DUID 00:04:ef:eb:16:6a:bb:4b:eb:e8:98:52:3b:5c:58:f5:72:fb forked to background, child pid 3213 [ 39.208809][ T3214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.230700][ T3214] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 67.189460][ T3544] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 67.435855][ T3551] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 67.680734][ T3557] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 67.928439][ T3563] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 68.009133][ T3573] [ 68.011508][ T3573] ====================================================== [ 68.018554][ T3573] WARNING: possible circular locking dependency detected [ 68.025570][ T3573] 6.1.32-syzkaller #0 Not tainted [ 68.030592][ T3573] ------------------------------------------------------ [ 68.037607][ T3573] syz-executor194/3573 is trying to acquire lock: [ 68.044050][ T3573] ffff888146358350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 68.053239][ T3573] [ 68.053239][ T3573] but task is already holding lock: [ 68.060611][ T3573] ffff888148fde508 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 68.071325][ T3573] [ 68.071325][ T3573] which lock already depends on the new lock. [ 68.071325][ T3573] [ 68.081730][ T3573] [ 68.081730][ T3573] the existing dependency chain (in reverse order) is: [ 68.090744][ T3573] [ 68.090744][ T3573] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 68.099443][ T3573] lock_acquire+0x1f8/0x5a0 [ 68.105000][ T3573] __mutex_lock_common+0x1d4/0x2520 [ 68.110734][ T3573] mutex_lock_nested+0x17/0x20 [ 68.116041][ T3573] nfc_urelease_event_work+0x113/0x2f0 [ 68.122138][ T3573] process_one_work+0x8aa/0x11f0 [ 68.127697][ T3573] worker_thread+0xa5f/0x1210 [ 68.133288][ T3573] kthread+0x26e/0x300 [ 68.137881][ T3573] ret_from_fork+0x1f/0x30 [ 68.142826][ T3573] [ 68.142826][ T3573] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 68.150642][ T3573] lock_acquire+0x1f8/0x5a0 [ 68.155673][ T3573] __mutex_lock_common+0x1d4/0x2520 [ 68.161401][ T3573] mutex_lock_nested+0x17/0x20 [ 68.166693][ T3573] nfc_register_device+0x38/0x310 [ 68.172248][ T3573] nci_register_device+0x7be/0x900 [ 68.178234][ T3573] virtual_ncidev_open+0x55/0xc0 [ 68.183868][ T3573] misc_open+0x304/0x380 [ 68.188644][ T3573] chrdev_open+0x54a/0x630 [ 68.193646][ T3573] do_dentry_open+0x7f9/0x10f0 [ 68.198944][ T3573] path_openat+0x2644/0x2e60 [ 68.204067][ T3573] do_filp_open+0x230/0x480 [ 68.209093][ T3573] do_sys_openat2+0x13b/0x500 [ 68.214317][ T3573] __x64_sys_openat+0x243/0x290 [ 68.219694][ T3573] do_syscall_64+0x3d/0xb0 [ 68.224631][ T3573] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.231057][ T3573] [ 68.231057][ T3573] -> #1 (nci_mutex){+.+.}-{3:3}: [ 68.238269][ T3573] lock_acquire+0x1f8/0x5a0 [ 68.243295][ T3573] __mutex_lock_common+0x1d4/0x2520 [ 68.249022][ T3573] mutex_lock_nested+0x17/0x20 [ 68.254312][ T3573] virtual_nci_close+0x13/0x40 [ 68.259612][ T3573] nci_dev_up+0x954/0xd40 [ 68.264734][ T3573] nfc_dev_up+0x185/0x330 [ 68.269588][ T3573] nfc_genl_dev_up+0x80/0xd0 [ 68.274695][ T3573] genl_rcv_msg+0xc1a/0xf70 [ 68.279720][ T3573] netlink_rcv_skb+0x1cd/0x410 [ 68.285012][ T3573] genl_rcv+0x24/0x40 [ 68.289539][ T3573] netlink_unicast+0x7bf/0x990 [ 68.294834][ T3573] netlink_sendmsg+0xa26/0xd60 [ 68.300140][ T3573] ____sys_sendmsg+0x59e/0x8f0 [ 68.305518][ T3573] __sys_sendmsg+0x2a9/0x390 [ 68.310639][ T3573] do_syscall_64+0x3d/0xb0 [ 68.315596][ T3573] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.322110][ T3573] [ 68.322110][ T3573] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 68.331760][ T3573] validate_chain+0x1667/0x58e0 [ 68.337137][ T3573] __lock_acquire+0x125b/0x1f80 [ 68.342594][ T3573] lock_acquire+0x1f8/0x5a0 [ 68.347625][ T3573] __mutex_lock_common+0x1d4/0x2520 [ 68.353361][ T3573] mutex_lock_nested+0x17/0x20 [ 68.358651][ T3573] nci_start_poll+0x59f/0xf20 [ 68.363949][ T3573] nfc_start_poll+0x184/0x2f0 [ 68.369184][ T3573] nfc_genl_start_poll+0x1e7/0x350 [ 68.374851][ T3573] genl_rcv_msg+0xc1a/0xf70 [ 68.380767][ T3573] netlink_rcv_skb+0x1cd/0x410 [ 68.386173][ T3573] genl_rcv+0x24/0x40 [ 68.390712][ T3573] netlink_unicast+0x7bf/0x990 [ 68.396112][ T3573] netlink_sendmsg+0xa26/0xd60 [ 68.401416][ T3573] ____sys_sendmsg+0x59e/0x8f0 [ 68.406721][ T3573] __sys_sendmsg+0x2a9/0x390 [ 68.411888][ T3573] do_syscall_64+0x3d/0xb0 [ 68.417181][ T3573] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.423809][ T3573] [ 68.423809][ T3573] other info that might help us debug this: [ 68.423809][ T3573] [ 68.434128][ T3573] Chain exists of: [ 68.434128][ T3573] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 68.434128][ T3573] [ 68.448403][ T3573] Possible unsafe locking scenario: [ 68.448403][ T3573] [ 68.455871][ T3573] CPU0 CPU1 [ 68.461233][ T3573] ---- ---- [ 68.466590][ T3573] lock(&genl_data->genl_data_mutex); [ 68.472050][ T3573] lock(nfc_devlist_mutex); [ 68.479174][ T3573] lock(&genl_data->genl_data_mutex); [ 68.487151][ T3573] lock(&ndev->req_lock); [ 68.491568][ T3573] [ 68.491568][ T3573] *** DEADLOCK *** [ 68.491568][ T3573] [ 68.499712][ T3573] 4 locks held by syz-executor194/3573: [ 68.505250][ T3573] #0: ffffffff8e0fb2b0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 68.513538][ T3573] #1: ffffffff8e0fb168 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x125/0xf70 [ 68.522611][ T3573] #2: ffff888148fde508 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 68.533678][ T3573] #3: ffff888148fde100 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 68.542832][ T3573] [ 68.542832][ T3573] stack backtrace: [ 68.548713][ T3573] CPU: 0 PID: 3573 Comm: syz-executor194 Not tainted 6.1.32-syzkaller #0 [ 68.557254][ T3573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 68.567312][ T3573] Call Trace: [ 68.570589][ T3573] [ 68.573543][ T3573] dump_stack_lvl+0x1e3/0x2cb [ 68.578236][ T3573] ? nf_tcp_handle_invalid+0x642/0x642 [ 68.583704][ T3573] ? print_circular_bug+0x12b/0x1a0 [ 68.588908][ T3573] check_noncircular+0x2fa/0x3b0 [ 68.594302][ T3573] ? add_chain_block+0x850/0x850 [ 68.599239][ T3573] ? lockdep_lock+0x11f/0x2a0 [ 68.603929][ T3573] ? _find_first_zero_bit+0xd0/0x100 [ 68.609232][ T3573] validate_chain+0x1667/0x58e0 [ 68.614354][ T3573] ? do_raw_spin_unlock+0x137/0x8a0 [ 68.619559][ T3573] ? reacquire_held_locks+0x660/0x660 [ 68.624949][ T3573] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 68.630845][ T3573] ? _raw_spin_unlock+0x40/0x40 [ 68.635693][ T3573] ? stack_trace_save+0x113/0x1c0 [ 68.640718][ T3573] ? stack_trace_snprint+0xe0/0xe0 [ 68.645927][ T3573] ? __stack_depot_save+0x3f5/0x470 [ 68.651133][ T3573] ? nfc_llcp_build_gb+0x4a2/0x710 [ 68.656348][ T3573] ? kasan_set_track+0x60/0x70 [ 68.661120][ T3573] ? kasan_save_free_info+0x27/0x40 [ 68.666330][ T3573] ? mark_lock+0x9a/0x340 [ 68.670664][ T3573] ? nfc_genl_start_poll+0x1e7/0x350 [ 68.675950][ T3573] __lock_acquire+0x125b/0x1f80 [ 68.680818][ T3573] lock_acquire+0x1f8/0x5a0 [ 68.685328][ T3573] ? nci_start_poll+0x59f/0xf20 [ 68.690272][ T3573] ? read_lock_is_recursive+0x10/0x10 [ 68.695643][ T3573] ? __might_sleep+0xb0/0xb0 [ 68.700239][ T3573] ? kasan_quarantine_put+0xd4/0x220 [ 68.705524][ T3573] ? lockdep_hardirqs_on+0x94/0x130 [ 68.710739][ T3573] __mutex_lock_common+0x1d4/0x2520 [ 68.715945][ T3573] ? nci_start_poll+0x59f/0xf20 [ 68.720816][ T3573] ? nfc_llcp_build_gb+0x4a2/0x710 [ 68.725931][ T3573] ? nci_start_poll+0x59f/0xf20 [ 68.730786][ T3573] ? nfc_llcp_general_bytes+0x140/0x140 [ 68.736346][ T3573] ? mutex_lock_io_nested+0x60/0x60 [ 68.741558][ T3573] ? read_lock_is_recursive+0x10/0x10 [ 68.746930][ T3573] mutex_lock_nested+0x17/0x20 [ 68.751697][ T3573] nci_start_poll+0x59f/0xf20 [ 68.756420][ T3573] ? nci_dev_down+0x40/0x40 [ 68.760927][ T3573] ? __mutex_lock_common+0x429/0x2520 [ 68.766306][ T3573] ? __mutex_lock_common+0x429/0x2520 [ 68.771691][ T3573] ? class_find_device+0x273/0x2c0 [ 68.776805][ T3573] ? nfc_get_device+0xf0/0xf0 [ 68.781525][ T3573] ? nfc_start_poll+0x56/0x2f0 [ 68.786299][ T3573] ? class_for_each_device+0x2b0/0x2b0 [ 68.791764][ T3573] ? mutex_lock_io_nested+0x60/0x60 [ 68.796970][ T3573] ? mutex_lock_io_nested+0x60/0x60 [ 68.802187][ T3573] ? nfc_get_device+0x94/0xf0 [ 68.806887][ T3573] nfc_start_poll+0x184/0x2f0 [ 68.811587][ T3573] nfc_genl_start_poll+0x1e7/0x350 [ 68.816700][ T3573] genl_rcv_msg+0xc1a/0xf70 [ 68.821214][ T3573] ? kernel_text_address+0x9f/0xd0 [ 68.826335][ T3573] ? genl_bind+0x360/0x360 [ 68.830754][ T3573] ? mark_lock+0x9a/0x340 [ 68.835091][ T3573] ? mark_lock+0x9a/0x340 [ 68.839428][ T3573] ? __lock_acquire+0x125b/0x1f80 [ 68.844458][ T3573] ? nfc_genl_dev_down+0xd0/0xd0 [ 68.849400][ T3573] netlink_rcv_skb+0x1cd/0x410 [ 68.854172][ T3573] ? genl_bind+0x360/0x360 [ 68.858588][ T3573] ? netlink_ack+0xe60/0xe60 [ 68.863196][ T3573] ? down_read+0x1b1/0x2e0 [ 68.867615][ T3573] ? genl_rcv+0x9/0x40 [ 68.871688][ T3573] genl_rcv+0x24/0x40 [ 68.875669][ T3573] netlink_unicast+0x7bf/0x990 [ 68.880450][ T3573] ? netlink_detachskb+0x90/0x90 [ 68.885394][ T3573] ? __phys_addr_symbol+0x2b/0x70 [ 68.890525][ T3573] ? bpf_lsm_netlink_send+0x5/0x10 [ 68.895651][ T3573] netlink_sendmsg+0xa26/0xd60 [ 68.900447][ T3573] ? netlink_getsockopt+0x5a0/0x5a0 [ 68.905674][ T3573] ? aa_sock_msg_perm+0x91/0x150 [ 68.910632][ T3573] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 68.915920][ T3573] ? security_socket_sendmsg+0x7d/0xa0 [ 68.921397][ T3573] ? netlink_getsockopt+0x5a0/0x5a0 [ 68.926616][ T3573] ____sys_sendmsg+0x59e/0x8f0 [ 68.931400][ T3573] ? __sys_sendmsg_sock+0x30/0x30 [ 68.936716][ T3573] __sys_sendmsg+0x2a9/0x390 [ 68.941344][ T3573] ? ____sys_sendmsg+0x8f0/0x8f0 [ 68.946315][ T3573] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 68.952304][ T3573] ? syscall_enter_from_user_mode+0x2e/0x220 [ 68.958293][ T3573] ? lockdep_hardirqs_on+0x94/0x130 [ 68.963537][ T3573] ? syscall_enter_from_user_mode+0x2e/0x220 [ 68.969536][ T3573] do_syscall_64+0x3d/0xb0 [ 68.973997][ T3573] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.979989][ T3573] RIP: 0033:0x7f141b499649 [ 68.984405][ T3573] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.004026][ T3573] RSP: 002b:00007f141b429318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.012442][ T3573] RAX: ffffffffffffffda RBX: 00007f141b521438 RCX: 00007f141b499649 [ 69.020421][ T3573] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 69.028401][ T3573] RBP: 00007f141b521430 R08: 0000000000000003 R09: 0000000000000000 [ 69.036470][ T3573] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f141b4ef074 [ 69.044648][ T3573] R13: 00007ffd7cfdc1df R14: 00007f141b429400 R15: 0000000000022000 [ 69.052639][ T3573] [ 69.170453][ T3573] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 69.179290][ T3573] nci: nci_start_poll: failed to set local general bytes executing program [ 74.218599][ T3573] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 74.455561][ T3576] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 74.687541][ T3582] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 74.918059][ T3588] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 75.152727][ T3598] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 75.161537][ T3598] nci: nci_start_poll: failed to set local general bytes