Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts. executing program [ 36.880073][ T4229] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 36.953448][ T4242] [ 36.954162][ T4242] ====================================================== [ 36.956129][ T4242] WARNING: possible circular locking dependency detected [ 36.958062][ T4242] 6.1.79-syzkaller #0 Not tainted [ 36.959401][ T4242] ------------------------------------------------------ [ 36.961203][ T4242] syz-executor232/4242 is trying to acquire lock: [ 36.962897][ T4242] ffff0000c4708350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x498/0x1204 [ 36.965370][ T4242] [ 36.965370][ T4242] but task is already holding lock: [ 36.967322][ T4242] ffff0000c470e520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 36.970177][ T4242] [ 36.970177][ T4242] which lock already depends on the new lock. [ 36.970177][ T4242] [ 36.972962][ T4242] [ 36.972962][ T4242] the existing dependency chain (in reverse order) is: [ 36.975335][ T4242] [ 36.975335][ T4242] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 36.977667][ T4242] __mutex_lock_common+0x190/0x21a0 [ 36.979212][ T4242] mutex_lock_nested+0x38/0x44 [ 36.980663][ T4242] nfc_urelease_event_work+0xfc/0x2a8 [ 36.982320][ T4242] process_one_work+0x7ac/0x1404 [ 36.983892][ T4242] worker_thread+0x8e4/0xfec [ 36.985342][ T4242] kthread+0x250/0x2d8 [ 36.986627][ T4242] ret_from_fork+0x10/0x20 [ 36.987968][ T4242] [ 36.987968][ T4242] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 36.990075][ T4242] __mutex_lock_common+0x190/0x21a0 [ 36.991635][ T4242] mutex_lock_nested+0x38/0x44 [ 36.993094][ T4242] nfc_register_device+0x4c/0x310 [ 36.994549][ T4242] nci_register_device+0x6ac/0x7c4 [ 36.996063][ T4242] virtual_ncidev_open+0x6c/0xd8 [ 36.997547][ T4242] misc_open+0x2f0/0x368 [ 36.998806][ T4242] chrdev_open+0x3e8/0x4fc [ 37.000152][ T4242] do_dentry_open+0x734/0xfa0 [ 37.001539][ T4242] vfs_open+0x7c/0x90 [ 37.002797][ T4242] path_openat+0x1e14/0x2548 [ 37.004188][ T4242] do_filp_open+0x1bc/0x3cc [ 37.005542][ T4242] do_sys_openat2+0x128/0x3d8 [ 37.006943][ T4242] __arm64_sys_openat+0x1f0/0x240 [ 37.008450][ T4242] invoke_syscall+0x98/0x2c0 [ 37.009869][ T4242] el0_svc_common+0x138/0x258 [ 37.011293][ T4242] do_el0_svc+0x64/0x218 [ 37.012596][ T4242] el0_svc+0x58/0x168 [ 37.013830][ T4242] el0t_64_sync_handler+0x84/0xf0 [ 37.015353][ T4242] el0t_64_sync+0x18c/0x190 [ 37.016749][ T4242] [ 37.016749][ T4242] -> #1 (nci_mutex){+.+.}-{3:3}: [ 37.018693][ T4242] __mutex_lock_common+0x190/0x21a0 [ 37.020340][ T4242] mutex_lock_nested+0x38/0x44 [ 37.021751][ T4242] virtual_nci_close+0x28/0x58 [ 37.023192][ T4242] nci_dev_up+0x754/0xb10 [ 37.024509][ T4242] nfc_dev_up+0x154/0x300 [ 37.025830][ T4242] nfc_genl_dev_up+0x98/0xdc [ 37.027198][ T4242] genl_rcv_msg+0x948/0xc2c [ 37.028563][ T4242] netlink_rcv_skb+0x20c/0x3b8 [ 37.030048][ T4242] genl_rcv+0x38/0x50 [ 37.031264][ T4242] netlink_unicast+0x65c/0x898 [ 37.032714][ T4242] netlink_sendmsg+0x834/0xb18 [ 37.034144][ T4242] ____sys_sendmsg+0x55c/0x848 [ 37.035589][ T4242] __sys_sendmsg+0x26c/0x33c [ 37.036991][ T4242] __arm64_sys_sendmsg+0x80/0x94 [ 37.038457][ T4242] invoke_syscall+0x98/0x2c0 [ 37.039853][ T4242] el0_svc_common+0x138/0x258 [ 37.041284][ T4242] do_el0_svc+0x64/0x218 [ 37.042625][ T4242] el0_svc+0x58/0x168 [ 37.043959][ T4242] el0t_64_sync_handler+0x84/0xf0 [ 37.045547][ T4242] el0t_64_sync+0x18c/0x190 [ 37.046965][ T4242] [ 37.046965][ T4242] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 37.049104][ T4242] __lock_acquire+0x3338/0x7680 [ 37.050615][ T4242] lock_acquire+0x26c/0x7cc [ 37.052030][ T4242] __mutex_lock_common+0x190/0x21a0 [ 37.053612][ T4242] mutex_lock_nested+0x38/0x44 [ 37.055074][ T4242] nci_start_poll+0x498/0x1204 [ 37.056536][ T4242] nfc_start_poll+0x164/0x2a4 [ 37.058020][ T4242] nfc_genl_start_poll+0x1b8/0x308 [ 37.059528][ T4242] genl_rcv_msg+0x948/0xc2c [ 37.060921][ T4242] netlink_rcv_skb+0x20c/0x3b8 [ 37.062365][ T4242] genl_rcv+0x38/0x50 [ 37.063594][ T4242] netlink_unicast+0x65c/0x898 [ 37.065023][ T4242] netlink_sendmsg+0x834/0xb18 [ 37.066472][ T4242] ____sys_sendmsg+0x55c/0x848 [ 37.067872][ T4242] __sys_sendmsg+0x26c/0x33c [ 37.069345][ T4242] __arm64_sys_sendmsg+0x80/0x94 [ 37.070853][ T4242] invoke_syscall+0x98/0x2c0 [ 37.072233][ T4242] el0_svc_common+0x138/0x258 [ 37.073631][ T4242] do_el0_svc+0x64/0x218 [ 37.074957][ T4242] el0_svc+0x58/0x168 [ 37.076203][ T4242] el0t_64_sync_handler+0x84/0xf0 [ 37.077708][ T4242] el0t_64_sync+0x18c/0x190 [ 37.079089][ T4242] [ 37.079089][ T4242] other info that might help us debug this: [ 37.079089][ T4242] [ 37.081946][ T4242] Chain exists of: [ 37.081946][ T4242] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 37.081946][ T4242] [ 37.085870][ T4242] Possible unsafe locking scenario: [ 37.085870][ T4242] [ 37.087930][ T4242] CPU0 CPU1 [ 37.089368][ T4242] ---- ---- [ 37.090850][ T4242] lock(&genl_data->genl_data_mutex); [ 37.092324][ T4242] lock(nfc_devlist_mutex); [ 37.094288][ T4242] lock(&genl_data->genl_data_mutex); [ 37.096416][ T4242] lock(&ndev->req_lock); [ 37.097639][ T4242] [ 37.097639][ T4242] *** DEADLOCK *** [ 37.097639][ T4242] [ 37.099834][ T4242] 4 locks held by syz-executor232/4242: [ 37.101316][ T4242] #0: ffff800017e782b0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 37.103532][ T4242] #1: ffff800017e78168 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x114/0xc2c [ 37.105987][ T4242] #2: ffff0000c470e520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 37.109059][ T4242] #3: ffff0000c470e100 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x2a4 [ 37.111666][ T4242] [ 37.111666][ T4242] stack backtrace: [ 37.113273][ T4242] CPU: 1 PID: 4242 Comm: syz-executor232 Not tainted 6.1.79-syzkaller #0 [ 37.115670][ T4242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 37.118471][ T4242] Call trace: [ 37.119386][ T4242] dump_backtrace+0x1c8/0x1f4 [ 37.120643][ T4242] show_stack+0x2c/0x3c [ 37.121914][ T4242] dump_stack_lvl+0x108/0x170 [ 37.123198][ T4242] dump_stack+0x1c/0x58 [ 37.124382][ T4242] print_circular_bug+0x150/0x1b8 [ 37.125790][ T4242] check_noncircular+0x2cc/0x378 [ 37.127132][ T4242] __lock_acquire+0x3338/0x7680 [ 37.128499][ T4242] lock_acquire+0x26c/0x7cc [ 37.129778][ T4242] __mutex_lock_common+0x190/0x21a0 [ 37.131282][ T4242] mutex_lock_nested+0x38/0x44 [ 37.132652][ T4242] nci_start_poll+0x498/0x1204 [ 37.134004][ T4242] nfc_start_poll+0x164/0x2a4 [ 37.135345][ T4242] nfc_genl_start_poll+0x1b8/0x308 [ 37.136761][ T4242] genl_rcv_msg+0x948/0xc2c [ 37.138067][ T4242] netlink_rcv_skb+0x20c/0x3b8 [ 37.139395][ T4242] genl_rcv+0x38/0x50 [ 37.140502][ T4242] netlink_unicast+0x65c/0x898 [ 37.141855][ T4242] netlink_sendmsg+0x834/0xb18 [ 37.143177][ T4242] ____sys_sendmsg+0x55c/0x848 [ 37.144495][ T4242] __sys_sendmsg+0x26c/0x33c [ 37.145837][ T4242] __arm64_sys_sendmsg+0x80/0x94 [ 37.147356][ T4242] invoke_syscall+0x98/0x2c0 [ 37.148660][ T4242] el0_svc_common+0x138/0x258 [ 37.149985][ T4242] do_el0_svc+0x64/0x218 [ 37.151179][ T4242] el0_svc+0x58/0x168 [ 37.152249][ T4242] el0t_64_sync_handler+0x84/0xf0 [ 37.153649][ T4242] el0t_64_sync+0x18c/0x190 [ 37.265392][ T4242] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 37.267804][ T4242] nci: nci_start_poll: failed to set local general bytes [ 42.326357][ T4242] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 42.549682][ T4249] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 42.552225][ T4249] nci: nci_start_poll: failed to set local general bytes