Re: [syzbot] WARNING in page_counter_cancel (3)
From: Mat Martineau
Date: Tue Jan 04 2022 - 19:08:51 EST
On Wed, 29 Dec 2021, Michal Hocko wrote:
On Tue 21-12-21 15:57:36, Andrew Morton wrote:
On Sat, 18 Dec 2021 06:04:22 -0800 syzbot <syzbot+bc9e2d2dbcb347dd215a@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
syzbot has found a reproducer for the following issue on:
HEAD commit: fbf252e09678 Add linux-next specific files for 20211216
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1797de99b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7fcbb9aa19a433c8
dashboard link: https://syzkaller.appspot.com/bug?extid=bc9e2d2dbcb347dd215a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=135d179db00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=113edb6db00000
Useful to have that, thanks.
I'm suspecting that mptcp is doing something strange.
Yes.
Could I as the
developers to please take a look?
Andrew -
Yes, we'll get a fix in to net-next soon - thanks for adding the mptcp &
netdev lists.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bc9e2d2dbcb347dd215a@xxxxxxxxxxxxxxxxxxxxxxxxx
R13: 00007ffdeb858640 R14: 00007ffdeb858680 R15: 0000000000000004
</TASK>
------------[ cut here ]------------
page_counter underflow: -4294966651 nr_pages=4294967295
__mptcp_mem_reclaim_partial is trying to uncharge (via
__sk_mem_reduce_allocated) negative amount. nr_pages has overflown when
converted from int to unsigned int (-1). I would say that
__mptcp_mem_reclaim_partial has evaluated
reclaimable = mptcp_sk(sk)->rmem_fwd_alloc - sk_unused_reserved_mem(sk)
to 0 and __mptcp_rmem_reclaim(sk, reclaimable - 1) made it -1.
Thanks for the analysis Michal.
--
Mat Martineau
Intel