Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. executing program [ 42.962684][ T3968] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 42.964588][ T3968] nci: nci_start_poll: failed to set local general bytes [ 48.020552][ T3968] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 48.022691][ T3968] [ 48.023194][ T3968] ====================================================== [ 48.024714][ T3968] WARNING: possible circular locking dependency detected [ 48.026165][ T3968] 5.15.110-syzkaller #0 Not tainted [ 48.027241][ T3968] ------------------------------------------------------ [ 48.028723][ T3968] syz-executor117/3968 is trying to acquire lock: [ 48.030082][ T3968] ffff800015c6a908 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 [ 48.031909][ T3968] [ 48.031909][ T3968] but task is already holding lock: [ 48.033608][ T3968] ffff0000c1a79350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5dc [ 48.035686][ T3968] [ 48.035686][ T3968] which lock already depends on the new lock. [ 48.035686][ T3968] [ 48.038139][ T3968] [ 48.038139][ T3968] the existing dependency chain (in reverse order) is: [ 48.040436][ T3968] [ 48.040436][ T3968] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 48.042086][ T3968] __mutex_lock_common+0x194/0x2154 [ 48.043360][ T3968] mutex_lock_nested+0xa4/0xf8 [ 48.044603][ T3968] nci_start_poll+0x498/0x1204 [ 48.045803][ T3968] nfc_start_poll+0x164/0x2a4 [ 48.046989][ T3968] nfc_genl_start_poll+0x1b8/0x308 [ 48.048260][ T3968] genl_rcv_msg+0xc18/0x1018 [ 48.049646][ T3968] netlink_rcv_skb+0x20c/0x3b8 [ 48.050686][ T3968] genl_rcv+0x38/0x50 [ 48.051632][ T3968] netlink_unicast+0x664/0x938 [ 48.052763][ T3968] netlink_sendmsg+0x844/0xb38 [ 48.053914][ T3968] ____sys_sendmsg+0x584/0x870 [ 48.055050][ T3968] ___sys_sendmsg+0x214/0x294 [ 48.056237][ T3968] __arm64_sys_sendmsg+0x1ac/0x25c [ 48.057477][ T3968] invoke_syscall+0x98/0x2b8 [ 48.058546][ T3968] el0_svc_common+0x138/0x258 [ 48.059931][ T3968] do_el0_svc+0x58/0x14c [ 48.061015][ T3968] el0_svc+0x7c/0x1f0 [ 48.062014][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 48.063271][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 48.064429][ T3968] [ 48.064429][ T3968] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 48.066384][ T3968] __mutex_lock_common+0x194/0x2154 [ 48.067594][ T3968] mutex_lock_nested+0xa4/0xf8 [ 48.068722][ T3968] nfc_urelease_event_work+0xfc/0x2a8 [ 48.070292][ T3968] process_one_work+0x790/0x11b8 [ 48.071412][ T3968] worker_thread+0x910/0x1034 [ 48.072562][ T3968] kthread+0x37c/0x45c [ 48.073606][ T3968] ret_from_fork+0x10/0x20 [ 48.074712][ T3968] [ 48.074712][ T3968] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 48.076511][ T3968] __mutex_lock_common+0x194/0x2154 [ 48.077798][ T3968] mutex_lock_nested+0xa4/0xf8 [ 48.078929][ T3968] nfc_register_device+0x4c/0x310 [ 48.080607][ T3968] nci_register_device+0x6ac/0x7c4 [ 48.081823][ T3968] virtual_ncidev_open+0x6c/0xd8 [ 48.083037][ T3968] misc_open+0x2f0/0x368 [ 48.084123][ T3968] chrdev_open+0x3e8/0x4fc [ 48.085237][ T3968] do_dentry_open+0x780/0xed8 [ 48.086423][ T3968] vfs_open+0x7c/0x90 [ 48.087393][ T3968] path_openat+0x1f28/0x26f0 [ 48.088581][ T3968] do_filp_open+0x1a8/0x3b4 [ 48.089693][ T3968] do_sys_openat2+0x128/0x3d8 [ 48.090837][ T3968] __arm64_sys_openat+0x1f0/0x240 [ 48.092050][ T3968] invoke_syscall+0x98/0x2b8 [ 48.093199][ T3968] el0_svc_common+0x138/0x258 [ 48.094362][ T3968] do_el0_svc+0x58/0x14c [ 48.095408][ T3968] el0_svc+0x7c/0x1f0 [ 48.096432][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 48.097709][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 48.098832][ T3968] [ 48.098832][ T3968] -> #0 (nci_mutex){+.+.}-{3:3}: [ 48.100397][ T3968] __lock_acquire+0x32cc/0x7620 [ 48.101601][ T3968] lock_acquire+0x240/0x77c [ 48.102736][ T3968] __mutex_lock_common+0x194/0x2154 [ 48.103961][ T3968] mutex_lock_nested+0xa4/0xf8 [ 48.105130][ T3968] virtual_nci_close+0x28/0x58 [ 48.106304][ T3968] nci_close_device+0x304/0x5dc [ 48.107510][ T3968] nci_unregister_device+0x5c/0x22c [ 48.108730][ T3968] virtual_ncidev_close+0x70/0xb0 [ 48.109945][ T3968] __fput+0x30c/0x7f0 [ 48.110926][ T3968] ____fput+0x20/0x30 [ 48.111899][ T3968] task_work_run+0x130/0x1e4 [ 48.113093][ T3968] do_exit+0x688/0x2134 [ 48.114188][ T3968] do_group_exit+0x110/0x268 [ 48.115307][ T3968] get_signal+0x634/0x1550 [ 48.116380][ T3968] do_notify_resume+0x3d0/0x32b8 [ 48.117565][ T3968] el0_svc+0xfc/0x1f0 [ 48.118623][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 48.119898][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 48.120990][ T3968] [ 48.120990][ T3968] other info that might help us debug this: [ 48.120990][ T3968] [ 48.123308][ T3968] Chain exists of: [ 48.123308][ T3968] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 48.123308][ T3968] [ 48.126286][ T3968] Possible unsafe locking scenario: [ 48.126286][ T3968] [ 48.127846][ T3968] CPU0 CPU1 [ 48.128995][ T3968] ---- ---- [ 48.130197][ T3968] lock(&ndev->req_lock); [ 48.131180][ T3968] lock(&genl_data->genl_data_mutex); [ 48.132957][ T3968] lock(&ndev->req_lock); [ 48.134481][ T3968] lock(nci_mutex); [ 48.135317][ T3968] [ 48.135317][ T3968] *** DEADLOCK *** [ 48.135317][ T3968] [ 48.137137][ T3968] 1 lock held by syz-executor117/3968: [ 48.138355][ T3968] #0: ffff0000c1a79350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5dc [ 48.140589][ T3968] [ 48.140589][ T3968] stack backtrace: [ 48.141938][ T3968] CPU: 0 PID: 3968 Comm: syz-executor117 Not tainted 5.15.110-syzkaller #0 [ 48.143795][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 48.146032][ T3968] Call trace: [ 48.146717][ T3968] dump_backtrace+0x0/0x530 [ 48.147714][ T3968] show_stack+0x2c/0x3c [ 48.148656][ T3968] dump_stack_lvl+0x108/0x170 [ 48.149755][ T3968] dump_stack+0x1c/0x58 [ 48.150702][ T3968] print_circular_bug+0x150/0x1b8 [ 48.151837][ T3968] check_noncircular+0x2cc/0x378 [ 48.153011][ T3968] __lock_acquire+0x32cc/0x7620 [ 48.154023][ T3968] lock_acquire+0x240/0x77c [ 48.155037][ T3968] __mutex_lock_common+0x194/0x2154 [ 48.156228][ T3968] mutex_lock_nested+0xa4/0xf8 [ 48.157282][ T3968] virtual_nci_close+0x28/0x58 [ 48.158310][ T3968] nci_close_device+0x304/0x5dc [ 48.159358][ T3968] nci_unregister_device+0x5c/0x22c [ 48.160503][ T3968] virtual_ncidev_close+0x70/0xb0 [ 48.161638][ T3968] __fput+0x30c/0x7f0 [ 48.162507][ T3968] ____fput+0x20/0x30 [ 48.163419][ T3968] task_work_run+0x130/0x1e4 [ 48.164487][ T3968] do_exit+0x688/0x2134 [ 48.165357][ T3968] do_group_exit+0x110/0x268 [ 48.166368][ T3968] get_signal+0x634/0x1550 [ 48.167326][ T3968] do_notify_resume+0x3d0/0x32b8 [ 48.168533][ T3968] el0_svc+0xfc/0x1f0 [ 48.169469][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 48.170611][ T3968] el0t_64_sync+0x1a0/0x1a4 executing program [ 48.402552][ T3973] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 48.625345][ T3983] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 48.627205][ T3983] nci: nci_start_poll: failed to set local general bytes [ 53.700447][ T3983] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 53.920927][ T3992] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 53.922803][ T3992] nci: nci_start_poll: failed to set local general bytes