Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.197021][ T4219] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 35.268748][ T4227] [ 35.269367][ T4227] ====================================================== [ 35.270817][ T4227] WARNING: possible circular locking dependency detected [ 35.272248][ T4227] 6.1.27-syzkaller #0 Not tainted [ 35.273271][ T4227] ------------------------------------------------------ [ 35.274646][ T4227] syz-executor906/4227 is trying to acquire lock: [ 35.275861][ T4227] ffff0000c4c79350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x498/0x1204 [ 35.277628][ T4227] [ 35.277628][ T4227] but task is already holding lock: [ 35.279179][ T4227] ffff0000c4ba0520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 35.281196][ T4227] [ 35.281196][ T4227] which lock already depends on the new lock. [ 35.281196][ T4227] [ 35.283369][ T4227] [ 35.283369][ T4227] the existing dependency chain (in reverse order) is: [ 35.285093][ T4227] [ 35.285093][ T4227] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 35.286911][ T4227] __mutex_lock_common+0x190/0x21a0 [ 35.288050][ T4227] mutex_lock_nested+0x38/0x44 [ 35.289150][ T4227] nfc_urelease_event_work+0xfc/0x2a8 [ 35.290356][ T4227] process_one_work+0x7ac/0x1404 [ 35.291469][ T4227] worker_thread+0x8e4/0xfec [ 35.292494][ T4227] kthread+0x250/0x2d8 [ 35.293428][ T4227] ret_from_fork+0x10/0x20 [ 35.294418][ T4227] [ 35.294418][ T4227] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 35.295977][ T4227] __mutex_lock_common+0x190/0x21a0 [ 35.297129][ T4227] mutex_lock_nested+0x38/0x44 [ 35.298193][ T4227] nfc_register_device+0x4c/0x310 [ 35.299330][ T4227] nci_register_device+0x6ac/0x7c4 [ 35.300500][ T4227] virtual_ncidev_open+0x6c/0xd8 [ 35.301604][ T4227] misc_open+0x2f0/0x368 [ 35.302591][ T4227] chrdev_open+0x3e8/0x4fc [ 35.303585][ T4227] do_dentry_open+0x734/0xfa0 [ 35.304630][ T4227] vfs_open+0x7c/0x90 [ 35.305500][ T4227] path_openat+0x1e14/0x2548 [ 35.306562][ T4227] do_filp_open+0x1bc/0x3cc [ 35.307599][ T4227] do_sys_openat2+0x128/0x3d8 [ 35.308652][ T4227] __arm64_sys_openat+0x1f0/0x240 [ 35.309811][ T4227] invoke_syscall+0x98/0x2c0 [ 35.310887][ T4227] el0_svc_common+0x138/0x258 [ 35.311904][ T4227] do_el0_svc+0x64/0x218 [ 35.312877][ T4227] el0_svc+0x58/0x168 [ 35.313796][ T4227] el0t_64_sync_handler+0x84/0xf0 [ 35.314914][ T4227] el0t_64_sync+0x18c/0x190 [ 35.315877][ T4227] [ 35.315877][ T4227] -> #1 (nci_mutex){+.+.}-{3:3}: [ 35.317307][ T4227] __mutex_lock_common+0x190/0x21a0 [ 35.318481][ T4227] mutex_lock_nested+0x38/0x44 [ 35.319555][ T4227] virtual_nci_close+0x28/0x58 [ 35.320601][ T4227] nci_dev_up+0x754/0xb10 [ 35.321556][ T4227] nfc_dev_up+0x154/0x300 [ 35.322540][ T4227] nfc_genl_dev_up+0x98/0xdc [ 35.323518][ T4227] genl_rcv_msg+0x948/0xc2c [ 35.324577][ T4227] netlink_rcv_skb+0x20c/0x3b8 [ 35.325659][ T4227] genl_rcv+0x38/0x50 [ 35.326548][ T4227] netlink_unicast+0x660/0x8d4 [ 35.327648][ T4227] netlink_sendmsg+0x834/0xb18 [ 35.328690][ T4227] ____sys_sendmsg+0x558/0x844 [ 35.329740][ T4227] __sys_sendmsg+0x26c/0x33c [ 35.330762][ T4227] __arm64_sys_sendmsg+0x80/0x94 [ 35.331865][ T4227] invoke_syscall+0x98/0x2c0 [ 35.332907][ T4227] el0_svc_common+0x138/0x258 [ 35.333942][ T4227] do_el0_svc+0x64/0x218 [ 35.334903][ T4227] el0_svc+0x58/0x168 [ 35.335764][ T4227] el0t_64_sync_handler+0x84/0xf0 [ 35.337062][ T4227] el0t_64_sync+0x18c/0x190 [ 35.338202][ T4227] [ 35.338202][ T4227] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 35.339761][ T4227] __lock_acquire+0x3338/0x764c [ 35.340777][ T4227] lock_acquire+0x26c/0x7cc [ 35.341788][ T4227] __mutex_lock_common+0x190/0x21a0 [ 35.342968][ T4227] mutex_lock_nested+0x38/0x44 [ 35.344013][ T4227] nci_start_poll+0x498/0x1204 [ 35.345154][ T4227] nfc_start_poll+0x164/0x2a4 [ 35.346185][ T4227] nfc_genl_start_poll+0x1b8/0x308 [ 35.347375][ T4227] genl_rcv_msg+0x948/0xc2c [ 35.348348][ T4227] netlink_rcv_skb+0x20c/0x3b8 [ 35.349460][ T4227] genl_rcv+0x38/0x50 [ 35.350422][ T4227] netlink_unicast+0x660/0x8d4 [ 35.351525][ T4227] netlink_sendmsg+0x834/0xb18 [ 35.352624][ T4227] ____sys_sendmsg+0x558/0x844 [ 35.353679][ T4227] __sys_sendmsg+0x26c/0x33c [ 35.354757][ T4227] __arm64_sys_sendmsg+0x80/0x94 [ 35.355845][ T4227] invoke_syscall+0x98/0x2c0 [ 35.356891][ T4227] el0_svc_common+0x138/0x258 [ 35.358061][ T4227] do_el0_svc+0x64/0x218 [ 35.359088][ T4227] el0_svc+0x58/0x168 [ 35.360067][ T4227] el0t_64_sync_handler+0x84/0xf0 [ 35.361198][ T4227] el0t_64_sync+0x18c/0x190 [ 35.362279][ T4227] [ 35.362279][ T4227] other info that might help us debug this: [ 35.362279][ T4227] [ 35.364402][ T4227] Chain exists of: [ 35.364402][ T4227] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 35.364402][ T4227] [ 35.367362][ T4227] Possible unsafe locking scenario: [ 35.367362][ T4227] [ 35.368929][ T4227] CPU0 CPU1 [ 35.370115][ T4227] ---- ---- [ 35.371205][ T4227] lock(&genl_data->genl_data_mutex); [ 35.372306][ T4227] lock(nfc_devlist_mutex); [ 35.373690][ T4227] lock(&genl_data->genl_data_mutex); [ 35.375280][ T4227] lock(&ndev->req_lock); [ 35.376172][ T4227] [ 35.376172][ T4227] *** DEADLOCK *** [ 35.376172][ T4227] [ 35.377825][ T4227] 4 locks held by syz-executor906/4227: [ 35.379045][ T4227] #0: ffff800017bbf050 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 35.380769][ T4227] #1: ffff800017bbef08 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x114/0xc2c [ 35.382654][ T4227] #2: ffff0000c4ba0520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 35.385025][ T4227] #3: ffff0000c4ba0100 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x2a4 [ 35.386974][ T4227] [ 35.386974][ T4227] stack backtrace: [ 35.388194][ T4227] CPU: 0 PID: 4227 Comm: syz-executor906 Not tainted 6.1.27-syzkaller #0 [ 35.389895][ T4227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 35.392062][ T4227] Call trace: [ 35.392738][ T4227] dump_backtrace+0x1c8/0x1f4 [ 35.393716][ T4227] show_stack+0x2c/0x3c [ 35.394615][ T4227] dump_stack_lvl+0x108/0x170 [ 35.395545][ T4227] dump_stack+0x1c/0x5c [ 35.396396][ T4227] print_circular_bug+0x150/0x1b8 [ 35.397409][ T4227] check_noncircular+0x2cc/0x378 [ 35.398453][ T4227] __lock_acquire+0x3338/0x764c [ 35.399405][ T4227] lock_acquire+0x26c/0x7cc [ 35.400338][ T4227] __mutex_lock_common+0x190/0x21a0 [ 35.401414][ T4227] mutex_lock_nested+0x38/0x44 [ 35.402317][ T4227] nci_start_poll+0x498/0x1204 [ 35.403276][ T4227] nfc_start_poll+0x164/0x2a4 [ 35.404252][ T4227] nfc_genl_start_poll+0x1b8/0x308 [ 35.405371][ T4227] genl_rcv_msg+0x948/0xc2c [ 35.406292][ T4227] netlink_rcv_skb+0x20c/0x3b8 [ 35.407297][ T4227] genl_rcv+0x38/0x50 [ 35.408095][ T4227] netlink_unicast+0x660/0x8d4 [ 35.409135][ T4227] netlink_sendmsg+0x834/0xb18 [ 35.410069][ T4227] ____sys_sendmsg+0x558/0x844 [ 35.411021][ T4227] __sys_sendmsg+0x26c/0x33c [ 35.411946][ T4227] __arm64_sys_sendmsg+0x80/0x94 [ 35.412939][ T4227] invoke_syscall+0x98/0x2c0 [ 35.413867][ T4227] el0_svc_common+0x138/0x258 [ 35.414850][ T4227] do_el0_svc+0x64/0x218 [ 35.415743][ T4227] el0_svc+0x58/0x168 [ 35.416537][ T4227] el0t_64_sync_handler+0x84/0xf0 [ 35.417598][ T4227] el0t_64_sync+0x18c/0x190 [ 35.530066][ T4227] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 35.532038][ T4227] nci: nci_start_poll: failed to set local general bytes [ 40.557977][ T4227] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 40.780369][ T4239] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 40.782251][ T4239] nci: nci_start_poll: failed to set local general bytes