Warning: Permanently added '10.128.0.136' (ECDSA) to the list of known hosts. executing program executing program [ 52.966429][ T3499] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 53.211762][ T3506] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 53.454064][ T3512] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 53.697171][ T3518] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 53.938612][ T3524] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 54.177819][ T3530] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 54.257581][ T3540] [ 54.259932][ T3540] ====================================================== [ 54.266935][ T3540] WARNING: possible circular locking dependency detected [ 54.273938][ T3540] 5.15.113-syzkaller #0 Not tainted [ 54.279318][ T3540] ------------------------------------------------------ [ 54.286466][ T3540] syz-executor320/3540 is trying to acquire lock: [ 54.292865][ T3540] ffff88807c99f350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 54.302039][ T3540] [ 54.302039][ T3540] but task is already holding lock: [ 54.309483][ T3540] ffff888079be05d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 54.320195][ T3540] [ 54.320195][ T3540] which lock already depends on the new lock. [ 54.320195][ T3540] [ 54.330705][ T3540] [ 54.330705][ T3540] the existing dependency chain (in reverse order) is: [ 54.339716][ T3540] [ 54.339716][ T3540] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 54.348483][ T3540] lock_acquire+0x1db/0x4f0 [ 54.353530][ T3540] __mutex_lock_common+0x1da/0x25a0 [ 54.359249][ T3540] mutex_lock_nested+0x17/0x20 [ 54.364542][ T3540] nfc_urelease_event_work+0x113/0x2f0 [ 54.370514][ T3540] process_one_work+0x8a1/0x10c0 [ 54.376051][ T3540] worker_thread+0xaca/0x1280 [ 54.381240][ T3540] kthread+0x3f6/0x4f0 [ 54.385835][ T3540] ret_from_fork+0x1f/0x30 [ 54.390763][ T3540] [ 54.390763][ T3540] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 54.398580][ T3540] lock_acquire+0x1db/0x4f0 [ 54.403603][ T3540] __mutex_lock_common+0x1da/0x25a0 [ 54.409313][ T3540] mutex_lock_nested+0x17/0x20 [ 54.414587][ T3540] nfc_register_device+0x38/0x310 [ 54.420122][ T3540] nci_register_device+0x7be/0x900 [ 54.425767][ T3540] virtual_ncidev_open+0x55/0xc0 [ 54.431217][ T3540] misc_open+0x304/0x380 [ 54.435974][ T3540] chrdev_open+0x54a/0x630 [ 54.440898][ T3540] do_dentry_open+0x807/0xfb0 [ 54.446084][ T3540] path_openat+0x2702/0x2f20 [ 54.451186][ T3540] do_filp_open+0x21c/0x460 [ 54.456202][ T3540] do_sys_openat2+0x13b/0x500 [ 54.461393][ T3540] __x64_sys_openat+0x243/0x290 [ 54.466753][ T3540] do_syscall_64+0x3d/0xb0 [ 54.471689][ T3540] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.478093][ T3540] [ 54.478093][ T3540] -> #1 (nci_mutex){+.+.}-{3:3}: [ 54.485201][ T3540] lock_acquire+0x1db/0x4f0 [ 54.490217][ T3540] __mutex_lock_common+0x1da/0x25a0 [ 54.495935][ T3540] mutex_lock_nested+0x17/0x20 [ 54.501216][ T3540] virtual_nci_close+0x13/0x40 [ 54.506488][ T3540] nci_dev_up+0x954/0xd40 [ 54.511329][ T3540] nfc_dev_up+0x185/0x330 [ 54.516182][ T3540] nfc_genl_dev_up+0x80/0xd0 [ 54.521283][ T3540] genl_rcv_msg+0xfbd/0x14a0 [ 54.526387][ T3540] netlink_rcv_skb+0x1cf/0x410 [ 54.531666][ T3540] genl_rcv+0x24/0x40 [ 54.536157][ T3540] netlink_unicast+0x7b6/0x980 [ 54.541515][ T3540] netlink_sendmsg+0xa30/0xd60 [ 54.546787][ T3540] ____sys_sendmsg+0x59e/0x8f0 [ 54.552091][ T3540] ___sys_sendmsg+0x252/0x2e0 [ 54.557323][ T3540] __se_sys_sendmsg+0x19a/0x260 [ 54.562690][ T3540] do_syscall_64+0x3d/0xb0 [ 54.567618][ T3540] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.574020][ T3540] [ 54.574020][ T3540] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 54.581809][ T3540] validate_chain+0x1646/0x58b0 [ 54.587176][ T3540] __lock_acquire+0x1295/0x1ff0 [ 54.592623][ T3540] lock_acquire+0x1db/0x4f0 [ 54.597639][ T3540] __mutex_lock_common+0x1da/0x25a0 [ 54.603362][ T3540] mutex_lock_nested+0x17/0x20 [ 54.608639][ T3540] nci_start_poll+0x59f/0xf20 [ 54.613826][ T3540] nfc_start_poll+0x184/0x2f0 [ 54.619014][ T3540] nfc_genl_start_poll+0x1e7/0x350 [ 54.624638][ T3540] genl_rcv_msg+0xfbd/0x14a0 [ 54.629741][ T3540] netlink_rcv_skb+0x1cf/0x410 [ 54.635014][ T3540] genl_rcv+0x24/0x40 [ 54.639507][ T3540] netlink_unicast+0x7b6/0x980 [ 54.644782][ T3540] netlink_sendmsg+0xa30/0xd60 [ 54.650058][ T3540] ____sys_sendmsg+0x59e/0x8f0 [ 54.655335][ T3540] ___sys_sendmsg+0x252/0x2e0 [ 54.660525][ T3540] __se_sys_sendmsg+0x19a/0x260 [ 54.666407][ T3540] do_syscall_64+0x3d/0xb0 [ 54.671437][ T3540] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.677841][ T3540] [ 54.677841][ T3540] other info that might help us debug this: [ 54.677841][ T3540] [ 54.688049][ T3540] Chain exists of: [ 54.688049][ T3540] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 54.688049][ T3540] [ 54.702304][ T3540] Possible unsafe locking scenario: [ 54.702304][ T3540] [ 54.709836][ T3540] CPU0 CPU1 [ 54.715190][ T3540] ---- ---- [ 54.720540][ T3540] lock(&genl_data->genl_data_mutex); [ 54.725993][ T3540] lock(nfc_devlist_mutex); [ 54.733094][ T3540] lock(&genl_data->genl_data_mutex); [ 54.741073][ T3540] lock(&ndev->req_lock); [ 54.745480][ T3540] [ 54.745480][ T3540] *** DEADLOCK *** [ 54.745480][ T3540] [ 54.753692][ T3540] 4 locks held by syz-executor320/3540: [ 54.759226][ T3540] #0: ffffffff8da3c510 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 54.767401][ T3540] #1: ffffffff8da3c3c8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 54.776460][ T3540] #2: ffff888079be05d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 54.787520][ T3540] #3: ffff888079be0190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 54.796660][ T3540] [ 54.796660][ T3540] stack backtrace: [ 54.802557][ T3540] CPU: 0 PID: 3540 Comm: syz-executor320 Not tainted 5.15.113-syzkaller #0 [ 54.811132][ T3540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 54.821180][ T3540] Call Trace: [ 54.824454][ T3540] [ 54.827374][ T3540] dump_stack_lvl+0x1e3/0x2cb [ 54.832067][ T3540] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 54.837706][ T3540] ? print_circular_bug+0x12b/0x1a0 [ 54.842988][ T3540] check_noncircular+0x2f8/0x3b0 [ 54.847937][ T3540] ? add_chain_block+0x850/0x850 [ 54.852882][ T3540] ? lockdep_lock+0x11f/0x2a0 [ 54.857586][ T3540] ? mark_lock+0x98/0x340 [ 54.861934][ T3540] validate_chain+0x1646/0x58b0 [ 54.866865][ T3540] ? print_irqtrace_events+0x210/0x210 [ 54.872331][ T3540] ? lockdep_hardirqs_on+0x94/0x130 [ 54.877541][ T3540] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 54.883427][ T3540] ? _raw_spin_unlock+0x40/0x40 [ 54.888266][ T3540] ? stack_trace_save+0x113/0x1c0 [ 54.893288][ T3540] ? reacquire_held_locks+0x660/0x660 [ 54.898730][ T3540] ? stack_trace_snprint+0xe0/0xe0 [ 54.903870][ T3540] ? stack_depot_save+0x3db/0x440 [ 54.908890][ T3540] ? kfree+0xf1/0x270 [ 54.912888][ T3540] ? kasan_set_track+0x62/0x80 [ 54.917644][ T3540] ? kasan_set_track+0x4b/0x80 [ 54.922414][ T3540] ? kasan_set_free_info+0x1f/0x40 [ 54.927521][ T3540] ? ____kasan_slab_free+0xd8/0x120 [ 54.932737][ T3540] ? slab_free_freelist_hook+0xdd/0x160 [ 54.938279][ T3540] ? kfree+0xf1/0x270 [ 54.942659][ T3540] ? nfc_llcp_build_gb+0x4a2/0x710 [ 54.948025][ T3540] ? nfc_llcp_general_bytes+0x91/0x140 [ 54.953477][ T3540] ? nci_start_poll+0x4e9/0xf20 [ 54.958323][ T3540] ? nfc_start_poll+0x184/0x2f0 [ 54.963169][ T3540] ? nfc_genl_start_poll+0x1e7/0x350 [ 54.968449][ T3540] ? netlink_rcv_skb+0x1cf/0x410 [ 54.973395][ T3540] ? mark_lock+0x98/0x340 [ 54.977717][ T3540] ? do_syscall_64+0x3d/0xb0 [ 54.982317][ T3540] __lock_acquire+0x1295/0x1ff0 [ 54.987263][ T3540] lock_acquire+0x1db/0x4f0 [ 54.991776][ T3540] ? nci_start_poll+0x59f/0xf20 [ 54.996795][ T3540] ? read_lock_is_recursive+0x10/0x10 [ 55.002167][ T3540] ? kasan_quarantine_put+0xd4/0x220 [ 55.007534][ T3540] ? lockdep_hardirqs_on+0x94/0x130 [ 55.012734][ T3540] ? __might_sleep+0xc0/0xc0 [ 55.017341][ T3540] ? slab_free_freelist_hook+0xdd/0x160 [ 55.022885][ T3540] __mutex_lock_common+0x1da/0x25a0 [ 55.028082][ T3540] ? nci_start_poll+0x59f/0xf20 [ 55.032930][ T3540] ? nci_start_poll+0x59f/0xf20 [ 55.037770][ T3540] ? nfc_llcp_general_bytes+0x140/0x140 [ 55.043371][ T3540] ? mutex_lock_io_nested+0x60/0x60 [ 55.048564][ T3540] ? read_lock_is_recursive+0x10/0x10 [ 55.053935][ T3540] mutex_lock_nested+0x17/0x20 [ 55.058692][ T3540] nci_start_poll+0x59f/0xf20 [ 55.063372][ T3540] ? nci_dev_down+0x40/0x40 [ 55.067873][ T3540] ? __mutex_lock_common+0x444/0x25a0 [ 55.073262][ T3540] ? nfc_get_device+0xf0/0xf0 [ 55.077951][ T3540] ? nfc_start_poll+0x56/0x2f0 [ 55.082714][ T3540] ? class_for_each_device+0x2b0/0x2b0 [ 55.088184][ T3540] ? mutex_lock_io_nested+0x60/0x60 [ 55.093381][ T3540] ? mutex_lock_io_nested+0x60/0x60 [ 55.098577][ T3540] ? nfc_get_device+0x94/0xf0 [ 55.103262][ T3540] nfc_start_poll+0x184/0x2f0 [ 55.107936][ T3540] nfc_genl_start_poll+0x1e7/0x350 [ 55.113065][ T3540] genl_rcv_msg+0xfbd/0x14a0 [ 55.117658][ T3540] ? genl_bind+0x370/0x370 [ 55.122073][ T3540] ? arch_stack_walk+0xf3/0x140 [ 55.126917][ T3540] ? mark_lock+0x98/0x340 [ 55.131235][ T3540] ? __lock_acquire+0x1295/0x1ff0 [ 55.136257][ T3540] ? nfc_genl_dev_down+0xd0/0xd0 [ 55.141192][ T3540] netlink_rcv_skb+0x1cf/0x410 [ 55.145951][ T3540] ? genl_bind+0x370/0x370 [ 55.150363][ T3540] ? netlink_ack+0xb10/0xb10 [ 55.154952][ T3540] ? down_read+0x1b3/0x2e0 [ 55.159365][ T3540] ? genl_rcv+0x9/0x40 [ 55.163425][ T3540] genl_rcv+0x24/0x40 [ 55.167415][ T3540] netlink_unicast+0x7b6/0x980 [ 55.172198][ T3540] ? netlink_detachskb+0x90/0x90 [ 55.177141][ T3540] ? 0xffffffff81000000 [ 55.181292][ T3540] ? __check_object_size+0x300/0x410 [ 55.186577][ T3540] ? bpf_lsm_netlink_send+0x5/0x10 [ 55.191687][ T3540] netlink_sendmsg+0xa30/0xd60 [ 55.196451][ T3540] ? netlink_getsockopt+0x5a0/0x5a0 [ 55.201643][ T3540] ? aa_sock_msg_perm+0x91/0x150 [ 55.206571][ T3540] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 55.211849][ T3540] ? security_socket_sendmsg+0x7d/0xa0 [ 55.217299][ T3540] ? netlink_getsockopt+0x5a0/0x5a0 [ 55.222493][ T3540] ____sys_sendmsg+0x59e/0x8f0 [ 55.227251][ T3540] ? iovec_from_user+0x300/0x390 [ 55.232192][ T3540] ? __sys_sendmsg_sock+0x30/0x30 [ 55.237222][ T3540] ___sys_sendmsg+0x252/0x2e0 [ 55.241892][ T3540] ? __sys_sendmsg+0x260/0x260 [ 55.246662][ T3540] ? __fdget+0x191/0x220 [ 55.250894][ T3540] __se_sys_sendmsg+0x19a/0x260 [ 55.255748][ T3540] ? __x64_sys_sendmsg+0x80/0x80 [ 55.260680][ T3540] ? syscall_enter_from_user_mode+0x2e/0x230 [ 55.266658][ T3540] ? lockdep_hardirqs_on+0x94/0x130 [ 55.271849][ T3540] ? syscall_enter_from_user_mode+0x2e/0x230 [ 55.277838][ T3540] do_syscall_64+0x3d/0xb0 [ 55.282247][ T3540] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 55.288130][ T3540] RIP: 0033:0x7f7ca3227649 [ 55.292536][ T3540] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.312131][ T3540] RSP: 002b:00007f7ca31b7318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.320539][ T3540] RAX: ffffffffffffffda RBX: 00007f7ca32af438 RCX: 00007f7ca3227649 [ 55.328544][ T3540] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 55.336508][ T3540] RBP: 00007f7ca32af430 R08: 0000000000000003 R09: 0000000000000000 [ 55.344472][ T3540] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f7ca327d074 [ 55.352441][ T3540] R13: 00007ffcaa7dcd7f R14: 00007f7ca31b7400 R15: 0000000000022000 [ 55.360420][ T3540] [ 55.482623][ T3540] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 55.491454][ T3540] nci: nci_start_poll: failed to set local general bytes executing program [ 60.507837][ T3540] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 60.741187][ T3547] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 60.749934][ T3547] nci: nci_start_poll: failed to set local general bytes