[ 34.634085] audit: type=1800 audit(1583074287.046:33): pid=7206 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 34.661090] audit: type=1800 audit(1583074287.046:34): pid=7206 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.985223] random: sshd: uninitialized urandom read (32 bytes read) [ 38.489534] audit: type=1400 audit(1583074290.896:35): avc: denied { map } for pid=7379 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.542165] random: sshd: uninitialized urandom read (32 bytes read) [ 39.263103] random: sshd: uninitialized urandom read (32 bytes read) [ 705.505030] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.192' (ECDSA) to the list of known hosts. [ 711.033127] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 711.166145] audit: type=1400 audit(1583074963.576:36): avc: denied { map } for pid=7392 comm="syz-executor572" path="/root/syz-executor572389225" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 858.070185] BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 146s! [ 858.079453] Showing busy workqueues and worker pools: [ 858.085711] workqueue events: flags=0x0 [ 858.090065] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 [ 858.098813] in-flight: 2759:rtc_timer_do_work [ 858.103888] pending: cache_reap [ 858.107623] [ 858.107630] ====================================================== [ 858.107633] WARNING: possible circular locking dependency detected [ 858.107636] 4.14.172-syzkaller #0 Not tainted [ 858.107639] ------------------------------------------------------ [ 858.107641] swapper/0/0 is trying to acquire lock: [ 858.107643] (console_owner){-.-.}, at: [] console_unlock+0x36c/0xec0 [ 858.107650] [ 858.107652] but task is already holding lock: [ 858.107653] (&(&pool->lock)->rlock){-.-.}, at: [] show_workqueue_state.cold+0x706/0xedd [ 858.107661] [ 858.107664] which lock already depends on the new lock. [ 858.107665] [ 858.107666] [ 858.107669] the existing dependency chain (in reverse order) is: [ 858.107670] [ 858.107671] -> #4 (&(&pool->lock)->rlock){-.-.}: [ 858.107679] _raw_spin_lock+0x2a/0x40 [ 858.107681] __queue_work+0x1ba/0xf10 [ 858.107684] queue_work_on+0x159/0x1d0 [ 858.107686] put_pwq+0x129/0x180 [ 858.107688] put_pwq_unlocked.part.0+0x30/0x70 [ 858.107690] destroy_workqueue+0x570/0x660 [ 858.107693] floppy_async_init+0x1abb/0x1c06 [ 858.107695] async_run_entry_fn+0x102/0x4c0 [ 858.107697] process_one_work+0x813/0x1540 [ 858.107700] worker_thread+0x5d1/0x1070 [ 858.107702] kthread+0x30d/0x420 [ 858.107704] ret_from_fork+0x24/0x30 [ 858.107705] [ 858.107706] -> #3 (&pool->lock/1){..-.}: [ 858.107715] _raw_spin_lock+0x2a/0x40 [ 858.107717] __queue_work+0x1ba/0xf10 [ 858.107719] queue_work_on+0x159/0x1d0 [ 858.107721] pty_write+0x173/0x1c0 [ 858.107724] n_tty_write+0x8dd/0xe30 [ 858.107726] tty_write+0x3f0/0x700 [ 858.107728] __vfs_write+0xe4/0x630 [ 858.107730] vfs_write+0x192/0x4e0 [ 858.107732] SyS_write+0xf2/0x210 [ 858.107734] do_syscall_64+0x1d5/0x640 [ 858.107736] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 858.107737] [ 858.107739] -> #2 (&(&port->lock)->rlock){-.-.}: [ 858.107747] _raw_spin_lock_irqsave+0x8c/0xbf [ 858.107749] tty_port_tty_get+0x1d/0x80 [ 858.107751] tty_port_default_wakeup+0x11/0x40 [ 858.107753] serial8250_tx_chars+0x400/0x9e0 [ 858.107756] serial8250_handle_irq.part.0+0x1f8/0x240 [ 858.107759] serial8250_default_handle_irq+0x96/0x110 [ 858.107761] serial8250_interrupt+0xe4/0x1a0 [ 858.107764] __handle_irq_event_percpu+0x125/0x7e0 [ 858.107766] handle_irq_event_percpu+0x66/0x120 [ 858.107768] handle_irq_event+0xa2/0x12d [ 858.107771] handle_edge_irq+0x215/0x810 [ 858.107773] handle_irq+0x35/0x50 [ 858.107775] do_IRQ+0x93/0x1d0 [ 858.107777] ret_from_intr+0x0/0x1e [ 858.107779] native_safe_halt+0xe/0x10 [ 858.107782] default_idle+0x47/0x370 [ 858.107784] do_idle+0x250/0x3c0 [ 858.107786] cpu_startup_entry+0x14/0x20 [ 858.107788] start_kernel+0x659/0x676 [ 858.107791] secondary_startup_64+0xa5/0xb0 [ 858.107792] [ 858.107793] -> #1 (&port_lock_key){-.-.}: [ 858.107801] _raw_spin_lock_irqsave+0x8c/0xbf [ 858.107803] serial8250_console_write+0x6c1/0x8e0 [ 858.107806] console_unlock+0x9b2/0xec0 [ 858.107808] vprintk_emit+0x1f8/0x600 [ 858.107810] vprintk_func+0x58/0x152 [ 858.107812] printk+0x9e/0xbc [ 858.107814] register_console+0x5ec/0x9a0 [ 858.107816] univ8250_console_init+0x2f/0x3a [ 858.107818] console_init+0x46/0x53 [ 858.107821] start_kernel+0x437/0x676 [ 858.107823] secondary_startup_64+0xa5/0xb0 [ 858.107824] [ 858.107826] -> #0 (console_owner){-.-.}: [ 858.107833] lock_acquire+0x170/0x3f0 [ 858.107835] console_unlock+0x3d4/0xec0 [ 858.107837] vprintk_emit+0x1f8/0x600 [ 858.107839] vprintk_func+0x58/0x152 [ 858.107841] printk+0x9e/0xbc [ 858.107843] show_workqueue_state.cold+0x849/0xedd [ 858.107846] wq_watchdog_timer_fn+0x3d0/0x440 [ 858.107848] call_timer_fn+0x14a/0x650 [ 858.107851] run_timer_softirq+0xac2/0x1390 [ 858.107853] __do_softirq+0x254/0x9bf [ 858.107855] irq_exit+0x15b/0x1a0 [ 858.107857] smp_apic_timer_interrupt+0x141/0x5e0 [ 858.107860] apic_timer_interrupt+0x8f/0xa0 [ 858.107862] native_safe_halt+0xe/0x10 [ 858.107864] default_idle+0x47/0x370 [ 858.107866] do_idle+0x250/0x3c0 [ 858.107868] cpu_startup_entry+0x14/0x20 [ 858.107870] start_kernel+0x659/0x676 [ 858.107873] secondary_startup_64+0xa5/0xb0 [ 858.107874] [ 858.107876] other info that might help us debug this: [ 858.107878] [ 858.107879] Chain exists of: [ 858.107881] console_owner --> &pool->lock/1 --> &(&pool->lock)->rlock [ 858.107891] [ 858.107893] Possible unsafe locking scenario: [ 858.107894] [ 858.107897] CPU0 CPU1 [ 858.107899] ---- ---- [ 858.107900] lock(&(&pool->lock)->rlock); [ 858.107905] lock(&pool->lock/1); [ 858.107912] lock(&(&pool->lock)->rlock); [ 858.107916] lock(console_owner); [ 858.107921] [ 858.107923] *** DEADLOCK *** [ 858.107924] [ 858.107926] 4 locks held by swapper/0/0: [ 858.107927] #0: (kernel/workqueue.c:5441){+.-.}, at: [] call_timer_fn+0xb8/0x650 [ 858.107936] #1: (rcu_read_lock_sched){....}, at: [] show_workqueue_state+0x0/0xf0 [ 858.107944] #2: (&(&pool->lock)->rlock){-.-.}, at: [] show_workqueue_state.cold+0x706/0xedd [ 858.107952] #3: (console_lock){+.+.}, at: [] vprintk_emit+0x1ea/0x600 [ 858.107960] [ 858.107962] stack backtrace: [ 858.107965] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.172-syzkaller #0 [ 858.107969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.107971] Call Trace: [ 858.107972] [ 858.107974] dump_stack+0x13e/0x194 [ 858.107977] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 858.107979] __lock_acquire+0x2cb3/0x4620 [ 858.107981] ? trace_hardirqs_on+0x10/0x10 [ 858.107983] ? sprintf+0xa7/0xd0 [ 858.107985] ? scnprintf+0x100/0x100 [ 858.107987] ? find_held_lock+0x2d/0x110 [ 858.107989] ? console_unlock+0x3af/0xec0 [ 858.107991] lock_acquire+0x170/0x3f0 [ 858.107994] ? console_unlock+0x36c/0xec0 [ 858.107996] console_unlock+0x3d4/0xec0 [ 858.107998] ? console_unlock+0x36c/0xec0 [ 858.108000] vprintk_emit+0x1f8/0x600 [ 858.108002] vprintk_func+0x58/0x152 [ 858.108004] ? printk+0x9e/0xbc [ 858.108006] printk+0x9e/0xbc [ 858.108008] ? show_regs_print_info+0x5b/0x5b [ 858.108011] ? lock_acquire+0x170/0x3f0 [ 858.108013] show_workqueue_state.cold+0x849/0xedd [ 858.108015] ? print_worker_info+0x260/0x260 [ 858.108018] wq_watchdog_timer_fn+0x3d0/0x440 [ 858.108020] ? show_workqueue_state+0xf0/0xf0 [ 858.108023] call_timer_fn+0x14a/0x650 [ 858.108025] ? show_workqueue_state+0xf0/0xf0 [ 858.108042] ? __next_timer_interrupt+0x140/0x140 [ 858.108044] ? _raw_spin_unlock_irq+0x24/0x80 [ 858.108046] ? show_workqueue_state+0xf0/0xf0 [ 858.108048] ? show_workqueue_state+0xf0/0xf0 [ 858.108051] run_timer_softirq+0xac2/0x1390 [ 858.108053] ? add_timer+0xa20/0xa20 [ 858.108055] ? kvm_sched_clock_read+0x5/0x10 [ 858.108057] ? sched_clock_cpu+0x18/0x1b0 [ 858.108059] __do_softirq+0x254/0x9bf [ 858.108062] ? check_preemption_disabled+0x35/0x240 [ 858.108064] irq_exit+0x15b/0x1a0 [ 858.108066] smp_apic_timer_interrupt+0x141/0x5e0 [ 858.108068] apic_timer_interrupt+0x8f/0xa0 [ 858.108070] [ 858.108072] RIP: 0010:native_safe_halt+0xe/0x10 [ 858.108075] RSP: 0018:ffffffff87c07e78 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 [ 858.108080] RAX: 1ffffffff0fa2ce4 RBX: dffffc0000000000 RCX: 0000000000000000 [ 858.108083] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff87c76abc [ 858.108087] RBP: ffffffff87d16710 R08: 1ffffffff1124101 R09: 0000000000000000 [ 858.108090] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff0f8ec48 [ 858.108093] R13: ffffffff87c76240 R14: 0000000000000000 R15: 0000000000000000 [ 858.108095] default_idle+0x47/0x370 [ 858.108096] do_idle+0x250/0x3c0 [ 858.108099] ? trace_event_define_fields_x86_irq_vector+0x28/0x28 [ 858.108102] cpu_startup_entry+0x14/0x20 [ 858.108104] start_kernel+0x659/0x676 [ 858.108106] ? mem_encrypt_init+0x5/0x5 [ 858.108108] ? load_ucode_bsp+0x1ae/0x1e4 [ 858.108110] secondary_startup_64+0xa5/0xb0 [ 858.953944] workqueue events_power_efficient: flags=0x80 [ 858.959395] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 [ 858.966542] pending: fb_flashcursor, neigh_periodic_work [ 858.972871] workqueue mm_percpu_wq: flags=0x8 [ 858.977514] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 858.984644] pending: vmstat_update [ 858.988900] workqueue dm_bufio_cache: flags=0x8 [ 858.993690] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 859.000656] pending: work_fn [ 859.004399] pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=147s workers=2 idle: 18