Warning: Permanently added '10.128.1.120' (ECDSA) to the list of known hosts. executing program executing program [ 152.521619][ T3642] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 152.758952][ T3649] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 152.994868][ T3655] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 153.228634][ T3661] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 153.463453][ T3667] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 153.696618][ T3673] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 153.933577][ T3679] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 154.168224][ T3685] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 154.401967][ T3691] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 154.476081][ T3701] [ 154.478419][ T3701] ====================================================== [ 154.485521][ T3701] WARNING: possible circular locking dependency detected [ 154.492514][ T3701] 6.1.0-rc6-syzkaller-00251-g0b1dcc2cf55a #0 Not tainted [ 154.499509][ T3701] ------------------------------------------------------ [ 154.506599][ T3701] syz-executor195/3701 is trying to acquire lock: [ 154.512991][ T3701] ffff888145dba350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x688/0x900 [ 154.522126][ T3701] [ 154.522126][ T3701] but task is already holding lock: [ 154.529468][ T3701] ffff888147a0e508 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x19e/0x490 [ 154.540226][ T3701] [ 154.540226][ T3701] which lock already depends on the new lock. [ 154.540226][ T3701] [ 154.550605][ T3701] [ 154.550605][ T3701] the existing dependency chain (in reverse order) is: [ 154.559593][ T3701] [ 154.559593][ T3701] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 154.568345][ T3701] __mutex_lock+0x12f/0x1360 [ 154.573447][ T3701] nfc_urelease_event_work+0x143/0x2d0 [ 154.579411][ T3701] process_one_work+0x9bf/0x1710 [ 154.584856][ T3701] worker_thread+0x669/0x1090 [ 154.590036][ T3701] kthread+0x2e8/0x3a0 [ 154.594606][ T3701] ret_from_fork+0x1f/0x30 [ 154.599530][ T3701] [ 154.599530][ T3701] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 154.607342][ T3701] __mutex_lock+0x12f/0x1360 [ 154.612442][ T3701] nfc_register_device+0x32/0x3b0 [ 154.617968][ T3701] nci_register_device+0x7cb/0xb50 [ 154.623604][ T3701] virtual_ncidev_open+0x71/0x110 [ 154.629138][ T3701] misc_open+0x37a/0x4a0 [ 154.633888][ T3701] chrdev_open+0x26a/0x770 [ 154.638807][ T3701] do_dentry_open+0x6cc/0x13f0 [ 154.644071][ T3701] path_openat+0x1bf6/0x2860 [ 154.649168][ T3701] do_filp_open+0x1ba/0x410 [ 154.654173][ T3701] do_sys_openat2+0x16d/0x4c0 [ 154.659354][ T3701] __x64_sys_openat+0x143/0x1f0 [ 154.664722][ T3701] do_syscall_64+0x39/0xb0 [ 154.669645][ T3701] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 154.676045][ T3701] [ 154.676045][ T3701] -> #1 (nci_mutex){+.+.}-{3:3}: [ 154.683146][ T3701] __mutex_lock+0x12f/0x1360 [ 154.688247][ T3701] virtual_nci_close+0x17/0x50 [ 154.693521][ T3701] nci_dev_up+0x4cb/0x660 [ 154.698361][ T3701] nfc_dev_up+0x1aa/0x3b0 [ 154.703195][ T3701] nfc_genl_dev_up+0xa6/0xf0 [ 154.708288][ T3701] genl_family_rcv_msg_doit+0x228/0x320 [ 154.714336][ T3701] genl_rcv_msg+0x445/0x780 [ 154.719340][ T3701] netlink_rcv_skb+0x157/0x430 [ 154.724614][ T3701] genl_rcv+0x28/0x40 [ 154.729099][ T3701] netlink_unicast+0x547/0x7f0 [ 154.734372][ T3701] netlink_sendmsg+0x91b/0xe10 [ 154.739648][ T3701] sock_sendmsg+0xd3/0x120 [ 154.744572][ T3701] ____sys_sendmsg+0x712/0x8c0 [ 154.749843][ T3701] ___sys_sendmsg+0x110/0x1b0 [ 154.755019][ T3701] __sys_sendmsg+0xf7/0x1c0 [ 154.760024][ T3701] do_syscall_64+0x39/0xb0 [ 154.764947][ T3701] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 154.771347][ T3701] [ 154.771347][ T3701] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 154.778968][ T3701] __lock_acquire+0x2a43/0x56d0 [ 154.784333][ T3701] lock_acquire+0x1e3/0x630 [ 154.789346][ T3701] __mutex_lock+0x12f/0x1360 [ 154.794445][ T3701] nci_start_poll+0x688/0x900 [ 154.799629][ T3701] nfc_start_poll+0x192/0x320 [ 154.804809][ T3701] nfc_genl_start_poll+0x1ac/0x490 [ 154.810422][ T3701] genl_family_rcv_msg_doit+0x228/0x320 [ 154.816470][ T3701] genl_rcv_msg+0x445/0x780 [ 154.821474][ T3701] netlink_rcv_skb+0x157/0x430 [ 154.826750][ T3701] genl_rcv+0x28/0x40 [ 154.831234][ T3701] netlink_unicast+0x547/0x7f0 [ 154.836512][ T3701] netlink_sendmsg+0x91b/0xe10 [ 154.841788][ T3701] sock_sendmsg+0xd3/0x120 [ 154.846714][ T3701] ____sys_sendmsg+0x712/0x8c0 [ 154.851986][ T3701] ___sys_sendmsg+0x110/0x1b0 [ 154.857167][ T3701] __sys_sendmsg+0xf7/0x1c0 [ 154.862171][ T3701] do_syscall_64+0x39/0xb0 [ 154.867096][ T3701] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 154.873496][ T3701] [ 154.873496][ T3701] other info that might help us debug this: [ 154.873496][ T3701] [ 154.883700][ T3701] Chain exists of: [ 154.883700][ T3701] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 154.883700][ T3701] [ 154.897926][ T3701] Possible unsafe locking scenario: [ 154.897926][ T3701] [ 154.905354][ T3701] CPU0 CPU1 [ 154.910694][ T3701] ---- ---- [ 154.916037][ T3701] lock(&genl_data->genl_data_mutex); [ 154.921489][ T3701] lock(nfc_devlist_mutex); [ 154.928576][ T3701] lock(&genl_data->genl_data_mutex); [ 154.936534][ T3701] lock(&ndev->req_lock); [ 154.940931][ T3701] [ 154.940931][ T3701] *** DEADLOCK *** [ 154.940931][ T3701] [ 154.949054][ T3701] 4 locks held by syz-executor195/3701: [ 154.954575][ T3701] #0: ffffffff8df50630 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 154.962737][ T3701] #1: ffffffff8df506e8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x50d/0x780 [ 154.971766][ T3701] #2: ffff888147a0e508 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x19e/0x490 [ 154.982794][ T3701] #3: ffff888147a0e100 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x58/0x320 [ 154.991927][ T3701] [ 154.991927][ T3701] stack backtrace: [ 154.997789][ T3701] CPU: 0 PID: 3701 Comm: syz-executor195 Not tainted 6.1.0-rc6-syzkaller-00251-g0b1dcc2cf55a #0 [ 155.008182][ T3701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 155.018216][ T3701] Call Trace: [ 155.021478][ T3701] [ 155.024393][ T3701] dump_stack_lvl+0xd1/0x138 [ 155.028973][ T3701] check_noncircular+0x25f/0x2e0 [ 155.033906][ T3701] ? print_circular_bug+0x1e0/0x1e0 [ 155.039098][ T3701] ? __kmem_cache_free+0xaf/0x3b0 [ 155.044108][ T3701] ? kasan_save_stack+0x35/0x40 [ 155.048944][ T3701] ? ____kasan_slab_free+0x160/0x1c0 [ 155.054214][ T3701] ? slab_free_freelist_hook+0x8b/0x1c0 [ 155.059741][ T3701] ? __kmem_cache_free+0xaf/0x3b0 [ 155.064750][ T3701] ? nfc_llcp_build_gb.isra.0+0x2b8/0x3f0 [ 155.070456][ T3701] ? nfc_llcp_general_bytes+0x30/0xe0 [ 155.075816][ T3701] __lock_acquire+0x2a43/0x56d0 [ 155.080707][ T3701] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 155.086750][ T3701] lock_acquire+0x1e3/0x630 [ 155.091247][ T3701] ? nci_start_poll+0x688/0x900 [ 155.096093][ T3701] ? lock_release+0x810/0x810 [ 155.100763][ T3701] __mutex_lock+0x12f/0x1360 [ 155.105344][ T3701] ? nci_start_poll+0x688/0x900 [ 155.110184][ T3701] ? nfc_llcp_build_gb.isra.0+0x2b8/0x3f0 [ 155.115894][ T3701] ? nci_start_poll+0x688/0x900 [ 155.120735][ T3701] ? nfc_llcp_reserve_sdp_ssap+0x120/0x120 [ 155.126526][ T3701] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 155.132066][ T3701] ? rcu_read_lock_sched_held+0x3e/0x70 [ 155.137603][ T3701] ? trace_contention_end+0x153/0x1e0 [ 155.142964][ T3701] nci_start_poll+0x688/0x900 [ 155.147637][ T3701] ? nci_dep_link_up+0x1b0/0x1b0 [ 155.152565][ T3701] ? nfc_genl_start_poll+0x19e/0x490 [ 155.157836][ T3701] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 155.163377][ T3701] nfc_start_poll+0x192/0x320 [ 155.168124][ T3701] nfc_genl_start_poll+0x1ac/0x490 [ 155.173220][ T3701] genl_family_rcv_msg_doit+0x228/0x320 [ 155.178752][ T3701] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x290/0x290 [ 155.186110][ T3701] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 155.191657][ T3701] ? ns_capable+0xdd/0x100 [ 155.196081][ T3701] genl_rcv_msg+0x445/0x780 [ 155.200569][ T3701] ? genl_start+0x670/0x670 [ 155.205055][ T3701] ? nfc_genl_dep_link_up+0x250/0x250 [ 155.210413][ T3701] ? lock_release+0x810/0x810 [ 155.215104][ T3701] netlink_rcv_skb+0x157/0x430 [ 155.219860][ T3701] ? genl_start+0x670/0x670 [ 155.224349][ T3701] ? netlink_ack+0xd60/0xd60 [ 155.228930][ T3701] ? netlink_deliver_tap+0x1b1/0xc50 [ 155.234218][ T3701] genl_rcv+0x28/0x40 [ 155.238185][ T3701] netlink_unicast+0x547/0x7f0 [ 155.242942][ T3701] ? netlink_attachskb+0x890/0x890 [ 155.248049][ T3701] ? __virt_addr_valid+0x61/0x2e0 [ 155.253065][ T3701] ? __phys_addr_symbol+0x30/0x70 [ 155.258077][ T3701] ? __check_object_size+0x2e2/0x5a0 [ 155.263355][ T3701] netlink_sendmsg+0x91b/0xe10 [ 155.268198][ T3701] ? netlink_unicast+0x7f0/0x7f0 [ 155.273219][ T3701] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 155.278490][ T3701] ? netlink_unicast+0x7f0/0x7f0 [ 155.283419][ T3701] sock_sendmsg+0xd3/0x120 [ 155.287824][ T3701] ____sys_sendmsg+0x712/0x8c0 [ 155.292578][ T3701] ? copy_msghdr_from_user+0xfc/0x150 [ 155.297932][ T3701] ? kernel_sendmsg+0x50/0x50 [ 155.302607][ T3701] ___sys_sendmsg+0x110/0x1b0 [ 155.307270][ T3701] ? do_recvmmsg+0x6e0/0x6e0 [ 155.311845][ T3701] ? __fget_files+0x248/0x440 [ 155.316507][ T3701] ? lock_downgrade+0x6e0/0x6e0 [ 155.321351][ T3701] ? futex_wake_mark+0x1a0/0x1a0 [ 155.326276][ T3701] ? __fget_files+0x26a/0x440 [ 155.330939][ T3701] ? __fget_light+0xe5/0x270 [ 155.335520][ T3701] __sys_sendmsg+0xf7/0x1c0 [ 155.340004][ T3701] ? __sys_sendmsg_sock+0x40/0x40 [ 155.345035][ T3701] ? restore_fpregs_from_fpstate+0xc1/0x1c0 [ 155.350922][ T3701] ? syscall_enter_from_user_mode+0x26/0xb0 [ 155.356802][ T3701] ? lockdep_hardirqs_on+0x7d/0x100 [ 155.361995][ T3701] do_syscall_64+0x39/0xb0 [ 155.366398][ T3701] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 155.372279][ T3701] RIP: 0033:0x7f5568832649 [ 155.376676][ T3701] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 155.396266][ T3701] RSP: 002b:00007f55687c2318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 155.404668][ T3701] RAX: ffffffffffffffda RBX: 00007f55688ba438 RCX: 00007f5568832649 [ 155.412622][ T3701] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 155.420590][ T3701] RBP: 00007f55688ba430 R08: 0000000000000003 R09: 0000000000000000 [ 155.428541][ T3701] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f5568888074 [ 155.436497][ T3701] R13: 00007ffca38033ef R14: 00007f55687c2400 R15: 0000000000022000 [ 155.444461][ T3701] [ 155.563012][ T3701] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 155.571785][ T3701] nci: nci_start_poll: failed to set local general bytes executing program [ 160.621758][ T3701] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 160.850364][ T3708] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 160.859073][ T3708] nci: nci_start_poll: failed to set local general bytes