[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 39.489274][ T26] audit: type=1800 audit(1555815847.982:25): pid=7748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 39.516706][ T26] audit: type=1800 audit(1555815847.992:26): pid=7748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 39.553496][ T26] audit: type=1800 audit(1555815847.992:27): pid=7748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.1.29' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 331.073883][ T7899] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[ 331.100168][ C0] hrtimer: interrupt took 27828 ns
[ 331.211102][ T7899] kvm: emulating exchange as write
[ 572.799814][ C0] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 241s!
[ 572.809124][ C0] Showing busy workqueues and worker pools:
[ 572.815644][ C0] workqueue events: flags=0x0
[ 572.820776][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=5/256
[ 572.830665][ C0] pending: vmstat_shepherd, cache_reap, defense_work_handler, psi_update_work, check_corruption
[ 572.841724][ C0]
[ 572.841727][ C0] ======================================================
[ 572.841731][ C0] WARNING: possible circular locking dependency detected
[ 572.841733][ C0] 5.1.0-rc5+ #78 Not tainted
[ 572.841736][ C0] ------------------------------------------------------
[ 572.841739][ C0] syz-executor821/7899 is trying to acquire lock:
[ 572.841741][ C0] 000000003c91ac31 (console_owner){-.-.}, at: console_unlock+0x3fc/0xed0
[ 572.841748][ C0]
[ 572.841751][ C0] but task is already holding lock:
[ 572.841752][ C0] 000000007e7c7998 (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x879/0x11dc
[ 572.841760][ C0]
[ 572.841763][ C0] which lock already depends on the new lock.
[ 572.841764][ C0]
[ 572.841765][ C0]
[ 572.841768][ C0] the existing dependency chain (in reverse order) is:
[ 572.841769][ C0]
[ 572.841770][ C0] -> #4 (&(&pool->lock)->rlock){-.-.}:
[ 572.841777][ C0] lock_acquire+0x16f/0x3f0
[ 572.841779][ C0] _raw_spin_lock+0x2f/0x40
[ 572.841781][ C0] __queue_work+0x23d/0x10e0
[ 572.841784][ C0] queue_work_on+0x192/0x200
[ 572.841785][ C0] put_pwq+0x178/0x1d0
[ 572.841788][ C0] put_pwq_unlocked.part.0+0x34/0x70
[ 572.841790][ C0] destroy_workqueue+0x623/0x700
[ 572.841792][ C0] floppy_async_init+0x2031/0x2183
[ 572.841794][ C0] async_run_entry_fn+0x126/0x570
[ 572.841797][ C0] process_one_work+0x98e/0x1790
[ 572.841799][ C0] worker_thread+0x98/0xe40
[ 572.841801][ C0] kthread+0x357/0x430
[ 572.841803][ C0] ret_from_fork+0x3a/0x50
[ 572.841804][ C0]
[ 572.841805][ C0] -> #3 (&pool->lock/1){..-.}:
[ 572.841813][ C0] lock_acquire+0x16f/0x3f0
[ 572.841815][ C0] _raw_spin_lock+0x2f/0x40
[ 572.841817][ C0] __queue_work+0x23d/0x10e0
[ 572.841819][ C0] queue_work_on+0x192/0x200
[ 572.841821][ C0] tty_flip_buffer_push+0xc5/0x100
[ 572.841823][ C0] pty_write+0x1a6/0x200
[ 572.841825][ C0] n_tty_write+0xb06/0x1150
[ 572.841827][ C0] tty_write+0x45b/0x7a0
[ 572.841829][ C0] __vfs_write+0x8d/0x110
[ 572.841832][ C0] vfs_write+0x20c/0x580
[ 572.841834][ C0] ksys_write+0x14f/0x2d0
[ 572.841836][ C0] __x64_sys_write+0x73/0xb0
[ 572.841838][ C0] do_syscall_64+0x103/0x610
[ 572.841841][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 572.841842][ C0]
[ 572.841843][ C0] -> #2 (&(&port->lock)->rlock){-.-.}:
[ 572.841852][ C0] lock_acquire+0x16f/0x3f0
[ 572.841854][ C0] _raw_spin_lock_irqsave+0x95/0xcd
[ 572.841856][ C0] tty_port_tty_get+0x22/0x80
[ 572.841859][ C0] tty_port_default_wakeup+0x16/0x40
[ 572.841861][ C0] tty_port_tty_wakeup+0x5d/0x70
[ 572.841863][ C0] uart_write_wakeup+0x46/0x70
[ 572.841866][ C0] serial8250_tx_chars+0x4a4/0xb20
[ 572.841868][ C0] serial8250_handle_irq.part.0+0x1be/0x2e0
[ 572.841871][ C0] serial8250_default_handle_irq+0xc5/0x150
[ 572.841873][ C0] serial8250_interrupt+0xfb/0x1a0
[ 572.841876][ C0] __handle_irq_event_percpu+0x146/0x900
[ 572.841878][ C0] handle_irq_event_percpu+0x74/0x160
[ 572.841880][ C0] handle_irq_event+0xa7/0x134
[ 572.841883][ C0] handle_edge_irq+0x264/0x8e0
[ 572.841885][ C0] handle_irq+0x252/0x3d8
[ 572.841886][ C0] do_IRQ+0x99/0x1d0
[ 572.841888][ C0] ret_from_intr+0x0/0x1e
[ 572.841891][ C0] _raw_spin_unlock_irqrestore+0x95/0xe0
[ 572.841893][ C0] uart_write+0x3b6/0x6f0
[ 572.841895][ C0] n_tty_write+0x3ff/0x1150
[ 572.841897][ C0] tty_write+0x45b/0x7a0
[ 572.841899][ C0] redirected_tty_write+0xb2/0xc0
[ 572.841901][ C0] __vfs_write+0x8d/0x110
[ 572.841903][ C0] vfs_write+0x20c/0x580
[ 572.841905][ C0] ksys_write+0x14f/0x2d0
[ 572.841907][ C0] __x64_sys_write+0x73/0xb0
[ 572.841909][ C0] do_syscall_64+0x103/0x610
[ 572.841912][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 572.841913][ C0]
[ 572.841914][ C0] -> #1 (&port_lock_key){-.-.}:
[ 572.841921][ C0] lock_acquire+0x16f/0x3f0
[ 572.841923][ C0] _raw_spin_lock_irqsave+0x95/0xcd
[ 572.841926][ C0] serial8250_console_write+0x253/0x9c0
[ 572.841928][ C0] univ8250_console_write+0x5f/0x70
[ 572.841930][ C0] console_unlock+0xb44/0xed0
[ 572.841932][ C0] vprintk_emit+0x280/0x6d0
[ 572.841935][ C0] vprintk_default+0x28/0x30
[ 572.841937][ C0] vprintk_func+0x7e/0x189
[ 572.841938][ C0] printk+0xba/0xed
[ 572.841941][ C0] register_console+0x74d/0xb50
[ 572.841943][ C0] univ8250_console_init+0x3e/0x4b
[ 572.841945][ C0] console_init+0x4f7/0x761
[ 572.841947][ C0] start_kernel+0x574/0x84f
[ 572.841950][ C0] x86_64_start_reservations+0x29/0x2b
[ 572.841952][ C0] x86_64_start_kernel+0x77/0x7b
[ 572.841954][ C0] secondary_startup_64+0xa4/0xb0
[ 572.841955][ C0]
[ 572.841956][ C0] -> #0 (console_owner){-.-.}:
[ 572.841963][ C0] __lock_acquire+0x239c/0x3fb0
[ 572.841965][ C0] lock_acquire+0x16f/0x3f0
[ 572.841967][ C0] console_unlock+0x466/0xed0
[ 572.841969][ C0] vprintk_emit+0x280/0x6d0
[ 572.841971][ C0] vprintk_default+0x28/0x30
[ 572.841973][ C0] vprintk_func+0x7e/0x189
[ 572.841975][ C0] printk+0xba/0xed
[ 572.841978][ C0] show_workqueue_state.cold+0x9e4/0x11dc
[ 572.841980][ C0] wq_watchdog_timer_fn+0x516/0x5a0
[ 572.841982][ C0] call_timer_fn+0x190/0x720
[ 572.841984][ C0] run_timer_softirq+0xd03/0x1700
[ 572.841986][ C0] __do_softirq+0x266/0x95a
[ 572.841989][ C0] irq_exit+0x180/0x1d0
[ 572.841993][ C0] smp_apic_timer_interrupt+0x14a/0x570
[ 572.841995][ C0] apic_timer_interrupt+0xf/0x20
[ 572.841997][ C0] write_comp_data+0x68/0x70
[ 572.841999][ C0] kvm_vcpu_gfn_to_memslot+0x3d4/0x4e0
[ 572.842002][ C0] kvm_vcpu_gfn_to_hva_prot+0x23/0x40
[ 572.842004][ C0] paging64_walk_addr_generic+0x406/0x2470
[ 572.842007][ C0] paging64_gva_to_gpa+0xd7/0x200
[ 572.842009][ C0] kvm_fetch_guest_virt+0xf3/0x1d0
[ 572.842012][ C0] __do_insn_fetch_bytes+0x332/0x700
[ 572.842014][ C0] x86_decode_insn+0x18ba/0x56d0
[ 572.842016][ C0] x86_emulate_instruction+0x846/0x1c70
[ 572.842019][ C0] kvm_mmu_page_fault+0x375/0x1880
[ 572.842021][ C0] handle_ept_violation+0x1c8/0x500
[ 572.842023][ C0] vmx_handle_exit+0x283/0x1550
[ 572.842026][ C0] vcpu_enter_guest+0x10f0/0x5ec0
[ 572.842029][ C0] kvm_arch_vcpu_ioctl_run+0x425/0x1750
[ 572.842031][ C0] kvm_vcpu_ioctl+0x4dc/0xf90
[ 572.842033][ C0] do_vfs_ioctl+0xd6e/0x1390
[ 572.842035][ C0] ksys_ioctl+0xab/0xd0
[ 572.842037][ C0] __x64_sys_ioctl+0x73/0xb0
[ 572.842039][ C0] do_syscall_64+0x103/0x610
[ 572.842041][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 572.842043][ C0]
[ 572.842045][ C0] other info that might help us debug this:
[ 572.842046][ C0]
[ 572.842048][ C0] Chain exists of:
[ 572.842049][ C0] console_owner --> &pool->lock/1 --> &(&pool->lock)->rlock
[ 572.842059][ C0]
[ 572.842061][ C0] Possible unsafe locking scenario:
[ 572.842062][ C0]
[ 572.842064][ C0] CPU0 CPU1
[ 572.842066][ C0] ---- ----
[ 572.842067][ C0] lock(&(&pool->lock)->rlock);
[ 572.842072][ C0] lock(&pool->lock/1);
[ 572.842078][ C0] lock(&(&pool->lock)->rlock);
[ 572.842082][ C0] lock(console_owner);
[ 572.842086][ C0]
[ 572.842088][ C0] *** DEADLOCK ***
[ 572.842089][ C0]
[ 572.842091][ C0] 6 locks held by syz-executor821/7899:
[ 572.842092][ C0] #0: 000000006bd2286b (&vcpu->mutex){+.+.}, at: kvm_vcpu_ioctl+0x181/0xf90
[ 572.842104][ C0] #1: 0000000038497e88 (&kvm->srcu){....}, at: vcpu_enter_guest+0xf3d/0x5ec0
[ 572.842113][ C0] #2: 0000000018e56170 ((&wq_watchdog_timer)){+.-.}, at: call_timer_fn+0xda/0x720
[ 572.842121][ C0] #3: 00000000453e0476 (rcu_read_lock_sched){....}, at: show_workqueue_state+0x0/0x120
[ 572.842130][ C0] #4: 000000007e7c7998 (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x879/0x11dc
[ 572.842139][ C0] #5: 000000009c377bbc (console_lock){+.+.}, at: vprintk_emit+0x267/0x6d0
[ 572.842147][ C0]
[ 572.842149][ C0] stack backtrace:
[ 572.842152][ C0] CPU: 0 PID: 7899 Comm: syz-executor821 Not tainted 5.1.0-rc5+ #78
[ 572.842156][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 572.842157][ C0] Call Trace:
[ 572.842159][ C0]
[ 572.842160][ C0] dump_stack+0x172/0x1f0
[ 572.842163][ C0] print_circular_bug.isra.0.cold+0x1cc/0x28f
[ 572.842165][ C0] check_prev_add.constprop.0+0xf11/0x23c0
[ 572.842167][ C0] ? check_usage+0x570/0x570
[ 572.842169][ C0] ? graph_lock+0x7b/0x200
[ 572.842171][ C0] ? __lockdep_reset_lock+0x450/0x450
[ 572.842174][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 572.842176][ C0] ? find_first_zero_bit+0x9a/0xc0
[ 572.842178][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 572.842181][ C0] __lock_acquire+0x239c/0x3fb0
[ 572.842183][ C0] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 572.842185][ C0] ? mark_held_locks+0xf0/0xf0
[ 572.842187][ C0] ? kasan_check_write+0x14/0x20
[ 572.842189][ C0] lock_acquire+0x16f/0x3f0
[ 572.842191][ C0] ? console_unlock+0x3fc/0xed0
[ 572.842193][ C0] console_unlock+0x466/0xed0
[ 572.842196][ C0] ? console_unlock+0x3fc/0xed0
[ 572.842198][ C0] vprintk_emit+0x280/0x6d0
[ 572.842200][ C0] vprintk_default+0x28/0x30
[ 572.842201][ C0] vprintk_func+0x7e/0x189
[ 572.842203][ C0] ? printk+0xba/0xed
[ 572.842205][ C0] printk+0xba/0xed
[ 572.842207][ C0] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 572.842209][ C0] ? show_workqueue_state.cold+0x879/0x11dc
[ 572.842212][ C0] show_workqueue_state.cold+0x9e4/0x11dc
[ 572.842214][ C0] ? wq_watchdog_timer_fn+0x3f9/0x5a0
[ 572.842216][ C0] ? idr_get_next+0x1a6/0x230
[ 572.842218][ C0] ? print_worker_info+0x280/0x280
[ 572.842221][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 572.842223][ C0] ? kasan_check_read+0x11/0x20
[ 572.842225][ C0] wq_watchdog_timer_fn+0x516/0x5a0
[ 572.842227][ C0] ? show_workqueue_state+0x120/0x120
[ 572.842229][ C0] call_timer_fn+0x190/0x720
[ 572.842232][ C0] ? show_workqueue_state+0x120/0x120
[ 572.842234][ C0] ? process_timeout+0x40/0x40
[ 572.842236][ C0] ? show_workqueue_state+0x120/0x120
[ 572.842238][ C0] run_timer_softirq+0xd03/0x1700
[ 572.842240][ C0] ? add_timer+0xbe0/0xbe0
[ 572.842242][ C0] __do_softirq+0x266/0x95a
[ 572.842244][ C0] ? sched_clock_cpu+0x1b/0x1b0
[ 572.842246][ C0] irq_exit+0x180/0x1d0
[ 572.842248][ C0] smp_apic_timer_interrupt+0x14a/0x570
[ 572.842250][ C0] apic_timer_interrupt+0xf/0x20
[ 572.842251][ C0]
[ 572.842254][ C0] RIP: 0010:write_comp_data+0x68/0x70
[ 572.842261][ C0] Code: 00 00 4e 8d 14 dd 28 00 00 00 4d 39 d0 72 1b 49 83 c1 01 4a 89 7c 10 e0 4a 89 74 10 e8 4a 89 54 10 f0 4a 89 4c d8 20 4c 89 08 0f 1f 80 00 00 00 00 55 40 0f b6 d6 40 0f b6 f7 31 ff 48 89 e5
[ 572.842263][ C0] RSP: 0018:ffff8880a4b3f0d8 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 572.842268][ C0] RAX: 0000000000000000 RBX: 0000000000000004 RCX: ffffffff81078714
[ 572.842271][ C0] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000005
[ 572.842274][ C0] RBP: ffff8880a4b3f0e0 R08: ffff88808ab5a1c0 R09: fffff52000bbf8d7
[ 572.842278][ C0] R10: fffff52000bbf8d6 R11: ffffc90005dfc6b3 R12: ffffc90005df3000
[ 572.842281][ C0] R13: 0000000000000002 R14: ffff888096a00780 R15: ffff8880a4b3f2c8
[ 572.842283][ C0] ? kvm_vcpu_gfn_to_memslot+0x3d4/0x4e0
[ 572.842286][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 572.842288][ C0] kvm_vcpu_gfn_to_memslot+0x3d4/0x4e0
[ 572.842290][ C0] kvm_vcpu_gfn_to_hva_prot+0x23/0x40
[ 572.842292][ C0] paging64_walk_addr_generic+0x406/0x2470
[ 572.842294][ C0] ? ept_sync_page+0x7c0/0x7c0
[ 572.842296][ C0] ? mark_held_locks+0xa4/0xf0
[ 572.842298][ C0] paging64_gva_to_gpa+0xd7/0x200
[ 572.842301][ C0] ? paging64_walk_addr_generic+0x2470/0x2470
[ 572.842302][ C0] ? trace_hardirqs_on_t
[ 572.842308][ C0] Lost 65 message(s)!
[ 574.074513][ C0] workqueue events_power_efficient: flags=0x80
[ 574.080761][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=4/256
[ 574.087926][ C0] pending: gc_worker, neigh_periodic_work, neigh_periodic_work, check_lifetime
[ 574.097423][ C0] workqueue rcu_gp: flags=0x8
[ 574.102142][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256
[ 574.108981][ C0] in-flight: 12:srcu_invoke_callbacks
[ 574.114862][ C0] workqueue mm_percpu_wq: flags=0x8
[ 574.120149][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256
[ 574.127892][ C0] pending: vmstat_update
[ 574.132941][ C0] workqueue dm_bufio_cache: flags=0x8
[ 574.138358][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256
[ 574.145199][ C0] pending: work_fn
[ 574.149768][ C0] pool 0: cpus=0 node=0 flags=0x0 nice=0 hung=242s workers=2 idle: 2988