Hello,
syzbot found the following crash on:
HEAD commit: 8fe42840 Merge 4.9.141 into android-4.9
git tree: android-4.9
console output:
https://syzkaller.appspot.com/x/log.txt?x=14173e62e00000
kernel config:
https://syzkaller.appspot.com/x/.config?x=22a5ba9f73b6da1d
dashboard link:
https://syzkaller.appspot.com/bug?extid=120ae868d0257eed119b
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
userspace arch: i386
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+120ae8...@syzkaller.appspotmail.com
input: syz1 as /devices/virtual/input/input134
input: syz1 as /devices/virtual/input/input135
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54
sclass=netlink_route_socket pig=10703 comm=syz-executor.0
audit_panic: 2003 callbacks suppressed
audit: printk limit exceeded
audit: type=1400 audit(1573087380.086:149658): avc: denied { net_admin }
for pid=2092 comm="syz-executor.5" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087380.116:149659): avc: denied { net_admin }
for pid=2092 comm="syz-executor.5" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087380.146:149660): avc: denied { net_admin }
for pid=2092 comm="syz-executor.5" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087380.176:149661): avc: denied { net_admin }
for pid=2092 comm="syz-executor.5" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087380.206:149662): avc: denied { sys_admin }
for pid=2090 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087380.206:149663): avc: denied { sys_admin }
for pid=2090 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087380.206:149664): avc: denied { sys_admin }
for pid=2090 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087380.216:149665): avc: denied { sys_admin }
for pid=2090 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087380.236:149666): avc: denied { net_admin }
for pid=2090 comm="syz-executor.0" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.1'.
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor.1'.
audit_printk_skb: 2721 callbacks suppressed
audit: type=1400 audit(1573087385.086:150574): avc: denied { net_admin }
for pid=2093 comm="syz-executor.3" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087385.146:150575): avc: denied { net_admin }
for pid=2093 comm="syz-executor.3" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087385.226:150576): avc: denied { sys_admin }
for pid=2090 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087385.226:150577): avc: denied { sys_admin }
for pid=2090 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087385.236:150578): avc: denied { sys_admin }
for pid=2090 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087385.246:150579): avc: denied { sys_admin }
for pid=2090 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087385.286:150580): avc: denied { dac_override
} for pid=2092 comm="syz-executor.5" capability=1
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1573087385.306:150582): avc: denied { create }
for pid=10852 comm="syz-executor.2"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1573087385.306:150583): avc: denied { write } for
pid=10852 comm="syz-executor.2"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1573087385.306:150584): avc: denied { net_admin }
for pid=2090 comm="syz-executor.0" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
netlink: 20 bytes leftover after parsing attributes in process
`syz-executor.5'.
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.