA: 77473163922.07.man82_02066ce27300
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin07.hostedemail.com (Postfix) with ESMTP id BF9D81803F9A1
	for <linux-mm@kvack.org>; Wed, 11 Nov 2020 19:44:21 +0000 (UTC)
X-HE-Tag: man82_02066ce27300
X-Filterd-Recvd-Size: 4804
Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176])
	by imf29.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Wed, 11 Nov 2020 19:44:21 +0000 (UTC)
Received: by mail-pl1-f176.google.com with SMTP id d3so1512930plo.4
        for <linux-mm@kvack.org>; Wed, 11 Nov 2020 11:44:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=T6+8pW5jZmBDXZbPZRIztWDaBT2x4DmsxSLQ6azETAc=;
        b=se9v8enfPUYbJTt74HhR/SX2RmXprJ24MmSz0B6V6vVydIBGmJrjoTIm2zNBupmNFO
         GJflYMImUSVaWMip1XV6MIJvQk82VwB1y+EnGYIkN2n/kRU+haT6WrD9zXhdlSZ4p6Cp
         ULCa12b5tboh7sjLVMaGR+hf4Z3Bd3PFQ3QmddVufhjy0HTI8Q6Ixh0F9m9t1K9qRI7n
         osu4eF9sgLT3VBpn0FLT5rTt7wtOGFsgb0lzjQQLDH8Jv6bywYx1l9Ry35K0eRZZBDbp
         s9+EBy8mW+KuK+gots4IIw0zgZX+zl9EbkwM9xZYdF5PQ3se2xIfqNRAy04N9t5Kpfot
         +oVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=T6+8pW5jZmBDXZbPZRIztWDaBT2x4DmsxSLQ6azETAc=;
        b=XKK0qQ2RLT+16miBgM1ak42gCtLdcgi2IefnTiU2z373UVGbOr8LL/A1LjCcQJVuH/
         u2lQhj2pt58djVXqyZ5P1NPEG99y9nM0w0vCEKYDr4XH7m59A5TJ7GxzpOwPw2S6jJ+B
         wPWBVQlgxPDhtXyY5E+S0tsltoKucRLgReYLFmDIN6dC/w8PoK1vUz8V+CUTf7XewJfN
         e3v0RvAiuLg8NDpLd1t670Z547cMebwvY3dZcbfkLO+s7V3mL8gsr7BVcqRSuKa+uKZh
         JzSWKtPF08RxcrgtS6jECrSHs+LyauYr1MJNk7KViQO+YSxsXD+Qh2068s2XS/xzLtfA
         l3TA==
X-Gm-Message-State: AOAM533JIsqYHH8JejsR0P4KBS/5bjwjMUKLzPt7UDt+IMj38TbMBlO+
	ZjvSew7m3cm40j90/Tz8VOOEGf5wHoPKMRNxhTvyMg==
X-Google-Smtp-Source: ABdhPJyritjwALZYYkqE++zh/C6zeAGTLmlgOvj2cpbxrtYI+S9Fb6PTPQ53iLb1vLxINgC437M7aggmL3FxpAymu/k=
X-Received: by 2002:a17:902:8d95:b029:d8:c2ee:7dc with SMTP id
 v21-20020a1709028d95b02900d8c2ee07dcmr2295427plo.57.1605123860032; Wed, 11
 Nov 2020 11:44:20 -0800 (PST)
MIME-Version: 1.0
References: <000000000000fe575905b3cff92c@google.com> <bf31020f4e50b303fd0dd3dfda0e50de79ed25db.camel@redhat.com>
 <CAAeHK+yLgDYOS35sWT8=4_d-gZKU_B10D9ZEBPZDC1P6MO2D6Q@mail.gmail.com> <CAA5enKY8mBicpc7kZKKLG5LeVFhVJtRQ73MYVFM0Az2bbiGv8g@mail.gmail.com>
In-Reply-To: <CAA5enKY8mBicpc7kZKKLG5LeVFhVJtRQ73MYVFM0Az2bbiGv8g@mail.gmail.com>
From: Andrey Konovalov <andreyknvl@google.com>
Date: Wed, 11 Nov 2020 20:44:09 +0100
Message-ID: <CAAeHK+x4tWTY0ZuR6LHhm071bOnvZcfa=A-KLpSfUTkaxZHieA@mail.gmail.com>
Subject: Re: linux-next boot error: BUG: unable to handle kernel NULL pointer
 dereference in mempool_init_node
To: Lorenzo Stoakes <lstoakes@gmail.com>
Cc: Qian Cai <cai@redhat.com>, 
	syzbot <syzbot+2d6f3dad1a42d86a5801@syzkaller.appspotmail.com>, 
	Andrew Morton <akpm@linux-foundation.org>, LKML <linux-kernel@vger.kernel.org>, 
	Linux Memory Management List <linux-mm@kvack.org>, Linux-Next Mailing List <linux-next@vger.kernel.org>, 
	Stephen Rothwell <sfr@canb.auug.org.au>, syzkaller-bugs <syzkaller-bugs@googlegroups.com>, 
	Dmitry Vyukov <dvyukov@google.com>, Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, Nov 11, 2020 at 8:27 PM Lorenzo Stoakes <lstoakes@gmail.com> wrote:
>
> On Wed, 11 Nov 2020 at 17:44, Andrey Konovalov <andreyknvl@google.com> wrote:
> > I'll try to reproduce this and figure out the issue. Thanks for letting us know!
>
> I hope you don't mind me diving in here, I was taking a look just now
> and managed to reproduce this locally - I bisected the issue to
> 105397399 ("kasan: simplify kasan_poison_kfree").
>
> If I stick a simple check in as below it fixes the issue, so I'm
> guessing something is violating the assumptions in 105397399?
>
>
> diff --git a/mm/kasan/common.c b/mm/kasan/common.c
> index 7a94cebc0324..16163159a017 100644
> --- a/mm/kasan/common.c
> +++ b/mm/kasan/common.c
> @@ -387,6 +387,11 @@ void __kasan_slab_free_mempool(void *ptr, unsigned long ip)
>         struct page *page;
>
>         page = virt_to_head_page(ptr);
> +
> +       if (!PageSlab(page)) {
> +               return;
> +       }
> +
>         ____kasan_slab_free(page->slab_cache, ptr, ip, false);
>  }

Ah, by the looks of it, ceph's init_caches() functions asks for
kmalloc-backed mempool, but at the same time provides a size that
doesn't fit into any kmalloc cache, and kmalloc falls back onto
page_alloc. Hard to say whether this is an issue in ceph, but I guess
we'll have to make KASAN fool proof either way and keep the PageSlab()
check in kasan_slab_free_mempool().

Thank you for debugging this, Lorenzo. I'll fix this in v10.