DUID 00:04:9a:9b:60:6a:39:26:c8:65:2f:c5:16:4d:58:03:30:c2 forked to background, child pid 3167 [ 32.385812][ T3168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.402383][ T3168] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.175' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 50.565359][ T3585] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 50.814890][ T3592] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 51.061799][ T3598] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 51.305356][ T3604] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 51.386874][ T3610] [ 51.389230][ T3610] ====================================================== [ 51.396237][ T3610] WARNING: possible circular locking dependency detected [ 51.403245][ T3610] 5.15.99-syzkaller #0 Not tainted [ 51.408377][ T3610] ------------------------------------------------------ [ 51.415383][ T3610] syz-executor149/3610 is trying to acquire lock: [ 51.421790][ T3610] ffff88801dfaa350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 51.430936][ T3610] [ 51.430936][ T3610] but task is already holding lock: [ 51.438290][ T3610] ffff88801dfab5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 51.448905][ T3610] [ 51.448905][ T3610] which lock already depends on the new lock. [ 51.448905][ T3610] [ 51.459295][ T3610] [ 51.459295][ T3610] the existing dependency chain (in reverse order) is: [ 51.468298][ T3610] [ 51.468298][ T3610] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 51.477008][ T3610] lock_acquire+0x1ff/0x570 [ 51.482100][ T3610] __mutex_lock_common+0x1da/0x25a0 [ 51.487821][ T3610] mutex_lock_nested+0x17/0x20 [ 51.493108][ T3610] nfc_urelease_event_work+0x113/0x2f0 [ 51.499100][ T3610] process_one_work+0x90d/0x1270 [ 51.504579][ T3610] worker_thread+0xaca/0x1280 [ 51.509772][ T3610] kthread+0x3f6/0x4f0 [ 51.514376][ T3610] ret_from_fork+0x1f/0x30 [ 51.519316][ T3610] [ 51.519316][ T3610] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 51.527123][ T3610] lock_acquire+0x1ff/0x570 [ 51.532149][ T3610] __mutex_lock_common+0x1da/0x25a0 [ 51.537873][ T3610] mutex_lock_nested+0x17/0x20 [ 51.543157][ T3610] nfc_register_device+0x38/0x310 [ 51.548700][ T3610] nci_register_device+0x7be/0x900 [ 51.554351][ T3610] virtual_ncidev_open+0x55/0xc0 [ 51.559823][ T3610] misc_open+0x304/0x380 [ 51.564588][ T3610] chrdev_open+0x54a/0x630 [ 51.569649][ T3610] do_dentry_open+0x807/0xfb0 [ 51.574850][ T3610] path_openat+0x26c8/0x2ee0 [ 51.579977][ T3610] do_filp_open+0x21c/0x460 [ 51.585006][ T3610] do_sys_openat2+0x13b/0x500 [ 51.590398][ T3610] __x64_sys_openat+0x243/0x290 [ 51.595770][ T3610] do_syscall_64+0x3d/0xb0 [ 51.600702][ T3610] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 51.607110][ T3610] [ 51.607110][ T3610] -> #1 (nci_mutex){+.+.}-{3:3}: [ 51.614242][ T3610] lock_acquire+0x1ff/0x570 [ 51.619268][ T3610] __mutex_lock_common+0x1da/0x25a0 [ 51.624980][ T3610] mutex_lock_nested+0x17/0x20 [ 51.630257][ T3610] virtual_nci_close+0x13/0x40 [ 51.635536][ T3610] nci_dev_up+0x954/0xd40 [ 51.640375][ T3610] nfc_dev_up+0x185/0x330 [ 51.645213][ T3610] nfc_genl_dev_up+0x80/0xd0 [ 51.650324][ T3610] genl_rcv_msg+0xfbd/0x14a0 [ 51.655426][ T3610] netlink_rcv_skb+0x1cf/0x410 [ 51.660735][ T3610] genl_rcv+0x24/0x40 [ 51.665230][ T3610] netlink_unicast+0x7b6/0x980 [ 51.670507][ T3610] netlink_sendmsg+0xa30/0xd60 [ 51.675780][ T3610] ____sys_sendmsg+0x59e/0x8f0 [ 51.681052][ T3610] ___sys_sendmsg+0x252/0x2e0 [ 51.686239][ T3610] __se_sys_sendmsg+0x19a/0x260 [ 51.691600][ T3610] do_syscall_64+0x3d/0xb0 [ 51.696531][ T3610] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 51.702935][ T3610] [ 51.702935][ T3610] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 51.710580][ T3610] validate_chain+0x1646/0x58b0 [ 51.715940][ T3610] __lock_acquire+0x1295/0x1ff0 [ 51.721310][ T3610] lock_acquire+0x1ff/0x570 [ 51.726337][ T3610] __mutex_lock_common+0x1da/0x25a0 [ 51.732049][ T3610] mutex_lock_nested+0x17/0x20 [ 51.737325][ T3610] nci_start_poll+0x59f/0xf20 [ 51.742514][ T3610] nfc_start_poll+0x184/0x2f0 [ 51.747700][ T3610] nfc_genl_start_poll+0x1e7/0x350 [ 51.753321][ T3610] genl_rcv_msg+0xfbd/0x14a0 [ 51.758419][ T3610] netlink_rcv_skb+0x1cf/0x410 [ 51.763695][ T3610] genl_rcv+0x24/0x40 [ 51.768193][ T3610] netlink_unicast+0x7b6/0x980 [ 51.773470][ T3610] netlink_sendmsg+0xa30/0xd60 [ 51.778747][ T3610] ____sys_sendmsg+0x59e/0x8f0 [ 51.784018][ T3610] ___sys_sendmsg+0x252/0x2e0 [ 51.789202][ T3610] __se_sys_sendmsg+0x19a/0x260 [ 51.794567][ T3610] do_syscall_64+0x3d/0xb0 [ 51.799493][ T3610] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 51.805902][ T3610] [ 51.805902][ T3610] other info that might help us debug this: [ 51.805902][ T3610] [ 51.816122][ T3610] Chain exists of: [ 51.816122][ T3610] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 51.816122][ T3610] [ 51.830356][ T3610] Possible unsafe locking scenario: [ 51.830356][ T3610] [ 51.837795][ T3610] CPU0 CPU1 [ 51.843144][ T3610] ---- ---- [ 51.848493][ T3610] lock(&genl_data->genl_data_mutex); [ 51.853939][ T3610] lock(nfc_devlist_mutex); [ 51.861035][ T3610] lock(&genl_data->genl_data_mutex); [ 51.869002][ T3610] lock(&ndev->req_lock); [ 51.873407][ T3610] [ 51.873407][ T3610] *** DEADLOCK *** [ 51.873407][ T3610] [ 51.881534][ T3610] 4 locks held by syz-executor149/3610: [ 51.887065][ T3610] #0: ffffffff8da38c30 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 51.895235][ T3610] #1: ffffffff8da38ae8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 51.904276][ T3610] #2: ffff88801dfab5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 51.915329][ T3610] #3: ffff88801dfab190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 51.924457][ T3610] [ 51.924457][ T3610] stack backtrace: [ 51.930331][ T3610] CPU: 0 PID: 3610 Comm: syz-executor149 Not tainted 5.15.99-syzkaller #0 [ 51.938834][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 51.948892][ T3610] Call Trace: [ 51.952163][ T3610] [ 51.955091][ T3610] dump_stack_lvl+0x1e3/0x2cb [ 51.959770][ T3610] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 51.965439][ T3610] ? print_circular_bug+0x12b/0x1a0 [ 51.970628][ T3610] check_noncircular+0x2f8/0x3b0 [ 51.975676][ T3610] ? add_chain_block+0x850/0x850 [ 51.980636][ T3610] ? lockdep_lock+0x11f/0x2a0 [ 51.985318][ T3610] ? mark_lock+0x98/0x340 [ 51.989639][ T3610] validate_chain+0x1646/0x58b0 [ 51.994498][ T3610] ? print_irqtrace_events+0x210/0x210 [ 52.000060][ T3610] ? lockdep_hardirqs_on+0x94/0x130 [ 52.005311][ T3610] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 52.011200][ T3610] ? _raw_spin_unlock+0x40/0x40 [ 52.016137][ T3610] ? stack_trace_save+0x113/0x1c0 [ 52.021174][ T3610] ? reacquire_held_locks+0x660/0x660 [ 52.026540][ T3610] ? stack_trace_snprint+0xe0/0xe0 [ 52.031651][ T3610] ? stack_depot_save+0x3db/0x440 [ 52.036678][ T3610] ? kfree+0x115/0x2e0 [ 52.040749][ T3610] ? kasan_set_track+0x62/0x80 [ 52.045505][ T3610] ? kasan_set_track+0x4b/0x80 [ 52.050259][ T3610] ? kasan_set_free_info+0x1f/0x40 [ 52.055371][ T3610] ? ____kasan_slab_free+0xd8/0x120 [ 52.060586][ T3610] ? slab_free_freelist_hook+0xdd/0x160 [ 52.066122][ T3610] ? kfree+0x115/0x2e0 [ 52.070200][ T3610] ? nfc_llcp_build_gb+0x4a2/0x710 [ 52.075304][ T3610] ? nfc_llcp_general_bytes+0x91/0x140 [ 52.080755][ T3610] ? nci_start_poll+0x4e9/0xf20 [ 52.085595][ T3610] ? nfc_start_poll+0x184/0x2f0 [ 52.090439][ T3610] ? nfc_genl_start_poll+0x1e7/0x350 [ 52.095733][ T3610] ? netlink_rcv_skb+0x1cf/0x410 [ 52.100664][ T3610] ? mark_lock+0x98/0x340 [ 52.104985][ T3610] ? do_syscall_64+0x3d/0xb0 [ 52.109584][ T3610] __lock_acquire+0x1295/0x1ff0 [ 52.114442][ T3610] lock_acquire+0x1ff/0x570 [ 52.119023][ T3610] ? nci_start_poll+0x59f/0xf20 [ 52.123890][ T3610] ? read_lock_is_recursive+0x10/0x10 [ 52.129256][ T3610] ? kasan_quarantine_put+0xd4/0x220 [ 52.135636][ T3610] ? lockdep_hardirqs_on+0x94/0x130 [ 52.140859][ T3610] ? __might_sleep+0xc0/0xc0 [ 52.145476][ T3610] ? slab_free_freelist_hook+0xdd/0x160 [ 52.151032][ T3610] __mutex_lock_common+0x1da/0x25a0 [ 52.156240][ T3610] ? nci_start_poll+0x59f/0xf20 [ 52.161094][ T3610] ? nci_start_poll+0x59f/0xf20 [ 52.165942][ T3610] ? nfc_llcp_general_bytes+0x140/0x140 [ 52.171484][ T3610] ? mutex_lock_io_nested+0x60/0x60 [ 52.176682][ T3610] ? read_lock_is_recursive+0x10/0x10 [ 52.182229][ T3610] mutex_lock_nested+0x17/0x20 [ 52.186991][ T3610] nci_start_poll+0x59f/0xf20 [ 52.191670][ T3610] ? nci_dev_down+0x40/0x40 [ 52.196351][ T3610] ? __mutex_lock_common+0x444/0x25a0 [ 52.201727][ T3610] ? nfc_get_device+0xf0/0xf0 [ 52.206408][ T3610] ? nfc_start_poll+0x56/0x2f0 [ 52.211213][ T3610] ? class_for_each_device+0x2b0/0x2b0 [ 52.216690][ T3610] ? mutex_lock_io_nested+0x60/0x60 [ 52.221887][ T3610] ? mutex_lock_io_nested+0x60/0x60 [ 52.227102][ T3610] ? nfc_get_device+0x94/0xf0 [ 52.231801][ T3610] nfc_start_poll+0x184/0x2f0 [ 52.236561][ T3610] nfc_genl_start_poll+0x1e7/0x350 [ 52.241669][ T3610] genl_rcv_msg+0xfbd/0x14a0 [ 52.246252][ T3610] ? genl_bind+0x370/0x370 [ 52.250661][ T3610] ? arch_stack_walk+0xf3/0x140 [ 52.255505][ T3610] ? mark_lock+0x98/0x340 [ 52.259830][ T3610] ? __lock_acquire+0x1295/0x1ff0 [ 52.264849][ T3610] ? nfc_genl_dev_down+0xd0/0xd0 [ 52.269784][ T3610] netlink_rcv_skb+0x1cf/0x410 [ 52.274543][ T3610] ? genl_bind+0x370/0x370 [ 52.278943][ T3610] ? netlink_ack+0xb10/0xb10 [ 52.283535][ T3610] ? __down_read_common+0x184/0x2c0 [ 52.288736][ T3610] genl_rcv+0x24/0x40 [ 52.292730][ T3610] netlink_unicast+0x7b6/0x980 [ 52.297493][ T3610] ? netlink_detachskb+0x90/0x90 [ 52.302423][ T3610] ? 0xffffffff81000000 [ 52.306563][ T3610] ? __check_object_size+0x300/0x410 [ 52.311937][ T3610] ? bpf_lsm_netlink_send+0x5/0x10 [ 52.317057][ T3610] netlink_sendmsg+0xa30/0xd60 [ 52.321811][ T3610] ? netlink_getsockopt+0x9d0/0x9d0 [ 52.327010][ T3610] ? aa_sock_msg_perm+0x91/0x150 [ 52.331931][ T3610] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 52.337206][ T3610] ? security_socket_sendmsg+0x7d/0xa0 [ 52.342655][ T3610] ? netlink_getsockopt+0x9d0/0x9d0 [ 52.347847][ T3610] ____sys_sendmsg+0x59e/0x8f0 [ 52.352598][ T3610] ? iovec_from_user+0x300/0x390 [ 52.357543][ T3610] ? __sys_sendmsg_sock+0x30/0x30 [ 52.362570][ T3610] ___sys_sendmsg+0x252/0x2e0 [ 52.367256][ T3610] ? __sys_sendmsg+0x260/0x260 [ 52.372031][ T3610] ? rcu_lock_release+0x9/0x20 [ 52.376806][ T3610] ? __fdget+0x191/0x220 [ 52.381029][ T3610] __se_sys_sendmsg+0x19a/0x260 [ 52.385872][ T3610] ? __x64_sys_sendmsg+0x80/0x80 [ 52.390814][ T3610] ? syscall_enter_from_user_mode+0x2e/0x290 [ 52.396888][ T3610] ? lockdep_hardirqs_on+0x94/0x130 [ 52.402081][ T3610] ? syscall_enter_from_user_mode+0x2e/0x290 [ 52.408059][ T3610] do_syscall_64+0x3d/0xb0 [ 52.412470][ T3610] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 52.418362][ T3610] RIP: 0033:0x7ff900bda649 [ 52.422775][ T3610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 52.442376][ T3610] RSP: 002b:00007ff900b8b318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 52.450788][ T3610] RAX: ffffffffffffffda RBX: 00007ff900c62428 RCX: 00007ff900bda649 [ 52.458753][ T3610] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 52.466708][ T3610] RBP: 00007ff900c62420 R08: 0000000000000003 R09: 0000000000000000 [ 52.474678][ T3610] R10: 0000000000000008 R11: 0000000000000246 R12: 00007ff900c30074 [ 52.482638][ T3610] R13: 00007ffd089d5a6f R14: 00007ff900b8b400 R15: 0000000000022000 [ 52.490618][ T3610] [ 52.502615][ T3610] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 52.511354][ T3610] nci: nci_start_poll: failed to set local general bytes executing program [ 57.550228][ T3610] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 57.782262][ T3621] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 57.791216][ T3621] nci: nci_start_poll: failed to set local general bytes