Re: [syzbot] WARNING in page_counter_cancel (3)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+bc9e2d2dbcb347dd215a@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
	 linux-mm@kvack.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] WARNING in page_counter_cancel (3)
Date: Sat, 18 Dec 2021 06:04:22 -0800	[thread overview]
Message-ID: <000000000000f1504c05d36c21ea@google.com> (raw)
In-Reply-To: <00000000000021bb9b05d14bf0c7@google.com>

syzbot has found a reproducer for the following issue on:

HEAD commit:    fbf252e09678 Add linux-next specific files for 20211216
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1797de99b00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=7fcbb9aa19a433c8
dashboard link: https://syzkaller.appspot.com/bug?extid=bc9e2d2dbcb347dd215a
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=135d179db00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=113edb6db00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bc9e2d2dbcb347dd215a@syzkaller.appspotmail.com

R13: 00007ffdeb858640 R14: 00007ffdeb858680 R15: 0000000000000004
 </TASK>
------------[ cut here ]------------
page_counter underflow: -4294966651 nr_pages=4294967295
WARNING: CPU: 1 PID: 3665 at mm/page_counter.c:56 page_counter_cancel+0xcf/0xe0 mm/page_counter.c:56 mm/page_counter.c:56
Modules linked in:
CPU: 1 PID: 3665 Comm: syz-executor933 Not tainted 5.16.0-rc5-next-20211216-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:page_counter_cancel+0xcf/0xe0 mm/page_counter.c:56 mm/page_counter.c:56
Code: c7 04 24 00 00 00 00 45 31 f6 eb 97 e8 ba 77 af ff 4c 89 ea 48 89 ee 48 c7 c7 60 fe b8 89 c6 05 5f b3 b5 0b 01 e8 a6 85 48 07 <0f> 0b eb a8 4c 89 e7 e8 d5 85 fa ff eb c7 0f 1f 00 41 56 41 55 49
RSP: 0018:ffffc90002b1f620 EFLAGS: 00010086
RAX: 0000000000000000 RBX: ffff88807b6e8120 RCX: 0000000000000000
RDX: ffff88807ad31d40 RSI: ffffffff815f4748 RDI: fffff52000563eb6
RBP: ffffffff00000285 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff815ee4ae R11: 0000000000000000 R12: ffff88807b6e8120
R13: 00000000ffffffff R14: 0000000000000000 R15: 0000000000000001
FS:  000055555596c300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 000000007f24a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 page_counter_uncharge+0x2e/0x60 mm/page_counter.c:159 mm/page_counter.c:159
 drain_stock+0xc1/0x170 mm/memcontrol.c:2172 mm/memcontrol.c:2172
 refill_stock+0x131/0x1b0 mm/memcontrol.c:2224 mm/memcontrol.c:2224
 __sk_mem_reduce_allocated+0x24d/0x550 net/core/sock.c:2951 net/core/sock.c:2951
 __mptcp_rmem_reclaim net/mptcp/protocol.c:169 [inline]
 __mptcp_rmem_reclaim net/mptcp/protocol.c:169 [inline] net/mptcp/protocol.c:978
 __mptcp_mem_reclaim_partial+0x124/0x410 net/mptcp/protocol.c:978 net/mptcp/protocol.c:978
 mptcp_mem_reclaim_partial net/mptcp/protocol.c:985 [inline]
 mptcp_alloc_tx_skb net/mptcp/protocol.c:1215 [inline]
 mptcp_mem_reclaim_partial net/mptcp/protocol.c:985 [inline] net/mptcp/protocol.c:1282
 mptcp_alloc_tx_skb net/mptcp/protocol.c:1215 [inline] net/mptcp/protocol.c:1282
 mptcp_sendmsg_frag+0x1ada/0x2410 net/mptcp/protocol.c:1282 net/mptcp/protocol.c:1282
 __mptcp_push_pending+0x232/0x7a0 net/mptcp/protocol.c:1548 net/mptcp/protocol.c:1548
 mptcp_release_cb+0xfe/0x200 net/mptcp/protocol.c:3013 net/mptcp/protocol.c:3013
 release_sock+0xb4/0x1b0 net/core/sock.c:3312 net/core/sock.c:3312
 sk_stream_wait_memory+0x608/0xed0 net/core/stream.c:145 net/core/stream.c:145
 mptcp_sendmsg+0x8df/0x1300 net/mptcp/protocol.c:1745 net/mptcp/protocol.c:1745
 inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:641 net/ipv6/af_inet6.c:641
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg_nosec net/socket.c:704 [inline] net/socket.c:724
 sock_sendmsg+0xcf/0x120 net/socket.c:724 net/socket.c:724
 sock_write_iter+0x289/0x3c0 net/socket.c:1057 net/socket.c:1057
 call_write_iter include/linux/fs.h:2079 [inline]
 call_write_iter include/linux/fs.h:2079 [inline] fs/read_write.c:503
 new_sync_write+0x429/0x660 fs/read_write.c:503 fs/read_write.c:503
 vfs_write+0x7cd/0xae0 fs/read_write.c:590 fs/read_write.c:590
 ksys_write+0x1ee/0x250 fs/read_write.c:643 fs/read_write.c:643
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_x64 arch/x86/entry/common.c:50 [inline] arch/x86/entry/common.c:80
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f4cc423cf49
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdeb8585f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4cc423cf49
RDX: 0000000000017f88 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007ffdeb858620 R08: 0000000000000001 R09: 00007ffdeb858630
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 00007ffdeb858640 R14: 00007ffdeb858680 R15: 0000000000000004
 </TASK>

next prev parent reply	other threads:[~2021-12-18 14:04 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-21 12:49 [syzbot] WARNING in page_counter_cancel (3) syzbot
2021-12-18 14:04 ` syzbot [this message]
2021-12-21 23:57   ` Andrew Morton
2021-12-29  9:23     ` Michal Hocko
2022-01-05  0:08       ` Mat Martineau
2022-01-05  0:35       ` Mat Martineau
2022-01-05  2:41         ` syzbot
2022-01-05  1:06       ` Mat Martineau
2022-01-05  2:41         ` syzbot
2022-01-05 23:24       ` Mat Martineau
2022-01-05 23:26         ` syzbot
2022-01-05 23:53       ` Mat Martineau
2022-01-06  0:06         ` syzbot
2021-12-18 19:59 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000f1504c05d36c21ea@google.com \
    --to=syzbot+bc9e2d2dbcb347dd215a@syzkaller.appspotmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.