syzbot


possible deadlock in ashmem_ioctl

Status: auto-closed as invalid on 2019/02/22 14:56
First crash: 2237d, last: 2237d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-44 possible deadlock in ashmem_ioctl 20 2219d 2242d 0/2 auto-closed as invalid on 2019/02/22 14:50

Sample crash report:
======================================================
[ INFO: possible circular locking dependency detected ]
4.9.86-gb324a70 #50 Not tainted
-------------------------------------------------------
syz-executor7/15556 is trying to acquire lock:
 (&mm->mmap_sem
but task is already holding lock:
 (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4b121>] ashmem_pin_unpin drivers/staging/android/ashmem.c:714 [inline]
 (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4b121>] ashmem_ioctl+0x371/0xfe0 drivers/staging/android/ashmem.c:791
which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1
 (ashmem_mutex){+.+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_nested+0xbb/0x870 kernel/locking/mutex.c:621
       ashmem_mmap+0x53/0x400 drivers/staging/android/ashmem.c:379
       mmap_region+0x7dd/0xfd0 mm/mmap.c:1694
       do_mmap+0x57b/0xbe0 mm/mmap.c:1473
       do_mmap_pgoff include/linux/mm.h:2032 [inline]
       vm_mmap_pgoff+0x16b/0x1b0 mm/util.c:329
       SYSC_mmap_pgoff mm/mmap.c:1523 [inline]
       SyS_mmap_pgoff+0x33f/0x560 mm/mmap.c:1481
       SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline]
       SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86
       do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282
       entry_SYSCALL_64_after_swapgs+0x5d/0xdb

-> #0
 (&mm->mmap_sem){++++++}:
       lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756
       __might_fault+0x14a/0x1d0 mm/memory.c:4014
       copy_from_user arch/x86/include/asm/uaccess.h:705 [inline]
       ashmem_pin_unpin drivers/staging/android/ashmem.c:719 [inline]
       ashmem_ioctl+0x3c0/0xfe0 drivers/staging/android/ashmem.c:791
       vfs_ioctl fs/ioctl.c:43 [inline]
       do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679
       SYSC_ioctl fs/ioctl.c:694 [inline]
       SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
       do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282
       entry_SYSCALL_64_after_swapgs+0x5d/0xdb

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(
ashmem_mutex);
&mm->mmap_sem);
ashmem_mutex);
&mm->mmap_sem);
 *** DEADLOCK ***

1 lock held by syz-executor7/15556:
 #0: 
 (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4b121>] ashmem_pin_unpin drivers/staging/android/ashmem.c:714 [inline]
 (ashmem_mutex){+.+.+.}, at: [<ffffffff82d4b121>] ashmem_ioctl+0x371/0xfe0 drivers/staging/android/ashmem.c:791
stack backtrace:
CPU: 1 PID: 15556 Comm: syz-executor7 Not tainted 4.9.86-gb324a70 #50
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801b27e7908
 ffffffff81d956f9 ffffffff853a5db0 ffffffff853a5db0 ffffffff853c4f80
 ffff8801cba7a0d8 ffff8801cba79800 ffff8801b27e7950 ffffffff812387f1
 ffff8801cba7a0d8 00000000cba7a0b0 ffff8801cba7a0d8Call Trace:
 [<ffffffff81d956f9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d956f9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff812387f1>] print_circular_bug+0x271/0x310 kernel/locking/lockdep.c:1202
 [<ffffffff8123ec29>] check_prev_add kernel/locking/lockdep.c:1828 [inline]
 [<ffffffff8123ec29>] check_prevs_add kernel/locking/lockdep.c:1938 [inline]
 [<ffffffff8123ec29>] validate_chain kernel/locking/lockdep.c:2265 [inline]
 [<ffffffff8123ec29>] __lock_acquire+0x2bf9/0x3640 kernel/locking/lockdep.c:3345
 [<ffffffff812400ae>] lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756
 [<ffffffff814c273a>] __might_fault+0x14a/0x1d0 mm/memory.c:4014
 [<ffffffff82d4b170>] copy_from_user arch/x86/include/asm/uaccess.h:705 [inline]
 [<ffffffff82d4b170>] ashmem_pin_unpin drivers/staging/android/ashmem.c:719 [inline]
 [<ffffffff82d4b170>] ashmem_ioctl+0x3c0/0xfe0 drivers/staging/android/ashmem.c:791
 [<ffffffff815ae8ca>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff815ae8ca>] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679
 [<ffffffff815af8ef>] SYSC_ioctl fs/ioctl.c:694 [inline]
 [<ffffffff815af8ef>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
 [<ffffffff81006504>] do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282
 [<ffffffff838b5613>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
audit_printk_skb: 4362 callbacks suppressed
audit: type=1400 audit(1520338562.881:14831): avc:  denied  { net_admin } for  pid=15607 comm="syz-executor1" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338562.881:14832): avc:  denied  { dac_override } for  pid=15603 comm="syz-executor0" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338562.891:14833): avc:  denied  { net_admin } for  pid=15622 comm="syz-executor3" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338562.891:14834): avc:  denied  { net_admin } for  pid=15622 comm="syz-executor3" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338562.921:14835): avc:  denied  { net_admin } for  pid=3767 comm="syz-executor5" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338562.921:14836): avc:  denied  { net_admin } for  pid=3770 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338562.921:14837): avc:  denied  { net_admin } for  pid=3770 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338562.921:14838): avc:  denied  { net_admin } for  pid=3770 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338562.921:14839): avc:  denied  { net_admin } for  pid=3770 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338562.921:14840): avc:  denied  { net_admin } for  pid=3770 comm="syz-executor0" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
netlink: 36 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 36 bytes leftover after parsing attributes in process `syz-executor3'.
keychord: Insufficient bytes present for keycount 2
keychord: Insufficient bytes present for keycount 2
binder: BINDER_SET_CONTEXT_MGR already set
binder: 15829:15837 ioctl 40046207 0 returned -16
netlink: 100 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 100 bytes leftover after parsing attributes in process `syz-executor0'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=15873 comm=syz-executor5
l2tp_ppp: tunl 4: get L2TP stats
binder: BINDER_SET_CONTEXT_MGR already set
binder: 16269:16271 ioctl 40046207 0 returned -16
binder: 16269:16271 BC_FREE_BUFFER u0000000000000000 no match
binder: BINDER_SET_CONTEXT_MGR already set
binder: 16269:16271 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 16269:16274 ioctl 40046207 0 returned -16
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
IPVS: Creating netns size=2536 id=16
IPVS: Creating netns size=2536 id=17
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
netlink: 25 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 25 bytes leftover after parsing attributes in process `syz-executor3'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=25666 sclass=netlink_route_socket pig=16397 comm=syz-executor7
netlink: 180 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 180 bytes leftover after parsing attributes in process `syz-executor4'.
IPv6: Can't replace route, no match found
IPv6: Can't replace route, no match found
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1121 sclass=netlink_route_socket pig=16501 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1121 sclass=netlink_route_socket pig=16511 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pig=16508 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pig=16508 comm=syz-executor4
binder: 16546:16565 unknown command -767270143
binder: 16546:16565 ioctl c0306201 2000a000 returned -22
binder_alloc: binder_alloc_mmap_handler: 16546 20000000-20002000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 16546:16581 ioctl 40046207 0 returned -16
binder_alloc: 16546: binder_alloc_buf, no vma
binder: 16546:16581 transaction failed 29189/-3, size 0-0 line 3127
binder: 16546:16592 unknown command -767270143
binder: 16546:16592 ioctl c0306201 2000a000 returned -22
audit_printk_skb: 3608 callbacks suppressed
audit: type=1400 audit(1520338567.901:16044): avc:  denied  { net_admin } for  pid=11490 comm="syz-executor3" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338567.941:16045): avc:  denied  { net_admin } for  pid=11490 comm="syz-executor3" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
binder: release 16546:16553 transaction 87 out, still active
audit: type=1400 audit(1520338567.971:16046): avc:  denied  { net_admin } for  pid=11490 comm="syz-executor3" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338568.001:16047): avc:  denied  { net_admin } for  pid=11490 comm="syz-executor3" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
binder: undelivered TRANSACTION_COMPLETE
binder: release 16546:16565 transaction 87 in, still active
binder: send failed reply for transaction 87, target dead
audit: type=1400 audit(1520338568.031:16048): avc:  denied  { net_admin } for  pid=16594 comm="syz-executor5" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338568.031:16049): avc:  denied  { sys_admin } for  pid=16597 comm="syz-executor0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338568.041:16050): avc:  denied  { net_admin } for  pid=16594 comm="syz-executor5" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338568.041:16051): avc:  denied  { dac_override } for  pid=16599 comm="syz-executor6" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338568.051:16052): avc:  denied  { net_admin } for  pid=3749 comm="syz-executor4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1520338568.051:16053): avc:  denied  { net_admin } for  pid=3749 comm="syz-executor4" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55294 sclass=netlink_route_socket pig=16645 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55294 sclass=netlink_route_socket pig=16650 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29184 sclass=netlink_route_socket pig=16660 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=4 nlmsg_type=35 sclass=netlink_tcpdiag_socket pig=16691 comm=syz-executor7
binder: 16694:16713 got transaction with invalid data ptr
binder: 16694:16713 transaction failed 29201/-14, size 40-8 line 3146
binder_alloc: binder_alloc_mmap_handler: 16694 20ffb000-20ffe000 already mapped failed -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 16694:16713 ioctl 40046207 0 returned -16
binder_alloc: 16694: binder_alloc_buf, no vma
binder: 16694:16718 transaction failed 29189/-3, size 40-8 line 3127
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 16694:16697 transaction 91 out, still active
binder: undelivered TRANSACTION_COMPLETE
binder: undelivered TRANSACTION_ERROR: 29201
binder: send failed reply for transaction 91, target dead
binder: BINDER_SET_CONTEXT_MGR already set
binder: 16946:16947 ioctl 40046207 0 returned -16
binder: tried to use weak ref as strong ref
binder: 16946:16947 Release 1 refcount change on invalid ref 0 ret -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 16946:16947 ioctl 40046207 0 returned -16
binder: BINDER_SET_CONTEXT_MGR already set
binder: 16946:16964 ioctl 40046207 0 returned -16
syz-executor6: vmalloc: allocation failure: 0 bytes, mode:0x24000c2(GFP_KERNEL|__GFP_HIGHMEM)
CPU: 0 PID: 16970 Comm: syz-executor6 Not tainted 4.9.86-gb324a70 #50
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801b0e178f0 ffffffff81d956f9 1ffff100361c2f21 ffff8801c4eac800
 ffffffff83ab9520 0000000000000001 0000000000400000 ffff8801b0e17a00
 ffffffff81451c92 024000c2b0e17970 0000000041b58ab3 ffffffff84195b35
Call Trace:
 [<ffffffff81d956f9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d956f9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81451c92>] warn_alloc+0x212/0x240 mm/page_alloc.c:3056
 [<ffffffff814ffc65>] __vmalloc_node_range+0x3f5/0x5f0 mm/vmalloc.c:1722
 [<ffffffff814fff2b>] __vmalloc_node mm/vmalloc.c:1744 [inline]
 [<ffffffff814fff2b>] __vmalloc_node_flags mm/vmalloc.c:1758 [inline]
 [<ffffffff814fff2b>] vmalloc+0x5b/0x70 mm/vmalloc.c:1773
 [<ffffffff81bff9e0>] sel_write_load+0x130/0xfd0 security/selinux/selinuxfs.c:514
 [<ffffffff8156e653>] __vfs_write+0x103/0x680 fs/read_write.c:507
 [<ffffffff81570339>] vfs_write+0x189/0x530 fs/read_write.c:557
 [<ffffffff8157417f>] SYSC_pwrite64 fs/read_write.c:646 [inline]
 [<ffffffff8157417f>] SyS_pwrite64+0x13f/0x170 fs/read_write.c:633
 [<ffffffff81006504>] do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282
 [<ffffffff838b5613>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Mem-Info:
active_anon:55818 inactive_anon:43 isolated_anon:0
 active_file:3675 inactive_file:8592 isolated_file:0
 unevictable:0 dirty:98 writeback:0 unstable:0
 slab_reclaimable:6390 slab_unreclaimable:59212
 mapped:24316 shmem:50 pagetables:635 bounce:0
 free:1473347 free_pcp:551 free_cma:0
Node 0 active_anon:223272kB inactive_anon:172kB active_file:14700kB inactive_file:34368kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:97264kB dirty:392kB writeback:0kB shmem:200kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 122880kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no
DMA free:15908kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
DMA32 free:2979944kB min:30592kB low:38240kB high:45888kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2980716kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:772kB local_pcp:48kB free_cma:0kB
Normal free:2897536kB min:36824kB low:46028kB high:55232kB active_anon:223272kB inactive_anon:172kB active_file:14700kB inactive_file:34368kB unevictable:0kB writepending:392kB present:4718592kB managed:3585212kB mlocked:0kB slab_reclaimable:25560kB slab_unreclaimable:236848kB kernel_stack:5632kB pagetables:2540kB bounce:0kB free_pcp:1432kB local_pcp:716kB free_cma:0kB
DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
12316 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
320510 pages reserved
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=788 sclass=netlink_xfrm_socket pig=17197 comm=syz-executor1
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=788 sclass=netlink_xfrm_socket pig=17197 comm=syz-executor1
binder: 17236:17241 transaction failed 29189/-22, size 0-0 line 3004
netlink: 37 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 37 bytes leftover after parsing attributes in process `syz-executor6'.
binder: undelivered TRANSACTION_ERROR: 29189
sg_write: data in/out 36083/1 bytes for SCSI command 0xe2-- guessing data in;
   program syz-executor5 not setting count and/or reply_len properly
binder: 17249:17257 DecRefs 0 refcount change on invalid ref 0 ret -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 17249:17259 ioctl 40046207 0 returned -16
binder: 17249:17259 DecRefs 0 refcount change on invalid ref 0 ret -22
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=700 sclass=netlink_route_socket pig=17262 comm=syz-executor6
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=700 sclass=netlink_route_socket pig=17262 comm=syz-executor6
sg_write: data in/out 36083/1 bytes for SCSI command 0xe2-- guessing data in;
   program syz-executor5 not setting count and/or reply_len properly
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=22254 sclass=netlink_route_socket pig=17398 comm=syz-executor2

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/03/06 12:16 https://android.googlesource.com/kernel/common android-4.9 b324a701539e aef0b792 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.