DUID 00:04:70:54:fc:d0:2a:32:b7:62:cf:21:72:23:c9:95:e9:3f forked to background, child pid 3172 [ 22.059761][ T3173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.074809][ T3173] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 47.961804][ T3500] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 48.203037][ T3507] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 48.443197][ T3513] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 48.679419][ T3520] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 48.754873][ T3530] [ 48.757210][ T3530] ====================================================== [ 48.764223][ T3530] WARNING: possible circular locking dependency detected [ 48.771213][ T3530] 5.15.111-syzkaller #0 Not tainted [ 48.776390][ T3530] ------------------------------------------------------ [ 48.783486][ T3530] syz-executor147/3530 is trying to acquire lock: [ 48.789889][ T3530] ffff888078480350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 48.799002][ T3530] [ 48.799002][ T3530] but task is already holding lock: [ 48.806341][ T3530] ffff8880784815d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 48.816917][ T3530] [ 48.816917][ T3530] which lock already depends on the new lock. [ 48.816917][ T3530] [ 48.827289][ T3530] [ 48.827289][ T3530] the existing dependency chain (in reverse order) is: [ 48.836281][ T3530] [ 48.836281][ T3530] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 48.844947][ T3530] lock_acquire+0x1db/0x4f0 [ 48.849950][ T3530] __mutex_lock_common+0x1da/0x25a0 [ 48.855644][ T3530] mutex_lock_nested+0x17/0x20 [ 48.860901][ T3530] nfc_urelease_event_work+0x113/0x2f0 [ 48.866870][ T3530] process_one_work+0x8a1/0x10c0 [ 48.872302][ T3530] worker_thread+0xaca/0x1280 [ 48.877493][ T3530] kthread+0x3f6/0x4f0 [ 48.882074][ T3530] ret_from_fork+0x1f/0x30 [ 48.886998][ T3530] [ 48.886998][ T3530] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 48.894987][ T3530] lock_acquire+0x1db/0x4f0 [ 48.899997][ T3530] __mutex_lock_common+0x1da/0x25a0 [ 48.905703][ T3530] mutex_lock_nested+0x17/0x20 [ 48.910975][ T3530] nfc_register_device+0x38/0x310 [ 48.917651][ T3530] nci_register_device+0x7be/0x900 [ 48.923271][ T3530] virtual_ncidev_open+0x55/0xc0 [ 48.928718][ T3530] misc_open+0x304/0x380 [ 48.933460][ T3530] chrdev_open+0x54a/0x630 [ 48.938390][ T3530] do_dentry_open+0x807/0xfb0 [ 48.943595][ T3530] path_openat+0x2702/0x2f20 [ 48.948698][ T3530] do_filp_open+0x21c/0x460 [ 48.953698][ T3530] do_sys_openat2+0x13b/0x500 [ 48.958871][ T3530] __x64_sys_openat+0x243/0x290 [ 48.964224][ T3530] do_syscall_64+0x3d/0xb0 [ 48.969135][ T3530] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.975621][ T3530] [ 48.975621][ T3530] -> #1 (nci_mutex){+.+.}-{3:3}: [ 48.983497][ T3530] lock_acquire+0x1db/0x4f0 [ 48.988507][ T3530] __mutex_lock_common+0x1da/0x25a0 [ 48.994219][ T3530] mutex_lock_nested+0x17/0x20 [ 48.999496][ T3530] virtual_nci_close+0x13/0x40 [ 49.004782][ T3530] nci_dev_up+0x954/0xd40 [ 49.009617][ T3530] nfc_dev_up+0x185/0x330 [ 49.016460][ T3530] nfc_genl_dev_up+0x80/0xd0 [ 49.021734][ T3530] genl_rcv_msg+0xfbd/0x14a0 [ 49.026821][ T3530] netlink_rcv_skb+0x1cf/0x410 [ 49.032169][ T3530] genl_rcv+0x24/0x40 [ 49.036647][ T3530] netlink_unicast+0x7b6/0x980 [ 49.041999][ T3530] netlink_sendmsg+0xa30/0xd60 [ 49.047256][ T3530] ____sys_sendmsg+0x59e/0x8f0 [ 49.052522][ T3530] ___sys_sendmsg+0x252/0x2e0 [ 49.057711][ T3530] __se_sys_sendmsg+0x19a/0x260 [ 49.063056][ T3530] do_syscall_64+0x3d/0xb0 [ 49.067968][ T3530] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.074459][ T3530] [ 49.074459][ T3530] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 49.082079][ T3530] validate_chain+0x1646/0x58b0 [ 49.087429][ T3530] __lock_acquire+0x1295/0x1ff0 [ 49.092780][ T3530] lock_acquire+0x1db/0x4f0 [ 49.097795][ T3530] __mutex_lock_common+0x1da/0x25a0 [ 49.103504][ T3530] mutex_lock_nested+0x17/0x20 [ 49.108778][ T3530] nci_start_poll+0x59f/0xf20 [ 49.113977][ T3530] nfc_start_poll+0x184/0x2f0 [ 49.119172][ T3530] nfc_genl_start_poll+0x1e7/0x350 [ 49.124885][ T3530] genl_rcv_msg+0xfbd/0x14a0 [ 49.129973][ T3530] netlink_rcv_skb+0x1cf/0x410 [ 49.135230][ T3530] genl_rcv+0x24/0x40 [ 49.139712][ T3530] netlink_unicast+0x7b6/0x980 [ 49.144970][ T3530] netlink_sendmsg+0xa30/0xd60 [ 49.150491][ T3530] ____sys_sendmsg+0x59e/0x8f0 [ 49.155759][ T3530] ___sys_sendmsg+0x252/0x2e0 [ 49.160941][ T3530] __se_sys_sendmsg+0x19a/0x260 [ 49.166286][ T3530] do_syscall_64+0x3d/0xb0 [ 49.171283][ T3530] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.177669][ T3530] [ 49.177669][ T3530] other info that might help us debug this: [ 49.177669][ T3530] [ 49.187879][ T3530] Chain exists of: [ 49.187879][ T3530] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 49.187879][ T3530] [ 49.202182][ T3530] Possible unsafe locking scenario: [ 49.202182][ T3530] [ 49.209698][ T3530] CPU0 CPU1 [ 49.215035][ T3530] ---- ---- [ 49.220386][ T3530] lock(&genl_data->genl_data_mutex); [ 49.225917][ T3530] lock(nfc_devlist_mutex); [ 49.233009][ T3530] lock(&genl_data->genl_data_mutex); [ 49.240955][ T3530] lock(&ndev->req_lock); [ 49.245343][ T3530] [ 49.245343][ T3530] *** DEADLOCK *** [ 49.245343][ T3530] [ 49.253476][ T3530] 4 locks held by syz-executor147/3530: [ 49.258991][ T3530] #0: ffffffff8da3b610 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 49.267154][ T3530] #1: ffffffff8da3b4c8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 49.276163][ T3530] #2: ffff8880784815d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 49.287179][ T3530] #3: ffff888078481190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 49.296319][ T3530] [ 49.296319][ T3530] stack backtrace: [ 49.302223][ T3530] CPU: 1 PID: 3530 Comm: syz-executor147 Not tainted 5.15.111-syzkaller #0 [ 49.310872][ T3530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 49.320906][ T3530] Call Trace: [ 49.324193][ T3530] [ 49.327106][ T3530] dump_stack_lvl+0x1e3/0x2cb [ 49.331863][ T3530] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 49.337483][ T3530] ? print_circular_bug+0x12b/0x1a0 [ 49.342741][ T3530] check_noncircular+0x2f8/0x3b0 [ 49.347765][ T3530] ? add_chain_block+0x850/0x850 [ 49.352697][ T3530] ? lockdep_lock+0x11f/0x2a0 [ 49.357366][ T3530] ? mark_lock+0x98/0x340 [ 49.361684][ T3530] validate_chain+0x1646/0x58b0 [ 49.366542][ T3530] ? print_irqtrace_events+0x210/0x210 [ 49.372106][ T3530] ? lockdep_hardirqs_on+0x94/0x130 [ 49.377343][ T3530] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 49.383228][ T3530] ? _raw_spin_unlock+0x40/0x40 [ 49.388067][ T3530] ? stack_trace_save+0x113/0x1c0 [ 49.393065][ T3530] ? reacquire_held_locks+0x660/0x660 [ 49.398408][ T3530] ? stack_trace_snprint+0xe0/0xe0 [ 49.403492][ T3530] ? stack_depot_save+0x3db/0x440 [ 49.408492][ T3530] ? kfree+0xf1/0x270 [ 49.412449][ T3530] ? kasan_set_track+0x62/0x80 [ 49.417191][ T3530] ? kasan_set_track+0x4b/0x80 [ 49.421927][ T3530] ? kasan_set_free_info+0x1f/0x40 [ 49.427010][ T3530] ? ____kasan_slab_free+0xd8/0x120 [ 49.432183][ T3530] ? slab_free_freelist_hook+0xdd/0x160 [ 49.437703][ T3530] ? kfree+0xf1/0x270 [ 49.441658][ T3530] ? nfc_llcp_build_gb+0x4a2/0x710 [ 49.446769][ T3530] ? nfc_llcp_general_bytes+0x91/0x140 [ 49.452289][ T3530] ? nci_start_poll+0x4e9/0xf20 [ 49.457111][ T3530] ? nfc_start_poll+0x184/0x2f0 [ 49.462020][ T3530] ? nfc_genl_start_poll+0x1e7/0x350 [ 49.467277][ T3530] ? netlink_rcv_skb+0x1cf/0x410 [ 49.472387][ T3530] ? mark_lock+0x98/0x340 [ 49.476691][ T3530] ? do_syscall_64+0x3d/0xb0 [ 49.481257][ T3530] __lock_acquire+0x1295/0x1ff0 [ 49.486086][ T3530] lock_acquire+0x1db/0x4f0 [ 49.490561][ T3530] ? nci_start_poll+0x59f/0xf20 [ 49.495400][ T3530] ? read_lock_is_recursive+0x10/0x10 [ 49.500744][ T3530] ? kasan_quarantine_put+0xd4/0x220 [ 49.506000][ T3530] ? lockdep_hardirqs_on+0x94/0x130 [ 49.511173][ T3530] ? __might_sleep+0xc0/0xc0 [ 49.515743][ T3530] ? slab_free_freelist_hook+0xdd/0x160 [ 49.521353][ T3530] __mutex_lock_common+0x1da/0x25a0 [ 49.526526][ T3530] ? nci_start_poll+0x59f/0xf20 [ 49.531352][ T3530] ? nci_start_poll+0x59f/0xf20 [ 49.536174][ T3530] ? nfc_llcp_general_bytes+0x140/0x140 [ 49.541694][ T3530] ? mutex_lock_io_nested+0x60/0x60 [ 49.546865][ T3530] ? read_lock_is_recursive+0x10/0x10 [ 49.552223][ T3530] mutex_lock_nested+0x17/0x20 [ 49.556962][ T3530] nci_start_poll+0x59f/0xf20 [ 49.561615][ T3530] ? nci_dev_down+0x40/0x40 [ 49.566095][ T3530] ? __mutex_lock_common+0x444/0x25a0 [ 49.571732][ T3530] ? nfc_get_device+0xf0/0xf0 [ 49.576402][ T3530] ? nfc_start_poll+0x56/0x2f0 [ 49.581161][ T3530] ? class_for_each_device+0x2b0/0x2b0 [ 49.586615][ T3530] ? mutex_lock_io_nested+0x60/0x60 [ 49.591796][ T3530] ? mutex_lock_io_nested+0x60/0x60 [ 49.596969][ T3530] ? nfc_get_device+0x94/0xf0 [ 49.601727][ T3530] nfc_start_poll+0x184/0x2f0 [ 49.606412][ T3530] nfc_genl_start_poll+0x1e7/0x350 [ 49.611507][ T3530] genl_rcv_msg+0xfbd/0x14a0 [ 49.616096][ T3530] ? genl_bind+0x370/0x370 [ 49.620495][ T3530] ? arch_stack_walk+0xf3/0x140 [ 49.625415][ T3530] ? mark_lock+0x98/0x340 [ 49.629738][ T3530] ? __lock_acquire+0x1295/0x1ff0 [ 49.634758][ T3530] ? nfc_genl_dev_down+0xd0/0xd0 [ 49.639726][ T3530] netlink_rcv_skb+0x1cf/0x410 [ 49.644486][ T3530] ? genl_bind+0x370/0x370 [ 49.648904][ T3530] ? netlink_ack+0xb10/0xb10 [ 49.653580][ T3530] ? __down_read_common+0x184/0x2c0 [ 49.658785][ T3530] genl_rcv+0x24/0x40 [ 49.662764][ T3530] netlink_unicast+0x7b6/0x980 [ 49.667530][ T3530] ? netlink_detachskb+0x90/0x90 [ 49.672452][ T3530] ? 0xffffffff81000000 [ 49.676593][ T3530] ? __check_object_size+0x300/0x410 [ 49.681881][ T3530] ? bpf_lsm_netlink_send+0x5/0x10 [ 49.687008][ T3530] netlink_sendmsg+0xa30/0xd60 [ 49.691886][ T3530] ? netlink_getsockopt+0x5a0/0x5a0 [ 49.697074][ T3530] ? aa_sock_msg_perm+0x91/0x150 [ 49.702092][ T3530] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 49.707372][ T3530] ? security_socket_sendmsg+0x7d/0xa0 [ 49.712841][ T3530] ? netlink_getsockopt+0x5a0/0x5a0 [ 49.718080][ T3530] ____sys_sendmsg+0x59e/0x8f0 [ 49.722862][ T3530] ? iovec_from_user+0x300/0x390 [ 49.727874][ T3530] ? __sys_sendmsg_sock+0x30/0x30 [ 49.733036][ T3530] ___sys_sendmsg+0x252/0x2e0 [ 49.737710][ T3530] ? __sys_sendmsg+0x260/0x260 [ 49.742490][ T3530] ? __fdget+0x191/0x220 [ 49.746716][ T3530] __se_sys_sendmsg+0x19a/0x260 [ 49.751556][ T3530] ? __x64_sys_sendmsg+0x80/0x80 [ 49.756472][ T3530] ? syscall_enter_from_user_mode+0x2e/0x230 [ 49.762448][ T3530] ? lockdep_hardirqs_on+0x94/0x130 [ 49.767625][ T3530] ? syscall_enter_from_user_mode+0x2e/0x230 [ 49.773614][ T3530] do_syscall_64+0x3d/0xb0 [ 49.778010][ T3530] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.783881][ T3530] RIP: 0033:0x7fd1aa882649 [ 49.788281][ T3530] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 49.807980][ T3530] RSP: 002b:00007fd1aa812318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 49.817337][ T3530] RAX: ffffffffffffffda RBX: 00007fd1aa90a438 RCX: 00007fd1aa882649 [ 49.825324][ T3530] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 49.833302][ T3530] RBP: 00007fd1aa90a430 R08: 0000000000000003 R09: 0000000000000000 [ 49.841284][ T3530] R10: 0000000000000008 R11: 0000000000000246 R12: 00007fd1aa8d8074 [ 49.849249][ T3530] R13: 00007ffc630edfaf R14: 00007fd1aa812400 R15: 0000000000022000 [ 49.857403][ T3530] [ 49.969818][ T3530] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 49.978791][ T3530] nci: nci_start_poll: failed to set local general bytes executing program [ 55.043106][ T3530] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 55.273742][ T3537] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 55.282443][ T3537] nci: nci_start_poll: failed to set local general bytes