Warning: Permanently added '10.128.0.143' (ED25519) to the list of known hosts. Setting up swapspace version 1, size = 127995904 bytes [ 43.049603][ T3967] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 43.139735][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.141637][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.144340][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 43.159343][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.161259][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.163717][ T1530] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program [ 43.395618][ T3978] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 43.397845][ T3978] nci: nci_start_poll: failed to set local general bytes [ 48.685092][ T3978] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 48.687169][ T3978] [ 48.687718][ T3978] ====================================================== [ 48.689323][ T3978] WARNING: possible circular locking dependency detected [ 48.690945][ T3978] 5.15.148-syzkaller #0 Not tainted [ 48.692130][ T3978] ------------------------------------------------------ [ 48.693708][ T3978] syz-executor963/3978 is trying to acquire lock: [ 48.695183][ T3978] ffff800015cbc848 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 [ 48.697235][ T3978] [ 48.697235][ T3978] but task is already holding lock: [ 48.698931][ T3978] ffff0000c9058350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5dc [ 48.701027][ T3978] [ 48.701027][ T3978] which lock already depends on the new lock. [ 48.701027][ T3978] [ 48.703428][ T3978] [ 48.703428][ T3978] the existing dependency chain (in reverse order) is: [ 48.705560][ T3978] [ 48.705560][ T3978] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 48.707344][ T3978] __mutex_lock_common+0x194/0x2154 [ 48.708695][ T3978] mutex_lock_nested+0xa4/0xf8 [ 48.709948][ T3978] nci_start_poll+0x498/0x1204 [ 48.711222][ T3978] nfc_start_poll+0x164/0x2a4 [ 48.712479][ T3978] nfc_genl_start_poll+0x1b8/0x308 [ 48.713758][ T3978] genl_rcv_msg+0xc18/0x1018 [ 48.714940][ T3978] netlink_rcv_skb+0x20c/0x3b8 [ 48.716180][ T3978] genl_rcv+0x38/0x50 [ 48.717248][ T3978] netlink_unicast+0x664/0x938 [ 48.718491][ T3978] netlink_sendmsg+0x844/0xb38 [ 48.719853][ T3978] ____sys_sendmsg+0x584/0x870 [ 48.721080][ T3978] ___sys_sendmsg+0x214/0x294 [ 48.722291][ T3978] __arm64_sys_sendmsg+0x1ac/0x25c [ 48.723609][ T3978] invoke_syscall+0x98/0x2b8 [ 48.724770][ T3978] el0_svc_common+0x138/0x258 [ 48.725971][ T3978] do_el0_svc+0x58/0x14c [ 48.727087][ T3978] el0_svc+0x7c/0x1f0 [ 48.728192][ T3978] el0t_64_sync_handler+0x84/0xe4 [ 48.729493][ T3978] el0t_64_sync+0x1a0/0x1a4 [ 48.730650][ T3978] [ 48.730650][ T3978] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 48.732621][ T3978] __mutex_lock_common+0x194/0x2154 [ 48.733973][ T3978] mutex_lock_nested+0xa4/0xf8 [ 48.735194][ T3978] nfc_urelease_event_work+0xfc/0x2a8 [ 48.736656][ T3978] process_one_work+0x790/0x11b8 [ 48.737916][ T3978] worker_thread+0x910/0x1034 [ 48.739119][ T3978] kthread+0x37c/0x45c [ 48.740176][ T3978] ret_from_fork+0x10/0x20 [ 48.741310][ T3978] [ 48.741310][ T3978] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 48.743131][ T3978] __mutex_lock_common+0x194/0x2154 [ 48.744399][ T3978] mutex_lock_nested+0xa4/0xf8 [ 48.745611][ T3978] nfc_register_device+0x4c/0x310 [ 48.746842][ T3978] nci_register_device+0x6ac/0x7c4 [ 48.748163][ T3978] virtual_ncidev_open+0x6c/0xd8 [ 48.749532][ T3978] misc_open+0x2f0/0x368 [ 48.750594][ T3978] chrdev_open+0x3e8/0x4fc [ 48.751797][ T3978] do_dentry_open+0x780/0xed8 [ 48.752956][ T3978] vfs_open+0x7c/0x90 [ 48.754027][ T3978] path_openat+0x1f28/0x26f0 [ 48.755221][ T3978] do_filp_open+0x1a8/0x3b4 [ 48.756417][ T3978] do_sys_openat2+0x128/0x3d8 [ 48.757709][ T3978] __arm64_sys_openat+0x1f0/0x240 [ 48.759004][ T3978] invoke_syscall+0x98/0x2b8 [ 48.760228][ T3978] el0_svc_common+0x138/0x258 [ 48.761461][ T3978] do_el0_svc+0x58/0x14c [ 48.762575][ T3978] el0_svc+0x7c/0x1f0 [ 48.763603][ T3978] el0t_64_sync_handler+0x84/0xe4 [ 48.764874][ T3978] el0t_64_sync+0x1a0/0x1a4 [ 48.766063][ T3978] [ 48.766063][ T3978] -> #0 (nci_mutex){+.+.}-{3:3}: [ 48.767694][ T3978] __lock_acquire+0x32d4/0x7638 [ 48.768921][ T3978] lock_acquire+0x240/0x77c [ 48.770079][ T3978] __mutex_lock_common+0x194/0x2154 [ 48.771512][ T3978] mutex_lock_nested+0xa4/0xf8 [ 48.772820][ T3978] virtual_nci_close+0x28/0x58 [ 48.774021][ T3978] nci_close_device+0x304/0x5dc [ 48.775325][ T3978] nci_unregister_device+0x5c/0x22c [ 48.776648][ T3978] virtual_ncidev_close+0x70/0xb0 [ 48.777914][ T3978] __fput+0x30c/0x7f0 [ 48.778953][ T3978] ____fput+0x20/0x30 [ 48.779956][ T3978] task_work_run+0x130/0x1e4 [ 48.781148][ T3978] do_exit+0x670/0x20bc [ 48.782220][ T3978] do_group_exit+0x110/0x268 [ 48.783335][ T3978] get_signal+0x634/0x1550 [ 48.784475][ T3978] do_notify_resume+0x3d0/0x32b8 [ 48.785684][ T3978] el0_svc+0xfc/0x1f0 [ 48.786719][ T3978] el0t_64_sync_handler+0x84/0xe4 [ 48.788015][ T3978] el0t_64_sync+0x1a0/0x1a4 [ 48.789244][ T3978] [ 48.789244][ T3978] other info that might help us debug this: [ 48.789244][ T3978] [ 48.791596][ T3978] Chain exists of: [ 48.791596][ T3978] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 48.791596][ T3978] [ 48.794787][ T3978] Possible unsafe locking scenario: [ 48.794787][ T3978] [ 48.796471][ T3978] CPU0 CPU1 [ 48.797694][ T3978] ---- ---- [ 48.798919][ T3978] lock(&ndev->req_lock); [ 48.799905][ T3978] lock(&genl_data->genl_data_mutex); [ 48.801717][ T3978] lock(&ndev->req_lock); [ 48.803329][ T3978] lock(nci_mutex); [ 48.804271][ T3978] [ 48.804271][ T3978] *** DEADLOCK *** [ 48.804271][ T3978] [ 48.806142][ T3978] 1 lock held by syz-executor963/3978: [ 48.807375][ T3978] #0: ffff0000c9058350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5dc [ 48.809631][ T3978] [ 48.809631][ T3978] stack backtrace: [ 48.810969][ T3978] CPU: 1 PID: 3978 Comm: syz-executor963 Not tainted 5.15.148-syzkaller #0 [ 48.812987][ T3978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 48.815372][ T3978] Call trace: [ 48.816154][ T3978] dump_backtrace+0x0/0x530 [ 48.817173][ T3978] show_stack+0x2c/0x3c [ 48.818153][ T3978] dump_stack_lvl+0x108/0x170 [ 48.819274][ T3978] dump_stack+0x1c/0x58 [ 48.820225][ T3978] print_circular_bug+0x150/0x1b8 [ 48.821405][ T3978] check_noncircular+0x2cc/0x378 [ 48.822573][ T3978] __lock_acquire+0x32d4/0x7638 [ 48.823691][ T3978] lock_acquire+0x240/0x77c [ 48.824723][ T3978] __mutex_lock_common+0x194/0x2154 [ 48.825884][ T3978] mutex_lock_nested+0xa4/0xf8 [ 48.826985][ T3978] virtual_nci_close+0x28/0x58 [ 48.828050][ T3978] nci_close_device+0x304/0x5dc [ 48.829169][ T3978] nci_unregister_device+0x5c/0x22c [ 48.830376][ T3978] virtual_ncidev_close+0x70/0xb0 [ 48.831533][ T3978] __fput+0x30c/0x7f0 [ 48.832424][ T3978] ____fput+0x20/0x30 [ 48.833334][ T3978] task_work_run+0x130/0x1e4 [ 48.834406][ T3978] do_exit+0x670/0x20bc [ 48.835349][ T3978] do_group_exit+0x110/0x268 [ 48.836406][ T3978] get_signal+0x634/0x1550 [ 48.837469][ T3978] do_notify_resume+0x3d0/0x32b8 [ 48.838634][ T3978] el0_svc+0xfc/0x1f0 [ 48.839541][ T3978] el0t_64_sync_handler+0x84/0xe4 [ 48.840684][ T3978] el0t_64_sync+0x1a0/0x1a4