DUID 00:04:fd:d1:b1:d5:68:a0:3a:5f:50:0a:64:49:ea:42:3f:75 forked to background, child pid 3173 [ 30.460732][ T3174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.472877][ T3174] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.121' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.296202][ T3501] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 52.305052][ T3501] nci: nci_start_poll: failed to set local general bytes [ 57.332238][ T3501] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 57.340866][ T3501] [ 57.343191][ T3501] ====================================================== [ 57.350278][ T3501] WARNING: possible circular locking dependency detected [ 57.357384][ T3501] 5.15.110-syzkaller #0 Not tainted [ 57.362565][ T3501] ------------------------------------------------------ [ 57.369664][ T3501] syz-executor492/3501 is trying to acquire lock: [ 57.376093][ T3501] ffffffff8d1368a8 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x13/0x40 [ 57.385068][ T3501] [ 57.385068][ T3501] but task is already holding lock: [ 57.392620][ T3501] ffff888077b2e350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 57.402027][ T3501] [ 57.402027][ T3501] which lock already depends on the new lock. [ 57.402027][ T3501] [ 57.413008][ T3501] [ 57.413008][ T3501] the existing dependency chain (in reverse order) is: [ 57.422454][ T3501] [ 57.422454][ T3501] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 57.430367][ T3501] lock_acquire+0x1db/0x4f0 [ 57.435407][ T3501] __mutex_lock_common+0x1da/0x25a0 [ 57.441309][ T3501] mutex_lock_nested+0x17/0x20 [ 57.446672][ T3501] nci_start_poll+0x59f/0xf20 [ 57.451956][ T3501] nfc_start_poll+0x184/0x2f0 [ 57.457169][ T3501] nfc_genl_start_poll+0x1e7/0x350 [ 57.463036][ T3501] genl_rcv_msg+0xfbd/0x14a0 [ 57.468162][ T3501] netlink_rcv_skb+0x1cf/0x410 [ 57.473443][ T3501] genl_rcv+0x24/0x40 [ 57.478047][ T3501] netlink_unicast+0x7b6/0x980 [ 57.483604][ T3501] netlink_sendmsg+0xa30/0xd60 [ 57.488893][ T3501] ____sys_sendmsg+0x59e/0x8f0 [ 57.494687][ T3501] ___sys_sendmsg+0x252/0x2e0 [ 57.500095][ T3501] __se_sys_sendmsg+0x19a/0x260 [ 57.505616][ T3501] do_syscall_64+0x3d/0xb0 [ 57.510594][ T3501] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.517959][ T3501] [ 57.517959][ T3501] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 57.527135][ T3501] lock_acquire+0x1db/0x4f0 [ 57.532259][ T3501] __mutex_lock_common+0x1da/0x25a0 [ 57.538080][ T3501] mutex_lock_nested+0x17/0x20 [ 57.543378][ T3501] nfc_urelease_event_work+0x113/0x2f0 [ 57.549378][ T3501] process_one_work+0x8a1/0x10c0 [ 57.554872][ T3501] worker_thread+0xaca/0x1280 [ 57.560373][ T3501] kthread+0x3f6/0x4f0 [ 57.565831][ T3501] ret_from_fork+0x1f/0x30 [ 57.570992][ T3501] [ 57.570992][ T3501] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 57.578972][ T3501] lock_acquire+0x1db/0x4f0 [ 57.584093][ T3501] __mutex_lock_common+0x1da/0x25a0 [ 57.589891][ T3501] mutex_lock_nested+0x17/0x20 [ 57.595194][ T3501] nfc_register_device+0x38/0x310 [ 57.600922][ T3501] nci_register_device+0x7be/0x900 [ 57.607287][ T3501] virtual_ncidev_open+0x55/0xc0 [ 57.613175][ T3501] misc_open+0x304/0x380 [ 57.618033][ T3501] chrdev_open+0x54a/0x630 [ 57.623117][ T3501] do_dentry_open+0x807/0xfb0 [ 57.628333][ T3501] path_openat+0x2702/0x2f20 [ 57.633742][ T3501] do_filp_open+0x21c/0x460 [ 57.639278][ T3501] do_sys_openat2+0x13b/0x500 [ 57.645378][ T3501] __x64_sys_openat+0x243/0x290 [ 57.651719][ T3501] do_syscall_64+0x3d/0xb0 [ 57.657567][ T3501] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.665356][ T3501] [ 57.665356][ T3501] -> #0 (nci_mutex){+.+.}-{3:3}: [ 57.672712][ T3501] validate_chain+0x1646/0x58b0 [ 57.678188][ T3501] __lock_acquire+0x1295/0x1ff0 [ 57.683576][ T3501] lock_acquire+0x1db/0x4f0 [ 57.689048][ T3501] __mutex_lock_common+0x1da/0x25a0 [ 57.695369][ T3501] mutex_lock_nested+0x17/0x20 [ 57.700690][ T3501] virtual_nci_close+0x13/0x40 [ 57.705995][ T3501] nci_close_device+0x3a8/0x5f0 [ 57.711470][ T3501] nci_unregister_device+0x3c/0x230 [ 57.717190][ T3501] virtual_ncidev_close+0x55/0x90 [ 57.722821][ T3501] __fput+0x3bf/0x890 [ 57.727330][ T3501] task_work_run+0x129/0x1a0 [ 57.732529][ T3501] do_exit+0x6a3/0x2480 [ 57.737208][ T3501] do_group_exit+0x144/0x310 [ 57.742509][ T3501] get_signal+0xc66/0x14e0 [ 57.747436][ T3501] arch_do_signal_or_restart+0xc3/0x1890 [ 57.753712][ T3501] exit_to_user_mode_loop+0x97/0x130 [ 57.759538][ T3501] exit_to_user_mode_prepare+0xb1/0x140 [ 57.765645][ T3501] syscall_exit_to_user_mode+0x5d/0x250 [ 57.771817][ T3501] do_syscall_64+0x49/0xb0 [ 57.776753][ T3501] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.783156][ T3501] [ 57.783156][ T3501] other info that might help us debug this: [ 57.783156][ T3501] [ 57.794009][ T3501] Chain exists of: [ 57.794009][ T3501] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 57.794009][ T3501] [ 57.808554][ T3501] Possible unsafe locking scenario: [ 57.808554][ T3501] [ 57.816115][ T3501] CPU0 CPU1 [ 57.821767][ T3501] ---- ---- [ 57.827319][ T3501] lock(&ndev->req_lock); [ 57.831736][ T3501] lock(&genl_data->genl_data_mutex); [ 57.839720][ T3501] lock(&ndev->req_lock); [ 57.846639][ T3501] lock(nci_mutex); [ 57.850529][ T3501] [ 57.850529][ T3501] *** DEADLOCK *** [ 57.850529][ T3501] [ 57.858662][ T3501] 1 lock held by syz-executor492/3501: [ 57.864099][ T3501] #0: ffff888077b2e350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 57.873831][ T3501] [ 57.873831][ T3501] stack backtrace: [ 57.879701][ T3501] CPU: 1 PID: 3501 Comm: syz-executor492 Not tainted 5.15.110-syzkaller #0 [ 57.888269][ T3501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 57.898500][ T3501] Call Trace: [ 57.901782][ T3501] [ 57.904700][ T3501] dump_stack_lvl+0x1e3/0x2cb [ 57.909397][ T3501] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 57.915032][ T3501] ? print_circular_bug+0x12b/0x1a0 [ 57.920248][ T3501] check_noncircular+0x2f8/0x3b0 [ 57.925180][ T3501] ? add_chain_block+0x850/0x850 [ 57.930110][ T3501] ? lockdep_lock+0x11f/0x2a0 [ 57.934782][ T3501] validate_chain+0x1646/0x58b0 [ 57.939626][ T3501] ? mark_lock+0x98/0x340 [ 57.943956][ T3501] ? reacquire_held_locks+0x660/0x660 [ 57.949323][ T3501] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 57.955451][ T3501] ? _raw_spin_unlock+0x40/0x40 [ 57.960334][ T3501] ? __up_console_sem+0x124/0x1e0 [ 57.965490][ T3501] ? prb_read_valid+0xa5/0xf0 [ 57.970170][ T3501] ? console_lock+0x70/0x70 [ 57.974677][ T3501] ? prb_final_commit+0x20/0x20 [ 57.979537][ T3501] ? mark_lock+0x98/0x340 [ 57.983862][ T3501] ? console_unlock+0xdbc/0x12b0 [ 57.988804][ T3501] __lock_acquire+0x1295/0x1ff0 [ 57.993671][ T3501] lock_acquire+0x1db/0x4f0 [ 57.998197][ T3501] ? virtual_nci_close+0x13/0x40 [ 58.003151][ T3501] ? read_lock_is_recursive+0x10/0x10 [ 58.008623][ T3501] ? __might_sleep+0xc0/0xc0 [ 58.013225][ T3501] __mutex_lock_common+0x1da/0x25a0 [ 58.018427][ T3501] ? virtual_nci_close+0x13/0x40 [ 58.023359][ T3501] ? __wake_up_klogd+0xd5/0x100 [ 58.028237][ T3501] ? vprintk_emit+0xee/0x150 [ 58.032820][ T3501] ? virtual_nci_close+0x13/0x40 [ 58.037760][ T3501] ? _printk+0xd1/0x111 [ 58.041946][ T3501] ? mutex_lock_io_nested+0x60/0x60 [ 58.047142][ T3501] ? panic+0x84d/0x84d [ 58.051226][ T3501] ? _raw_spin_unlock_irq+0x1f/0x40 [ 58.056418][ T3501] mutex_lock_nested+0x17/0x20 [ 58.061194][ T3501] virtual_nci_close+0x13/0x40 [ 58.065955][ T3501] nci_close_device+0x3a8/0x5f0 [ 58.070799][ T3501] ? nci_unregister_device+0x230/0x230 [ 58.076294][ T3501] ? mutex_unlock+0x10/0x10 [ 58.080834][ T3501] nci_unregister_device+0x3c/0x230 [ 58.086147][ T3501] ? virtual_ncidev_open+0xc0/0xc0 [ 58.091264][ T3501] virtual_ncidev_close+0x55/0x90 [ 58.096292][ T3501] ? virtual_ncidev_open+0xc0/0xc0 [ 58.101932][ T3501] __fput+0x3bf/0x890 [ 58.105923][ T3501] task_work_run+0x129/0x1a0 [ 58.110504][ T3501] do_exit+0x6a3/0x2480 [ 58.114686][ T3501] ? put_task_struct+0x80/0x80 [ 58.119458][ T3501] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 58.125455][ T3501] do_group_exit+0x144/0x310 [ 58.130059][ T3501] ? lockdep_hardirqs_on+0x94/0x130 [ 58.135352][ T3501] get_signal+0xc66/0x14e0 [ 58.139810][ T3501] arch_do_signal_or_restart+0xc3/0x1890 [ 58.145441][ T3501] ? get_sigframe_size+0x10/0x10 [ 58.150379][ T3501] ? exit_to_user_mode_loop+0x39/0x130 [ 58.155870][ T3501] exit_to_user_mode_loop+0x97/0x130 [ 58.161175][ T3501] exit_to_user_mode_prepare+0xb1/0x140 [ 58.166749][ T3501] syscall_exit_to_user_mode+0x5d/0x250 [ 58.172316][ T3501] do_syscall_64+0x49/0xb0 [ 58.176752][ T3501] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.182674][ T3501] RIP: 0033:0x7fb9f9035649 [ 58.187089][ T3501] Code: Unable to access opcode bytes at RIP 0x7fb9f903561f. [ 58.194652][ T3501] RSP: 002b:00007fb9f8fe6318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.203068][ T3501] RAX: 0000000000000024 RBX: 00007fb9f90bd428 RCX: 00007fb9f9035649 [ 58.211057][ T3501] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 58.219296][ T3501] RBP: 00007fb9f90bd420 R08: 0000000000000003 R09: 0000000000000000 [ 58.227276][ T3501] R10: 0000000000000008 R11: 0000000000000246 R12: 00007fb9f908b074 executing program [ 58.235352][ T3501] R13: 00007ffe377414af R14: 00007fb9f8fe6400 R15: 0000000000022000 [ 58.243365][ T3501] executing program [ 58.477410][ T3509] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 58.708652][ T3519] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 58.717453][ T3519] nci: nci_start_poll: failed to set local general bytes executing program [ 63.731710][ T3519] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 63.961331][ T3522] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 63.970167][ T3522] nci: nci_start_poll: failed to set local general bytes