syzbot

audit: type=1400 audit(1538173533.303:46070): avc:  denied  { map } for  pid=26629 comm="getty" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
audit: type=1400 audit(1538173533.313:46071): avc:  denied  { map } for  pid=26629 comm="getty" path="/lib/x86_64-linux-gnu/libc-2.13.so" dev="sda1" ino=2784 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
INFO: task syz-executor0:26541 blocked for more than 140 seconds.
      Not tainted 4.14.72+ #11
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor0   D29256 26541   1842 0x00000000
Call Trace:
 schedule+0x7f/0x1b0 kernel/sched/core.c:3490
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3548
 __mutex_lock_common kernel/locking/mutex.c:833 [inline]
 __mutex_lock+0x521/0x1480 kernel/locking/mutex.c:893
 dev_ioctl+0x281/0xce0 net/core/dev_ioctl.c:421
 sock_do_ioctl+0x92/0xb0 net/socket.c:980
 sock_ioctl+0x263/0x430 net/socket.c:1070
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x1a0/0x1030 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7e/0xb0 fs/ioctl.c:692
 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457579
RSP: 002b:00007f3b5fcd2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
RDX: 0000000000400203 RSI: 0000000000008912 RDI: 0000000000000006
RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b5fcd36d4
R13: 00000000004c0598 R14: 00000000004d0750 R15: 00000000ffffffff

Showing all locks held in the system:
1 lock held by khungtaskd/23:
 #0:  (tasklist_lock){.+.+}, at: [<ffffffffb6201e67>] debug_show_all_locks+0x74/0x20f kernel/locking/lockdep.c:4541
1 lock held by rsyslogd/1629:
 #0:  (&f->f_pos_lock){+.+.}, at: [<ffffffffb65bd252>] __fdget_pos+0xa2/0xc0 fs/file.c:768
2 locks held by getty/1757:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffffb6d2e960>] tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
 #1:  (&ldata->atomic_read_lock){+.+.}, at: [<ffffffffb6d29edf>] n_tty_read+0x1ff/0x15e0 drivers/tty/n_tty.c:2142
2 locks held by syz-executor2/4630:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffffb6d2e960>] tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:275
 #1:  (&tty->atomic_write_lock){+.+.}, at: [<ffffffffb6d144eb>] tty_write_lock+0x1b/0x60 drivers/tty/tty_io.c:883
1 lock held by syz-executor0/26541:
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffffb7373ba1>] dev_ioctl+0x281/0xce0 net/core/dev_ioctl.c:421
1 lock held by init/26632:
 #0:  (tty_mutex){+.+.}, at: [<ffffffffb6d1e358>] tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
 #0:  (tty_mutex){+.+.}, at: [<ffffffffb6d1e358>] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006
1 lock held by init/26633:
 #0:  (tty_mutex){+.+.}, at: [<ffffffffb6d1e358>] tty_open_by_driver drivers/tty/tty_io.c:1922 [inline]
 #0:  (tty_mutex){+.+.}, at: [<ffffffffb6d1e358>] tty_open+0x3a8/0x980 drivers/tty/tty_io.c:2006

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 23 Comm: khungtaskd Not tainted 4.14.72+ #11
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x11b lib/dump_stack.c:53
 nmi_cpu_backtrace.cold.0+0x47/0x85 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x121/0x146 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:138 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:196 [inline]
 watchdog+0x574/0xa70 kernel/hung_task.c:252
 kthread+0x348/0x420 kernel/kthread.c:232
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:402
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 26530 Comm: syz-executor0 Not tainted 4.14.72+ #11
task: ffff8801c6f41780 task.stack: ffff8801d2d28000
RIP: 0033:0x40158b
RSP: 002b:00007f3b5fcf3b50 EFLAGS: 00000206
RAX: 000000001cd90411 RBX: 0000000000000ff4 RCX: 0000000000457579
RDX: 0000000000410f91 RSI: 0000000000a44bf0 RDI: 0000000000000043
RBP: 00000000004bc251 R08: 000000000000000e R09: 0000000000000000
R10: 00007f3b5fcf4700 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000004c3037 R14: 00000000004d50d0 R15: 00000000ffffffff
FS:  00007f3b5fcf4700(0000) GS:ffff8801db900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007eff69f25000 CR3: 00000001ccd68005 CR4: 00000000001606a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600