Re: [Kernel Bug] WARNING in mempool_alloc_noprof

[Vernon Yang]

On 2026-02-02, Harry Yoo wrote:
> On Mon, Feb 02, 2026 at 02:40:14PM +0800, 李龙兴 wrote:
> > Dear Linux kernel developers and maintainers,
> >
> > We would like to report a new kernel bug found by our tool. WARNING in
> > mempool_alloc_noprof. Details are as follows.
> >
> > Kernel commit: v6.12.11
> > Kernel config: see attachment
> > report: see attachment
> >
> > We are currently analyzing the root cause and  working on a
> > reproducible PoC. We will provide further updates in this thread as
> > soon as we have more information.
> >
> > Best regards,
> > Longxing Li
> >
> > ------------[ cut here ]------------
> > WARNING: CPU: 1 PID: 362734 at mm/page_alloc.c:4234
> > __alloc_pages_slowpath mm/page_alloc.c:4234 [inline]
> > WARNING: CPU: 1 PID: 362734 at mm/page_alloc.c:4234
> > __alloc_pages_noprof+0x2025/0x25a0 mm/page_alloc.c:4766
> > Modules linked in:
> > CPU: 1 UID: 0 PID: 362734 Comm: syz-executor.5 Not tainted 6.12.11 #1
> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
> > RIP: 0010:__alloc_pages_slowpath mm/page_alloc.c:4234 [inline]
> > RIP: 0010:__alloc_pages_noprof+0x2025/0x25a0 mm/page_alloc.c:4766
>
> page allocator triggers a warning when __GFP_NOFAIL is set but
> __GFP_DIRECT_RECLAIM is not set.
>
> > Code: 10 00 00 00 44 8b 74 24 48 41 89 c5 0f b6 c0 44 8b a4 24 84 00
> > 00 00 89 44 24 28 e9 e5 f6 ff ff 90 0f 0b 90 e9 f1 f6 ff ff 90 <0f> 0b
> > 90 e9 1e fb ff ff e8 2e a4 38 09 e9 5e ed ff ff 4c 89 f7 e8
> > RSP: 0000:ffffc9003ce9e7d0 EFLAGS: 00010246
> > RAX: 0000000000008000 RBX: 0000000000000000 RCX: ffffc9003ce9e8fc
> > RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88813fff99c8
> > RBP: 0000000000000000 R08: 000000000000028d R09: 0000000000000000
> > R10: ffff88807fffbc17 R11: 0000000000000000 R12: 000000000009a800
> > R13: 000000000009a800 R14: 1ffff920079d3d0e R15: 0000000000000001
> > FS:  00007f1784eff640(0000) GS:ffff888135e00000(0000) knlGS:0000000000000000
> > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 000055bb25a85a28 CR3: 0000000096938000 CR4: 0000000000752ef0
> > PKRU: 55555554
> > Call Trace:
> >  <TASK>
> >  alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2269
> >  mempool_alloc_noprof+0x176/0x390 mm/mempool.c:402
>
> the user of the mempool (f2fs_encrypt_one_page) passed __GFP_DIRECT_RECLAIM,
> but mempool temporarily cleared it, but not __GFP_NOFAIL:
>    gfp_temp = gfp_mask & ~(__GFP_DIRECT_RECLAIM|__GFP_IO)
>
> Hmm perhaps mempool should clear __GFP_NOFAIL as well when clearing
> __GFP_DIRECT_RECLAIM?

LGTM. I wrote a fix pacth, as below.

---