Starting mcstransd: [ 35.607319] sshd (6143) used greatest stack depth: 15720 bytes left [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 35.975999] audit: type=1800 audit(1542636189.124:33): pid=6079 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 35.998471] audit: type=1800 audit(1542636189.124:34): pid=6079 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 38.365603] audit: type=1400 audit(1542636191.514:35): avc: denied { map } for pid=6254 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. executing program [ 432.996463] audit: type=1400 audit(1542636586.144:36): avc: denied { map } for pid=6267 comm="syz-executor423" path="/root/syz-executor423744108" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 716.934695] BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 283s! [ 716.943160] Showing busy workqueues and worker pools: [ 716.948396] workqueue events: flags=0x0 [ 716.952455] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=4/256 [ 716.960158] in-flight: 22:rtc_timer_do_work [ 716.964824] pending: defense_work_handler, cache_reap, check_corruption [ 716.971934] [ 716.971939] ====================================================== [ 716.971942] WARNING: possible circular locking dependency detected [ 716.971945] 4.20.0-rc3+ #120 Not tainted [ 716.971948] ------------------------------------------------------ [ 716.971951] swapper/0/0 is trying to acquire lock: [ 716.971952] 0000000029f6cebf (console_owner){-.-.}, at: console_unlock+0x570/0x1190 [ 716.971960] [ 716.971963] but task is already holding lock: [ 716.971965] 000000004c7e5452 (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold.49+0xad0/0x159a [ 716.971973] [ 716.971976] which lock already depends on the new lock. [ 716.971977] [ 716.971978] [ 716.971982] the existing dependency chain (in reverse order) is: [ 716.971983] [ 716.971984] -> #4 (&(&pool->lock)->rlock){-.-.}: [ 716.971992] _raw_spin_lock+0x2d/0x40 [ 716.971994] __queue_work+0x2ff/0x1440 [ 716.971997] queue_work_on+0x19a/0x1e0 [ 716.971999] put_pwq+0x175/0x1c0 [ 716.972002] put_pwq_unlocked.part.27+0x34/0x70 [ 716.972004] destroy_workqueue+0x868/0x9c0 [ 716.972007] floppy_async_init+0x1fe4/0x213b [ 716.972009] async_run_entry_fn+0x1c4/0x7f0 [ 716.972011] process_one_work+0xc90/0x1c40 [ 716.972014] worker_thread+0x17f/0x1390 [ 716.972016] kthread+0x35a/0x440 [ 716.972018] ret_from_fork+0x3a/0x50 [ 716.972019] [ 716.972021] -> #3 (&pool->lock/1){..-.}: [ 716.972029] _raw_spin_lock+0x2d/0x40 [ 716.972031] __queue_work+0x2ff/0x1440 [ 716.972034] queue_work_on+0x19a/0x1e0 [ 716.972036] tty_schedule_flip+0x14c/0x1d0 [ 716.972038] tty_flip_buffer_push+0x15/0x20 [ 716.972040] pty_write+0x19d/0x1f0 [ 716.972043] n_tty_write+0xc5b/0x11a0 [ 716.972045] tty_write+0x3f1/0x880 [ 716.972047] __vfs_write+0x119/0x9f0 [ 716.972049] vfs_write+0x1fc/0x560 [ 716.972051] ksys_write+0x101/0x260 [ 716.972053] __x64_sys_write+0x73/0xb0 [ 716.972056] do_syscall_64+0x1b9/0x820 [ 716.972058] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 716.972060] [ 716.972061] -> #2 (&(&port->lock)->rlock){-.-.}: [ 716.972069] _raw_spin_lock_irqsave+0x99/0xd0 [ 716.972071] tty_port_tty_get+0x20/0x80 [ 716.972074] tty_port_default_wakeup+0x15/0x40 [ 716.972076] tty_port_tty_wakeup+0x5d/0x70 [ 716.972078] uart_write_wakeup+0x44/0x60 [ 716.972081] serial8250_tx_chars+0x4be/0xb60 [ 716.972084] serial8250_handle_irq.part.23+0x1ee/0x280 [ 716.972086] serial8250_default_handle_irq+0xc8/0x150 [ 716.972089] serial8250_interrupt+0xef/0x190 [ 716.972091] __handle_irq_event_percpu+0x195/0xb30 [ 716.972094] handle_irq_event_percpu+0xa0/0x1d0 [ 716.972096] handle_irq_event+0xa7/0x135 [ 716.972099] handle_edge_irq+0x227/0x880 [ 716.972101] handle_irq+0x252/0x3d8 [ 716.972103] do_IRQ+0x98/0x1c0 [ 716.972105] ret_from_intr+0x0/0x1e [ 716.972108] _raw_spin_unlock_irqrestore+0xaf/0xd0 [ 716.972110] uart_write+0x4b2/0x740 [ 716.972112] n_tty_write+0x6c1/0x11a0 [ 716.972114] tty_write+0x3f1/0x880 [ 716.972117] redirected_tty_write+0xaf/0xc0 [ 716.972119] __vfs_write+0x119/0x9f0 [ 716.972121] vfs_write+0x1fc/0x560 [ 716.972123] ksys_write+0x101/0x260 [ 716.972125] __x64_sys_write+0x73/0xb0 [ 716.972127] do_syscall_64+0x1b9/0x820 [ 716.972130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 716.972132] [ 716.972133] -> #1 (&port_lock_key){-.-.}: [ 716.972140] _raw_spin_lock_irqsave+0x99/0xd0 [ 716.972143] serial8250_console_write+0x8e8/0xb10 [ 716.972146] univ8250_console_write+0x5f/0x70 [ 716.972148] console_unlock+0xb1f/0x1190 [ 716.972150] vprintk_emit+0x391/0x990 [ 716.972152] vprintk_default+0x28/0x30 [ 716.972155] vprintk_func+0x7e/0x181 [ 716.972157] printk+0xa7/0xcf [ 716.972159] register_console+0x8df/0xcf0 [ 716.972161] univ8250_console_init+0x3f/0x4b [ 716.972164] console_init+0x6ac/0x9dc [ 716.972166] start_kernel+0x70b/0xa2b [ 716.972169] x86_64_start_reservations+0x2e/0x30 [ 716.972171] x86_64_start_kernel+0x76/0x79 [ 716.972173] secondary_startup_64+0xa4/0xb0 [ 716.972175] [ 716.972176] -> #0 (console_owner){-.-.}: [ 716.972183] lock_acquire+0x1ed/0x520 [ 716.972186] console_unlock+0x5dd/0x1190 [ 716.972188] vprintk_emit+0x391/0x990 [ 716.972190] vprintk_default+0x28/0x30 [ 716.972192] vprintk_func+0x7e/0x181 [ 716.972194] printk+0xa7/0xcf [ 716.972197] show_workqueue_state.cold.49+0xc6c/0x159a [ 716.972200] wq_watchdog_timer_fn+0x6ea/0x810 [ 716.972202] call_timer_fn+0x272/0x920 [ 716.972204] __run_timers+0x7e5/0xc70 [ 716.972207] run_timer_softirq+0x88/0xb0 [ 716.972209] __do_softirq+0x308/0xb7e [ 716.972211] irq_exit+0x17f/0x1c0 [ 716.972214] smp_apic_timer_interrupt+0x1cb/0x760 [ 716.972216] apic_timer_interrupt+0xf/0x20 [ 716.972219] native_safe_halt+0x6/0x10 [ 716.972221] default_idle+0xbf/0x490 [ 716.972223] arch_cpu_idle+0x10/0x20 [ 716.972226] default_idle_call+0x6d/0x90 [ 716.972228] do_idle+0x49b/0x5c0 [ 716.972230] cpu_startup_entry+0x18/0x20 [ 716.972232] rest_init+0x243/0x372 [ 716.972234] arch_call_rest_init+0xe/0x1b [ 716.972236] start_kernel+0x9f0/0xa2b [ 716.972239] x86_64_start_reservations+0x2e/0x30 [ 716.972241] x86_64_start_kernel+0x76/0x79 [ 716.972244] secondary_startup_64+0xa4/0xb0 [ 716.972245] [ 716.972249] other info that might help us debug this: [ 716.972251] [ 716.972253] Chain exists of: [ 716.972254] console_owner --> &pool->lock/1 --> &(&pool->lock)->rlock [ 716.972264] [ 716.972267] Possible unsafe locking scenario: [ 716.972268] [ 716.972270] CPU0 CPU1 [ 716.972273] ---- ---- [ 716.972274] lock(&(&pool->lock)->rlock); [ 716.972279] lock(&pool->lock/1); [ 716.972285] lock(&(&pool->lock)->rlock); [ 716.972290] lock(console_owner); [ 716.972294] [ 716.972296] *** DEADLOCK *** [ 716.972297] [ 716.972299] 4 locks held by swapper/0/0: [ 716.972300] #0: 000000002708e4ce ((&wq_watchdog_timer)){+.-.}, at: call_timer_fn+0x1db/0x920 [ 716.972310] #1: 000000009ab5a23d (rcu_read_lock_sched){....}, at: show_workqueue_state+0x0/0x1d0 [ 716.972319] #2: 000000004c7e5452 (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold.49+0xad0/0x159a [ 716.972329] #3: 00000000dd42c6b4 (console_lock){+.+.}, at: vprintk_emit+0x372/0x990 [ 716.972338] [ 716.972340] stack backtrace: [ 716.972344] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc3+ #120 [ 716.972355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.972357] Call Trace: [ 716.972359] [ 716.972361] dump_stack+0x244/0x39d [ 716.972364] ? dump_stack_print_info.cold.1+0x20/0x20 [ 716.972366] ? vprintk_func+0x85/0x181 [ 716.972369] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 716.972371] ? save_trace+0xe0/0x290 [ 716.972374] __lock_acquire+0x3399/0x4c20 [ 716.972376] ? mark_held_locks+0x130/0x130 [ 716.972379] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 716.972381] ? put_dec+0x3b/0xf0 [ 716.972384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 716.972387] ? __sanitizer_cov_trace_const_cmp4+0x10/0x20 [ 716.972390] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 716.972392] ? enable_ptr_key_workfn+0x30/0x30 [ 716.972395] ? put_dec+0xf0/0xf0 [ 716.972397] ? zap_class+0x640/0x640 [ 716.972399] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 716.972402] ? vsnprintf+0x20d/0x1b60 [ 716.972404] lock_acquire+0x1ed/0x520 [ 716.972406] ? console_unlock+0x570/0x1190 [ 716.972408] ? lock_release+0xa00/0xa00 [ 716.972411] ? kasan_check_read+0x11/0x20 [ 716.972413] ? do_raw_spin_unlock+0xa7/0x330 [ 716.972416] ? do_raw_spin_trylock+0x270/0x270 [ 716.972418] ? msg_print_text+0x19a/0x1d0 [ 716.972420] console_unlock+0x5dd/0x1190 [ 716.972423] ? console_unlock+0x570/0x1190 [ 716.972425] ? kmsg_dump_get_buffer+0xac0/0xac0 [ 716.972428] ? trace_hardirqs_on+0x310/0x310 [ 716.972430] ? vprintk_emit+0x372/0x990 [ 716.972433] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 716.972435] ? vprintk_emit+0x372/0x990 [ 716.972438] ? __down_trylock_console_sem+0x151/0x1f0 [ 716.972440] vprintk_emit+0x391/0x990 [ 716.972443] ? wake_up_klogd+0x180/0x180 [ 716.972445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 716.972448] ? check_preemption_disabled+0x48/0x280 [ 716.972451] ? mark_held_locks+0xc7/0x130 [ 716.972453] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 716.972455] vprintk_default+0x28/0x30 [ 716.972458] vprintk_func+0x7e/0x181 [ 716.972460] ? printk+0xa7/0xcf [ 716.972462] printk+0xa7/0xcf [ 716.972464] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 716.972467] show_workqueue_state.cold.49+0xc6c/0x159a [ 716.972470] ? check_preemption_disabled+0x48/0x280 [ 716.972472] ? print_worker_info+0x540/0x540 [ 716.972475] ? native_apic_msr_eoi_write+0x20/0x20 [ 716.972477] ? arch_irq_work_raise+0x103/0x150 [ 716.972480] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 716.972482] ? radix_tree_next_chunk+0x5b9/0xe20 [ 716.972485] ? radix_tree_cpu_dead+0x160/0x160 [ 716.972487] ? vprintk_emit+0x293/0x990 [ 716.972489] ? zap_class+0x640/0x640 [ 716.972491] ? wake_up_klogd+0x180/0x180 [ 716.972494] ? find_held_lock+0x36/0x1c0 [ 716.972496] ? wq_watchdog_timer_fn+0x5b4/0x810 [ 716.972499] ? lock_downgrade+0x900/0x900 [ 716.972501] ? check_preemption_disabled+0x48/0x280 [ 716.972504] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 716.972506] ? kasan_check_read+0x11/0x20 [ 716.972509] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 716.972511] ? rcu_softirq_qs+0x20/0x20 [ 716.972513] wq_watchdog_timer_fn+0x6ea/0x810 [ 716.972516] ? show_workqueue_state+0x1d0/0x1d0 [ 716.972518] ? flush_rcu_work+0x90/0x90 [ 716.972520] ? trace_hardirqs_on+0x310/0x310 [ 716.972523] ? find_held_lock+0x36/0x1c0 [ 716.972525] ? zap_class+0x640/0x640 [ 716.972527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 716.972530] ? check_preemption_disabled+0x48/0x280 [ 716.972532] ? __lock_is_held+0xb5/0x140 [ 716.972535] call_timer_fn+0x272/0x920 [ 716.972537] ? show_workqueue_state+0x1d0/0x1d0 [ 716.972539] ? process_timeout+0x40/0x40 [ 716.972542] ? __run_timers+0x7da/0xc70 [ 716.972544] ? _raw_spin_unlock_irq+0x27/0x80 [ 716.972546] ? _raw_spin_unlock_irq+0x27/0x80 [ 716.972549] ? show_workqueue_state+0x1d0/0x1d0 [ 716.972551] ? lockdep_hardirqs_on+0x296/0x5b0 [ 716.972554] ? trace_hardirqs_on+0xbd/0x310 [ 716.972556] ? kasan_check_read+0x11/0x20 [ 716.972558] ? __run_timers+0x7da/0xc70 [ 716.972561] ? trace_hardirqs_off_caller+0x310/0x310 [ 716.972563] ? show_workqueue_state+0x1d0/0x1d0 [ 716.972565] __run_timers+0x7e5/0xc70 [ 716.972567] ? timer_fixup_init+0x70/ [ 716.972572] Lost 80 message(s)! [ 718.031145] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 [ 718.038672] pending: psi_update_work [ 718.043040] workqueue events_power_efficient: flags=0x80 [ 718.048473] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=3/256 [ 718.055047] pending: gc_worker, neigh_periodic_work, check_lifetime [ 718.062296] workqueue mm_percpu_wq: flags=0x8 [ 718.066775] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 [ 718.073026] pending: vmstat_update [ 718.077097] workqueue dm_bufio_cache: flags=0x8 [ 718.081751] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 [ 718.088158] pending: work_fn [ 718.091631] pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=284s workers=2 idle: 2936