[ 76.107878][ T14] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.229' (ECDSA) to the list of known hosts. executing program executing program [ 79.812995][ T3638] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 80.056100][ T3644] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 80.301858][ T3651] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 80.542107][ T3657] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 80.626708][ T3667] [ 80.629058][ T3667] ====================================================== [ 80.636055][ T3667] WARNING: possible circular locking dependency detected [ 80.643069][ T3667] 6.1.20-syzkaller #0 Not tainted [ 80.648092][ T3667] ------------------------------------------------------ [ 80.655098][ T3667] syz-executor568/3667 is trying to acquire lock: [ 80.661493][ T3667] ffff88802111a350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 80.670664][ T3667] [ 80.670664][ T3667] but task is already holding lock: [ 80.678013][ T3667] ffff88802111f508 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 80.688629][ T3667] [ 80.688629][ T3667] which lock already depends on the new lock. [ 80.688629][ T3667] [ 80.699018][ T3667] [ 80.699018][ T3667] the existing dependency chain (in reverse order) is: [ 80.708028][ T3667] [ 80.708028][ T3667] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 80.716749][ T3667] lock_acquire+0x23a/0x630 [ 80.721783][ T3667] __mutex_lock_common+0x1d4/0x2520 [ 80.727500][ T3667] mutex_lock_nested+0x17/0x20 [ 80.732809][ T3667] nfc_urelease_event_work+0x113/0x2f0 [ 80.738800][ T3667] process_one_work+0x909/0x1380 [ 80.744274][ T3667] worker_thread+0xa5f/0x1210 [ 80.749473][ T3667] kthread+0x268/0x300 [ 80.754056][ T3667] ret_from_fork+0x1f/0x30 [ 80.758997][ T3667] [ 80.758997][ T3667] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 80.766812][ T3667] lock_acquire+0x23a/0x630 [ 80.771844][ T3667] __mutex_lock_common+0x1d4/0x2520 [ 80.777562][ T3667] mutex_lock_nested+0x17/0x20 [ 80.782873][ T3667] nfc_register_device+0x38/0x310 [ 80.788425][ T3667] nci_register_device+0x7be/0x900 [ 80.794056][ T3667] virtual_ncidev_open+0x55/0xc0 [ 80.799516][ T3667] misc_open+0x304/0x380 [ 80.804279][ T3667] chrdev_open+0x54a/0x630 [ 80.809213][ T3667] do_dentry_open+0x7f9/0x10f0 [ 80.814503][ T3667] path_openat+0x2644/0x2e60 [ 80.819603][ T3667] do_filp_open+0x230/0x480 [ 80.824618][ T3667] do_sys_openat2+0x13b/0x500 [ 80.829815][ T3667] __x64_sys_openat+0x243/0x290 [ 80.835198][ T3667] do_syscall_64+0x3d/0xb0 [ 80.840127][ T3667] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.846543][ T3667] [ 80.846543][ T3667] -> #1 (nci_mutex){+.+.}-{3:3}: [ 80.853667][ T3667] lock_acquire+0x23a/0x630 [ 80.858700][ T3667] __mutex_lock_common+0x1d4/0x2520 [ 80.864423][ T3667] mutex_lock_nested+0x17/0x20 [ 80.869707][ T3667] virtual_nci_close+0x13/0x40 [ 80.874994][ T3667] nci_dev_up+0x954/0xd40 [ 80.879852][ T3667] nfc_dev_up+0x185/0x330 [ 80.884718][ T3667] nfc_genl_dev_up+0x80/0xd0 [ 80.889833][ T3667] genl_rcv_msg+0xc1a/0xf70 [ 80.894850][ T3667] netlink_rcv_skb+0x1cd/0x410 [ 80.900136][ T3667] genl_rcv+0x24/0x40 [ 80.904633][ T3667] netlink_unicast+0x7bf/0x990 [ 80.909919][ T3667] netlink_sendmsg+0xa26/0xd60 [ 80.915205][ T3667] ____sys_sendmsg+0x59e/0x8f0 [ 80.920496][ T3667] __sys_sendmsg+0x2a9/0x390 [ 80.925609][ T3667] do_syscall_64+0x3d/0xb0 [ 80.930542][ T3667] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.936966][ T3667] [ 80.936966][ T3667] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 80.944607][ T3667] validate_chain+0x1667/0x58e0 [ 80.949976][ T3667] __lock_acquire+0x125b/0x1f80 [ 80.955353][ T3667] lock_acquire+0x23a/0x630 [ 80.960374][ T3667] __mutex_lock_common+0x1d4/0x2520 [ 80.966090][ T3667] mutex_lock_nested+0x17/0x20 [ 80.971371][ T3667] nci_start_poll+0x59f/0xf20 [ 80.976563][ T3667] nfc_start_poll+0x184/0x2f0 [ 80.981761][ T3667] nfc_genl_start_poll+0x1e7/0x350 [ 80.987398][ T3667] genl_rcv_msg+0xc1a/0xf70 [ 80.992424][ T3667] netlink_rcv_skb+0x1cd/0x410 [ 80.997717][ T3667] genl_rcv+0x24/0x40 [ 81.002215][ T3667] netlink_unicast+0x7bf/0x990 [ 81.007507][ T3667] netlink_sendmsg+0xa26/0xd60 [ 81.012799][ T3667] ____sys_sendmsg+0x59e/0x8f0 [ 81.018091][ T3667] __sys_sendmsg+0x2a9/0x390 [ 81.023219][ T3667] do_syscall_64+0x3d/0xb0 [ 81.028155][ T3667] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.034576][ T3667] [ 81.034576][ T3667] other info that might help us debug this: [ 81.034576][ T3667] [ 81.044792][ T3667] Chain exists of: [ 81.044792][ T3667] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 81.044792][ T3667] [ 81.059046][ T3667] Possible unsafe locking scenario: [ 81.059046][ T3667] [ 81.066484][ T3667] CPU0 CPU1 [ 81.071834][ T3667] ---- ---- [ 81.077191][ T3667] lock(&genl_data->genl_data_mutex); [ 81.082648][ T3667] lock(nfc_devlist_mutex); [ 81.089754][ T3667] lock(&genl_data->genl_data_mutex); [ 81.097730][ T3667] lock(&ndev->req_lock); [ 81.102147][ T3667] [ 81.102147][ T3667] *** DEADLOCK *** [ 81.102147][ T3667] [ 81.110297][ T3667] 4 locks held by syz-executor568/3667: [ 81.115834][ T3667] #0: ffffffff8e0f7790 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 81.124013][ T3667] #1: ffffffff8e0f7648 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x125/0xf70 [ 81.132969][ T3667] #2: ffff88802111f508 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 81.144037][ T3667] #3: ffff88802111f100 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 81.153170][ T3667] [ 81.153170][ T3667] stack backtrace: [ 81.159051][ T3667] CPU: 0 PID: 3667 Comm: syz-executor568 Not tainted 6.1.20-syzkaller #0 [ 81.167458][ T3667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 81.177507][ T3667] Call Trace: [ 81.180781][ T3667] [ 81.183707][ T3667] dump_stack_lvl+0x1e3/0x2cb [ 81.188391][ T3667] ? nf_tcp_handle_invalid+0x642/0x642 [ 81.193852][ T3667] ? print_circular_bug+0x12b/0x1a0 [ 81.199050][ T3667] check_noncircular+0x2fa/0x3b0 [ 81.203990][ T3667] ? add_chain_block+0x850/0x850 [ 81.208926][ T3667] ? lockdep_lock+0x11f/0x2a0 [ 81.213618][ T3667] ? _find_first_zero_bit+0xd0/0x100 [ 81.218904][ T3667] validate_chain+0x1667/0x58e0 [ 81.223762][ T3667] ? do_raw_spin_unlock+0x137/0x8a0 [ 81.228962][ T3667] ? reacquire_held_locks+0x660/0x660 [ 81.234346][ T3667] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 81.240245][ T3667] ? _raw_spin_unlock+0x40/0x40 [ 81.245097][ T3667] ? stack_trace_save+0x113/0x1c0 [ 81.250124][ T3667] ? stack_trace_snprint+0xe0/0xe0 [ 81.255234][ T3667] ? rcu_read_lock_sched_held+0x89/0x130 [ 81.260867][ T3667] ? __stack_depot_save+0x3f5/0x470 [ 81.266066][ T3667] ? nfc_llcp_build_gb+0x4a2/0x710 [ 81.271173][ T3667] ? kasan_set_track+0x60/0x70 [ 81.275944][ T3667] ? kasan_save_free_info+0x27/0x40 [ 81.281141][ T3667] ? mark_lock+0x9a/0x340 [ 81.285465][ T3667] ? nfc_genl_start_poll+0x1e7/0x350 [ 81.290759][ T3667] __lock_acquire+0x125b/0x1f80 [ 81.295644][ T3667] lock_acquire+0x23a/0x630 [ 81.300156][ T3667] ? nci_start_poll+0x59f/0xf20 [ 81.305007][ T3667] ? read_lock_is_recursive+0x10/0x10 [ 81.310397][ T3667] ? __might_sleep+0xb0/0xb0 [ 81.314983][ T3667] ? kasan_quarantine_put+0xd4/0x220 [ 81.320261][ T3667] ? lockdep_hardirqs_on+0x94/0x130 [ 81.325466][ T3667] __mutex_lock_common+0x1d4/0x2520 [ 81.330660][ T3667] ? nci_start_poll+0x59f/0xf20 [ 81.335529][ T3667] ? nfc_llcp_build_gb+0x4a2/0x710 [ 81.340642][ T3667] ? nci_start_poll+0x59f/0xf20 [ 81.345489][ T3667] ? nfc_llcp_general_bytes+0x140/0x140 [ 81.351030][ T3667] ? mutex_lock_io_nested+0x60/0x60 [ 81.356236][ T3667] mutex_lock_nested+0x17/0x20 [ 81.360997][ T3667] nci_start_poll+0x59f/0xf20 [ 81.365670][ T3667] ? nci_dev_down+0x40/0x40 [ 81.370176][ T3667] ? __mutex_lock_common+0x429/0x2520 [ 81.375546][ T3667] ? __mutex_lock_common+0x429/0x2520 [ 81.380917][ T3667] ? class_find_device+0x273/0x2c0 [ 81.386034][ T3667] ? nfc_get_device+0xf0/0xf0 [ 81.390724][ T3667] ? nfc_start_poll+0x56/0x2f0 [ 81.395514][ T3667] ? class_for_each_device+0x2b0/0x2b0 [ 81.400980][ T3667] ? mutex_lock_io_nested+0x60/0x60 [ 81.406178][ T3667] ? mutex_lock_io_nested+0x60/0x60 [ 81.411375][ T3667] ? nfc_get_device+0x94/0xf0 [ 81.416057][ T3667] nfc_start_poll+0x184/0x2f0 [ 81.420733][ T3667] nfc_genl_start_poll+0x1e7/0x350 [ 81.425848][ T3667] genl_rcv_msg+0xc1a/0xf70 [ 81.430345][ T3667] ? kernel_text_address+0x9f/0xd0 [ 81.435457][ T3667] ? genl_bind+0x360/0x360 [ 81.439874][ T3667] ? mark_lock+0x9a/0x340 [ 81.444204][ T3667] ? mark_lock+0x9a/0x340 [ 81.448546][ T3667] ? nfc_genl_dev_down+0xd0/0xd0 [ 81.453517][ T3667] netlink_rcv_skb+0x1cd/0x410 [ 81.458292][ T3667] ? genl_bind+0x360/0x360 [ 81.462710][ T3667] ? netlink_ack+0xe60/0xe60 [ 81.467314][ T3667] ? __down_read_common+0x184/0x2c0 [ 81.472521][ T3667] genl_rcv+0x24/0x40 [ 81.476501][ T3667] netlink_unicast+0x7bf/0x990 [ 81.481280][ T3667] ? netlink_detachskb+0x90/0x90 [ 81.486219][ T3667] ? __phys_addr_symbol+0x2b/0x70 [ 81.491252][ T3667] ? bpf_lsm_netlink_send+0x5/0x10 [ 81.496361][ T3667] netlink_sendmsg+0xa26/0xd60 [ 81.501134][ T3667] ? netlink_getsockopt+0x9d0/0x9d0 [ 81.506347][ T3667] ? aa_sock_msg_perm+0x91/0x150 [ 81.511289][ T3667] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 81.516570][ T3667] ? security_socket_sendmsg+0x7d/0xa0 [ 81.522032][ T3667] ? netlink_getsockopt+0x9d0/0x9d0 [ 81.527335][ T3667] ____sys_sendmsg+0x59e/0x8f0 [ 81.532114][ T3667] ? __sys_sendmsg_sock+0x30/0x30 [ 81.537152][ T3667] __sys_sendmsg+0x2a9/0x390 [ 81.541750][ T3667] ? ____sys_sendmsg+0x8f0/0x8f0 [ 81.546716][ T3667] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 81.552711][ T3667] ? syscall_enter_from_user_mode+0x2e/0x2b0 [ 81.558801][ T3667] ? lockdep_hardirqs_on+0x94/0x130 [ 81.564013][ T3667] ? syscall_enter_from_user_mode+0x2e/0x2b0 [ 81.570001][ T3667] do_syscall_64+0x3d/0xb0 [ 81.574418][ T3667] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.580317][ T3667] RIP: 0033:0x7f9897238649 [ 81.584740][ T3667] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 81.604348][ T3667] RSP: 002b:00007f98971c8318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.612776][ T3667] RAX: ffffffffffffffda RBX: 00007f98972c0438 RCX: 00007f9897238649 [ 81.620753][ T3667] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 81.628730][ T3667] RBP: 00007f98972c0430 R08: 0000000000000003 R09: 0000000000000000 [ 81.636706][ T3667] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f989728e074 [ 81.644676][ T3667] R13: 00007ffc47e6eb3f R14: 00007f98971c8400 R15: 0000000000022000 [ 81.652653][ T3667] [ 81.766561][ T3667] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 81.775275][ T3667] nci: nci_start_poll: failed to set local general bytes executing program [ 86.826295][ T3667] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 87.056271][ T3670] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 87.285249][ T3676] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 87.512814][ T3682] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 87.741871][ T3688] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 87.968391][ T3698] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 87.977202][ T3698] nci: nci_start_poll: failed to set local general bytes