Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts. executing program [ 41.673893][ T3975] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 41.796731][ T3987] [ 41.797298][ T3987] ====================================================== [ 41.798771][ T3987] WARNING: possible circular locking dependency detected [ 41.800280][ T3987] 5.15.137-syzkaller #0 Not tainted [ 41.801322][ T3987] ------------------------------------------------------ [ 41.802839][ T3987] syz-executor253/3987 is trying to acquire lock: [ 41.804196][ T3987] ffff0000d640b350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x498/0x1204 [ 41.806115][ T3987] [ 41.806115][ T3987] but task is already holding lock: [ 41.807664][ T3987] ffff0000d640c5e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 41.809848][ T3987] [ 41.809848][ T3987] which lock already depends on the new lock. [ 41.809848][ T3987] [ 41.811989][ T3987] [ 41.811989][ T3987] the existing dependency chain (in reverse order) is: [ 41.813926][ T3987] [ 41.813926][ T3987] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 41.815806][ T3987] __mutex_lock_common+0x194/0x2154 [ 41.817042][ T3987] mutex_lock_nested+0xa4/0xf8 [ 41.818127][ T3987] nfc_urelease_event_work+0xfc/0x2a8 [ 41.819314][ T3987] process_one_work+0x790/0x11b8 [ 41.820465][ T3987] worker_thread+0x910/0x1034 [ 41.821597][ T3987] kthread+0x37c/0x45c [ 41.822563][ T3987] ret_from_fork+0x10/0x20 [ 41.823639][ T3987] [ 41.823639][ T3987] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 41.825317][ T3987] __mutex_lock_common+0x194/0x2154 [ 41.826447][ T3987] mutex_lock_nested+0xa4/0xf8 [ 41.827507][ T3987] nfc_register_device+0x4c/0x310 [ 41.828584][ T3987] nci_register_device+0x6ac/0x7c4 [ 41.829801][ T3987] virtual_ncidev_open+0x6c/0xd8 [ 41.830880][ T3987] misc_open+0x2f0/0x368 [ 41.831868][ T3987] chrdev_open+0x3e8/0x4fc [ 41.832944][ T3987] do_dentry_open+0x780/0xed8 [ 41.834052][ T3987] vfs_open+0x7c/0x90 [ 41.835041][ T3987] path_openat+0x1f28/0x26f0 [ 41.836252][ T3987] do_filp_open+0x1a8/0x3b4 [ 41.837389][ T3987] do_sys_openat2+0x128/0x3d8 [ 41.838523][ T3987] __arm64_sys_openat+0x1f0/0x240 [ 41.839689][ T3987] invoke_syscall+0x98/0x2b8 [ 41.840764][ T3987] el0_svc_common+0x138/0x258 [ 41.841850][ T3987] do_el0_svc+0x58/0x14c [ 41.842838][ T3987] el0_svc+0x7c/0x1f0 [ 41.843766][ T3987] el0t_64_sync_handler+0x84/0xe4 [ 41.844952][ T3987] el0t_64_sync+0x1a0/0x1a4 [ 41.845948][ T3987] [ 41.845948][ T3987] -> #1 (nci_mutex){+.+.}-{3:3}: [ 41.847496][ T3987] __mutex_lock_common+0x194/0x2154 [ 41.848772][ T3987] mutex_lock_nested+0xa4/0xf8 [ 41.849934][ T3987] virtual_nci_close+0x28/0x58 [ 41.851058][ T3987] nci_dev_up+0x760/0xb50 [ 41.852077][ T3987] nfc_dev_up+0x154/0x300 [ 41.853185][ T3987] nfc_genl_dev_up+0x98/0xdc [ 41.854265][ T3987] genl_rcv_msg+0xc18/0x1018 [ 41.855421][ T3987] netlink_rcv_skb+0x20c/0x3b8 [ 41.856550][ T3987] genl_rcv+0x38/0x50 [ 41.857538][ T3987] netlink_unicast+0x664/0x938 [ 41.858620][ T3987] netlink_sendmsg+0x844/0xb38 [ 41.859701][ T3987] ____sys_sendmsg+0x584/0x870 [ 41.860884][ T3987] ___sys_sendmsg+0x214/0x294 [ 41.862083][ T3987] __arm64_sys_sendmsg+0x1ac/0x25c [ 41.863261][ T3987] invoke_syscall+0x98/0x2b8 [ 41.864282][ T3987] el0_svc_common+0x138/0x258 [ 41.865360][ T3987] do_el0_svc+0x58/0x14c [ 41.866431][ T3987] el0_svc+0x7c/0x1f0 [ 41.867336][ T3987] el0t_64_sync_handler+0x84/0xe4 [ 41.868560][ T3987] el0t_64_sync+0x1a0/0x1a4 [ 41.869612][ T3987] [ 41.869612][ T3987] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 41.871306][ T3987] __lock_acquire+0x32cc/0x7620 [ 41.872515][ T3987] lock_acquire+0x240/0x77c [ 41.873555][ T3987] __mutex_lock_common+0x194/0x2154 [ 41.874746][ T3987] mutex_lock_nested+0xa4/0xf8 [ 41.875786][ T3987] nci_start_poll+0x498/0x1204 [ 41.876875][ T3987] nfc_start_poll+0x164/0x2a4 [ 41.877984][ T3987] nfc_genl_start_poll+0x1b8/0x308 [ 41.879103][ T3987] genl_rcv_msg+0xc18/0x1018 [ 41.880159][ T3987] netlink_rcv_skb+0x20c/0x3b8 [ 41.881240][ T3987] genl_rcv+0x38/0x50 [ 41.882209][ T3987] netlink_unicast+0x664/0x938 [ 41.883368][ T3987] netlink_sendmsg+0x844/0xb38 [ 41.884471][ T3987] ____sys_sendmsg+0x584/0x870 [ 41.885569][ T3987] ___sys_sendmsg+0x214/0x294 [ 41.886753][ T3987] __arm64_sys_sendmsg+0x1ac/0x25c [ 41.887860][ T3987] invoke_syscall+0x98/0x2b8 [ 41.888892][ T3987] el0_svc_common+0x138/0x258 [ 41.889989][ T3987] do_el0_svc+0x58/0x14c [ 41.890993][ T3987] el0_svc+0x7c/0x1f0 [ 41.891879][ T3987] el0t_64_sync_handler+0x84/0xe4 [ 41.892996][ T3987] el0t_64_sync+0x1a0/0x1a4 [ 41.894064][ T3987] [ 41.894064][ T3987] other info that might help us debug this: [ 41.894064][ T3987] [ 41.896153][ T3987] Chain exists of: [ 41.896153][ T3987] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 41.896153][ T3987] [ 41.899168][ T3987] Possible unsafe locking scenario: [ 41.899168][ T3987] [ 41.900801][ T3987] CPU0 CPU1 [ 41.901933][ T3987] ---- ---- [ 41.903086][ T3987] lock(&genl_data->genl_data_mutex); [ 41.904170][ T3987] lock(nfc_devlist_mutex); [ 41.905700][ T3987] lock(&genl_data->genl_data_mutex); [ 41.907359][ T3987] lock(&ndev->req_lock); [ 41.908297][ T3987] [ 41.908297][ T3987] *** DEADLOCK *** [ 41.908297][ T3987] [ 41.910054][ T3987] 4 locks held by syz-executor253/3987: [ 41.911180][ T3987] #0: ffff800016a66790 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 41.912968][ T3987] #1: ffff800016a66648 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x114/0x1018 [ 41.914872][ T3987] #2: ffff0000d640c5e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 41.917155][ T3987] #3: ffff0000d640c190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x2a4 [ 41.919103][ T3987] [ 41.919103][ T3987] stack backtrace: [ 41.920375][ T3987] CPU: 0 PID: 3987 Comm: syz-executor253 Not tainted 5.15.137-syzkaller #0 [ 41.922228][ T3987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 41.924390][ T3987] Call trace: [ 41.925078][ T3987] dump_backtrace+0x0/0x530 [ 41.926036][ T3987] show_stack+0x2c/0x3c [ 41.926958][ T3987] dump_stack_lvl+0x108/0x170 [ 41.927973][ T3987] dump_stack+0x1c/0x58 [ 41.928827][ T3987] print_circular_bug+0x150/0x1b8 [ 41.929913][ T3987] check_noncircular+0x2cc/0x378 [ 41.930945][ T3987] __lock_acquire+0x32cc/0x7620 [ 41.931928][ T3987] lock_acquire+0x240/0x77c [ 41.932890][ T3987] __mutex_lock_common+0x194/0x2154 [ 41.933968][ T3987] mutex_lock_nested+0xa4/0xf8 [ 41.935008][ T3987] nci_start_poll+0x498/0x1204 [ 41.935983][ T3987] nfc_start_poll+0x164/0x2a4 [ 41.937002][ T3987] nfc_genl_start_poll+0x1b8/0x308 [ 41.938073][ T3987] genl_rcv_msg+0xc18/0x1018 [ 41.939083][ T3987] netlink_rcv_skb+0x20c/0x3b8 [ 41.940088][ T3987] genl_rcv+0x38/0x50 [ 41.940967][ T3987] netlink_unicast+0x664/0x938 [ 41.942049][ T3987] netlink_sendmsg+0x844/0xb38 [ 41.943068][ T3987] ____sys_sendmsg+0x584/0x870 [ 41.944093][ T3987] ___sys_sendmsg+0x214/0x294 [ 41.945124][ T3987] __arm64_sys_sendmsg+0x1ac/0x25c [ 41.946238][ T3987] invoke_syscall+0x98/0x2b8 [ 41.947212][ T3987] el0_svc_common+0x138/0x258 [ 41.948253][ T3987] do_el0_svc+0x58/0x14c [ 41.949148][ T3987] el0_svc+0x7c/0x1f0 [ 41.949995][ T3987] el0t_64_sync_handler+0x84/0xe4 [ 41.951063][ T3987] el0t_64_sync+0x1a0/0x1a4 [ 41.952231][ T3987] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 41.954022][ T3987] nci: nci_start_poll: failed to set local general bytes [ 46.989358][ T3987] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 47.211605][ T3996] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 47.213467][ T3996] nci: nci_start_poll: failed to set local general bytes