DUID 00:04:17:4d:40:87:6e:bf:2d:0e:65:92:c1:2a:fb:91:5f:79
forked to background, child pid 3170
[   23.997756][ T3171] 8021q: adding VLAN 0 to HW filter on device bond0
[   24.007354][ T3171] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.170' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   52.486620][ T3587] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   52.567070][ T3598] 
[   52.569412][ T3598] ======================================================
[   52.576406][ T3598] WARNING: possible circular locking dependency detected
[   52.583397][ T3598] 5.15.103-syzkaller #0 Not tainted
[   52.588563][ T3598] ------------------------------------------------------
[   52.595565][ T3598] syz-executor232/3598 is trying to acquire lock:
[   52.601947][ T3598] ffff8880786bb350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20
[   52.611064][ T3598] 
[   52.611064][ T3598] but task is already holding lock:
[   52.618401][ T3598] ffff8880786bc5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350
[   52.628992][ T3598] 
[   52.628992][ T3598] which lock already depends on the new lock.
[   52.628992][ T3598] 
[   52.639477][ T3598] 
[   52.639477][ T3598] the existing dependency chain (in reverse order) is:
[   52.648485][ T3598] 
[   52.648485][ T3598] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}:
[   52.657151][ T3598]        lock_acquire+0x1ff/0x570
[   52.662169][ T3598]        __mutex_lock_common+0x1da/0x25a0
[   52.667864][ T3598]        mutex_lock_nested+0x17/0x20
[   52.673120][ T3598]        nfc_urelease_event_work+0x113/0x2f0
[   52.679074][ T3598]        process_one_work+0x90d/0x1270
[   52.684507][ T3598]        worker_thread+0xaca/0x1280
[   52.689676][ T3598]        kthread+0x3f6/0x4f0
[   52.694242][ T3598]        ret_from_fork+0x1f/0x30
[   52.699154][ T3598] 
[   52.699154][ T3598] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}:
[   52.706938][ T3598]        lock_acquire+0x1ff/0x570
[   52.711937][ T3598]        __mutex_lock_common+0x1da/0x25a0
[   52.717630][ T3598]        mutex_lock_nested+0x17/0x20
[   52.722890][ T3598]        nfc_register_device+0x38/0x310
[   52.728414][ T3598]        nci_register_device+0x7be/0x900
[   52.734028][ T3598]        virtual_ncidev_open+0x55/0xc0
[   52.739493][ T3598]        misc_open+0x304/0x380
[   52.744229][ T3598]        chrdev_open+0x54a/0x630
[   52.749138][ T3598]        do_dentry_open+0x807/0xfb0
[   52.754307][ T3598]        path_openat+0x2702/0x2f20
[   52.759391][ T3598]        do_filp_open+0x21c/0x460
[   52.764394][ T3598]        do_sys_openat2+0x13b/0x500
[   52.769576][ T3598]        __x64_sys_openat+0x243/0x290
[   52.774932][ T3598]        do_syscall_64+0x3d/0xb0
[   52.779851][ T3598]        entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.786251][ T3598] 
[   52.786251][ T3598] -> #1 (nci_mutex){+.+.}-{3:3}:
[   52.793343][ T3598]        lock_acquire+0x1ff/0x570
[   52.798346][ T3598]        __mutex_lock_common+0x1da/0x25a0
[   52.804057][ T3598]        mutex_lock_nested+0x17/0x20
[   52.809317][ T3598]        virtual_nci_close+0x13/0x40
[   52.814581][ T3598]        nci_dev_up+0x954/0xd40
[   52.819417][ T3598]        nfc_dev_up+0x185/0x330
[   52.824241][ T3598]        nfc_genl_dev_up+0x80/0xd0
[   52.829326][ T3598]        genl_rcv_msg+0xfbd/0x14a0
[   52.834408][ T3598]        netlink_rcv_skb+0x1cf/0x410
[   52.839667][ T3598]        genl_rcv+0x24/0x40
[   52.844147][ T3598]        netlink_unicast+0x7b6/0x980
[   52.849415][ T3598]        netlink_sendmsg+0xa30/0xd60
[   52.854695][ T3598]        ____sys_sendmsg+0x59e/0x8f0
[   52.859963][ T3598]        ___sys_sendmsg+0x252/0x2e0
[   52.865140][ T3598]        __se_sys_sendmsg+0x19a/0x260
[   52.870492][ T3598]        do_syscall_64+0x3d/0xb0
[   52.875414][ T3598]        entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.881809][ T3598] 
[   52.881809][ T3598] -> #0 (&ndev->req_lock){+.+.}-{3:3}:
[   52.889424][ T3598]        validate_chain+0x1646/0x58b0
[   52.894778][ T3598]        __lock_acquire+0x1295/0x1ff0
[   52.900126][ T3598]        lock_acquire+0x1ff/0x570
[   52.905125][ T3598]        __mutex_lock_common+0x1da/0x25a0
[   52.910820][ T3598]        mutex_lock_nested+0x17/0x20
[   52.916097][ T3598]        nci_start_poll+0x59f/0xf20
[   52.921270][ T3598]        nfc_start_poll+0x184/0x2f0
[   52.926441][ T3598]        nfc_genl_start_poll+0x1e7/0x350
[   52.932048][ T3598]        genl_rcv_msg+0xfbd/0x14a0
[   52.937132][ T3598]        netlink_rcv_skb+0x1cf/0x410
[   52.942389][ T3598]        genl_rcv+0x24/0x40
[   52.946861][ T3598]        netlink_unicast+0x7b6/0x980
[   52.952120][ T3598]        netlink_sendmsg+0xa30/0xd60
[   52.957381][ T3598]        ____sys_sendmsg+0x59e/0x8f0
[   52.962638][ T3598]        ___sys_sendmsg+0x252/0x2e0
[   52.967823][ T3598]        __se_sys_sendmsg+0x19a/0x260
[   52.973171][ T3598]        do_syscall_64+0x3d/0xb0
[   52.978095][ T3598]        entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   52.984502][ T3598] 
[   52.984502][ T3598] other info that might help us debug this:
[   52.984502][ T3598] 
[   52.994712][ T3598] Chain exists of:
[   52.994712][ T3598]   &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex
[   52.994712][ T3598] 
[   53.008950][ T3598]  Possible unsafe locking scenario:
[   53.008950][ T3598] 
[   53.016373][ T3598]        CPU0                    CPU1
[   53.021710][ T3598]        ----                    ----
[   53.027047][ T3598]   lock(&genl_data->genl_data_mutex);
[   53.032481][ T3598]                                lock(nfc_devlist_mutex);
[   53.039560][ T3598]                                lock(&genl_data->genl_data_mutex);
[   53.047513][ T3598]   lock(&ndev->req_lock);
[   53.051900][ T3598] 
[   53.051900][ T3598]  *** DEADLOCK ***
[   53.051900][ T3598] 
[   53.060020][ T3598] 4 locks held by syz-executor232/3598:
[   53.065538][ T3598]  #0: ffffffff8da386b0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40
[   53.073707][ T3598]  #1: ffffffff8da38568 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0
[   53.082819][ T3598]  #2: ffff8880786bc5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350
[   53.093827][ T3598]  #3: ffff8880786bc190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0
[   53.102932][ T3598] 
[   53.102932][ T3598] stack backtrace:
[   53.108792][ T3598] CPU: 1 PID: 3598 Comm: syz-executor232 Not tainted 5.15.103-syzkaller #0
[   53.117349][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   53.127377][ T3598] Call Trace:
[   53.130639][ T3598]  <TASK>
[   53.133547][ T3598]  dump_stack_lvl+0x1e3/0x2cb
[   53.138202][ T3598]  ? io_uring_drop_tctx_refs+0x19d/0x19d
[   53.143816][ T3598]  ? print_circular_bug+0x12b/0x1a0
[   53.149000][ T3598]  check_noncircular+0x2f8/0x3b0
[   53.153921][ T3598]  ? add_chain_block+0x850/0x850
[   53.158839][ T3598]  ? lockdep_lock+0x11f/0x2a0
[   53.163510][ T3598]  ? mark_lock+0x98/0x340
[   53.167818][ T3598]  validate_chain+0x1646/0x58b0
[   53.172646][ T3598]  ? print_irqtrace_events+0x210/0x210
[   53.178083][ T3598]  ? lockdep_hardirqs_on+0x94/0x130
[   53.183255][ T3598]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   53.189127][ T3598]  ? _raw_spin_unlock+0x40/0x40
[   53.193948][ T3598]  ? stack_trace_save+0x113/0x1c0
[   53.198946][ T3598]  ? reacquire_held_locks+0x660/0x660
[   53.204304][ T3598]  ? stack_trace_snprint+0xe0/0xe0
[   53.209390][ T3598]  ? stack_depot_save+0x3db/0x440
[   53.214405][ T3598]  ? kfree+0x115/0x2e0
[   53.218446][ T3598]  ? kasan_set_track+0x62/0x80
[   53.223207][ T3598]  ? kasan_set_track+0x4b/0x80
[   53.227944][ T3598]  ? kasan_set_free_info+0x1f/0x40
[   53.233043][ T3598]  ? ____kasan_slab_free+0xd8/0x120
[   53.238215][ T3598]  ? slab_free_freelist_hook+0xdd/0x160
[   53.243733][ T3598]  ? kfree+0x115/0x2e0
[   53.247773][ T3598]  ? nfc_llcp_build_gb+0x4a2/0x710
[   53.252861][ T3598]  ? nfc_llcp_general_bytes+0x91/0x140
[   53.258292][ T3598]  ? nci_start_poll+0x4e9/0xf20
[   53.263131][ T3598]  ? nfc_start_poll+0x184/0x2f0
[   53.267953][ T3598]  ? nfc_genl_start_poll+0x1e7/0x350
[   53.273211][ T3598]  ? netlink_rcv_skb+0x1cf/0x410
[   53.278122][ T3598]  ? mark_lock+0x98/0x340
[   53.282426][ T3598]  ? do_syscall_64+0x3d/0xb0
[   53.286990][ T3598]  __lock_acquire+0x1295/0x1ff0
[   53.291819][ T3598]  lock_acquire+0x1ff/0x570
[   53.296295][ T3598]  ? nci_start_poll+0x59f/0xf20
[   53.301120][ T3598]  ? read_lock_is_recursive+0x10/0x10
[   53.306464][ T3598]  ? kasan_quarantine_put+0xd4/0x220
[   53.311723][ T3598]  ? lockdep_hardirqs_on+0x94/0x130
[   53.316893][ T3598]  ? __might_sleep+0xc0/0xc0
[   53.321459][ T3598]  ? slab_free_freelist_hook+0xdd/0x160
[   53.326987][ T3598]  __mutex_lock_common+0x1da/0x25a0
[   53.332162][ T3598]  ? nci_start_poll+0x59f/0xf20
[   53.337015][ T3598]  ? nci_start_poll+0x59f/0xf20
[   53.341852][ T3598]  ? nfc_llcp_general_bytes+0x140/0x140
[   53.347370][ T3598]  ? mutex_lock_io_nested+0x60/0x60
[   53.352552][ T3598]  ? read_lock_is_recursive+0x10/0x10
[   53.357913][ T3598]  mutex_lock_nested+0x17/0x20
[   53.362672][ T3598]  nci_start_poll+0x59f/0xf20
[   53.367339][ T3598]  ? nci_dev_down+0x40/0x40
[   53.371827][ T3598]  ? __mutex_lock_common+0x444/0x25a0
[   53.377195][ T3598]  ? nfc_get_device+0xf0/0xf0
[   53.381857][ T3598]  ? nfc_start_poll+0x56/0x2f0
[   53.386597][ T3598]  ? class_for_each_device+0x2b0/0x2b0
[   53.392037][ T3598]  ? mutex_lock_io_nested+0x60/0x60
[   53.397217][ T3598]  ? mutex_lock_io_nested+0x60/0x60
[   53.402396][ T3598]  ? nfc_get_device+0x94/0xf0
[   53.407053][ T3598]  nfc_start_poll+0x184/0x2f0
[   53.411712][ T3598]  nfc_genl_start_poll+0x1e7/0x350
[   53.416798][ T3598]  genl_rcv_msg+0xfbd/0x14a0
[   53.421378][ T3598]  ? genl_bind+0x370/0x370
[   53.425766][ T3598]  ? arch_stack_walk+0xf3/0x140
[   53.430592][ T3598]  ? mark_lock+0x98/0x340
[   53.434901][ T3598]  ? __lock_acquire+0x1295/0x1ff0
[   53.439905][ T3598]  ? nfc_genl_dev_down+0xd0/0xd0
[   53.444819][ T3598]  netlink_rcv_skb+0x1cf/0x410
[   53.449575][ T3598]  ? genl_bind+0x370/0x370
[   53.453978][ T3598]  ? netlink_ack+0xb10/0xb10
[   53.458553][ T3598]  ? __down_read_common+0x184/0x2c0
[   53.463740][ T3598]  genl_rcv+0x24/0x40
[   53.467695][ T3598]  netlink_unicast+0x7b6/0x980
[   53.472434][ T3598]  ? netlink_detachskb+0x90/0x90
[   53.477360][ T3598]  ? 0xffffffff81000000
[   53.481491][ T3598]  ? __check_object_size+0x300/0x410
[   53.486792][ T3598]  ? bpf_lsm_netlink_send+0x5/0x10
[   53.491921][ T3598]  netlink_sendmsg+0xa30/0xd60
[   53.496705][ T3598]  ? netlink_getsockopt+0x9d0/0x9d0
[   53.501893][ T3598]  ? aa_sock_msg_perm+0x91/0x150
[   53.506814][ T3598]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[   53.512076][ T3598]  ? security_socket_sendmsg+0x7d/0xa0
[   53.517508][ T3598]  ? netlink_getsockopt+0x9d0/0x9d0
[   53.522685][ T3598]  ____sys_sendmsg+0x59e/0x8f0
[   53.527430][ T3598]  ? iovec_from_user+0x300/0x390
[   53.532343][ T3598]  ? __sys_sendmsg_sock+0x30/0x30
[   53.537354][ T3598]  ___sys_sendmsg+0x252/0x2e0
[   53.542013][ T3598]  ? __sys_sendmsg+0x260/0x260
[   53.546751][ T3598]  ? rcu_lock_release+0x9/0x20
[   53.551504][ T3598]  ? __fdget+0x191/0x220
[   53.555734][ T3598]  __se_sys_sendmsg+0x19a/0x260
[   53.560585][ T3598]  ? __x64_sys_sendmsg+0x80/0x80
[   53.565504][ T3598]  ? syscall_enter_from_user_mode+0x2e/0x290
[   53.571470][ T3598]  ? lockdep_hardirqs_on+0x94/0x130
[   53.576643][ T3598]  ? syscall_enter_from_user_mode+0x2e/0x290
[   53.582594][ T3598]  do_syscall_64+0x3d/0xb0
[   53.586991][ T3598]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   53.592862][ T3598] RIP: 0033:0x7fcb6d865649
[   53.597253][ T3598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   53.616830][ T3598] RSP: 002b:00007fcb6d7f5318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   53.625217][ T3598] RAX: ffffffffffffffda RBX: 00007fcb6d8ed438 RCX: 00007fcb6d865649
[   53.633163][ T3598] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004
[   53.641108][ T3598] RBP: 00007fcb6d8ed430 R08: 0000000000000003 R09: 0000000000000000
[   53.649054][ T3598] R10: 0000000000000008 R11: 0000000000000246 R12: 00007fcb6d8bb074
[   53.657003][ T3598] R13: 00007fffeaa12f2f R14: 00007fcb6d7f5400 R15: 0000000000022000
[   53.664952][ T3598]  </TASK>
[   53.669053][ T3598] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   53.681905][ T3598] nci: nci_start_poll: failed to set local general bytes
executing program
[   58.720138][ T3598] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
[   58.950135][ T3600] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   58.958881][ T3600] nci: nci_start_poll: failed to set local general bytes