Warning: Permanently added '10.128.0.172' (ED25519) to the list of known hosts. executing program [ 35.501354][ T4239] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 35.503548][ T4239] nci: nci_start_poll: failed to set local general bytes [ 40.579358][ T4239] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 40.581668][ T4239] [ 40.582203][ T4239] ====================================================== [ 40.584004][ T4239] WARNING: possible circular locking dependency detected [ 40.585693][ T4239] 6.1.82-syzkaller #0 Not tainted [ 40.586846][ T4239] ------------------------------------------------------ [ 40.588602][ T4239] syz-executor336/4239 is trying to acquire lock: [ 40.590199][ T4239] ffff800016e94f48 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 [ 40.592456][ T4239] [ 40.592456][ T4239] but task is already holding lock: [ 40.594222][ T4239] ffff0000d647c350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5ac [ 40.596545][ T4239] [ 40.596545][ T4239] which lock already depends on the new lock. [ 40.596545][ T4239] [ 40.599134][ T4239] [ 40.599134][ T4239] the existing dependency chain (in reverse order) is: [ 40.601414][ T4239] [ 40.601414][ T4239] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 40.603325][ T4239] __mutex_lock_common+0x190/0x21a0 [ 40.604720][ T4239] mutex_lock_nested+0x38/0x44 [ 40.606029][ T4239] nci_start_poll+0x498/0x1204 [ 40.607356][ T4239] nfc_start_poll+0x164/0x2a4 [ 40.608683][ T4239] nfc_genl_start_poll+0x1b8/0x308 [ 40.610168][ T4239] genl_rcv_msg+0x948/0xc2c [ 40.611255][ T4239] netlink_rcv_skb+0x20c/0x3b8 [ 40.612563][ T4239] genl_rcv+0x38/0x50 [ 40.613694][ T4239] netlink_unicast+0x65c/0x898 [ 40.615006][ T4239] netlink_sendmsg+0x834/0xb18 [ 40.616334][ T4239] ____sys_sendmsg+0x55c/0x848 [ 40.617682][ T4239] __sys_sendmsg+0x26c/0x33c [ 40.618940][ T4239] __arm64_sys_sendmsg+0x80/0x94 [ 40.620391][ T4239] invoke_syscall+0x98/0x2c0 [ 40.621704][ T4239] el0_svc_common+0x138/0x258 [ 40.623005][ T4239] do_el0_svc+0x64/0x218 [ 40.624256][ T4239] el0_svc+0x58/0x168 [ 40.625516][ T4239] el0t_64_sync_handler+0x84/0xf0 [ 40.626857][ T4239] el0t_64_sync+0x18c/0x190 [ 40.628145][ T4239] [ 40.628145][ T4239] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 40.630310][ T4239] __mutex_lock_common+0x190/0x21a0 [ 40.631830][ T4239] mutex_lock_nested+0x38/0x44 [ 40.633119][ T4239] nfc_urelease_event_work+0xfc/0x2a8 [ 40.634622][ T4239] process_one_work+0x7ac/0x1404 [ 40.636024][ T4239] worker_thread+0x8e4/0xfec [ 40.637283][ T4239] kthread+0x250/0x2d8 [ 40.638474][ T4239] ret_from_fork+0x10/0x20 [ 40.639702][ T4239] [ 40.639702][ T4239] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 40.641708][ T4239] __mutex_lock_common+0x190/0x21a0 [ 40.643144][ T4239] mutex_lock_nested+0x38/0x44 [ 40.644457][ T4239] nfc_register_device+0x4c/0x310 [ 40.645751][ T4239] nci_register_device+0x6ac/0x7c4 [ 40.647179][ T4239] virtual_ncidev_open+0x6c/0xd8 [ 40.648657][ T4239] misc_open+0x2f0/0x368 [ 40.649844][ T4239] chrdev_open+0x3e8/0x4fc [ 40.651007][ T4239] do_dentry_open+0x734/0xfa0 [ 40.652254][ T4239] vfs_open+0x7c/0x90 [ 40.653375][ T4239] path_openat+0x1e14/0x2548 [ 40.654696][ T4239] do_filp_open+0x1bc/0x3cc [ 40.655981][ T4239] do_sys_openat2+0x128/0x3d8 [ 40.657301][ T4239] __arm64_sys_openat+0x1f0/0x240 [ 40.658708][ T4239] invoke_syscall+0x98/0x2c0 [ 40.660065][ T4239] el0_svc_common+0x138/0x258 [ 40.661414][ T4239] do_el0_svc+0x64/0x218 [ 40.662595][ T4239] el0_svc+0x58/0x168 [ 40.663773][ T4239] el0t_64_sync_handler+0x84/0xf0 [ 40.665194][ T4239] el0t_64_sync+0x18c/0x190 [ 40.666440][ T4239] [ 40.666440][ T4239] -> #0 (nci_mutex){+.+.}-{3:3}: [ 40.668169][ T4239] __lock_acquire+0x3338/0x7680 [ 40.669536][ T4239] lock_acquire+0x26c/0x7cc [ 40.670771][ T4239] __mutex_lock_common+0x190/0x21a0 [ 40.672276][ T4239] mutex_lock_nested+0x38/0x44 [ 40.673597][ T4239] virtual_nci_close+0x28/0x58 [ 40.674896][ T4239] nci_close_device+0x2fc/0x5ac [ 40.676243][ T4239] nci_unregister_device+0x58/0x21c [ 40.677638][ T4239] virtual_ncidev_close+0x70/0xb0 [ 40.679057][ T4239] __fput+0x30c/0x7bc [ 40.680302][ T4239] ____fput+0x20/0x30 [ 40.681411][ T4239] task_work_run+0x240/0x2f0 [ 40.682722][ T4239] do_exit+0x554/0x1a88 [ 40.683872][ T4239] do_group_exit+0x194/0x22c [ 40.685136][ T4239] get_signal+0x14a0/0x158c [ 40.686403][ T4239] do_notify_resume+0x3ac/0x3474 [ 40.687571][ T4239] el0_svc+0x9c/0x168 [ 40.688716][ T4239] el0t_64_sync_handler+0x84/0xf0 [ 40.690131][ T4239] el0t_64_sync+0x18c/0x190 [ 40.691393][ T4239] [ 40.691393][ T4239] other info that might help us debug this: [ 40.691393][ T4239] [ 40.694025][ T4239] Chain exists of: [ 40.694025][ T4239] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 40.694025][ T4239] [ 40.697366][ T4239] Possible unsafe locking scenario: [ 40.697366][ T4239] [ 40.699220][ T4239] CPU0 CPU1 [ 40.700612][ T4239] ---- ---- [ 40.701898][ T4239] lock(&ndev->req_lock); [ 40.702981][ T4239] lock(&genl_data->genl_data_mutex); [ 40.704908][ T4239] lock(&ndev->req_lock); [ 40.706722][ T4239] lock(nci_mutex); [ 40.707695][ T4239] [ 40.707695][ T4239] *** DEADLOCK *** [ 40.707695][ T4239] [ 40.709727][ T4239] 1 lock held by syz-executor336/4239: [ 40.711032][ T4239] #0: ffff0000d647c350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0xf0/0x5ac [ 40.713425][ T4239] [ 40.713425][ T4239] stack backtrace: [ 40.714921][ T4239] CPU: 0 PID: 4239 Comm: syz-executor336 Not tainted 6.1.82-syzkaller #0 [ 40.717097][ T4239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 40.719614][ T4239] Call trace: [ 40.720453][ T4239] dump_backtrace+0x1c8/0x1f4 [ 40.721618][ T4239] show_stack+0x2c/0x3c [ 40.722677][ T4239] dump_stack_lvl+0x108/0x170 [ 40.723798][ T4239] dump_stack+0x1c/0x58 [ 40.724840][ T4239] print_circular_bug+0x150/0x1b8 [ 40.726157][ T4239] check_noncircular+0x2cc/0x378 [ 40.727445][ T4239] __lock_acquire+0x3338/0x7680 [ 40.728686][ T4239] lock_acquire+0x26c/0x7cc [ 40.729754][ T4239] __mutex_lock_common+0x190/0x21a0 [ 40.731083][ T4239] mutex_lock_nested+0x38/0x44 [ 40.732241][ T4239] virtual_nci_close+0x28/0x58 [ 40.733448][ T4239] nci_close_device+0x2fc/0x5ac [ 40.734657][ T4239] nci_unregister_device+0x58/0x21c [ 40.736008][ T4239] virtual_ncidev_close+0x70/0xb0 [ 40.737366][ T4239] __fput+0x30c/0x7bc [ 40.738357][ T4239] ____fput+0x20/0x30 [ 40.739367][ T4239] task_work_run+0x240/0x2f0 [ 40.740579][ T4239] do_exit+0x554/0x1a88 [ 40.741570][ T4239] do_group_exit+0x194/0x22c [ 40.742785][ T4239] get_signal+0x14a0/0x158c [ 40.743858][ T4239] do_notify_resume+0x3ac/0x3474 [ 40.745109][ T4239] el0_svc+0x9c/0x168 [ 40.746104][ T4239] el0t_64_sync_handler+0x84/0xf0 [ 40.747398][ T4239] el0t_64_sync+0x18c/0x190 executing program [ 40.972581][ T4249] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 40.974738][ T4249] nci: nci_start_poll: failed to set local general bytes [ 46.019143][ T4249] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 46.237881][ T4253] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 46.458228][ T4264] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 46.460692][ T4264] nci: nci_start_poll: failed to set local general bytes