DUID 00:04:70:54:fc:d0:2a:32:b7:62:cf:21:72:23:c9:95:e9:3f forked to background, child pid 3175 [ 22.867862][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.877916][ T3176] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.224' (ED25519) to the list of known hosts. Setting up swapspace version 1, size = 127995904 bytes syzkaller login: [ 48.477182][ T3500] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 48.568499][ T592] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.576448][ T592] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.585828][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 48.604059][ T592] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 executing program [ 48.612072][ T592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.621490][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 48.858507][ T3513] nci: nci_start_poll: failed to set local general bytes [ 50.513233][ T13] Bluetooth: hci0: command 0x0409 tx timeout [ 52.592630][ T13] Bluetooth: hci0: command 0x041b tx timeout [ 53.872965][ T3504] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 53.881663][ T3504] [ 53.883975][ T3504] ====================================================== [ 53.890966][ T3504] WARNING: possible circular locking dependency detected [ 53.897954][ T3504] 5.15.145-syzkaller #0 Not tainted [ 53.903122][ T3504] ------------------------------------------------------ [ 53.910111][ T3504] syz-executor936/3504 is trying to acquire lock: [ 53.916489][ T3504] ffffffff8d133728 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x13/0x40 [ 53.925171][ T3504] [ 53.925171][ T3504] but task is already holding lock: [ 53.932506][ T3504] ffff888075695350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 53.941782][ T3504] [ 53.941782][ T3504] which lock already depends on the new lock. [ 53.941782][ T3504] [ 53.952164][ T3504] [ 53.952164][ T3504] the existing dependency chain (in reverse order) is: [ 53.961155][ T3504] [ 53.961155][ T3504] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 53.968773][ T3504] lock_acquire+0x1db/0x4f0 [ 53.973778][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 53.979475][ T3504] mutex_lock_nested+0x17/0x20 [ 53.984736][ T3504] nci_start_poll+0x59f/0xf20 [ 53.989915][ T3504] nfc_start_poll+0x184/0x2f0 [ 53.995108][ T3504] nfc_genl_start_poll+0x1e7/0x350 [ 54.000741][ T3504] genl_rcv_msg+0xfbd/0x14a0 [ 54.005937][ T3504] netlink_rcv_skb+0x1cf/0x410 [ 54.011200][ T3504] genl_rcv+0x24/0x40 [ 54.015677][ T3504] netlink_unicast+0x7b6/0x980 [ 54.020934][ T3504] netlink_sendmsg+0xa30/0xd60 [ 54.026192][ T3504] ____sys_sendmsg+0x59e/0x8f0 [ 54.031449][ T3504] ___sys_sendmsg+0x252/0x2e0 [ 54.036629][ T3504] __se_sys_sendmsg+0x19a/0x260 [ 54.041989][ T3504] do_syscall_64+0x3d/0xb0 [ 54.046914][ T3504] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.053318][ T3504] [ 54.053318][ T3504] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 54.062094][ T3504] lock_acquire+0x1db/0x4f0 [ 54.067454][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 54.073165][ T3504] mutex_lock_nested+0x17/0x20 [ 54.078451][ T3504] nfc_urelease_event_work+0x113/0x2f0 [ 54.084529][ T3504] process_one_work+0x8a1/0x10c0 [ 54.090163][ T3504] worker_thread+0xaca/0x1280 [ 54.095347][ T3504] kthread+0x3f6/0x4f0 [ 54.099937][ T3504] ret_from_fork+0x1f/0x30 [ 54.104853][ T3504] [ 54.104853][ T3504] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 54.112643][ T3504] lock_acquire+0x1db/0x4f0 [ 54.117646][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 54.123341][ T3504] mutex_lock_nested+0x17/0x20 [ 54.128607][ T3504] nfc_register_device+0x38/0x310 [ 54.134132][ T3504] nci_register_device+0x7be/0x900 [ 54.139772][ T3504] virtual_ncidev_open+0x55/0xc0 [ 54.145329][ T3504] misc_open+0x304/0x380 [ 54.150093][ T3504] chrdev_open+0x54a/0x630 [ 54.155003][ T3504] do_dentry_open+0x807/0xfb0 [ 54.160174][ T3504] path_openat+0x2702/0x2f20 [ 54.165261][ T3504] do_filp_open+0x21c/0x460 [ 54.170266][ T3504] do_sys_openat2+0x13b/0x500 [ 54.175443][ T3504] __x64_sys_openat+0x243/0x290 [ 54.180787][ T3504] do_syscall_64+0x3d/0xb0 [ 54.185700][ T3504] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.192091][ T3504] [ 54.192091][ T3504] -> #0 (nci_mutex){+.+.}-{3:3}: [ 54.199204][ T3504] validate_chain+0x1649/0x5930 [ 54.204554][ T3504] __lock_acquire+0x1295/0x1ff0 [ 54.209905][ T3504] lock_acquire+0x1db/0x4f0 [ 54.214902][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 54.220600][ T3504] mutex_lock_nested+0x17/0x20 [ 54.225860][ T3504] virtual_nci_close+0x13/0x40 [ 54.231119][ T3504] nci_close_device+0x3a8/0x5f0 [ 54.236466][ T3504] nci_unregister_device+0x3c/0x230 [ 54.242163][ T3504] virtual_ncidev_close+0x55/0x90 [ 54.247690][ T3504] __fput+0x3bf/0x890 [ 54.252172][ T3504] task_work_run+0x129/0x1a0 [ 54.257257][ T3504] exit_to_user_mode_loop+0x106/0x130 [ 54.263132][ T3504] exit_to_user_mode_prepare+0xb1/0x140 [ 54.269175][ T3504] syscall_exit_to_user_mode+0x5d/0x250 [ 54.275248][ T3504] do_syscall_64+0x49/0xb0 [ 54.280252][ T3504] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.286732][ T3504] [ 54.286732][ T3504] other info that might help us debug this: [ 54.286732][ T3504] [ 54.296933][ T3504] Chain exists of: [ 54.296933][ T3504] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 54.296933][ T3504] [ 54.310801][ T3504] Possible unsafe locking scenario: [ 54.310801][ T3504] [ 54.318230][ T3504] CPU0 CPU1 [ 54.323570][ T3504] ---- ---- [ 54.328909][ T3504] lock(&ndev->req_lock); [ 54.333416][ T3504] lock(&genl_data->genl_data_mutex); [ 54.341378][ T3504] lock(&ndev->req_lock); [ 54.348324][ T3504] lock(nci_mutex); [ 54.352206][ T3504] [ 54.352206][ T3504] *** DEADLOCK *** [ 54.352206][ T3504] [ 54.360340][ T3504] 1 lock held by syz-executor936/3504: [ 54.365884][ T3504] #0: ffff888075695350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 54.375714][ T3504] [ 54.375714][ T3504] stack backtrace: [ 54.381668][ T3504] CPU: 0 PID: 3504 Comm: syz-executor936 Not tainted 5.15.145-syzkaller #0 [ 54.390228][ T3504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 54.400263][ T3504] Call Trace: [ 54.403525][ T3504] [ 54.406434][ T3504] dump_stack_lvl+0x1e3/0x2cb [ 54.411092][ T3504] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 54.416728][ T3504] ? print_circular_bug+0x12b/0x1a0 [ 54.421906][ T3504] check_noncircular+0x2f8/0x3b0 [ 54.426855][ T3504] ? add_chain_block+0x850/0x850 [ 54.431772][ T3504] ? lockdep_lock+0x11f/0x2a0 [ 54.436429][ T3504] validate_chain+0x1649/0x5930 [ 54.441387][ T3504] ? mark_lock+0x98/0x340 [ 54.445818][ T3504] ? reacquire_held_locks+0x660/0x660 [ 54.451260][ T3504] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 54.457234][ T3504] ? _raw_spin_unlock+0x40/0x40 [ 54.462109][ T3504] ? __up_console_sem+0x124/0x1e0 [ 54.467177][ T3504] ? prb_read_valid+0xa5/0xf0 [ 54.471844][ T3504] ? console_lock+0x70/0x70 [ 54.476339][ T3504] ? prb_final_commit+0x20/0x20 [ 54.481171][ T3504] ? mark_lock+0x98/0x340 [ 54.485562][ T3504] ? console_unlock+0xdbc/0x12b0 [ 54.490478][ T3504] __lock_acquire+0x1295/0x1ff0 [ 54.495305][ T3504] lock_acquire+0x1db/0x4f0 [ 54.499784][ T3504] ? virtual_nci_close+0x13/0x40 [ 54.504721][ T3504] ? read_lock_is_recursive+0x10/0x10 [ 54.510079][ T3504] ? __might_sleep+0xc0/0xc0 [ 54.514650][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 54.519845][ T3504] ? virtual_nci_close+0x13/0x40 [ 54.524859][ T3504] ? __wake_up_klogd+0xd5/0x100 [ 54.529686][ T3504] ? vprintk_emit+0xf5/0x150 [ 54.534249][ T3504] ? virtual_nci_close+0x13/0x40 [ 54.539163][ T3504] ? _printk+0xd1/0x111 [ 54.543292][ T3504] ? mutex_lock_io_nested+0x60/0x60 [ 54.548468][ T3504] ? panic+0x84d/0x84d [ 54.552604][ T3504] ? _raw_spin_unlock_irq+0x1f/0x40 [ 54.557789][ T3504] mutex_lock_nested+0x17/0x20 [ 54.562622][ T3504] virtual_nci_close+0x13/0x40 [ 54.567363][ T3504] nci_close_device+0x3a8/0x5f0 [ 54.572191][ T3504] ? nci_unregister_device+0x230/0x230 [ 54.577626][ T3504] nci_unregister_device+0x3c/0x230 [ 54.582804][ T3504] ? virtual_ncidev_open+0xc0/0xc0 [ 54.587893][ T3504] virtual_ncidev_close+0x55/0x90 [ 54.592981][ T3504] ? virtual_ncidev_open+0xc0/0xc0 [ 54.598157][ T3504] __fput+0x3bf/0x890 [ 54.602121][ T3504] task_work_run+0x129/0x1a0 [ 54.606695][ T3504] exit_to_user_mode_loop+0x106/0x130 [ 54.612045][ T3504] exit_to_user_mode_prepare+0xb1/0x140 [ 54.617582][ T3504] syscall_exit_to_user_mode+0x5d/0x250 [ 54.623116][ T3504] do_syscall_64+0x49/0xb0 [ 54.627527][ T3504] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.633407][ T3504] RIP: 0033:0x7ff92c0511ca [ 54.637804][ T3504] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 23 86 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 83 86 02 00 8b 44 24 [ 54.657387][ T3504] RSP: 002b:00007ffecd4da9a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 54.665784][ T3504] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007ff92c0511ca [ 54.673756][ T3504] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 54.681888][ T3504] RBP: 00000000000003e8 R08: 0000000000000000 R09: 0000000000000010 [ 54.689876][ T3504] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ff92c0d743c [ 54.697897][ T3504] R13: 00007ffecd4daad0 R14: 00007ff92c0d7420 R15: 000000000000be48 [ 54.705878][ T3504] [ 54.709384][ T13] Bluetooth: hci0: command 0x040f tx timeout [ 54.716773][ T3504] syz-executor936 (3504) used greatest stack depth: 19576 bytes left