BUG: Bad rss-counter state
10 views
Skip to first unread message
syzbot
Dec 13, 2019, 12:38:08 AM12/13/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: a844dc4c Linux 4.14.158
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12628532e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c02bef505ffc02ff
dashboard link: https://syzkaller.appspot.com/bug?extid=69e0697232e848e69c78
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+69e069...@syzkaller.appspotmail.com
BUG: Bad rss-counter state mm:ffff88809367e640 idx:1 val:5
devpts: called with bogus options
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
devpts: called with bogus options
SELinux: failed to load policy
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
SELinux: failed to load policy
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.1'.
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
selinux_nlmsg_perm: 230 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
devpts: called with bogus options
SELinux: failed to load policy
gfs2: invalid mount option: obj_type=
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
gfs2: can't parse mount arguments
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
loop4: p2 start 3329622912 is beyond EOD, truncated
SELinux: failed to load policy
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
loop4: p2 start 3329622912 is beyond EOD, truncated
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
SELinux: failed to load policy
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.1'.
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.5'.
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
kauditd_printk_skb: 92 callbacks suppressed
audit: type=1400 audit(1576215451.126:236): avc: denied { map } for
pid=29907 comm="syz-executor.0" path="socket:[107212]" dev="sockfs"
ino=107212 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket
permissive=1
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.1'.
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.5'.
net_ratelimit: 18 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.1'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.5'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
9pnet: p9_fd_create_unix (30160): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30172): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30186): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30198): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
net_ratelimit: 22 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30329): problem connecting socket: ./file1: -2
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30360): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30378): problem connecting socket: ./file1: -2
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: a844dc4c Linux 4.14.158
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12628532e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c02bef505ffc02ff
dashboard link: https://syzkaller.appspot.com/bug?extid=69e0697232e848e69c78
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+69e069...@syzkaller.appspotmail.com
BUG: Bad rss-counter state mm:ffff88809367e640 idx:1 val:5
devpts: called with bogus options
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
devpts: called with bogus options
SELinux: failed to load policy
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
SELinux: failed to load policy
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.1'.
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
selinux_nlmsg_perm: 230 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
devpts: called with bogus options
SELinux: failed to load policy
gfs2: invalid mount option: obj_type=
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
gfs2: can't parse mount arguments
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
loop4: p2 start 3329622912 is beyond EOD, truncated
SELinux: failed to load policy
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
loop4: p2 start 3329622912 is beyond EOD, truncated
SELinux: policydb table sizes (-474985917,1792) do not match mine (6,7)
SELinux: failed to load policy
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0
sclass=netlink_route_socket pig=29798 comm=syz-executor.1
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.1'.
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.5'.
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
gfs2: invalid mount option: obj_type=
gfs2: can't parse mount arguments
Dev loop4: unable to read RDB block 7
loop4: AHDI p2 p4
loop4: partition table partially beyond EOD, truncated
loop4: p2 start 3329622912 is beyond EOD, truncated
kauditd_printk_skb: 92 callbacks suppressed
audit: type=1400 audit(1576215451.126:236): avc: denied { map } for
pid=29907 comm="syz-executor.0" path="socket:[107212]" dev="sockfs"
ino=107212 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=tcp_socket
permissive=1
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.1'.
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.5'.
net_ratelimit: 18 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.1'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
netlink: 29 bytes leftover after parsing attributes in process
`syz-executor.5'.
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
9pnet: p9_fd_create_unix (30160): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30172): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30186): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30198): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
net_ratelimit: 22 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30329): problem connecting socket: ./file1: -2
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
misc userio: Begin command sent, but we're already running
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30360): problem connecting socket: ./file1: -2
misc userio: Begin command sent, but we're already running
9pnet: p9_fd_create_unix (30378): problem connecting socket: ./file1: -2
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 11, 2020, 1:38:11 AM4/11/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages