Warning: Permanently added '10.128.1.154' (ED25519) to the list of known hosts. executing program [ 37.392781][ T3964] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 37.630892][ T3971] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 37.702977][ T3978] [ 37.703610][ T3978] ====================================================== [ 37.705521][ T3978] WARNING: possible circular locking dependency detected [ 37.707379][ T3978] 5.15.151-syzkaller #0 Not tainted [ 37.708698][ T3978] ------------------------------------------------------ [ 37.710597][ T3978] syz-executor428/3978 is trying to acquire lock: [ 37.712328][ T3978] ffff0000c7ef3350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x498/0x1204 [ 37.714744][ T3978] [ 37.714744][ T3978] but task is already holding lock: [ 37.716613][ T3978] ffff0000c7ef45e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 37.719464][ T3978] [ 37.719464][ T3978] which lock already depends on the new lock. [ 37.719464][ T3978] [ 37.722199][ T3978] [ 37.722199][ T3978] the existing dependency chain (in reverse order) is: [ 37.724545][ T3978] [ 37.724545][ T3978] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 37.726950][ T3978] __mutex_lock_common+0x194/0x2154 [ 37.728450][ T3978] mutex_lock_nested+0xa4/0xf8 [ 37.729805][ T3978] nfc_urelease_event_work+0xfc/0x2b4 [ 37.731381][ T3978] process_one_work+0x790/0x11b8 [ 37.732832][ T3978] worker_thread+0x910/0x1034 [ 37.734181][ T3978] kthread+0x37c/0x45c [ 37.735420][ T3978] ret_from_fork+0x10/0x20 [ 37.736707][ T3978] [ 37.736707][ T3978] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 37.738747][ T3978] __mutex_lock_common+0x194/0x2154 [ 37.740277][ T3978] mutex_lock_nested+0xa4/0xf8 [ 37.741638][ T3978] nfc_register_device+0x4c/0x310 [ 37.743013][ T3978] nci_register_device+0x6ac/0x7c4 [ 37.744556][ T3978] virtual_ncidev_open+0x6c/0xd8 [ 37.746085][ T3978] misc_open+0x2f0/0x368 [ 37.747475][ T3978] chrdev_open+0x3e8/0x4fc [ 37.748782][ T3978] do_dentry_open+0x780/0xed8 [ 37.750157][ T3978] vfs_open+0x7c/0x90 [ 37.751275][ T3978] path_openat+0x1f28/0x26f0 [ 37.752691][ T3978] do_filp_open+0x1a8/0x3b4 [ 37.753953][ T3978] do_sys_openat2+0x128/0x3d8 [ 37.755363][ T3978] __arm64_sys_openat+0x1f0/0x240 [ 37.756794][ T3978] invoke_syscall+0x98/0x2b8 [ 37.758109][ T3978] el0_svc_common+0x138/0x258 [ 37.759524][ T3978] do_el0_svc+0x58/0x14c [ 37.760731][ T3978] el0_svc+0x7c/0x1f0 [ 37.761914][ T3978] el0t_64_sync_handler+0x84/0xe4 [ 37.763350][ T3978] el0t_64_sync+0x1a0/0x1a4 [ 37.764710][ T3978] [ 37.764710][ T3978] -> #1 (nci_mutex){+.+.}-{3:3}: [ 37.766687][ T3978] __mutex_lock_common+0x194/0x2154 [ 37.768164][ T3978] mutex_lock_nested+0xa4/0xf8 [ 37.769606][ T3978] virtual_nci_close+0x28/0x58 [ 37.771056][ T3978] nci_dev_up+0x760/0xb50 [ 37.772399][ T3978] nfc_dev_up+0x154/0x300 [ 37.773673][ T3978] nfc_genl_dev_up+0x98/0xdc [ 37.774956][ T3978] genl_rcv_msg+0xc18/0x1018 [ 37.776332][ T3978] netlink_rcv_skb+0x20c/0x3b8 [ 37.777768][ T3978] genl_rcv+0x38/0x50 [ 37.778960][ T3978] netlink_unicast+0x664/0x938 [ 37.780371][ T3978] netlink_sendmsg+0x844/0xb38 [ 37.781854][ T3978] ____sys_sendmsg+0x584/0x870 [ 37.783326][ T3978] ___sys_sendmsg+0x214/0x294 [ 37.784688][ T3978] __arm64_sys_sendmsg+0x1ac/0x25c [ 37.786108][ T3978] invoke_syscall+0x98/0x2b8 [ 37.787460][ T3978] el0_svc_common+0x138/0x258 [ 37.788902][ T3978] do_el0_svc+0x58/0x14c [ 37.790128][ T3978] el0_svc+0x7c/0x1f0 [ 37.791282][ T3978] el0t_64_sync_handler+0x84/0xe4 [ 37.792746][ T3978] el0t_64_sync+0x1a0/0x1a4 [ 37.794031][ T3978] [ 37.794031][ T3978] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 37.796075][ T3978] __lock_acquire+0x32d4/0x7638 [ 37.797415][ T3978] lock_acquire+0x240/0x77c [ 37.798737][ T3978] __mutex_lock_common+0x194/0x2154 [ 37.800242][ T3978] mutex_lock_nested+0xa4/0xf8 [ 37.801612][ T3978] nci_start_poll+0x498/0x1204 [ 37.802963][ T3978] nfc_start_poll+0x164/0x2a4 [ 37.804321][ T3978] nfc_genl_start_poll+0x1b8/0x308 [ 37.805806][ T3978] genl_rcv_msg+0xc18/0x1018 [ 37.807072][ T3978] netlink_rcv_skb+0x20c/0x3b8 [ 37.808332][ T3978] genl_rcv+0x38/0x50 [ 37.809677][ T3978] netlink_unicast+0x664/0x938 [ 37.811084][ T3978] netlink_sendmsg+0x844/0xb38 [ 37.812563][ T3978] ____sys_sendmsg+0x584/0x870 [ 37.813957][ T3978] ___sys_sendmsg+0x214/0x294 [ 37.815320][ T3978] __arm64_sys_sendmsg+0x1ac/0x25c [ 37.816756][ T3978] invoke_syscall+0x98/0x2b8 [ 37.818157][ T3978] el0_svc_common+0x138/0x258 [ 37.819526][ T3978] do_el0_svc+0x58/0x14c [ 37.820809][ T3978] el0_svc+0x7c/0x1f0 [ 37.822006][ T3978] el0t_64_sync_handler+0x84/0xe4 [ 37.823482][ T3978] el0t_64_sync+0x1a0/0x1a4 [ 37.824827][ T3978] [ 37.824827][ T3978] other info that might help us debug this: [ 37.824827][ T3978] [ 37.827511][ T3978] Chain exists of: [ 37.827511][ T3978] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 37.827511][ T3978] [ 37.831401][ T3978] Possible unsafe locking scenario: [ 37.831401][ T3978] [ 37.833417][ T3978] CPU0 CPU1 [ 37.834926][ T3978] ---- ---- [ 37.836342][ T3978] lock(&genl_data->genl_data_mutex); [ 37.837788][ T3978] lock(nfc_devlist_mutex); [ 37.839576][ T3978] lock(&genl_data->genl_data_mutex); [ 37.841808][ T3978] lock(&ndev->req_lock); [ 37.843015][ T3978] [ 37.843015][ T3978] *** DEADLOCK *** [ 37.843015][ T3978] [ 37.845198][ T3978] 4 locks held by syz-executor428/3978: [ 37.846665][ T3978] #0: ffff800016a564d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 37.848870][ T3978] #1: ffff800016a56388 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x114/0x1018 [ 37.851225][ T3978] #2: ffff0000c7ef45e8 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 37.854331][ T3978] #3: ffff0000c7ef4190 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x2a4 [ 37.856763][ T3978] [ 37.856763][ T3978] stack backtrace: [ 37.858336][ T3978] CPU: 1 PID: 3978 Comm: syz-executor428 Not tainted 5.15.151-syzkaller #0 [ 37.860635][ T3978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 37.863353][ T3978] Call trace: [ 37.864226][ T3978] dump_backtrace+0x0/0x530 [ 37.865425][ T3978] show_stack+0x2c/0x3c [ 37.866534][ T3978] dump_stack_lvl+0x108/0x170 [ 37.867822][ T3978] dump_stack+0x1c/0x58 [ 37.868898][ T3978] print_circular_bug+0x150/0x1b8 [ 37.870278][ T3978] check_noncircular+0x2cc/0x378 [ 37.871602][ T3978] __lock_acquire+0x32d4/0x7638 [ 37.872869][ T3978] lock_acquire+0x240/0x77c [ 37.874057][ T3978] __mutex_lock_common+0x194/0x2154 [ 37.875544][ T3978] mutex_lock_nested+0xa4/0xf8 [ 37.876839][ T3978] nci_start_poll+0x498/0x1204 [ 37.878142][ T3978] nfc_start_poll+0x164/0x2a4 [ 37.879401][ T3978] nfc_genl_start_poll+0x1b8/0x308 [ 37.880769][ T3978] genl_rcv_msg+0xc18/0x1018 [ 37.882010][ T3978] netlink_rcv_skb+0x20c/0x3b8 [ 37.883317][ T3978] genl_rcv+0x38/0x50 [ 37.884365][ T3978] netlink_unicast+0x664/0x938 [ 37.885695][ T3978] netlink_sendmsg+0x844/0xb38 [ 37.886967][ T3978] ____sys_sendmsg+0x584/0x870 [ 37.888250][ T3978] ___sys_sendmsg+0x214/0x294 [ 37.889523][ T3978] __arm64_sys_sendmsg+0x1ac/0x25c [ 37.890920][ T3978] invoke_syscall+0x98/0x2b8 [ 37.892097][ T3978] el0_svc_common+0x138/0x258 [ 37.893374][ T3978] do_el0_svc+0x58/0x14c [ 37.894502][ T3978] el0_svc+0x7c/0x1f0 [ 37.895551][ T3978] el0t_64_sync_handler+0x84/0xe4 [ 37.896897][ T3978] el0t_64_sync+0x1a0/0x1a4 [ 37.898427][ T3978] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 37.900728][ T3978] nci: nci_start_poll: failed to set local general bytes [ 42.904910][ T3978] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 43.127693][ T3991] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 43.130045][ T3991] nci: nci_start_poll: failed to set local general bytes