[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.688963] IPVS: ftp: loaded support on port[0] = 21 [ 36.724247] FAULT_INJECTION: forcing a failure. [ 36.724247] name failslab, interval 1, probability 0, space 0, times 1 [ 36.735741] CPU: 0 PID: 8088 Comm: syz-executor098 Not tainted 4.19.186-syzkaller #0 [ 36.743616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.752950] Call Trace: [ 36.755524] dump_stack+0x1fc/0x2ef [ 36.759136] should_fail.cold+0xa/0xf [ 36.762942] ? setup_fault_attr+0x200/0x200 [ 36.767430] ? lock_acquire+0x170/0x3c0 [ 36.771391] __should_failslab+0x115/0x180 [ 36.775618] should_failslab+0x5/0x10 [ 36.779413] kmem_cache_alloc_trace+0x284/0x380 [ 36.784064] vmci_ctx_enqueue_datagram+0xad/0x500 [ 36.788889] ? memcpy+0x35/0x50 [ 36.792151] vmci_datagram_dispatch+0x39b/0xb40 [ 36.797078] ? vmci_datagram_destroy_handle+0x60/0x60 [ 36.802249] ? __fput+0x2ce/0x890 [ 36.805872] ? lock_downgrade+0x720/0x720 [ 36.810000] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.815358] qp_notify_peer+0x182/0x260 [ 36.819316] ? qp_host_unregister_user_memory+0x2c0/0x2c0 [ 36.824839] vmci_qp_broker_detach+0xa09/0x11b0 [ 36.829491] ? vmci_qp_broker_set_page_store+0x750/0x750 [ 36.834923] ? kfree+0x110/0x210 [ 36.838270] ? vmci_ctx_put+0x4fb/0xd60 [ 36.842228] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 36.846794] vmci_ctx_put+0x55a/0xd60 [ 36.850578] ? vmci_ctx_unset_notify+0x2a0/0x2a0 [ 36.855314] ? lock_downgrade+0x720/0x720 [ 36.859443] ? lock_acquire+0x170/0x3c0 [ 36.863397] ? vmci_ctx_destroy+0x1e/0x140 [ 36.867613] ? do_raw_spin_unlock+0x171/0x230 [ 36.872089] vmci_host_close+0x116/0x1a0 [ 36.876133] ? vmci_host_poll+0x220/0x220 [ 36.880265] __fput+0x2ce/0x890 [ 36.883529] task_work_run+0x148/0x1c0 [ 36.887401] exit_to_usermode_loop+0x251/0x2a0 [ 36.891979] do_syscall_64+0x538/0x620 [ 36.895864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.901038] RIP: 0033:0x445fd9 [ 36.906305] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 36.925187] RSP: 002b:00007f2d8f15f2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000124 [ 36.932874] RAX: 0000000000000004 RBX: 00000000004cb4e0 RCX: 0000000000445fd9 [ 36.940124] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 36.947385] RBP: 000000000049b26c R08: 0000000000000001 R09: 0000000000000033 [ 36.954663] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb4ec [ 36.961913] R13: 00007f2d8f15f2f0 R14: 00000000004cb4e8 R15: 0000000000000001 [ 36.977278] Failed to allocate memory for datagram [ 36.982305] [ 36.983922] ============================================ [ 36.989355] WARNING: possible recursive locking detected [ 36.994780] 4.19.186-syzkaller #0 Not tainted [ 36.999301] -------------------------------------------- [ 37.004770] syz-executor098/8088 is trying to acquire lock: [ 37.010455] 00000000ad2d1ecc (qp_broker_list.mutex){+.+.}, at: vmci_qp_broker_detach+0x147/0x11b0 [ 37.019458] [ 37.019458] but task is already holding lock: [ 37.025404] 00000000ad2d1ecc (qp_broker_list.mutex){+.+.}, at: vmci_qp_broker_detach+0x147/0x11b0 [ 37.034402] [ 37.034402] other info that might help us debug this: [ 37.041050] Possible unsafe locking scenario: [ 37.041050] [ 37.047086] CPU0 [ 37.049644] ---- [ 37.052200] lock(qp_broker_list.mutex); [ 37.056327] lock(qp_broker_list.mutex); [ 37.060452] [ 37.060452] *** DEADLOCK *** [ 37.060452] [ 37.066487] May be due to missing lock nesting notation [ 37.066487] [ 37.073998] 1 lock held by syz-executor098/8088: [ 37.078725] #0: 00000000ad2d1ecc (qp_broker_list.mutex){+.+.}, at: vmci_qp_broker_detach+0x147/0x11b0 [ 37.088160] [ 37.088160] stack backtrace: [ 37.092640] CPU: 1 PID: 8088 Comm: syz-executor098 Not tainted 4.19.186-syzkaller #0 [ 37.100500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.109843] Call Trace: [ 37.112414] dump_stack+0x1fc/0x2ef [ 37.116028] __lock_acquire.cold+0x121/0x57e [ 37.120437] ? mark_held_locks+0xf0/0xf0 [ 37.124487] ? lock_acquire+0x170/0x3c0 [ 37.128447] ? __bpf_address_lookup+0x330/0x330 [ 37.133094] ? check_preemption_disabled+0x41/0x280 [ 37.138107] ? depot_save_stack+0x258/0x410 [ 37.142404] ? lock_downgrade+0x720/0x720 [ 37.146527] ? lock_acquire+0x170/0x3c0 [ 37.150480] ? depot_save_stack+0x1e0/0x410 [ 37.154778] lock_acquire+0x170/0x3c0 [ 37.158558] ? vmci_qp_broker_detach+0x147/0x11b0 [ 37.163377] ? vmci_qp_broker_detach+0x147/0x11b0 [ 37.168195] __mutex_lock+0xd7/0x1260 [ 37.171973] ? vmci_qp_broker_detach+0x147/0x11b0 [ 37.176793] ? kfree+0xcc/0x210 [ 37.180069] ? vmci_ctx_put+0x4fb/0xd60 [ 37.184018] ? vmci_datagram_dispatch+0x39b/0xb40 [ 37.188838] ? qp_notify_peer+0x182/0x260 [ 37.193048] ? vmci_ctx_put+0x55a/0xd60 [ 37.197001] ? vmci_host_close+0x116/0x1a0 [ 37.201212] ? __fput+0x2ce/0x890 [ 37.204641] ? vmci_qp_broker_detach+0x147/0x11b0 [ 37.209459] ? __mutex_add_waiter+0x160/0x160 [ 37.213940] ? _raw_spin_unlock_irq+0x5a/0x80 [ 37.218426] ? finish_task_switch+0x146/0x760 [ 37.222943] ? switch_mm_irqs_off+0x764/0x1340 [ 37.227508] ? debug_check_no_obj_freed+0x201/0x490 [ 37.232507] ? lock_downgrade+0x720/0x720 [ 37.236630] ? lock_acquire+0x170/0x3c0 [ 37.240582] ? debug_check_no_obj_freed+0xb5/0x490 [ 37.245490] vmci_qp_broker_detach+0x147/0x11b0 [ 37.250139] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 37.255231] ? debug_check_no_obj_freed+0x201/0x490 [ 37.260241] ? vmci_qp_broker_set_page_store+0x750/0x750 [ 37.265673] ? kfree+0x110/0x210 [ 37.269022] ? vmci_ctx_put+0x4fb/0xd60 [ 37.272981] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.277543] vmci_ctx_put+0x55a/0xd60 [ 37.281334] ? vmci_ctx_unset_notify+0x2a0/0x2a0 [ 37.286077] ? printk+0xba/0xed [ 37.289350] ? log_store.cold+0x16/0x16 [ 37.293313] ? vmci_ctx_enqueue_datagram+0xad/0x500 [ 37.298308] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.303302] ? vmci_ctx_enqueue_datagram.cold+0x5/0x24 [ 37.308556] vmci_ctx_enqueue_datagram.cold+0x1f/0x24 [ 37.313732] ? memcpy+0x35/0x50 [ 37.316989] vmci_datagram_dispatch+0x39b/0xb40 [ 37.321643] ? vmci_datagram_destroy_handle+0x60/0x60 [ 37.326814] ? __fput+0x2ce/0x890 [ 37.330243] ? lock_downgrade+0x720/0x720 [ 37.334367] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.339706] qp_notify_peer+0x182/0x260 [ 37.343671] ? qp_host_unregister_user_memory+0x2c0/0x2c0 [ 37.349187] vmci_qp_broker_detach+0xa09/0x11b0 [ 37.353855] ? vmci_qp_broker_set_page_store+0x750/0x750 [ 37.359281] ? kfree+0x110/0x210 [ 37.362774] ? vmci_ctx_put+0x4fb/0xd60 [ 37.366740] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.371324] vmci_ctx_put+0x55a/0xd60 [ 37.375110] ? vmci_ctx_unset_notify+0x2a0/0x2a0 [ 37.379847] ? lock_downgrade+0x720/0x720 [ 37.383992] ? lock_acquire+0x170/0x3c0 [ 37.387947] ? vmci_ctx_destroy+0x1e/0x140 [ 37.392187] ? do_raw_spin_unlock+0x171/0x230 [ 37.396667] vmci_host_close+0x116/0x1a0 [ 37.400707] ? vmci_host_poll+0x220/0x220 [ 37.404834] __fput+0x2ce/0x890 [ 37.408104] task_work_run+0x148/0x1c0 [ 37.411972] exit_to_usermode_loop+0x251/0x2a0 [ 37.416533] do_syscall_64+0x538/0x620 [ 37.420399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.425565] RIP: 0033:0x445fd9 [ 37.428761] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 37.447657] RSP: 002b:00007f2d8f15f2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000124 [ 37.455340] RAX: 0000000000000004 RBX: 00000000004cb4e0 RCX: 0000000000445fd9 [ 37.462591] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 37.469836] RBP: 000000000049b26c R08: 0000000000000001 R09: 0000000000000033 [ 37.477081] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb4ec [ 37.484339] R13: 00007f2d8f15f2f0 R14: 00000000004cb4e8 R15: 0000000000000001