DUID 00:04:1b:4d:40:85:b1:6b:61:74:2c:72:11:ce:21:17:3d:97 forked to background, child pid 3170 [ 24.491388][ T3171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.502374][ T3171] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.176349][ T3592] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 49.185301][ T3592] nci: nci_start_poll: failed to set local general bytes [ 54.268833][ T3592] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 54.277386][ T3592] [ 54.279701][ T3592] ====================================================== [ 54.286696][ T3592] WARNING: possible circular locking dependency detected [ 54.293713][ T3592] 5.15.103-syzkaller #0 Not tainted [ 54.298882][ T3592] ------------------------------------------------------ [ 54.305885][ T3592] syz-executor267/3592 is trying to acquire lock: [ 54.312272][ T3592] ffffffff8d133988 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x13/0x40 [ 54.320967][ T3592] [ 54.320967][ T3592] but task is already holding lock: [ 54.328306][ T3592] ffff8880133e3350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 54.337578][ T3592] [ 54.337578][ T3592] which lock already depends on the new lock. [ 54.337578][ T3592] [ 54.347954][ T3592] [ 54.347954][ T3592] the existing dependency chain (in reverse order) is: [ 54.356950][ T3592] [ 54.356950][ T3592] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 54.364575][ T3592] lock_acquire+0x1ff/0x570 [ 54.369580][ T3592] __mutex_lock_common+0x1da/0x25a0 [ 54.375275][ T3592] mutex_lock_nested+0x17/0x20 [ 54.380532][ T3592] nci_start_poll+0x59f/0xf20 [ 54.385711][ T3592] nfc_start_poll+0x184/0x2f0 [ 54.390913][ T3592] nfc_genl_start_poll+0x1e7/0x350 [ 54.396608][ T3592] genl_rcv_msg+0xfbd/0x14a0 [ 54.401708][ T3592] netlink_rcv_skb+0x1cf/0x410 [ 54.406967][ T3592] genl_rcv+0x24/0x40 [ 54.411467][ T3592] netlink_unicast+0x7b6/0x980 [ 54.416842][ T3592] netlink_sendmsg+0xa30/0xd60 [ 54.422119][ T3592] ____sys_sendmsg+0x59e/0x8f0 [ 54.427380][ T3592] ___sys_sendmsg+0x252/0x2e0 [ 54.432553][ T3592] __se_sys_sendmsg+0x19a/0x260 [ 54.437898][ T3592] do_syscall_64+0x3d/0xb0 [ 54.442811][ T3592] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.449202][ T3592] [ 54.449202][ T3592] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 54.457857][ T3592] lock_acquire+0x1ff/0x570 [ 54.462859][ T3592] __mutex_lock_common+0x1da/0x25a0 [ 54.468562][ T3592] mutex_lock_nested+0x17/0x20 [ 54.473823][ T3592] nfc_urelease_event_work+0x113/0x2f0 [ 54.479790][ T3592] process_one_work+0x90d/0x1270 [ 54.485234][ T3592] worker_thread+0xaca/0x1280 [ 54.490514][ T3592] kthread+0x3f6/0x4f0 [ 54.495086][ T3592] ret_from_fork+0x1f/0x30 [ 54.500005][ T3592] [ 54.500005][ T3592] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 54.507817][ T3592] lock_acquire+0x1ff/0x570 [ 54.512845][ T3592] __mutex_lock_common+0x1da/0x25a0 [ 54.518551][ T3592] mutex_lock_nested+0x17/0x20 [ 54.523822][ T3592] nfc_register_device+0x38/0x310 [ 54.529349][ T3592] nci_register_device+0x7be/0x900 [ 54.534960][ T3592] virtual_ncidev_open+0x55/0xc0 [ 54.540412][ T3592] misc_open+0x304/0x380 [ 54.545186][ T3592] chrdev_open+0x54a/0x630 [ 54.550112][ T3592] do_dentry_open+0x807/0xfb0 [ 54.555282][ T3592] path_openat+0x2702/0x2f20 [ 54.560380][ T3592] do_filp_open+0x21c/0x460 [ 54.565376][ T3592] do_sys_openat2+0x13b/0x500 [ 54.570548][ T3592] __x64_sys_openat+0x243/0x290 [ 54.576067][ T3592] do_syscall_64+0x3d/0xb0 [ 54.580979][ T3592] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.587370][ T3592] [ 54.587370][ T3592] -> #0 (nci_mutex){+.+.}-{3:3}: [ 54.594462][ T3592] validate_chain+0x1646/0x58b0 [ 54.599834][ T3592] __lock_acquire+0x1295/0x1ff0 [ 54.605183][ T3592] lock_acquire+0x1ff/0x570 [ 54.610193][ T3592] __mutex_lock_common+0x1da/0x25a0 [ 54.615898][ T3592] mutex_lock_nested+0x17/0x20 [ 54.621159][ T3592] virtual_nci_close+0x13/0x40 [ 54.626417][ T3592] nci_close_device+0x3a8/0x5f0 [ 54.631764][ T3592] nci_unregister_device+0x3c/0x230 [ 54.637457][ T3592] virtual_ncidev_close+0x55/0x90 [ 54.642975][ T3592] __fput+0x3bf/0x890 [ 54.647455][ T3592] task_work_run+0x129/0x1a0 [ 54.652548][ T3592] do_exit+0x6a3/0x2480 [ 54.657201][ T3592] do_group_exit+0x144/0x310 [ 54.662285][ T3592] get_signal+0xc66/0x14e0 [ 54.667200][ T3592] arch_do_signal_or_restart+0xc3/0x1890 [ 54.673329][ T3592] exit_to_user_mode_loop+0x97/0x130 [ 54.679116][ T3592] exit_to_user_mode_prepare+0xb1/0x140 [ 54.685161][ T3592] syscall_exit_to_user_mode+0x5d/0x2b0 [ 54.691207][ T3592] do_syscall_64+0x49/0xb0 [ 54.696120][ T3592] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.702523][ T3592] [ 54.702523][ T3592] other info that might help us debug this: [ 54.702523][ T3592] [ 54.712722][ T3592] Chain exists of: [ 54.712722][ T3592] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 54.712722][ T3592] [ 54.726244][ T3592] Possible unsafe locking scenario: [ 54.726244][ T3592] [ 54.733666][ T3592] CPU0 CPU1 [ 54.739013][ T3592] ---- ---- [ 54.744351][ T3592] lock(&ndev->req_lock); [ 54.748742][ T3592] lock(&genl_data->genl_data_mutex); [ 54.756689][ T3592] lock(&ndev->req_lock); [ 54.763597][ T3592] lock(nci_mutex); [ 54.767540][ T3592] [ 54.767540][ T3592] *** DEADLOCK *** [ 54.767540][ T3592] [ 54.775666][ T3592] 1 lock held by syz-executor267/3592: [ 54.781097][ T3592] #0: ffff8880133e3350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 54.790811][ T3592] [ 54.790811][ T3592] stack backtrace: [ 54.796670][ T3592] CPU: 0 PID: 3592 Comm: syz-executor267 Not tainted 5.15.103-syzkaller #0 [ 54.805231][ T3592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 54.815260][ T3592] Call Trace: [ 54.818519][ T3592] [ 54.821429][ T3592] dump_stack_lvl+0x1e3/0x2cb [ 54.826086][ T3592] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 54.831695][ T3592] ? print_circular_bug+0x12b/0x1a0 [ 54.836879][ T3592] check_noncircular+0x2f8/0x3b0 [ 54.841798][ T3592] ? add_chain_block+0x850/0x850 [ 54.846710][ T3592] ? lockdep_lock+0x11f/0x2a0 [ 54.851382][ T3592] validate_chain+0x1646/0x58b0 [ 54.856212][ T3592] ? mark_lock+0x98/0x340 [ 54.860534][ T3592] ? reacquire_held_locks+0x660/0x660 [ 54.865879][ T3592] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 54.871837][ T3592] ? _raw_spin_unlock+0x40/0x40 [ 54.876664][ T3592] ? __up_console_sem+0x124/0x1e0 [ 54.881661][ T3592] ? prb_read_valid+0xa5/0xf0 [ 54.886322][ T3592] ? console_lock+0x70/0x70 [ 54.890809][ T3592] ? prb_final_commit+0x20/0x20 [ 54.895633][ T3592] ? mark_lock+0x98/0x340 [ 54.899936][ T3592] ? console_unlock+0xdbc/0x12b0 [ 54.904846][ T3592] __lock_acquire+0x1295/0x1ff0 [ 54.909680][ T3592] lock_acquire+0x1ff/0x570 [ 54.914159][ T3592] ? virtual_nci_close+0x13/0x40 [ 54.919074][ T3592] ? read_lock_is_recursive+0x10/0x10 [ 54.924419][ T3592] ? __might_sleep+0xc0/0xc0 [ 54.928986][ T3592] __mutex_lock_common+0x1da/0x25a0 [ 54.934166][ T3592] ? virtual_nci_close+0x13/0x40 [ 54.939099][ T3592] ? __wake_up_klogd+0xd5/0x100 [ 54.943932][ T3592] ? vprintk_emit+0xee/0x150 [ 54.948499][ T3592] ? virtual_nci_close+0x13/0x40 [ 54.953432][ T3592] ? _printk+0xd1/0x111 [ 54.957574][ T3592] ? mutex_lock_io_nested+0x60/0x60 [ 54.962747][ T3592] ? panic+0x84d/0x84d [ 54.966793][ T3592] ? _raw_spin_unlock_irq+0x1f/0x40 [ 54.971984][ T3592] mutex_lock_nested+0x17/0x20 [ 54.976723][ T3592] virtual_nci_close+0x13/0x40 [ 54.981462][ T3592] nci_close_device+0x3a8/0x5f0 [ 54.986309][ T3592] ? nci_unregister_device+0x230/0x230 [ 54.991745][ T3592] ? mutex_unlock+0x10/0x10 [ 54.996225][ T3592] nci_unregister_device+0x3c/0x230 [ 55.001399][ T3592] ? virtual_ncidev_open+0xc0/0xc0 [ 55.006487][ T3592] virtual_ncidev_close+0x55/0x90 [ 55.011489][ T3592] ? virtual_ncidev_open+0xc0/0xc0 [ 55.016575][ T3592] __fput+0x3bf/0x890 [ 55.020538][ T3592] task_work_run+0x129/0x1a0 [ 55.025119][ T3592] do_exit+0x6a3/0x2480 [ 55.029255][ T3592] ? put_task_struct+0x80/0x80 [ 55.034005][ T3592] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 55.039965][ T3592] do_group_exit+0x144/0x310 [ 55.044533][ T3592] ? lockdep_hardirqs_on+0x94/0x130 [ 55.049707][ T3592] get_signal+0xc66/0x14e0 [ 55.054116][ T3592] arch_do_signal_or_restart+0xc3/0x1890 [ 55.059732][ T3592] ? get_sigframe_size+0x10/0x10 [ 55.064649][ T3592] ? exit_to_user_mode_loop+0x39/0x130 [ 55.070085][ T3592] exit_to_user_mode_loop+0x97/0x130 [ 55.075345][ T3592] exit_to_user_mode_prepare+0xb1/0x140 [ 55.080869][ T3592] syscall_exit_to_user_mode+0x5d/0x2b0 [ 55.086395][ T3592] do_syscall_64+0x49/0xb0 [ 55.090788][ T3592] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 55.096657][ T3592] RIP: 0033:0x7f0c1d9aa649 [ 55.101048][ T3592] Code: Unable to access opcode bytes at RIP 0x7f0c1d9aa61f. [ 55.108385][ T3592] RSP: 002b:00007f0c1d93a318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e executing program [ 55.116775][ T3592] RAX: 0000000000000024 RBX: 00007f0c1da32438 RCX: 00007f0c1d9aa649 [ 55.124726][ T3592] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 55.132683][ T3592] RBP: 00007f0c1da32430 R08: 0000000000000003 R09: 0000000000000000 [ 55.140632][ T3592] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f0c1da00074 [ 55.148592][ T3592] R13: 00007ffee97b59bf R14: 00007f0c1d93a400 R15: 0000000000022000 [ 55.156562][ T3592] executing program [ 55.385346][ T3595] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 55.613337][ T3605] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 55.622093][ T3605] nci: nci_start_poll: failed to set local general bytes executing program [ 60.668340][ T3605] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 60.895046][ T3608] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 61.121130][ T3614] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 61.349057][ T3624] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 61.357745][ T3624] nci: nci_start_poll: failed to set local general bytes