DUID 00:04:17:4d:40:87:6e:bf:2d:0e:65:92:c1:2a:fb:91:5f:79 forked to background, child pid 3173 [ 26.148356][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.158389][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.135' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 67.104877][ T3501] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 67.348134][ T3509] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 67.587164][ T3515] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 67.825604][ T3521] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 67.905026][ T3531] [ 67.907364][ T3531] ====================================================== [ 67.914369][ T3531] WARNING: possible circular locking dependency detected [ 67.921379][ T3531] 5.15.112-syzkaller #0 Not tainted [ 67.926559][ T3531] ------------------------------------------------------ [ 67.933556][ T3531] syz-executor273/3531 is trying to acquire lock: [ 67.939950][ T3531] ffff88807a23f350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 67.949085][ T3531] [ 67.949085][ T3531] but task is already holding lock: [ 67.956428][ T3531] ffff88801d7085d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 67.967034][ T3531] [ 67.967034][ T3531] which lock already depends on the new lock. [ 67.967034][ T3531] [ 67.977417][ T3531] [ 67.977417][ T3531] the existing dependency chain (in reverse order) is: [ 67.986408][ T3531] [ 67.986408][ T3531] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 67.995071][ T3531] lock_acquire+0x1db/0x4f0 [ 68.000081][ T3531] __mutex_lock_common+0x1da/0x25a0 [ 68.005783][ T3531] mutex_lock_nested+0x17/0x20 [ 68.011050][ T3531] nfc_urelease_event_work+0x113/0x2f0 [ 68.017013][ T3531] process_one_work+0x8a1/0x10c0 [ 68.022450][ T3531] worker_thread+0xaca/0x1280 [ 68.027624][ T3531] kthread+0x3f6/0x4f0 [ 68.032188][ T3531] ret_from_fork+0x1f/0x30 [ 68.037104][ T3531] [ 68.037104][ T3531] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 68.044899][ T3531] lock_acquire+0x1db/0x4f0 [ 68.049910][ T3531] __mutex_lock_common+0x1da/0x25a0 [ 68.055612][ T3531] mutex_lock_nested+0x17/0x20 [ 68.060902][ T3531] nfc_register_device+0x38/0x310 [ 68.066431][ T3531] nci_register_device+0x7be/0x900 [ 68.072046][ T3531] virtual_ncidev_open+0x55/0xc0 [ 68.077486][ T3531] misc_open+0x304/0x380 [ 68.082226][ T3531] chrdev_open+0x54a/0x630 [ 68.087145][ T3531] do_dentry_open+0x807/0xfb0 [ 68.092326][ T3531] path_openat+0x2702/0x2f20 [ 68.097423][ T3531] do_filp_open+0x21c/0x460 [ 68.102433][ T3531] do_sys_openat2+0x13b/0x500 [ 68.107613][ T3531] __x64_sys_openat+0x243/0x290 [ 68.112974][ T3531] do_syscall_64+0x3d/0xb0 [ 68.117908][ T3531] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 68.124305][ T3531] [ 68.124305][ T3531] -> #1 (nci_mutex){+.+.}-{3:3}: [ 68.131590][ T3531] lock_acquire+0x1db/0x4f0 [ 68.136603][ T3531] __mutex_lock_common+0x1da/0x25a0 [ 68.142307][ T3531] mutex_lock_nested+0x17/0x20 [ 68.147571][ T3531] virtual_nci_close+0x13/0x40 [ 68.152845][ T3531] nci_dev_up+0x954/0xd40 [ 68.157680][ T3531] nfc_dev_up+0x185/0x330 [ 68.162518][ T3531] nfc_genl_dev_up+0x80/0xd0 [ 68.167622][ T3531] genl_rcv_msg+0xfbd/0x14a0 [ 68.172715][ T3531] netlink_rcv_skb+0x1cf/0x410 [ 68.178003][ T3531] genl_rcv+0x24/0x40 [ 68.182487][ T3531] netlink_unicast+0x7b6/0x980 [ 68.187749][ T3531] netlink_sendmsg+0xa30/0xd60 [ 68.193015][ T3531] ____sys_sendmsg+0x59e/0x8f0 [ 68.198382][ T3531] ___sys_sendmsg+0x252/0x2e0 [ 68.203574][ T3531] __se_sys_sendmsg+0x19a/0x260 [ 68.208931][ T3531] do_syscall_64+0x3d/0xb0 [ 68.213851][ T3531] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 68.220273][ T3531] [ 68.220273][ T3531] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 68.227895][ T3531] validate_chain+0x1646/0x58b0 [ 68.233331][ T3531] __lock_acquire+0x1295/0x1ff0 [ 68.238687][ T3531] lock_acquire+0x1db/0x4f0 [ 68.243692][ T3531] __mutex_lock_common+0x1da/0x25a0 [ 68.249402][ T3531] mutex_lock_nested+0x17/0x20 [ 68.254667][ T3531] nci_start_poll+0x59f/0xf20 [ 68.259846][ T3531] nfc_start_poll+0x184/0x2f0 [ 68.265021][ T3531] nfc_genl_start_poll+0x1e7/0x350 [ 68.270629][ T3531] genl_rcv_msg+0xfbd/0x14a0 [ 68.275728][ T3531] netlink_rcv_skb+0x1cf/0x410 [ 68.281004][ T3531] genl_rcv+0x24/0x40 [ 68.285496][ T3531] netlink_unicast+0x7b6/0x980 [ 68.290756][ T3531] netlink_sendmsg+0xa30/0xd60 [ 68.296018][ T3531] ____sys_sendmsg+0x59e/0x8f0 [ 68.301285][ T3531] ___sys_sendmsg+0x252/0x2e0 [ 68.306484][ T3531] __se_sys_sendmsg+0x19a/0x260 [ 68.311837][ T3531] do_syscall_64+0x3d/0xb0 [ 68.316775][ T3531] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 68.323174][ T3531] [ 68.323174][ T3531] other info that might help us debug this: [ 68.323174][ T3531] [ 68.333386][ T3531] Chain exists of: [ 68.333386][ T3531] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 68.333386][ T3531] [ 68.347618][ T3531] Possible unsafe locking scenario: [ 68.347618][ T3531] [ 68.355049][ T3531] CPU0 CPU1 [ 68.360395][ T3531] ---- ---- [ 68.365736][ T3531] lock(&genl_data->genl_data_mutex); [ 68.371179][ T3531] lock(nfc_devlist_mutex); [ 68.378275][ T3531] lock(&genl_data->genl_data_mutex); [ 68.386228][ T3531] lock(&ndev->req_lock); [ 68.390623][ T3531] [ 68.390623][ T3531] *** DEADLOCK *** [ 68.390623][ T3531] [ 68.398750][ T3531] 4 locks held by syz-executor273/3531: [ 68.404287][ T3531] #0: ffffffff8da3c110 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 68.412458][ T3531] #1: ffffffff8da3bfc8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 68.421486][ T3531] #2: ffff88801d7085d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 68.432507][ T3531] #3: ffff88801d708190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 68.441615][ T3531] [ 68.441615][ T3531] stack backtrace: [ 68.447478][ T3531] CPU: 1 PID: 3531 Comm: syz-executor273 Not tainted 5.15.112-syzkaller #0 [ 68.456046][ T3531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 68.466082][ T3531] Call Trace: [ 68.469360][ T3531] [ 68.472274][ T3531] dump_stack_lvl+0x1e3/0x2cb [ 68.476937][ T3531] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 68.482559][ T3531] ? print_circular_bug+0x12b/0x1a0 [ 68.487747][ T3531] check_noncircular+0x2f8/0x3b0 [ 68.492685][ T3531] ? add_chain_block+0x850/0x850 [ 68.497607][ T3531] ? lockdep_lock+0x11f/0x2a0 [ 68.502270][ T3531] ? mark_lock+0x98/0x340 [ 68.506586][ T3531] validate_chain+0x1646/0x58b0 [ 68.511417][ T3531] ? print_irqtrace_events+0x210/0x210 [ 68.516862][ T3531] ? lockdep_hardirqs_on+0x94/0x130 [ 68.522044][ T3531] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 68.527919][ T3531] ? _raw_spin_unlock+0x40/0x40 [ 68.532774][ T3531] ? stack_trace_save+0x113/0x1c0 [ 68.537807][ T3531] ? reacquire_held_locks+0x660/0x660 [ 68.543353][ T3531] ? stack_trace_snprint+0xe0/0xe0 [ 68.548464][ T3531] ? stack_depot_save+0x3db/0x440 [ 68.553504][ T3531] ? kfree+0xf1/0x270 [ 68.557485][ T3531] ? kasan_set_track+0x62/0x80 [ 68.562248][ T3531] ? kasan_set_track+0x4b/0x80 [ 68.567011][ T3531] ? kasan_set_free_info+0x1f/0x40 [ 68.572119][ T3531] ? ____kasan_slab_free+0xd8/0x120 [ 68.577309][ T3531] ? slab_free_freelist_hook+0xdd/0x160 [ 68.582843][ T3531] ? kfree+0xf1/0x270 [ 68.586810][ T3531] ? nfc_llcp_build_gb+0x4a2/0x710 [ 68.591914][ T3531] ? nfc_llcp_general_bytes+0x91/0x140 [ 68.597368][ T3531] ? nci_start_poll+0x4e9/0xf20 [ 68.602207][ T3531] ? nfc_start_poll+0x184/0x2f0 [ 68.607046][ T3531] ? nfc_genl_start_poll+0x1e7/0x350 [ 68.612321][ T3531] ? netlink_rcv_skb+0x1cf/0x410 [ 68.617246][ T3531] ? mark_lock+0x98/0x340 [ 68.621563][ T3531] ? do_syscall_64+0x3d/0xb0 [ 68.626141][ T3531] __lock_acquire+0x1295/0x1ff0 [ 68.630987][ T3531] lock_acquire+0x1db/0x4f0 [ 68.635481][ T3531] ? nci_start_poll+0x59f/0xf20 [ 68.640322][ T3531] ? read_lock_is_recursive+0x10/0x10 [ 68.645682][ T3531] ? kasan_quarantine_put+0xd4/0x220 [ 68.650951][ T3531] ? lockdep_hardirqs_on+0x94/0x130 [ 68.656138][ T3531] ? __might_sleep+0xc0/0xc0 [ 68.660714][ T3531] ? slab_free_freelist_hook+0xdd/0x160 [ 68.666260][ T3531] __mutex_lock_common+0x1da/0x25a0 [ 68.671476][ T3531] ? nci_start_poll+0x59f/0xf20 [ 68.676322][ T3531] ? nci_start_poll+0x59f/0xf20 [ 68.681159][ T3531] ? nfc_llcp_general_bytes+0x140/0x140 [ 68.686692][ T3531] ? mutex_lock_io_nested+0x60/0x60 [ 68.691878][ T3531] ? read_lock_is_recursive+0x10/0x10 [ 68.697236][ T3531] mutex_lock_nested+0x17/0x20 [ 68.701982][ T3531] nci_start_poll+0x59f/0xf20 [ 68.706641][ T3531] ? nci_dev_down+0x40/0x40 [ 68.711123][ T3531] ? __mutex_lock_common+0x444/0x25a0 [ 68.716482][ T3531] ? nfc_get_device+0xf0/0xf0 [ 68.721148][ T3531] ? nfc_start_poll+0x56/0x2f0 [ 68.725897][ T3531] ? class_for_each_device+0x2b0/0x2b0 [ 68.731342][ T3531] ? mutex_lock_io_nested+0x60/0x60 [ 68.736529][ T3531] ? mutex_lock_io_nested+0x60/0x60 [ 68.741715][ T3531] ? nfc_get_device+0x94/0xf0 [ 68.746387][ T3531] nfc_start_poll+0x184/0x2f0 [ 68.751052][ T3531] nfc_genl_start_poll+0x1e7/0x350 [ 68.756148][ T3531] genl_rcv_msg+0xfbd/0x14a0 [ 68.760726][ T3531] ? genl_bind+0x370/0x370 [ 68.765121][ T3531] ? arch_stack_walk+0xf3/0x140 [ 68.769968][ T3531] ? mark_lock+0x98/0x340 [ 68.774280][ T3531] ? __lock_acquire+0x1295/0x1ff0 [ 68.779293][ T3531] ? nfc_genl_dev_down+0xd0/0xd0 [ 68.784237][ T3531] netlink_rcv_skb+0x1cf/0x410 [ 68.788983][ T3531] ? genl_bind+0x370/0x370 [ 68.793382][ T3531] ? netlink_ack+0xb10/0xb10 [ 68.797967][ T3531] ? down_read+0x1b3/0x2e0 [ 68.802361][ T3531] ? genl_rcv+0x9/0x40 [ 68.806410][ T3531] genl_rcv+0x24/0x40 [ 68.810375][ T3531] netlink_unicast+0x7b6/0x980 [ 68.815123][ T3531] ? netlink_detachskb+0x90/0x90 [ 68.820061][ T3531] ? 0xffffffff81000000 [ 68.824191][ T3531] ? __check_object_size+0x300/0x410 [ 68.829462][ T3531] ? bpf_lsm_netlink_send+0x5/0x10 [ 68.834568][ T3531] netlink_sendmsg+0xa30/0xd60 [ 68.839320][ T3531] ? netlink_getsockopt+0x5a0/0x5a0 [ 68.844500][ T3531] ? aa_sock_msg_perm+0x91/0x150 [ 68.849432][ T3531] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 68.854695][ T3531] ? security_socket_sendmsg+0x7d/0xa0 [ 68.860132][ T3531] ? netlink_getsockopt+0x5a0/0x5a0 [ 68.865326][ T3531] ____sys_sendmsg+0x59e/0x8f0 [ 68.870073][ T3531] ? iovec_from_user+0x300/0x390 [ 68.874994][ T3531] ? __sys_sendmsg_sock+0x30/0x30 [ 68.880032][ T3531] ___sys_sendmsg+0x252/0x2e0 [ 68.884707][ T3531] ? __sys_sendmsg+0x260/0x260 [ 68.889465][ T3531] ? __fdget+0x191/0x220 [ 68.893696][ T3531] __se_sys_sendmsg+0x19a/0x260 [ 68.898531][ T3531] ? __x64_sys_sendmsg+0x80/0x80 [ 68.903470][ T3531] ? syscall_enter_from_user_mode+0x2e/0x230 [ 68.909442][ T3531] ? lockdep_hardirqs_on+0x94/0x130 [ 68.914795][ T3531] ? syscall_enter_from_user_mode+0x2e/0x230 [ 68.920759][ T3531] do_syscall_64+0x3d/0xb0 [ 68.925155][ T3531] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 68.931135][ T3531] RIP: 0033:0x7f9bab8f2649 [ 68.935534][ T3531] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.955134][ T3531] RSP: 002b:00007f9bab882318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.963532][ T3531] RAX: ffffffffffffffda RBX: 00007f9bab97a438 RCX: 00007f9bab8f2649 [ 68.971490][ T3531] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 68.979441][ T3531] RBP: 00007f9bab97a430 R08: 0000000000000003 R09: 0000000000000000 [ 68.987400][ T3531] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f9bab948074 [ 68.995365][ T3531] R13: 00007ffedfa3184f R14: 00007f9bab882400 R15: 0000000000022000 [ 69.003332][ T3531] [ 69.117240][ T3531] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 69.125998][ T3531] nci: nci_start_poll: failed to set local general bytes executing program [ 74.169346][ T3531] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 74.398195][ T3539] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 74.406932][ T3539] nci: nci_start_poll: failed to set local general bytes [ 76.089629][ T1067] cfg80211: failed to load regulatory.db