[   45.764703] audit: type=1800 audit(1583684929.884:30): pid=7932 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0
[   45.791235] audit: type=1800 audit(1583684929.884:31): pid=7932 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.26' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  693.700846] kauditd_printk_skb: 4 callbacks suppressed
[  693.700860] audit: type=1400 audit(1583685577.864:36): avc:  denied  { map } for  pid=8116 comm="syz-executor864" path="/root/syz-executor864187192" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[  693.957316] hrtimer: interrupt took 51023 ns
[  860.817539] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 166s!
[  860.825932] Showing busy workqueues and worker pools:
[  860.831304] workqueue events: flags=0x0
[  860.835464]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=3/256 refcnt=4
[  860.844537]     pending: vmstat_shepherd, cache_reap, check_corruption
[  860.851331] 
[  860.851335] ======================================================
[  860.851339] WARNING: possible circular locking dependency detected
[  860.851342] 4.19.108-syzkaller #0 Not tainted
[  860.851346] ------------------------------------------------------
[  860.851350] syz-executor864/8116 is trying to acquire lock:
[  860.851353] 00000000fc3be13e (console_owner){-.-.}, at: console_unlock+0x3f4/0xfe0
[  860.851364] 
[  860.851367] but task is already holding lock:
[  860.851369] 00000000a1d6a799 (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x7f9/0x1059
[  860.851381] 
[  860.851385] which lock already depends on the new lock.
[  860.851386] 
[  860.851388] 
[  860.851392] the existing dependency chain (in reverse order) is:
[  860.851394] 
[  860.851396] -> #4 (&(&pool->lock)->rlock){-.-.}:
[  860.851407]        __queue_work+0x23c/0x1070
[  860.851410]        queue_work_on+0x17e/0x1f0
[  860.851413]        put_pwq+0x15a/0x1b0
[  860.851416]        put_pwq_unlocked.part.0+0x30/0x70
[  860.851420]        destroy_workqueue+0x5f4/0x6f0
[  860.851423]        floppy_async_init+0x1f0a/0x2043
[  860.851426]        async_run_entry_fn+0x121/0x530
[  860.851430]        process_one_work+0x91f/0x1640
[  860.851432]        worker_thread+0x96/0xe20
[  860.851435]        kthread+0x34a/0x420
[  860.851438]        ret_from_fork+0x24/0x30
[  860.851440] 
[  860.851442] -> #3 (&pool->lock/1){..-.}:
[  860.851454]        __queue_work+0x23c/0x1070
[  860.851457]        queue_work_on+0x17e/0x1f0
[  860.851460]        pty_write+0x198/0x1f0
[  860.851463]        n_tty_write+0xa69/0x1080
[  860.851466]        tty_write+0x452/0x790
[  860.851469]        __vfs_write+0xf7/0x760
[  860.851472]        vfs_write+0x206/0x550
[  860.851475]        ksys_write+0x12b/0x2a0
[  860.851477]        do_syscall_64+0xf9/0x620
[  860.851481]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  860.851483] 
[  860.851484] -> #2 (&(&port->lock)->rlock){-.-.}:
[  860.851496]        tty_port_tty_get+0x1d/0x80
[  860.851499]        tty_port_default_wakeup+0x11/0x40
[  860.851503]        serial8250_tx_chars+0x48f/0xae0
[  860.851506]        serial8250_handle_irq.part.0+0x24b/0x290
[  860.851510]        serial8250_default_handle_irq+0xb5/0x140
[  860.851513]        serial8250_interrupt+0xf2/0x1d0
[  860.851517]        __handle_irq_event_percpu+0x144/0x8e0
[  860.851520]        handle_irq_event_percpu+0x76/0x160
[  860.851523]        handle_irq_event+0xa2/0x12d
[  860.851526]        handle_edge_irq+0x24b/0x8c0
[  860.851529]        handle_irq+0x35/0x50
[  860.851531]        do_IRQ+0x93/0x1c0
[  860.851534]        ret_from_intr+0x0/0x1e
[  860.851537]        native_safe_halt+0xe/0x10
[  860.851540]        default_idle+0x49/0x320
[  860.851543]        do_idle+0x2ee/0x4b0
[  860.851547]        cpu_startup_entry+0xc6/0xd0
[  860.851550]        start_secondary+0x3e4/0x590
[  860.851553]        secondary_startup_64+0xa4/0xb0
[  860.851555] 
[  860.851556] -> #1 (&port_lock_key){-.-.}:
[  860.851568]        serial8250_console_write+0x79f/0x9c0
[  860.851571]        console_unlock+0xb26/0xfe0
[  860.851574]        vprintk_emit+0x282/0x6e0
[  860.851577]        vprintk_func+0x79/0x17e
[  860.851579]        printk+0xba/0xed
[  860.851582]        register_console+0x752/0xb50
[  860.851586]        univ8250_console_init+0x3a/0x46
[  860.851589]        console_init+0x4cb/0x718
[  860.851591]        start_kernel+0x594/0x81c
[  860.851595]        secondary_startup_64+0xa4/0xb0
[  860.851597] 
[  860.851599] -> #0 (console_owner){-.-.}:
[  860.851609]        console_unlock+0x45c/0xfe0
[  860.851612]        vprintk_emit+0x282/0x6e0
[  860.851615]        vprintk_func+0x79/0x17e
[  860.851618]        printk+0xba/0xed
[  860.851621]        show_workqueue_state.cold+0x94a/0x1059
[  860.851625]        wq_watchdog_timer_fn+0x4d8/0x550
[  860.851628]        call_timer_fn+0x177/0x700
[  860.851631]        run_timer_softirq+0xc08/0x1540
[  860.851634]        __do_softirq+0x26c/0x93c
[  860.851637]        irq_exit+0x17b/0x1c0
[  860.851641]        smp_apic_timer_interrupt+0x136/0x550
[  860.851644]        apic_timer_interrupt+0xf/0x20
[  860.851647]        __do_page_fault+0x6e3/0xdd0
[  860.851650]        page_fault+0x1e/0x30
[  860.851652] 
[  860.851655] other info that might help us debug this:
[  860.851657] 
[  860.851659] Chain exists of:
[  860.851661]   console_owner --> &pool->lock/1 --> &(&pool->lock)->rlock
[  860.851677] 
[  860.851680]  Possible unsafe locking scenario:
[  860.851682] 
[  860.851685]        CPU0                    CPU1
[  860.851688]        ----                    ----
[  860.851690]   lock(&(&pool->lock)->rlock);
[  860.851697]                                lock(&pool->lock/1);
[  860.851706]                                lock(&(&pool->lock)->rlock);
[  860.851711]   lock(console_owner);
[  860.851717] 
[  860.851719]  *** DEADLOCK ***
[  860.851721] 
[  860.851724] 4 locks held by syz-executor864/8116:
[  860.851726]  #0: 000000007b79f146 ((&wq_watchdog_timer)){+.-.}, at: call_timer_fn+0xc9/0x700
[  860.851739]  #1: 0000000090609218 (rcu_read_lock_sched){....}, at: show_workqueue_state+0x0/0x120
[  860.851752]  #2: 00000000a1d6a799 (&(&pool->lock)->rlock){-.-.}, at: show_workqueue_state.cold+0x7f9/0x1059
[  860.851766]  #3: 00000000eaaeb514 (console_lock){+.+.}, at: vprintk_emit+0x269/0x6e0
[  860.851779] 
[  860.851781] stack backtrace:
[  860.851787] CPU: 0 PID: 8116 Comm: syz-executor864 Not tainted 4.19.108-syzkaller #0
[  860.851792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  860.851795] Call Trace:
[  860.851797]  <IRQ>
[  860.851799]  dump_stack+0x188/0x20d
[  860.851803]  print_circular_bug.isra.0.cold+0x1c4/0x282
[  860.851806]  __lock_acquire+0x2e19/0x49c0
[  860.851809]  ? vsnprintf+0x2c6/0x14f0
[  860.851812]  ? mark_held_locks+0xf0/0xf0
[  860.851815]  ? scnprintf+0x140/0x140
[  860.851818]  ? find_held_lock+0x2d/0x110
[  860.851822]  ? console_unlock+0x437/0xfe0
[  860.851824]  lock_acquire+0x170/0x400
[  860.851827]  ? console_unlock+0x3f4/0xfe0
[  860.851830]  console_unlock+0x45c/0xfe0
[  860.851834]  ? console_unlock+0x3f4/0xfe0
[  860.851836]  vprintk_emit+0x282/0x6e0
[  860.851840]  vprintk_func+0x79/0x17e
[  860.851842]  ? printk+0xba/0xed
[  860.851845]  printk+0xba/0xed
[  860.851848]  ? kmsg_dump_rewind_nolock+0xd9/0xd9
[  860.851852]  ? show_workqueue_state.cold+0x7f9/0x1059
[  860.851855]  show_workqueue_state.cold+0x94a/0x1059
[  860.851859]  ? wq_watchdog_timer_fn+0x3c1/0x550
[  860.851862]  ? print_worker_info+0x280/0x280
[  860.851866]  ? check_preemption_disabled+0x41/0x280
[  860.851869]  wq_watchdog_timer_fn+0x4d8/0x550
[  860.851873]  ? show_workqueue_state+0x120/0x120
[  860.851875]  call_timer_fn+0x177/0x700
[  860.851879]  ? show_workqueue_state+0x120/0x120
[  860.851887]  ? process_timeout+0x40/0x40
[  860.851891]  ? show_workqueue_state+0x120/0x120
[  860.851894]  run_timer_softirq+0xc08/0x1540
[  860.851897]  ? add_timer+0xab0/0xab0
[  860.851900]  __do_softirq+0x26c/0x93c
[  860.851903]  irq_exit+0x17b/0x1c0
[  860.851906]  smp_apic_timer_interrupt+0x136/0x550
[  860.851909]  apic_timer_interrupt+0xf/0x20
[  860.851912]  </IRQ>
[  860.851915] RIP: 0010:__do_page_fault+0x6e3/0xdd0
[  860.851926] Code: ff df 48 c1 e8 03 80 3c 10 00 0f 85 50 06 00 00 48 83 3d 97 89 83 07 00 0f 84 df 05 00 00 e8 c4 d5 38 00 fb 66 0f 1f 44 00 00 <49> 83 cd 04 c7 44 24 14 54 00 00 00 e9 2c fc ff ff e8 a7 d5 38 00
[  860.851930] RSP: 0000:ffff8880898dfe78 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[  860.851938] RAX: ffff88809fff8640 RBX: 0000000000000003 RCX: 0000000000000000
[  860.851942] RDX: 0000000000000000 RSI: ffffffff812ecd0c RDI: ffff88809fff8ebc
[  860.851947] RBP: ffff8880898dff58 R08: ffff88809fff8640 R09: 0000000000000000
[  860.851951] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000025c6e528
[  860.851956] R13: 0000000000000004 R14: ffff88809ffcadc0 R15: 0000000000000000
[  860.851959]  ? __do_page_fault+0x6dc/0xdd0
[  860.851962]  ? __do_page_fault+0x6dc/0xdd0
[  860.851966]  ? trace_hardirqs_off_caller+0x55/0x210
[  860.851969]  ? vmalloc_fault+0x730/0x730
[  860.851972]  ? page_fault+0x8/0x30
[  860.851975]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  860.851978]  ? page_fault+0x8/0x30
[  860.851981]  page_fault+0x1e/0x30
[  860.851983] RIP: 0033:0x401ec6
[  860.851994] Code: 00 00 00 be fb 68 4a 00 e8 87 e4 ff ff 48 85 c0 0f 85 cb fe ff ff e9 4a ff ff ff e8 c4 68 04 00 48 6b 44 24 28 18 8b 7c 24 38 <48> 8b 88 90 01 00 20 48 8b 90 88 01 00 20 48 8b b0 80 01 00 20 e8
[  860.851997] RSP: 002b:00007fff8a2c1c30 EFLAGS: 00010202
[  860.852004] RAX: 0000000005c6e398 RBX: 00007fff8a2c1e00 RCX: 0000000000402023
[  860.852008] RDX: 903b0da42fadbc53 RSI: 0000000000000000 RDI: 0000000000000004
[  860.852013] RBP: 0000000000000000 R08: 00007fff8a2c1c30 R09: 0000000000000000
[  860.852018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403220
[  860.852022] R13: 00000000004032b0 R14: 0000000000000000 R15: 0000000000000000
[  861.681225] workqueue events_power_efficient: flags=0x80
[  861.686697]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=2/256 refcnt=3
[  861.693620]     pending: neigh_periodic_work, check_lifetime
[  861.699618] workqueue mm_percpu_wq: flags=0x8
[  861.704143]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2
[  861.711061]     pending: vmstat_update
[  861.715127] workqueue krxrpcd: flags=0x0
[  861.719231]   pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=2
[  861.725991]     pending: rxrpc_peer_keepalive_worker