Warning: Permanently added '10.128.0.3' (ED25519) to the list of known hosts. executing program executing program [ 47.919016][ T3501] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 48.160426][ T3509] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 48.397693][ T3515] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 48.473065][ T3521] [ 48.475407][ T3521] ====================================================== [ 48.482404][ T3521] WARNING: possible circular locking dependency detected [ 48.489405][ T3521] 5.15.137-syzkaller #0 Not tainted [ 48.494672][ T3521] ------------------------------------------------------ [ 48.501662][ T3521] syz-executor247/3521 is trying to acquire lock: [ 48.508053][ T3521] ffff888015994350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 48.517181][ T3521] [ 48.517181][ T3521] but task is already holding lock: [ 48.524532][ T3521] ffff8880159955d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 48.535289][ T3521] [ 48.535289][ T3521] which lock already depends on the new lock. [ 48.535289][ T3521] [ 48.545756][ T3521] [ 48.545756][ T3521] the existing dependency chain (in reverse order) is: [ 48.555529][ T3521] [ 48.555529][ T3521] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 48.564195][ T3521] lock_acquire+0x1db/0x4f0 [ 48.569202][ T3521] __mutex_lock_common+0x1da/0x25a0 [ 48.574901][ T3521] mutex_lock_nested+0x17/0x20 [ 48.580166][ T3521] nfc_urelease_event_work+0x113/0x2f0 [ 48.586133][ T3521] process_one_work+0x8a1/0x10c0 [ 48.591691][ T3521] worker_thread+0xaca/0x1280 [ 48.596962][ T3521] kthread+0x3f6/0x4f0 [ 48.601532][ T3521] ret_from_fork+0x1f/0x30 [ 48.606447][ T3521] [ 48.606447][ T3521] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 48.614237][ T3521] lock_acquire+0x1db/0x4f0 [ 48.619243][ T3521] __mutex_lock_common+0x1da/0x25a0 [ 48.624956][ T3521] mutex_lock_nested+0x17/0x20 [ 48.630221][ T3521] nfc_register_device+0x38/0x310 [ 48.635750][ T3521] nci_register_device+0x7be/0x900 [ 48.641364][ T3521] virtual_ncidev_open+0x55/0xc0 [ 48.646799][ T3521] misc_open+0x304/0x380 [ 48.651542][ T3521] chrdev_open+0x54a/0x630 [ 48.656467][ T3521] do_dentry_open+0x807/0xfb0 [ 48.661647][ T3521] path_openat+0x2702/0x2f20 [ 48.666740][ T3521] do_filp_open+0x21c/0x460 [ 48.671748][ T3521] do_sys_openat2+0x13b/0x500 [ 48.676924][ T3521] __x64_sys_openat+0x243/0x290 [ 48.682270][ T3521] do_syscall_64+0x3d/0xb0 [ 48.687184][ T3521] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.693573][ T3521] [ 48.693573][ T3521] -> #1 (nci_mutex){+.+.}-{3:3}: [ 48.700665][ T3521] lock_acquire+0x1db/0x4f0 [ 48.705669][ T3521] __mutex_lock_common+0x1da/0x25a0 [ 48.711362][ T3521] mutex_lock_nested+0x17/0x20 [ 48.716620][ T3521] virtual_nci_close+0x13/0x40 [ 48.721876][ T3521] nci_dev_up+0x954/0xd40 [ 48.726700][ T3521] nfc_dev_up+0x185/0x330 [ 48.731527][ T3521] nfc_genl_dev_up+0x80/0xd0 [ 48.736723][ T3521] genl_rcv_msg+0xfbd/0x14a0 [ 48.741811][ T3521] netlink_rcv_skb+0x1cf/0x410 [ 48.747070][ T3521] genl_rcv+0x24/0x40 [ 48.751544][ T3521] netlink_unicast+0x7b6/0x980 [ 48.756865][ T3521] netlink_sendmsg+0xa30/0xd60 [ 48.762131][ T3521] ____sys_sendmsg+0x59e/0x8f0 [ 48.767407][ T3521] ___sys_sendmsg+0x252/0x2e0 [ 48.772753][ T3521] __se_sys_sendmsg+0x19a/0x260 [ 48.778105][ T3521] do_syscall_64+0x3d/0xb0 [ 48.783017][ T3521] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.789404][ T3521] [ 48.789404][ T3521] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 48.797018][ T3521] validate_chain+0x1646/0x58b0 [ 48.802364][ T3521] __lock_acquire+0x1295/0x1ff0 [ 48.807706][ T3521] lock_acquire+0x1db/0x4f0 [ 48.812704][ T3521] __mutex_lock_common+0x1da/0x25a0 [ 48.818398][ T3521] mutex_lock_nested+0x17/0x20 [ 48.823657][ T3521] nci_start_poll+0x59f/0xf20 [ 48.828830][ T3521] nfc_start_poll+0x184/0x2f0 [ 48.834004][ T3521] nfc_genl_start_poll+0x1e7/0x350 [ 48.839637][ T3521] genl_rcv_msg+0xfbd/0x14a0 [ 48.844811][ T3521] netlink_rcv_skb+0x1cf/0x410 [ 48.850068][ T3521] genl_rcv+0x24/0x40 [ 48.854543][ T3521] netlink_unicast+0x7b6/0x980 [ 48.859800][ T3521] netlink_sendmsg+0xa30/0xd60 [ 48.865406][ T3521] ____sys_sendmsg+0x59e/0x8f0 [ 48.870668][ T3521] ___sys_sendmsg+0x252/0x2e0 [ 48.875868][ T3521] __se_sys_sendmsg+0x19a/0x260 [ 48.881212][ T3521] do_syscall_64+0x3d/0xb0 [ 48.886128][ T3521] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 48.892516][ T3521] [ 48.892516][ T3521] other info that might help us debug this: [ 48.892516][ T3521] [ 48.902720][ T3521] Chain exists of: [ 48.902720][ T3521] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 48.902720][ T3521] [ 48.916944][ T3521] Possible unsafe locking scenario: [ 48.916944][ T3521] [ 48.924367][ T3521] CPU0 CPU1 [ 48.929710][ T3521] ---- ---- [ 48.935046][ T3521] lock(&genl_data->genl_data_mutex); [ 48.940476][ T3521] lock(nfc_devlist_mutex); [ 48.947556][ T3521] lock(&genl_data->genl_data_mutex); [ 48.955505][ T3521] lock(&ndev->req_lock); [ 48.959894][ T3521] [ 48.959894][ T3521] *** DEADLOCK *** [ 48.959894][ T3521] [ 48.968018][ T3521] 4 locks held by syz-executor247/3521: [ 48.973534][ T3521] #0: ffffffff8da39110 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 48.981855][ T3521] #1: ffffffff8da38fc8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 48.990868][ T3521] #2: ffff8880159955d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 49.001908][ T3521] #3: ffff888015995190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 49.011006][ T3521] [ 49.011006][ T3521] stack backtrace: [ 49.016865][ T3521] CPU: 0 PID: 3521 Comm: syz-executor247 Not tainted 5.15.137-syzkaller #0 [ 49.025422][ T3521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 49.035450][ T3521] Call Trace: [ 49.038707][ T3521] [ 49.041615][ T3521] dump_stack_lvl+0x1e3/0x2cb [ 49.046265][ T3521] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 49.051881][ T3521] ? print_circular_bug+0x12b/0x1a0 [ 49.057057][ T3521] check_noncircular+0x2f8/0x3b0 [ 49.061969][ T3521] ? add_chain_block+0x850/0x850 [ 49.066879][ T3521] ? lockdep_lock+0x11f/0x2a0 [ 49.071532][ T3521] ? mark_lock+0x98/0x340 [ 49.075835][ T3521] validate_chain+0x1646/0x58b0 [ 49.080663][ T3521] ? print_irqtrace_events+0x210/0x210 [ 49.086102][ T3521] ? lockdep_hardirqs_on+0x94/0x130 [ 49.091276][ T3521] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 49.097142][ T3521] ? _raw_spin_unlock+0x40/0x40 [ 49.101965][ T3521] ? stack_trace_save+0x113/0x1c0 [ 49.106962][ T3521] ? reacquire_held_locks+0x660/0x660 [ 49.112307][ T3521] ? stack_trace_snprint+0xe0/0xe0 [ 49.117394][ T3521] ? stack_depot_save+0x3db/0x440 [ 49.122396][ T3521] ? kfree+0xf1/0x270 [ 49.126357][ T3521] ? kasan_set_track+0x62/0x80 [ 49.131106][ T3521] ? kasan_set_track+0x4b/0x80 [ 49.135846][ T3521] ? kasan_set_free_info+0x1f/0x40 [ 49.140930][ T3521] ? ____kasan_slab_free+0xd8/0x120 [ 49.146102][ T3521] ? slab_free_freelist_hook+0xdd/0x160 [ 49.151620][ T3521] ? kfree+0xf1/0x270 [ 49.155577][ T3521] ? nfc_llcp_build_gb+0x4a2/0x710 [ 49.160663][ T3521] ? nfc_llcp_general_bytes+0x103/0x220 [ 49.166194][ T3521] ? nci_start_poll+0x4e9/0xf20 [ 49.171021][ T3521] ? nfc_start_poll+0x184/0x2f0 [ 49.175847][ T3521] ? nfc_genl_start_poll+0x1e7/0x350 [ 49.181105][ T3521] ? netlink_rcv_skb+0x1cf/0x410 [ 49.186024][ T3521] ? mark_lock+0x98/0x340 [ 49.190329][ T3521] ? do_syscall_64+0x3d/0xb0 [ 49.194899][ T3521] __lock_acquire+0x1295/0x1ff0 [ 49.199731][ T3521] lock_acquire+0x1db/0x4f0 [ 49.204301][ T3521] ? nci_start_poll+0x59f/0xf20 [ 49.209299][ T3521] ? read_lock_is_recursive+0x10/0x10 [ 49.214653][ T3521] ? kasan_quarantine_put+0xd4/0x220 [ 49.219912][ T3521] ? lockdep_hardirqs_on+0x94/0x130 [ 49.225103][ T3521] ? __might_sleep+0xc0/0xc0 [ 49.229668][ T3521] ? slab_free_freelist_hook+0xdd/0x160 [ 49.235191][ T3521] __mutex_lock_common+0x1da/0x25a0 [ 49.240367][ T3521] ? nci_start_poll+0x59f/0xf20 [ 49.245193][ T3521] ? nci_start_poll+0x59f/0xf20 [ 49.250018][ T3521] ? nfc_llcp_general_bytes+0x220/0x220 [ 49.255541][ T3521] ? mutex_lock_io_nested+0x60/0x60 [ 49.260733][ T3521] ? mark_lock_irq+0x870/0xba0 [ 49.265469][ T3521] ? read_lock_is_recursive+0x10/0x10 [ 49.270817][ T3521] mutex_lock_nested+0x17/0x20 [ 49.275555][ T3521] nci_start_poll+0x59f/0xf20 [ 49.280206][ T3521] ? nci_dev_down+0x40/0x40 [ 49.284682][ T3521] ? __mutex_lock_common+0x444/0x25a0 [ 49.290033][ T3521] ? nfc_get_device+0xf0/0xf0 [ 49.294686][ T3521] ? nfc_start_poll+0x56/0x2f0 [ 49.299423][ T3521] ? class_for_each_device+0x2b0/0x2b0 [ 49.304858][ T3521] ? mutex_lock_io_nested+0x60/0x60 [ 49.310032][ T3521] ? mutex_lock_io_nested+0x60/0x60 [ 49.315206][ T3521] ? nfc_get_device+0x94/0xf0 [ 49.319857][ T3521] nfc_start_poll+0x184/0x2f0 [ 49.324508][ T3521] nfc_genl_start_poll+0x1e7/0x350 [ 49.329594][ T3521] genl_rcv_msg+0xfbd/0x14a0 [ 49.334163][ T3521] ? genl_bind+0x370/0x370 [ 49.338554][ T3521] ? arch_stack_walk+0xf3/0x140 [ 49.343382][ T3521] ? mark_lock+0x98/0x340 [ 49.347682][ T3521] ? __lock_acquire+0x1295/0x1ff0 [ 49.352687][ T3521] ? nfc_genl_dev_down+0xd0/0xd0 [ 49.357607][ T3521] netlink_rcv_skb+0x1cf/0x410 [ 49.362345][ T3521] ? genl_bind+0x370/0x370 [ 49.366739][ T3521] ? netlink_ack+0xb10/0xb10 [ 49.371302][ T3521] ? down_read+0x1b3/0x2e0 [ 49.375702][ T3521] ? genl_rcv+0x9/0x40 [ 49.379750][ T3521] genl_rcv+0x24/0x40 [ 49.383717][ T3521] netlink_unicast+0x7b6/0x980 [ 49.388457][ T3521] ? netlink_detachskb+0x90/0x90 [ 49.393376][ T3521] ? 0xffffffff81000000 [ 49.397501][ T3521] ? __check_object_size+0x300/0x410 [ 49.402762][ T3521] ? bpf_lsm_netlink_send+0x5/0x10 [ 49.407849][ T3521] netlink_sendmsg+0xa30/0xd60 [ 49.412590][ T3521] ? netlink_getsockopt+0x5b0/0x5b0 [ 49.417764][ T3521] ? aa_sock_msg_perm+0x91/0x150 [ 49.422680][ T3521] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 49.427939][ T3521] ? security_socket_sendmsg+0x7d/0xa0 [ 49.433390][ T3521] ? netlink_getsockopt+0x5b0/0x5b0 [ 49.438564][ T3521] ____sys_sendmsg+0x59e/0x8f0 [ 49.443313][ T3521] ? iovec_from_user+0x300/0x390 [ 49.448223][ T3521] ? __sys_sendmsg_sock+0x30/0x30 [ 49.453227][ T3521] ___sys_sendmsg+0x252/0x2e0 [ 49.457881][ T3521] ? __sys_sendmsg+0x260/0x260 [ 49.462627][ T3521] ? __fdget+0x191/0x220 [ 49.466844][ T3521] __se_sys_sendmsg+0x19a/0x260 [ 49.471674][ T3521] ? __x64_sys_sendmsg+0x80/0x80 [ 49.476590][ T3521] ? syscall_enter_from_user_mode+0x2e/0x230 [ 49.482547][ T3521] ? lockdep_hardirqs_on+0x94/0x130 [ 49.487719][ T3521] ? syscall_enter_from_user_mode+0x2e/0x230 [ 49.493680][ T3521] do_syscall_64+0x3d/0xb0 [ 49.498076][ T3521] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.503941][ T3521] RIP: 0033:0x7ff1a27b5509 [ 49.508331][ T3521] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 49.527910][ T3521] RSP: 002b:00007ff1a2775238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 49.536298][ T3521] RAX: ffffffffffffffda RBX: 00007ff1a283f368 RCX: 00007ff1a27b5509 [ 49.544248][ T3521] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 49.552217][ T3521] RBP: 00007ff1a283f360 R08: 0000000000000003 R09: 00007ff1a27756c0 [ 49.560459][ T3521] R10: 0000000000000008 R11: 0000000000000246 R12: 00007ff1a280c074 [ 49.568418][ T3521] R13: 0000000000000000 R14: 00007ffc2bd26150 R15: 00007ffc2bd26238 [ 49.576372][ T3521] [ 49.579907][ T3521] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 49.588785][ T3521] nci: nci_start_poll: failed to set local general bytes executing program [ 54.646611][ T3521] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 54.876245][ T3529] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 55.104994][ T3535] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 55.332930][ T3541] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 55.561377][ T3551] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 55.570143][ T3551] nci: nci_start_poll: failed to set local general bytes