lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 9 Sep 2022 13:05:07 +0800
From:   Menglong Dong <menglong8.dong@...il.com>
To:     Paolo Abeni <pabeni@...hat.com>
Cc:     netdev <netdev@...r.kernel.org>, mptcp@...ts.linux.dev,
        Mengen Sun <mengensun@...cent.com>,
        Biao Jiang <benbjiang@...cent.com>
Subject: net: mptcp: mptcp selftest cause page_counter underflow

Hello,

I find a kernel warning when I run mptcp selftest with
following print:

[  138.448383] ------------[ cut here ]------------
[  138.448386] page_counter underflow: -4294952882 nr_pages=4294967289
[  138.448396] WARNING: CPU: 36 PID: 13372 at mm/page_counter.c:56
page_counter_uncharge+0x68/0x80
[  138.448403] Modules linked in: nft_tproxy nf_tproxy_ipv6
nf_tproxy_ipv4 nft_socket nf_socket_ipv4 nf_socket_ipv6 ipt_REJECT
nf_reject_ipv4 sch_netem xt_mark veth tcp_diag udp_diag inet_diag tun
nf_conntrack_netlink xt_addrtype nft_compat overlay binfmt_misc
squashfs edac_core crc32_pclmul ghash_clmulni_intel aesni_intel
crypto_simd cryptd virtio_balloon drm i2c_core backlight fuse autofs4
btrfs blake2b_generic zstd_compress multipath crc32c_intel sr_mod
cdrom floppy
[  138.448429] CPU: 36 PID: 13372 Comm: mptcp_connect Kdump: loaded
Not tainted 6.0.0-rc2-0008+ #60
[  138.448431] Hardware name: Tencent Cloud CVM, BIOS
seabios-1.9.1-qemu-project.org 04/01/2014
[  138.448432] RIP: 0010:page_counter_uncharge+0x68/0x80
[  138.448435] Code: 5b 41 5c 41 5d 5d e9 47 bf ee 00 80 3d 08 e4 0b
02 00 75 18 48 89 da 48 c7 c7 78 ea 7f 82 c6 05 f5 e3 0b 02 01 e8 6d
66 bd 00 <0f> 0b 49 c7 45 00 00 00 00 00 31 f6 eb b7 66 2e 0f 1f 84 00
00 00
[  138.448437] RSP: 0018:ffffc9000a143b18 EFLAGS: 00010086
[  138.448439] RAX: 0000000000000000 RBX: 00000000fffffff9 RCX: 0000000000000000
[  138.448440] RDX: 0000000000000202 RSI: ffffffff827e53f1 RDI: 00000000ffffffff
[  138.448441] RBP: ffffc9000a143b30 R08: 0000000000013ffb R09: 00000000ffffbfff
[  138.448442] R10: ffffffff830760a0 R11: ffffffff830760a0 R12: ffffffff00000007
[  138.448443] R13: ffff8881229780d0 R14: ffff8882072a0f80 R15: 00000000084072b6
[  138.448447] FS:  00007f886f30d740(0000) GS:ffff889fbf700000(0000)
knlGS:0000000000000000
[  138.448449] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  138.448450] CR2: 00007ffd8d488478 CR3: 0000000132088000 CR4: 00000000003506e0
[  138.448451] Call Trace:
[  138.448453]  <TASK>
[  138.448456]  drain_stock+0x43/0xc0
[  138.448459]  __refill_stock+0x62/0x90
[  138.448461]  mem_cgroup_uncharge_skmem+0x4e/0x90
[  138.448463]  __sk_mem_reduce_allocated+0x12e/0x1b0
[  138.448467]  __mptcp_update_rmem+0x8e/0xb0
[  138.448470]  mptcp_release_cb+0x23a/0x320
[  138.448473]  release_sock+0x48/0xa0
[  138.448475]  mptcp_recvmsg+0x448/0xb70
[  138.448478]  ? balance_dirty_pages_ratelimited+0x10/0x20
[  138.448481]  ? generic_perform_write+0x13c/0x1f0
[  138.448484]  inet_recvmsg+0x120/0x130
[  138.448488]  sock_recvmsg+0x6e/0x80
[  138.448490]  sock_read_iter+0x8f/0xf0
[  138.448492]  vfs_read+0x29f/0x2d0
[  138.448495]  ksys_read+0xb9/0xf0
[  138.448497]  __x64_sys_read+0x19/0x20
[  138.448499]  do_syscall_64+0x42/0x90
[  138.448501]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  138.448504] RIP: 0033:0x7f886f0f9a7e
[  138.448506] Code: c0 e9 b6 fe ff ff 50 48 8d 3d be ec 0b 00 e8 d9
f1 01 00 66 0f 1f 84 00 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75
14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83
ec 28
[  138.448507] RSP: 002b:00007ffd8d488478 EFLAGS: 00000246 ORIG_RAX:
0000000000000000
[  138.448509] RAX: ffffffffffffffda RBX: 0000000000000feb RCX: 00007f886f0f9a7e
[  138.448510] RDX: 0000000000000feb RSI: 00007ffd8d48e550 RDI: 0000000000000003
[  138.448511] RBP: 0000000000000003 R08: 00007f886f1f2210 R09: 00007f886f1f2260
[  138.448512] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd8d48e550
[  138.448513] R13: 0000000000002000 R14: 0000000000000000 R15: 00007ffd8d48e550
[  138.448516]  </TASK>
[  138.448516] ---[ end trace 0000000000000000 ]---

It is easy to reproduce, just run mptcp_connect.sh, mptcp_sockopt.sh and
mptcp_join.sh together.

Hmm...I'm not good at kernel memory, so someone who
is good at this part may have a look at this problem.

You can add
Reported-by: Menglong Dong <imagedong@...cent.com>
when you fix this warning.

Thanks!
Menglong Dong

Powered by blists - more mailing lists