DUID 00:04:70:54:fc:d0:2a:32:b7:62:cf:21:72:23:c9:95:e9:3f forked to background, child pid 3174 [ 22.254391][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.274916][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.225' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 44.203603][ T3501] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 44.447463][ T3508] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 44.692506][ T3514] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 44.940887][ T3520] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 45.182326][ T3526] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 45.423396][ T3532] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 45.663158][ T3538] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 45.742857][ T3544] [ 45.745307][ T3544] ====================================================== [ 45.752590][ T3544] WARNING: possible circular locking dependency detected [ 45.759774][ T3544] 5.15.117-syzkaller #0 Not tainted [ 45.764979][ T3544] ------------------------------------------------------ [ 45.772261][ T3544] syz-executor936/3544 is trying to acquire lock: [ 45.778683][ T3544] ffff888079ac7350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 45.787904][ T3544] [ 45.787904][ T3544] but task is already holding lock: [ 45.795250][ T3544] ffff8880780805d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 45.806647][ T3544] [ 45.806647][ T3544] which lock already depends on the new lock. [ 45.806647][ T3544] [ 45.817212][ T3544] [ 45.817212][ T3544] the existing dependency chain (in reverse order) is: [ 45.826824][ T3544] [ 45.826824][ T3544] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 45.835520][ T3544] lock_acquire+0x1db/0x4f0 [ 45.840622][ T3544] __mutex_lock_common+0x1da/0x25a0 [ 45.846412][ T3544] mutex_lock_nested+0x17/0x20 [ 45.851685][ T3544] nfc_urelease_event_work+0x113/0x2f0 [ 45.857650][ T3544] process_one_work+0x8a1/0x10c0 [ 45.863362][ T3544] worker_thread+0xaca/0x1280 [ 45.868662][ T3544] kthread+0x3f6/0x4f0 [ 45.873616][ T3544] ret_from_fork+0x1f/0x30 [ 45.878632][ T3544] [ 45.878632][ T3544] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 45.886428][ T3544] lock_acquire+0x1db/0x4f0 [ 45.891550][ T3544] __mutex_lock_common+0x1da/0x25a0 [ 45.897367][ T3544] mutex_lock_nested+0x17/0x20 [ 45.903531][ T3544] nfc_register_device+0x38/0x310 [ 45.909070][ T3544] nci_register_device+0x7be/0x900 [ 45.914776][ T3544] virtual_ncidev_open+0x55/0xc0 [ 45.920316][ T3544] misc_open+0x304/0x380 [ 45.925063][ T3544] chrdev_open+0x54a/0x630 [ 45.929992][ T3544] do_dentry_open+0x807/0xfb0 [ 45.935171][ T3544] path_openat+0x2702/0x2f20 [ 45.940362][ T3544] do_filp_open+0x21c/0x460 [ 45.946847][ T3544] do_sys_openat2+0x13b/0x500 [ 45.952290][ T3544] __x64_sys_openat+0x243/0x290 [ 45.958259][ T3544] do_syscall_64+0x3d/0xb0 [ 45.963190][ T3544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.969587][ T3544] [ 45.969587][ T3544] -> #1 (nci_mutex){+.+.}-{3:3}: [ 45.976686][ T3544] lock_acquire+0x1db/0x4f0 [ 45.981695][ T3544] __mutex_lock_common+0x1da/0x25a0 [ 45.987397][ T3544] mutex_lock_nested+0x17/0x20 [ 45.993013][ T3544] virtual_nci_close+0x13/0x40 [ 45.998553][ T3544] nci_dev_up+0x954/0xd40 [ 46.003391][ T3544] nfc_dev_up+0x185/0x330 [ 46.008425][ T3544] nfc_genl_dev_up+0x80/0xd0 [ 46.013524][ T3544] genl_rcv_msg+0xfbd/0x14a0 [ 46.018804][ T3544] netlink_rcv_skb+0x1cf/0x410 [ 46.024069][ T3544] genl_rcv+0x24/0x40 [ 46.028952][ T3544] netlink_unicast+0x7b6/0x980 [ 46.034365][ T3544] netlink_sendmsg+0xa30/0xd60 [ 46.040261][ T3544] ____sys_sendmsg+0x59e/0x8f0 [ 46.045525][ T3544] ___sys_sendmsg+0x252/0x2e0 [ 46.050703][ T3544] __se_sys_sendmsg+0x19a/0x260 [ 46.056054][ T3544] do_syscall_64+0x3d/0xb0 [ 46.060977][ T3544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.067635][ T3544] [ 46.067635][ T3544] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 46.075947][ T3544] validate_chain+0x1646/0x58b0 [ 46.081388][ T3544] __lock_acquire+0x1295/0x1ff0 [ 46.086863][ T3544] lock_acquire+0x1db/0x4f0 [ 46.092066][ T3544] __mutex_lock_common+0x1da/0x25a0 [ 46.097786][ T3544] mutex_lock_nested+0x17/0x20 [ 46.103053][ T3544] nci_start_poll+0x59f/0xf20 [ 46.108245][ T3544] nfc_start_poll+0x184/0x2f0 [ 46.114017][ T3544] nfc_genl_start_poll+0x1e7/0x350 [ 46.120178][ T3544] genl_rcv_msg+0xfbd/0x14a0 [ 46.125290][ T3544] netlink_rcv_skb+0x1cf/0x410 [ 46.130572][ T3544] genl_rcv+0x24/0x40 [ 46.135149][ T3544] netlink_unicast+0x7b6/0x980 [ 46.140963][ T3544] netlink_sendmsg+0xa30/0xd60 [ 46.146264][ T3544] ____sys_sendmsg+0x59e/0x8f0 [ 46.151564][ T3544] ___sys_sendmsg+0x252/0x2e0 [ 46.156963][ T3544] __se_sys_sendmsg+0x19a/0x260 [ 46.162377][ T3544] do_syscall_64+0x3d/0xb0 [ 46.167350][ T3544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.173758][ T3544] [ 46.173758][ T3544] other info that might help us debug this: [ 46.173758][ T3544] [ 46.183972][ T3544] Chain exists of: [ 46.183972][ T3544] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 46.183972][ T3544] [ 46.198197][ T3544] Possible unsafe locking scenario: [ 46.198197][ T3544] [ 46.205806][ T3544] CPU0 CPU1 [ 46.211166][ T3544] ---- ---- [ 46.216733][ T3544] lock(&genl_data->genl_data_mutex); [ 46.222185][ T3544] lock(nfc_devlist_mutex); [ 46.229284][ T3544] lock(&genl_data->genl_data_mutex); [ 46.237370][ T3544] lock(&ndev->req_lock); [ 46.241770][ T3544] [ 46.241770][ T3544] *** DEADLOCK *** [ 46.241770][ T3544] [ 46.249892][ T3544] 4 locks held by syz-executor936/3544: [ 46.255504][ T3544] #0: ffffffff8da3d170 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 46.263668][ T3544] #1: ffffffff8da3d028 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 46.272698][ T3544] #2: ffff8880780805d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 46.283727][ T3544] #3: ffff888078080190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 46.292844][ T3544] [ 46.292844][ T3544] stack backtrace: [ 46.298744][ T3544] CPU: 0 PID: 3544 Comm: syz-executor936 Not tainted 5.15.117-syzkaller #0 [ 46.307315][ T3544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 46.317361][ T3544] Call Trace: [ 46.320628][ T3544] [ 46.323649][ T3544] dump_stack_lvl+0x1e3/0x2cb [ 46.328417][ T3544] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 46.334039][ T3544] ? print_circular_bug+0x12b/0x1a0 [ 46.339218][ T3544] check_noncircular+0x2f8/0x3b0 [ 46.344233][ T3544] ? add_chain_block+0x850/0x850 [ 46.349149][ T3544] ? lockdep_lock+0x11f/0x2a0 [ 46.353814][ T3544] ? mark_lock+0x98/0x340 [ 46.358151][ T3544] validate_chain+0x1646/0x58b0 [ 46.362999][ T3544] ? print_irqtrace_events+0x210/0x210 [ 46.368452][ T3544] ? lockdep_hardirqs_on+0x94/0x130 [ 46.373783][ T3544] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 46.379694][ T3544] ? _raw_spin_unlock+0x40/0x40 [ 46.384542][ T3544] ? stack_trace_save+0x113/0x1c0 [ 46.389554][ T3544] ? reacquire_held_locks+0x660/0x660 [ 46.395114][ T3544] ? stack_trace_snprint+0xe0/0xe0 [ 46.400928][ T3544] ? stack_depot_save+0x3db/0x440 [ 46.405956][ T3544] ? kfree+0xf1/0x270 [ 46.409947][ T3544] ? kasan_set_track+0x62/0x80 [ 46.414694][ T3544] ? kasan_set_track+0x4b/0x80 [ 46.419451][ T3544] ? kasan_set_free_info+0x1f/0x40 [ 46.424800][ T3544] ? ____kasan_slab_free+0xd8/0x120 [ 46.429984][ T3544] ? slab_free_freelist_hook+0xdd/0x160 [ 46.435696][ T3544] ? kfree+0xf1/0x270 [ 46.439678][ T3544] ? nfc_llcp_build_gb+0x4a2/0x710 [ 46.444781][ T3544] ? nfc_llcp_general_bytes+0x91/0x140 [ 46.450228][ T3544] ? nci_start_poll+0x4e9/0xf20 [ 46.455065][ T3544] ? nfc_start_poll+0x184/0x2f0 [ 46.459898][ T3544] ? nfc_genl_start_poll+0x1e7/0x350 [ 46.465165][ T3544] ? netlink_rcv_skb+0x1cf/0x410 [ 46.470104][ T3544] ? mark_lock+0x98/0x340 [ 46.474427][ T3544] ? do_syscall_64+0x3d/0xb0 [ 46.479019][ T3544] __lock_acquire+0x1295/0x1ff0 [ 46.483883][ T3544] lock_acquire+0x1db/0x4f0 [ 46.488379][ T3544] ? nci_start_poll+0x59f/0xf20 [ 46.493216][ T3544] ? read_lock_is_recursive+0x10/0x10 [ 46.498667][ T3544] ? kasan_quarantine_put+0xd4/0x220 [ 46.503935][ T3544] ? lockdep_hardirqs_on+0x94/0x130 [ 46.509134][ T3544] ? __might_sleep+0xc0/0xc0 [ 46.513744][ T3544] ? slab_free_freelist_hook+0xdd/0x160 [ 46.519327][ T3544] __mutex_lock_common+0x1da/0x25a0 [ 46.524514][ T3544] ? nci_start_poll+0x59f/0xf20 [ 46.529364][ T3544] ? nci_start_poll+0x59f/0xf20 [ 46.534319][ T3544] ? nfc_llcp_general_bytes+0x140/0x140 [ 46.539868][ T3544] ? mutex_lock_io_nested+0x60/0x60 [ 46.545063][ T3544] ? read_lock_is_recursive+0x10/0x10 [ 46.551434][ T3544] mutex_lock_nested+0x17/0x20 [ 46.556198][ T3544] nci_start_poll+0x59f/0xf20 [ 46.560886][ T3544] ? nci_dev_down+0x40/0x40 [ 46.565388][ T3544] ? __mutex_lock_common+0x444/0x25a0 [ 46.570753][ T3544] ? nfc_get_device+0xf0/0xf0 [ 46.575427][ T3544] ? nfc_start_poll+0x56/0x2f0 [ 46.580321][ T3544] ? class_for_each_device+0x2b0/0x2b0 [ 46.585778][ T3544] ? mutex_lock_io_nested+0x60/0x60 [ 46.590978][ T3544] ? mutex_lock_io_nested+0x60/0x60 [ 46.596183][ T3544] ? nfc_get_device+0x94/0xf0 [ 46.600862][ T3544] nfc_start_poll+0x184/0x2f0 [ 46.605542][ T3544] nfc_genl_start_poll+0x1e7/0x350 [ 46.610683][ T3544] genl_rcv_msg+0xfbd/0x14a0 [ 46.615297][ T3544] ? genl_bind+0x370/0x370 [ 46.619704][ T3544] ? arch_stack_walk+0xf3/0x140 [ 46.624545][ T3544] ? mark_lock+0x98/0x340 [ 46.628859][ T3544] ? __lock_acquire+0x1295/0x1ff0 [ 46.633880][ T3544] ? nfc_genl_dev_down+0xd0/0xd0 [ 46.638944][ T3544] netlink_rcv_skb+0x1cf/0x410 [ 46.643742][ T3544] ? genl_bind+0x370/0x370 [ 46.648141][ T3544] ? netlink_ack+0xb10/0xb10 [ 46.652711][ T3544] ? down_read+0x1b3/0x2e0 [ 46.657107][ T3544] ? genl_rcv+0x9/0x40 [ 46.661162][ T3544] genl_rcv+0x24/0x40 [ 46.665130][ T3544] netlink_unicast+0x7b6/0x980 [ 46.669875][ T3544] ? netlink_detachskb+0x90/0x90 [ 46.675070][ T3544] ? 0xffffffff81000000 [ 46.679386][ T3544] ? __check_object_size+0x300/0x410 [ 46.684679][ T3544] ? bpf_lsm_netlink_send+0x5/0x10 [ 46.689808][ T3544] netlink_sendmsg+0xa30/0xd60 [ 46.694561][ T3544] ? netlink_getsockopt+0x5b0/0x5b0 [ 46.699800][ T3544] ? aa_sock_msg_perm+0x91/0x150 [ 46.704725][ T3544] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 46.710002][ T3544] ? security_socket_sendmsg+0x7d/0xa0 [ 46.715444][ T3544] ? netlink_getsockopt+0x5b0/0x5b0 [ 46.720712][ T3544] ____sys_sendmsg+0x59e/0x8f0 [ 46.725457][ T3544] ? iovec_from_user+0x300/0x390 [ 46.730475][ T3544] ? __sys_sendmsg_sock+0x30/0x30 [ 46.735484][ T3544] ___sys_sendmsg+0x252/0x2e0 [ 46.740143][ T3544] ? __sys_sendmsg+0x260/0x260 [ 46.744910][ T3544] ? __fdget+0x191/0x220 [ 46.749308][ T3544] __se_sys_sendmsg+0x19a/0x260 [ 46.754157][ T3544] ? __x64_sys_sendmsg+0x80/0x80 [ 46.759084][ T3544] ? syscall_enter_from_user_mode+0x2e/0x230 [ 46.765051][ T3544] ? lockdep_hardirqs_on+0x94/0x130 [ 46.770230][ T3544] ? syscall_enter_from_user_mode+0x2e/0x230 [ 46.776197][ T3544] do_syscall_64+0x3d/0xb0 [ 46.780607][ T3544] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.786481][ T3544] RIP: 0033:0x7f41b6498649 [ 46.790879][ T3544] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 46.810902][ T3544] RSP: 002b:00007f41b6449318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 46.819386][ T3544] RAX: ffffffffffffffda RBX: 00007f41b6520428 RCX: 00007f41b6498649 [ 46.827351][ T3544] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 46.835303][ T3544] RBP: 00007f41b6520420 R08: 0000000000000003 R09: 0000000000000000 [ 46.843260][ T3544] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f41b64ee074 [ 46.851212][ T3544] R13: 00007ffd689130ff R14: 00007f41b6449400 R15: 0000000000022000 [ 46.859171][ T3544] [ 46.974259][ T3544] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 46.982962][ T3544] nci: nci_start_poll: failed to set local general bytes executing program [ 51.993631][ T3544] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 52.227098][ T3551] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 52.458365][ T3557] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 52.690530][ T3567] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 52.699519][ T3567] nci: nci_start_poll: failed to set local general bytes