Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts. executing program executing program [ 50.519629][ T3628] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 50.758472][ T3635] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 50.997763][ T3642] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 51.077955][ T3652] [ 51.080316][ T3652] ====================================================== [ 51.087352][ T3652] WARNING: possible circular locking dependency detected [ 51.094353][ T3652] 6.1.21-syzkaller #0 Not tainted [ 51.099358][ T3652] ------------------------------------------------------ [ 51.106361][ T3652] syz-executor966/3652 is trying to acquire lock: [ 51.112755][ T3652] ffff888020de4350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x59f/0xf20 [ 51.121892][ T3652] [ 51.121892][ T3652] but task is already holding lock: [ 51.129249][ T3652] ffff8880183f0508 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 51.139852][ T3652] [ 51.139852][ T3652] which lock already depends on the new lock. [ 51.139852][ T3652] [ 51.150243][ T3652] [ 51.150243][ T3652] the existing dependency chain (in reverse order) is: [ 51.159241][ T3652] [ 51.159241][ T3652] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 51.167915][ T3652] lock_acquire+0x1f8/0x5a0 [ 51.172937][ T3652] __mutex_lock_common+0x1d4/0x2520 [ 51.178649][ T3652] mutex_lock_nested+0x17/0x20 [ 51.183924][ T3652] nfc_urelease_event_work+0x113/0x2f0 [ 51.189894][ T3652] process_one_work+0x8aa/0x11f0 [ 51.195348][ T3652] worker_thread+0xa5f/0x1210 [ 51.200539][ T3652] kthread+0x268/0x300 [ 51.205118][ T3652] ret_from_fork+0x1f/0x30 [ 51.210056][ T3652] [ 51.210056][ T3652] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 51.217863][ T3652] lock_acquire+0x1f8/0x5a0 [ 51.222882][ T3652] __mutex_lock_common+0x1d4/0x2520 [ 51.228618][ T3652] mutex_lock_nested+0x17/0x20 [ 51.233894][ T3652] nfc_register_device+0x38/0x310 [ 51.239436][ T3652] nci_register_device+0x7be/0x900 [ 51.245058][ T3652] virtual_ncidev_open+0x55/0xc0 [ 51.250536][ T3652] misc_open+0x304/0x380 [ 51.255292][ T3652] chrdev_open+0x54a/0x630 [ 51.260222][ T3652] do_dentry_open+0x7f9/0x10f0 [ 51.265500][ T3652] path_openat+0x2644/0x2e60 [ 51.270603][ T3652] do_filp_open+0x230/0x480 [ 51.275618][ T3652] do_sys_openat2+0x13b/0x500 [ 51.280812][ T3652] __x64_sys_openat+0x243/0x290 [ 51.286179][ T3652] do_syscall_64+0x3d/0xb0 [ 51.291111][ T3652] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.297561][ T3652] [ 51.297561][ T3652] -> #1 (nci_mutex){+.+.}-{3:3}: [ 51.304676][ T3652] lock_acquire+0x1f8/0x5a0 [ 51.309695][ T3652] __mutex_lock_common+0x1d4/0x2520 [ 51.315407][ T3652] mutex_lock_nested+0x17/0x20 [ 51.320683][ T3652] virtual_nci_close+0x13/0x40 [ 51.325977][ T3652] nci_dev_up+0x954/0xd40 [ 51.330822][ T3652] nfc_dev_up+0x185/0x330 [ 51.335689][ T3652] nfc_genl_dev_up+0x80/0xd0 [ 51.340799][ T3652] genl_rcv_msg+0xc1a/0xf70 [ 51.345813][ T3652] netlink_rcv_skb+0x1cd/0x410 [ 51.351145][ T3652] genl_rcv+0x24/0x40 [ 51.355643][ T3652] netlink_unicast+0x7bf/0x990 [ 51.361029][ T3652] netlink_sendmsg+0xa26/0xd60 [ 51.366313][ T3652] ____sys_sendmsg+0x59e/0x8f0 [ 51.371591][ T3652] __sys_sendmsg+0x2a9/0x390 [ 51.376700][ T3652] do_syscall_64+0x3d/0xb0 [ 51.381650][ T3652] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.388063][ T3652] [ 51.388063][ T3652] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 51.395700][ T3652] validate_chain+0x1667/0x58e0 [ 51.401073][ T3652] __lock_acquire+0x125b/0x1f80 [ 51.406444][ T3652] lock_acquire+0x1f8/0x5a0 [ 51.411462][ T3652] __mutex_lock_common+0x1d4/0x2520 [ 51.417175][ T3652] mutex_lock_nested+0x17/0x20 [ 51.422544][ T3652] nci_start_poll+0x59f/0xf20 [ 51.427735][ T3652] nfc_start_poll+0x184/0x2f0 [ 51.432924][ T3652] nfc_genl_start_poll+0x1e7/0x350 [ 51.438549][ T3652] genl_rcv_msg+0xc1a/0xf70 [ 51.443580][ T3652] netlink_rcv_skb+0x1cd/0x410 [ 51.448861][ T3652] genl_rcv+0x24/0x40 [ 51.453352][ T3652] netlink_unicast+0x7bf/0x990 [ 51.458631][ T3652] netlink_sendmsg+0xa26/0xd60 [ 51.463913][ T3652] ____sys_sendmsg+0x59e/0x8f0 [ 51.469194][ T3652] __sys_sendmsg+0x2a9/0x390 [ 51.474298][ T3652] do_syscall_64+0x3d/0xb0 [ 51.479230][ T3652] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.485668][ T3652] [ 51.485668][ T3652] other info that might help us debug this: [ 51.485668][ T3652] [ 51.495893][ T3652] Chain exists of: [ 51.495893][ T3652] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 51.495893][ T3652] [ 51.510157][ T3652] Possible unsafe locking scenario: [ 51.510157][ T3652] [ 51.517633][ T3652] CPU0 CPU1 [ 51.523009][ T3652] ---- ---- [ 51.528362][ T3652] lock(&genl_data->genl_data_mutex); [ 51.533901][ T3652] lock(nfc_devlist_mutex); [ 51.541001][ T3652] lock(&genl_data->genl_data_mutex); [ 51.548969][ T3652] lock(&ndev->req_lock); [ 51.553377][ T3652] [ 51.553377][ T3652] *** DEADLOCK *** [ 51.553377][ T3652] [ 51.561509][ T3652] 4 locks held by syz-executor966/3652: [ 51.567046][ T3652] #0: ffffffff8e0f0b10 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 51.575220][ T3652] #1: ffffffff8e0f09c8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x125/0xf70 [ 51.584180][ T3652] #2: ffff8880183f0508 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1da/0x350 [ 51.595231][ T3652] #3: ffff8880183f0100 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x56/0x2f0 [ 51.604462][ T3652] [ 51.604462][ T3652] stack backtrace: [ 51.610339][ T3652] CPU: 1 PID: 3652 Comm: syz-executor966 Not tainted 6.1.21-syzkaller #0 [ 51.618748][ T3652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 51.628793][ T3652] Call Trace: [ 51.632064][ T3652] [ 51.635077][ T3652] dump_stack_lvl+0x1e3/0x2cb [ 51.639772][ T3652] ? nf_tcp_handle_invalid+0x642/0x642 [ 51.645247][ T3652] ? print_circular_bug+0x12b/0x1a0 [ 51.650438][ T3652] check_noncircular+0x2fa/0x3b0 [ 51.655370][ T3652] ? add_chain_block+0x850/0x850 [ 51.660299][ T3652] ? lockdep_lock+0x11f/0x2a0 [ 51.664976][ T3652] ? _find_first_zero_bit+0xd0/0x100 [ 51.670252][ T3652] validate_chain+0x1667/0x58e0 [ 51.675101][ T3652] ? do_raw_spin_unlock+0x137/0x8a0 [ 51.680290][ T3652] ? reacquire_held_locks+0x660/0x660 [ 51.685654][ T3652] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 51.691541][ T3652] ? _raw_spin_unlock+0x40/0x40 [ 51.696406][ T3652] ? stack_trace_save+0x113/0x1c0 [ 51.701427][ T3652] ? stack_trace_snprint+0xe0/0xe0 [ 51.706537][ T3652] ? __stack_depot_save+0x3f5/0x470 [ 51.711733][ T3652] ? nfc_llcp_build_gb+0x4a2/0x710 [ 51.716837][ T3652] ? kasan_set_track+0x60/0x70 [ 51.721596][ T3652] ? kasan_save_free_info+0x27/0x40 [ 51.726785][ T3652] ? mark_lock+0x9a/0x340 [ 51.731103][ T3652] ? nfc_genl_start_poll+0x1e7/0x350 [ 51.736380][ T3652] __lock_acquire+0x125b/0x1f80 [ 51.741239][ T3652] lock_acquire+0x1f8/0x5a0 [ 51.745760][ T3652] ? nci_start_poll+0x59f/0xf20 [ 51.750635][ T3652] ? read_lock_is_recursive+0x10/0x10 [ 51.756027][ T3652] ? __might_sleep+0xb0/0xb0 [ 51.760634][ T3652] ? kasan_quarantine_put+0xd4/0x220 [ 51.765915][ T3652] ? lockdep_hardirqs_on+0x94/0x130 [ 51.771140][ T3652] __mutex_lock_common+0x1d4/0x2520 [ 51.776340][ T3652] ? nci_start_poll+0x59f/0xf20 [ 51.781185][ T3652] ? nfc_llcp_build_gb+0x4a2/0x710 [ 51.786291][ T3652] ? nci_start_poll+0x59f/0xf20 [ 51.791137][ T3652] ? nfc_llcp_general_bytes+0x140/0x140 [ 51.796675][ T3652] ? mutex_lock_io_nested+0x60/0x60 [ 51.801870][ T3652] ? read_lock_is_recursive+0x10/0x10 [ 51.807239][ T3652] mutex_lock_nested+0x17/0x20 [ 51.812017][ T3652] nci_start_poll+0x59f/0xf20 [ 51.816708][ T3652] ? nci_dev_down+0x40/0x40 [ 51.821237][ T3652] ? __mutex_lock_common+0x429/0x2520 [ 51.826637][ T3652] ? __mutex_lock_common+0x429/0x2520 [ 51.832008][ T3652] ? class_find_device+0x273/0x2c0 [ 51.837140][ T3652] ? nfc_get_device+0xf0/0xf0 [ 51.841824][ T3652] ? nfc_start_poll+0x56/0x2f0 [ 51.846585][ T3652] ? class_for_each_device+0x2b0/0x2b0 [ 51.852077][ T3652] ? mutex_lock_io_nested+0x60/0x60 [ 51.857276][ T3652] ? mutex_lock_io_nested+0x60/0x60 [ 51.862467][ T3652] ? nfc_get_device+0x94/0xf0 [ 51.867148][ T3652] nfc_start_poll+0x184/0x2f0 [ 51.871825][ T3652] nfc_genl_start_poll+0x1e7/0x350 [ 51.876943][ T3652] genl_rcv_msg+0xc1a/0xf70 [ 51.881441][ T3652] ? kernel_text_address+0x9f/0xd0 [ 51.886571][ T3652] ? genl_bind+0x360/0x360 [ 51.890990][ T3652] ? mark_lock+0x9a/0x340 [ 51.895320][ T3652] ? mark_lock+0x9a/0x340 [ 51.899652][ T3652] ? nfc_genl_dev_down+0xd0/0xd0 [ 51.904592][ T3652] netlink_rcv_skb+0x1cd/0x410 [ 51.909362][ T3652] ? genl_bind+0x360/0x360 [ 51.913772][ T3652] ? netlink_ack+0xe60/0xe60 [ 51.918363][ T3652] ? __down_read_common+0x184/0x2c0 [ 51.923560][ T3652] genl_rcv+0x24/0x40 [ 51.927566][ T3652] netlink_unicast+0x7bf/0x990 [ 51.932327][ T3652] ? netlink_detachskb+0x90/0x90 [ 51.937277][ T3652] ? __phys_addr_symbol+0x2b/0x70 [ 51.942339][ T3652] ? bpf_lsm_netlink_send+0x5/0x10 [ 51.947459][ T3652] netlink_sendmsg+0xa26/0xd60 [ 51.952231][ T3652] ? netlink_getsockopt+0x9d0/0x9d0 [ 51.957427][ T3652] ? aa_sock_msg_perm+0x91/0x150 [ 51.962362][ T3652] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 51.967637][ T3652] ? security_socket_sendmsg+0x7d/0xa0 [ 51.973087][ T3652] ? netlink_getsockopt+0x9d0/0x9d0 [ 51.978282][ T3652] ____sys_sendmsg+0x59e/0x8f0 [ 51.983048][ T3652] ? __sys_sendmsg_sock+0x30/0x30 [ 51.988071][ T3652] __sys_sendmsg+0x2a9/0x390 [ 51.992655][ T3652] ? ____sys_sendmsg+0x8f0/0x8f0 [ 51.997587][ T3652] ? vfs_write+0x923/0xba0 [ 52.002026][ T3652] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 52.008037][ T3652] ? syscall_enter_from_user_mode+0x2e/0x250 [ 52.014033][ T3652] ? lockdep_hardirqs_on+0x94/0x130 [ 52.019234][ T3652] ? syscall_enter_from_user_mode+0x2e/0x250 [ 52.025215][ T3652] do_syscall_64+0x3d/0xb0 [ 52.029626][ T3652] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.035517][ T3652] RIP: 0033:0x7f4ac7d5d649 [ 52.039924][ T3652] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 52.059521][ T3652] RSP: 002b:00007f4ac7ced318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 52.067928][ T3652] RAX: ffffffffffffffda RBX: 00007f4ac7de5438 RCX: 00007f4ac7d5d649 [ 52.075893][ T3652] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 52.083855][ T3652] RBP: 00007f4ac7de5430 R08: 0000000000000003 R09: 0000000000000000 [ 52.091817][ T3652] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f4ac7db3074 [ 52.099787][ T3652] R13: 00007ffc0cc8c6af R14: 00007f4ac7ced400 R15: 0000000000022000 [ 52.107760][ T3652] [ 52.219781][ T3652] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 52.228492][ T3652] nci: nci_start_poll: failed to set local general bytes executing program [ 57.238776][ T3652] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 57.466709][ T3656] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 57.693698][ T3666] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 57.702444][ T3666] nci: nci_start_poll: failed to set local general bytes