On 2017/12/18 23:52, Tetsuo Handa wrote: > On 2017/12/18 17:43, syzbot wrote: >> Hello, >> >> syzkaller hit the following crash on 6084b576dca2e898f5c101baef151f7bfdbb606d >> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master >> compiler: gcc (GCC) 7.1.1 20170620 >> .config is attached >> Raw console output is attached. >> >> Unfortunately, I don't have any reproducer for this bug yet. >> > > This log has a lot of mmap() but also has Android's binder messages. > > r9 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800) > > [ 49.200735] binder: 9749:9755 IncRefs 0 refcount change on invalid ref 2 > ret -22 > [ 49.221514] binder: 9749:9755 Acquire 1 refcount change on invalid ref 4 > ret -22 > [ 49.233325] binder: 9749:9755 Acquire 1 refcount change on invalid ref 0 > ret -22 > [ 49.241979] binder: binder_mmap: 9749 205a3000-205a7000 bad vm_flags > failed -1 > [ 49.256949] binder: 9749:9755 unknown command 0 > [ 49.262470] binder: 9749:9755 ioctl c0306201 20000fd0 returned -22 > [ 49.293365] binder: 9749:9755 IncRefs 0 refcount change on invalid ref 2 > ret -22 > [ 49.301297] binder: binder_mmap: 9749 205a3000-205a7000 bad vm_flags > failed -1 > [ 49.314146] binder: 9749:9755 Acquire 1 refcount change on invalid ref 4 > ret -22 > [ 49.322732] binder: 9749:9755 Acquire 1 refcount change on invalid ref 0 > ret -22 > [ 49.332063] binder: 9749:9755 Release 1 refcount change on invalid ref 1 > ret -22 > [ 49.340796] binder: 9749:9755 Acquire 1 refcount change on invalid ref 2 > ret -22 > [ 49.349457] binder: 9749:9755 BC_DEAD_BINDER_DONE 0000000000000001 not > found > [ 49.349462] binder: 9749:9755 BC_DEAD_BINDER_DONE 0000000000000000 not > found > > [ 246.752088] INFO: task syz-executor7:10280 blocked for more than 120 > seconds. > > Anything that hung after uptime > 46.75 can be reported at uptime = 246.75, > can't it?
Typo. I wanted to say 126.75 >= uptime > 6.75. khungtaskd warning with 120 seconds check interval can be delayed for up to 240 seconds. > > Is it possible to reproduce this problem by running the same program?
