WARNING in page_counter

ID	Workflow	Result	Correct	Bug	Created	Started	Finished	Revision	Error
610b2897-8232-4589-89ab-943f1f5712d2	assessment-security	DenialOfService: ✅ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌	❓	WARNING in page_counter_uncharge (2)	2026/05/24 08:04	2026/05/24 08:04	2026/05/24 09:13	c69befb30ac10e158cc9d1557b508ee3f0eca1de

Title	Replies (including bot)	Last reply
[PATCH] mm/hugetlb: fix hugetlb cgroup rsvd charge/uncharge mismatch	4 (4)	2026/04/26 03:47
[syzbot] [mm?] [cgroups?] WARNING in page_counter_uncharge (2)	1 (3)	2026/03/28 06:09

Title

Replies (including bot)

Last reply

[PATCH] mm/hugetlb: fix hugetlb cgroup rsvd charge/uncharge mismatch

4 (4)

2026/04/26 03:47

[syzbot] [mm?] [cgroups?] WARNING in page_counter_uncharge (2)

1 (3)

2026/03/28 06:09

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	WARNING in page_counter_uncharge cgroups mm	-1	C	done	done	2	1642d	1642d	20/29	fixed on 2022/03/08 16:11
linux-6.1	WARNING in page_counter_uncharge origin:lts-only	-1	C		error	3	174d	210d	0/3	upstream: reported C repro on 2025/12/01 06:16

Rank 🛈

upstream

WARNING in page_counter_uncharge cgroups mm

-1

done

1642d

20/29

fixed on 2022/03/08 16:11

linux-6.1

WARNING in page_counter_uncharge origin:lts-only

-1

error

174d

210d

0/3

upstream: reported C repro on 2025/12/01 06:16

Created	Duration	User	Patch	Repo	Result
2026/05/02 06:34	47m	retest repro		net	report log
2026/05/02 06:34	35m	retest repro		net	report log
2026/03/28 06:09	33m	kartikey406@gmail.com	patch	net	OK log

Created

Duration

User

Patch

Repo

Result

2026/05/02 06:34

47m

retest repro

net

report log

2026/05/02 06:34

35m

retest repro

net

report log

2026/03/28 06:09

33m

kartikey406@gmail.com

patch

net

OK log

------------[ cut here ]------------ page_counter underflow: -512 nr_pages=512 WARNING: mm/page_counter.c:60 at page_counter_cancel mm/page_counter.c:60 [inline], CPU#2: syz.3.2707/14164 WARNING: mm/page_counter.c:60 at page_counter_uncharge+0x140/0x1b0 mm/page_counter.c:184, CPU#2: syz.3.2707/14164 Modules linked in: CPU: 2 UID: 0 PID: 14164 Comm: syz.3.2707 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:page_counter_cancel mm/page_counter.c:60 [inline] RIP: 0010:page_counter_uncharge+0x147/0x1b0 mm/page_counter.c:184 Code: 2f b8 8a ff 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 17 b8 8a ff 48 8d 3d 30 0e 60 0e 48 8b 14 24 48 89 ee <67> 48 0f b9 3a be 08 00 00 00 48 89 df e8 d7 b3 f8 ff 48 89 da 48 RSP: 0018:ffffc9000ddef3a0 EFLAGS: 00010093 RAX: 0000000000000000 RBX: ffff88803693f380 RCX: ffffffff827e8c38 RDX: 0000000000000200 RSI: fffffffffffffe00 RDI: ffffffff90de9b00 RBP: fffffffffffffe00 R08: 0000000000000007 R09: 0000000000000000 R10: fffffffffffffe00 R11: 0000000000000000 R12: dffffc0000000000 R13: 0000000000000200 R14: 0000000000000001 R15: 00000000000000f4 FS: 0000000000000000(0000) GS:ffff8880d655f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb2f22beff8 CR3: 000000000e596000 CR4: 0000000000352ef0 Call Trace: <TASK> __hugetlb_cgroup_uncharge_folio.part.0+0x238/0x620 mm/hugetlb_cgroup.c:354 __hugetlb_cgroup_uncharge_folio include/linux/hugetlb_cgroup.h:105 [inline] hugetlb_cgroup_uncharge_folio_rsvd+0x2e/0x40 mm/hugetlb_cgroup.c:382 free_huge_folio+0x6cc/0xce0 mm/hugetlb.c:1729 folios_put_refs+0x6a6/0xa90 mm/swap.c:989 folio_batch_release include/linux/folio_batch.h:101 [inline] remove_inode_hugepages+0x682/0x1090 fs/hugetlbfs/inode.c:582 hugetlbfs_evict_inode+0x8b/0x250 fs/hugetlbfs/inode.c:597 evict+0x3c2/0xad0 fs/inode.c:828 iput_final fs/inode.c:2022 [inline] iput.part.0+0x989/0x1050 fs/inode.c:2071 iput+0x35/0x40 fs/inode.c:2037 dentry_unlink_inode+0x284/0x470 fs/dcache.c:479 dentry_kill+0x25d/0xc20 fs/dcache.c:826 finish_dput fs/dcache.c:1001 [inline] dput.part.0+0xd7/0x240 fs/dcache.c:1042 dput+0x1f/0x30 fs/dcache.c:1037 __fput+0x519/0xb50 fs/file_table.c:520 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x951/0x2ae0 kernel/exit.c:1004 do_group_exit+0xd5/0x2a0 kernel/exit.c:1147 get_signal+0x1ec7/0x21e0 kernel/signal.c:3038 arch_do_signal_or_restart+0x91/0x7e0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:66 [inline] exit_to_user_mode_loop+0x139/0x6f0 kernel/entry/common.c:101 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline] do_syscall_64+0x666/0x870 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f7a2eb9ce59 Code: Unable to access opcode bytes at 0x7f7a2eb9ce2f. RSP: 002b:00007f7a2f9a40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f7a2ee15fa8 RCX: 00007f7a2eb9ce59 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7a2ee15fa8 RBP: 00007f7a2ee15fa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f7a2ee16038 R14: 00007ffc6d42d140 R15: 00007ffc6d42d228 </TASK> ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 8a ff mov %bh,%bh 2: 48 83 c4 10 add $0x10,%rsp 6: 5b pop %rbx 7: 5d pop %rbp 8: 41 5c pop %r12 a: 41 5d pop %r13 c: 41 5e pop %r14 e: 41 5f pop %r15 10: c3 ret 11: cc int3 12: cc int3 13: cc int3 14: cc int3 15: e8 17 b8 8a ff call 0xff8ab831 1a: 48 8d 3d 30 0e 60 0e lea 0xe600e30(%rip),%rdi # 0xe600e51 21: 48 8b 14 24 mov (%rsp),%rdx 25: 48 89 ee mov %rbp,%rsi * 28: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2d: be 08 00 00 00 mov $0x8,%esi 32: 48 89 df mov %rbx,%rdi 35: e8 d7 b3 f8 ff call 0xfff8b411 3a: 48 89 da mov %rbx,%rdx 3d: 48 rex.W

Crashes (10):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/06/16 12:47	upstream	b1cbabe84ca1	a3998659	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	WARNING in page_counter_uncharge
2026/06/16 08:05	upstream	0e0611827f33	50bb0618	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	WARNING in page_counter_uncharge
2026/03/28 01:36	net	5597dd284ff8	74a13a23	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING in page_counter_uncharge
2026/03/27 21:51	net	5597dd284ff8	74a13a23	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING in page_counter_uncharge
2026/06/12 21:31	net-next	f6033078a9e6	1d2f3589	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-net-kasan-gce	WARNING in page_counter_uncharge
2026/04/16 06:23	net	1f5ffc672165	df15c5f3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING in page_counter_uncharge
2026/04/15 05:21	net	b9d8b856689d	e2e976a8	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING in page_counter_uncharge
2026/04/04 11:20	net	1979645e1842	4440e7c2	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING in page_counter_uncharge
2026/03/28 22:49	net	dc9e9d61e301	356bdfc9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING in page_counter_uncharge
2026/03/27 20:27	net	5597dd284ff8	74a13a23	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	WARNING in page_counter_uncharge

Crashes (10):

Assets (help?)