[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 84.745692][ T27] audit: type=1800 audit(1578722848.434:25): pid=9528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 84.766525][ T27] audit: type=1800 audit(1578722848.444:26): pid=9528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 84.803203][ T27] audit: type=1800 audit(1578722848.444:27): pid=9528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 311.589593][ T9680] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[ 311.796312][ C1] hrtimer: interrupt took 48081 ns
[ 572.936382][ C0] BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 261s!
[ 572.945593][ C0] Showing busy workqueues and worker pools:
[ 572.952528][ C0] workqueue events: flags=0x0
[ 572.957349][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
[ 572.967966][ C0] pending: defense_work_handler, free_obj_work, cache_reap
[ 572.975595][ C0]
[ 572.975602][ C0] ======================================================
[ 572.975608][ C0] WARNING: possible circular locking dependency detected
[ 572.975613][ C0] 5.5.0-rc5-syzkaller #0 Not tainted
[ 572.975618][ C0] ------------------------------------------------------
[ 572.975622][ C0] swapper/0/0 is trying to acquire lock:
[ 572.975625][ C0] ffffffff8999a700 (console_owner){-.-.}, at: console_unlock+0x415/0xf00
[ 572.975643][ C0]
[ 572.975648][ C0] but task is already holding lock:
[ 572.975651][ C0] ffff8880ae936b58 (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x156/0x802
[ 572.975665][ C0]
[ 572.975669][ C0] which lock already depends on the new lock.
[ 572.975671][ C0]
[ 572.975674][ C0]
[ 572.975679][ C0] the existing dependency chain (in reverse order) is:
[ 572.975681][ C0]
[ 572.975683][ C0] -> #4 (&(&pool->lock)->rlock){-.-.}:
[ 572.975697][ C0] _raw_spin_lock+0x2f/0x40
[ 572.975701][ C0] __queue_work+0x285/0x1280
[ 572.975705][ C0] queue_work_on+0x19f/0x210
[ 572.975709][ C0] put_pwq+0x178/0x1d0
[ 572.975713][ C0] put_pwq_unlocked.part.0+0x34/0x70
[ 572.975717][ C0] apply_wqattrs_cleanup.part.0+0xf6/0x160
[ 572.975722][ C0] apply_workqueue_attrs_locked+0xeb/0x140
[ 572.975726][ C0] apply_workqueue_attrs+0x31/0x50
[ 572.975730][ C0] padata_alloc_pd+0x298/0xb60
[ 572.975734][ C0] padata_alloc_possible+0x1b6/0x480
[ 572.975739][ C0] pcrypt_init_padata+0x20/0x105
[ 572.975743][ C0] pcrypt_init+0x76/0x11b
[ 572.975747][ C0] do_one_initcall+0x120/0x820
[ 572.975751][ C0] kernel_init_freeable+0x4ca/0x570
[ 572.975755][ C0] kernel_init+0x12/0x1bf
[ 572.975759][ C0] ret_from_fork+0x24/0x30
[ 572.975761][ C0]
[ 572.975763][ C0] -> #3 (&pool->lock/1){..-.}:
[ 572.975777][ C0] _raw_spin_lock+0x2f/0x40
[ 572.975781][ C0] __queue_work+0x285/0x1280
[ 572.975785][ C0] queue_work_on+0x19f/0x210
[ 572.975789][ C0] tty_flip_buffer_push+0xc5/0x100
[ 572.975792][ C0] pty_write+0x1a6/0x200
[ 572.975796][ C0] n_tty_write+0xb1d/0x1080
[ 572.975800][ C0] tty_write+0x496/0x7f0
[ 572.975803][ C0] __vfs_write+0x8a/0x110
[ 572.975807][ C0] vfs_write+0x268/0x5d0
[ 572.975810][ C0] ksys_write+0x14f/0x290
[ 572.975814][ C0] __x64_sys_write+0x73/0xb0
[ 572.975818][ C0] do_syscall_64+0xfa/0x790
[ 572.975823][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 572.975825][ C0]
[ 572.975827][ C0] -> #2 (&(&port->lock)->rlock){-.-.}:
[ 572.975841][ C0] _raw_spin_lock_irqsave+0x95/0xcd
[ 572.975845][ C0] tty_port_tty_get+0x24/0x100
[ 572.975849][ C0] tty_port_default_wakeup+0x16/0x40
[ 572.975853][ C0] tty_port_tty_wakeup+0x57/0x70
[ 572.975857][ C0] uart_write_wakeup+0x46/0x70
[ 572.975860][ C0] serial8250_tx_chars+0x495/0xaf0
[ 572.975865][ C0] serial8250_handle_irq.part.0+0x261/0x2b0
[ 572.975869][ C0] serial8250_default_handle_irq+0xc0/0x150
[ 572.975873][ C0] serial8250_interrupt+0xf1/0x1a0
[ 572.975878][ C0] __handle_irq_event_percpu+0x15d/0x970
[ 572.975882][ C0] handle_irq_event_percpu+0x74/0x160
[ 572.975886][ C0] handle_irq_event+0xa7/0x134
[ 572.975890][ C0] handle_edge_irq+0x25e/0x8d0
[ 572.975893][ C0] do_IRQ+0xde/0x280
[ 572.975897][ C0] ret_from_intr+0x0/0x36
[ 572.975901][ C0] native_safe_halt+0xe/0x10
[ 572.975905][ C0] arch_cpu_idle+0xa/0x10
[ 572.975912][ C0] default_idle_call+0x84/0xb0
[ 572.975916][ C0] do_idle+0x3c8/0x6e0
[ 572.975920][ C0] cpu_startup_entry+0x1b/0x20
[ 572.975924][ C0] start_secondary+0x2f4/0x410
[ 572.975927][ C0] secondary_startup_64+0xa4/0xb0
[ 572.975929][ C0]
[ 572.975931][ C0] -> #1 (&port_lock_key){-.-.}:
[ 572.975944][ C0] _raw_spin_lock_irqsave+0x95/0xcd
[ 572.975949][ C0] serial8250_console_write+0x253/0x9a0
[ 572.975953][ C0] univ8250_console_write+0x5f/0x70
[ 572.975957][ C0] console_unlock+0xb7a/0xf00
[ 572.975963][ C0] vprintk_emit+0x2a0/0x700
[ 572.975967][ C0] vprintk_default+0x28/0x30
[ 572.975971][ C0] vprintk_func+0x7e/0x189
[ 572.975974][ C0] printk+0xba/0xed
[ 572.975978][ C0] register_console+0x745/0xb50
[ 572.975982][ C0] univ8250_console_init+0x3e/0x4b
[ 572.975985][ C0] console_init+0x461/0x67b
[ 572.975989][ C0] start_kernel+0x653/0x943
[ 572.975993][ C0] x86_64_start_reservations+0x29/0x2b
[ 572.975997][ C0] x86_64_start_kernel+0x77/0x7b
[ 572.976001][ C0] secondary_startup_64+0xa4/0xb0
[ 572.976003][ C0]
[ 572.976005][ C0] -> #0 (console_owner){-.-.}:
[ 572.976018][ C0] __lock_acquire+0x2596/0x4a00
[ 572.976022][ C0] lock_acquire+0x190/0x410
[ 572.976026][ C0] console_unlock+0x47f/0xf00
[ 572.976030][ C0] vprintk_emit+0x2a0/0x700
[ 572.976034][ C0] vprintk_default+0x28/0x30
[ 572.976038][ C0] vprintk_func+0x7e/0x189
[ 572.976041][ C0] printk+0xba/0xed
[ 572.976045][ C0] show_pwq+0x154/0x7cb
[ 572.976050][ C0] show_workqueue_state.cold+0x1a6/0x802
[ 572.976054][ C0] wq_watchdog_timer_fn+0x511/0x590
[ 572.976057][ C0] call_timer_fn+0x1ac/0x780
[ 572.976061][ C0] run_timer_softirq+0xdca/0x1790
[ 572.976065][ C0] __do_softirq+0x262/0x98c
[ 572.976068][ C0] irq_exit+0x19b/0x1e0
[ 572.976073][ C0] smp_apic_timer_interrupt+0x1a3/0x610
[ 572.976077][ C0] apic_timer_interrupt+0xf/0x20
[ 572.976080][ C0] native_safe_halt+0xe/0x10
[ 572.976084][ C0] arch_cpu_idle+0xa/0x10
[ 572.976088][ C0] default_idle_call+0x84/0xb0
[ 572.976093][ C0] do_idle+0x3c8/0x6e0
[ 572.976097][ C0] cpu_startup_entry+0x1b/0x20
[ 572.976100][ C0] rest_init+0x23b/0x371
[ 572.976104][ C0] arch_call_rest_init+0xe/0x1b
[ 572.976107][ C0] start_kernel+0x904/0x943
[ 572.976112][ C0] x86_64_start_reservations+0x29/0x2b
[ 572.976115][ C0] x86_64_start_kernel+0x77/0x7b
[ 572.976120][ C0] secondary_startup_64+0xa4/0xb0
[ 572.976122][ C0]
[ 572.976126][ C0] other info that might help us debug this:
[ 572.976128][ C0]
[ 572.976131][ C0] Chain exists of:
[ 572.976132][ C0] console_owner --> &pool->lock/1 --> &(&pool->lock)->rlock
[ 572.976153][ C0]
[ 572.976157][ C0] Possible unsafe locking scenario:
[ 572.976159][ C0]
[ 572.976162][ C0] CPU0 CPU1
[ 572.976166][ C0] ---- ----
[ 572.976168][ C0] lock(&(&pool->lock)->rlock);
[ 572.976177][ C0] lock(&pool->lock/1);
[ 572.976188][ C0] lock(&(&pool->lock)->rlock);
[ 572.976199][ C0] lock(console_owner);
[ 572.976207][ C0]
[ 572.976210][ C0] *** DEADLOCK ***
[ 572.976212][ C0]
[ 572.976215][ C0] 4 locks held by swapper/0/0:
[ 572.976218][ C0] #0: ffffc90000007d50 ((&wq_watchdog_timer)){+.-.}, at: call_timer_fn+0xe0/0x780
[ 572.976233][ C0] #1: ffffffff899a5340 (rcu_read_lock){....}, at: show_workqueue_state+0x0/0x120
[ 572.976249][ C0] #2: ffff8880ae936b58 (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x156/0x802
[ 572.976269][ C0] #3: ffffffff8999a960 (console_lock){+.+.}, at: vprintk_emit+0x283/0x700
[ 572.976285][ C0]
[ 572.976287][ C0] stack backtrace:
[ 572.976292][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.5.0-rc5-syzkaller #0
[ 572.976298][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 572.976300][ C0] Call Trace:
[ 572.976302][ C0]
[ 572.976305][ C0] dump_stack+0x197/0x210
[ 572.976315][ C0] print_circular_bug.isra.0.cold+0x163/0x172
[ 572.976318][ C0] check_noncircular+0x32e/0x3e0
[ 572.976322][ C0] ? print_circular_bug.isra.0+0x230/0x230
[ 572.976326][ C0] ? print_circular_bug.isra.0+0x230/0x230
[ 572.976330][ C0] ? alloc_list_entry+0xc0/0xc0
[ 572.976334][ C0] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 572.976338][ C0] ? find_first_zero_bit+0x9a/0xc0
[ 572.976342][ C0] __lock_acquire+0x2596/0x4a00
[ 572.976346][ C0] ? mark_held_locks+0xf0/0xf0
[ 572.976349][ C0] lock_acquire+0x190/0x410
[ 572.976352][ C0] ? console_unlock+0x415/0xf00
[ 572.976356][ C0] console_unlock+0x47f/0xf00
[ 572.976359][ C0] ? console_unlock+0x415/0xf00
[ 572.976362][ C0] vprintk_emit+0x2a0/0x700
[ 572.976365][ C0] vprintk_default+0x28/0x30
[ 572.976368][ C0] vprintk_func+0x7e/0x189
[ 572.976371][ C0] ? printk+0xba/0xed
[ 572.976374][ C0] printk+0xba/0xed
[ 572.976378][ C0] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 572.976382][ C0] ? __kasan_check_write+0x14/0x20
[ 572.976385][ C0] show_pwq+0x154/0x7cb
[ 572.976389][ C0] show_workqueue_state.cold+0x1a6/0x802
[ 572.976393][ C0] ? print_worker_info+0x280/0x280
[ 572.976396][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 572.976399][ C0] ? __kasan_check_read+0x11/0x20
[ 572.976403][ C0] wq_watchdog_timer_fn+0x511/0x590
[ 572.976407][ C0] ? show_workqueue_state+0x120/0x120
[ 572.976411][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 572.976416][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 572.976419][ C0] call_timer_fn+0x1ac/0x780
[ 572.976423][ C0] ? show_workqueue_state+0x120/0x120
[ 572.976427][ C0] ? msleep_interruptible+0x150/0x150
[ 572.976431][ C0] ? run_timer_softirq+0xdb8/0x1790
[ 572.976434][ C0] ? trace_hardirqs_on+0x67/0x240
[ 572.976438][ C0] ? show_workqueue_state+0x120/0x120
[ 572.976442][ C0] ? show_workqueue_state+0x120/0x120
[ 572.976446][ C0] run_timer_softirq+0xdca/0x1790
[ 572.976449][ C0] ? add_timer+0x930/0x930
[ 572.976454][ C0] ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 572.976458][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 572.976462][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 572.976466][ C0] __do_softirq+0x262/0x98c
[ 572.976469][ C0] ? sched_clock_cpu+0x1b/0x1b0
[ 572.976473][ C0] irq_exit+0x19b/0x1e0
[ 572.976476][ C0] smp_apic_timer_interrupt+0x1a3/0x610
[ 572.976485][ C0] apic_timer_interrupt+0xf/0x20
[ 572.976488][ C0]
[ 572.976492][ C0] RIP: 0010:native_safe_halt+0xe/0x10
[ 572.976504][ C0] Code: e8 bb db f9 eb 8a cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 24 4d 51 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 14 4d 51 00 fb f4 cc 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 be 8a 8b f9 e8 89
[ 572.976508][ C0] RSP: 0018:ffffffff89807ce8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 572.976517][ C0] RAX: 1ffffffff132669e RBX: ffffffff8987a140 RCX: 0000000000000000
[ 572.976522][ C0] RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffffffff8987a9d4
[ 572.976532][ C0] RBP: ffffffff89807d18 R08: ffffffff8987a140 R09: 0000000000000000
[ 572.976538][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 572.976544][ C0] R13: ffffffff8a7b87c0 R14: 0000000000000000 R15: 0000000000000000
[ 572.976551][ C0] ? default_idle+0x4e/0x360
[ 572.976554][ C0] arch_cpu_idle+0xa/0x10
[ 572.976558][ C0] default_idle_call+0x84/0xb0
[ 572.976562][ C0] do_idle+0x3c8/0x6e0
[ 572.976565][ C0] ? arch_cpu_idle_exit+0x80/0x80
[ 572.976569][ C0] ? trace_hardirqs_on+0x67/0x240
[ 572.976573][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 572.976577][ C0] ? debug_smp_processor_id+0x33/0x18a
[ 572.976580][ C0] cpu_startup_entry+0x1b/0x20
[ 572.976583][ C0] rest_init+0x23b/0x371
[ 572.976587][ C0] arch_call_rest_init+0xe/0x1b
[ 572.976590][ C0] start_kernel+0x904/0x943
[ 572.976594][ C0] ? mem_encrypt_init+0xb/0xb
[ 572.976600][ C0] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 572.976604][ C0] ? x86_family+0x41/0x50
[ 572.976609][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 572.976613][ C0] x86_64_start_reservations+0x29/0x2b
[ 572.976616][ C0] x86_64_start_kernel+0x77/0x7b
[ 572.976620][ C0] secondary_startup_64+0xa4/0xb0
[ 574.151858][ C0] workqueue events_power_efficient: flags=0x80
[ 574.158005][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
[ 574.165643][ C0] pending: fb_flashcursor, neigh_periodic_work
[ 574.172272][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
[ 574.179904][ C0] pending: check_lifetime, gc_worker
[ 574.185666][ C0] workqueue rcu_gp: flags=0x8
[ 574.190344][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 574.197979][ C0] in-flight: 2826:srcu_invoke_callbacks
[ 574.203888][ C0] workqueue mm_percpu_wq: flags=0x8
[ 574.209073][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 574.216704][ C0] pending: vmstat_update
[ 574.221430][ C0] workqueue dm_bufio_cache: flags=0x8
[ 574.226798][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[ 574.234427][ C0] pending: work_fn
[ 574.238546][ C0] workqueue ipv6_addrconf: flags=0x40008
[ 574.244165][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=2
[ 574.251619][ C0] pending: addrconf_verify_work
[ 574.256878][ C0] pool 2: cpus=1 node=0 flags=0x0 nice=0 hung=262s workers=3 idle: 3106 26