DUID 00:04:17:4d:40:87:6e:bf:2d:0e:65:92:c1:2a:fb:91:5f:79 forked to background, child pid 3170 [ 23.997756][ T3171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.007354][ T3171] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.170' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 52.486620][ T3587] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 52.567070][ T3598] [ 52.569412][ T3598] ====================================================== [ 52.576406][ T3598] WARNING: possible circular locking dependency detected [ 52.583397][ T3598] 5.15.103-syzkaller #0 Not tainted [ 52.588563][ T3598] ------------------------------------------------------ [ 52.595565][ T3598] syz-executor232/3598 is trying to acquire lock: [ 52.601947][ T3598] ffff8880786bb350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 52.611064][ T3598] [ 52.611064][ T3598] but task is already holding lock: [ 52.618401][ T3598] ffff8880786bc5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 52.628992][ T3598] [ 52.628992][ T3598] which lock already depends on the new lock. [ 52.628992][ T3598] [ 52.639477][ T3598] [ 52.639477][ T3598] the existing dependency chain (in reverse order) is: [ 52.648485][ T3598] [ 52.648485][ T3598] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 52.657151][ T3598] lock_acquire+0x1ff/0x570 [ 52.662169][ T3598] __mutex_lock_common+0x1da/0x25a0 [ 52.667864][ T3598] mutex_lock_nested+0x17/0x20 [ 52.673120][ T3598] nfc_urelease_event_work+0x113/0x2f0 [ 52.679074][ T3598] process_one_work+0x90d/0x1270 [ 52.684507][ T3598] worker_thread+0xaca/0x1280 [ 52.689676][ T3598] kthread+0x3f6/0x4f0 [ 52.694242][ T3598] ret_from_fork+0x1f/0x30 [ 52.699154][ T3598] [ 52.699154][ T3598] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 52.706938][ T3598] lock_acquire+0x1ff/0x570 [ 52.711937][ T3598] __mutex_lock_common+0x1da/0x25a0 [ 52.717630][ T3598] mutex_lock_nested+0x17/0x20 [ 52.722890][ T3598] nfc_register_device+0x38/0x310 [ 52.728414][ T3598] nci_register_device+0x7be/0x900 [ 52.734028][ T3598] virtual_ncidev_open+0x55/0xc0 [ 52.739493][ T3598] misc_open+0x304/0x380 [ 52.744229][ T3598] chrdev_open+0x54a/0x630 [ 52.749138][ T3598] do_dentry_open+0x807/0xfb0 [ 52.754307][ T3598] path_openat+0x2702/0x2f20 [ 52.759391][ T3598] do_filp_open+0x21c/0x460 [ 52.764394][ T3598] do_sys_openat2+0x13b/0x500 [ 52.769576][ T3598] __x64_sys_openat+0x243/0x290 [ 52.774932][ T3598] do_syscall_64+0x3d/0xb0 [ 52.779851][ T3598] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 52.786251][ T3598] [ 52.786251][ T3598] -> #1 (nci_mutex){+.+.}-{3:3}: [ 52.793343][ T3598] lock_acquire+0x1ff/0x570 [ 52.798346][ T3598] __mutex_lock_common+0x1da/0x25a0 [ 52.804057][ T3598] mutex_lock_nested+0x17/0x20 [ 52.809317][ T3598] virtual_nci_close+0x13/0x40 [ 52.814581][ T3598] nci_dev_up+0x954/0xd40 [ 52.819417][ T3598] nfc_dev_up+0x185/0x330 [ 52.824241][ T3598] nfc_genl_dev_up+0x80/0xd0 [ 52.829326][ T3598] genl_rcv_msg+0xfbd/0x14a0 [ 52.834408][ T3598] netlink_rcv_skb+0x1cf/0x410 [ 52.839667][ T3598] genl_rcv+0x24/0x40 [ 52.844147][ T3598] netlink_unicast+0x7b6/0x980 [ 52.849415][ T3598] netlink_sendmsg+0xa30/0xd60 [ 52.854695][ T3598] ____sys_sendmsg+0x59e/0x8f0 [ 52.859963][ T3598] ___sys_sendmsg+0x252/0x2e0 [ 52.865140][ T3598] __se_sys_sendmsg+0x19a/0x260 [ 52.870492][ T3598] do_syscall_64+0x3d/0xb0 [ 52.875414][ T3598] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 52.881809][ T3598] [ 52.881809][ T3598] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 52.889424][ T3598] validate_chain+0x1646/0x58b0 [ 52.894778][ T3598] __lock_acquire+0x1295/0x1ff0 [ 52.900126][ T3598] lock_acquire+0x1ff/0x570 [ 52.905125][ T3598] __mutex_lock_common+0x1da/0x25a0 [ 52.910820][ T3598] mutex_lock_nested+0x17/0x20 [ 52.916097][ T3598] nci_start_poll+0x59f/0xf20 [ 52.921270][ T3598] nfc_start_poll+0x184/0x2f0 [ 52.926441][ T3598] nfc_genl_start_poll+0x1e7/0x350 [ 52.932048][ T3598] genl_rcv_msg+0xfbd/0x14a0 [ 52.937132][ T3598] netlink_rcv_skb+0x1cf/0x410 [ 52.942389][ T3598] genl_rcv+0x24/0x40 [ 52.946861][ T3598] netlink_unicast+0x7b6/0x980 [ 52.952120][ T3598] netlink_sendmsg+0xa30/0xd60 [ 52.957381][ T3598] ____sys_sendmsg+0x59e/0x8f0 [ 52.962638][ T3598] ___sys_sendmsg+0x252/0x2e0 [ 52.967823][ T3598] __se_sys_sendmsg+0x19a/0x260 [ 52.973171][ T3598] do_syscall_64+0x3d/0xb0 [ 52.978095][ T3598] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 52.984502][ T3598] [ 52.984502][ T3598] other info that might help us debug this: [ 52.984502][ T3598] [ 52.994712][ T3598] Chain exists of: [ 52.994712][ T3598] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 52.994712][ T3598] [ 53.008950][ T3598] Possible unsafe locking scenario: [ 53.008950][ T3598] [ 53.016373][ T3598] CPU0 CPU1 [ 53.021710][ T3598] ---- ---- [ 53.027047][ T3598] lock(&genl_data->genl_data_mutex); [ 53.032481][ T3598] lock(nfc_devlist_mutex); [ 53.039560][ T3598] lock(&genl_data->genl_data_mutex); [ 53.047513][ T3598] lock(&ndev->req_lock); [ 53.051900][ T3598] [ 53.051900][ T3598] *** DEADLOCK *** [ 53.051900][ T3598] [ 53.060020][ T3598] 4 locks held by syz-executor232/3598: [ 53.065538][ T3598] #0: ffffffff8da386b0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 53.073707][ T3598] #1: ffffffff8da38568 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 53.082819][ T3598] #2: ffff8880786bc5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 53.093827][ T3598] #3: ffff8880786bc190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 53.102932][ T3598] [ 53.102932][ T3598] stack backtrace: [ 53.108792][ T3598] CPU: 1 PID: 3598 Comm: syz-executor232 Not tainted 5.15.103-syzkaller #0 [ 53.117349][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 53.127377][ T3598] Call Trace: [ 53.130639][ T3598] [ 53.133547][ T3598] dump_stack_lvl+0x1e3/0x2cb [ 53.138202][ T3598] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 53.143816][ T3598] ? print_circular_bug+0x12b/0x1a0 [ 53.149000][ T3598] check_noncircular+0x2f8/0x3b0 [ 53.153921][ T3598] ? add_chain_block+0x850/0x850 [ 53.158839][ T3598] ? lockdep_lock+0x11f/0x2a0 [ 53.163510][ T3598] ? mark_lock+0x98/0x340 [ 53.167818][ T3598] validate_chain+0x1646/0x58b0 [ 53.172646][ T3598] ? print_irqtrace_events+0x210/0x210 [ 53.178083][ T3598] ? lockdep_hardirqs_on+0x94/0x130 [ 53.183255][ T3598] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 53.189127][ T3598] ? _raw_spin_unlock+0x40/0x40 [ 53.193948][ T3598] ? stack_trace_save+0x113/0x1c0 [ 53.198946][ T3598] ? reacquire_held_locks+0x660/0x660 [ 53.204304][ T3598] ? stack_trace_snprint+0xe0/0xe0 [ 53.209390][ T3598] ? stack_depot_save+0x3db/0x440 [ 53.214405][ T3598] ? kfree+0x115/0x2e0 [ 53.218446][ T3598] ? kasan_set_track+0x62/0x80 [ 53.223207][ T3598] ? kasan_set_track+0x4b/0x80 [ 53.227944][ T3598] ? kasan_set_free_info+0x1f/0x40 [ 53.233043][ T3598] ? ____kasan_slab_free+0xd8/0x120 [ 53.238215][ T3598] ? slab_free_freelist_hook+0xdd/0x160 [ 53.243733][ T3598] ? kfree+0x115/0x2e0 [ 53.247773][ T3598] ? nfc_llcp_build_gb+0x4a2/0x710 [ 53.252861][ T3598] ? nfc_llcp_general_bytes+0x91/0x140 [ 53.258292][ T3598] ? nci_start_poll+0x4e9/0xf20 [ 53.263131][ T3598] ? nfc_start_poll+0x184/0x2f0 [ 53.267953][ T3598] ? nfc_genl_start_poll+0x1e7/0x350 [ 53.273211][ T3598] ? netlink_rcv_skb+0x1cf/0x410 [ 53.278122][ T3598] ? mark_lock+0x98/0x340 [ 53.282426][ T3598] ? do_syscall_64+0x3d/0xb0 [ 53.286990][ T3598] __lock_acquire+0x1295/0x1ff0 [ 53.291819][ T3598] lock_acquire+0x1ff/0x570 [ 53.296295][ T3598] ? nci_start_poll+0x59f/0xf20 [ 53.301120][ T3598] ? read_lock_is_recursive+0x10/0x10 [ 53.306464][ T3598] ? kasan_quarantine_put+0xd4/0x220 [ 53.311723][ T3598] ? lockdep_hardirqs_on+0x94/0x130 [ 53.316893][ T3598] ? __might_sleep+0xc0/0xc0 [ 53.321459][ T3598] ? slab_free_freelist_hook+0xdd/0x160 [ 53.326987][ T3598] __mutex_lock_common+0x1da/0x25a0 [ 53.332162][ T3598] ? nci_start_poll+0x59f/0xf20 [ 53.337015][ T3598] ? nci_start_poll+0x59f/0xf20 [ 53.341852][ T3598] ? nfc_llcp_general_bytes+0x140/0x140 [ 53.347370][ T3598] ? mutex_lock_io_nested+0x60/0x60 [ 53.352552][ T3598] ? read_lock_is_recursive+0x10/0x10 [ 53.357913][ T3598] mutex_lock_nested+0x17/0x20 [ 53.362672][ T3598] nci_start_poll+0x59f/0xf20 [ 53.367339][ T3598] ? nci_dev_down+0x40/0x40 [ 53.371827][ T3598] ? __mutex_lock_common+0x444/0x25a0 [ 53.377195][ T3598] ? nfc_get_device+0xf0/0xf0 [ 53.381857][ T3598] ? nfc_start_poll+0x56/0x2f0 [ 53.386597][ T3598] ? class_for_each_device+0x2b0/0x2b0 [ 53.392037][ T3598] ? mutex_lock_io_nested+0x60/0x60 [ 53.397217][ T3598] ? mutex_lock_io_nested+0x60/0x60 [ 53.402396][ T3598] ? nfc_get_device+0x94/0xf0 [ 53.407053][ T3598] nfc_start_poll+0x184/0x2f0 [ 53.411712][ T3598] nfc_genl_start_poll+0x1e7/0x350 [ 53.416798][ T3598] genl_rcv_msg+0xfbd/0x14a0 [ 53.421378][ T3598] ? genl_bind+0x370/0x370 [ 53.425766][ T3598] ? arch_stack_walk+0xf3/0x140 [ 53.430592][ T3598] ? mark_lock+0x98/0x340 [ 53.434901][ T3598] ? __lock_acquire+0x1295/0x1ff0 [ 53.439905][ T3598] ? nfc_genl_dev_down+0xd0/0xd0 [ 53.444819][ T3598] netlink_rcv_skb+0x1cf/0x410 [ 53.449575][ T3598] ? genl_bind+0x370/0x370 [ 53.453978][ T3598] ? netlink_ack+0xb10/0xb10 [ 53.458553][ T3598] ? __down_read_common+0x184/0x2c0 [ 53.463740][ T3598] genl_rcv+0x24/0x40 [ 53.467695][ T3598] netlink_unicast+0x7b6/0x980 [ 53.472434][ T3598] ? netlink_detachskb+0x90/0x90 [ 53.477360][ T3598] ? 0xffffffff81000000 [ 53.481491][ T3598] ? __check_object_size+0x300/0x410 [ 53.486792][ T3598] ? bpf_lsm_netlink_send+0x5/0x10 [ 53.491921][ T3598] netlink_sendmsg+0xa30/0xd60 [ 53.496705][ T3598] ? netlink_getsockopt+0x9d0/0x9d0 [ 53.501893][ T3598] ? aa_sock_msg_perm+0x91/0x150 [ 53.506814][ T3598] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 53.512076][ T3598] ? security_socket_sendmsg+0x7d/0xa0 [ 53.517508][ T3598] ? netlink_getsockopt+0x9d0/0x9d0 [ 53.522685][ T3598] ____sys_sendmsg+0x59e/0x8f0 [ 53.527430][ T3598] ? iovec_from_user+0x300/0x390 [ 53.532343][ T3598] ? __sys_sendmsg_sock+0x30/0x30 [ 53.537354][ T3598] ___sys_sendmsg+0x252/0x2e0 [ 53.542013][ T3598] ? __sys_sendmsg+0x260/0x260 [ 53.546751][ T3598] ? rcu_lock_release+0x9/0x20 [ 53.551504][ T3598] ? __fdget+0x191/0x220 [ 53.555734][ T3598] __se_sys_sendmsg+0x19a/0x260 [ 53.560585][ T3598] ? __x64_sys_sendmsg+0x80/0x80 [ 53.565504][ T3598] ? syscall_enter_from_user_mode+0x2e/0x290 [ 53.571470][ T3598] ? lockdep_hardirqs_on+0x94/0x130 [ 53.576643][ T3598] ? syscall_enter_from_user_mode+0x2e/0x290 [ 53.582594][ T3598] do_syscall_64+0x3d/0xb0 [ 53.586991][ T3598] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 53.592862][ T3598] RIP: 0033:0x7fcb6d865649 [ 53.597253][ T3598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 53.616830][ T3598] RSP: 002b:00007fcb6d7f5318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.625217][ T3598] RAX: ffffffffffffffda RBX: 00007fcb6d8ed438 RCX: 00007fcb6d865649 [ 53.633163][ T3598] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 53.641108][ T3598] RBP: 00007fcb6d8ed430 R08: 0000000000000003 R09: 0000000000000000 [ 53.649054][ T3598] R10: 0000000000000008 R11: 0000000000000246 R12: 00007fcb6d8bb074 [ 53.657003][ T3598] R13: 00007fffeaa12f2f R14: 00007fcb6d7f5400 R15: 0000000000022000 [ 53.664952][ T3598] [ 53.669053][ T3598] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 53.681905][ T3598] nci: nci_start_poll: failed to set local general bytes executing program [ 58.720138][ T3598] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 58.950135][ T3600] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 58.958881][ T3600] nci: nci_start_poll: failed to set local general bytes