BUG: Bad rss-counter state
11 views
Skip to first unread message
syzbot
Apr 14, 2019, 5:28:23 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 8fe42840 Merge 4.9.141 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=13ce0efd200000
kernel config: https://syzkaller.appspot.com/x/.config?x=22a5ba9f73b6da1d
dashboard link: https://syzkaller.appspot.com/bug?extid=55ed1af5a6233d79e845
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+55ed1a...@syzkaller.appspotmail.com
lowmemorykiller: Killing 'syz-executor.0' (6332) (tgid 6332), adj 1000,
to free 34988kB on behalf of 'kswapd0' (33) because
cache 272kB is below limit 6144kB for oom_score_adj 0
Free memory is -37504kB above reserved
ODEBUG: Out of memory. ODEBUG disabled
BUG: Bad rss-counter state mm:ffff8801c9c09b80 idx:0 val:4
SELinux: policydb string length 0 does not match expected length 8
SELinux: policydb string length 0 does not match expected length 8
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.1'.
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.1'.
binder: 7096:7099 unknown command -1656286029
binder: 7096:7099 ioctl c0306201 20008fd0 returned -22
binder: 7096:7099 BC_DEAD_BINDER_DONE 0000000000000000 not found
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.5'.
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
netlink: 80 bytes leftover after parsing attributes in process
`syz-executor.5'.
binder: 7310:7313 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7313 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7313 DecRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7313 DecRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7316 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7317 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7317 DecRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7317 DecRefs 0 refcount change on invalid ref 0 ret -22
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
audit: type=1400 audit(1555230422.025:56): avc: denied { prog_run } for
pid=7372 comm="syz-executor.4"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf
permissive=1
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
binder: 7398:7399 got transaction to context manager from process owning it
binder: 7398:7399 transaction failed 29201/-22, size 40-8 line 3004
binder: undelivered TRANSACTION_ERROR: 29201
binder: 7398:7402 got transaction to context manager from process owning it
binder: 7398:7402 transaction failed 29201/-22, size 40-8 line 3004
binder: undelivered TRANSACTION_ERROR: 29201
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 8fe42840 Merge 4.9.141 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=13ce0efd200000
kernel config: https://syzkaller.appspot.com/x/.config?x=22a5ba9f73b6da1d
dashboard link: https://syzkaller.appspot.com/bug?extid=55ed1af5a6233d79e845
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+55ed1a...@syzkaller.appspotmail.com
lowmemorykiller: Killing 'syz-executor.0' (6332) (tgid 6332), adj 1000,
to free 34988kB on behalf of 'kswapd0' (33) because
cache 272kB is below limit 6144kB for oom_score_adj 0
Free memory is -37504kB above reserved
ODEBUG: Out of memory. ODEBUG disabled
BUG: Bad rss-counter state mm:ffff8801c9c09b80 idx:0 val:4
SELinux: policydb string length 0 does not match expected length 8
SELinux: policydb string length 0 does not match expected length 8
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
Dead loop on virtual device ip6_vti0, fix it urgently!
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.1'.
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.1'.
binder: 7096:7099 unknown command -1656286029
binder: 7096:7099 ioctl c0306201 20008fd0 returned -22
binder: 7096:7099 BC_DEAD_BINDER_DONE 0000000000000000 not found
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.5'.
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.5'.
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
netlink: 80 bytes leftover after parsing attributes in process
`syz-executor.5'.
binder: 7310:7313 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7313 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7313 DecRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7313 DecRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7316 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7317 IncRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7317 DecRefs 0 refcount change on invalid ref 0 ret -22
binder: 7310:7317 DecRefs 0 refcount change on invalid ref 0 ret -22
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
audit: type=1400 audit(1555230422.025:56): avc: denied { prog_run } for
pid=7372 comm="syz-executor.4"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf
permissive=1
ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
binder: 7398:7399 got transaction to context manager from process owning it
binder: 7398:7399 transaction failed 29201/-22, size 40-8 line 3004
binder: undelivered TRANSACTION_ERROR: 29201
binder: 7398:7402 got transaction to context manager from process owning it
binder: 7398:7402 transaction failed 29201/-22, size 40-8 line 3004
binder: undelivered TRANSACTION_ERROR: 29201
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 3, 2020, 6:04:09 AM3/3/20
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages