syzbot

 sign-in | mailing list | source | docs
🐞 Open [717] 🐞 Fixed [181] 🐞 Invalid [640] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: Bad rss-counter state

Status: auto-closed as invalid on 2020/04/11 05:38
Reported-by: syzbot+69e0697232e848e69c78@syzkaller.appspotmail.com
First crash: 1589d, last: 1589d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: Bad rss-counter state syz 20 2398d 2361d 0/26 closed as invalid on 2017/10/31 09:42
upstream BUG: Bad rss-counter state (2) kernel 11 2312d 2313d 0/26 closed as invalid on 2018/02/01 12:07
linux-4.19 BUG: Bad rss-counter state C error 18 931d 1477d 0/1 upstream: reported C repro on 2020/04/03 02:55
upstream BUG: Bad rss-counter state (4) C done unreliable 124 340d 1432d 0/26 auto-obsoleted due to no activity on 2023/08/23 09:04
linux-4.14 BUG: Bad rss-counter state (2) 4 1133d 1230d 0/1 auto-closed as invalid on 2021/07/10 23:34
upstream BUG: Bad rss-counter state (3) C unreliable done 438 1726d 2192d 15/26 fixed on 2020/01/31 18:49
android-54 BUG: Bad rss-counter state C 5 9d11h 1439d 0/2 upstream: reported C repro on 2020/05/11 02:06
android-49 BUG: Bad rss-counter state 11325 1597d 1831d 0/3 auto-closed as invalid on 2020/03/03 11:04

Sample crash report:
BUG: Bad rss-counter state mm:ffff88809367e640 idx:1 val:5
devpts: called with bogus options
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
devpts: called with bogus options
SELinux: failed to load policy
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
SELinux: failed to load policy
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.1'.
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
selinux_nlmsg_perm: 230 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
devpts: called with bogus options
SELinux: failed to load policy
gfs2: invalid mount option: obj_type=
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
gfs2: can't parse mount arguments
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
loop4: p2 start 3329622912 is beyond EOD, truncated
SELinux: failed to load policy
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
loop4: p2 start 3329622912 is beyond EOD, truncated
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
SELinux: failed to load policy
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.1'.
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.5'.
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
kauditd_printk_skb: 92 callbacks suppressed
audit: type=1400 audit(1576215451.126:236): avc:  denied  { map } for  pid=29907 comm="syz-executor.0" path="socket:[107212]" dev="sockfs" ino=107212 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.5'.
net_ratelimit: 18 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.1'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.5'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
9pnet: p9_fd_create_unix (30160): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30172): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30186): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30198): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
net_ratelimit: 22 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30329): problem connecting socket: ./file1: -2
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30360): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30378): problem connecting socket: ./file1: -2
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/13 05:37 linux-4.14.y a844dc4c5442 2a752b7c .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.