hid-generic 0000:0000:0000.01DF: unknown main item tag 0x0 hid-generic 0000:0000:0000.01DF: unknown main item tag 0x0 hid-generic 0000:0000:0000.01DF: unknown main item tag 0x0 hid-generic 0000:0000:0000.01DF: hidraw2: HID v0.00 Device [syz0] on syz0 audit: type=1400 audit(1573726497.631:182808): avc: denied { sys_admin } for pid=2103 comm="syz-executor.3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 INFO: task init:3325 blocked for more than 140 seconds. Not tainted 4.9.141+ #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. init D29224 3325 1 0x00000000 ffff8801cbefc740 0000000000000000 ffff8801d94bcd00 ffff8801da5fc740 ffff8801db621018 ffff8801ccc37738 ffffffff828075c2 0000000000000000 ffff8801cbefcff0 ffffed00397df9fd 00ff8801cbefc740 ffff8801db6218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586 [] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [] mutex_lock_nested+0x38d/0x900 kernel/locking/mutex.c:621 [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 [] chrdev_open+0x22d/0x5c0 fs/char_dev.c:392 [] do_dentry_open+0x3ef/0xc90 fs/open.c:766 [] vfs_open+0x11c/0x210 fs/open.c:879 [] do_last fs/namei.c:3410 [inline] [] path_openat+0x542/0x2790 fs/namei.c:3534 [] do_filp_open+0x197/0x270 fs/namei.c:3568 [] do_sys_open+0x30d/0x5c0 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open+0x2d/0x40 fs/open.c:1085 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:168 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/1894: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2021: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 2 locks held by kworker/u4:13/16483: #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 kernel/workqueue.c:2085 #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 kernel/workqueue.c:2089 1 lock held by init/3325: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/3326: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/3327: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/3328: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 1 lock held by init/3329: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2052 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2130 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1 ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 2103 Comm: syz-executor.3 Not tainted 4.9.141+ #1 task: ffff8801d1858000 task.stack: ffff8801a82e0000 RIP: 0010:[] c [] debug_lockdep_rcu_enabled+0x4c/0x90 kernel/rcu/update.c:264 RSP: 0018:ffff8801a82e7768 EFLAGS: 00000002 RAX: dffffc0000000000 RBX: 0000000000000046 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffffffff831f2500 RBP: ffff8801a82e7768 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff842366a0 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 FS: 0000000000e72940(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe1982f2e8 CR3: 00000001a82b2000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801a82e77e0c ffffffff8120c93ec 0000000000000000c ffff8801d18588a8c 0000000600000007c ffff8801d1858000c ffffffff82816fbac 0000000000000206c 0000000000000000c 0000000100000000c 0000000000000001c ffffffff84236688c Call Trace: [] trace_lock_acquire include/trace/events/lock.h:12 [inline] [] lock_acquire+0x19e/0x3e0 kernel/locking/lockdep.c:3755 [] __raw_spin_trylock include/linux/spinlock_api_smp.h:92 [inline] [] _raw_spin_trylock+0x6f/0x90 kernel/locking/spinlock.c:135 [] avc_reclaim_node security/selinux/avc.c:526 [inline] [] avc_alloc_node+0x12b/0x3c0 security/selinux/avc.c:559 [] avc_insert security/selinux/avc.c:670 [inline] [] avc_compute_av+0x178/0x610 security/selinux/avc.c:976 [] avc_has_perm_noaudit+0x29d/0x2f0 security/selinux/avc.c:1112 [] selinux_inode_permission+0x32d/0x4b0 security/selinux/hooks.c:3038 [] security_inode_permission+0xb9/0x100 security/security.c:611 [] __inode_permission2+0x93/0x2d0 fs/namei.c:435 [] inode_permission2+0x2f/0x110 fs/namei.c:485 [] may_lookup fs/namei.c:1689 [inline] [] link_path_walk+0x936/0x1230 fs/namei.c:2064 [] path_mountpoint+0x66/0x6c0 fs/namei.c:2696 [] filename_mountpoint.part.19+0x15b/0x310 fs/namei.c:2717 [] filename_mountpoint fs/namei.c:2714 [inline] [] user_path_mountpoint_at+0x49/0x70 fs/namei.c:2747 [] SYSC_umount fs/namespace.c:1722 [inline] [] SyS_umount+0x13d/0xcf0 fs/namespace.c:1706 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c89 cf8 c83 ce0 c07 c83 cc0 c03 c38 cd0 c7c c04 c84 cd2 c75 c4c c8b c15 c95 c3e c1a c02 c85 cd2 c74 c3e c48 cc7 cc7 c00 c25 c1f c83 c48 cb8 c00 c00 c00 c00 c00 cfc cff cdf c<48> c89 cfa c48 cc1 cea c03 c0f cb6 c14 c02 c48 c89 cf8 c83 ce0 c07 c83 cc0 c03 c38 c