Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts. executing program syzkaller login: [ 51.120535][ T3547] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 51.129596][ T3547] nci: nci_start_poll: failed to set local general bytes [ 56.154491][ T3547] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 56.163280][ T3547] [ 56.165600][ T3547] ====================================================== [ 56.172875][ T3547] WARNING: possible circular locking dependency detected [ 56.179992][ T3547] 6.1.83-syzkaller #0 Not tainted [ 56.185099][ T3547] ------------------------------------------------------ [ 56.192124][ T3547] syz-executor158/3547 is trying to acquire lock: [ 56.198525][ T3547] ffffffff8d9cf408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x13/0x40 [ 56.207249][ T3547] [ 56.207249][ T3547] but task is already holding lock: [ 56.214794][ T3547] ffff8880156e6350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 56.224589][ T3547] [ 56.224589][ T3547] which lock already depends on the new lock. [ 56.224589][ T3547] [ 56.235188][ T3547] [ 56.235188][ T3547] the existing dependency chain (in reverse order) is: [ 56.244641][ T3547] [ 56.244641][ T3547] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 56.252290][ T3547] lock_acquire+0x1f8/0x5a0 [ 56.257397][ T3547] __mutex_lock+0x132/0xd80 [ 56.262421][ T3547] nci_start_poll+0x59f/0xf20 [ 56.267604][ T3547] nfc_start_poll+0x184/0x2f0 [ 56.272786][ T3547] nfc_genl_start_poll+0x1e7/0x350 [ 56.278409][ T3547] genl_rcv_msg+0xc1a/0xf70 [ 56.283587][ T3547] netlink_rcv_skb+0x1cd/0x410 [ 56.288898][ T3547] genl_rcv+0x24/0x40 [ 56.293392][ T3547] netlink_unicast+0x7d8/0x970 [ 56.298676][ T3547] netlink_sendmsg+0xa26/0xd60 [ 56.304052][ T3547] ____sys_sendmsg+0x5a5/0x8f0 [ 56.309345][ T3547] __sys_sendmsg+0x2a9/0x390 [ 56.314556][ T3547] do_syscall_64+0x3d/0xb0 [ 56.319517][ T3547] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.325928][ T3547] [ 56.325928][ T3547] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 56.334649][ T3547] lock_acquire+0x1f8/0x5a0 [ 56.340153][ T3547] __mutex_lock+0x132/0xd80 [ 56.345487][ T3547] nfc_urelease_event_work+0x113/0x2f0 [ 56.351852][ T3547] process_one_work+0x8a9/0x11d0 [ 56.357368][ T3547] worker_thread+0xa47/0x1200 [ 56.362587][ T3547] kthread+0x28d/0x320 [ 56.367267][ T3547] ret_from_fork+0x1f/0x30 [ 56.372189][ T3547] [ 56.372189][ T3547] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 56.380472][ T3547] lock_acquire+0x1f8/0x5a0 [ 56.385544][ T3547] __mutex_lock+0x132/0xd80 [ 56.390703][ T3547] nfc_register_device+0x38/0x310 [ 56.396866][ T3547] nci_register_device+0x7be/0x900 [ 56.403877][ T3547] virtual_ncidev_open+0x55/0xc0 [ 56.409444][ T3547] misc_open+0x304/0x380 [ 56.414469][ T3547] chrdev_open+0x54a/0x630 [ 56.419406][ T3547] do_dentry_open+0x7f9/0x10f0 [ 56.424765][ T3547] path_openat+0x2644/0x2e60 [ 56.429857][ T3547] do_filp_open+0x230/0x480 [ 56.434945][ T3547] do_sys_openat2+0x13b/0x500 [ 56.440123][ T3547] __x64_sys_openat+0x243/0x290 [ 56.445579][ T3547] do_syscall_64+0x3d/0xb0 [ 56.450511][ T3547] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.456913][ T3547] [ 56.456913][ T3547] -> #0 (nci_mutex){+.+.}-{3:3}: [ 56.464193][ T3547] validate_chain+0x1661/0x5950 [ 56.469652][ T3547] __lock_acquire+0x125b/0x1f80 [ 56.475639][ T3547] lock_acquire+0x1f8/0x5a0 [ 56.481779][ T3547] __mutex_lock+0x132/0xd80 [ 56.486870][ T3547] virtual_nci_close+0x13/0x40 [ 56.492235][ T3547] nci_close_device+0x3a8/0x5f0 [ 56.497586][ T3547] nci_unregister_device+0x3c/0x230 [ 56.503419][ T3547] virtual_ncidev_close+0x55/0x90 [ 56.509099][ T3547] __fput+0x3b7/0x890 [ 56.513702][ T3547] task_work_run+0x246/0x300 [ 56.519146][ T3547] do_exit+0xa73/0x26a0 [ 56.524615][ T3547] do_group_exit+0x202/0x2b0 [ 56.529821][ T3547] get_signal+0x16f7/0x17d0 [ 56.534861][ T3547] arch_do_signal_or_restart+0xb0/0x1a10 [ 56.541192][ T3547] exit_to_user_mode_loop+0x6a/0x100 [ 56.547241][ T3547] exit_to_user_mode_prepare+0xb1/0x140 [ 56.553383][ T3547] syscall_exit_to_user_mode+0x60/0x270 [ 56.559517][ T3547] do_syscall_64+0x49/0xb0 [ 56.564543][ T3547] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.571026][ T3547] [ 56.571026][ T3547] other info that might help us debug this: [ 56.571026][ T3547] [ 56.581587][ T3547] Chain exists of: [ 56.581587][ T3547] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 56.581587][ T3547] [ 56.595290][ T3547] Possible unsafe locking scenario: [ 56.595290][ T3547] [ 56.602845][ T3547] CPU0 CPU1 [ 56.608721][ T3547] ---- ---- [ 56.614089][ T3547] lock(&ndev->req_lock); [ 56.618574][ T3547] lock(&genl_data->genl_data_mutex); [ 56.626719][ T3547] lock(&ndev->req_lock); [ 56.633651][ T3547] lock(nci_mutex); [ 56.637579][ T3547] [ 56.637579][ T3547] *** DEADLOCK *** [ 56.637579][ T3547] [ 56.645803][ T3547] 1 lock held by syz-executor158/3547: [ 56.651237][ T3547] #0: ffff8880156e6350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 56.661011][ T3547] [ 56.661011][ T3547] stack backtrace: [ 56.667100][ T3547] CPU: 0 PID: 3547 Comm: syz-executor158 Not tainted 6.1.83-syzkaller #0 [ 56.675498][ T3547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 56.685677][ T3547] Call Trace: [ 56.689296][ T3547] [ 56.692393][ T3547] dump_stack_lvl+0x1e3/0x2cb [ 56.697089][ T3547] ? nf_tcp_handle_invalid+0x642/0x642 [ 56.702561][ T3547] ? print_circular_bug+0x12b/0x1a0 [ 56.707845][ T3547] check_noncircular+0x2fa/0x3b0 [ 56.712818][ T3547] ? add_chain_block+0x850/0x850 [ 56.717769][ T3547] ? lockdep_lock+0x11f/0x2a0 [ 56.722453][ T3547] ? _find_first_zero_bit+0xd0/0x100 [ 56.728007][ T3547] validate_chain+0x1661/0x5950 [ 56.732948][ T3547] ? reacquire_held_locks+0x660/0x660 [ 56.738319][ T3547] ? prb_read_valid+0xf0/0xf0 [ 56.743369][ T3547] ? mark_lock+0x9a/0x340 [ 56.747889][ T3547] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 56.754059][ T3547] ? print_irqtrace_events+0x210/0x210 [ 56.759533][ T3547] ? mark_lock+0x9a/0x340 [ 56.764145][ T3547] ? __up_console_sem+0x124/0x1e0 [ 56.769267][ T3547] __lock_acquire+0x125b/0x1f80 [ 56.774219][ T3547] lock_acquire+0x1f8/0x5a0 [ 56.778813][ T3547] ? virtual_nci_close+0x13/0x40 [ 56.783831][ T3547] ? read_lock_is_recursive+0x10/0x10 [ 56.789208][ T3547] ? irq_work_queue+0xc6/0x150 [ 56.794007][ T3547] ? __might_sleep+0xb0/0xb0 [ 56.798605][ T3547] ? _printk+0xd1/0x111 [ 56.802775][ T3547] ? __wake_up_klogd+0xd5/0x100 [ 56.807646][ T3547] ? vprintk_emit+0x622/0x740 [ 56.812319][ T3547] ? printk_sprint+0x490/0x490 [ 56.817079][ T3547] ? _raw_spin_unlock_irq+0x1f/0x40 [ 56.822410][ T3547] __mutex_lock+0x132/0xd80 [ 56.826906][ T3547] ? virtual_nci_close+0x13/0x40 [ 56.831946][ T3547] ? _printk+0xd1/0x111 [ 56.836088][ T3547] ? virtual_nci_close+0x13/0x40 [ 56.841009][ T3547] ? mutex_lock_nested+0x10/0x10 [ 56.845952][ T3547] ? nci_send_cmd+0x1f4/0x320 [ 56.850608][ T3547] virtual_nci_close+0x13/0x40 [ 56.855368][ T3547] nci_close_device+0x3a8/0x5f0 [ 56.860204][ T3547] ? nci_unregister_device+0x230/0x230 [ 56.865640][ T3547] ? mutex_unlock+0x10/0x10 [ 56.870136][ T3547] nci_unregister_device+0x3c/0x230 [ 56.875347][ T3547] ? ima_file_free+0xe8/0x3c0 [ 56.880013][ T3547] virtual_ncidev_close+0x55/0x90 [ 56.886329][ T3547] ? virtual_ncidev_open+0xc0/0xc0 [ 56.891442][ T3547] __fput+0x3b7/0x890 [ 56.895430][ T3547] task_work_run+0x246/0x300 [ 56.900014][ T3547] ? task_work_cancel+0x2b0/0x2b0 [ 56.905047][ T3547] ? exit_task_namespaces+0xdd/0xf0 [ 56.910231][ T3547] do_exit+0xa73/0x26a0 [ 56.914380][ T3547] ? put_task_struct+0x80/0x80 [ 56.919126][ T3547] ? get_signal+0x137e/0x17d0 [ 56.923885][ T3547] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 56.929849][ T3547] ? print_irqtrace_events+0x210/0x210 [ 56.936074][ T3547] ? _raw_spin_lock_irq+0xdb/0x110 [ 56.941276][ T3547] do_group_exit+0x202/0x2b0 [ 56.945945][ T3547] ? _raw_spin_unlock_irq+0x1f/0x40 [ 56.951394][ T3547] ? lockdep_hardirqs_on+0x94/0x130 [ 56.956685][ T3547] get_signal+0x16f7/0x17d0 [ 56.961175][ T3547] ? ptrace_notify+0x370/0x370 [ 56.965932][ T3547] arch_do_signal_or_restart+0xb0/0x1a10 [ 56.971634][ T3547] ? ____sys_sendmsg+0x8f0/0x8f0 [ 56.976574][ T3547] ? rcu_is_watching+0x11/0xb0 [ 56.981434][ T3547] ? get_sigframe_size+0x10/0x10 [ 56.986368][ T3547] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 56.992365][ T3547] ? exit_to_user_mode_loop+0x39/0x100 [ 56.997849][ T3547] exit_to_user_mode_loop+0x6a/0x100 [ 57.003293][ T3547] exit_to_user_mode_prepare+0xb1/0x140 [ 57.008909][ T3547] syscall_exit_to_user_mode+0x60/0x270 [ 57.014435][ T3547] do_syscall_64+0x49/0xb0 [ 57.019098][ T3547] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.024990][ T3547] RIP: 0033:0x7f6ae4575549 [ 57.029410][ T3547] Code: Unable to access opcode bytes at 0x7f6ae457551f. [ 57.036594][ T3547] RSP: 002b:00007f6ae4514238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 57.045005][ T3547] RAX: 0000000000000024 RBX: 00007f6ae45ff378 RCX: 00007f6ae4575549 executing program [ 57.053147][ T3547] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 57.061371][ T3547] RBP: 00007f6ae45ff370 R08: 0000000000000003 R09: 00007f6ae45146c0 [ 57.070050][ T3547] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f6ae45cc074 [ 57.078125][ T3547] R13: 000000000000006e R14: 00007fffc43e8470 R15: 00007fffc43e8558 [ 57.086081][ T3547] executing program [ 57.320930][ T3550] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 57.551153][ T3560] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 57.560066][ T3560] nci: nci_start_poll: failed to set local general bytes executing program [ 62.633765][ T3560] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 62.861401][ T3567] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 62.870171][ T3567] nci: nci_start_poll: failed to set local general bytes