Warning: Permanently added '10.128.0.238' (ECDSA) to the list of known hosts. executing program [ 44.963648][ T3964] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 45.036619][ T3976] [ 45.037177][ T3976] ====================================================== [ 45.038728][ T3976] WARNING: possible circular locking dependency detected [ 45.040243][ T3976] 5.15.112-syzkaller #0 Not tainted [ 45.041334][ T3976] ------------------------------------------------------ [ 45.042838][ T3976] syz-executor123/3976 is trying to acquire lock: [ 45.044117][ T3976] ffff0000c8ba4350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x498/0x1204 [ 45.046036][ T3976] [ 45.046036][ T3976] but task is already holding lock: [ 45.047707][ T3976] ffff0000c8ba55e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 45.049988][ T3976] [ 45.049988][ T3976] which lock already depends on the new lock. [ 45.049988][ T3976] [ 45.052279][ T3976] [ 45.052279][ T3976] the existing dependency chain (in reverse order) is: [ 45.054147][ T3976] [ 45.054147][ T3976] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 45.056030][ T3976] __mutex_lock_common+0x194/0x2154 [ 45.057248][ T3976] mutex_lock_nested+0xa4/0xf8 [ 45.058346][ T3976] nfc_urelease_event_work+0xfc/0x2a8 [ 45.059555][ T3976] process_one_work+0x790/0x11b8 [ 45.060652][ T3976] worker_thread+0x910/0x1034 [ 45.061730][ T3976] kthread+0x37c/0x45c [ 45.062653][ T3976] ret_from_fork+0x10/0x20 [ 45.063631][ T3976] [ 45.063631][ T3976] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 45.065363][ T3976] __mutex_lock_common+0x194/0x2154 [ 45.066601][ T3976] mutex_lock_nested+0xa4/0xf8 [ 45.067693][ T3976] nfc_register_device+0x4c/0x310 [ 45.068971][ T3976] nci_register_device+0x6ac/0x7c4 [ 45.070132][ T3976] virtual_ncidev_open+0x6c/0xd8 [ 45.071298][ T3976] misc_open+0x2f0/0x368 [ 45.072305][ T3976] chrdev_open+0x3e8/0x4fc [ 45.073281][ T3976] do_dentry_open+0x780/0xed8 [ 45.074324][ T3976] vfs_open+0x7c/0x90 [ 45.075325][ T3976] path_openat+0x1f28/0x26f0 [ 45.076442][ T3976] do_filp_open+0x1a8/0x3b4 [ 45.077502][ T3976] do_sys_openat2+0x128/0x3d8 [ 45.078578][ T3976] __arm64_sys_openat+0x1f0/0x240 [ 45.079732][ T3976] invoke_syscall+0x98/0x2b8 [ 45.080826][ T3976] el0_svc_common+0x138/0x258 [ 45.081974][ T3976] do_el0_svc+0x58/0x14c [ 45.082931][ T3976] el0_svc+0x7c/0x1f0 [ 45.083860][ T3976] el0t_64_sync_handler+0x84/0xe4 [ 45.085060][ T3976] el0t_64_sync+0x1a0/0x1a4 [ 45.086133][ T3976] [ 45.086133][ T3976] -> #1 (nci_mutex){+.+.}-{3:3}: [ 45.087707][ T3976] __mutex_lock_common+0x194/0x2154 [ 45.088888][ T3976] mutex_lock_nested+0xa4/0xf8 [ 45.089987][ T3976] virtual_nci_close+0x28/0x58 [ 45.091136][ T3976] nci_dev_up+0x760/0xb50 [ 45.092123][ T3976] nfc_dev_up+0x154/0x300 [ 45.093087][ T3976] nfc_genl_dev_up+0x98/0xdc [ 45.094160][ T3976] genl_rcv_msg+0xc18/0x1018 [ 45.095313][ T3976] netlink_rcv_skb+0x20c/0x3b8 [ 45.096372][ T3976] genl_rcv+0x38/0x50 [ 45.097311][ T3976] netlink_unicast+0x664/0x938 [ 45.098479][ T3976] netlink_sendmsg+0x844/0xb38 [ 45.099500][ T3976] ____sys_sendmsg+0x584/0x870 [ 45.100661][ T3976] ___sys_sendmsg+0x214/0x294 [ 45.101703][ T3976] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.102962][ T3976] invoke_syscall+0x98/0x2b8 [ 45.104052][ T3976] el0_svc_common+0x138/0x258 [ 45.105202][ T3976] do_el0_svc+0x58/0x14c [ 45.106146][ T3976] el0_svc+0x7c/0x1f0 [ 45.107076][ T3976] el0t_64_sync_handler+0x84/0xe4 [ 45.108276][ T3976] el0t_64_sync+0x1a0/0x1a4 [ 45.109363][ T3976] [ 45.109363][ T3976] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 45.110988][ T3976] __lock_acquire+0x32cc/0x7620 [ 45.112143][ T3976] lock_acquire+0x240/0x77c [ 45.113177][ T3976] __mutex_lock_common+0x194/0x2154 [ 45.114456][ T3976] mutex_lock_nested+0xa4/0xf8 [ 45.115630][ T3976] nci_start_poll+0x498/0x1204 [ 45.116766][ T3976] nfc_start_poll+0x164/0x2a4 [ 45.117853][ T3976] nfc_genl_start_poll+0x1b8/0x308 [ 45.119010][ T3976] genl_rcv_msg+0xc18/0x1018 [ 45.120129][ T3976] netlink_rcv_skb+0x20c/0x3b8 [ 45.121262][ T3976] genl_rcv+0x38/0x50 [ 45.122171][ T3976] netlink_unicast+0x664/0x938 [ 45.123282][ T3976] netlink_sendmsg+0x844/0xb38 [ 45.124413][ T3976] ____sys_sendmsg+0x584/0x870 [ 45.125624][ T3976] ___sys_sendmsg+0x214/0x294 [ 45.126689][ T3976] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.127848][ T3976] invoke_syscall+0x98/0x2b8 [ 45.128873][ T3976] el0_svc_common+0x138/0x258 [ 45.129926][ T3976] do_el0_svc+0x58/0x14c [ 45.130925][ T3976] el0_svc+0x7c/0x1f0 [ 45.131995][ T3976] el0t_64_sync_handler+0x84/0xe4 [ 45.133173][ T3976] el0t_64_sync+0x1a0/0x1a4 [ 45.134188][ T3976] [ 45.134188][ T3976] other info that might help us debug this: [ 45.134188][ T3976] [ 45.136430][ T3976] Chain exists of: [ 45.136430][ T3976] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 45.136430][ T3976] [ 45.139409][ T3976] Possible unsafe locking scenario: [ 45.139409][ T3976] [ 45.141046][ T3976] CPU0 CPU1 [ 45.142141][ T3976] ---- ---- [ 45.143275][ T3976] lock(&genl_data->genl_data_mutex); [ 45.144460][ T3976] lock(nfc_devlist_mutex); [ 45.145912][ T3976] lock(&genl_data->genl_data_mutex); [ 45.147624][ T3976] lock(&ndev->req_lock); [ 45.148581][ T3976] [ 45.148581][ T3976] *** DEADLOCK *** [ 45.148581][ T3976] [ 45.150349][ T3976] 4 locks held by syz-executor123/3976: [ 45.151503][ T3976] #0: ffff800016a13310 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 45.153349][ T3976] #1: ffff800016a131c8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x114/0x1018 [ 45.155294][ T3976] #2: ffff0000c8ba55e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 45.157702][ T3976] #3: ffff0000c8ba5190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x2a4 [ 45.159691][ T3976] [ 45.159691][ T3976] stack backtrace: [ 45.160949][ T3976] CPU: 0 PID: 3976 Comm: syz-executor123 Not tainted 5.15.112-syzkaller #0 [ 45.162774][ T3976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 45.164966][ T3976] Call trace: [ 45.165688][ T3976] dump_backtrace+0x0/0x530 [ 45.166582][ T3976] show_stack+0x2c/0x3c [ 45.167476][ T3976] dump_stack_lvl+0x108/0x170 [ 45.168491][ T3976] dump_stack+0x1c/0x58 [ 45.169364][ T3976] print_circular_bug+0x150/0x1b8 [ 45.170454][ T3976] check_noncircular+0x2cc/0x378 [ 45.171511][ T3976] __lock_acquire+0x32cc/0x7620 [ 45.172482][ T3976] lock_acquire+0x240/0x77c [ 45.173536][ T3976] __mutex_lock_common+0x194/0x2154 [ 45.174623][ T3976] mutex_lock_nested+0xa4/0xf8 [ 45.175605][ T3976] nci_start_poll+0x498/0x1204 [ 45.176653][ T3976] nfc_start_poll+0x164/0x2a4 [ 45.177604][ T3976] nfc_genl_start_poll+0x1b8/0x308 [ 45.178758][ T3976] genl_rcv_msg+0xc18/0x1018 [ 45.179734][ T3976] netlink_rcv_skb+0x20c/0x3b8 [ 45.180730][ T3976] genl_rcv+0x38/0x50 [ 45.181578][ T3976] netlink_unicast+0x664/0x938 [ 45.182590][ T3976] netlink_sendmsg+0x844/0xb38 [ 45.183591][ T3976] ____sys_sendmsg+0x584/0x870 [ 45.184553][ T3976] ___sys_sendmsg+0x214/0x294 [ 45.185542][ T3976] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.186641][ T3976] invoke_syscall+0x98/0x2b8 [ 45.187582][ T3976] el0_svc_common+0x138/0x258 [ 45.188635][ T3976] do_el0_svc+0x58/0x14c [ 45.189517][ T3976] el0_svc+0x7c/0x1f0 [ 45.190340][ T3976] el0t_64_sync_handler+0x84/0xe4 [ 45.191342][ T3976] el0t_64_sync+0x1a0/0x1a4 [ 45.198042][ T3976] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 45.199896][ T3976] nci: nci_start_poll: failed to set local general bytes [ 50.266264][ T3976] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 50.488153][ T3984] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 50.490015][ T3984] nci: nci_start_poll: failed to set local general bytes