Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts. executing program [ 35.516534][ T4223] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 35.587170][ T4235] [ 35.587896][ T4235] ====================================================== [ 35.589715][ T4235] WARNING: possible circular locking dependency detected [ 35.591574][ T4235] 6.1.82-syzkaller #0 Not tainted [ 35.592915][ T4235] ------------------------------------------------------ [ 35.594822][ T4235] syz-executor807/4235 is trying to acquire lock: [ 35.596551][ T4235] ffff0000cddf8350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_start_poll+0x498/0x1204 [ 35.599078][ T4235] [ 35.599078][ T4235] but task is already holding lock: [ 35.601012][ T4235] ffff0000cddfa520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 35.603940][ T4235] [ 35.603940][ T4235] which lock already depends on the new lock. [ 35.603940][ T4235] [ 35.606681][ T4235] [ 35.606681][ T4235] the existing dependency chain (in reverse order) is: [ 35.609046][ T4235] [ 35.609046][ T4235] -> #3 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 35.611381][ T4235] __mutex_lock_common+0x190/0x21a0 [ 35.612960][ T4235] mutex_lock_nested+0x38/0x44 [ 35.614426][ T4235] nfc_urelease_event_work+0xfc/0x2a8 [ 35.615996][ T4235] process_one_work+0x7ac/0x1404 [ 35.617502][ T4235] worker_thread+0x8e4/0xfec [ 35.618821][ T4235] kthread+0x250/0x2d8 [ 35.620062][ T4235] ret_from_fork+0x10/0x20 [ 35.621401][ T4235] [ 35.621401][ T4235] -> #2 (nfc_devlist_mutex){+.+.}-{3:3}: [ 35.623591][ T4235] __mutex_lock_common+0x190/0x21a0 [ 35.625121][ T4235] mutex_lock_nested+0x38/0x44 [ 35.626493][ T4235] nfc_register_device+0x4c/0x310 [ 35.627999][ T4235] nci_register_device+0x6ac/0x7c4 [ 35.629543][ T4235] virtual_ncidev_open+0x6c/0xd8 [ 35.630925][ T4235] misc_open+0x2f0/0x368 [ 35.632173][ T4235] chrdev_open+0x3e8/0x4fc [ 35.633482][ T4235] do_dentry_open+0x734/0xfa0 [ 35.634851][ T4235] vfs_open+0x7c/0x90 [ 35.636031][ T4235] path_openat+0x1e14/0x2548 [ 35.637428][ T4235] do_filp_open+0x1bc/0x3cc [ 35.638797][ T4235] do_sys_openat2+0x128/0x3d8 [ 35.640175][ T4235] __arm64_sys_openat+0x1f0/0x240 [ 35.641727][ T4235] invoke_syscall+0x98/0x2c0 [ 35.643077][ T4235] el0_svc_common+0x138/0x258 [ 35.644487][ T4235] do_el0_svc+0x64/0x218 [ 35.645798][ T4235] el0_svc+0x58/0x168 [ 35.647027][ T4235] el0t_64_sync_handler+0x84/0xf0 [ 35.648507][ T4235] el0t_64_sync+0x18c/0x190 [ 35.649865][ T4235] [ 35.649865][ T4235] -> #1 (nci_mutex){+.+.}-{3:3}: [ 35.651735][ T4235] __mutex_lock_common+0x190/0x21a0 [ 35.653309][ T4235] mutex_lock_nested+0x38/0x44 [ 35.654778][ T4235] virtual_nci_close+0x28/0x58 [ 35.656194][ T4235] nci_dev_up+0x754/0xb10 [ 35.657468][ T4235] nfc_dev_up+0x154/0x300 [ 35.658757][ T4235] nfc_genl_dev_up+0x98/0xdc [ 35.660131][ T4235] genl_rcv_msg+0x948/0xc2c [ 35.661430][ T4235] netlink_rcv_skb+0x20c/0x3b8 [ 35.662814][ T4235] genl_rcv+0x38/0x50 [ 35.664065][ T4235] netlink_unicast+0x65c/0x898 [ 35.665480][ T4235] netlink_sendmsg+0x834/0xb18 [ 35.666868][ T4235] ____sys_sendmsg+0x55c/0x848 [ 35.668318][ T4235] __sys_sendmsg+0x26c/0x33c [ 35.669742][ T4235] __arm64_sys_sendmsg+0x80/0x94 [ 35.671192][ T4235] invoke_syscall+0x98/0x2c0 [ 35.672589][ T4235] el0_svc_common+0x138/0x258 [ 35.673956][ T4235] do_el0_svc+0x64/0x218 [ 35.675239][ T4235] el0_svc+0x58/0x168 [ 35.676418][ T4235] el0t_64_sync_handler+0x84/0xf0 [ 35.677880][ T4235] el0t_64_sync+0x18c/0x190 [ 35.679211][ T4235] [ 35.679211][ T4235] -> #0 (&ndev->req_lock){+.+.}-{3:3}: [ 35.681383][ T4235] __lock_acquire+0x3338/0x7680 [ 35.682789][ T4235] lock_acquire+0x26c/0x7cc [ 35.684101][ T4235] __mutex_lock_common+0x190/0x21a0 [ 35.685655][ T4235] mutex_lock_nested+0x38/0x44 [ 35.687113][ T4235] nci_start_poll+0x498/0x1204 [ 35.688596][ T4235] nfc_start_poll+0x164/0x2a4 [ 35.690040][ T4235] nfc_genl_start_poll+0x1b8/0x308 [ 35.691596][ T4235] genl_rcv_msg+0x948/0xc2c [ 35.692924][ T4235] netlink_rcv_skb+0x20c/0x3b8 [ 35.694369][ T4235] genl_rcv+0x38/0x50 [ 35.695574][ T4235] netlink_unicast+0x65c/0x898 [ 35.696998][ T4235] netlink_sendmsg+0x834/0xb18 [ 35.698403][ T4235] ____sys_sendmsg+0x55c/0x848 [ 35.699810][ T4235] __sys_sendmsg+0x26c/0x33c [ 35.701180][ T4235] __arm64_sys_sendmsg+0x80/0x94 [ 35.702728][ T4235] invoke_syscall+0x98/0x2c0 [ 35.704063][ T4235] el0_svc_common+0x138/0x258 [ 35.705453][ T4235] do_el0_svc+0x64/0x218 [ 35.706696][ T4235] el0_svc+0x58/0x168 [ 35.707922][ T4235] el0t_64_sync_handler+0x84/0xf0 [ 35.709425][ T4235] el0t_64_sync+0x18c/0x190 [ 35.710845][ T4235] [ 35.710845][ T4235] other info that might help us debug this: [ 35.710845][ T4235] [ 35.713583][ T4235] Chain exists of: [ 35.713583][ T4235] &ndev->req_lock --> nfc_devlist_mutex --> &genl_data->genl_data_mutex [ 35.713583][ T4235] [ 35.717432][ T4235] Possible unsafe locking scenario: [ 35.717432][ T4235] [ 35.719416][ T4235] CPU0 CPU1 [ 35.720830][ T4235] ---- ---- [ 35.722232][ T4235] lock(&genl_data->genl_data_mutex); [ 35.723702][ T4235] lock(nfc_devlist_mutex); [ 35.725631][ T4235] lock(&genl_data->genl_data_mutex); [ 35.727825][ T4235] lock(&ndev->req_lock); [ 35.729015][ T4235] [ 35.729015][ T4235] *** DEADLOCK *** [ 35.729015][ T4235] [ 35.731142][ T4235] 4 locks held by syz-executor807/4235: [ 35.732623][ T4235] #0: ffff800017e7a1f0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x28/0x50 [ 35.734838][ T4235] #1: ffff800017e7a0a8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x114/0xc2c [ 35.737274][ T4235] #2: ffff0000cddfa520 (&genl_data->genl_data_mutex){+.+.}-{3:3}, at: nfc_genl_start_poll+0x1a8/0x308 [ 35.740194][ T4235] #3: ffff0000cddfa100 (&dev->mutex){....}-{3:3}, at: nfc_start_poll+0x60/0x2a4 [ 35.742681][ T4235] [ 35.742681][ T4235] stack backtrace: [ 35.744210][ T4235] CPU: 1 PID: 4235 Comm: syz-executor807 Not tainted 6.1.82-syzkaller #0 [ 35.746443][ T4235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 35.749113][ T4235] Call trace: [ 35.749959][ T4235] dump_backtrace+0x1c8/0x1f4 [ 35.751178][ T4235] show_stack+0x2c/0x3c [ 35.752312][ T4235] dump_stack_lvl+0x108/0x170 [ 35.753526][ T4235] dump_stack+0x1c/0x58 [ 35.754622][ T4235] print_circular_bug+0x150/0x1b8 [ 35.755988][ T4235] check_noncircular+0x2cc/0x378 [ 35.757279][ T4235] __lock_acquire+0x3338/0x7680 [ 35.758608][ T4235] lock_acquire+0x26c/0x7cc [ 35.759818][ T4235] __mutex_lock_common+0x190/0x21a0 [ 35.761258][ T4235] mutex_lock_nested+0x38/0x44 [ 35.762544][ T4235] nci_start_poll+0x498/0x1204 [ 35.763871][ T4235] nfc_start_poll+0x164/0x2a4 [ 35.765096][ T4235] nfc_genl_start_poll+0x1b8/0x308 [ 35.766500][ T4235] genl_rcv_msg+0x948/0xc2c [ 35.767696][ T4235] netlink_rcv_skb+0x20c/0x3b8 [ 35.768990][ T4235] genl_rcv+0x38/0x50 [ 35.770121][ T4235] netlink_unicast+0x65c/0x898 [ 35.771435][ T4235] netlink_sendmsg+0x834/0xb18 [ 35.772711][ T4235] ____sys_sendmsg+0x55c/0x848 [ 35.773999][ T4235] __sys_sendmsg+0x26c/0x33c [ 35.775299][ T4235] __arm64_sys_sendmsg+0x80/0x94 [ 35.776639][ T4235] invoke_syscall+0x98/0x2c0 [ 35.777861][ T4235] el0_svc_common+0x138/0x258 [ 35.779137][ T4235] do_el0_svc+0x64/0x218 [ 35.780297][ T4235] el0_svc+0x58/0x168 [ 35.781358][ T4235] el0t_64_sync_handler+0x84/0xf0 [ 35.782715][ T4235] el0t_64_sync+0x18c/0x190 [ 35.897471][ T4235] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 35.899899][ T4235] nci: nci_start_poll: failed to set local general bytes [ 40.912021][ T4235] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 executing program [ 41.135447][ T4240] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 41.354994][ T4247] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 41.574494][ T4253] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 executing program [ 41.796161][ T4259] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 41.798712][ T4259] nci: nci_start_poll: failed to set local general bytes