Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. executing program [ 38.248069][ T3963] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 38.320701][ T3976] [ 38.321200][ T3976] ====================================================== [ 38.322727][ T3976] WARNING: possible circular locking dependency detected [ 38.324247][ T3976] 5.15.112-syzkaller #0 Not tainted [ 38.325352][ T3976] ------------------------------------------------------ [ 38.326872][ T3976] syz-executor364/3976 is trying to acquire lock: [ 38.328214][ T3976] ffff0000d947f350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x498/0x1204 [ 38.330273][ T3976] [ 38.330273][ T3976] but task is already holding lock: [ 38.331842][ T3976] ffff0000c8f285e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 38.334323][ T3976] [ 38.334323][ T3976] which lock already depends on the new lock. [ 38.334323][ T3976] [ 38.336761][ T3976] [ 38.336761][ T3976] the existing dependency chain (in reverse order) is: [ 38.338812][ T3976] [ 38.338812][ T3976] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 38.340701][ T3976] __mutex_lock_common+0x194/0x2154 [ 38.341998][ T3976] mutex_lock_nested+0xa4/0xf8 [ 38.343168][ T3976] nfc_urelease_event_work+0xfc/0x2a8 [ 38.344442][ T3976] process_one_work+0x790/0x11b8 [ 38.345663][ T3976] worker_thread+0x910/0x1034 [ 38.346806][ T3976] kthread+0x37c/0x45c [ 38.347826][ T3976] ret_from_fork+0x10/0x20 [ 38.348873][ T3976] [ 38.348873][ T3976] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 38.350562][ T3976] __mutex_lock_common+0x194/0x2154 [ 38.351756][ T3976] mutex_lock_nested+0xa4/0xf8 [ 38.352881][ T3976] nfc_register_device+0x4c/0x310 [ 38.354088][ T3976] nci_register_device+0x6ac/0x7c4 [ 38.355286][ T3976] virtual_ncidev_open+0x6c/0xd8 [ 38.356496][ T3976] misc_open+0x2f0/0x368 [ 38.357513][ T3976] chrdev_open+0x3e8/0x4fc [ 38.358608][ T3976] do_dentry_open+0x780/0xed8 [ 38.359750][ T3976] vfs_open+0x7c/0x90 [ 38.360782][ T3976] path_openat+0x1f28/0x26f0 [ 38.361883][ T3976] do_filp_open+0x1a8/0x3b4 [ 38.362980][ T3976] do_sys_openat2+0x128/0x3d8 [ 38.364111][ T3976] __arm64_sys_openat+0x1f0/0x240 [ 38.365343][ T3976] invoke_syscall+0x98/0x2b8 [ 38.366495][ T3976] el0_svc_common+0x138/0x258 [ 38.367641][ T3976] do_el0_svc+0x58/0x14c [ 38.368697][ T3976] el0_svc+0x7c/0x1f0 [ 38.369677][ T3976] el0t_64_sync_handler+0x84/0xe4 [ 38.370919][ T3976] el0t_64_sync+0x1a0/0x1a4 [ 38.372047][ T3976] [ 38.372047][ T3976] -> #1 (nci_mutex){+.+.}-{3:3}: [ 38.373607][ T3976] __mutex_lock_common+0x194/0x2154 [ 38.374840][ T3976] mutex_lock_nested+0xa4/0xf8 [ 38.376033][ T3976] virtual_nci_close+0x28/0x58 [ 38.377164][ T3976] nci_dev_up+0x760/0xb50 [ 38.378214][ T3976] nfc_dev_up+0x154/0x300 [ 38.379346][ T3976] nfc_genl_dev_up+0x98/0xdc [ 38.380475][ T3976] genl_rcv_msg+0xc18/0x1018 [ 38.381632][ T3976] netlink_rcv_skb+0x20c/0x3b8 [ 38.382806][ T3976] genl_rcv+0x38/0x50 [ 38.383865][ T3976] netlink_unicast+0x664/0x938 [ 38.385020][ T3976] netlink_sendmsg+0x844/0xb38 [ 38.386207][ T3976] ____sys_sendmsg+0x584/0x870 [ 38.387375][ T3976] ___sys_sendmsg+0x214/0x294 [ 38.388512][ T3976] __arm64_sys_sendmsg+0x1ac/0x25c [ 38.389703][ T3976] invoke_syscall+0x98/0x2b8 [ 38.390857][ T3976] el0_svc_common+0x138/0x258 [ 38.392039][ T3976] do_el0_svc+0x58/0x14c [ 38.393089][ T3976] el0_svc+0x7c/0x1f0 [ 38.394113][ T3976] el0t_64_sync_handler+0x84/0xe4 [ 38.395357][ T3976] el0t_64_sync+0x1a0/0x1a4 [ 38.396467][ T3976] [ 38.396467][ T3976] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 38.398132][ T3976] __lock_acquire+0x32cc/0x7620 [ 38.399337][ T3976] lock_acquire+0x240/0x77c [ 38.400433][ T3976] __mutex_lock_common+0x194/0x2154 [ 38.401708][ T3976] mutex_lock_nested+0xa4/0xf8 [ 38.402923][ T3976] nci_start_poll+0x498/0x1204 [ 38.404059][ T3976] nfc_start_poll+0x164/0x2a4 [ 38.405171][ T3976] nfc_genl_start_poll+0x1b8/0x308 [ 38.406387][ T3976] genl_rcv_msg+0xc18/0x1018 [ 38.407484][ T3976] netlink_rcv_skb+0x20c/0x3b8 [ 38.408677][ T3976] genl_rcv+0x38/0x50 [ 38.409619][ T3976] netlink_unicast+0x664/0x938 [ 38.410802][ T3976] netlink_sendmsg+0x844/0xb38 [ 38.411936][ T3976] ____sys_sendmsg+0x584/0x870 [ 38.413113][ T3976] ___sys_sendmsg+0x214/0x294 [ 38.414256][ T3976] __arm64_sys_sendmsg+0x1ac/0x25c [ 38.415509][ T3976] invoke_syscall+0x98/0x2b8 [ 38.416654][ T3976] el0_svc_common+0x138/0x258 [ 38.417810][ T3976] do_el0_svc+0x58/0x14c [ 38.418884][ T3976] el0_svc+0x7c/0x1f0 [ 38.419880][ T3976] el0t_64_sync_handler+0x84/0xe4 [ 38.421124][ T3976] el0t_64_sync+0x1a0/0x1a4 [ 38.422287][ T3976] [ 38.422287][ T3976] other info that might help us debug this: [ 38.422287][ T3976] [ 38.424540][ T3976] Chain exists of: [ 38.424540][ T3976] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 38.424540][ T3976] [ 38.427675][ T3976] Possible unsafe locking scenario: [ 38.427675][ T3976] [ 38.429306][ T3976] CPU0 CPU1 [ 38.430483][ T3976] ---- ---- [ 38.431599][ T3976] lock(&genl_data->genl_data_mutex); [ 38.432792][ T3976] lock(nfc_devlist_mutex); [ 38.434314][ T3976] lock(&genl_data->genl_data_mutex); [ 38.436043][ T3976] lock(&ndev->req_lock); [ 38.437023][ T3976] [ 38.437023][ T3976] *** DEADLOCK *** [ 38.437023][ T3976] [ 38.438819][ T3976] 4 locks held by syz-executor364/3976: [ 38.440007][ T3976] #0: ffff800016a13310 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 38.441763][ T3976] #1: ffff800016a131c8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x114/0x1018 [ 38.443697][ T3976] #2: ffff0000c8f285e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 38.446135][ T3976] #3: ffff0000c8f28190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x2a4 [ 38.448164][ T3976] [ 38.448164][ T3976] stack backtrace: [ 38.449422][ T3976] CPU: 1 PID: 3976 Comm: syz-executor364 Not tainted 5.15.112-syzkaller #0 [ 38.451261][ T3976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 38.453545][ T3976] Call trace: [ 38.454230][ T3976] dump_backtrace+0x0/0x530 [ 38.455269][ T3976] show_stack+0x2c/0x3c [ 38.456128][ T3976] dump_stack_lvl+0x108/0x170 [ 38.457163][ T3976] dump_stack+0x1c/0x58 [ 38.458058][ T3976] print_circular_bug+0x150/0x1b8 [ 38.459273][ T3976] check_noncircular+0x2cc/0x378 [ 38.460345][ T3976] __lock_acquire+0x32cc/0x7620 [ 38.461359][ T3976] lock_acquire+0x240/0x77c [ 38.462401][ T3976] __mutex_lock_common+0x194/0x2154 [ 38.463664][ T3976] mutex_lock_nested+0xa4/0xf8 [ 38.464742][ T3976] nci_start_poll+0x498/0x1204 [ 38.465828][ T3976] nfc_start_poll+0x164/0x2a4 [ 38.466868][ T3976] nfc_genl_start_poll+0x1b8/0x308 [ 38.467952][ T3976] genl_rcv_msg+0xc18/0x1018 [ 38.468972][ T3976] netlink_rcv_skb+0x20c/0x3b8 [ 38.470064][ T3976] genl_rcv+0x38/0x50 [ 38.470930][ T3976] netlink_unicast+0x664/0x938 [ 38.471981][ T3976] netlink_sendmsg+0x844/0xb38 [ 38.473008][ T3976] ____sys_sendmsg+0x584/0x870 [ 38.474111][ T3976] ___sys_sendmsg+0x214/0x294 [ 38.475123][ T3976] __arm64_sys_sendmsg+0x1ac/0x25c [ 38.476185][ T3976] invoke_syscall+0x98/0x2b8 [ 38.477123][ T3976] el0_svc_common+0x138/0x258 [ 38.478089][ T3976] do_el0_svc+0x58/0x14c [ 38.478938][ T3976] el0_svc+0x7c/0x1f0 [ 38.479802][ T3976] el0t_64_sync_handler+0x84/0xe4 [ 38.480866][ T3976] el0t_64_sync+0x1a0/0x1a4 [ 38.595069][ T3976] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 38.597009][ T3976] nci: nci_start_poll: failed to set local general bytes [ 43.618772][ T3976] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 43.840420][ T3984] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 43.842259][ T3984] nci: nci_start_poll: failed to set local general bytes