Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts. executing program [ 41.479393][ T4308] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 41.710146][ T4316] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 41.778938][ T4327] [ 41.779622][ T4327] ====================================================== [ 41.781248][ T4327] WARNING: possible circular locking dependency detected [ 41.782800][ T4327] 6.1.21-syzkaller #0 Not tainted [ 41.783917][ T4327] ------------------------------------------------------ [ 41.785557][ T4327] syz-executor302/4327 is trying to acquire lock: [ 41.787086][ T4327] ffff0000ce440350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x498/0x1204 [ 41.789226][ T4327] [ 41.789226][ T4327] but task is already holding lock: [ 41.790876][ T4327] ffff0000ce443520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 41.793263][ T4327] [ 41.793263][ T4327] which lock already depends on the new lock. [ 41.793263][ T4327] [ 41.795595][ T4327] [ 41.795595][ T4327] the existing dependency chain (in reverse order) is: [ 41.797654][ T4327] [ 41.797654][ T4327] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 41.799579][ T4327] __mutex_lock_common+0x190/0x21a0 [ 41.800818][ T4327] mutex_lock_nested+0x38/0x44 [ 41.802002][ T4327] nfc_urelease_event_work+0xfc/0x2a8 [ 41.803343][ T4327] process_one_work+0x7ac/0x1404 [ 41.804593][ T4327] worker_thread+0x8e4/0xfec [ 41.805737][ T4327] kthread+0x24c/0x2d4 [ 41.806815][ T4327] ret_from_fork+0x10/0x20 [ 41.808035][ T4327] [ 41.808035][ T4327] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 41.809770][ T4327] __mutex_lock_common+0x190/0x21a0 [ 41.811034][ T4327] mutex_lock_nested+0x38/0x44 [ 41.812206][ T4327] nfc_register_device+0x4c/0x310 [ 41.813426][ T4327] nci_register_device+0x6ac/0x7c4 [ 41.814690][ T4327] virtual_ncidev_open+0x6c/0xd8 [ 41.815964][ T4327] misc_open+0x2f0/0x368 [ 41.817002][ T4327] chrdev_open+0x3e8/0x4fc [ 41.818148][ T4327] do_dentry_open+0x734/0xfa0 [ 41.819347][ T4327] vfs_open+0x7c/0x90 [ 41.820382][ T4327] path_openat+0x1e14/0x2548 [ 41.821517][ T4327] do_filp_open+0x1bc/0x3cc [ 41.822639][ T4327] do_sys_openat2+0x128/0x3d8 [ 41.823795][ T4327] __arm64_sys_openat+0x1f0/0x240 [ 41.825151][ T4327] invoke_syscall+0x98/0x2c0 [ 41.826346][ T4327] el0_svc_common+0x138/0x258 [ 41.827526][ T4327] do_el0_svc+0x64/0x218 [ 41.828646][ T4327] el0_svc+0x58/0x168 [ 41.829622][ T4327] el0t_64_sync_handler+0x84/0xf0 [ 41.830850][ T4327] el0t_64_sync+0x18c/0x190 [ 41.831973][ T4327] [ 41.831973][ T4327] -> #1 (nci_mutex){+.+.}-{3:3}: [ 41.833625][ T4327] __mutex_lock_common+0x190/0x21a0 [ 41.834940][ T4327] mutex_lock_nested+0x38/0x44 [ 41.836162][ T4327] virtual_nci_close+0x28/0x58 [ 41.837357][ T4327] nci_dev_up+0x754/0xb10 [ 41.838416][ T4327] nfc_dev_up+0x154/0x300 [ 41.839463][ T4327] nfc_genl_dev_up+0x98/0xdc [ 41.840658][ T4327] genl_rcv_msg+0x948/0xc2c [ 41.841878][ T4327] netlink_rcv_skb+0x20c/0x3b8 [ 41.843043][ T4327] genl_rcv+0x38/0x50 [ 41.844101][ T4327] netlink_unicast+0x660/0x8d4 [ 41.845280][ T4327] netlink_sendmsg+0x834/0xb18 [ 41.846421][ T4327] ____sys_sendmsg+0x558/0x844 [ 41.847748][ T4327] __sys_sendmsg+0x26c/0x33c [ 41.848889][ T4327] __arm64_sys_sendmsg+0x80/0x94 [ 41.850075][ T4327] invoke_syscall+0x98/0x2c0 [ 41.851181][ T4327] el0_svc_common+0x138/0x258 [ 41.852341][ T4327] do_el0_svc+0x64/0x218 [ 41.853408][ T4327] el0_svc+0x58/0x168 [ 41.854427][ T4327] el0t_64_sync_handler+0x84/0xf0 [ 41.855639][ T4327] el0t_64_sync+0x18c/0x190 [ 41.856796][ T4327] [ 41.856796][ T4327] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 41.858517][ T4327] __lock_acquire+0x3338/0x764c [ 41.859706][ T4327] lock_acquire+0x26c/0x7cc [ 41.860778][ T4327] __mutex_lock_common+0x190/0x21a0 [ 41.862002][ T4327] mutex_lock_nested+0x38/0x44 [ 41.863215][ T4327] nci_start_poll+0x498/0x1204 [ 41.864442][ T4327] nfc_start_poll+0x164/0x2a4 [ 41.865588][ T4327] nfc_genl_start_poll+0x1b8/0x308 [ 41.866888][ T4327] genl_rcv_msg+0x948/0xc2c [ 41.867980][ T4327] netlink_rcv_skb+0x20c/0x3b8 [ 41.869164][ T4327] genl_rcv+0x38/0x50 [ 41.870170][ T4327] netlink_unicast+0x660/0x8d4 [ 41.871360][ T4327] netlink_sendmsg+0x834/0xb18 [ 41.872569][ T4327] ____sys_sendmsg+0x558/0x844 [ 41.873775][ T4327] __sys_sendmsg+0x26c/0x33c [ 41.874956][ T4327] __arm64_sys_sendmsg+0x80/0x94 [ 41.876240][ T4327] invoke_syscall+0x98/0x2c0 [ 41.877368][ T4327] el0_svc_common+0x138/0x258 [ 41.878564][ T4327] do_el0_svc+0x64/0x218 [ 41.879625][ T4327] el0_svc+0x58/0x168 [ 41.880662][ T4327] el0t_64_sync_handler+0x84/0xf0 [ 41.881869][ T4327] el0t_64_sync+0x18c/0x190 [ 41.883053][ T4327] [ 41.883053][ T4327] other info that might help us debug this: [ 41.883053][ T4327] [ 41.885500][ T4327] Chain exists of: [ 41.885500][ T4327] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 41.885500][ T4327] [ 41.888739][ T4327] Possible unsafe locking scenario: [ 41.888739][ T4327] [ 41.890464][ T4327] CPU0 CPU1 [ 41.891685][ T4327] ---- ---- [ 41.892908][ T4327] lock(&genl_data->genl_data_mutex); [ 41.894139][ T4327] lock(nfc_devlist_mutex); [ 41.895779][ T4327] lock(&genl_data->genl_data_mutex); [ 41.897661][ T4327] lock(&ndev->req_lock); [ 41.898691][ T4327] [ 41.898691][ T4327] *** DEADLOCK *** [ 41.898691][ T4327] [ 41.900493][ T4327] 4 locks held by syz-executor302/4327: [ 41.901695][ T4327] #0: ffff800017bae4d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 41.903628][ T4327] #1: ffff800017bae388 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x114/0xc2c [ 41.905752][ T4327] #2: ffff0000ce443520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 41.908311][ T4327] #3: ffff0000ce443100 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x2a4 [ 41.910355][ T4327] [ 41.910355][ T4327] stack backtrace: [ 41.911688][ T4327] CPU: 1 PID: 4327 Comm: syz-executor302 Not tainted 6.1.21-syzkaller #0 [ 41.913668][ T4327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 41.915904][ T4327] Call trace: [ 41.916713][ T4327] dump_backtrace+0x1c8/0x1f4 [ 41.917827][ T4327] show_stack+0x2c/0x3c [ 41.918807][ T4327] dump_stack_lvl+0x108/0x170 [ 41.919881][ T4327] dump_stack+0x1c/0x5c [ 41.920836][ T4327] print_circular_bug+0x150/0x1b8 [ 41.921972][ T4327] check_noncircular+0x2cc/0x378 [ 41.923091][ T4327] __lock_acquire+0x3338/0x764c [ 41.924191][ T4327] lock_acquire+0x26c/0x7cc [ 41.925130][ T4327] __mutex_lock_common+0x190/0x21a0 [ 41.926304][ T4327] mutex_lock_nested+0x38/0x44 [ 41.927393][ T4327] nci_start_poll+0x498/0x1204 [ 41.928501][ T4327] nfc_start_poll+0x164/0x2a4 [ 41.929563][ T4327] nfc_genl_start_poll+0x1b8/0x308 [ 41.930809][ T4327] genl_rcv_msg+0x948/0xc2c [ 41.931915][ T4327] netlink_rcv_skb+0x20c/0x3b8 [ 41.933023][ T4327] genl_rcv+0x38/0x50 [ 41.933987][ T4327] netlink_unicast+0x660/0x8d4 [ 41.935011][ T4327] netlink_sendmsg+0x834/0xb18 [ 41.936128][ T4327] ____sys_sendmsg+0x558/0x844 [ 41.937232][ T4327] __sys_sendmsg+0x26c/0x33c [ 41.938304][ T4327] __arm64_sys_sendmsg+0x80/0x94 [ 41.939455][ T4327] invoke_syscall+0x98/0x2c0 [ 41.940540][ T4327] el0_svc_common+0x138/0x258 [ 41.941580][ T4327] do_el0_svc+0x64/0x218 [ 41.942490][ T4327] el0_svc+0x58/0x168 [ 41.943433][ T4327] el0t_64_sync_handler+0x84/0xf0 [ 41.944590][ T4327] el0t_64_sync+0x18c/0x190 [ 42.057786][ T4327] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 42.059760][ T4327] nci: nci_start_poll: failed to set local general bytes [ 47.141898][ T4327] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 47.361696][ T4331] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 47.581618][ T4338] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 47.800599][ T4344] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 47.802556][ T4344] nci: nci_start_poll: failed to set local general bytes