DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2 forked to background, child pid 3172 [ 28.791311][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.802718][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.14' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 53.147613][ T3499] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 53.234599][ T3508] [ 53.236948][ T3508] ====================================================== [ 53.243965][ T3508] WARNING: possible circular locking dependency detected [ 53.251066][ T3508] 5.15.116-syzkaller #0 Not tainted [ 53.256249][ T3508] ------------------------------------------------------ [ 53.263250][ T3508] syz-executor369/3508 is trying to acquire lock: [ 53.282494][ T3508] ffff888078168350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 53.291639][ T3508] [ 53.291639][ T3508] but task is already holding lock: [ 53.298985][ T3508] ffff8880781695d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 53.310551][ T3508] [ 53.310551][ T3508] which lock already depends on the new lock. [ 53.310551][ T3508] [ 53.320968][ T3508] [ 53.320968][ T3508] the existing dependency chain (in reverse order) is: [ 53.329970][ T3508] [ 53.329970][ T3508] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 53.338662][ T3508] lock_acquire+0x1db/0x4f0 [ 53.343730][ T3508] __mutex_lock_common+0x1da/0x25a0 [ 53.349475][ T3508] mutex_lock_nested+0x17/0x20 [ 53.355020][ T3508] nfc_urelease_event_work+0x113/0x2f0 [ 53.361006][ T3508] process_one_work+0x8a1/0x10c0 [ 53.366485][ T3508] worker_thread+0xaca/0x1280 [ 53.371669][ T3508] kthread+0x3f6/0x4f0 [ 53.376243][ T3508] ret_from_fork+0x1f/0x30 [ 53.381170][ T3508] [ 53.381170][ T3508] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 53.388972][ T3508] lock_acquire+0x1db/0x4f0 [ 53.393984][ T3508] __mutex_lock_common+0x1da/0x25a0 [ 53.399692][ T3508] mutex_lock_nested+0x17/0x20 [ 53.404964][ T3508] nfc_register_device+0x38/0x310 [ 53.410493][ T3508] nci_register_device+0x7be/0x900 [ 53.416110][ T3508] virtual_ncidev_open+0x55/0xc0 [ 53.421557][ T3508] misc_open+0x304/0x380 [ 53.426308][ T3508] chrdev_open+0x54a/0x630 [ 53.431231][ T3508] do_dentry_open+0x807/0xfb0 [ 53.436419][ T3508] path_openat+0x2702/0x2f20 [ 53.441535][ T3508] do_filp_open+0x21c/0x460 [ 53.446553][ T3508] do_sys_openat2+0x13b/0x500 [ 53.451738][ T3508] __x64_sys_openat+0x243/0x290 [ 53.457116][ T3508] do_syscall_64+0x3d/0xb0 [ 53.462043][ T3508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 53.468461][ T3508] [ 53.468461][ T3508] -> #1 (nci_mutex){+.+.}-{3:3}: [ 53.475586][ T3508] lock_acquire+0x1db/0x4f0 [ 53.480609][ T3508] __mutex_lock_common+0x1da/0x25a0 [ 53.486317][ T3508] mutex_lock_nested+0x17/0x20 [ 53.491589][ T3508] virtual_nci_close+0x13/0x40 [ 53.496861][ T3508] nci_dev_up+0x954/0xd40 [ 53.501699][ T3508] nfc_dev_up+0x185/0x330 [ 53.506538][ T3508] nfc_genl_dev_up+0x80/0xd0 [ 53.511639][ T3508] genl_rcv_msg+0xfbd/0x14a0 [ 53.516743][ T3508] netlink_rcv_skb+0x1cf/0x410 [ 53.522024][ T3508] genl_rcv+0x24/0x40 [ 53.526513][ T3508] netlink_unicast+0x7b6/0x980 [ 53.531872][ T3508] netlink_sendmsg+0xa30/0xd60 [ 53.537144][ T3508] ____sys_sendmsg+0x59e/0x8f0 [ 53.542418][ T3508] ___sys_sendmsg+0x252/0x2e0 [ 53.547613][ T3508] __se_sys_sendmsg+0x19a/0x260 [ 53.552971][ T3508] do_syscall_64+0x3d/0xb0 [ 53.557898][ T3508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 53.564302][ T3508] [ 53.564302][ T3508] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 53.571964][ T3508] validate_chain+0x1646/0x58b0 [ 53.577322][ T3508] __lock_acquire+0x1295/0x1ff0 [ 53.582682][ T3508] lock_acquire+0x1db/0x4f0 [ 53.587699][ T3508] __mutex_lock_common+0x1da/0x25a0 [ 53.593406][ T3508] mutex_lock_nested+0x17/0x20 [ 53.598680][ T3508] nci_start_poll+0x59f/0xf20 [ 53.603865][ T3508] nfc_start_poll+0x184/0x2f0 [ 53.609048][ T3508] nfc_genl_start_poll+0x1e7/0x350 [ 53.614665][ T3508] genl_rcv_msg+0xfbd/0x14a0 [ 53.619763][ T3508] netlink_rcv_skb+0x1cf/0x410 [ 53.625035][ T3508] genl_rcv+0x24/0x40 [ 53.629699][ T3508] netlink_unicast+0x7b6/0x980 [ 53.634969][ T3508] netlink_sendmsg+0xa30/0xd60 [ 53.640328][ T3508] ____sys_sendmsg+0x59e/0x8f0 [ 53.645600][ T3508] ___sys_sendmsg+0x252/0x2e0 [ 53.650785][ T3508] __se_sys_sendmsg+0x19a/0x260 [ 53.656143][ T3508] do_syscall_64+0x3d/0xb0 [ 53.661107][ T3508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 53.667507][ T3508] [ 53.667507][ T3508] other info that might help us debug this: [ 53.667507][ T3508] [ 53.677717][ T3508] Chain exists of: [ 53.677717][ T3508] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 53.677717][ T3508] [ 53.692211][ T3508] Possible unsafe locking scenario: [ 53.692211][ T3508] [ 53.699646][ T3508] CPU0 CPU1 [ 53.704993][ T3508] ---- ---- [ 53.710339][ T3508] lock(&genl_data->genl_data_mutex); [ 53.715787][ T3508] lock(nfc_devlist_mutex); [ 53.722903][ T3508] lock(&genl_data->genl_data_mutex); [ 53.730868][ T3508] lock(&ndev->req_lock); [ 53.735268][ T3508] [ 53.735268][ T3508] *** DEADLOCK *** [ 53.735268][ T3508] [ 53.743395][ T3508] 4 locks held by syz-executor369/3508: [ 53.749098][ T3508] #0: ffffffff8da3d0d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 53.757266][ T3508] #1: ffffffff8da3cf88 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 53.766745][ T3508] #2: ffff8880781695d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 53.777801][ T3508] #3: ffff888078169190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 53.787013][ T3508] [ 53.787013][ T3508] stack backtrace: [ 53.792880][ T3508] CPU: 0 PID: 3508 Comm: syz-executor369 Not tainted 5.15.116-syzkaller #0 [ 53.801565][ T3508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 53.811617][ T3508] Call Trace: [ 53.814897][ T3508] [ 53.817823][ T3508] dump_stack_lvl+0x1e3/0x2cb [ 53.822510][ T3508] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 53.828161][ T3508] ? print_circular_bug+0x12b/0x1a0 [ 53.833360][ T3508] check_noncircular+0x2f8/0x3b0 [ 53.838293][ T3508] ? add_chain_block+0x850/0x850 [ 53.843235][ T3508] ? lockdep_lock+0x11f/0x2a0 [ 53.847903][ T3508] ? mark_lock+0x98/0x340 [ 53.852224][ T3508] validate_chain+0x1646/0x58b0 [ 53.857064][ T3508] ? print_irqtrace_events+0x210/0x210 [ 53.862544][ T3508] ? lockdep_hardirqs_on+0x94/0x130 [ 53.867731][ T3508] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 53.873612][ T3508] ? _raw_spin_unlock+0x40/0x40 [ 53.878449][ T3508] ? stack_trace_save+0x113/0x1c0 [ 53.883463][ T3508] ? reacquire_held_locks+0x660/0x660 [ 53.888821][ T3508] ? stack_trace_snprint+0xe0/0xe0 [ 53.893928][ T3508] ? stack_depot_save+0x3db/0x440 [ 53.898944][ T3508] ? kfree+0xf1/0x270 [ 53.902916][ T3508] ? kasan_set_track+0x62/0x80 [ 53.907669][ T3508] ? kasan_set_track+0x4b/0x80 [ 53.912417][ T3508] ? kasan_set_free_info+0x1f/0x40 [ 53.917515][ T3508] ? ____kasan_slab_free+0xd8/0x120 [ 53.922702][ T3508] ? slab_free_freelist_hook+0xdd/0x160 [ 53.928231][ T3508] ? kfree+0xf1/0x270 [ 53.932195][ T3508] ? nfc_llcp_build_gb+0x4a2/0x710 [ 53.937295][ T3508] ? nfc_llcp_general_bytes+0x91/0x140 [ 53.942744][ T3508] ? nci_start_poll+0x4e9/0xf20 [ 53.947578][ T3508] ? nfc_start_poll+0x184/0x2f0 [ 53.952427][ T3508] ? nfc_genl_start_poll+0x1e7/0x350 [ 53.957745][ T3508] ? netlink_rcv_skb+0x1cf/0x410 [ 53.962682][ T3508] ? mark_lock+0x98/0x340 [ 53.967151][ T3508] ? do_syscall_64+0x3d/0xb0 [ 53.971753][ T3508] __lock_acquire+0x1295/0x1ff0 [ 53.976728][ T3508] lock_acquire+0x1db/0x4f0 [ 53.981241][ T3508] ? nci_start_poll+0x59f/0xf20 [ 53.986246][ T3508] ? read_lock_is_recursive+0x10/0x10 [ 53.991610][ T3508] ? kasan_quarantine_put+0xd4/0x220 [ 53.996907][ T3508] ? lockdep_hardirqs_on+0x94/0x130 [ 54.002111][ T3508] ? __might_sleep+0xc0/0xc0 [ 54.006700][ T3508] ? slab_free_freelist_hook+0xdd/0x160 [ 54.012240][ T3508] __mutex_lock_common+0x1da/0x25a0 [ 54.019958][ T3508] ? nci_start_poll+0x59f/0xf20 [ 54.024816][ T3508] ? nci_start_poll+0x59f/0xf20 [ 54.029651][ T3508] ? nfc_llcp_general_bytes+0x140/0x140 [ 54.035195][ T3508] ? mutex_lock_io_nested+0x60/0x60 [ 54.040402][ T3508] ? read_lock_is_recursive+0x10/0x10 [ 54.045769][ T3508] mutex_lock_nested+0x17/0x20 [ 54.050546][ T3508] nci_start_poll+0x59f/0xf20 [ 54.055217][ T3508] ? nci_dev_down+0x40/0x40 [ 54.059707][ T3508] ? __mutex_lock_common+0x444/0x25a0 [ 54.065073][ T3508] ? nfc_get_device+0xf0/0xf0 [ 54.069827][ T3508] ? nfc_start_poll+0x56/0x2f0 [ 54.074580][ T3508] ? class_for_each_device+0x2b0/0x2b0 [ 54.080029][ T3508] ? mutex_lock_io_nested+0x60/0x60 [ 54.085218][ T3508] ? mutex_lock_io_nested+0x60/0x60 [ 54.090407][ T3508] ? nfc_get_device+0x94/0xf0 [ 54.095072][ T3508] nfc_start_poll+0x184/0x2f0 [ 54.099828][ T3508] nfc_genl_start_poll+0x1e7/0x350 [ 54.105018][ T3508] genl_rcv_msg+0xfbd/0x14a0 [ 54.109603][ T3508] ? genl_bind+0x370/0x370 [ 54.114006][ T3508] ? arch_stack_walk+0xf3/0x140 [ 54.118848][ T3508] ? mark_lock+0x98/0x340 [ 54.123168][ T3508] ? __lock_acquire+0x1295/0x1ff0 [ 54.128183][ T3508] ? nfc_genl_dev_down+0xd0/0xd0 [ 54.133113][ T3508] netlink_rcv_skb+0x1cf/0x410 [ 54.137865][ T3508] ? genl_bind+0x370/0x370 [ 54.142277][ T3508] ? netlink_ack+0xb10/0xb10 [ 54.146856][ T3508] ? down_read+0x1b3/0x2e0 [ 54.151271][ T3508] ? genl_rcv+0x9/0x40 [ 54.155343][ T3508] genl_rcv+0x24/0x40 [ 54.159344][ T3508] netlink_unicast+0x7b6/0x980 [ 54.164112][ T3508] ? netlink_detachskb+0x90/0x90 [ 54.169047][ T3508] ? 0xffffffff81000000 [ 54.173192][ T3508] ? __check_object_size+0x300/0x410 [ 54.178469][ T3508] ? bpf_lsm_netlink_send+0x5/0x10 [ 54.183573][ T3508] netlink_sendmsg+0xa30/0xd60 [ 54.188334][ T3508] ? netlink_getsockopt+0x5b0/0x5b0 [ 54.193522][ T3508] ? aa_sock_msg_perm+0x91/0x150 [ 54.198450][ T3508] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 54.203731][ T3508] ? security_socket_sendmsg+0x7d/0xa0 [ 54.209271][ T3508] ? netlink_getsockopt+0x5b0/0x5b0 [ 54.214459][ T3508] ____sys_sendmsg+0x59e/0x8f0 [ 54.219235][ T3508] ? iovec_from_user+0x300/0x390 [ 54.224167][ T3508] ? __sys_sendmsg_sock+0x30/0x30 [ 54.229273][ T3508] ___sys_sendmsg+0x252/0x2e0 [ 54.233954][ T3508] ? __sys_sendmsg+0x260/0x260 [ 54.238723][ T3508] ? __fdget+0x191/0x220 [ 54.242957][ T3508] __se_sys_sendmsg+0x19a/0x260 [ 54.247797][ T3508] ? __x64_sys_sendmsg+0x80/0x80 [ 54.252726][ T3508] ? syscall_enter_from_user_mode+0x2e/0x230 [ 54.258699][ T3508] ? lockdep_hardirqs_on+0x94/0x130 [ 54.263892][ T3508] ? syscall_enter_from_user_mode+0x2e/0x230 [ 54.269865][ T3508] do_syscall_64+0x3d/0xb0 [ 54.274276][ T3508] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.280160][ T3508] RIP: 0033:0x7fcae2294649 [ 54.284569][ T3508] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 54.304164][ T3508] RSP: 002b:00007fcae2245318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 54.312567][ T3508] RAX: ffffffffffffffda RBX: 00007fcae231c428 RCX: 00007fcae2294649 [ 54.320527][ T3508] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 54.328486][ T3508] RBP: 00007fcae231c420 R08: 0000000000000003 R09: 0000000000000000 [ 54.336447][ T3508] R10: 0000000000000008 R11: 0000000000000246 R12: 00007fcae22ea074 [ 54.344409][ T3508] R13: 00007fffb987bc8f R14: 00007fcae2245400 R15: 0000000000022000 [ 54.352373][ T3508] [ 54.468975][ T3508] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 54.477839][ T3508] nci: nci_start_poll: failed to set local general bytes executing program [ 59.546608][ T3508] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 59.777355][ T3515] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 60.010618][ T3525] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 60.019344][ T3525] nci: nci_start_poll: failed to set local general bytes