Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 58.923649][ T3500] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 59.167409][ T3507] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 59.408571][ T3515] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 59.490760][ T3525] [ 59.493138][ T3525] ====================================================== [ 59.500171][ T3525] WARNING: possible circular locking dependency detected [ 59.507208][ T3525] 5.15.112-syzkaller #0 Not tainted [ 59.512409][ T3525] ------------------------------------------------------ [ 59.519418][ T3525] syz-executor290/3525 is trying to acquire lock: [ 59.525834][ T3525] ffff8880728ad350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 59.535000][ T3525] [ 59.535000][ T3525] but task is already holding lock: [ 59.542356][ T3525] ffff8880728ae5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 59.552964][ T3525] [ 59.552964][ T3525] which lock already depends on the new lock. [ 59.552964][ T3525] [ 59.563360][ T3525] [ 59.563360][ T3525] the existing dependency chain (in reverse order) is: [ 59.572366][ T3525] [ 59.572366][ T3525] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 59.581141][ T3525] lock_acquire+0x1db/0x4f0 [ 59.586169][ T3525] __mutex_lock_common+0x1da/0x25a0 [ 59.591898][ T3525] mutex_lock_nested+0x17/0x20 [ 59.597294][ T3525] nfc_urelease_event_work+0x113/0x2f0 [ 59.603294][ T3525] process_one_work+0x8a1/0x10c0 [ 59.608746][ T3525] worker_thread+0xaca/0x1280 [ 59.613944][ T3525] kthread+0x3f6/0x4f0 [ 59.618534][ T3525] ret_from_fork+0x1f/0x30 [ 59.623486][ T3525] [ 59.623486][ T3525] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 59.631291][ T3525] lock_acquire+0x1db/0x4f0 [ 59.636310][ T3525] __mutex_lock_common+0x1da/0x25a0 [ 59.642046][ T3525] mutex_lock_nested+0x17/0x20 [ 59.647372][ T3525] nfc_register_device+0x38/0x310 [ 59.652927][ T3525] nci_register_device+0x7be/0x900 [ 59.658589][ T3525] virtual_ncidev_open+0x55/0xc0 [ 59.664150][ T3525] misc_open+0x304/0x380 [ 59.668969][ T3525] chrdev_open+0x54a/0x630 [ 59.673903][ T3525] do_dentry_open+0x807/0xfb0 [ 59.679359][ T3525] path_openat+0x2702/0x2f20 [ 59.684653][ T3525] do_filp_open+0x21c/0x460 [ 59.689687][ T3525] do_sys_openat2+0x13b/0x500 [ 59.694966][ T3525] __x64_sys_openat+0x243/0x290 [ 59.700334][ T3525] do_syscall_64+0x3d/0xb0 [ 59.705282][ T3525] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.711715][ T3525] [ 59.711715][ T3525] -> #1 (nci_mutex){+.+.}-{3:3}: [ 59.718952][ T3525] lock_acquire+0x1db/0x4f0 [ 59.723976][ T3525] __mutex_lock_common+0x1da/0x25a0 [ 59.729808][ T3525] mutex_lock_nested+0x17/0x20 [ 59.735109][ T3525] virtual_nci_close+0x13/0x40 [ 59.740509][ T3525] nci_dev_up+0x954/0xd40 [ 59.745763][ T3525] nfc_dev_up+0x185/0x330 [ 59.750700][ T3525] nfc_genl_dev_up+0x80/0xd0 [ 59.755990][ T3525] genl_rcv_msg+0xfbd/0x14a0 [ 59.761202][ T3525] netlink_rcv_skb+0x1cf/0x410 [ 59.766496][ T3525] genl_rcv+0x24/0x40 [ 59.771007][ T3525] netlink_unicast+0x7b6/0x980 [ 59.776490][ T3525] netlink_sendmsg+0xa30/0xd60 [ 59.782606][ T3525] ____sys_sendmsg+0x59e/0x8f0 [ 59.787930][ T3525] ___sys_sendmsg+0x252/0x2e0 [ 59.793344][ T3525] __se_sys_sendmsg+0x19a/0x260 [ 59.798732][ T3525] do_syscall_64+0x3d/0xb0 [ 59.804016][ T3525] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.810836][ T3525] [ 59.810836][ T3525] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 59.818836][ T3525] validate_chain+0x1646/0x58b0 [ 59.824327][ T3525] __lock_acquire+0x1295/0x1ff0 [ 59.830152][ T3525] lock_acquire+0x1db/0x4f0 [ 59.835289][ T3525] __mutex_lock_common+0x1da/0x25a0 [ 59.841416][ T3525] mutex_lock_nested+0x17/0x20 [ 59.846850][ T3525] nci_start_poll+0x59f/0xf20 [ 59.852448][ T3525] nfc_start_poll+0x184/0x2f0 [ 59.857991][ T3525] nfc_genl_start_poll+0x1e7/0x350 [ 59.864197][ T3525] genl_rcv_msg+0xfbd/0x14a0 [ 59.869984][ T3525] netlink_rcv_skb+0x1cf/0x410 [ 59.875517][ T3525] genl_rcv+0x24/0x40 [ 59.880552][ T3525] netlink_unicast+0x7b6/0x980 [ 59.886546][ T3525] netlink_sendmsg+0xa30/0xd60 [ 59.891964][ T3525] ____sys_sendmsg+0x59e/0x8f0 [ 59.897510][ T3525] ___sys_sendmsg+0x252/0x2e0 [ 59.903590][ T3525] __se_sys_sendmsg+0x19a/0x260 [ 59.909316][ T3525] do_syscall_64+0x3d/0xb0 [ 59.914719][ T3525] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 59.921423][ T3525] [ 59.921423][ T3525] other info that might help us debug this: [ 59.921423][ T3525] [ 59.931793][ T3525] Chain exists of: [ 59.931793][ T3525] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 59.931793][ T3525] [ 59.946222][ T3525] Possible unsafe locking scenario: [ 59.946222][ T3525] [ 59.953687][ T3525] CPU0 CPU1 [ 59.959046][ T3525] ---- ---- [ 59.964411][ T3525] lock(&genl_data->genl_data_mutex); [ 59.969864][ T3525] lock(nfc_devlist_mutex); [ 59.976966][ T3525] lock(&genl_data->genl_data_mutex); [ 59.985109][ T3525] lock(&ndev->req_lock); [ 59.989530][ T3525] [ 59.989530][ T3525] *** DEADLOCK *** [ 59.989530][ T3525] [ 59.997663][ T3525] 4 locks held by syz-executor290/3525: [ 60.003289][ T3525] #0: ffffffff8da3c110 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 60.011478][ T3525] #1: ffffffff8da3bfc8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x124/0x14a0 [ 60.020528][ T3525] #2: ffff8880728ae5d0 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 60.031573][ T3525] #3: ffff8880728ae190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 60.040705][ T3525] [ 60.040705][ T3525] stack backtrace: [ 60.046700][ T3525] CPU: 0 PID: 3525 Comm: syz-executor290 Not tainted 5.15.112-syzkaller #0 [ 60.055497][ T3525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 60.065634][ T3525] Call Trace: [ 60.069106][ T3525] [ 60.072046][ T3525] dump_stack_lvl+0x1e3/0x2cb [ 60.076723][ T3525] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 60.082355][ T3525] ? print_circular_bug+0x12b/0x1a0 [ 60.087548][ T3525] check_noncircular+0x2f8/0x3b0 [ 60.092568][ T3525] ? add_chain_block+0x850/0x850 [ 60.097502][ T3525] ? lockdep_lock+0x11f/0x2a0 [ 60.102177][ T3525] ? mark_lock+0x98/0x340 [ 60.106508][ T3525] validate_chain+0x1646/0x58b0 [ 60.111355][ T3525] ? print_irqtrace_events+0x210/0x210 [ 60.116826][ T3525] ? lockdep_hardirqs_on+0x94/0x130 [ 60.122036][ T3525] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 60.127924][ T3525] ? _raw_spin_unlock+0x40/0x40 [ 60.132769][ T3525] ? stack_trace_save+0x113/0x1c0 [ 60.137789][ T3525] ? reacquire_held_locks+0x660/0x660 [ 60.143243][ T3525] ? stack_trace_snprint+0xe0/0xe0 [ 60.148351][ T3525] ? stack_depot_save+0x3db/0x440 [ 60.153464][ T3525] ? kfree+0xf1/0x270 [ 60.157457][ T3525] ? kasan_set_track+0x62/0x80 [ 60.162317][ T3525] ? kasan_set_track+0x4b/0x80 [ 60.167084][ T3525] ? kasan_set_free_info+0x1f/0x40 [ 60.172281][ T3525] ? ____kasan_slab_free+0xd8/0x120 [ 60.177472][ T3525] ? slab_free_freelist_hook+0xdd/0x160 [ 60.183019][ T3525] ? kfree+0xf1/0x270 [ 60.186999][ T3525] ? nfc_llcp_build_gb+0x4a2/0x710 [ 60.192145][ T3525] ? nfc_llcp_general_bytes+0x91/0x140 [ 60.197610][ T3525] ? nci_start_poll+0x4e9/0xf20 [ 60.202473][ T3525] ? nfc_start_poll+0x184/0x2f0 [ 60.207326][ T3525] ? nfc_genl_start_poll+0x1e7/0x350 [ 60.212609][ T3525] ? netlink_rcv_skb+0x1cf/0x410 [ 60.217545][ T3525] ? mark_lock+0x98/0x340 [ 60.221878][ T3525] ? do_syscall_64+0x3d/0xb0 [ 60.226484][ T3525] __lock_acquire+0x1295/0x1ff0 [ 60.231956][ T3525] lock_acquire+0x1db/0x4f0 [ 60.236461][ T3525] ? nci_start_poll+0x59f/0xf20 [ 60.241318][ T3525] ? read_lock_is_recursive+0x10/0x10 [ 60.246689][ T3525] ? kasan_quarantine_put+0xd4/0x220 [ 60.252058][ T3525] ? lockdep_hardirqs_on+0x94/0x130 [ 60.257255][ T3525] ? __might_sleep+0xc0/0xc0 [ 60.261868][ T3525] ? slab_free_freelist_hook+0xdd/0x160 [ 60.267434][ T3525] __mutex_lock_common+0x1da/0x25a0 [ 60.272641][ T3525] ? nci_start_poll+0x59f/0xf20 [ 60.277523][ T3525] ? nci_start_poll+0x59f/0xf20 [ 60.282373][ T3525] ? nfc_llcp_general_bytes+0x140/0x140 [ 60.287942][ T3525] ? mutex_lock_io_nested+0x60/0x60 [ 60.293144][ T3525] ? read_lock_is_recursive+0x10/0x10 [ 60.298519][ T3525] mutex_lock_nested+0x17/0x20 [ 60.303280][ T3525] nci_start_poll+0x59f/0xf20 [ 60.307962][ T3525] ? nci_dev_down+0x40/0x40 [ 60.312477][ T3525] ? __mutex_lock_common+0x444/0x25a0 [ 60.317854][ T3525] ? nfc_get_device+0xf0/0xf0 [ 60.322616][ T3525] ? nfc_start_poll+0x56/0x2f0 [ 60.327383][ T3525] ? class_for_each_device+0x2b0/0x2b0 [ 60.332839][ T3525] ? mutex_lock_io_nested+0x60/0x60 [ 60.338122][ T3525] ? mutex_lock_io_nested+0x60/0x60 [ 60.343321][ T3525] ? nfc_get_device+0x94/0xf0 [ 60.348010][ T3525] nfc_start_poll+0x184/0x2f0 [ 60.352690][ T3525] nfc_genl_start_poll+0x1e7/0x350 [ 60.357807][ T3525] genl_rcv_msg+0xfbd/0x14a0 [ 60.362405][ T3525] ? genl_bind+0x370/0x370 [ 60.366990][ T3525] ? arch_stack_walk+0xf3/0x140 [ 60.371944][ T3525] ? mark_lock+0x98/0x340 [ 60.376275][ T3525] ? __lock_acquire+0x1295/0x1ff0 [ 60.381304][ T3525] ? nfc_genl_dev_down+0xd0/0xd0 [ 60.386293][ T3525] netlink_rcv_skb+0x1cf/0x410 [ 60.391080][ T3525] ? genl_bind+0x370/0x370 [ 60.395493][ T3525] ? netlink_ack+0xb10/0xb10 [ 60.400082][ T3525] ? down_read+0x1b3/0x2e0 [ 60.404494][ T3525] ? genl_rcv+0x9/0x40 [ 60.408623][ T3525] genl_rcv+0x24/0x40 [ 60.412625][ T3525] netlink_unicast+0x7b6/0x980 [ 60.417399][ T3525] ? netlink_detachskb+0x90/0x90 [ 60.422333][ T3525] ? 0xffffffff81000000 [ 60.426502][ T3525] ? __check_object_size+0x300/0x410 [ 60.431786][ T3525] ? bpf_lsm_netlink_send+0x5/0x10 [ 60.437010][ T3525] netlink_sendmsg+0xa30/0xd60 [ 60.441918][ T3525] ? netlink_getsockopt+0x5a0/0x5a0 [ 60.447118][ T3525] ? aa_sock_msg_perm+0x91/0x150 [ 60.452080][ T3525] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 60.457360][ T3525] ? security_socket_sendmsg+0x7d/0xa0 [ 60.462902][ T3525] ? netlink_getsockopt+0x5a0/0x5a0 [ 60.468101][ T3525] ____sys_sendmsg+0x59e/0x8f0 [ 60.472869][ T3525] ? iovec_from_user+0x300/0x390 [ 60.477807][ T3525] ? __sys_sendmsg_sock+0x30/0x30 [ 60.482836][ T3525] ___sys_sendmsg+0x252/0x2e0 [ 60.487511][ T3525] ? __sys_sendmsg+0x260/0x260 [ 60.492287][ T3525] ? __fdget+0x191/0x220 [ 60.496532][ T3525] __se_sys_sendmsg+0x19a/0x260 [ 60.501387][ T3525] ? __x64_sys_sendmsg+0x80/0x80 [ 60.506327][ T3525] ? syscall_enter_from_user_mode+0x2e/0x230 [ 60.512304][ T3525] ? lockdep_hardirqs_on+0x94/0x130 [ 60.517497][ T3525] ? syscall_enter_from_user_mode+0x2e/0x230 [ 60.523474][ T3525] do_syscall_64+0x3d/0xb0 [ 60.527889][ T3525] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 60.533902][ T3525] RIP: 0033:0x7f0c5befb649 [ 60.538321][ T3525] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 60.558010][ T3525] RSP: 002b:00007f0c5be8b318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 60.566419][ T3525] RAX: ffffffffffffffda RBX: 00007f0c5bf83438 RCX: 00007f0c5befb649 [ 60.574387][ T3525] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 60.582349][ T3525] RBP: 00007f0c5bf83430 R08: 0000000000000003 R09: 0000000000000000 [ 60.590313][ T3525] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f0c5bf51074 [ 60.598277][ T3525] R13: 00007ffddcbad64f R14: 00007f0c5be8b400 R15: 0000000000022000 [ 60.606270][ T3525] [ 60.726214][ T3525] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 60.734965][ T3525] nci: nci_start_poll: failed to set local general bytes executing program [ 65.752807][ T3525] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 65.986167][ T3528] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 65.996240][ T3528] nci: nci_start_poll: failed to set local general bytes