syzbot

audit: type=1400 audit(1537501083.307:4918): avc:  denied  { net_admin } for  pid=11588 comm="ip" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1537501083.437:4919): avc:  denied  { net_admin } for  pid=11594 comm="ip" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
INFO: task syz-executor2:11367 blocked for more than 140 seconds.
      Not tainted 4.9.128+ #93
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor2   D30240 11367   2093 0x00000004
 ffff8801ca615f00 ffff8801d1e5e880 ffff8801ca439600 ffff8801d3378000
 ffff8801db721018 ffff8801c938fce8 ffffffff8277ee02 0000000000000000
 ffff8801ca6167b0 ffffed00394c2cf5 00ff8801ca615f00 ffff8801db7218f0
Call Trace:
 [<ffffffff8278032f>] schedule+0x7f/0x1b0 kernel/sched/core.c:3553
 [<ffffffff82780cb3>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586
 [<ffffffff82782936>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff82782936>] mutex_lock_nested+0x326/0x870 kernel/locking/mutex.c:621
 [<ffffffff8154c6fc>] __fdget_pos+0xac/0xd0 fs/file.c:781
 [<ffffffff814ef37e>] fdget_pos include/linux/file.h:66 [inline]
 [<ffffffff814ef37e>] SYSC_write fs/read_write.c:599 [inline]
 [<ffffffff814ef37e>] SyS_write+0x7e/0x1c0 fs/read_write.c:596
 [<ffffffff8100554f>] do_syscall_64+0x19f/0x480 arch/x86/entry/common.c:282
 [<ffffffff8278df13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

Showing all locks held in the system:
2 locks held by khungtaskd/24:
 #0:  (rcu_read_lock){......}, at: [<ffffffff8130a0ac>] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff8130a0ac>] watchdog+0x11c/0xa20 kernel/hung_task.c:239
 #1:  (tasklist_lock){.+.+..}, at: [<ffffffff813e71ec>] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336
1 lock held by rsyslogd/1900:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8154c6fc>] __fdget_pos+0xac/0xd0 fs/file.c:781
2 locks held by getty/2027:
 #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff8278bfd2>] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367
 #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81cdee72>] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142
1 lock held by syz-executor2/7913:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81ccf2a8>] tty_release+0xa88/0xd00 drivers/tty/tty_io.c:1933
1 lock held by syz-executor2/11367:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8154c6fc>] __fdget_pos+0xac/0xd0 fs/file.c:781
3 locks held by syz-executor2/11370:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8154c6fc>] __fdget_pos+0xac/0xd0 fs/file.c:781
 #1:  (sb_writers#3){.+.+.+}, at: [<ffffffff814eb80b>] file_start_write include/linux/fs.h:2640 [inline]
 #1:  (sb_writers#3){.+.+.+}, at: [<ffffffff814eb80b>] vfs_write+0x3eb/0x520 fs/read_write.c:556
 #2:  (sel_mutex){+.+.+.}, at: [<ffffffff819c6fba>] sel_write_load+0xba/0xfa0 security/selinux/selinuxfs.c:498
1 lock held by syz-executor2/11396:
 #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8154c6fc>] __fdget_pos+0xac/0xd0 fs/file.c:781
1 lock held by init/11404:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125
1 lock held by init/11405:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125
1 lock held by init/11406:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125
1 lock held by init/11407:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125
1 lock held by init/11408:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125
1 lock held by init/11432:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline]
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cd36a6>] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125
1 lock held by syz-executor5/11696:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cec497>] ptmx_open+0xf7/0x310 drivers/tty/pty.c:753
1 lock held by syz-executor5/11697:
 #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81cec497>] ptmx_open+0xf7/0x310 drivers/tty/pty.c:753

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.128+ #93
 ffff8801d9907d08 ffffffff81af2469 0000000000000000 0000000000000001
 0000000000000001 0000000000000001 ffffffff810967d0 ffff8801d9907d40
 ffffffff81afd1c9 0000000000000001 0000000000000000 0000000000000003
Call Trace:
 [<ffffffff81af2469>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81af2469>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81afd1c9>] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99
 [<ffffffff81afd15c>] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60
 [<ffffffff810968d4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37
 [<ffffffff8130a63d>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline]
 [<ffffffff8130a63d>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8130a63d>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8130a63d>] watchdog+0x6ad/0xa20 kernel/hung_task.c:239
 [<ffffffff8113e00d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff8278e0dc>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 11249 Comm: syz-executor0 Not tainted 4.9.128+ #93
task: ffff8801a7f04740 task.stack: ffff8801ca840000
RIP: 0010:[<ffffffff810053b0>] 
c [<ffffffff810053b0>] do_syscall_64+0x0/0x480 arch/x86/entry/common.c:249
RSP: 0018:ffff8801ca847f50  EFLAGS: 00000046
RAX: 00000000000000ca RBX: 0000000000000000 RCX: 0000000000457679
RDX: 0000000000000000 RSI: 0000000000000080 RDI: ffff8801ca847f58
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f5b69626700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c42b4fd000 CR3: 00000001cbeed000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff8278df13
c 0000000000000000
c 00007f5b696269c0
c 0000000000a3fb9f
c
 000000000072bf0c
c 000000000072bf00
c 000000000072bf08
c 0000000000000246
c
 0000000000000000
c 0000000000000000
c 0000000000000000
c ffffffffffffffda
c
Call Trace:
Code: 
cff 
cff 
cff 
c48 
c89 
cdf 
ce8 
c70 
ce8 
c4c 
c00 
ce9 
c03 
cff 
cff 
cff 
c48 
c89 
cdf 
ce8 
c63 
ce8 
c4c 
c00 
ce9 
c83 
cfe 
cff 
cff 
ce8 
c59 
ce8 
c4c 
c00 
ce9 
c55 
cff 
cff 
cff 
c0f 
c1f 
c40 
c00 
c<55> 
c48 
c89 
ce5 
c41 
c56 
c41 
c55 
c41 
c54 
c53 
c48 
c89 
cfb 
c4c 
c8d 
c6b 
c78 
c48 
c83 
cec 
c