From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9E65D7081E for ; Sun, 22 Feb 2026 12:03:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771761806; cv=none; b=sgJGyG3m92eGsVhZqYgU3uh6i99ZdFwWC8oawQmCb74JqYNzENQYm/eZVNuoft0/TU2wQOlMQzKILhBQhNdiyGbX1Dk20ljlVU+tG/GZ/k1Ua4HY6XtxQNwoncr2+lyHfE0YZLahKHQb4NGRclzu2F1Dc0GE/T4Ugs9mkJ4nOmY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771761806; c=relaxed/simple; bh=yq0QOdO+zgnPrakj7jTTeOPMmzArjodGuiubu6HiSz4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=tSTN0cd3PvlXLTVGUoZTzdYx0ibQZhlrDISCwSS1Q53cjmTci58SQ5tGdn7IXvOe4zD5OQULBQVhna1cnSgXE7D8CeTqo9fKjwBBb7Kyc1YwnVzIw1A6wjSSP6tvjlfmFJTuLp5SNWl82wnfzBgpoUi+8r97ZnD9g9ugU754gLU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=d6sehwQQ; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="d6sehwQQ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1771761803; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=l+yw+qtv1w/l9LpTV1w9IMNGubX7SibUQexR33hlLcA=; b=d6sehwQQ7gqYJfCHEVhPOdwv4pHg0QjokO5OTBpnD3X2vx8mxh2T8LMOx7HB71umLeribc +BVuu9Zb6f13bmlln9d7dHv/UAG0HsNGSwug8YChoTb1ZE7ACU/4ghmD9O9fu0cf1N8GC+ GUSVjb/VTK66Wcmg3NPCP4B+7Jmv8EY= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-104-leSndRU3Nf-XQVbNMtRUig-1; Sun, 22 Feb 2026 07:03:20 -0500 X-MC-Unique: leSndRU3Nf-XQVbNMtRUig-1 X-Mimecast-MFC-AGG-ID: leSndRU3Nf-XQVbNMtRUig_1771761799 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3E4E51956095; Sun, 22 Feb 2026 12:03:19 +0000 (UTC) Received: from fedora (unknown [10.72.116.34]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id DDEAF1800465; Sun, 22 Feb 2026 12:03:15 +0000 (UTC) Date: Sun, 22 Feb 2026 20:01:46 +0800 From: Ming Lei To: Mike Rapoport Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mm: fix NULL NODE_DATA dereference for memoryless nodes on boot Message-ID: References: <20260222054451.3261-1-ming.lei@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 On Sun, Feb 22, 2026 at 01:21:42PM +0200, Mike Rapoport wrote: > Hi, > > On Sun, Feb 22, 2026 at 01:44:51PM +0800, Ming Lei wrote: > > Commit d49004c5f0c1 ("arch, mm: consolidate initialization of nodes, > > zones and memory map") moved free_area_init() from setup_arch() to > > mm_core_init_early(), which runs after setup_arch() returns. > > > > This changed the ordering relative to init_cpu_to_node() on x86. Before > > the commit, free_area_init() ran during paging_init() (called from > > setup_arch()) *before* init_cpu_to_node(). After the commit, it runs > > *after* init_cpu_to_node(). > > > > On machines with memoryless NUMA nodes (e.g., node 0 has CPUs but no > > memory), this causes a NULL pointer dereference: > > > > 1. numa_register_nodes() skips memoryless nodes: no alloc_node_data() > > and no node_set_online() for them. > > 2. init_cpu_to_node() sets memoryless nodes online (they have CPUs) > > but does not allocate NODE_DATA. > > 3. free_area_init() checks "if (!node_online(nid))" to decide whether > > to call alloc_offline_node_data(). Since the memoryless node is now > > online, the allocation is skipped, leaving NODE_DATA(nid) == NULL. > > 4. The immediate "pgdat = NODE_DATA(nid)" dereferences NULL. > > > > The crash happens before console_init(), so no output is visible without > > earlyprintk. With earlyprintk enabled, the following panic is observed: > > > > BUG: unable to handle page fault for address: 000000000002a1e0 > > Oops: Oops: 0000 [#1] SMP NOPTI > > RIP: 0010:free_area_init_node+0x3a/0x540 > > Call Trace: > > > > free_area_init+0x331/0x4e0 > > start_kernel+0x69/0x4a0 > > x86_64_start_reservations+0x24/0x30 > > x86_64_start_kernel+0x125/0x130 > > common_startup_64+0x13e/0x148 > > > > Kernel panic - not syncing: Attempted to kill the idle task! > > > > Fix this by checking "if (!NODE_DATA(nid))" instead of > > "if (!node_online(nid))". This directly tests whether the per-node data > > structure needs to be allocated, regardless of the node's online status. > > I believe that this change is fine for !x86 as well, but it deserves a > sentence in the commit log. > > > Cc: Mike Rapoport (Microsoft) > > Fixes: d49004c5f0c1 ("arch, mm: consolidate initialization of nodes, zones and memory map") > > Signed-off-by: Ming Lei > > --- > > mm/mm_init.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/mm/mm_init.c b/mm/mm_init.c > > index 61d983d23f55..9d63cab36204 100644 > > --- a/mm/mm_init.c > > +++ b/mm/mm_init.c > > @@ -1896,7 +1896,7 @@ static void __init free_area_init(void) > > for_each_node(nid) { > > pg_data_t *pgdat; > > > > - if (!node_online(nid)) > > + if (!NODE_DATA(nid)) > > alloc_offline_node_data(nid); > > A comment that says that if an architecture didn't allocate node data, we > presume that the node is memoryless and offline would be nice here. Hi Mike, All are addressed in V2: https://lore.kernel.org/linux-mm/20260222115702.3659-1-ming.lei@redhat.com/ But miss to Cc you, sorry... Thanks, Ming