[linus:master] [mm/codetag] 51f43d5d82: WARNING:at_include/linux/alloc_tag.h:#__alloc_tag_ref_set

[linus:master] [mm/codetag] 51f43d5d82: WARNING:at_include/linux/alloc_tag.h:#__alloc_tag_ref_set

[kernel test robot]

Hello,

kernel test robot noticed "WARNING:at_include/linux/alloc_tag.h:#__alloc_tag_ref_set" on:

commit: 51f43d5d82ed2ba3f9a3f9a2390c52f28e42af32 ("mm/codetag: swap tags when migrate pages")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linus/master      fac04efc5c793dccbd07e2d59af9f90b7fc0dca4]
[test failed on linux-next/master ebe1b11614e079c5e366ce9bd3c8f44ca0fbcc1b]

in testcase: trinity
version: 
with following parameters:

	runtime: 600s



config: i386-randconfig-015-20241208
compiler: gcc-11
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+-----------------------------------------------------------+------------+------------+
|                                                           | 914eec5e98 | 51f43d5d82 |
+-----------------------------------------------------------+------------+------------+
| WARNING:at_include/linux/alloc_tag.h:#__alloc_tag_ref_set | 0          | 5          |
| EIP:__alloc_tag_ref_set                                   | 0          | 5          |
+-----------------------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com


[  626.127550][   T24] ------------[ cut here ]------------
[  626.128516][   T24] alloc_tag was not cleared (got tag for mm/shmem.c:1794)
[ 626.136360][ T24] WARNING: CPU: 0 PID: 24 at include/linux/alloc_tag.h:138 __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
[  626.137957][   T24] Modules linked in: serio_raw rtc_cmos bochs drm_client_lib drm_shmem_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm_kms_helper fb drm drm_panel_orientation_quirks backlight intel_agp intel_gtt
[  626.140833][   T24] CPU: 0 UID: 0 PID: 24 Comm: kcompactd0 Tainted: G                T  6.13.0-rc1-00015-g51f43d5d82ed #1
[  626.142284][   T24] Tainted: [T]=RANDSTRUCT
[  626.142870][   T24] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 626.144610][ T24] EIP: __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
[ 626.145517][ T24] Code: 53 89 c3 51 8b 00 85 c0 74 25 80 3d a4 8a 35 c2 00 75 1c ff 70 04 c6 05 a4 8a 35 c2 01 ff 70 10 68 24 bc c0 c1 e8 7d bf cd ff <0f> 0b 83 c4 0c 85 f6 75 25 a0 a3 8a 35 c2 84 c0 75 22 68 6d bc c0
All code
========
   0:	53                   	push   %rbx
   1:	89 c3                	mov    %eax,%ebx
   3:	51                   	push   %rcx
   4:	8b 00                	mov    (%rax),%eax
   6:	85 c0                	test   %eax,%eax
   8:	74 25                	je     0x2f
   a:	80 3d a4 8a 35 c2 00 	cmpb   $0x0,-0x3dca755c(%rip)        # 0xffffffffc2358ab5
  11:	75 1c                	jne    0x2f
  13:	ff 70 04             	push   0x4(%rax)
  16:	c6 05 a4 8a 35 c2 01 	movb   $0x1,-0x3dca755c(%rip)        # 0xffffffffc2358ac1
  1d:	ff 70 10             	push   0x10(%rax)
  20:	68 24 bc c0 c1       	push   $0xffffffffc1c0bc24
  25:	e8 7d bf cd ff       	call   0xffffffffffcdbfa7
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	83 c4 0c             	add    $0xc,%esp
  2f:	85 f6                	test   %esi,%esi
  31:	75 25                	jne    0x58
  33:	a0 a3 8a 35 c2 84 c0 	movabs 0x2275c084c2358aa3,%al
  3a:	75 22 
  3c:	68                   	.byte 0x68
  3d:	6d                   	insl   (%dx),%es:(%rdi)
  3e:	bc                   	.byte 0xbc
  3f:	c0                   	.byte 0xc0

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	83 c4 0c             	add    $0xc,%esp
   5:	85 f6                	test   %esi,%esi
   7:	75 25                	jne    0x2e
   9:	a0 a3 8a 35 c2 84 c0 	movabs 0x2275c084c2358aa3,%al
  10:	75 22 
  12:	68                   	.byte 0x68
  13:	6d                   	insl   (%dx),%es:(%rdi)
  14:	bc                   	.byte 0xbc
  15:	c0                   	.byte 0xc0
[  626.148477][   T24] EAX: 00000037 EBX: c37e1cd0 ECX: 00000000 EDX: 00000002
[  626.149410][   T24] ESI: c2364ee0 EDI: e8359650 EBP: c37e1cbc ESP: c37e1ca4
[  626.150473][   T24] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010246
[  626.151777][   T24] CR0: 80050033 CR2: 08ad2b00 CR3: 2e405000 CR4: 000406d0
[  626.152802][   T24] Call Trace:
[ 626.153277][ T24] ? show_regs (arch/x86/kernel/dumpstack.c:478)
[ 626.153821][ T24] ? __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
[ 626.154506][ T24] ? __warn (kernel/panic.c:748)
[ 626.155033][ T24] ? report_bug (lib/bug.c:201 lib/bug.c:219)
[ 626.155645][ T24] ? __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
[ 626.156293][ T24] ? exc_overflow (arch/x86/kernel/traps.c:301)
[ 626.156881][ T24] ? handle_bug (arch/x86/kernel/traps.c:285)
[ 626.157503][ T24] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))
[ 626.158156][ T24] ? handle_exception (arch/x86/entry/entry_32.S:1055)
[ 626.159050][ T24] ? exc_overflow (arch/x86/kernel/traps.c:301)
[ 626.159866][ T24] ? __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
[ 626.160591][ T24] ? exc_overflow (arch/x86/kernel/traps.c:301)
[ 626.161157][ T24] ? __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
[ 626.161831][ T24] ? pgalloc_tag_get (include/linux/pgalloc_tag.h:220)
[ 626.162455][ T24] pgalloc_tag_swap (lib/alloc_tag.c:214)
[ 626.163139][ T24] folio_migrate_flags (mm/migrate.c:750)
[ 626.163986][ T24] __migrate_folio+0x8c/0x96
[ 626.164956][ T24] ? __migrate_folio+0x96/0x96
[ 626.165986][ T24] migrate_folio (mm/migrate.c:800 (discriminator 2))
[ 626.166790][ T24] move_to_new_folio (mm/migrate.c:1060)
[ 626.167675][ T24] migrate_pages_batch (mm/migrate.c:1369 mm/migrate.c:1899)
[ 626.168566][ T24] ? list_add (arch/x86/kernel/cpu/resctrl/rdtgroup.c:2015 (discriminator 2))
[ 626.169303][ T24] migrate_pages (mm/migrate.c:1971 mm/migrate.c:2074)
[ 626.169948][ T24] ? list_add (arch/x86/kernel/cpu/resctrl/rdtgroup.c:2015 (discriminator 2))
[ 626.170574][ T24] ? fragmentation_score_node (mm/compaction.c:1879)
[ 626.171569][ T24] compact_zone (mm/compaction.c:2641)
[ 626.172363][ T24] compact_node (mm/compaction.c:2912)
[ 626.173081][ T24] kcompactd (mm/compaction.c:3209)
[ 626.173630][ T24] ? lockdep_assert_rq_held (kernel/sched/sched.h:1731)
[ 626.174318][ T24] kthread (kernel/kthread.c:391)
[ 626.174972][ T24] ? kcompactd_do_work (mm/compaction.c:3155)
[ 626.175708][ T24] ? list_del_init (kernel/signal.c:466)
[ 626.176296][ T24] ret_from_fork (arch/x86/kernel/process.c:153)
[ 626.176833][ T24] ? list_del_init (kernel/signal.c:466)
[ 626.177415][ T24] ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
[ 626.177999][ T24] entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[  626.178652][   T24] irq event stamp: 18033
[ 626.179292][ T24] hardirqs last enabled at (18043): __up_console_sem (arch/x86/include/asm/irqflags.h:26 (discriminator 3) arch/x86/include/asm/irqflags.h:87 (discriminator 3) arch/x86/include/asm/irqflags.h:147 (discriminator 3) kernel/printk/printk.c:344 (discriminator 3))
[ 626.180568][ T24] hardirqs last disabled at (18052): __up_console_sem (kernel/printk/printk.c:342 (discriminator 3))
[ 626.181908][ T24] softirqs last enabled at (17870): handle_softirqs (kernel/softirq.c:401 kernel/softirq.c:582)
[ 626.183280][ T24] softirqs last disabled at (17865): __do_softirq (kernel/softirq.c:589)
[  626.184539][   T24] ---[ end trace 0000000000000000 ]---
[  626.460849][ T3069] trinity-c1 invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=500
[  626.462854][ T3069] CPU: 0 UID: 65534 PID: 3069 Comm: trinity-c1 Tainted: G        W       T  6.13.0-rc1-00015-g51f43d5d82ed #1
[  626.464654][ T3069] Tainted: [W]=WARN, [T]=RANDSTRUCT
[  626.465456][ T3069] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  626.467024][ T3069] Call Trace:
[ 626.467563][ T3069] dump_stack_lvl (lib/dump_stack.c:122 (discriminator 4))
[ 626.468317][ T3069] dump_stack (lib/dump_stack.c:130)
[ 626.468989][ T3069] dump_header (mm/oom_kill.c:73 mm/oom_kill.c:462)
[ 626.469701][ T3069] oom_kill_process (mm/oom_kill.c:444 mm/oom_kill.c:1035)
[ 626.470501][ T3069] out_of_memory (mm/oom_kill.c:1174)
[ 626.471229][ T3069] __alloc_pages_slowpath+0x584/0x63d
[ 626.472253][ T3069] __alloc_pages_noprof (mm/page_alloc.c:4764)
[ 626.473076][ T3069] __folio_alloc_noprof (mm/internal.h:709 mm/page_alloc.c:4785)
[ 626.473927][ T3069] shmem_alloc_folio+0x21/0x48
[ 626.474891][ T3069] shmem_alloc_and_add_folio+0x22/0x138
[ 626.475933][ T3069] shmem_get_folio_gfp+0x164/0x358
[ 626.476877][ T3069] ? kunmap_local_indexed (mm/highmem.c:630 (discriminator 3))
[ 626.477692][ T3069] shmem_get_folio (mm/shmem.c:2463)
[ 626.478404][ T3069] shmem_write_begin (mm/shmem.c:3118)
[ 626.479168][ T3069] generic_perform_write (mm/filemap.c:4057)
[ 626.479993][ T3069] shmem_file_write_iter (mm/shmem.c:3293)
[ 626.480869][ T3069] iter_file_splice_write (fs/splice.c:744)
[ 626.481773][ T3069] ? splice_from_pipe_next (fs/splice.c:669)
[ 626.482677][ T3069] do_splice_from (fs/splice.c:941)
[ 626.483432][ T3069] direct_splice_actor (fs/splice.c:1164)
[ 626.484239][ T3069] splice_direct_to_actor (fs/splice.c:1109)
[ 626.485142][ T3069] ? file_end_write (fs/read_write.c:843)
[ 626.485925][ T3069] do_splice_direct_actor (fs/splice.c:1208)
[ 626.486772][ T3069] ? pipe_buf_confirm (fs/pipe.c:85)
[ 626.487522][ T3069] do_splice_direct (fs/splice.c:1235)
[ 626.488317][ T3069] ? file_end_write (fs/read_write.c:843)
[ 626.489088][ T3069] do_sendfile (fs/read_write.c:1363)
[ 626.489832][ T3069] __ia32_sys_sendfile (fs/read_write.c:1402 fs/read_write.c:1391 fs/read_write.c:1391)
[ 626.490659][ T3069] ia32_sys_call (kbuild/obj/consumer/i386-randconfig-015-20241208/./arch/x86/include/generated/asm/syscalls_32.h:188)
[ 626.491455][ T3069] do_int80_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:339)
[ 626.492222][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
[ 626.493011][ T3069] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:269)
[ 626.493775][ T3069] ? local_clock_noinstr (kernel/sched/clock.c:301)
[ 626.494583][ T3069] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 626.495431][ T3069] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4470)
[ 626.496269][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
[ 626.497098][ T3069] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:269)
[ 626.497903][ T3069] ? local_clock_noinstr (kernel/sched/clock.c:301)
[ 626.498733][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
[ 626.499603][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
[ 626.500462][ T3069] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:269)
[ 626.501217][ T3069] ? local_clock_noinstr (kernel/sched/clock.c:301)
[ 626.502080][ T3069] ? find_held_lock+0x22/0x5f
[ 626.503012][ T3069] ? __lock_release+0xb0/0x150
[ 626.503862][ T3069] ? rcu_read_unlock (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880)
[ 626.504608][ T3069] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 626.505449][ T3069] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 626.506281][ T3069] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 626.507051][ T3069] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4470)
[ 626.507856][ T3069] ? syscall_exit_to_user_mode (kernel/entry/common.c:221)
[ 626.508762][ T3069] ? do_int80_syscall_32 (arch/x86/entry/common.c:343)
[ 626.509576][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
[ 626.510425][ T3069] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:269)
[ 626.511252][ T3069] ? local_clock_noinstr (kernel/sched/clock.c:301)
[ 626.512110][ T3069] ? find_held_lock+0x22/0x5f


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241211/202412112227.df61ebb-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re:[linus:master] [mm/codetag] 51f43d5d82: WARNING:at_include/linux/alloc_tag.h:#__alloc_tag_ref_set

[David Wang]

Hi, 

Thanks for reporting this.
This happens when CONFIG_MEM_ALLOC_PROFILING_DEBUG=y,  I will send out a patch later.


Thanks~
David

At 2024-12-11 23:08:46, "kernel test robot" <oliver.sang@intel.com> wrote:
>
>
>Hello,
>
>kernel test robot noticed "WARNING:at_include/linux/alloc_tag.h:#__alloc_tag_ref_set" on:
>
>commit: 51f43d5d82ed2ba3f9a3f9a2390c52f28e42af32 ("mm/codetag: swap tags when migrate pages")
>https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
>
>[test failed on linus/master      fac04efc5c793dccbd07e2d59af9f90b7fc0dca4]
>[test failed on linux-next/master ebe1b11614e079c5e366ce9bd3c8f44ca0fbcc1b]
>
>in testcase: trinity
>version: 
>with following parameters:
>
>	runtime: 600s
>
>
>
>config: i386-randconfig-015-20241208
>compiler: gcc-11
>test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>
>(please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
>+-----------------------------------------------------------+------------+------------+
>|                                                           | 914eec5e98 | 51f43d5d82 |
>+-----------------------------------------------------------+------------+------------+
>| WARNING:at_include/linux/alloc_tag.h:#__alloc_tag_ref_set | 0          | 5          |
>| EIP:__alloc_tag_ref_set                                   | 0          | 5          |
>+-----------------------------------------------------------+------------+------------+
>
>
>If you fix the issue in a separate patch/commit (i.e. not just a new version of
>the same patch/commit), kindly add following tags
>| Reported-by: kernel test robot <oliver.sang@intel.com>
>| Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com
>
>
>[  626.127550][   T24] ------------[ cut here ]------------
>[  626.128516][   T24] alloc_tag was not cleared (got tag for mm/shmem.c:1794)
>[ 626.136360][ T24] WARNING: CPU: 0 PID: 24 at include/linux/alloc_tag.h:138 __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
>[  626.137957][   T24] Modules linked in: serio_raw rtc_cmos bochs drm_client_lib drm_shmem_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm_kms_helper fb drm drm_panel_orientation_quirks backlight intel_agp intel_gtt
>[  626.140833][   T24] CPU: 0 UID: 0 PID: 24 Comm: kcompactd0 Tainted: G                T  6.13.0-rc1-00015-g51f43d5d82ed #1
>[  626.142284][   T24] Tainted: [T]=RANDSTRUCT
>[  626.142870][   T24] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
>[ 626.144610][ T24] EIP: __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
>[ 626.145517][ T24] Code: 53 89 c3 51 8b 00 85 c0 74 25 80 3d a4 8a 35 c2 00 75 1c ff 70 04 c6 05 a4 8a 35 c2 01 ff 70 10 68 24 bc c0 c1 e8 7d bf cd ff <0f> 0b 83 c4 0c 85 f6 75 25 a0 a3 8a 35 c2 84 c0 75 22 68 6d bc c0
>All code
>========
>   0:	53                   	push   %rbx
>   1:	89 c3                	mov    %eax,%ebx
>   3:	51                   	push   %rcx
>   4:	8b 00                	mov    (%rax),%eax
>   6:	85 c0                	test   %eax,%eax
>   8:	74 25                	je     0x2f
>   a:	80 3d a4 8a 35 c2 00 	cmpb   $0x0,-0x3dca755c(%rip)        # 0xffffffffc2358ab5
>  11:	75 1c                	jne    0x2f
>  13:	ff 70 04             	push   0x4(%rax)
>  16:	c6 05 a4 8a 35 c2 01 	movb   $0x1,-0x3dca755c(%rip)        # 0xffffffffc2358ac1
>  1d:	ff 70 10             	push   0x10(%rax)
>  20:	68 24 bc c0 c1       	push   $0xffffffffc1c0bc24
>  25:	e8 7d bf cd ff       	call   0xffffffffffcdbfa7
>  2a:*	0f 0b                	ud2		<-- trapping instruction
>  2c:	83 c4 0c             	add    $0xc,%esp
>  2f:	85 f6                	test   %esi,%esi
>  31:	75 25                	jne    0x58
>  33:	a0 a3 8a 35 c2 84 c0 	movabs 0x2275c084c2358aa3,%al
>  3a:	75 22 
>  3c:	68                   	.byte 0x68
>  3d:	6d                   	insl   (%dx),%es:(%rdi)
>  3e:	bc                   	.byte 0xbc
>  3f:	c0                   	.byte 0xc0
>
>Code starting with the faulting instruction
>===========================================
>   0:	0f 0b                	ud2
>   2:	83 c4 0c             	add    $0xc,%esp
>   5:	85 f6                	test   %esi,%esi
>   7:	75 25                	jne    0x2e
>   9:	a0 a3 8a 35 c2 84 c0 	movabs 0x2275c084c2358aa3,%al
>  10:	75 22 
>  12:	68                   	.byte 0x68
>  13:	6d                   	insl   (%dx),%es:(%rdi)
>  14:	bc                   	.byte 0xbc
>  15:	c0                   	.byte 0xc0
>[  626.148477][   T24] EAX: 00000037 EBX: c37e1cd0 ECX: 00000000 EDX: 00000002
>[  626.149410][   T24] ESI: c2364ee0 EDI: e8359650 EBP: c37e1cbc ESP: c37e1ca4
>[  626.150473][   T24] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010246
>[  626.151777][   T24] CR0: 80050033 CR2: 08ad2b00 CR3: 2e405000 CR4: 000406d0
>[  626.152802][   T24] Call Trace:
>[ 626.153277][ T24] ? show_regs (arch/x86/kernel/dumpstack.c:478)
>[ 626.153821][ T24] ? __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
>[ 626.154506][ T24] ? __warn (kernel/panic.c:748)
>[ 626.155033][ T24] ? report_bug (lib/bug.c:201 lib/bug.c:219)
>[ 626.155645][ T24] ? __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
>[ 626.156293][ T24] ? exc_overflow (arch/x86/kernel/traps.c:301)
>[ 626.156881][ T24] ? handle_bug (arch/x86/kernel/traps.c:285)
>[ 626.157503][ T24] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))
>[ 626.158156][ T24] ? handle_exception (arch/x86/entry/entry_32.S:1055)
>[ 626.159050][ T24] ? exc_overflow (arch/x86/kernel/traps.c:301)
>[ 626.159866][ T24] ? __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
>[ 626.160591][ T24] ? exc_overflow (arch/x86/kernel/traps.c:301)
>[ 626.161157][ T24] ? __alloc_tag_ref_set (include/linux/alloc_tag.h:138 include/linux/alloc_tag.h:157)
>[ 626.161831][ T24] ? pgalloc_tag_get (include/linux/pgalloc_tag.h:220)
>[ 626.162455][ T24] pgalloc_tag_swap (lib/alloc_tag.c:214)
>[ 626.163139][ T24] folio_migrate_flags (mm/migrate.c:750)
>[ 626.163986][ T24] __migrate_folio+0x8c/0x96
>[ 626.164956][ T24] ? __migrate_folio+0x96/0x96
>[ 626.165986][ T24] migrate_folio (mm/migrate.c:800 (discriminator 2))
>[ 626.166790][ T24] move_to_new_folio (mm/migrate.c:1060)
>[ 626.167675][ T24] migrate_pages_batch (mm/migrate.c:1369 mm/migrate.c:1899)
>[ 626.168566][ T24] ? list_add (arch/x86/kernel/cpu/resctrl/rdtgroup.c:2015 (discriminator 2))
>[ 626.169303][ T24] migrate_pages (mm/migrate.c:1971 mm/migrate.c:2074)
>[ 626.169948][ T24] ? list_add (arch/x86/kernel/cpu/resctrl/rdtgroup.c:2015 (discriminator 2))
>[ 626.170574][ T24] ? fragmentation_score_node (mm/compaction.c:1879)
>[ 626.171569][ T24] compact_zone (mm/compaction.c:2641)
>[ 626.172363][ T24] compact_node (mm/compaction.c:2912)
>[ 626.173081][ T24] kcompactd (mm/compaction.c:3209)
>[ 626.173630][ T24] ? lockdep_assert_rq_held (kernel/sched/sched.h:1731)
>[ 626.174318][ T24] kthread (kernel/kthread.c:391)
>[ 626.174972][ T24] ? kcompactd_do_work (mm/compaction.c:3155)
>[ 626.175708][ T24] ? list_del_init (kernel/signal.c:466)
>[ 626.176296][ T24] ret_from_fork (arch/x86/kernel/process.c:153)
>[ 626.176833][ T24] ? list_del_init (kernel/signal.c:466)
>[ 626.177415][ T24] ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
>[ 626.177999][ T24] entry_INT80_32 (arch/x86/entry/entry_32.S:945)
>[  626.178652][   T24] irq event stamp: 18033
>[ 626.179292][ T24] hardirqs last enabled at (18043): __up_console_sem (arch/x86/include/asm/irqflags.h:26 (discriminator 3) arch/x86/include/asm/irqflags.h:87 (discriminator 3) arch/x86/include/asm/irqflags.h:147 (discriminator 3) kernel/printk/printk.c:344 (discriminator 3))
>[ 626.180568][ T24] hardirqs last disabled at (18052): __up_console_sem (kernel/printk/printk.c:342 (discriminator 3))
>[ 626.181908][ T24] softirqs last enabled at (17870): handle_softirqs (kernel/softirq.c:401 kernel/softirq.c:582)
>[ 626.183280][ T24] softirqs last disabled at (17865): __do_softirq (kernel/softirq.c:589)
>[  626.184539][   T24] ---[ end trace 0000000000000000 ]---
>[  626.460849][ T3069] trinity-c1 invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=500
>[  626.462854][ T3069] CPU: 0 UID: 65534 PID: 3069 Comm: trinity-c1 Tainted: G        W       T  6.13.0-rc1-00015-g51f43d5d82ed #1
>[  626.464654][ T3069] Tainted: [W]=WARN, [T]=RANDSTRUCT
>[  626.465456][ T3069] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
>[  626.467024][ T3069] Call Trace:
>[ 626.467563][ T3069] dump_stack_lvl (lib/dump_stack.c:122 (discriminator 4))
>[ 626.468317][ T3069] dump_stack (lib/dump_stack.c:130)
>[ 626.468989][ T3069] dump_header (mm/oom_kill.c:73 mm/oom_kill.c:462)
>[ 626.469701][ T3069] oom_kill_process (mm/oom_kill.c:444 mm/oom_kill.c:1035)
>[ 626.470501][ T3069] out_of_memory (mm/oom_kill.c:1174)
>[ 626.471229][ T3069] __alloc_pages_slowpath+0x584/0x63d
>[ 626.472253][ T3069] __alloc_pages_noprof (mm/page_alloc.c:4764)
>[ 626.473076][ T3069] __folio_alloc_noprof (mm/internal.h:709 mm/page_alloc.c:4785)
>[ 626.473927][ T3069] shmem_alloc_folio+0x21/0x48
>[ 626.474891][ T3069] shmem_alloc_and_add_folio+0x22/0x138
>[ 626.475933][ T3069] shmem_get_folio_gfp+0x164/0x358
>[ 626.476877][ T3069] ? kunmap_local_indexed (mm/highmem.c:630 (discriminator 3))
>[ 626.477692][ T3069] shmem_get_folio (mm/shmem.c:2463)
>[ 626.478404][ T3069] shmem_write_begin (mm/shmem.c:3118)
>[ 626.479168][ T3069] generic_perform_write (mm/filemap.c:4057)
>[ 626.479993][ T3069] shmem_file_write_iter (mm/shmem.c:3293)
>[ 626.480869][ T3069] iter_file_splice_write (fs/splice.c:744)
>[ 626.481773][ T3069] ? splice_from_pipe_next (fs/splice.c:669)
>[ 626.482677][ T3069] do_splice_from (fs/splice.c:941)
>[ 626.483432][ T3069] direct_splice_actor (fs/splice.c:1164)
>[ 626.484239][ T3069] splice_direct_to_actor (fs/splice.c:1109)
>[ 626.485142][ T3069] ? file_end_write (fs/read_write.c:843)
>[ 626.485925][ T3069] do_splice_direct_actor (fs/splice.c:1208)
>[ 626.486772][ T3069] ? pipe_buf_confirm (fs/pipe.c:85)
>[ 626.487522][ T3069] do_splice_direct (fs/splice.c:1235)
>[ 626.488317][ T3069] ? file_end_write (fs/read_write.c:843)
>[ 626.489088][ T3069] do_sendfile (fs/read_write.c:1363)
>[ 626.489832][ T3069] __ia32_sys_sendfile (fs/read_write.c:1402 fs/read_write.c:1391 fs/read_write.c:1391)
>[ 626.490659][ T3069] ia32_sys_call (kbuild/obj/consumer/i386-randconfig-015-20241208/./arch/x86/include/generated/asm/syscalls_32.h:188)
>[ 626.491455][ T3069] do_int80_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:339)
>[ 626.492222][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
>[ 626.493011][ T3069] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:269)
>[ 626.493775][ T3069] ? local_clock_noinstr (kernel/sched/clock.c:301)
>[ 626.494583][ T3069] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
>[ 626.495431][ T3069] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4470)
>[ 626.496269][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
>[ 626.497098][ T3069] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:269)
>[ 626.497903][ T3069] ? local_clock_noinstr (kernel/sched/clock.c:301)
>[ 626.498733][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
>[ 626.499603][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
>[ 626.500462][ T3069] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:269)
>[ 626.501217][ T3069] ? local_clock_noinstr (kernel/sched/clock.c:301)
>[ 626.502080][ T3069] ? find_held_lock+0x22/0x5f
>[ 626.503012][ T3069] ? __lock_release+0xb0/0x150
>[ 626.503862][ T3069] ? rcu_read_unlock (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880)
>[ 626.504608][ T3069] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
>[ 626.505449][ T3069] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
>[ 626.506281][ T3069] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
>[ 626.507051][ T3069] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4470)
>[ 626.507856][ T3069] ? syscall_exit_to_user_mode (kernel/entry/common.c:221)
>[ 626.508762][ T3069] ? do_int80_syscall_32 (arch/x86/entry/common.c:343)
>[ 626.509576][ T3069] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
>[ 626.510425][ T3069] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:269)
>[ 626.511252][ T3069] ? local_clock_noinstr (kernel/sched/clock.c:301)
>[ 626.512110][ T3069] ? find_held_lock+0x22/0x5f
>
>
>The kernel config and materials to reproduce are available at:
>https://download.01.org/0day-ci/archive/20241211/202412112227.df61ebb-lkp@intel.com
>
>
>
>-- 
>0-DAY CI Kernel Test Service
>https://github.com/intel/lkp-tests/wiki

[PATCH] mm/codetag: clear tags before swap

[David Wang]

When CONFIG_MEM_ALLOC_PROFILING_DEBUG is set, kernel WARN would be
triggered when calling __alloc_tag_ref_set() during swap:

	alloc_tag was not cleared (got tag for mm/filemap.c:1951)
	WARNING: CPU: 0 PID: 816 at ./include/linux/alloc_tag.h...

Clear code tags before swap can fix the warning. And this patch also fix
a potential invalid address dereference in alloc_tag_add_check() when
CONFIG_MEM_ALLOC_PROFILING_DEBUG is set and ref->ct is CODETAG_EMPTY,
which is defined as ((void *)1).

Signed-off-by: David Wang <00107082@163.com>
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com
---
 include/linux/alloc_tag.h | 2 +-
 lib/alloc_tag.c           | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h
index 7c0786bdf9af..cba024bf2db3 100644
--- a/include/linux/alloc_tag.h
+++ b/include/linux/alloc_tag.h
@@ -135,7 +135,7 @@ static inline struct alloc_tag_counters alloc_tag_read(struct alloc_tag *tag)
 #ifdef CONFIG_MEM_ALLOC_PROFILING_DEBUG
 static inline void alloc_tag_add_check(union codetag_ref *ref, struct alloc_tag *tag)
 {
-	WARN_ONCE(ref && ref->ct,
+	WARN_ONCE(ref && ref->ct && !is_codetag_empty(ref),
 		  "alloc_tag was not cleared (got tag for %s:%u)\n",
 		  ref->ct->filename, ref->ct->lineno);
 
diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c
index 35f7560a309a..cc5fda9901c2 100644
--- a/lib/alloc_tag.c
+++ b/lib/alloc_tag.c
@@ -209,6 +209,10 @@ void pgalloc_tag_swap(struct folio *new, struct folio *old)
 		return;
 	}
 
+	/* clear tags before swap */
+	set_codetag_empty(&ref_old);
+	set_codetag_empty(&ref_new);
+
 	/* swap tags */
 	__alloc_tag_ref_set(&ref_old, tag_new);
 	update_page_tag_ref(handle_old, &ref_old);
-- 
2.39.2

Re: [PATCH] mm/codetag: clear tags before swap

[Suren Baghdasaryan]

On Wed, Dec 11, 2024 at 8:03 PM David Wang <00107082@163.com> wrote:
>
> When CONFIG_MEM_ALLOC_PROFILING_DEBUG is set, kernel WARN would be
> triggered when calling __alloc_tag_ref_set() during swap:
>
>         alloc_tag was not cleared (got tag for mm/filemap.c:1951)
>         WARNING: CPU: 0 PID: 816 at ./include/linux/alloc_tag.h...
>
> Clear code tags before swap can fix the warning. And this patch also fix
> a potential invalid address dereference in alloc_tag_add_check() when
> CONFIG_MEM_ALLOC_PROFILING_DEBUG is set and ref->ct is CODETAG_EMPTY,
> which is defined as ((void *)1).
^^^
Good catch!

>
> Signed-off-by: David Wang <00107082@163.com>
> Reported-by: kernel test robot <oliver.sang@intel.com>
> Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com
> ---
>  include/linux/alloc_tag.h | 2 +-
>  lib/alloc_tag.c           | 4 ++++
>  2 files changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h
> index 7c0786bdf9af..cba024bf2db3 100644
> --- a/include/linux/alloc_tag.h
> +++ b/include/linux/alloc_tag.h
> @@ -135,7 +135,7 @@ static inline struct alloc_tag_counters alloc_tag_read(struct alloc_tag *tag)
>  #ifdef CONFIG_MEM_ALLOC_PROFILING_DEBUG
>  static inline void alloc_tag_add_check(union codetag_ref *ref, struct alloc_tag *tag)
>  {
> -       WARN_ONCE(ref && ref->ct,
> +       WARN_ONCE(ref && ref->ct && !is_codetag_empty(ref),
>                   "alloc_tag was not cleared (got tag for %s:%u)\n",
>                   ref->ct->filename, ref->ct->lineno);
>
> diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c
> index 35f7560a309a..cc5fda9901c2 100644
> --- a/lib/alloc_tag.c
> +++ b/lib/alloc_tag.c
> @@ -209,6 +209,10 @@ void pgalloc_tag_swap(struct folio *new, struct folio *old)
>                 return;
>         }
>
> +       /* clear tags before swap */

The above comment states what we already know from the code but does
not explain why we do this. Better to describe the reason and not what
we do. Something like:

/*
 * Clear tag references to avoid debug warning when using
 *  __alloc_tag_ref_set() with non-empty reference.
 */

> +       set_codetag_empty(&ref_old);
> +       set_codetag_empty(&ref_new);
> +
>         /* swap tags */
>         __alloc_tag_ref_set(&ref_old, tag_new);
>         update_page_tag_ref(handle_old, &ref_old);
> --
> 2.39.2
>
>

Re: [PATCH] mm/codetag: clear tags before swap

[David Wang]

At 2024-12-12 15:09:59, "Suren Baghdasaryan" <surenb@google.com> wrote:
>On Wed, Dec 11, 2024 at 8:03 PM David Wang <00107082@163.com> wrote:
>>
>> When CONFIG_MEM_ALLOC_PROFILING_DEBUG is set, kernel WARN would be
>> triggered when calling __alloc_tag_ref_set() during swap:
>>
>>         alloc_tag was not cleared (got tag for mm/filemap.c:1951)
>>         WARNING: CPU: 0 PID: 816 at ./include/linux/alloc_tag.h...
>>
>> Clear code tags before swap can fix the warning. And this patch also fix
>> a potential invalid address dereference in alloc_tag_add_check() when
>> CONFIG_MEM_ALLOC_PROFILING_DEBUG is set and ref->ct is CODETAG_EMPTY,
>> which is defined as ((void *)1).
>^^^
>Good catch!
>
>>
>> Signed-off-by: David Wang <00107082@163.com>
>> Reported-by: kernel test robot <oliver.sang@intel.com>
>> Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com
>> ---
>>  include/linux/alloc_tag.h | 2 +-
>>  lib/alloc_tag.c           | 4 ++++
>>  2 files changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h
>> index 7c0786bdf9af..cba024bf2db3 100644
>> --- a/include/linux/alloc_tag.h
>> +++ b/include/linux/alloc_tag.h
>> @@ -135,7 +135,7 @@ static inline struct alloc_tag_counters alloc_tag_read(struct alloc_tag *tag)
>>  #ifdef CONFIG_MEM_ALLOC_PROFILING_DEBUG
>>  static inline void alloc_tag_add_check(union codetag_ref *ref, struct alloc_tag *tag)
>>  {
>> -       WARN_ONCE(ref && ref->ct,
>> +       WARN_ONCE(ref && ref->ct && !is_codetag_empty(ref),
>>                   "alloc_tag was not cleared (got tag for %s:%u)\n",
>>                   ref->ct->filename, ref->ct->lineno);
>>
>> diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c
>> index 35f7560a309a..cc5fda9901c2 100644
>> --- a/lib/alloc_tag.c
>> +++ b/lib/alloc_tag.c
>> @@ -209,6 +209,10 @@ void pgalloc_tag_swap(struct folio *new, struct folio *old)
>>                 return;
>>         }
>>
>> +       /* clear tags before swap */
>
>The above comment states what we already know from the code but does
>not explain why we do this. Better to describe the reason and not what
>we do. Something like:
>
>/*
> * Clear tag references to avoid debug warning when using
> *  __alloc_tag_ref_set() with non-empty reference.
> */
>

Copy that~!


Thanks!
David
>> +       set_codetag_empty(&ref_old);
>> +       set_codetag_empty(&ref_new);
>> +
>>         /* swap tags */
>>         __alloc_tag_ref_set(&ref_old, tag_new);
>>         update_page_tag_ref(handle_old, &ref_old);
>> --
>> 2.39.2
>>
>>

[PATCH v2] mm/codetag: clear tags before swap

[David Wang]

When CONFIG_MEM_ALLOC_PROFILING_DEBUG is set, kernel WARN would be
triggered when calling __alloc_tag_ref_set() during swap:

	alloc_tag was not cleared (got tag for mm/filemap.c:1951)
	WARNING: CPU: 0 PID: 816 at ./include/linux/alloc_tag.h...

Clear code tags before swap can fix the warning. And this patch also fix
a potential invalid address dereference in alloc_tag_add_check() when
CONFIG_MEM_ALLOC_PROFILING_DEBUG is set and ref->ct is CODETAG_EMPTY,
which is defined as ((void *)1).

Signed-off-by: David Wang <00107082@163.com>
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com
Suggested-by: Suren Baghdasaryan <surenb@google.com>
---
 include/linux/alloc_tag.h | 2 +-
 lib/alloc_tag.c           | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h
index 7c0786bdf9af..cba024bf2db3 100644
--- a/include/linux/alloc_tag.h
+++ b/include/linux/alloc_tag.h
@@ -135,7 +135,7 @@ static inline struct alloc_tag_counters alloc_tag_read(struct alloc_tag *tag)
 #ifdef CONFIG_MEM_ALLOC_PROFILING_DEBUG
 static inline void alloc_tag_add_check(union codetag_ref *ref, struct alloc_tag *tag)
 {
-	WARN_ONCE(ref && ref->ct,
+	WARN_ONCE(ref && ref->ct && !is_codetag_empty(ref),
 		  "alloc_tag was not cleared (got tag for %s:%u)\n",
 		  ref->ct->filename, ref->ct->lineno);
 
diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c
index 35f7560a309a..3a0413462e9f 100644
--- a/lib/alloc_tag.c
+++ b/lib/alloc_tag.c
@@ -209,6 +209,13 @@ void pgalloc_tag_swap(struct folio *new, struct folio *old)
 		return;
 	}
 
+	/*
+	 * Clear tag references to avoid debug warning when using
+	 * __alloc_tag_ref_set() with non-empty reference.
+	 */
+	set_codetag_empty(&ref_old);
+	set_codetag_empty(&ref_new);
+
 	/* swap tags */
 	__alloc_tag_ref_set(&ref_old, tag_new);
 	update_page_tag_ref(handle_old, &ref_old);
-- 
2.39.2

Re: [PATCH v2] mm/codetag: clear tags before swap

[Suren Baghdasaryan]

On Thu, Dec 12, 2024 at 12:29 AM David Wang <00107082@163.com> wrote:
>
> When CONFIG_MEM_ALLOC_PROFILING_DEBUG is set, kernel WARN would be
> triggered when calling __alloc_tag_ref_set() during swap:
>
>         alloc_tag was not cleared (got tag for mm/filemap.c:1951)
>         WARNING: CPU: 0 PID: 816 at ./include/linux/alloc_tag.h...
>
> Clear code tags before swap can fix the warning. And this patch also fix
> a potential invalid address dereference in alloc_tag_add_check() when
> CONFIG_MEM_ALLOC_PROFILING_DEBUG is set and ref->ct is CODETAG_EMPTY,
> which is defined as ((void *)1).
>
> Signed-off-by: David Wang <00107082@163.com>
> Reported-by: kernel test robot <oliver.sang@intel.com>
> Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com
> Suggested-by: Suren Baghdasaryan <surenb@google.com>

I didn't really suggest much in this patch, so please replace above
Suggested-by with:

Acked-by: Suren Baghdasaryan <surenb@google.com>

Thanks for fixing this!

> ---
>  include/linux/alloc_tag.h | 2 +-
>  lib/alloc_tag.c           | 7 +++++++
>  2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h
> index 7c0786bdf9af..cba024bf2db3 100644
> --- a/include/linux/alloc_tag.h
> +++ b/include/linux/alloc_tag.h
> @@ -135,7 +135,7 @@ static inline struct alloc_tag_counters alloc_tag_read(struct alloc_tag *tag)
>  #ifdef CONFIG_MEM_ALLOC_PROFILING_DEBUG
>  static inline void alloc_tag_add_check(union codetag_ref *ref, struct alloc_tag *tag)
>  {
> -       WARN_ONCE(ref && ref->ct,
> +       WARN_ONCE(ref && ref->ct && !is_codetag_empty(ref),
>                   "alloc_tag was not cleared (got tag for %s:%u)\n",
>                   ref->ct->filename, ref->ct->lineno);
>
> diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c
> index 35f7560a309a..3a0413462e9f 100644
> --- a/lib/alloc_tag.c
> +++ b/lib/alloc_tag.c
> @@ -209,6 +209,13 @@ void pgalloc_tag_swap(struct folio *new, struct folio *old)
>                 return;
>         }
>
> +       /*
> +        * Clear tag references to avoid debug warning when using
> +        * __alloc_tag_ref_set() with non-empty reference.
> +        */
> +       set_codetag_empty(&ref_old);
> +       set_codetag_empty(&ref_new);
> +
>         /* swap tags */
>         __alloc_tag_ref_set(&ref_old, tag_new);
>         update_page_tag_ref(handle_old, &ref_old);
> --
> 2.39.2
>

[PATCH v3] mm/codetag: clear tags before swap

[David Wang]

When CONFIG_MEM_ALLOC_PROFILING_DEBUG is set, kernel WARN would be
triggered when calling __alloc_tag_ref_set() during swap:

	alloc_tag was not cleared (got tag for mm/filemap.c:1951)
	WARNING: CPU: 0 PID: 816 at ./include/linux/alloc_tag.h...

Clear code tags before swap can fix the warning. And this patch also fix
a potential invalid address dereference in alloc_tag_add_check() when
CONFIG_MEM_ALLOC_PROFILING_DEBUG is set and ref->ct is CODETAG_EMPTY,
which is defined as ((void *)1).

Signed-off-by: David Wang <00107082@163.com>
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com
Acked-by: Suren Baghdasaryan <surenb@google.com>
---
 include/linux/alloc_tag.h | 2 +-
 lib/alloc_tag.c           | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h
index 7c0786bdf9af..cba024bf2db3 100644
--- a/include/linux/alloc_tag.h
+++ b/include/linux/alloc_tag.h
@@ -135,7 +135,7 @@ static inline struct alloc_tag_counters alloc_tag_read(struct alloc_tag *tag)
 #ifdef CONFIG_MEM_ALLOC_PROFILING_DEBUG
 static inline void alloc_tag_add_check(union codetag_ref *ref, struct alloc_tag *tag)
 {
-	WARN_ONCE(ref && ref->ct,
+	WARN_ONCE(ref && ref->ct && !is_codetag_empty(ref),
 		  "alloc_tag was not cleared (got tag for %s:%u)\n",
 		  ref->ct->filename, ref->ct->lineno);
 
diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c
index 35f7560a309a..3a0413462e9f 100644
--- a/lib/alloc_tag.c
+++ b/lib/alloc_tag.c
@@ -209,6 +209,13 @@ void pgalloc_tag_swap(struct folio *new, struct folio *old)
 		return;
 	}
 
+	/*
+	 * Clear tag references to avoid debug warning when using
+	 * __alloc_tag_ref_set() with non-empty reference.
+	 */
+	set_codetag_empty(&ref_old);
+	set_codetag_empty(&ref_new);
+
 	/* swap tags */
 	__alloc_tag_ref_set(&ref_old, tag_new);
 	update_page_tag_ref(handle_old, &ref_old);
-- 
2.39.2

Re: [PATCH v3] mm/codetag: clear tags before swap

[Andrew Morton]

On Fri, 13 Dec 2024 09:33:32 +0800 David Wang <00107082@163.com> wrote:

> When CONFIG_MEM_ALLOC_PROFILING_DEBUG is set, kernel WARN would be
> triggered when calling __alloc_tag_ref_set() during swap:
> 
> 	alloc_tag was not cleared (got tag for mm/filemap.c:1951)
> 	WARNING: CPU: 0 PID: 816 at ./include/linux/alloc_tag.h...
> 
> Clear code tags before swap can fix the warning. And this patch also fix
> a potential invalid address dereference in alloc_tag_add_check() when
> CONFIG_MEM_ALLOC_PROFILING_DEBUG is set and ref->ct is CODETAG_EMPTY,
> which is defined as ((void *)1).
> 
> Signed-off-by: David Wang <00107082@163.com>
> Reported-by: kernel test robot <oliver.sang@intel.com>
> Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com

This points at 

51f43d5d82ed ("mm/codetag: swap tags when migrate pages"), which had
	Fixes: e0a955bf7f61 ("mm/codetag: add pgalloc_tag_copy()")

e0a955bf7f61 ("mm/codetag: add pgalloc_tag_copy()") had
	Fixes: dcfe378c81f7 ("lib: introduce support for page allocation tagging")
	Cc: <stable@vger.kernel.org>

And I'm thinking that this fix should have
	Fixes: 51f43d5d82ed ("mm/codetag: swap tags when migrate pages")
	Cc: <stable@vger.kernel.org>

Re: [PATCH v3] mm/codetag: clear tags before swap

[Suren Baghdasaryan]

On Thu, Dec 12, 2024 at 8:12 PM Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Fri, 13 Dec 2024 09:33:32 +0800 David Wang <00107082@163.com> wrote:
>
> > When CONFIG_MEM_ALLOC_PROFILING_DEBUG is set, kernel WARN would be
> > triggered when calling __alloc_tag_ref_set() during swap:
> >
> >       alloc_tag was not cleared (got tag for mm/filemap.c:1951)
> >       WARNING: CPU: 0 PID: 816 at ./include/linux/alloc_tag.h...
> >
> > Clear code tags before swap can fix the warning. And this patch also fix
> > a potential invalid address dereference in alloc_tag_add_check() when
> > CONFIG_MEM_ALLOC_PROFILING_DEBUG is set and ref->ct is CODETAG_EMPTY,
> > which is defined as ((void *)1).
> >
> > Signed-off-by: David Wang <00107082@163.com>
> > Reported-by: kernel test robot <oliver.sang@intel.com>
> > Closes: https://lore.kernel.org/oe-lkp/202412112227.df61ebb-lkp@intel.com
>
> This points at
>
> 51f43d5d82ed ("mm/codetag: swap tags when migrate pages"), which had
>         Fixes: e0a955bf7f61 ("mm/codetag: add pgalloc_tag_copy()")
>
> e0a955bf7f61 ("mm/codetag: add pgalloc_tag_copy()") had
>         Fixes: dcfe378c81f7 ("lib: introduce support for page allocation tagging")
>         Cc: <stable@vger.kernel.org>
>
> And I'm thinking that this fix should have
>         Fixes: 51f43d5d82ed ("mm/codetag: swap tags when migrate pages")
>         Cc: <stable@vger.kernel.org>

Yes, that is correct. Sorry for missing that.

>