Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 61.153971][ T3545] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 61.163105][ T3545] nci: nci_start_poll: failed to set local general bytes [ 66.235699][ T3545] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 66.244351][ T3545] [ 66.246680][ T3545] ====================================================== [ 66.253882][ T3545] WARNING: possible circular locking dependency detected [ 66.261341][ T3545] 6.1.30-syzkaller #0 Not tainted [ 66.266370][ T3545] ------------------------------------------------------ [ 66.273385][ T3545] syz-executor333/3545 is trying to acquire lock: [ 66.279791][ T3545] ffffffff8d7cd668 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x13/0x40 [ 66.288688][ T3545] [ 66.288688][ T3545] but task is already holding lock: [ 66.296046][ T3545] ffff8881413b4350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 66.305368][ T3545] [ 66.305368][ T3545] which lock already depends on the new lock. [ 66.305368][ T3545] [ 66.315845][ T3545] [ 66.315845][ T3545] the existing dependency chain (in reverse order) is: [ 66.324848][ T3545] [ 66.324848][ T3545] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 66.332574][ T3545] lock_acquire+0x1f8/0x5a0 [ 66.337629][ T3545] __mutex_lock_common+0x1d4/0x2520 [ 66.343366][ T3545] mutex_lock_nested+0x17/0x20 [ 66.348657][ T3545] nci_start_poll+0x59f/0xf20 [ 66.353894][ T3545] nfc_start_poll+0x184/0x2f0 [ 66.359124][ T3545] nfc_genl_start_poll+0x1e7/0x350 [ 66.364767][ T3545] genl_rcv_msg+0xc1a/0xf70 [ 66.369879][ T3545] netlink_rcv_skb+0x1cd/0x410 [ 66.375189][ T3545] genl_rcv+0x24/0x40 [ 66.379696][ T3545] netlink_unicast+0x7bf/0x990 [ 66.384984][ T3545] netlink_sendmsg+0xa26/0xd60 [ 66.390276][ T3545] ____sys_sendmsg+0x59e/0x8f0 [ 66.395565][ T3545] __sys_sendmsg+0x2a9/0x390 [ 66.400678][ T3545] do_syscall_64+0x3d/0xb0 [ 66.405615][ T3545] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.412026][ T3545] [ 66.412026][ T3545] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 66.420723][ T3545] lock_acquire+0x1f8/0x5a0 [ 66.425741][ T3545] __mutex_lock_common+0x1d4/0x2520 [ 66.431460][ T3545] mutex_lock_nested+0x17/0x20 [ 66.436760][ T3545] nfc_urelease_event_work+0x113/0x2f0 [ 66.442758][ T3545] process_one_work+0x8aa/0x11f0 [ 66.448232][ T3545] worker_thread+0xa5f/0x1210 [ 66.453433][ T3545] kthread+0x26e/0x300 [ 66.458115][ T3545] ret_from_fork+0x1f/0x30 [ 66.463067][ T3545] [ 66.463067][ T3545] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 66.470920][ T3545] lock_acquire+0x1f8/0x5a0 [ 66.475953][ T3545] __mutex_lock_common+0x1d4/0x2520 [ 66.481677][ T3545] mutex_lock_nested+0x17/0x20 [ 66.487147][ T3545] nfc_register_device+0x38/0x310 [ 66.492727][ T3545] nci_register_device+0x7be/0x900 [ 66.498367][ T3545] virtual_ncidev_open+0x55/0xc0 [ 66.508444][ T3545] misc_open+0x304/0x380 [ 66.513212][ T3545] chrdev_open+0x54a/0x630 [ 66.518170][ T3545] do_dentry_open+0x7f9/0x10f0 [ 66.523498][ T3545] path_openat+0x2644/0x2e60 [ 66.528623][ T3545] do_filp_open+0x230/0x480 [ 66.533693][ T3545] do_sys_openat2+0x13b/0x500 [ 66.538904][ T3545] __x64_sys_openat+0x243/0x290 [ 66.544286][ T3545] do_syscall_64+0x3d/0xb0 [ 66.549244][ T3545] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.556148][ T3545] [ 66.556148][ T3545] -> #0 (nci_mutex){+.+.}-{3:3}: [ 66.563465][ T3545] validate_chain+0x1667/0x58e0 [ 66.568838][ T3545] __lock_acquire+0x125b/0x1f80 [ 66.574220][ T3545] lock_acquire+0x1f8/0x5a0 [ 66.579241][ T3545] __mutex_lock_common+0x1d4/0x2520 [ 66.584958][ T3545] mutex_lock_nested+0x17/0x20 [ 66.590242][ T3545] virtual_nci_close+0x13/0x40 [ 66.595544][ T3545] nci_close_device+0x3a8/0x5f0 [ 66.600914][ T3545] nci_unregister_device+0x3c/0x230 [ 66.606630][ T3545] virtual_ncidev_close+0x55/0x90 [ 66.612173][ T3545] __fput+0x3b7/0x890 [ 66.616672][ T3545] task_work_run+0x246/0x300 [ 66.621781][ T3545] do_exit+0x6fb/0x2300 [ 66.626460][ T3545] do_group_exit+0x202/0x2b0 [ 66.631569][ T3545] get_signal+0x16f7/0x17d0 [ 66.636694][ T3545] arch_do_signal_or_restart+0xb0/0x1a10 [ 66.643035][ T3545] exit_to_user_mode_loop+0x6a/0x100 [ 66.649022][ T3545] exit_to_user_mode_prepare+0xb1/0x140 [ 66.655181][ T3545] syscall_exit_to_user_mode+0x60/0x270 [ 66.661257][ T3545] do_syscall_64+0x49/0xb0 [ 66.666200][ T3545] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.672627][ T3545] [ 66.672627][ T3545] other info that might help us debug this: [ 66.672627][ T3545] [ 66.682855][ T3545] Chain exists of: [ 66.682855][ T3545] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 66.682855][ T3545] [ 66.696415][ T3545] Possible unsafe locking scenario: [ 66.696415][ T3545] [ 66.703863][ T3545] CPU0 CPU1 [ 66.709226][ T3545] ---- ---- [ 66.714595][ T3545] lock(&ndev->req_lock); [ 66.719018][ T3545] lock(&genl_data->genl_data_mutex); [ 66.727010][ T3545] lock(&ndev->req_lock); [ 66.733952][ T3545] lock(nci_mutex); [ 66.737849][ T3545] [ 66.737849][ T3545] *** DEADLOCK *** [ 66.737849][ T3545] [ 66.745991][ T3545] 1 lock held by syz-executor333/3545: [ 66.751444][ T3545] #0: ffff8881413b4350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x106/0x5f0 [ 66.761204][ T3545] [ 66.761204][ T3545] stack backtrace: [ 66.767093][ T3545] CPU: 1 PID: 3545 Comm: syz-executor333 Not tainted 6.1.30-syzkaller #0 [ 66.775510][ T3545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 66.785567][ T3545] Call Trace: [ 66.788846][ T3545] [ 66.791778][ T3545] dump_stack_lvl+0x1e3/0x2cb [ 66.796471][ T3545] ? nf_tcp_handle_invalid+0x642/0x642 [ 66.801944][ T3545] ? print_circular_bug+0x12b/0x1a0 [ 66.807162][ T3545] check_noncircular+0x2fa/0x3b0 [ 66.812116][ T3545] ? add_chain_block+0x850/0x850 [ 66.817059][ T3545] ? lockdep_lock+0x11f/0x2a0 [ 66.821756][ T3545] ? prb_read_valid+0xf0/0xf0 [ 66.826439][ T3545] ? _find_first_zero_bit+0xd0/0x100 [ 66.831735][ T3545] validate_chain+0x1667/0x58e0 [ 66.836599][ T3545] ? __lock_acquire+0x125b/0x1f80 [ 66.841627][ T3545] ? desc_read+0x200/0x3f0 [ 66.846066][ T3545] ? memcpy+0x3c/0x60 [ 66.850059][ T3545] ? reacquire_held_locks+0x660/0x660 [ 66.855444][ T3545] ? desc_read+0x1a2/0x3f0 [ 66.859875][ T3545] ? _prb_read_valid+0xb46/0xbe0 [ 66.864825][ T3545] ? mark_lock+0x9a/0x340 [ 66.869159][ T3545] __lock_acquire+0x125b/0x1f80 [ 66.874018][ T3545] lock_acquire+0x1f8/0x5a0 [ 66.878527][ T3545] ? virtual_nci_close+0x13/0x40 [ 66.883477][ T3545] ? read_lock_is_recursive+0x10/0x10 [ 66.888855][ T3545] ? __might_sleep+0xb0/0xb0 [ 66.893480][ T3545] ? find_next_clump8+0x1a0/0x1a0 [ 66.898512][ T3545] ? console_unlock+0x2f1/0x6e0 [ 66.903363][ T3545] ? console_unlock+0x6aa/0x6e0 [ 66.908219][ T3545] __mutex_lock_common+0x1d4/0x2520 [ 66.913428][ T3545] ? virtual_nci_close+0x13/0x40 [ 66.918375][ T3545] ? irq_work_queue+0xc6/0x150 [ 66.923149][ T3545] ? __wake_up_klogd+0xd5/0x100 [ 66.928002][ T3545] ? vprintk_emit+0x109/0x1f0 [ 66.932681][ T3545] ? virtual_nci_close+0x13/0x40 [ 66.937715][ T3545] ? _printk+0xd1/0x111 [ 66.941895][ T3545] ? mutex_lock_io_nested+0x60/0x60 [ 66.947108][ T3545] ? panic+0x75d/0x75d [ 66.951187][ T3545] ? _raw_spin_unlock_irq+0x1f/0x40 [ 66.956388][ T3545] mutex_lock_nested+0x17/0x20 [ 66.961169][ T3545] virtual_nci_close+0x13/0x40 [ 66.965943][ T3545] nci_close_device+0x3a8/0x5f0 [ 66.970827][ T3545] ? nci_unregister_device+0x230/0x230 [ 66.976319][ T3545] ? mutex_unlock+0x10/0x10 [ 66.980847][ T3545] nci_unregister_device+0x3c/0x230 [ 66.986070][ T3545] ? virtual_ncidev_open+0xc0/0xc0 [ 66.991198][ T3545] virtual_ncidev_close+0x55/0x90 [ 66.996236][ T3545] ? virtual_ncidev_open+0xc0/0xc0 [ 67.001357][ T3545] __fput+0x3b7/0x890 [ 67.005357][ T3545] task_work_run+0x246/0x300 [ 67.010021][ T3545] ? task_work_cancel+0x2b0/0x2b0 [ 67.015096][ T3545] ? exit_task_namespaces+0xdd/0xf0 [ 67.020458][ T3545] do_exit+0x6fb/0x2300 [ 67.024644][ T3545] ? put_task_struct+0x80/0x80 [ 67.029424][ T3545] ? get_signal+0x137e/0x17d0 [ 67.034161][ T3545] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 67.040157][ T3545] ? print_irqtrace_events+0x210/0x210 [ 67.045622][ T3545] ? _raw_spin_lock_irq+0xdb/0x110 [ 67.050739][ T3545] do_group_exit+0x202/0x2b0 [ 67.055344][ T3545] ? _raw_spin_unlock_irq+0x1f/0x40 [ 67.060547][ T3545] ? lockdep_hardirqs_on+0x94/0x130 [ 67.065760][ T3545] get_signal+0x16f7/0x17d0 [ 67.070284][ T3545] ? ptrace_notify+0x370/0x370 [ 67.075067][ T3545] arch_do_signal_or_restart+0xb0/0x1a10 [ 67.080800][ T3545] ? ____sys_sendmsg+0x8f0/0x8f0 [ 67.085761][ T3545] ? get_sigframe_size+0x10/0x10 [ 67.090776][ T3545] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 67.096767][ T3545] ? exit_to_user_mode_loop+0x39/0x100 [ 67.102236][ T3545] exit_to_user_mode_loop+0x6a/0x100 [ 67.107529][ T3545] exit_to_user_mode_prepare+0xb1/0x140 [ 67.113085][ T3545] syscall_exit_to_user_mode+0x60/0x270 [ 67.118644][ T3545] do_syscall_64+0x49/0xb0 [ 67.123066][ T3545] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 67.128966][ T3545] RIP: 0033:0x7f284cbdf649 [ 67.133384][ T3545] Code: Unable to access opcode bytes at 0x7f284cbdf61f. [ 67.140400][ T3545] RSP: 002b:00007f284cb90318 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.148820][ T3545] RAX: 0000000000000024 RBX: 00007f284cc67428 RCX: 00007f284cbdf649 [ 67.156884][ T3545] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000004 [ 67.164860][ T3545] RBP: 00007f284cc67420 R08: 0000000000000003 R09: 0000000000000000 [ 67.172884][ T3545] R10: 0000000000000008 R11: 0000000000000246 R12: 00007f284cc35074 [ 67.180866][ T3545] R13: 00007ffc1a76055f R14: 00007f284cb90400 R15: 0000000000022000 executing program [ 67.188850][ T3545] executing program [ 67.425802][ T3553] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 67.657699][ T3559] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 67.666661][ T3559] nci: nci_start_poll: failed to set local general bytes executing program [ 72.715090][ T3559] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 72.944450][ T3570] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 72.953275][ T3570] nci: nci_start_poll: failed to set local general bytes