audit: type=1400 audit(1569814017.830:3095): avc: denied { write } for pid=4494 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1569814017.920:3096): avc: denied { read } for pid=4488 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 audit: type=1400 audit(1569814018.000:3097): avc: denied { create } for pid=4517 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 INFO: task init:29505 blocked for more than 140 seconds. Not tainted 4.9.194+ #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D28840 29505 1 0x00000000 0000000000000087 ffff8801cd7eaf80 ffff8801d4c4c780 ffff8801db721000 ffff8801a24b17c0 ffff8801db721018 ffff8801d690f758 ffffffff8281af8e 0000000000000000 ffff8801cd7eaf80 00ff8801d690f788 ffff8801db7218f0 Call Trace: [<00000000106c737d>] schedule+0x92/0x1c0 kernel/sched/core.c:3546 [<000000002b86cc37>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3579 [<00000000f2b68fa4>] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [<00000000f2b68fa4>] mutex_lock_nested+0x38d/0x920 kernel/locking/mutex.c:621 [<000000009977f1f5>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline] [<000000009977f1f5>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140 [<00000000e38bb663>] chrdev_open+0x230/0x630 fs/char_dev.c:398 [<000000004cb5fc4c>] do_dentry_open+0x422/0xd20 fs/open.c:791 [<00000000a861bb8a>] vfs_open+0x105/0x230 fs/open.c:904 [<00000000a5540afc>] do_last fs/namei.c:3541 [inline] [<00000000a5540afc>] path_openat+0xbf5/0x2f60 fs/namei.c:3665 [<000000003a4d883c>] do_filp_open+0x219/0x280 fs/namei.c:3701 [<000000008430da73>] do_sys_open+0x2f0/0x610 fs/open.c:1097 [<000000004301935d>] SYSC_open fs/open.c:1115 [inline] [<000000004301935d>] SyS_open+0x2d/0x40 fs/open.c:1110 [<000000002e31abf1>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000e3a0e399>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by kworker/1:0/18: #0: ("events"){.+.+.+}, at: [<000000002c291e2d>] process_one_work+0x790/0x1600 kernel/workqueue.c:2107 #1: ((&rew.rew_work)){+.+...}, at: [<00000000dca8e8fe>] process_one_work+0x7ce/0x1600 kernel/workqueue.c:2111 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [<00000000ac73cd30>] check_hung_uninterruptible_tasks kernel/hung_task.c:169 [inline] #0: (rcu_read_lock){......}, at: [<00000000ac73cd30>] watchdog+0x14b/0xaf0 kernel/hung_task.c:263 #1: (tasklist_lock){.+.+..}, at: [<000000008a39f91b>] debug_show_all_locks+0x7f/0x21f kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/1902: #0: (&f->f_pos_lock){+.+.+.}, at: [<00000000bad2094e>] __fdget_pos+0xa8/0xd0 fs/file.c:782 2 locks held by getty/2029: #0: (&tty->ldisc_sem){++++++}, at: [<00000000175676b3>] ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:376 #1: (&ldata->atomic_read_lock){+.+...}, at: [<00000000952ba7b5>] n_tty_read+0x1fe/0x1820 drivers/tty/n_tty.c:2156 2 locks held by syz-executor.5/13636: #0: (tasklist_lock){.+.+..}, at: [<00000000876cb8ac>] do_wait+0x371/0x930 kernel/exit.c:1567 #1: (rcu_read_lock){......}, at: [<0000000023fb8adf>] INIT_LIST_HEAD include/linux/list.h:28 [inline] #1: (rcu_read_lock){......}, at: [<0000000023fb8adf>] avc_compute_av+0xac/0x610 security/selinux/avc.c:973 2 locks held by udevd/27447: #0: (sb_writers#6){.+.+.+}, at: [<000000000cdf8c9b>] sb_start_write include/linux/fs.h:1579 [inline] #0: (sb_writers#6){.+.+.+}, at: [<000000000cdf8c9b>] mnt_want_write+0x3f/0xb0 fs/namespace.c:391 #1: (&type->i_mutex_dir_key#4){++++++}, at: [<00000000c6620692>] inode_lock include/linux/fs.h:771 [inline] #1: (&type->i_mutex_dir_key#4){++++++}, at: [<00000000c6620692>] do_last fs/namei.c:3437 [inline] #1: (&type->i_mutex_dir_key#4){++++++}, at: [<00000000c6620692>] path_openat+0xe4b/0x2f60 fs/namei.c:3665 1 lock held by init/29505: #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline] #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140 1 lock held by init/29507: #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline] #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140 1 lock held by init/29509: #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline] #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140 1 lock held by init/29511: #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline] #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140 1 lock held by init/29774: #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open_by_driver drivers/tty/tty_io.c:2062 [inline] #0: (tty_mutex){+.+.+.}, at: [<000000009977f1f5>] tty_open+0x3f9/0xe10 drivers/tty/tty_io.c:2140 2 locks held by kworker/u4:4/4015: #0: ("events_unbound"){.+.+.+}, at: [<000000002c291e2d>] process_one_work+0x790/0x1600 kernel/workqueue.c:2107 #1: ((&sub_info->work)){+.+.+.}, at: [<00000000dca8e8fe>] process_one_work+0x7ce/0x1600 kernel/workqueue.c:2111 2 locks held by kworker/u4:5/4017: #0: ("events_unbound"){.+.+.+}, at: [<000000002c291e2d>] process_one_work+0x790/0x1600 kernel/workqueue.c:2107 #1: ((&sub_info->work)){+.+.+.}, at: [<00000000dca8e8fe>] process_one_work+0x7ce/0x1600 kernel/workqueue.c:2111 5 locks held by kworker/u4:7/4019: #0: ("%s""netns"){.+.+.+}, at: [<000000002c291e2d>] process_one_work+0x790/0x1600 kernel/workqueue.c:2107 #1: (net_cleanup_work){+.+.+.}, at: [<00000000dca8e8fe>] process_one_work+0x7ce/0x1600 kernel/workqueue.c:2111 #2: (net_mutex){+.+.+.}, at: [<00000000efbb03a5>] cleanup_net+0x131/0x8a0 net/core/net_namespace.c:440 #3: (rtnl_mutex){+.+.+.}, at: [<00000000d5d905e9>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 #4: (rcu_preempt_state.exp_mutex){+.+...}, at: [<0000000091a7f212>] exp_funnel_lock kernel/rcu/tree_exp.h:256 [inline] #4: (rcu_preempt_state.exp_mutex){+.+...}, at: [<0000000091a7f212>] _synchronize_rcu_expedited+0x339/0x850 kernel/rcu/tree_exp.h:569 1 lock held by syz-executor.5/4488: #0: (rtnl_mutex){+.+.+.}, at: [<00000000d5d905e9>] rtnl_lock+0x17/0x20 net/core/rtnetlink.c:70 1 lock held by syz-executor.3/4514: #0: (rtnl_mutex){+.+.+.}, at: [<000000006da72627>] rtnl_lock net/core/rtnetlink.c:70 [inline] #0: (rtnl_mutex){+.+.+.}, at: [<000000006da72627>] rtnetlink_rcv+0x1c/0x40 net/core/rtnetlink.c:4086 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.194+ #0 ffff8801d98d7cc8 ffffffff81b67001 0000000000000001 0000000000000000 0000000000000001 ffffffff81099d01 dffffc0000000000 ffff8801d98d7d00 ffffffff81b7229c 0000000000000001 0000000000000000 0000000000000001 Call Trace: [<0000000077dd7f19>] __dump_stack lib/dump_stack.c:15 [inline] [<0000000077dd7f19>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000fd4cb80b>] nmi_cpu_backtrace.cold+0x47/0x87 lib/nmi_backtrace.c:99 [<000000004607a92c>] nmi_trigger_cpumask_backtrace+0x124/0x155 lib/nmi_backtrace.c:60 [<000000007c24a9e4>] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [<0000000049aa3590>] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [<0000000049aa3590>] check_hung_task kernel/hung_task.c:126 [inline] [<0000000049aa3590>] check_hung_uninterruptible_tasks kernel/hung_task.c:183 [inline] [<0000000049aa3590>] watchdog+0x670/0xaf0 kernel/hung_task.c:263 [<00000000abb956b3>] kthread+0x278/0x310 kernel/kthread.c:211 [<00000000d1f61220>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 470 Comm: udevd Not tainted 4.9.194+ #0 task: 0000000036c1a6cb task.stack: 0000000076e2a8ab RIP: 0010:[] c [<000000008f7ca1a5>] mark_irqflags kernel/locking/lockdep.c:2908 [inline] RIP: 0010:[] c [<000000008f7ca1a5>] __lock_acquire+0x467/0x4390 kernel/locking/lockdep.c:3302 RSP: 0018:ffff8801d3067880 EFLAGS: 00000806 RAX: 0000000000000000 RBX: 0000000000008000 RCX: 0000000000000000 RDX: 1ffff1003a75470f RSI: 0000000000000046 RDI: ffff8801d3aa3879 RBP: ffff8801d3067a10 R08: 0000000000000001 R09: 0000000000000001 R10: ffff8801d3aa3858 R11: 1ffff1003a75470a R12: 0000000000000000 R13: 0000000000000046 R14: 0000000000000001 R15: ffff8801d3aa2f80 FS: 00007fb4ebef27a0(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32121000 CR3: 00000001d3d29000 CR4: 00000000001606b0 DR0: 0000000020000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Stack: 0000000000000000c 000000000000001ec ffff8801d30678d0c ffffffff81bcd65cc ffff8801d3067a38c 000060fe2460da58c 1ffff1003a60cf26c 0000000000000000c ffff8801d3067900c ffffffff81bcd65cc ffff8801d30678e0c 000060fe2460daa0c Call Trace: [<000000005a1d26ee>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<00000000a76136d6>] __raw_spin_trylock include/linux/spinlock_api_smp.h:92 [inline] [<00000000a76136d6>] _raw_spin_trylock kernel/locking/spinlock.c:135 [inline] [<00000000a76136d6>] _raw_spin_trylock+0x71/0x90 kernel/locking/spinlock.c:133 [<000000009c781f9d>] avc_reclaim_node security/selinux/avc.c:526 [inline] [<000000009c781f9d>] avc_alloc_node security/selinux/avc.c:559 [inline] [<000000009c781f9d>] avc_alloc_node+0x127/0x3c0 security/selinux/avc.c:547 [<0000000063f87bae>] avc_insert security/selinux/avc.c:670 [inline] [<0000000063f87bae>] avc_compute_av+0x182/0x610 security/selinux/avc.c:976 [<000000005727a3bb>] avc_has_perm_noaudit security/selinux/avc.c:1112 [inline] [<000000005727a3bb>] avc_has_perm+0x355/0x3a0 security/selinux/avc.c:1146 [<000000003ffb5d8e>] inode_has_perm.isra.0+0x108/0x160 security/selinux/hooks.c:1726 [<0000000068d5eec4>] dentry_has_perm security/selinux/hooks.c:1742 [inline] [<0000000068d5eec4>] selinux_inode_readlink+0x126/0x180 security/selinux/hooks.c:2986 [<00000000863e3b8b>] security_inode_readlink+0xcf/0x120 security/security.c:596 [<0000000088b4b273>] SYSC_readlinkat fs/stat.c:333 [inline] [<0000000088b4b273>] SyS_readlinkat+0x16d/0x330 fs/stat.c:315 [<000000009a1b06e1>] SYSC_readlink fs/stat.c:352 [inline] [<000000009a1b06e1>] SyS_readlink+0x29/0x30 fs/stat.c:349 [<000000002e31abf1>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 [<00000000e3a0e399>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c00 c00 c8b c45 c28 c45 c85 cc0 c41 c89 c42 c24 c0f c84 c7d c01 c00 c00 c49 c8d c7a c21 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c48 c89 cfa c48 cc1 cea c03 c0f cb6 c04 c02 c<48> c89 cfa c83 ce2 c07 c38 cd0 c7f c08 c84 cc0 c0f c85 c59 c0e c00 c00 c49 c8d c7a c