Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.225938][ T3966] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 39.459607][ T3975] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 39.692516][ T3982] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 39.762837][ T3989] [ 39.763332][ T3989] ====================================================== [ 39.764733][ T3989] WARNING: possible circular locking dependency detected [ 39.766146][ T3989] 5.15.110-syzkaller #0 Not tainted [ 39.767337][ T3989] ------------------------------------------------------ [ 39.768744][ T3989] syz-executor790/3989 is trying to acquire lock: [ 39.770123][ T3989] ffff0000cde43350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x498/0x1204 [ 39.772036][ T3989] [ 39.772036][ T3989] but task is already holding lock: [ 39.773531][ T3989] ffff0000cde445e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 39.775702][ T3989] [ 39.775702][ T3989] which lock already depends on the new lock. [ 39.775702][ T3989] [ 39.777963][ T3989] [ 39.777963][ T3989] the existing dependency chain (in reverse order) is: [ 39.779814][ T3989] [ 39.779814][ T3989] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 39.781748][ T3989] __mutex_lock_common+0x194/0x2154 [ 39.782873][ T3989] mutex_lock_nested+0xa4/0xf8 [ 39.783979][ T3989] nfc_urelease_event_work+0xfc/0x2a8 [ 39.785311][ T3989] process_one_work+0x790/0x11b8 [ 39.786453][ T3989] worker_thread+0x910/0x1034 [ 39.787506][ T3989] kthread+0x37c/0x45c [ 39.788549][ T3989] ret_from_fork+0x10/0x20 [ 39.789631][ T3989] [ 39.789631][ T3989] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 39.791229][ T3989] __mutex_lock_common+0x194/0x2154 [ 39.792473][ T3989] mutex_lock_nested+0xa4/0xf8 [ 39.793668][ T3989] nfc_register_device+0x4c/0x310 [ 39.794857][ T3989] nci_register_device+0x6ac/0x7c4 [ 39.796138][ T3989] virtual_ncidev_open+0x6c/0xd8 [ 39.797319][ T3989] misc_open+0x2f0/0x368 [ 39.798409][ T3989] chrdev_open+0x3e8/0x4fc [ 39.799459][ T3989] do_dentry_open+0x780/0xed8 [ 39.800540][ T3989] vfs_open+0x7c/0x90 [ 39.801471][ T3989] path_openat+0x1f28/0x26f0 [ 39.802524][ T3989] do_filp_open+0x1a8/0x3b4 [ 39.803487][ T3989] do_sys_openat2+0x128/0x3d8 [ 39.804502][ T3989] __arm64_sys_openat+0x1f0/0x240 [ 39.805691][ T3989] invoke_syscall+0x98/0x2b8 [ 39.806762][ T3989] el0_svc_common+0x138/0x258 [ 39.807830][ T3989] do_el0_svc+0x58/0x14c [ 39.808811][ T3989] el0_svc+0x7c/0x1f0 [ 39.809754][ T3989] el0t_64_sync_handler+0x84/0xe4 [ 39.810908][ T3989] el0t_64_sync+0x1a0/0x1a4 [ 39.811957][ T3989] [ 39.811957][ T3989] -> #1 (nci_mutex){+.+.}-{3:3}: [ 39.813419][ T3989] __mutex_lock_common+0x194/0x2154 [ 39.814560][ T3989] mutex_lock_nested+0xa4/0xf8 [ 39.815697][ T3989] virtual_nci_close+0x28/0x58 [ 39.816770][ T3989] nci_dev_up+0x760/0xb50 [ 39.817836][ T3989] nfc_dev_up+0x154/0x300 [ 39.818849][ T3989] nfc_genl_dev_up+0x98/0xdc [ 39.819891][ T3989] genl_rcv_msg+0xc18/0x1018 [ 39.821063][ T3989] netlink_rcv_skb+0x20c/0x3b8 [ 39.822081][ T3989] genl_rcv+0x38/0x50 [ 39.823023][ T3989] netlink_unicast+0x664/0x938 [ 39.824097][ T3989] netlink_sendmsg+0x844/0xb38 [ 39.825235][ T3989] ____sys_sendmsg+0x584/0x870 [ 39.826338][ T3989] ___sys_sendmsg+0x214/0x294 [ 39.827433][ T3989] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.828728][ T3989] invoke_syscall+0x98/0x2b8 [ 39.829780][ T3989] el0_svc_common+0x138/0x258 [ 39.830918][ T3989] do_el0_svc+0x58/0x14c [ 39.831888][ T3989] el0_svc+0x7c/0x1f0 [ 39.832873][ T3989] el0t_64_sync_handler+0x84/0xe4 [ 39.834098][ T3989] el0t_64_sync+0x1a0/0x1a4 [ 39.835189][ T3989] [ 39.835189][ T3989] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 39.836824][ T3989] __lock_acquire+0x32cc/0x7620 [ 39.838026][ T3989] lock_acquire+0x240/0x77c [ 39.839083][ T3989] __mutex_lock_common+0x194/0x2154 [ 39.840269][ T3989] mutex_lock_nested+0xa4/0xf8 [ 39.841370][ T3989] nci_start_poll+0x498/0x1204 [ 39.842544][ T3989] nfc_start_poll+0x164/0x2a4 [ 39.843537][ T3989] nfc_genl_start_poll+0x1b8/0x308 [ 39.844718][ T3989] genl_rcv_msg+0xc18/0x1018 [ 39.845816][ T3989] netlink_rcv_skb+0x20c/0x3b8 [ 39.846866][ T3989] genl_rcv+0x38/0x50 [ 39.847811][ T3989] netlink_unicast+0x664/0x938 [ 39.848958][ T3989] netlink_sendmsg+0x844/0xb38 [ 39.850065][ T3989] ____sys_sendmsg+0x584/0x870 [ 39.851127][ T3989] ___sys_sendmsg+0x214/0x294 [ 39.852178][ T3989] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.853290][ T3989] invoke_syscall+0x98/0x2b8 [ 39.854451][ T3989] el0_svc_common+0x138/0x258 [ 39.855554][ T3989] do_el0_svc+0x58/0x14c [ 39.856585][ T3989] el0_svc+0x7c/0x1f0 [ 39.857494][ T3989] el0t_64_sync_handler+0x84/0xe4 [ 39.858540][ T3989] el0t_64_sync+0x1a0/0x1a4 [ 39.859573][ T3989] [ 39.859573][ T3989] other info that might help us debug this: [ 39.859573][ T3989] [ 39.861668][ T3989] Chain exists of: [ 39.861668][ T3989] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 39.861668][ T3989] [ 39.864693][ T3989] Possible unsafe locking scenario: [ 39.864693][ T3989] [ 39.866281][ T3989] CPU0 CPU1 [ 39.867396][ T3989] ---- ---- [ 39.868434][ T3989] lock(&genl_data->genl_data_mutex); [ 39.869537][ T3989] lock(nfc_devlist_mutex); [ 39.871013][ T3989] lock(&genl_data->genl_data_mutex); [ 39.872644][ T3989] lock(&ndev->req_lock); [ 39.873606][ T3989] [ 39.873606][ T3989] *** DEADLOCK *** [ 39.873606][ T3989] [ 39.875314][ T3989] 4 locks held by syz-executor790/3989: [ 39.876451][ T3989] #0: ffff800016a12930 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 39.878128][ T3989] #1: ffff800016a127e8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x114/0x1018 [ 39.880013][ T3989] #2: ffff0000cde445e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 39.882464][ T3989] #3: ffff0000cde44190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x2a4 [ 39.884434][ T3989] [ 39.884434][ T3989] stack backtrace: [ 39.885734][ T3989] CPU: 1 PID: 3989 Comm: syz-executor790 Not tainted 5.15.110-syzkaller #0 [ 39.887524][ T3989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 39.889564][ T3989] Call trace: [ 39.890218][ T3989] dump_backtrace+0x0/0x530 [ 39.891166][ T3989] show_stack+0x2c/0x3c [ 39.892025][ T3989] dump_stack_lvl+0x108/0x170 [ 39.893072][ T3989] dump_stack+0x1c/0x58 [ 39.893912][ T3989] print_circular_bug+0x150/0x1b8 [ 39.894882][ T3989] check_noncircular+0x2cc/0x378 [ 39.895891][ T3989] __lock_acquire+0x32cc/0x7620 [ 39.896958][ T3989] lock_acquire+0x240/0x77c [ 39.897874][ T3989] __mutex_lock_common+0x194/0x2154 [ 39.898975][ T3989] mutex_lock_nested+0xa4/0xf8 [ 39.899964][ T3989] nci_start_poll+0x498/0x1204 [ 39.900989][ T3989] nfc_start_poll+0x164/0x2a4 [ 39.901993][ T3989] nfc_genl_start_poll+0x1b8/0x308 [ 39.903127][ T3989] genl_rcv_msg+0xc18/0x1018 [ 39.904030][ T3989] netlink_rcv_skb+0x20c/0x3b8 [ 39.905053][ T3989] genl_rcv+0x38/0x50 [ 39.905863][ T3989] netlink_unicast+0x664/0x938 [ 39.906773][ T3989] netlink_sendmsg+0x844/0xb38 [ 39.907734][ T3989] ____sys_sendmsg+0x584/0x870 [ 39.908672][ T3989] ___sys_sendmsg+0x214/0x294 [ 39.909680][ T3989] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.910693][ T3989] invoke_syscall+0x98/0x2b8 [ 39.911634][ T3989] el0_svc_common+0x138/0x258 [ 39.912533][ T3989] do_el0_svc+0x58/0x14c [ 39.913371][ T3989] el0_svc+0x7c/0x1f0 [ 39.914162][ T3989] el0t_64_sync_handler+0x84/0xe4 [ 39.915207][ T3989] el0t_64_sync+0x1a0/0x1a4 [ 39.926433][ T3989] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 39.928168][ T3989] nci: nci_start_poll: failed to set local general bytes [ 44.984153][ T3989] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 45.206111][ T3997] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 45.430098][ T4008] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 45.432150][ T4008] nci: nci_start_poll: failed to set local general bytes