[ 46.482182] audit: type=1800 audit(1584013926.530:31): pid=7952 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.056658] kauditd_printk_skb: 3 callbacks suppressed [ 51.056671] audit: type=1400 audit(1584013931.150:35): avc: denied { map } for pid=8126 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. executing program [ 695.951802] audit: type=1400 audit(1584014576.050:36): avc: denied { map } for pid=8138 comm="syz-executor499" path="/root/syz-executor499764561" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 696.026273] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 696.087876] hrtimer: interrupt took 32015 ns [ 696.196279] kvm: emulating exchange as write [ 860.867945] BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 164s! [ 860.876370] Showing busy workqueues and worker pools: [ 860.881626] workqueue events: flags=0x0 [ 860.885696] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 860.894525] pending: cache_reap [ 860.898259] [ 860.898264] ====================================================== [ 860.898268] WARNING: possible circular locking dependency detected [ 860.898271] 4.19.109-syzkaller #0 Not tainted [ 860.898276] ------------------------------------------------------ [ 860.898279] swapper/0/0 is trying to acquire lock: [ 860.898282] 000000007fd5f0b9 (console_owner){-.-.}, at: console_unlock+0x3f4/0xfe0 [ 860.898293] [ 860.898296] but task is already holding lock: [ 860.898299] 000000004837dceb (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x7f9/0x1059 [ 860.898311] [ 860.898315] which lock already depends on the new lock. [ 860.898317] [ 860.898319] [ 860.898323] the existing dependency chain (in reverse order) is: [ 860.898325] [ 860.898327] -> #4 (&(&pool->lock)->rlock){-.-.}: [ 860.898339] __queue_work+0x23c/0x1070 [ 860.898342] queue_work_on+0x17e/0x1f0 [ 860.898345] put_pwq+0x15a/0x1b0 [ 860.898348] put_pwq_unlocked.part.0+0x30/0x70 [ 860.898351] destroy_workqueue+0x5f4/0x6f0 [ 860.898355] floppy_async_init+0x1f0a/0x2043 [ 860.898358] async_run_entry_fn+0x121/0x530 [ 860.898361] process_one_work+0x91f/0x1640 [ 860.898364] worker_thread+0x96/0xe20 [ 860.898367] kthread+0x34a/0x420 [ 860.898371] ret_from_fork+0x24/0x30 [ 860.898372] [ 860.898374] -> #3 (&pool->lock/1){..-.}: [ 860.898388] __queue_work+0x23c/0x1070 [ 860.898391] queue_work_on+0x17e/0x1f0 [ 860.898395] pty_write+0x198/0x1f0 [ 860.898398] n_tty_write+0xa69/0x1080 [ 860.898401] tty_write+0x452/0x790 [ 860.898403] __vfs_write+0xf7/0x760 [ 860.898406] vfs_write+0x206/0x550 [ 860.898409] ksys_write+0x12b/0x2a0 [ 860.898412] do_syscall_64+0xf9/0x620 [ 860.898416] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 860.898418] [ 860.898419] -> #2 (&(&port->lock)->rlock){-.-.}: [ 860.898432] tty_port_tty_get+0x1d/0x80 [ 860.898436] tty_port_default_wakeup+0x11/0x40 [ 860.898440] serial8250_tx_chars+0x48f/0xae0 [ 860.898443] serial8250_handle_irq.part.0+0x24b/0x290 [ 860.898447] serial8250_default_handle_irq+0xb5/0x140 [ 860.898450] serial8250_interrupt+0xf2/0x1d0 [ 860.898454] __handle_irq_event_percpu+0x144/0x8e0 [ 860.898457] handle_irq_event_percpu+0x76/0x160 [ 860.898460] handle_irq_event+0xa2/0x12d [ 860.898464] handle_edge_irq+0x24b/0x8c0 [ 860.898466] handle_irq+0x35/0x50 [ 860.898470] do_IRQ+0x93/0x1c0 [ 860.898473] ret_from_intr+0x0/0x1e [ 860.898477] _raw_spin_unlock_irqrestore+0x91/0xe0 [ 860.898480] uart_write+0x365/0x680 [ 860.898483] n_tty_write+0x3ee/0x1080 [ 860.898486] tty_write+0x452/0x790 [ 860.898489] redirected_tty_write+0xaa/0xb0 [ 860.898492] __vfs_write+0xf7/0x760 [ 860.898495] vfs_write+0x206/0x550 [ 860.898498] ksys_write+0x12b/0x2a0 [ 860.898501] do_syscall_64+0xf9/0x620 [ 860.898505] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 860.898507] [ 860.898509] -> #1 (&port_lock_key){-.-.}: [ 860.898522] serial8250_console_write+0x79f/0x9c0 [ 860.898525] console_unlock+0xb26/0xfe0 [ 860.898528] vprintk_emit+0x282/0x6e0 [ 860.898531] vprintk_func+0x79/0x17e [ 860.898534] printk+0xba/0xed [ 860.898537] register_console+0x752/0xb50 [ 860.898540] univ8250_console_init+0x3a/0x46 [ 860.898543] console_init+0x4cb/0x718 [ 860.898547] start_kernel+0x594/0x81c [ 860.898550] secondary_startup_64+0xa4/0xb0 [ 860.898552] [ 860.898554] -> #0 (console_owner){-.-.}: [ 860.898565] console_unlock+0x45c/0xfe0 [ 860.898568] vprintk_emit+0x282/0x6e0 [ 860.898571] vprintk_func+0x79/0x17e [ 860.898573] printk+0xba/0xed [ 860.898577] show_workqueue_state.cold+0x94a/0x1059 [ 860.898581] wq_watchdog_timer_fn+0x4d8/0x550 [ 860.898584] call_timer_fn+0x177/0x700 [ 860.898587] run_timer_softirq+0xc08/0x1540 [ 860.898590] __do_softirq+0x26c/0x93c [ 860.898593] irq_exit+0x17b/0x1c0 [ 860.898597] smp_apic_timer_interrupt+0x136/0x550 [ 860.898600] apic_timer_interrupt+0xf/0x20 [ 860.898603] native_safe_halt+0xe/0x10 [ 860.898607] default_idle+0x49/0x320 [ 860.898610] do_idle+0x2ee/0x4b0 [ 860.898613] cpu_startup_entry+0xc6/0xd0 [ 860.898616] start_kernel+0x7e4/0x81c [ 860.898619] secondary_startup_64+0xa4/0xb0 [ 860.898621] [ 860.898624] other info that might help us debug this: [ 860.898626] [ 860.898629] Chain exists of: [ 860.898630] console_owner --> &pool->lock/1 --> &(&pool->lock)->rlock [ 860.898647] [ 860.898650] Possible unsafe locking scenario: [ 860.898651] [ 860.898655] CPU0 CPU1 [ 860.898658] ---- ---- [ 860.898660] lock(&(&pool->lock)->rlock); [ 860.898669] lock(&pool->lock/1); [ 860.898678] lock(&(&pool->lock)->rlock); [ 860.898684] lock(console_owner); [ 860.898690] [ 860.898692] *** DEADLOCK *** [ 860.898694] [ 860.898697] 4 locks held by swapper/0/0: [ 860.898699] #0: 0000000034ec4a0a ((&wq_watchdog_timer)){+.-.}, at: call_timer_fn+0xc9/0x700 [ 860.898712] #1: 00000000ba384d92 (rcu_read_lock_sched){....}, at: show_workqueue_state+0x0/0x120 [ 860.898726] #2: 000000004837dceb (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x7f9/0x1059 [ 860.898741] #3: 0000000071a979bc (console_lock){+.+.}, at: vprintk_emit+0x269/0x6e0 [ 860.898754] [ 860.898757] stack backtrace: [ 860.898761] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.109-syzkaller #0 [ 860.898767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 860.898770] Call Trace: [ 860.898772] [ 860.898775] dump_stack+0x188/0x20d [ 860.898784] print_circular_bug.isra.0.cold+0x1c4/0x282 [ 860.898788] __lock_acquire+0x2e19/0x49c0 [ 860.898791] ? vsnprintf+0x2c6/0x14f0 [ 860.898794] ? mark_held_locks+0xf0/0xf0 [ 860.898797] ? scnprintf+0x140/0x140 [ 860.898800] ? find_held_lock+0x2d/0x110 [ 860.898804] ? console_unlock+0x437/0xfe0 [ 860.898807] lock_acquire+0x170/0x400 [ 860.898810] ? console_unlock+0x3f4/0xfe0 [ 860.898813] console_unlock+0x45c/0xfe0 [ 860.898817] ? console_unlock+0x3f4/0xfe0 [ 860.898820] vprintk_emit+0x282/0x6e0 [ 860.898823] vprintk_func+0x79/0x17e [ 860.898826] ? printk+0xba/0xed [ 860.898829] printk+0xba/0xed [ 860.898833] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 860.898836] ? show_workqueue_state.cold+0x7f9/0x1059 [ 860.898840] show_workqueue_state.cold+0x94a/0x1059 [ 860.898844] ? wq_watchdog_timer_fn+0x3c1/0x550 [ 860.898847] ? print_worker_info+0x280/0x280 [ 860.898850] ? check_preemption_disabled+0x41/0x280 [ 860.898854] wq_watchdog_timer_fn+0x4d8/0x550 [ 860.898857] ? show_workqueue_state+0x120/0x120 [ 860.898861] call_timer_fn+0x177/0x700 [ 860.898864] ? show_workqueue_state+0x120/0x120 [ 860.898867] ? process_timeout+0x40/0x40 [ 860.898871] ? _raw_spin_unlock_irq+0x24/0x80 [ 860.898875] ? show_workqueue_state+0x120/0x120 [ 860.898878] ? show_workqueue_state+0x120/0x120 [ 860.898882] run_timer_softirq+0xc08/0x1540 [ 860.898885] ? add_timer+0xab0/0xab0 [ 860.898888] __do_softirq+0x26c/0x93c [ 860.898891] irq_exit+0x17b/0x1c0 [ 860.898895] smp_apic_timer_interrupt+0x136/0x550 [ 860.898898] apic_timer_interrupt+0xf/0x20 [ 860.898900] [ 860.898904] RIP: 0010:native_safe_halt+0xe/0x10 [ 860.898914] Code: fa eb 82 90 90 90 90 90 90 90 90 90 e9 07 00 00 00 0f 00 2d 04 f1 48 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d f4 f0 48 00 fb f4 90 41 56 41 55 41 54 55 53 e8 43 bc 37 fa e8 3e c7 36 fc 0f 1f [ 860.898918] RSP: 0018:ffffffff88a07d40 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 860.898926] RAX: 1ffffffff1164ad4 RBX: dffffc0000000000 RCX: 0000000000000000 [ 860.898931] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff88a7a73c [ 860.898935] RBP: 0000000000000000 R08: ffffffff88a79ec0 R09: 0000000000000000 [ 860.898940] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff88b25690 [ 860.898945] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88a79ec0 [ 860.898949] default_idle+0x49/0x320 [ 860.898951] do_idle+0x2ee/0x4b0 [ 860.898955] ? arch_cpu_idle_exit+0x70/0x70 [ 860.898959] ? check_preemption_disabled+0x41/0x280 [ 860.898962] cpu_startup_entry+0xc6/0xd0 [ 860.898965] ? cpu_in_idle+0x20/0x20 [ 860.898968] ? preempt_count_add+0xaf/0x190 [ 860.898973] ? trace_event_define_fields_vector_free_moved+0xab/0xab [ 860.898976] start_kernel+0x7e4/0x81c [ 860.898979] ? mem_encrypt_init+0x5/0x5 [ 860.898982] ? load_ucode_bsp+0x23d/0x27d [ 860.898985] secondary_startup_64+0xa4/0xb0 [ 861.728276] workqueue events_power_efficient: flags=0x80 [ 861.733720] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 [ 861.740652] pending: do_cache_clean, check_lifetime [ 861.746181] workqueue rcu_gp: flags=0x8 [ 861.750149] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 861.757170] in-flight: 19:srcu_invoke_callbacks [ 861.762218] workqueue mm_percpu_wq: flags=0x8 [ 861.766706] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 861.773638] pending: vmstat_update [ 861.777584] workqueue dm_bufio_cache: flags=0x8 [ 861.782244] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 861.789181] pending: work_fn [ 861.792623] workqueue krxrpcd: flags=0x0 [ 861.796671] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=2 [ 861.803426] pending: rxrpc_peer_keepalive_worker [ 861.808628] pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=164s workers=2 idle: 2914