syzbot


BUG: Bad rss-counter state

Status: auto-closed as invalid on 2020/04/11 05:38
Reported-by: syzbot+69e0697232e848e69c78@syzkaller.appspotmail.com
First crash: 937d, last: 937d
similar bugs (8):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: Bad rss-counter state syz 20 1747d 1710d 0/22 closed as invalid on 2017/10/31 09:42
upstream BUG: Bad rss-counter state (2) 11 1660d 1662d 0/22 closed as invalid on 2018/02/01 12:07
linux-4.19 BUG: Bad rss-counter state C error 18 280d 825d 0/1 upstream: reported C repro on 2020/04/03 02:55
upstream BUG: Bad rss-counter state (4) C done unreliable 69 48d 780d 0/22 upstream: reported C repro on 2020/05/18 07:27
linux-4.14 BUG: Bad rss-counter state (2) 4 481d 578d 0/1 auto-closed as invalid on 2021/07/10 23:34
upstream BUG: Bad rss-counter state (3) C unreliable done 438 1074d 1540d 16/22 fixed on 2020/01/31 18:49
android-54 BUG: Bad rss-counter state C 2 482d 787d 0/2 upstream: reported C repro on 2020/05/11 02:06
android-49 BUG: Bad rss-counter state 11325 946d 1180d 0/3 auto-closed as invalid on 2020/03/03 11:04

Sample crash report:
BUG: Bad rss-counter state mm:ffff88809367e640 idx:1 val:5
devpts: called with bogus options
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
devpts: called with bogus options
SELinux: failed to load policy
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
SELinux: failed to load policy
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.1'.
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
selinux_nlmsg_perm: 230 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
devpts: called with bogus options
SELinux: failed to load policy
gfs2: invalid mount option: obj_type=
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
gfs2: can't parse mount arguments
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
loop4: p2 start 3329622912 is beyond EOD, truncated
SELinux: failed to load policy
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
loop4: p2 start 3329622912 is beyond EOD, truncated
SELinux:  policydb table sizes (-474985917,1792) do not match mine (6,7)
SELinux: failed to load policy
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=29798 comm=syz-executor.1
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.1'.
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.5'.
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
Dev loop4: unable to read RDB block 7
 loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
kauditd_printk_skb: 92 callbacks suppressed
audit: type=1400 audit(1576215451.126:236): avc:  denied  { map } for  pid=29907 comm="syz-executor.0" path="socket:[107212]" dev="sockfs" ino=107212 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=1
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.5'.
net_ratelimit: 18 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.1'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 29 bytes leftover after parsing attributes in process `syz-executor.5'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
9pnet: p9_fd_create_unix (30160): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30172): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30186): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30198): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
net_ratelimit: 22 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30329): problem connecting socket: ./file1: -2
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30360): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30378): problem connecting socket: ./file1: -2
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2019/12/13 05:37 linux-4.14.y a844dc4c5442 2a752b7c .config log report