Warning: Permanently added '10.128.1.31' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 52.226331][ T3500] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 52.464378][ T3507] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 52.542363][ T3513] [ 52.544732][ T3513] ====================================================== [ 52.551730][ T3513] WARNING: possible circular locking dependency detected [ 52.558721][ T3513] 5.15.109-syzkaller #0 Not tainted [ 52.563892][ T3513] ------------------------------------------------------ [ 52.570886][ T3513] syz-executor167/3513 is trying to acquire lock: [ 52.577279][ T3513] ffff88807346a350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 52.586394][ T3513] [ 52.586394][ T3513] but task is already holding lock: [ 52.593737][ T3513] ffff88807346b5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 52.604318][ T3513] [ 52.604318][ T3513] which lock already depends on the new lock. [ 52.604318][ T3513] [ 52.614693][ T3513] [ 52.614693][ T3513] the existing dependency chain (in reverse order) is: [ 52.623682][ T3513] [ 52.623682][ T3513] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 52.632335][ T3513] lock_acquire+0x1db/0x4f0 [ 52.637357][ T3513] __mutex_lock_common+0x1da/0x25a0 [ 52.643079][ T3513] mutex_lock_nested+0x17/0x20 [ 52.648340][ T3513] nfc_urelease_event_work+0x113/0x2f0 [ 52.654296][ T3513] process_one_work+0x8a1/0x10c0 [ 52.659725][ T3513] worker_thread+0xaca/0x1280 [ 52.664896][ T3513] kthread+0x3f6/0x4f0 [ 52.669457][ T3513] ret_from_fork+0x1f/0x30 [ 52.674458][ T3513] [ 52.674458][ T3513] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 52.682266][ T3513] lock_acquire+0x1db/0x4f0 [ 52.687269][ T3513] __mutex_lock_common+0x1da/0x25a0 [ 52.692977][ T3513] mutex_lock_nested+0x17/0x20 [ 52.698248][ T3513] nfc_register_device+0x38/0x310 [ 52.703782][ T3513] nci_register_device+0x7be/0x900 [ 52.709398][ T3513] virtual_ncidev_open+0x55/0xc0 [ 52.714838][ T3513] misc_open+0x304/0x380 [ 52.719578][ T3513] chrdev_open+0x54a/0x630 [ 52.724579][ T3513] do_dentry_open+0x807/0xfb0 [ 52.729759][ T3513] path_openat+0x2702/0x2f20 [ 52.734844][ T3513] do_filp_open+0x21c/0x460 [ 52.739840][ T3513] do_sys_openat2+0x13b/0x500 [ 52.745012][ T3513] __x64_sys_openat+0x243/0x290 [ 52.750353][ T3513] do_syscall_64+0x3d/0xb0 [ 52.755264][ T3513] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 52.761651][ T3513] [ 52.761651][ T3513] -> #1 (nci_mutex){+.+.}-{3:3}: [ 52.768742][ T3513] lock_acquire+0x1db/0x4f0 [ 52.773755][ T3513] __mutex_lock_common+0x1da/0x25a0 [ 52.779468][ T3513] mutex_lock_nested+0x17/0x20 [ 52.784724][ T3513] virtual_nci_close+0x13/0x40 [ 52.789984][ T3513] nci_dev_up+0x954/0xd40 [ 52.794810][ T3513] nfc_dev_up+0x185/0x330 [ 52.799631][ T3513] nfc_genl_dev_up+0x80/0xd0 [ 52.804717][ T3513] genl_rcv_msg+0xfbd/0x14a0 [ 52.809802][ T3513] netlink_rcv_skb+0x1cf/0x410 [ 52.815073][ T3513] genl_rcv+0x24/0x40 [ 52.819551][ T3513] netlink_unicast+0x7b6/0x980 [ 52.824816][ T3513] netlink_sendmsg+0xa30/0xd60 [ 52.830156][ T3513] ____sys_sendmsg+0x59e/0x8f0 [ 52.835440][ T3513] ___sys_sendmsg+0x252/0x2e0 [ 52.840612][ T3513] __se_sys_sendmsg+0x19a/0x260 [ 52.845956][ T3513] do_syscall_64+0x3d/0xb0 [ 52.850865][ T3513] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 52.857255][ T3513] [ 52.857255][ T3513] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 52.864865][ T3513] validate_chain+0x1646/0x58b0 [ 52.870211][ T3513] __lock_acquire+0x1295/0x1ff0 [ 52.875556][ T3513] lock_acquire+0x1db/0x4f0 [ 52.880560][ T3513] __mutex_lock_common+0x1da/0x25a0 [ 52.886264][ T3513] mutex_lock_nested+0x17/0x20 [ 52.891541][ T3513] nci_start_poll+0x59f/0xf20 [ 52.896722][ T3513] nfc_start_poll+0x184/0x2f0 [ 52.901892][ T3513] nfc_genl_start_poll+0x1e7/0x350 [ 52.907496][ T3513] genl_rcv_msg+0xfbd/0x14a0 [ 52.912590][ T3513] netlink_rcv_skb+0x1cf/0x410 [ 52.917860][ T3513] genl_rcv+0x24/0x40 [ 52.922342][ T3513] netlink_unicast+0x7b6/0x980 [ 52.927597][ T3513] netlink_sendmsg+0xa30/0xd60 [ 52.932854][ T3513] ____sys_sendmsg+0x59e/0x8f0 [ 52.938133][ T3513] ___sys_sendmsg+0x252/0x2e0 [ 52.943324][ T3513] __se_sys_sendmsg+0x19a/0x260 [ 52.948683][ T3513] do_syscall_64+0x3d/0xb0 [ 52.953597][ T3513] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 52.959983][ T3513] [ 52.959983][ T3513] other info that might help us debug this: [ 52.959983][ T3513] [ 52.970195][ T3513] Chain exists of: [ 52.970195][ T3513] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 52.970195][ T3513] [ 52.984410][ T3513] Possible unsafe locking scenario: [ 52.984410][ T3513] [ 52.991833][ T3513] CPU0 CPU1 [ 52.997171][ T3513] ---- ---- [ 53.002508][ T3513] lock(&genl_data->genl_data_mutex); [ 53.007947][ T3513] lock(nfc_devlist_mutex); [ 53.015116][ T3513] lock(&genl_data->genl_data_mutex); [ 53.023067][ T3513] lock(&ndev->req_lock); [ 53.027457][ T3513] [ 53.027457][ T3513] *** DEADLOCK *** [ 53.027457][ T3513] [ 53.035573][ T3513] 4 locks held by syz-executor167/3513: [ 53.041090][ T3513] #0: ffffffff8da3b230 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 53.049238][ T3513] #1: ffffffff8da3b0e8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 53.058249][ T3513] #2: ffff88807346b5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 53.069265][ T3513] #3: ffff88807346b190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 53.078373][ T3513] [ 53.078373][ T3513] stack backtrace: [ 53.084235][ T3513] CPU: 0 PID: 3513 Comm: syz-executor167 Not tainted 5.15.109-syzkaller #0 [ 53.092793][ T3513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 53.102823][ T3513] Call Trace: [ 53.106084][ T3513] [ 53.108994][ T3513] dump_stack_lvl+0x1e3/0x2cb [ 53.113652][ T3513] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 53.119260][ T3513] ? print_circular_bug+0x12b/0x1a0 [ 53.124435][ T3513] check_noncircular+0x2f8/0x3b0 [ 53.129356][ T3513] ? add_chain_block+0x850/0x850 [ 53.134277][ T3513] ? lockdep_lock+0x11f/0x2a0 [ 53.138939][ T3513] ? mark_lock+0x98/0x340 [ 53.143243][ T3513] validate_chain+0x1646/0x58b0 [ 53.148074][ T3513] ? print_irqtrace_events+0x210/0x210 [ 53.153513][ T3513] ? lockdep_hardirqs_on+0x94/0x130 [ 53.158693][ T3513] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 53.164571][ T3513] ? _raw_spin_unlock+0x40/0x40 [ 53.169417][ T3513] ? stack_trace_save+0x113/0x1c0 [ 53.174423][ T3513] ? reacquire_held_locks+0x660/0x660 [ 53.179771][ T3513] ? stack_trace_snprint+0xe0/0xe0 [ 53.184877][ T3513] ? stack_depot_save+0x3db/0x440 [ 53.189878][ T3513] ? kfree+0xf1/0x270 [ 53.193852][ T3513] ? kasan_set_track+0x62/0x80 [ 53.198593][ T3513] ? kasan_set_track+0x4b/0x80 [ 53.203334][ T3513] ? kasan_set_free_info+0x1f/0x40 [ 53.208422][ T3513] ? ____kasan_slab_free+0xd8/0x120 [ 53.213598][ T3513] ? slab_free_freelist_hook+0xdd/0x160 [ 53.219116][ T3513] ? kfree+0xf1/0x270 [ 53.223092][ T3513] ? nfc_llcp_build_gb+0x4a2/0x710 [ 53.228179][ T3513] ? nfc_llcp_general_bytes+0x91/0x140 [ 53.233617][ T3513] ? nci_start_poll+0x4e9/0xf20 [ 53.238459][ T3513] ? nfc_start_poll+0x184/0x2f0 [ 53.243300][ T3513] ? nfc_genl_start_poll+0x1e7/0x350 [ 53.248593][ T3513] ? netlink_rcv_skb+0x1cf/0x410 [ 53.253522][ T3513] ? mark_lock+0x98/0x340 [ 53.257828][ T3513] ? do_syscall_64+0x3d/0xb0 [ 53.262395][ T3513] __lock_acquire+0x1295/0x1ff0 [ 53.267226][ T3513] lock_acquire+0x1db/0x4f0 [ 53.271706][ T3513] ? nci_start_poll+0x59f/0xf20 [ 53.276543][ T3513] ? read_lock_is_recursive+0x10/0x10 [ 53.281902][ T3513] ? kasan_quarantine_put+0xd4/0x220 [ 53.287169][ T3513] ? lockdep_hardirqs_on+0x94/0x130 [ 53.292349][ T3513] ? __might_sleep+0xc0/0xc0 [ 53.296915][ T3513] ? slab_free_freelist_hook+0xdd/0x160 [ 53.302443][ T3513] __mutex_lock_common+0x1da/0x25a0 [ 53.307623][ T3513] ? nci_start_poll+0x59f/0xf20 [ 53.312455][ T3513] ? nci_start_poll+0x59f/0xf20 [ 53.317285][ T3513] ? nfc_llcp_general_bytes+0x140/0x140 [ 53.322812][ T3513] ? mutex_lock_io_nested+0x60/0x60 [ 53.328004][ T3513] ? read_lock_is_recursive+0x10/0x10 [ 53.333361][ T3513] mutex_lock_nested+0x17/0x20 [ 53.338104][ T3513] nci_start_poll+0x59f/0xf20 [ 53.342774][ T3513] ? nci_dev_down+0x40/0x40 [ 53.347253][ T3513] ? __mutex_lock_common+0x444/0x25a0 [ 53.352602][ T3513] ? nfc_get_device+0xf0/0xf0 [ 53.357276][ T3513] ? nfc_start_poll+0x56/0x2f0 [ 53.362051][ T3513] ? class_for_each_device+0x2b0/0x2b0 [ 53.367748][ T3513] ? mutex_lock_io_nested+0x60/0x60 [ 53.372921][ T3513] ? mutex_lock_io_nested+0x60/0x60 [ 53.378093][ T3513] ? nfc_get_device+0x94/0xf0 [ 53.382747][ T3513] nfc_start_poll+0x184/0x2f0 [ 53.387406][ T3513] nfc_genl_start_poll+0x1e7/0x350 [ 53.392515][ T3513] genl_rcv_msg+0xfbd/0x14a0 [ 53.397117][ T3513] ? genl_bind+0x370/0x370 [ 53.401619][ T3513] ? arch_stack_walk+0xf3/0x140 [ 53.406488][ T3513] ? mark_lock+0x98/0x340 [ 53.410810][ T3513] ? __lock_acquire+0x1295/0x1ff0 [ 53.415814][ T3513] ? nfc_genl_dev_down+0xd0/0xd0 [ 53.420730][ T3513] netlink_rcv_skb+0x1cf/0x410 [ 53.425489][ T3513] ? genl_bind+0x370/0x370 [ 53.429884][ T3513] ? netlink_ack+0xb10/0xb10 [ 53.434452][ T3513] ? __down_read_common+0x184/0x2c0 [ 53.439629][ T3513] genl_rcv+0x24/0x40 [ 53.443589][ T3513] netlink_unicast+0x7b6/0x980 [ 53.448429][ T3513] ? netlink_detachskb+0x90/0x90 [ 53.453342][ T3513] ? 0xffffffff81000000 [ 53.457476][ T3513] ? __check_object_size+0x300/0x410 [ 53.462736][ T3513] ? bpf_lsm_netlink_send+0x5/0x10 [ 53.467823][ T3513] netlink_sendmsg+0xa30/0xd60 [ 53.472566][ T3513] ? netlink_getsockopt+0x9d0/0x9d0 [ 53.477744][ T3513] ? aa_sock_msg_perm+0x91/0x150 [ 53.482928][ T3513] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 53.488365][ T3513] ? security_socket_sendmsg+0x7d/0xa0 [ 53.493798][ T3513] ? netlink_getsockopt+0x9d0/0x9d0 [ 53.498974][ T3513] ____sys_sendmsg+0x59e/0x8f0 [ 53.503718][ T3513] ? iovec_from_user+0x300/0x390 [ 53.508635][ T3513] ? __sys_sendmsg_sock+0x30/0x30 [ 53.513637][ T3513] ___sys_sendmsg+0x252/0x2e0 [ 53.518294][ T3513] ? __sys_sendmsg+0x260/0x260 [ 53.523040][ T3513] ? __fdget+0x191/0x220 [ 53.527258][ T3513] __se_sys_sendmsg+0x19a/0x260 [ 53.532086][ T3513] ? __x64_sys_sendmsg+0x80/0x80 [ 53.537009][ T3513] ? syscall_enter_from_user_mode+0x2e/0x230 [ 53.542965][ T3513] ? lockdep_hardirqs_on+0x94/0x130 [ 53.548140][ T3513] ? syscall_enter_from_user_mode+0x2e/0x230 [ 53.554119][ T3513] do_syscall_64+0x3d/0xb0 [ 53.558518][ T3513] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 53.564388][ T3513] RIP: 0033:0x7f320abd7649 [ 53.568796][ T3513] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 53.588375][ T3513] RSP: 002b:00007f320ab88318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.596762][ T3513] RAX: ffffffffffffffda RBX: 00007f320ac5f428 RCX: 00007f320abd7649 [ 53.604713][ T3513] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 53.612658][ T3513] RBP: 00007f320ac5f420 R08: 0000000000000003 R09: 0000000000000000 [ 53.620605][ T3513] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f320ac2d074 [ 53.628551][ T3513] R13: 00007ffe19002cdf R14: 00007f320ab88400 R15: 0000000000022000 [ 53.636526][ T3513] [ 53.752048][ T3513] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 53.760763][ T3513] nci: nci_start_poll: failed to set local general bytes executing program [ 58.834238][ T3513] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 59.063724][ T3520] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 59.292852][ T3527] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 59.521591][ T3533] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 59.747006][ T3539] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 59.973984][ T3549] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 59.982744][ T3549] nci: nci_start_poll: failed to set local general bytes