audit: type=1400 audit(1536273334.240:106967): avc: denied { net_admin } for pid=2329 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1536273334.240:106968): avc: denied { net_admin } for pid=2329 comm="syz-executor0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 INFO: task syz-executor3:31183 blocked for more than 140 seconds. Not tainted 4.9.125+ #89 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor3 D28856 31183 2328 0x00000002 ffff8801d485c740 ffff880185aa0580 ffff8801b9f2f380 ffff8801d8bcdf00 ffff8801db721018 ffff8801aa5b77a8 ffffffff8277d092 0000000000000000 ffff8801d485cff0 ffffed003a90b9fd 00ff8801d485c740 ffff8801db7218f0 Call Trace: [] schedule+0x7f/0x1b0 kernel/sched/core.c:3553 [] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3586 [] __mutex_lock_common kernel/locking/mutex.c:582 [inline] [] mutex_lock_nested+0x326/0x870 kernel/locking/mutex.c:621 [] tty_release+0xa88/0xd00 drivers/tty/tty_io.c:1933 [] __fput+0x263/0x700 fs/file_table.c:208 [] ____fput+0x15/0x20 fs/file_table.c:244 [] task_work_run+0x10c/0x180 kernel/task_work.c:116 [] exit_task_work include/linux/task_work.h:21 [inline] [] do_exit+0x787/0x2750 kernel/exit.c:833 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] get_signal+0x4e1/0x1460 kernel/signal.c:2321 [] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:157 [] prepare_exit_to_usermode arch/x86/entry/common.c:191 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:260 [inline] [] do_syscall_64+0x35d/0x480 arch/x86/entry/common.c:287 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Showing all locks held in the system: 2 locks held by khungtaskd/24: #0: (rcu_read_lock){......}, at: [] rcu_read_unlock include/linux/rcupdate.h:927 [inline] #0: (rcu_read_lock){......}, at: [] rcu_lock_break kernel/hung_task.c:143 [inline] #0: (rcu_read_lock){......}, at: [] check_hung_uninterruptible_tasks kernel/hung_task.c:177 [inline] #0: (rcu_read_lock){......}, at: [] watchdog+0x310/0xa20 kernel/hung_task.c:239 #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 kernel/locking/lockdep.c:4336 1 lock held by rsyslogd/2133: #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 fs/file.c:781 2 locks held by getty/2261: #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:367 #1: (&ldata->atomic_read_lock){+.+.+.}, at: [] n_tty_read+0x202/0x16e0 drivers/tty/n_tty.c:2142 1 lock held by syz-executor3/31183: #0: (tty_mutex){+.+.+.}, at: [] tty_release+0xa88/0xd00 drivers/tty/tty_io.c:1933 1 lock held by init/8729: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125 1 lock held by init/8732: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125 1 lock held by init/8733: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125 1 lock held by init/8734: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125 1 lock held by init/8735: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125 1 lock held by init/8738: #0: (tty_mutex){+.+.+.}, at: [] tty_open_by_driver drivers/tty/tty_io.c:2047 [inline] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 drivers/tty/tty_io.c:2125 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.125+ #89 ffff8801d94a7d08 ffffffff81af0ae9 0000000000000000 0000000000000001 0000000000000001 0000000000000001 ffffffff810967d0 ffff8801d94a7d40 ffffffff81afb849 0000000000000001 0000000000000000 0000000000000003 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] nmi_cpu_backtrace.cold.0+0x48/0x87 lib/nmi_backtrace.c:99 [] nmi_trigger_cpumask_backtrace+0x12c/0x151 lib/nmi_backtrace.c:60 [] arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:37 [] trigger_all_cpu_backtrace include/linux/nmi.h:58 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x6ad/0xa20 kernel/hung_task.c:239 [] kthread+0x26d/0x300 kernel/kthread.c:211 [] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 8721 Comm: syz-executor4 Not tainted 4.9.125+ #89 task: ffff8801b85b0000 task.stack: ffff880186748000 RIP: 0010:[] c [] __sanitizer_cov_trace_pc+0x3f/0x50 kernel/kcov.c:105 RSP: 0018:ffff88018674f8c0 EFLAGS: 00000016 RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc9000776c000 RDX: 0000000000040000 RSI: ffffffff81b54b5b RDI: ffffffff82942ee0 RBP: ffff88018674f8c0 R08: 0000000000000092 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff82942ee0 R13: ffffffff82942ea0 R14: ffff8801db61c500 R15: ffff8801d30884a8 FS: 00007f9294da9700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9294d89fc8 CR3: 0000000182d02000 CR4: 00000000001606b0 Stack: ffff88018674f900c ffffffff81b54b5bc 0000000000000005c ffffffff82ff0d60c ffff8801d30884a8c ffff8801db61c500c ffff8801db61c500c ffff8801d30884a8c ffff88018674f910c ffffffff81b54cacc ffff88018674f930c ffffffff8123e645c Call Trace: [] check_preemption_disabled+0x3b/0x170 lib/smp_processor_id.c:51 [] debug_smp_processor_id+0x1c/0x20 lib/smp_processor_id.c:56 [] __rcu_is_watching kernel/rcu/tree.c:1053 [inline] [] rcu_is_watching+0x15/0xa0 kernel/rcu/tree.c:1067 [] rcu_read_lock_sched_held+0x8d/0x120 kernel/rcu/update.c:107 [] trace_hrtimer_start include/trace/events/timer.h:176 [inline] [] debug_activate kernel/time/hrtimer.c:445 [inline] [] enqueue_hrtimer+0x198/0x3a0 kernel/time/hrtimer.c:869 [] hrtimer_start_range_ns+0x573/0x1370 kernel/time/hrtimer.c:995 [] hrtimer_start_expires include/linux/hrtimer.h:407 [inline] [] hrtimer_restart include/linux/hrtimer.h:412 [inline] [] schedule_next_timer kernel/time/posix-timers.c:372 [inline] [] do_schedule_next_timer+0x382/0x500 kernel/time/posix-timers.c:397 [] dequeue_signal+0x13d/0x4b0 kernel/signal.c:632 [] get_signal+0x2a7/0x1460 kernel/signal.c:2214 [] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:157 [] prepare_exit_to_usermode arch/x86/entry/common.c:191 [inline] [] syscall_return_slowpath arch/x86/entry/common.c:260 [inline] [] do_syscall_64+0x35d/0x480 arch/x86/entry/common.c:287 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: c81 ce2 c00 c01 c1f c00 c48 c8b c75 c08 c75 c2b c8b c90 c38 c12 c00 c00 c83 cfa c02 c75 c20 c48 c8b c88 c40 c12 c00 c00 c8b c80 c3c c12 c00 c00 c48 c8b c11 c48 c83 cc2 c01 c<48> c39 cd0 c76 c07 c48 c89 c34 cd1 c48 c89 c11 c5d cc3 c0f c1f c00 c55 cba c58 c00 c