====================================================== WARNING: possible circular locking dependency detected 5.11.0-rc5-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/6772 is trying to acquire lock: ffff888028112350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_request net/nfc/nci/core.c:151 [inline] ffff888028112350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_set_local_general_bytes net/nfc/nci/core.c:759 [inline] ffff888028112350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x496/0x740 net/nfc/nci/core.c:823 but task is already holding lock: ffff88803140f588 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x175/0x410 net/nfc/netlink.c:824 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x134/0x1110 kernel/locking/mutex.c:1103 nfc_urelease_event_work+0x116/0x290 net/nfc/netlink.c:1791 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275 worker_thread+0x598/0xf80 kernel/workqueue.c:2421 kthread+0x36f/0x450 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x134/0x1110 kernel/locking/mutex.c:1103 nfc_register_device+0x1e/0x2d0 net/nfc/core.c:1116 nci_register_device+0x796/0xaf0 net/nfc/nci/core.c:1245 virtual_ncidev_open+0x44/0xb0 drivers/nfc/virtual_ncidev.c:138 misc_open+0x2f0/0x410 drivers/char/misc.c:141 chrdev_open+0x20f/0x650 fs/char_dev.c:414 do_dentry_open+0x42a/0xfb0 fs/open.c:817 do_open fs/namei.c:3254 [inline] path_openat+0x12cd/0x21d0 fs/namei.c:3371 do_filp_open+0x16d/0x390 fs/namei.c:3398 do_sys_openat2+0x11e/0x360 fs/open.c:1172 do_sys_open fs/open.c:1188 [inline] __do_sys_openat fs/open.c:1204 [inline] __se_sys_openat fs/open.c:1199 [inline] __x64_sys_openat+0x11b/0x1d0 fs/open.c:1199 do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #1 (nci_mutex){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x134/0x1110 kernel/locking/mutex.c:1103 virtual_nci_close+0xe/0x40 drivers/nfc/virtual_ncidev.c:42 nci_open_device net/nfc/nci/core.c:538 [inline] nci_dev_up+0x380/0x540 net/nfc/nci/core.c:617 nfc_dev_up+0x150/0x300 net/nfc/core.c:118 nfc_genl_dev_up+0x90/0xe0 net/nfc/netlink.c:768 genl_family_rcv_msg_doit+0x1e4/0x2f0 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x27d/0x490 net/netlink/genetlink.c:800 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2494 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x70e/0xbe0 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:672 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2345 ___sys_sendmsg+0xd3/0x150 net/socket.c:2399 __sys_sendmsg+0xb2/0x140 net/socket.c:2432 do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> #0 (&ndev->req_lock){+.+.}-{3:3}: check_prev_add kernel/locking/lockdep.c:2868 [inline] check_prevs_add kernel/locking/lockdep.c:2993 [inline] validate_chain kernel/locking/lockdep.c:3608 [inline] __lock_acquire+0x2b2a/0x5500 kernel/locking/lockdep.c:4832 lock_acquire kernel/locking/lockdep.c:5442 [inline] lock_acquire+0x1a8/0x720 kernel/locking/lockdep.c:5407 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x134/0x1110 kernel/locking/mutex.c:1103 nci_request net/nfc/nci/core.c:151 [inline] nci_set_local_general_bytes net/nfc/nci/core.c:759 [inline] nci_start_poll+0x496/0x740 net/nfc/nci/core.c:823 nfc_start_poll+0x130/0x290 net/nfc/core.c:225 nfc_genl_start_poll+0x183/0x410 net/nfc/netlink.c:826 genl_family_rcv_msg_doit+0x1e4/0x2f0 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x27d/0x490 net/netlink/genetlink.c:800 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2494 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x70e/0xbe0 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:672 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2345 ___sys_sendmsg+0xd3/0x150 net/socket.c:2399 __sys_sendmsg+0xb2/0x140 net/socket.c:2432 do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 other info that might help us debug this: Chain exists of: &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&genl_data->genl_data_mutex); lock(nfc_devlist_mutex); lock(&genl_data->genl_data_mutex); lock(&ndev->req_lock); *** DEADLOCK *** 4 locks held by syz-executor.0/6772: #0: ffffffff8bdd8b50 (cb_lock){++++}-{3:3}, at: genl_rcv+0x10/0x30 net/netlink/genetlink.c:810 #1: ffffffff8bdd8c08 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline] #1: ffffffff8bdd8c08 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x317/0x490 net/netlink/genetlink.c:798 #2: ffff88803140f588 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x175/0x410 net/nfc/netlink.c:824 #3: ffff88803140f190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:737 [inline] #3: ffff88803140f190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x33/0x290 net/nfc/core.c:208 stack backtrace: CPU: 0 PID: 6772 Comm: syz-executor.0 Not tainted 5.11.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x9a/0xcc lib/dump_stack.c:120 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2117 check_prev_add kernel/locking/lockdep.c:2868 [inline] check_prevs_add kernel/locking/lockdep.c:2993 [inline] validate_chain kernel/locking/lockdep.c:3608 [inline] __lock_acquire+0x2b2a/0x5500 kernel/locking/lockdep.c:4832 lock_acquire kernel/locking/lockdep.c:5442 [inline] lock_acquire+0x1a8/0x720 kernel/locking/lockdep.c:5407 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x134/0x1110 kernel/locking/mutex.c:1103 nci_request net/nfc/nci/core.c:151 [inline] nci_set_local_general_bytes net/nfc/nci/core.c:759 [inline] nci_start_poll+0x496/0x740 net/nfc/nci/core.c:823 nfc_start_poll+0x130/0x290 net/nfc/core.c:225 nfc_genl_start_poll+0x183/0x410 net/nfc/netlink.c:826 genl_family_rcv_msg_doit+0x1e4/0x2f0 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x27d/0x490 net/netlink/genetlink.c:800 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2494 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x70e/0xbe0 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:672 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2345 ___sys_sendmsg+0xd3/0x150 net/socket.c:2399 __sys_sendmsg+0xb2/0x140 net/socket.c:2432 do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f2e67179639 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2e664cb168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f2e6729a050 RCX: 00007f2e67179639 RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000005 RBP: 00007f2e671d4ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe75f0b95f R14: 00007f2e664cb300 R15: 0000000000022000 nci: nci_start_poll: failed to set local general bytes