Warning: Permanently added '10.128.1.168' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 54.422228][ T3593] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 54.668828][ T3600] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 54.750311][ T3611] [ 54.752674][ T3611] ====================================================== [ 54.759678][ T3611] WARNING: possible circular locking dependency detected [ 54.766680][ T3611] 5.15.103-syzkaller #0 Not tainted [ 54.771863][ T3611] ------------------------------------------------------ [ 54.778864][ T3611] syz-executor288/3611 is trying to acquire lock: [ 54.785260][ T3611] ffff88807280e350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 54.794402][ T3611] [ 54.794402][ T3611] but task is already holding lock: [ 54.801750][ T3611] ffff88807280f5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 54.812347][ T3611] [ 54.812347][ T3611] which lock already depends on the new lock. [ 54.812347][ T3611] [ 54.822773][ T3611] [ 54.822773][ T3611] the existing dependency chain (in reverse order) is: [ 54.831799][ T3611] [ 54.831799][ T3611] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 54.840485][ T3611] lock_acquire+0x1ff/0x570 [ 54.845521][ T3611] __mutex_lock_common+0x1da/0x25a0 [ 54.851242][ T3611] mutex_lock_nested+0x17/0x20 [ 54.856517][ T3611] nfc_urelease_event_work+0x113/0x2f0 [ 54.862491][ T3611] process_one_work+0x90d/0x1270 [ 54.867941][ T3611] worker_thread+0xaca/0x1280 [ 54.873126][ T3611] kthread+0x3f6/0x4f0 [ 54.877722][ T3611] ret_from_fork+0x1f/0x30 [ 54.882648][ T3611] [ 54.882648][ T3611] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 54.890549][ T3611] lock_acquire+0x1ff/0x570 [ 54.895568][ T3611] __mutex_lock_common+0x1da/0x25a0 [ 54.901297][ T3611] mutex_lock_nested+0x17/0x20 [ 54.906578][ T3611] nfc_register_device+0x38/0x310 [ 54.912136][ T3611] nci_register_device+0x7be/0x900 [ 54.917757][ T3611] virtual_ncidev_open+0x55/0xc0 [ 54.923206][ T3611] misc_open+0x304/0x380 [ 54.927965][ T3611] chrdev_open+0x54a/0x630 [ 54.932993][ T3611] do_dentry_open+0x807/0xfb0 [ 54.938193][ T3611] path_openat+0x2702/0x2f20 [ 54.943294][ T3611] do_filp_open+0x21c/0x460 [ 54.948312][ T3611] do_sys_openat2+0x13b/0x500 [ 54.953687][ T3611] __x64_sys_openat+0x243/0x290 [ 54.959055][ T3611] do_syscall_64+0x3d/0xb0 [ 54.963996][ T3611] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.970421][ T3611] [ 54.970421][ T3611] -> #1 (nci_mutex){+.+.}-{3:3}: [ 54.977543][ T3611] lock_acquire+0x1ff/0x570 [ 54.982565][ T3611] __mutex_lock_common+0x1da/0x25a0 [ 54.988278][ T3611] mutex_lock_nested+0x17/0x20 [ 54.993673][ T3611] virtual_nci_close+0x13/0x40 [ 54.999098][ T3611] nci_dev_up+0x954/0xd40 [ 55.003950][ T3611] nfc_dev_up+0x185/0x330 [ 55.008792][ T3611] nfc_genl_dev_up+0x80/0xd0 [ 55.013894][ T3611] genl_rcv_msg+0xfbd/0x14a0 [ 55.019007][ T3611] netlink_rcv_skb+0x1cf/0x410 [ 55.024292][ T3611] genl_rcv+0x24/0x40 [ 55.028797][ T3611] netlink_unicast+0x7b6/0x980 [ 55.034073][ T3611] netlink_sendmsg+0xa30/0xd60 [ 55.039352][ T3611] ____sys_sendmsg+0x59e/0x8f0 [ 55.044625][ T3611] ___sys_sendmsg+0x252/0x2e0 [ 55.049822][ T3611] __se_sys_sendmsg+0x19a/0x260 [ 55.055186][ T3611] do_syscall_64+0x3d/0xb0 [ 55.060124][ T3611] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 55.066534][ T3611] [ 55.066534][ T3611] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 55.074167][ T3611] validate_chain+0x1646/0x58b0 [ 55.079538][ T3611] __lock_acquire+0x1295/0x1ff0 [ 55.085005][ T3611] lock_acquire+0x1ff/0x570 [ 55.090034][ T3611] __mutex_lock_common+0x1da/0x25a0 [ 55.095776][ T3611] mutex_lock_nested+0x17/0x20 [ 55.101062][ T3611] nci_start_poll+0x59f/0xf20 [ 55.106254][ T3611] nfc_start_poll+0x184/0x2f0 [ 55.111564][ T3611] nfc_genl_start_poll+0x1e7/0x350 [ 55.117212][ T3611] genl_rcv_msg+0xfbd/0x14a0 [ 55.122335][ T3611] netlink_rcv_skb+0x1cf/0x410 [ 55.127629][ T3611] genl_rcv+0x24/0x40 [ 55.132121][ T3611] netlink_unicast+0x7b6/0x980 [ 55.137411][ T3611] netlink_sendmsg+0xa30/0xd60 [ 55.142688][ T3611] ____sys_sendmsg+0x59e/0x8f0 [ 55.148064][ T3611] ___sys_sendmsg+0x252/0x2e0 [ 55.153256][ T3611] __se_sys_sendmsg+0x19a/0x260 [ 55.158632][ T3611] do_syscall_64+0x3d/0xb0 [ 55.163560][ T3611] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 55.169965][ T3611] [ 55.169965][ T3611] other info that might help us debug this: [ 55.169965][ T3611] [ 55.180186][ T3611] Chain exists of: [ 55.180186][ T3611] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 55.180186][ T3611] [ 55.194426][ T3611] Possible unsafe locking scenario: [ 55.194426][ T3611] [ 55.201877][ T3611] CPU0 CPU1 [ 55.207243][ T3611] ---- ---- [ 55.212598][ T3611] lock(&genl_data->genl_data_mutex); [ 55.218052][ T3611] lock(nfc_devlist_mutex); [ 55.225151][ T3611] lock(&genl_data->genl_data_mutex); [ 55.233128][ T3611] lock(&ndev->req_lock); [ 55.237535][ T3611] [ 55.237535][ T3611] *** DEADLOCK *** [ 55.237535][ T3611] [ 55.245671][ T3611] 4 locks held by syz-executor288/3611: [ 55.251293][ T3611] #0: ffffffff8da386b0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 55.259488][ T3611] #1: ffffffff8da38568 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 55.268552][ T3611] #2: ffff88807280f5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 55.279768][ T3611] #3: ffff88807280f190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 55.288999][ T3611] [ 55.288999][ T3611] stack backtrace: [ 55.294880][ T3611] CPU: 1 PID: 3611 Comm: syz-executor288 Not tainted 5.15.103-syzkaller #0 [ 55.303458][ T3611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 55.313507][ T3611] Call Trace: [ 55.316790][ T3611] [ 55.319712][ T3611] dump_stack_lvl+0x1e3/0x2cb [ 55.324398][ T3611] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 55.330029][ T3611] ? print_circular_bug+0x12b/0x1a0 [ 55.335242][ T3611] check_noncircular+0x2f8/0x3b0 [ 55.340177][ T3611] ? add_chain_block+0x850/0x850 [ 55.345106][ T3611] ? lockdep_lock+0x11f/0x2a0 [ 55.349787][ T3611] ? mark_lock+0x98/0x340 [ 55.354110][ T3611] validate_chain+0x1646/0x58b0 [ 55.358954][ T3611] ? print_irqtrace_events+0x210/0x210 [ 55.364420][ T3611] ? lockdep_hardirqs_on+0x94/0x130 [ 55.369619][ T3611] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 55.375510][ T3611] ? _raw_spin_unlock+0x40/0x40 [ 55.380360][ T3611] ? stack_trace_save+0x113/0x1c0 [ 55.385379][ T3611] ? reacquire_held_locks+0x660/0x660 [ 55.390744][ T3611] ? stack_trace_snprint+0xe0/0xe0 [ 55.395864][ T3611] ? stack_depot_save+0x3db/0x440 [ 55.400887][ T3611] ? kfree+0x115/0x2e0 [ 55.404948][ T3611] ? kasan_set_track+0x62/0x80 [ 55.409704][ T3611] ? kasan_set_track+0x4b/0x80 [ 55.414510][ T3611] ? kasan_set_free_info+0x1f/0x40 [ 55.419620][ T3611] ? ____kasan_slab_free+0xd8/0x120 [ 55.424811][ T3611] ? slab_free_freelist_hook+0xdd/0x160 [ 55.430358][ T3611] ? kfree+0x115/0x2e0 [ 55.434426][ T3611] ? nfc_llcp_build_gb+0x4a2/0x710 [ 55.439619][ T3611] ? nfc_llcp_general_bytes+0x91/0x140 [ 55.445076][ T3611] ? nci_start_poll+0x4e9/0xf20 [ 55.449939][ T3611] ? nfc_start_poll+0x184/0x2f0 [ 55.454960][ T3611] ? nfc_genl_start_poll+0x1e7/0x350 [ 55.460260][ T3611] ? netlink_rcv_skb+0x1cf/0x410 [ 55.465199][ T3611] ? mark_lock+0x98/0x340 [ 55.469524][ T3611] ? do_syscall_64+0x3d/0xb0 [ 55.474110][ T3611] __lock_acquire+0x1295/0x1ff0 [ 55.478976][ T3611] lock_acquire+0x1ff/0x570 [ 55.483477][ T3611] ? nci_start_poll+0x59f/0xf20 [ 55.488498][ T3611] ? read_lock_is_recursive+0x10/0x10 [ 55.493953][ T3611] ? kasan_quarantine_put+0xd4/0x220 [ 55.499235][ T3611] ? lockdep_hardirqs_on+0x94/0x130 [ 55.504425][ T3611] ? __might_sleep+0xc0/0xc0 [ 55.509015][ T3611] ? slab_free_freelist_hook+0xdd/0x160 [ 55.514644][ T3611] __mutex_lock_common+0x1da/0x25a0 [ 55.519839][ T3611] ? nci_start_poll+0x59f/0xf20 [ 55.524684][ T3611] ? nci_start_poll+0x59f/0xf20 [ 55.529526][ T3611] ? nfc_llcp_general_bytes+0x140/0x140 [ 55.535060][ T3611] ? mutex_lock_io_nested+0x60/0x60 [ 55.540250][ T3611] ? read_lock_is_recursive+0x10/0x10 [ 55.545619][ T3611] mutex_lock_nested+0x17/0x20 [ 55.550375][ T3611] nci_start_poll+0x59f/0xf20 [ 55.555043][ T3611] ? nci_dev_down+0x40/0x40 [ 55.559549][ T3611] ? __mutex_lock_common+0x444/0x25a0 [ 55.564918][ T3611] ? nfc_get_device+0xf0/0xf0 [ 55.569608][ T3611] ? nfc_start_poll+0x56/0x2f0 [ 55.574370][ T3611] ? class_for_each_device+0x2b0/0x2b0 [ 55.579838][ T3611] ? mutex_lock_io_nested+0x60/0x60 [ 55.585040][ T3611] ? mutex_lock_io_nested+0x60/0x60 [ 55.590238][ T3611] ? nfc_get_device+0x94/0xf0 [ 55.594920][ T3611] nfc_start_poll+0x184/0x2f0 [ 55.599604][ T3611] nfc_genl_start_poll+0x1e7/0x350 [ 55.604716][ T3611] genl_rcv_msg+0xfbd/0x14a0 [ 55.609302][ T3611] ? genl_bind+0x370/0x370 [ 55.614242][ T3611] ? arch_stack_walk+0xf3/0x140 [ 55.619099][ T3611] ? mark_lock+0x98/0x340 [ 55.623426][ T3611] ? __lock_acquire+0x1295/0x1ff0 [ 55.628458][ T3611] ? nfc_genl_dev_down+0xd0/0xd0 [ 55.633518][ T3611] netlink_rcv_skb+0x1cf/0x410 [ 55.638326][ T3611] ? genl_bind+0x370/0x370 [ 55.642769][ T3611] ? netlink_ack+0xb10/0xb10 [ 55.647371][ T3611] ? __down_read_common+0x184/0x2c0 [ 55.652574][ T3611] genl_rcv+0x24/0x40 [ 55.656556][ T3611] netlink_unicast+0x7b6/0x980 [ 55.661319][ T3611] ? netlink_detachskb+0x90/0x90 [ 55.666269][ T3611] ? 0xffffffff81000000 [ 55.670414][ T3611] ? __check_object_size+0x300/0x410 [ 55.675699][ T3611] ? bpf_lsm_netlink_send+0x5/0x10 [ 55.680809][ T3611] netlink_sendmsg+0xa30/0xd60 [ 55.685579][ T3611] ? netlink_getsockopt+0x9d0/0x9d0 [ 55.690778][ T3611] ? aa_sock_msg_perm+0x91/0x150 [ 55.695711][ T3611] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 55.700994][ T3611] ? security_socket_sendmsg+0x7d/0xa0 [ 55.706450][ T3611] ? netlink_getsockopt+0x9d0/0x9d0 [ 55.711657][ T3611] ____sys_sendmsg+0x59e/0x8f0 [ 55.716433][ T3611] ? iovec_from_user+0x300/0x390 [ 55.721365][ T3611] ? __sys_sendmsg_sock+0x30/0x30 [ 55.726394][ T3611] ___sys_sendmsg+0x252/0x2e0 [ 55.731070][ T3611] ? __sys_sendmsg+0x260/0x260 [ 55.735847][ T3611] ? rcu_lock_release+0x9/0x20 [ 55.740697][ T3611] ? __fdget+0x191/0x220 [ 55.744930][ T3611] __se_sys_sendmsg+0x19a/0x260 [ 55.749789][ T3611] ? __x64_sys_sendmsg+0x80/0x80 [ 55.754816][ T3611] ? syscall_enter_from_user_mode+0x2e/0x290 [ 55.760818][ T3611] ? lockdep_hardirqs_on+0x94/0x130 [ 55.766020][ T3611] ? syscall_enter_from_user_mode+0x2e/0x290 [ 55.772000][ T3611] do_syscall_64+0x3d/0xb0 [ 55.776419][ T3611] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 55.782308][ T3611] RIP: 0033:0x7f64acf88649 [ 55.786715][ T3611] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 55.806321][ T3611] RSP: 002b:00007f64acf18318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.814729][ T3611] RAX: ffffffffffffffda RBX: 00007f64ad010438 RCX: 00007f64acf88649 [ 55.822693][ T3611] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 55.830657][ T3611] RBP: 00007f64ad010430 R08: 0000000000000003 R09: 0000000000000000 [ 55.838710][ T3611] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f64acfde074 [ 55.846680][ T3611] R13: 00007ffcd84d5f8f R14: 00007f64acf18400 R15: 0000000000022000 [ 55.854669][ T3611] [ 55.969145][ T3611] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 55.977893][ T3611] nci: nci_start_poll: failed to set local general bytes executing program [ 60.991802][ T3611] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 61.225797][ T3615] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 61.456696][ T3621] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 61.689613][ T3631] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 61.698368][ T3631] nci: nci_start_poll: failed to set local general bytes