Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts. executing program [ 52.121885][ T3504] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 52.130797][ T3504] nci: nci_start_poll: failed to set local general bytes [ 57.200071][ T3504] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 57.209029][ T3504] [ 57.211353][ T3504] ====================================================== [ 57.218389][ T3504] WARNING: possible circular locking dependency detected [ 57.225387][ T3504] 5.15.117-syzkaller #0 Not tainted [ 57.230566][ T3504] ------------------------------------------------------ [ 57.237568][ T3504] syz-executor540/3504 is trying to acquire lock: [ 57.243970][ T3504] ffffffff8d137b08 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x13/0x40 [ 57.252697][ T3504] [ 57.252697][ T3504] but task is already holding lock: [ 57.260050][ T3504] ffff888079659350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 57.269348][ T3504] [ 57.269348][ T3504] which lock already depends on the new lock. [ 57.269348][ T3504] [ 57.279815][ T3504] [ 57.279815][ T3504] the existing dependency chain (in reverse order) is: [ 57.288807][ T3504] [ 57.288807][ T3504] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 57.296527][ T3504] lock_acquire+0x1db/0x4f0 [ 57.301542][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 57.307538][ T3504] mutex_lock_nested+0x17/0x20 [ 57.312827][ T3504] nci_start_poll+0x59f/0xf20 [ 57.318116][ T3504] nfc_start_poll+0x184/0x2f0 [ 57.323423][ T3504] nfc_genl_start_poll+0x1e7/0x350 [ 57.329064][ T3504] genl_rcv_msg+0xfbd/0x14a0 [ 57.334174][ T3504] netlink_rcv_skb+0x1cf/0x410 [ 57.340146][ T3504] genl_rcv+0x24/0x40 [ 57.344723][ T3504] netlink_unicast+0x7b6/0x980 [ 57.349994][ T3504] netlink_sendmsg+0xa30/0xd60 [ 57.355267][ T3504] ____sys_sendmsg+0x59e/0x8f0 [ 57.360540][ T3504] ___sys_sendmsg+0x252/0x2e0 [ 57.365724][ T3504] __se_sys_sendmsg+0x19a/0x260 [ 57.371081][ T3504] do_syscall_64+0x3d/0xb0 [ 57.376016][ T3504] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.382440][ T3504] [ 57.382440][ T3504] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 57.391152][ T3504] lock_acquire+0x1db/0x4f0 [ 57.396166][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 57.401873][ T3504] mutex_lock_nested+0x17/0x20 [ 57.407218][ T3504] nfc_urelease_event_work+0x113/0x2f0 [ 57.413187][ T3504] process_one_work+0x8a1/0x10c0 [ 57.418631][ T3504] worker_thread+0xaca/0x1280 [ 57.423813][ T3504] kthread+0x3f6/0x4f0 [ 57.428385][ T3504] ret_from_fork+0x1f/0x30 [ 57.433310][ T3504] [ 57.433310][ T3504] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 57.441283][ T3504] lock_acquire+0x1db/0x4f0 [ 57.446305][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 57.452011][ T3504] mutex_lock_nested+0x17/0x20 [ 57.457284][ T3504] nfc_register_device+0x38/0x310 [ 57.462831][ T3504] nci_register_device+0x7be/0x900 [ 57.468536][ T3504] virtual_ncidev_open+0x55/0xc0 [ 57.473978][ T3504] misc_open+0x304/0x380 [ 57.478727][ T3504] chrdev_open+0x54a/0x630 [ 57.483651][ T3504] do_dentry_open+0x807/0xfb0 [ 57.488836][ T3504] path_openat+0x2702/0x2f20 [ 57.493934][ T3504] do_filp_open+0x21c/0x460 [ 57.498947][ T3504] do_sys_openat2+0x13b/0x500 [ 57.504130][ T3504] __x64_sys_openat+0x243/0x290 [ 57.509496][ T3504] do_syscall_64+0x3d/0xb0 [ 57.514442][ T3504] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.520971][ T3504] [ 57.520971][ T3504] -> #0 (nci_mutex){+.+.}-{3:3}: [ 57.528088][ T3504] validate_chain+0x1646/0x58b0 [ 57.533462][ T3504] __lock_acquire+0x1295/0x1ff0 [ 57.538826][ T3504] lock_acquire+0x1db/0x4f0 [ 57.543834][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 57.549537][ T3504] mutex_lock_nested+0x17/0x20 [ 57.554823][ T3504] virtual_nci_close+0x13/0x40 [ 57.560104][ T3504] nci_close_device+0x3a8/0x5f0 [ 57.565471][ T3504] nci_unregister_device+0x3c/0x230 [ 57.571178][ T3504] virtual_ncidev_close+0x55/0x90 [ 57.576711][ T3504] __fput+0x3bf/0x890 [ 57.581199][ T3504] task_work_run+0x129/0x1a0 [ 57.586308][ T3504] do_exit+0x6a3/0x2480 [ 57.590991][ T3504] do_group_exit+0x144/0x310 [ 57.596161][ T3504] get_signal+0xc66/0x14e0 [ 57.601099][ T3504] arch_do_signal_or_restart+0xc3/0x1890 [ 57.607350][ T3504] exit_to_user_mode_loop+0x97/0x130 [ 57.613240][ T3504] exit_to_user_mode_prepare+0xb1/0x140 [ 57.619389][ T3504] syscall_exit_to_user_mode+0x5d/0x250 [ 57.625802][ T3504] do_syscall_64+0x49/0xb0 [ 57.630733][ T3504] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 57.637141][ T3504] [ 57.637141][ T3504] other info that might help us debug this: [ 57.637141][ T3504] [ 57.647358][ T3504] Chain exists of: [ 57.647358][ T3504] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 57.647358][ T3504] [ 57.660993][ T3504] Possible unsafe locking scenario: [ 57.660993][ T3504] [ 57.668779][ T3504] CPU0 CPU1 [ 57.674135][ T3504] ---- ---- [ 57.679488][ T3504] lock(&ndev->req_lock); [ 57.683893][ T3504] lock(&genl_data->genl_data_mutex); [ 57.691857][ T3504] lock(&ndev->req_lock); [ 57.698899][ T3504] lock(nci_mutex); [ 57.702816][ T3504] [ 57.702816][ T3504] *** DEADLOCK *** [ 57.702816][ T3504] [ 57.710948][ T3504] 1 lock held by syz-executor540/3504: [ 57.716390][ T3504] #0: ffff888079659350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 57.726124][ T3504] [ 57.726124][ T3504] stack backtrace: [ 57.731994][ T3504] CPU: 0 PID: 3504 Comm: syz-executor540 Not tainted 5.15.117-syzkaller #0 [ 57.740562][ T3504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 57.750689][ T3504] Call Trace: [ 57.753955][ T3504] [ 57.756870][ T3504] dump_stack_lvl+0x1e3/0x2cb [ 57.761548][ T3504] ? io_uring_drop_tctx_refs+0x19d/0x19d [ 57.767172][ T3504] ? print_circular_bug+0x12b/0x1a0 [ 57.772362][ T3504] check_noncircular+0x2f8/0x3b0 [ 57.777294][ T3504] ? add_chain_block+0x850/0x850 [ 57.782250][ T3504] ? lockdep_lock+0x11f/0x2a0 [ 57.786934][ T3504] validate_chain+0x1646/0x58b0 [ 57.791780][ T3504] ? mark_lock+0x98/0x340 [ 57.796096][ T3504] ? reacquire_held_locks+0x660/0x660 [ 57.801451][ T3504] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 57.807422][ T3504] ? _raw_spin_unlock+0x40/0x40 [ 57.812436][ T3504] ? __up_console_sem+0x124/0x1e0 [ 57.817447][ T3504] ? prb_read_valid+0xa5/0xf0 [ 57.822196][ T3504] ? console_lock+0x70/0x70 [ 57.826707][ T3504] ? prb_final_commit+0x20/0x20 [ 57.831552][ T3504] ? mark_lock+0x98/0x340 [ 57.835867][ T3504] ? console_unlock+0xdbc/0x12b0 [ 57.840816][ T3504] __lock_acquire+0x1295/0x1ff0 [ 57.845672][ T3504] lock_acquire+0x1db/0x4f0 [ 57.850188][ T3504] ? virtual_nci_close+0x13/0x40 [ 57.855211][ T3504] ? read_lock_is_recursive+0x10/0x10 [ 57.860573][ T3504] ? __might_sleep+0xc0/0xc0 [ 57.865498][ T3504] __mutex_lock_common+0x1da/0x25a0 [ 57.870684][ T3504] ? virtual_nci_close+0x13/0x40 [ 57.875608][ T3504] ? __wake_up_klogd+0xd5/0x100 [ 57.880445][ T3504] ? vprintk_emit+0xee/0x150 [ 57.885021][ T3504] ? virtual_nci_close+0x13/0x40 [ 57.890034][ T3504] ? _printk+0xd1/0x111 [ 57.894175][ T3504] ? mutex_lock_io_nested+0x60/0x60 [ 57.899395][ T3504] ? panic+0x84d/0x84d [ 57.903452][ T3504] ? _raw_spin_unlock_irq+0x1f/0x40 [ 57.908635][ T3504] mutex_lock_nested+0x17/0x20 [ 57.913391][ T3504] virtual_nci_close+0x13/0x40 [ 57.918141][ T3504] nci_close_device+0x3a8/0x5f0 [ 57.922983][ T3504] ? nci_unregister_device+0x230/0x230 [ 57.928426][ T3504] ? mutex_unlock+0x10/0x10 [ 57.932921][ T3504] nci_unregister_device+0x3c/0x230 [ 57.938106][ T3504] ? virtual_ncidev_open+0xc0/0xc0 [ 57.943201][ T3504] virtual_ncidev_close+0x55/0x90 [ 57.948209][ T3504] ? virtual_ncidev_open+0xc0/0xc0 [ 57.953306][ T3504] __fput+0x3bf/0x890 [ 57.957285][ T3504] task_work_run+0x129/0x1a0 [ 57.961866][ T3504] do_exit+0x6a3/0x2480 [ 57.966011][ T3504] ? put_task_struct+0x80/0x80 [ 57.970764][ T3504] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 57.976738][ T3504] do_group_exit+0x144/0x310 [ 57.981316][ T3504] ? lockdep_hardirqs_on+0x94/0x130 [ 57.986511][ T3504] get_signal+0xc66/0x14e0 [ 57.990925][ T3504] arch_do_signal_or_restart+0xc3/0x1890 [ 57.996553][ T3504] ? get_sigframe_size+0x10/0x10 [ 58.001485][ T3504] ? exit_to_user_mode_loop+0x39/0x130 [ 58.006929][ T3504] exit_to_user_mode_loop+0x97/0x130 [ 58.012201][ T3504] exit_to_user_mode_prepare+0xb1/0x140 [ 58.017753][ T3504] syscall_exit_to_user_mode+0x5d/0x250 [ 58.023291][ T3504] do_syscall_64+0x49/0xb0 [ 58.027704][ T3504] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 58.033585][ T3504] RIP: 0033:0x7f052acfd649 [ 58.037992][ T3504] Code: Unable to access opcode bytes at RIP 0x7f052acfd61f. [ 58.045338][ T3504] RSP: 002b:00007f052ac8d318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e executing program [ 58.053736][ T3504] RAX: 0000000000000024 RBX: 00007f052ad85438 RCX: 00007f052acfd649 [ 58.061994][ T3504] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 58.069975][ T3504] RBP: 00007f052ad85430 R08: 0000000000000003 R09: 0000000000000000 [ 58.077932][ T3504] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f052ad53074 [ 58.085889][ T3504] R13: 00007ffc51ca4a8f R14: 00007f052ac8d400 R15: 0000000000022000 [ 58.093880][ T3504] executing program [ 58.329921][ T3507] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 58.563170][ T3517] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 58.571954][ T3517] nci: nci_start_poll: failed to set local general bytes executing program [ 63.599962][ T3517] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 63.827644][ T3520] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 63.836474][ T3520] nci: nci_start_poll: failed to set local general bytes