[ 46.482182] audit: type=1800 audit(1584013926.530:31): pid=7952 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd:
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 51.056658] kauditd_printk_skb: 3 callbacks suppressed
[ 51.056671] audit: type=1400 audit(1584013931.150:35): avc: denied { map } for pid=8126 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts.
executing program
[ 695.951802] audit: type=1400 audit(1584014576.050:36): avc: denied { map } for pid=8138 comm="syz-executor499" path="/root/syz-executor499764561" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 696.026273] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[ 696.087876] hrtimer: interrupt took 32015 ns
[ 696.196279] kvm: emulating exchange as write
[ 860.867945] BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 164s!
[ 860.876370] Showing busy workqueues and worker pools:
[ 860.881626] workqueue events: flags=0x0
[ 860.885696] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 860.894525] pending: cache_reap
[ 860.898259]
[ 860.898264] ======================================================
[ 860.898268] WARNING: possible circular locking dependency detected
[ 860.898271] 4.19.109-syzkaller #0 Not tainted
[ 860.898276] ------------------------------------------------------
[ 860.898279] swapper/0/0 is trying to acquire lock:
[ 860.898282] 000000007fd5f0b9 (console_owner){-.-.}, at: console_unlock+0x3f4/0xfe0
[ 860.898293]
[ 860.898296] but task is already holding lock:
[ 860.898299] 000000004837dceb (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x7f9/0x1059
[ 860.898311]
[ 860.898315] which lock already depends on the new lock.
[ 860.898317]
[ 860.898319]
[ 860.898323] the existing dependency chain (in reverse order) is:
[ 860.898325]
[ 860.898327] -> #4 (&(&pool->lock)->rlock){-.-.}:
[ 860.898339] __queue_work+0x23c/0x1070
[ 860.898342] queue_work_on+0x17e/0x1f0
[ 860.898345] put_pwq+0x15a/0x1b0
[ 860.898348] put_pwq_unlocked.part.0+0x30/0x70
[ 860.898351] destroy_workqueue+0x5f4/0x6f0
[ 860.898355] floppy_async_init+0x1f0a/0x2043
[ 860.898358] async_run_entry_fn+0x121/0x530
[ 860.898361] process_one_work+0x91f/0x1640
[ 860.898364] worker_thread+0x96/0xe20
[ 860.898367] kthread+0x34a/0x420
[ 860.898371] ret_from_fork+0x24/0x30
[ 860.898372]
[ 860.898374] -> #3 (&pool->lock/1){..-.}:
[ 860.898388] __queue_work+0x23c/0x1070
[ 860.898391] queue_work_on+0x17e/0x1f0
[ 860.898395] pty_write+0x198/0x1f0
[ 860.898398] n_tty_write+0xa69/0x1080
[ 860.898401] tty_write+0x452/0x790
[ 860.898403] __vfs_write+0xf7/0x760
[ 860.898406] vfs_write+0x206/0x550
[ 860.898409] ksys_write+0x12b/0x2a0
[ 860.898412] do_syscall_64+0xf9/0x620
[ 860.898416] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 860.898418]
[ 860.898419] -> #2 (&(&port->lock)->rlock){-.-.}:
[ 860.898432] tty_port_tty_get+0x1d/0x80
[ 860.898436] tty_port_default_wakeup+0x11/0x40
[ 860.898440] serial8250_tx_chars+0x48f/0xae0
[ 860.898443] serial8250_handle_irq.part.0+0x24b/0x290
[ 860.898447] serial8250_default_handle_irq+0xb5/0x140
[ 860.898450] serial8250_interrupt+0xf2/0x1d0
[ 860.898454] __handle_irq_event_percpu+0x144/0x8e0
[ 860.898457] handle_irq_event_percpu+0x76/0x160
[ 860.898460] handle_irq_event+0xa2/0x12d
[ 860.898464] handle_edge_irq+0x24b/0x8c0
[ 860.898466] handle_irq+0x35/0x50
[ 860.898470] do_IRQ+0x93/0x1c0
[ 860.898473] ret_from_intr+0x0/0x1e
[ 860.898477] _raw_spin_unlock_irqrestore+0x91/0xe0
[ 860.898480] uart_write+0x365/0x680
[ 860.898483] n_tty_write+0x3ee/0x1080
[ 860.898486] tty_write+0x452/0x790
[ 860.898489] redirected_tty_write+0xaa/0xb0
[ 860.898492] __vfs_write+0xf7/0x760
[ 860.898495] vfs_write+0x206/0x550
[ 860.898498] ksys_write+0x12b/0x2a0
[ 860.898501] do_syscall_64+0xf9/0x620
[ 860.898505] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 860.898507]
[ 860.898509] -> #1 (&port_lock_key){-.-.}:
[ 860.898522] serial8250_console_write+0x79f/0x9c0
[ 860.898525] console_unlock+0xb26/0xfe0
[ 860.898528] vprintk_emit+0x282/0x6e0
[ 860.898531] vprintk_func+0x79/0x17e
[ 860.898534] printk+0xba/0xed
[ 860.898537] register_console+0x752/0xb50
[ 860.898540] univ8250_console_init+0x3a/0x46
[ 860.898543] console_init+0x4cb/0x718
[ 860.898547] start_kernel+0x594/0x81c
[ 860.898550] secondary_startup_64+0xa4/0xb0
[ 860.898552]
[ 860.898554] -> #0 (console_owner){-.-.}:
[ 860.898565] console_unlock+0x45c/0xfe0
[ 860.898568] vprintk_emit+0x282/0x6e0
[ 860.898571] vprintk_func+0x79/0x17e
[ 860.898573] printk+0xba/0xed
[ 860.898577] show_workqueue_state.cold+0x94a/0x1059
[ 860.898581] wq_watchdog_timer_fn+0x4d8/0x550
[ 860.898584] call_timer_fn+0x177/0x700
[ 860.898587] run_timer_softirq+0xc08/0x1540
[ 860.898590] __do_softirq+0x26c/0x93c
[ 860.898593] irq_exit+0x17b/0x1c0
[ 860.898597] smp_apic_timer_interrupt+0x136/0x550
[ 860.898600] apic_timer_interrupt+0xf/0x20
[ 860.898603] native_safe_halt+0xe/0x10
[ 860.898607] default_idle+0x49/0x320
[ 860.898610] do_idle+0x2ee/0x4b0
[ 860.898613] cpu_startup_entry+0xc6/0xd0
[ 860.898616] start_kernel+0x7e4/0x81c
[ 860.898619] secondary_startup_64+0xa4/0xb0
[ 860.898621]
[ 860.898624] other info that might help us debug this:
[ 860.898626]
[ 860.898629] Chain exists of:
[ 860.898630] console_owner --> &pool->lock/1 --> &(&pool->lock)->rlock
[ 860.898647]
[ 860.898650] Possible unsafe locking scenario:
[ 860.898651]
[ 860.898655] CPU0 CPU1
[ 860.898658] ---- ----
[ 860.898660] lock(&(&pool->lock)->rlock);
[ 860.898669] lock(&pool->lock/1);
[ 860.898678] lock(&(&pool->lock)->rlock);
[ 860.898684] lock(console_owner);
[ 860.898690]
[ 860.898692] *** DEADLOCK ***
[ 860.898694]
[ 860.898697] 4 locks held by swapper/0/0:
[ 860.898699] #0: 0000000034ec4a0a ((&wq_watchdog_timer)){+.-.}, at: call_timer_fn+0xc9/0x700
[ 860.898712] #1: 00000000ba384d92 (rcu_read_lock_sched){....}, at: show_workqueue_state+0x0/0x120
[ 860.898726] #2: 000000004837dceb (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x7f9/0x1059
[ 860.898741] #3: 0000000071a979bc (console_lock){+.+.}, at: vprintk_emit+0x269/0x6e0
[ 860.898754]
[ 860.898757] stack backtrace:
[ 860.898761] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.109-syzkaller #0
[ 860.898767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 860.898770] Call Trace:
[ 860.898772]
[ 860.898775] dump_stack+0x188/0x20d
[ 860.898784] print_circular_bug.isra.0.cold+0x1c4/0x282
[ 860.898788] __lock_acquire+0x2e19/0x49c0
[ 860.898791] ? vsnprintf+0x2c6/0x14f0
[ 860.898794] ? mark_held_locks+0xf0/0xf0
[ 860.898797] ? scnprintf+0x140/0x140
[ 860.898800] ? find_held_lock+0x2d/0x110
[ 860.898804] ? console_unlock+0x437/0xfe0
[ 860.898807] lock_acquire+0x170/0x400
[ 860.898810] ? console_unlock+0x3f4/0xfe0
[ 860.898813] console_unlock+0x45c/0xfe0
[ 860.898817] ? console_unlock+0x3f4/0xfe0
[ 860.898820] vprintk_emit+0x282/0x6e0
[ 860.898823] vprintk_func+0x79/0x17e
[ 860.898826] ? printk+0xba/0xed
[ 860.898829] printk+0xba/0xed
[ 860.898833] ? kmsg_dump_rewind_nolock+0xd9/0xd9
[ 860.898836] ? show_workqueue_state.cold+0x7f9/0x1059
[ 860.898840] show_workqueue_state.cold+0x94a/0x1059
[ 860.898844] ? wq_watchdog_timer_fn+0x3c1/0x550
[ 860.898847] ? print_worker_info+0x280/0x280
[ 860.898850] ? check_preemption_disabled+0x41/0x280
[ 860.898854] wq_watchdog_timer_fn+0x4d8/0x550
[ 860.898857] ? show_workqueue_state+0x120/0x120
[ 860.898861] call_timer_fn+0x177/0x700
[ 860.898864] ? show_workqueue_state+0x120/0x120
[ 860.898867] ? process_timeout+0x40/0x40
[ 860.898871] ? _raw_spin_unlock_irq+0x24/0x80
[ 860.898875] ? show_workqueue_state+0x120/0x120
[ 860.898878] ? show_workqueue_state+0x120/0x120
[ 860.898882] run_timer_softirq+0xc08/0x1540
[ 860.898885] ? add_timer+0xab0/0xab0
[ 860.898888] __do_softirq+0x26c/0x93c
[ 860.898891] irq_exit+0x17b/0x1c0
[ 860.898895] smp_apic_timer_interrupt+0x136/0x550
[ 860.898898] apic_timer_interrupt+0xf/0x20
[ 860.898900]
[ 860.898904] RIP: 0010:native_safe_halt+0xe/0x10
[ 860.898914] Code: fa eb 82 90 90 90 90 90 90 90 90 90 e9 07 00 00 00 0f 00 2d 04 f1 48 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d f4 f0 48 00 fb f4 90 41 56 41 55 41 54 55 53 e8 43 bc 37 fa e8 3e c7 36 fc 0f 1f
[ 860.898918] RSP: 0018:ffffffff88a07d40 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 860.898926] RAX: 1ffffffff1164ad4 RBX: dffffc0000000000 RCX: 0000000000000000
[ 860.898931] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff88a7a73c
[ 860.898935] RBP: 0000000000000000 R08: ffffffff88a79ec0 R09: 0000000000000000
[ 860.898940] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff88b25690
[ 860.898945] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88a79ec0
[ 860.898949] default_idle+0x49/0x320
[ 860.898951] do_idle+0x2ee/0x4b0
[ 860.898955] ? arch_cpu_idle_exit+0x70/0x70
[ 860.898959] ? check_preemption_disabled+0x41/0x280
[ 860.898962] cpu_startup_entry+0xc6/0xd0
[ 860.898965] ? cpu_in_idle+0x20/0x20
[ 860.898968] ? preempt_count_add+0xaf/0x190
[ 860.898973] ? trace_event_define_fields_vector_free_moved+0xab/0xab
[ 860.898976] start_kernel+0x7e4/0x81c
[ 860.898979] ? mem_encrypt_init+0x5/0x5
[ 860.898982] ? load_ucode_bsp+0x23d/0x27d
[ 860.898985] secondary_startup_64+0xa4/0xb0
[ 861.728276] workqueue events_power_efficient: flags=0x80
[ 861.733720] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
[ 861.740652] pending: do_cache_clean, check_lifetime
[ 861.746181] workqueue rcu_gp: flags=0x8
[ 861.750149] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 861.757170] in-flight: 19:srcu_invoke_callbacks
[ 861.762218] workqueue mm_percpu_wq: flags=0x8
[ 861.766706] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 861.773638] pending: vmstat_update
[ 861.777584] workqueue dm_bufio_cache: flags=0x8
[ 861.782244] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 861.789181] pending: work_fn
[ 861.792623] workqueue krxrpcd: flags=0x0
[ 861.796671] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=2
[ 861.803426] pending: rxrpc_peer_keepalive_worker
[ 861.808628] pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=164s workers=2 idle: 2914